manualshive.com logo in svg

Edge-Core WA6202A, User Manual

The Edge-Core WA6202A offers top-notch performance in a compact wireless access point. To ensure a seamless setup and customization, a comprehensive User Manual is available for free download from manualshive.com. The manual provides step-by-step instructions and valuable insights to maximize the potential of this exceptional networking solution.

Share
Download
background image

 

 

 

 
 
 
 
 
 
 

AeroExtend by SOHOWARE

 

 

 
 
 
 
 
 
 
 
 

WA6202A 
WA6202AM 
2.4 GHz / 5 GHz 
Dual Band Outdoor 
Access Point / Bridge 

 
 

 

User Guide

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

www.sohoware.com

 

Summary of Contents for WA6202A

Page 1: ...AeroExtend by SOHOWARE WA6202A WA6202AM 2 4 GHz 5 GHz Dual Band Outdoor Access Point Bridge User Guide www sohoware com ...

Page 2: ......

Page 3: ...s Point Bridge WA6202A IEEE 802 11g and 802 11a Dual band Access Point Bridge with Integrated 5 GHz High Gain Antenna and External Antenna Options WA6202AM IEEE 802 11g and 802 11a Dual band Access Point Bridge with External Antenna Options ...

Page 4: ...WA6202A WA6202AM F4 3 3 6 E112006 DT R01 149100034900E ...

Page 5: ... for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interfere...

Page 6: ... operated in all countries of the European Community Requirements for indoor vs outdoor operation license requirements and allowed channels of operation apply in some countries as described below Note The user must use the configuration utility provided with this product to ensure the channels of operation are in conformance with the spectrum usage rules for European Community countries as describ...

Page 7: ...oors or outdoors in all countries of the European Community using the 2 4 GHz band Channels 1 13 except where noted below In Italy the end user must apply for a license from the national spectrum authority to operate this device outdoors In Belgium outdoor operation is only permitted using the 2 46 2 4835 GHz band Channel 13 In France outdoor operation is only permitted using the 2 4 2 454 GHz ban...

Page 8: ...r the connector to the unit and not the wall plug must have a configuration for mating with an EN 60320 IEC 320 appliance inlet The socket outlet must be near to the unit and easily accessible You can only remove power from the unit by disconnecting the power cord from the outlet This unit operates under SELV Safety Extra Low Voltage conditions according to IEC 60950 The conditions are only mainta...

Page 9: ...E7 7 SCHUKO The mains cord must be HAR or BASEC marked and be of type HO3VVF3GO 75 minimum Europe IEC 320 receptacle Veuillez lire à fond l information de la sécurité suivante avant d installer l appareil AVERTISSEMENT L installation et la dépose de ce groupe doivent être confiés à un personnel qualifié Ne branchez pas votre appareil sur une prise secteur alimentation électrique lorsqu il n y a pa...

Page 10: ... le pays d utilisation Le cordon doit avoir reçu l homologation des UL et un certificat de la CSA Les spécifications minimales pour un cable flexible sont AWG No 18 ouAWG No 16 pour un cable de longueur inférieure à 2 mètres type SV ou SJ 3 conducteurs Le cordon doit être en mesure d acheminer un courant nominal d au moins 10 A Etats Unis et Canada La prise femelle de branchement doit être du type...

Page 11: ...n erfüllt Der Gerätestecker der Anschluß an das Gerät nicht der Wandsteckdosenstecker muß einen gemäß EN 60320 IEC 320 konfigurierten Geräteeingang haben Die Netzsteckdose muß in der Nähe des Geräts und leicht zugänglich sein Die Stromversorgung des Geräts kann nur durch Herausziehen des Gerätenetzkabels aus der Netzsteckdose unterbrochen werden Der Betrieb dieses Geräts erfolgt unter den SELV Bed...

Page 12: ...enigstens 10 A U S A und Canada Dieser Stromstecker muß hat einer erdschluss mit der typ NEMA 5 15P 15A 125V oder NEMA 6 15P 15A 250V konfiguration Danemark Dieser Stromstecker muß die ebene 107 2 D1 der standard DK2 1a oder DK2 5a Bestimmungen einhalten Schweiz Dieser Stromstecker muß die SEV ASE 1011Bestimmungen einhalten Europe Das Netzkabel muß vom Typ HO3VVF3GO 75 Mindestanforderung sein und ...

Page 13: ...d Benefits 1 8 Chapter 2 Network Configuration 2 1 Access Point Topologies 2 1 Infrastructure Wireless LAN 2 2 Infrastructure Wireless LAN for Roaming Wireless PCs 2 3 Bridge Link Topologies 2 4 Point to Point Configuration 2 4 Point to Multipoint Configuration 2 5 Chapter 3 Bridge Link Planning 3 1 Data Rates 3 1 Radio Path Planning 3 1 Antenna Height 3 2 Antenna Position and Orientation 3 4 Radi...

Page 14: ...dentification 6 3 TCP IP Settings 6 5 RADIUS 6 7 SSH Settings 6 11 Authentication 6 12 Filter Control 6 17 VLAN 6 19 WDS Settings 6 21 AP Management 6 27 Administration 6 28 System Log 6 33 RSSI 6 37 SNMP 6 40 Configuring SNMP and Trap Message Parameters 6 41 Configuring SNMPv3 Users 6 46 Configuring SNMPv3 Trap Filters 6 48 Configuring SNMPv3 Targets 6 50 Radio Interface 6 52 Radio Settings A 802...

Page 15: ...ing Command Modes 7 4 Exec Commands 7 5 Configuration Commands 7 5 Command Line Processing 7 6 Command Groups 7 6 General Commands 7 7 configure 7 8 end 7 8 exit 7 8 ping 7 9 reset 7 10 show history 7 10 show line 7 11 System Management Commands 7 11 country 7 12 prompt 7 14 system name 7 14 username 7 15 password 7 15 ip ssh server enable 7 16 ip ssh server port 7 16 ip telnet server enable 7 17 ...

Page 16: ... 7 37 DHCP Relay Commands 7 38 dhcp relay enable 7 38 dhcp relay 7 39 show dhcp relay 7 39 SNMP Commands 7 40 snmp server community 7 41 snmp server contact 7 41 snmp server location 7 42 snmp server enable server 7 42 snmp server host 7 43 snmp server trap 7 44 snmp server engine id 7 45 snmp server user 7 46 snmp server targets 7 48 snmp server filter 7 49 snmp server filter assignments 7 50 sho...

Page 17: ...ss Authentication 7 69 address filter default 7 69 address filter entry 7 70 address filter delete 7 70 mac authentication server 7 71 mac authentication session timeout 7 71 Filtering Commands 7 72 filter local bridge 7 73 filter ap manage 7 73 filter uplink enable 7 74 filter uplink 7 74 filter ethernet type enable 7 74 filter ethernet type protocol 7 75 show filters 7 76 WDS Bridge Commands 7 7...

Page 18: ...ommands 7 93 interface wireless 7 95 vap 7 95 speed 7 96 turbo 7 96 multicast data rate 7 97 channel 7 98 transmit power 7 98 radio mode 7 99 preamble 7 100 antenna control 7 101 antenna id 7 101 antenna location 7 102 beacon interval 7 103 dtim period 7 103 fragmentation length 7 104 rts threshold 7 105 super a 7 106 super g 7 106 description 7 107 ssid 7 107 closed system 7 108 max association 7...

Page 19: ...k integrity ping host 7 129 link integrity ping interval 7 130 link integrity ping fail retry 7 130 link integrity ethernet detect 7 130 show link integrity 7 131 IAPP Commands 7 132 iapp 7 132 VLAN Commands 7 133 vlan 7 133 management vlanid 7 134 vlan id 7 134 WMM Commands 7 135 wmm 7 136 wmm acknowledge policy 7 136 wmmparam 7 137 Appendix A Troubleshooting A 1 Appendix B Cables and Pinouts B 1...

Page 20: ...C 9 8 dBi Omnidirectional 5 GHz C 10 12 5 13 5 dBi 60 Degree Sector 5 GHz C 11 8 dBi Omnidirectional 5 GHz C 12 23 dBi High Gain Panel 5 GHz C 13 8 dBi Omnidirectional 5 GHz C 14 8 dBi Omnidirectional 5 GHz C 15 Appendix D Montieren der Bridge D 1 Verwenden der Halterung für Mastmontage D 1 Verwenden der Halterung für Wandmontage D 3 Anschließen der externen Antennen D 5 Anschließen der Kabel an d...

Page 21: ...s The wireless bridge system offers a fast reliable and cost effective solution for connectivity between remote Ethernet wired LANs or to provide Internet access to an isolated site The system is also easy to install and operate ideal for situations where a wired link may be difficult or expensive to deploy The wireless bridge connection provides data rates of up to 108 Mbps In addition both wirel...

Page 22: ...r Guide CD Inform your dealer if there are any incorrect missing or damaged parts If possible retain the carton including the original packing materials Use them again to repack the product in case there is a need to return it Hardware Description Bottom View both models Console Port CoverAttachment Top View WA6202A Console Port Ethernet PoE Connector Water Tight Test Point DO NOT REMOVE Integrate...

Page 23: ...in the following figure 802 11b g Wireless Link Activity 11b g 11a Power Link Power Ethernet Link Activity 802 11a Wireless Link Activity The following table describes the system status LEDs LED Status Description On Green Indicates that the system is working normally Power On Amber Indicates a system reset On Green Indicates a valid 10 100 Mbps Ethernet cable link Link Flashing Green Indicates th...

Page 24: ... 802 11b g radio is disabled Slow Flashing Green The 802 11b g radio is enabled with a low level of network activity Fast Flashing Green Indicates a medium level of network activity 11b g three LEDs On Green Indicates a high level of network activity The following table describes the wireless status LEDs in RSSI mode LED Status Description Off No signal detected or the 802 11a radio is disabled Sl...

Page 25: ...na options Model Number Antenna Type Gain dBi HPBW Horizontal HPBW Vertical Polarization ACC04 050090 2 4 GHz 2 5 GHz High Gain Directional Panel 18 15 15 Linear vertical ACC04 05028A with mounting bracket and ACC04 05427A 2 4 GHz 2 5 GHz Omnidirectional 8 360 15 Linear vertical ACC04 053830A 2 4 GHz 2 5 GHz Sector 10 120 15 Linear vertical ACC04 090380 5 47 GHz 5 875 GHz Omnidirectional 8 360 12 ...

Page 26: ...ector module is included in the wireless bridge package and provides two RJ 45 Ethernet ports one for connecting to the wireless bridge Output and the other for connecting to a local LAN switch Input The Input port uses an MDI i e internal straight through pin configuration You can therefore use straight through twisted pair cable to connect this port to most network interconnection devices such a...

Page 27: ...ding Point Even though the wireless bridge includes its own built in lightning protection it is important that the unit is properly connected to ground A grounding screw is provided for attaching a ground wire to the unit Water Tight Test Point Caution Do no remove or loosen this screw Doing so could lead to damage of the unit Wall and Pole Mounting Bracket Kit The wireless bridge includes a brack...

Page 28: ...links using various external antenna options Both WA6202A and WA6202AM units also support access point services for the 5 GHz and 2 4 GHz radios using various external antenna options Maximum data rate up to 108 Mbps Outdoor weatherproof design IEEE 802 11a and 802 11b g compliant Local network connection via 10 100 Mbps Ethernet port Powered through its Ethernet cable connection to the power inje...

Page 29: ...gies Operating as an outdoor access point the unit is deployed in an integrated configuration with wired Ethernet LANs providing network access to wireless stations in the wireless coverage area The access point s radios can support these modes Infrastructure wireless LAN Infrastructure wireless LAN with roaming Point to point bridge link Point to multipoint bridge links The 802 11b and 802 11g fr...

Page 30: ...omputer in its wireless group or access other computers or network resources in the wired LAN infrastructure through the access point The infrastructure configuration not only extends the accessibility of wireless PCs to the wired LAN but also increases the effective wireless transmission range for wireless PCs by passing their signals through one or more access points A wireless infrastructure ca...

Page 31: ...access points The SSID can be manually configured by the clients can be detected in an access point s beacon or can be obtained by querying for the identity of the nearest access point For clients that do not need to roam set the SSID for the wireless card to that used by the access point to which you want to connect A wireless infrastructure can also support roaming for mobile workers More than o...

Page 32: ...eployment options Note The external antennas offer longer range options using the 5 GHz radio which makes this interface more suitable for bridge links The 2 4GHz radio has various types of antenna options but the 8dBi omnidirectional antenna is better suited for local access point services When using WDS on a radio band only wireless bridge units can associate to each other Wireless clients can o...

Page 33: ...e wireless bridge network all other bridges must be Slave units Using the 5 GHz 8 dBi omnidirectional external antenna the WA6202AM can connect to WA6202A units up to 3 3 km 2 miles away Using the 13 5 dBi 120 degree sector antenna the WA6202AM can connect to WA6202A units up to 10 3 km 6 4 miles away WA6202A WA6202A WA6202A WA6202A WA6202AM with Omnidirectional Antenna WA6202A WA6202A WA6202A WA6...

Page 34: ...2 Network Configuration 2 6 ...

Page 35: ...rior to equipment installation Data Rates Using its 5 GHz integrated antenna the WA6202A Slave bridge can operate over a range of up to 15 4 km 9 6 miles or provide a high speed connection of 54 Mbps 108 Mbps in turbo mode However the maximum data rate for a link decreases as the operating range increases When you are planning each wireless bridge link take into account the maximum distance and da...

Page 36: ...gs and that no building construction may eventually block the path Check the topology of the land between the antennas using topographical maps aerial photos or even satellite image data software packages are available that may include this information for your area Avoid a path that may incur temporary blockage due to the movement of cars trains or aircraft Antenna Height A reliable wireless link...

Page 37: ...7 m 45 ft 13 7 m 80 ft 24 4 m 17 miles 27 4 km 37 ft 11 3 m 58 ft 17 7 m 95 ft 29 m Note that to avoid any obstruction along the path the height of the object must be added to the minimum clearance required for a clear radio line of sight Consider the following simple example illustrated in the figure below Visual Line of Sight Radio Line of Sight 3 miles 4 8 km 2 4 m A 20 m 17 m 5 4 m 1 4 m 9 m 1...

Page 38: ...wireless bridge must be considered Be sure there are no other radio antennas within 2 m 6 ft of the wireless bridge Place the wireless bridge away from power and telephone lines Avoid placing the wireless bridge too close to any metallic refective surfaces such as roof installed air conditioning equipment tinted windows wire fences or water pipes The wireless bridge antennas at both ends of the li...

Page 39: ...nd velocity and direction at the site and be sure that any supporting structure such as a pole mast or tower is built to withstand this force Lightning The wireless bridge includes its own built in lightning protection However you should make sure that the unit any supporting structure and cables are all properly grounded Additional protection using lightning rods lightning arrestors or surge supp...

Page 40: ... the cable consider using a lightning arrestor immediately before the cable enters the building Grounding It is important that the wireless bridge cables and any supporting structures are properly grounded The wireless bridge unit includes a grounding screw for attaching a ground wire Be sure that grounding is available and that it meets local and national electrical codes 3 6 ...

Page 41: ...sing external antennas Hardware installation of the wireless bridge involves these steps 1 Mount the unit on a wall pole mast or tower using the mounting bracket 2 Mount external antennas directly on the bridge or on the same supporting structure as the bridge and connect them to the bridge unit 3 Connect the Ethernet cable and a grounding wire to the unit 4 Connect the power injector to the Ether...

Page 42: ...g bracket 1 Fit the edges of the V shaped clamp parts into the slots on the flat side of the rectangular plate The inner slots are for a 1 5 inch diameter pole and the outer slots for a 2 inch diameter pole 2 Place the V shaped clamp parts of the bracket around the pole and tighten the securing nuts just enough to hold the bracket to the pole The bracket may need to be rotated around the pole duri...

Page 43: ...h the bridge with its mounting plate to the bracket already fixed to the pole Attach the bridge to the plate on the pole 5 Use the included nuts to secure the wireless bridge to the pole bracket Note that the wireless bridge tilt angle may need to be adjusted during the antenna alignment process 4 3 ...

Page 44: ... be aligned It is intended for use with the unit using external antennas 1 Attach the bracket to a wall with flat side flush against the wall see following figure Position the bracket in the intended location and mark the position of the four mounting screw holes 2 Drill four holes in the wall that match the screws and wall plugs included in the bracket kit then secure the bracket to the wall 3 At...

Page 45: ...enna to the same supporting structure as the bridge within 3 m 10 ft distance using the bracket supplied in the antenna package 2 Connect the antenna to the bridge s N type connector using the RF coaxial cable provided in the antenna package Some omnidirectional external antennas attach directly to an N type connector without using a coaxial cable 3 Apply weatherproofing tape to the antenna connec...

Page 46: ...ss bridge 2 For extra protection against rain or moisture apply weatherproofing tape not included around the Ethernet connector 3 Be sure to ground the unit with an appropriate grounding wire not included by attaching it to the grounding point on the base of the unit using the screw provided in the package Caution Be sure that grounding is available and that it meets local and national electrical ...

Page 47: ...rt Power over Ethernet PoE based on the IEEE 802 3af standard Do not try to power the unit by connecting it directly to a network switch that provides IEEE 802 3af PoE Always connect the unit to the included power injector module 1 Connect the Ethernet cable from the wireless bridge to the RJ 45 port labeled Output on the power injector 2 Connect a straight through unshielded twisted pair UTP cabl...

Page 48: ...gnment process is particularly important for long range point to point links In a point to multipoint configuration the root bridge uses an omnidirectional or sector antenna which does not require alignment but bridge nodes still need to be correctly aligned with the root bridge antennna Point to Point Configurations In a point to point configuration the alignment process requires two people one a...

Page 49: ...t it is receiving the strongest signal from the central main lobe Vertical Scan Remote Antenna Horizontal Scan Maximum Signal Strength Position for Vertical Alignment RSSI Main Lobe Maximum RSSI Value Value Side Lobe Maximum Maximum Signal Strength Position for Horizontal Alignment To align the antennas in the link monitor the signal strength LEDs or the RSSI value in the management interface Star...

Page 50: ...gest all LEDs on and secure the horizontal adjustment in that position Note Sometimes there may not be a central lobe peak because vertical alignment is too far off only two similar peaks for the side lobes are detected In this case fix the antenna so that it is halfway between the two peaks 3 Loosen the vertical adjustment on the mounting bracket and tilt the antenna slowly up and down while chec...

Page 51: ...2 serial port that enables a connection to a PC or terminal for monitoring and configuration Attach a VT100 compatible terminal or a PC running a terminal emulation program to the access point You can use the console cable provided with this package or use a cable that complies with the wiring assignments shown on page B 3 To connect to the console port complete the following steps 1 Connect the c...

Page 52: ... IP address that is compatible with your network Type configure to enter configuration mode then type interface ethernet to access the Ethernet interface configuration mode Enterprise AP configure Enterprise AP config interface ethernet Enterprise AP config if First type no ip dhcp to disable DHCP client mode Then type ip address ip address netmask gateway where ip address is the access point s IP...

Page 53: ...s Select the code for your country and enter the country command again following by your country code e g tw for Taiwan Enterprise AP country tw Enterprise AP Note Command examples shown later in this manual abbreviate the console prompt to AP for simplicity Logging In There are only a few basic steps you need to complete to connect the access point to your corporate network and provide network ac...

Page 54: ...5 Initial Configuration The home page displays the Main Menu 5 4 ...

Page 55: ...configured IP address of the access point or use the default address http 192 168 1 1 To log into the access point enter the default user name admin and then press LOGIN When the home page displays click on Advanced Setup The following page will display The information in this chapter is organized to reflect the structure of the web screens for easy reference However it is recommended that you con...

Page 56: ...ce and sets spanning tree parameters 6 21 AP Management Configures access to management interfaces 6 27 Administration Configures user name and password for management access upgrades software from local file FTP or TFTP server resets configuration settings to factory defaults and resets the access point 6 28 System Log Controls logging of error messages sets the system clock via SNTP server or ma...

Page 57: ... Status Displays configuration settings for the basic system and the wireless interface 6 90 Station Station Shows the wireless clients currently associated with the access point 6 93 Event Logs Shows log messages stored in memory 6 95 System Identification The system name for the access point can be left at its default setting However modifying this parameter can help you to more easily distingui...

Page 58: ...m Up time 0 days 0 hours 32 minutes 22 seconds System Name R D System Location System Contact Contact System Country Code US UNITED STATES MAC Address 00 12 CF 12 34 60 Radio A MAC Address 00 12 CF 12 34 61 Radio G MAC Address 00 12 CF 12 34 65 IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED Management VLAN ID AP 1 IAPP State ENABLED DHCP Client ENABLED...

Page 59: ...ng use the CLI to manually configure the initial IP values see page 5 2 After you have network access to the access point you can use the web browser interface to modify the initial IP configuration if needed Note If there is no DHCP server on your network or DHCP fails the access point will automatically start up with a default IP address of 192 168 1 1 DHCP Client Enable Select this option to ob...

Page 60: ...rwise leave the addresses as all zeros 0 0 0 0 CLI Commands for TCP IP Settings From the global configuration mode enter the interface configuration mode with the interface ethernet command Use the ip dhcp command to enable the DHCP client or no ip dhcp to disable it To manually configure an address specify the new IP address subnet mask and default gateway using the ip address command To specify ...

Page 61: ...Fi Protected Access WPA wireless security A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible In addition the configured RADIUS server can also act as a RADIUS Accounting server and receive user session accounting information from the access point RADIUS Accounting can be used to provide valuable information on user activity in the netw...

Page 62: ...6 System Configuration 6 8 ...

Page 63: ...specified on the RADIUS server Do not use blank spaces in the string Maximum length 255 characters Timeout Number of seconds the access point waits for a reply from the RADIUS server before resending a request Range 1 60 seconds Default 5 Retransmit attempts The number of times the access point tries to resend a request to the RADIUS server before authentication fails Range 1 30 Default 3 Accounti...

Page 64: ...192 168 1 25 7 59 Enterprise AP config radius server port 181 7 60 Enterprise AP config radius server key green 7 60 Enterprise AP config radius server timeout 10 7 61 Enterprise AP config radius server retransmit 5 7 61 Enterprise AP config radius server port accounting 1813 7 62 Enterprise AP config radius server timeout interim 500 7 62 Enterprise AP config exit Enterprise AP show radius 7 64 R...

Page 65: ...red Clients can then securely use the local user name and password for access authentication Note that SSH client software needs to be installed on the management station to access the access point for management via the SSH protocol Notes 1 The access point supports only SSH version 2 0 2 After boot up the SSH server needs about two minutes to generate host encryption keys The SSH server is disab...

Page 66: ... 802 1X authentication However it is better to choose one or the other as appropriate Take note of the following points before configuring MAC address or 802 1X authentication Use MAC address authentication for a small network with a limited number of users MAC addresses can be manually configured on the access point itself without the need to set up a RADIUS server but managing a large number of ...

Page 67: ...ion is compared against the local database stored on the access point Use the Local MAC Authentication section of this web page to set up the local database and configure all access points in the wireless network service area with the same MAC address database Radius MAC The MAC address of the associating station is sent to a configured RADIUS server for authentication When using a RADIUS authenti...

Page 68: ... unknown MAC addresses that is those not listed in the local MAC database Deny Blocks access for all MAC addresses except those listed in the local database as Allow Allow Permits access for all MAC addresses except those listed in the local database as Deny MAC Authentication Settings Enters specified MAC addresses and permissions into the local MAC database MAC Address Physical address of a clie...

Page 69: ... AP config mac authentication server local 7 71 Enterprise AP config mac authentication session timeout 5 7 717 20 Enterprise AP config address filter default denied 7 69 Enterprise AP config address filter entry 00 70 50 cc 99 1a denied 7 70 Enterprise AP config address filter entry 00 70 50 cc 99 1b allowed Enterprise AP config address filter entry 00 70 50 cc 99 1c allowed Enterprise AP config ...

Page 70: ...n Information MAC Authentication Server REMOTE MAC Auth Session Timeout Value 300 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering DENIED System Default DENY addresses not found in filter table Filter Table MAC Address Status 00 70 50 cc 99 1a DENIED 00 70 50 cc 99 1b ALLOWED Enterprise AP CLI Command for 802 1x Supplicant To configure ...

Page 71: ...ts can communicate with each other through the access point Prevent Intra VAP client communication When enabled clients associated with a specific VAP interface cannot establish wireless communications with each other Clients can communicate with clients associated to other VAP interfaces Prevent Inter and Intra VAP client communication When enabled clients cannot establish wireless communications...

Page 72: ...filtering on the port Default Disabled CLI Commands for Bridge Filtering Use the filter local bridge command from the global configuration mode to prevent wireless to wireless communications through the access point Use the filter ap manage command to restrict management access from wireless clients To configure Ethernet protocol filtering use the filter ethernet type enable command to enable filt...

Page 73: ...n assigned client VLAN ID default VLAN ID or the management VLAN ID Traffic received from the wired network must also be tagged with one of these known VLAN IDs Received traffic that has an unknown VLAN ID or no VLAN tag is dropped When VLAN support is disabled the access point does not tag traffic passed to the wired network and ignores the VLAN tags on any received frames Note Before enabling VL...

Page 74: ...adecimal or string VLAN IDs on the RADIUS server can be entered as hexadecimal digits or a string see radius server vlan format on page 7 63 Note The specific configuration of RADIUS server software is beyond the scope of this guide Refer to the documentation provided with the RADIUS server software VLAN Classification Enables or disables VLAN tagging support on the access point Native VLAN ID The...

Page 75: ...that is an STP compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down WDS Bridge Up to six WDS bridge or repeater links MAC addresses per radio interface can be specified for each unit in the wireless bridge network One unit only must be confi...

Page 76: ...ave mode A single master enables up to five slave links whereas a slave will have only one link to the master Bridge Parent The physical layer address of the root bridge unit or the bridge unit connected to the root bridge 12 hexadecimal digits in the form xx xx xx xx xx xx Channel Auto Sync Allows a Bridge Child to automatically find the operating channel used by its Bridge Parent Caution Do not ...

Page 77: ...erves as the root of the spanning tree network It selects a root port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device Then it selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to 6 23 ...

Page 78: ... values indicate higher priority Range 0 65535 Default 32768 Bridge Max Age The maximum time in seconds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes the desig...

Page 79: ...mand from the CLI wireless interface configuration mode If the role of the radio interface is set to Bridge or Repeater the MAC address of the parent node must also be configured using the bridge link parent command If the role is set to anything other than Access Point then you should also configure the MAC addresses of the child nodes using the bridge link child command To view the current bridg...

Page 80: ...and Enterprise AP config bridge stp enable 6 104 Enterprise AP config bridge stp forwarding delay 2500 6 105 Enterprise AP config bridge stp hello time 500 6 106 Enterprise AP config bridge stp max age 4000 6 107 Enterprise AP config bridge stp priority 40000 6 108 Enterprise AP config interface wireless a Enterprise AP if wireless a bridge link path cost 2 40 6 109 Enterprise AP if wireless a bri...

Page 81: ... to the specified addresses If anyone tries to access a management interface from an unauthorized address the access point will reject the connection UI Management Enables or disables management access through Telnet the Web HTTP or SNMP interfaces Default Enabled Note Secure Web HTTPS connections are not affected by the UI Management or IP Management settings IP Management Restricts management ac...

Page 82: ... protect access to the management interface you need to configure an Administrator s user name and password as soon as possible If the user name and password are not configured then anyone having access to the access point may be able to compromise access point and network security Once a new Administrator has been configured you can delete the default admin user name from the system Username The ...

Page 83: ... ip http session timeout 0 7 18 Enterprise AP config Upgrading Firmware You can upgrade new access point software from a local file on the management workstation or from an FTP or TFTP server New software may be provided periodically from your distributor After upgrading new software you must reboot the access point to implement the new code Until a reboot occurs the access point will continue to ...

Page 84: ...ware is stored If upgrading from an FTP server be sure that you have an account configured on the server with a user name and password If VLANs are configured on the access point determine the VLAN ID with which the FTP or TFTP server is associated and then configure the management station or the network port to which it is attached with the same VLAN ID If you are managing the access point from a...

Page 85: ...guration file to a specified remote FTP or TFTP server A configuration file can also be downloaded to the access point to restore a specific configuration Export Import Select Export to upload a file to an FTP TFTP server Select Import to download a file from an FTP TFTP server Config file Specifies the name of the configuration file which must always be syscfg A path on the server can be specifie...

Page 86: ...mmand can be used to check that the new file is present in the access point file system To run the new software use the reset board command to reboot the access point Enterprise AP copy tftp file 7 56 1 Application image 2 Config file 3 Boot block image Select the type of download 1 2 3 1 1 TFTP Source file name img bin TFTP Server IP 192 168 1 19 Enterprise AP dir 7 58 File Name Type File Size df...

Page 87: ... memory or sent to a Syslog server The logged messages serve as a valuable tool for isolating access point and network problems System Log Setup Enables the logging of error messages Default Disable Server 1 4 Enables the sending of log messages to a Syslog server host Up to four Syslog servers are supported on the access point Default Disable Server Name IP The IP address or name of a Syslog serv...

Page 88: ...conditions e g return false unexpected return Notice Normal but significant condition such as cold start Informational Informational messages only Debug Debugging messages Note The access point error log can be viewed using the Event Logs window in the Status section page 6 95 The Event Logs window displays the last 128 messages logged in chronological order from the newest to the oldest Log messa...

Page 89: ...2 0 0 0 0 UDP Port 514 State Disabled 3 0 0 0 0 UDP Port 514 State Disabled 4 0 0 0 0 UDP Port 514 State Disabled Enterprise AP Configuring SNTP Simple Network Time Protocol SNTP allows the access point to set its internal clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for e...

Page 90: ...om the global configuration mode specify SNTP server IP addresses using the sntp server ip command then use the sntp server enable command to enable the service Use the sntp server timezone command to set the time zone for your location and the sntp server daylight saving command to set daylight savings To view the current SNTP settings use the show sntp command Enterprise AP config sntp server ip...

Page 91: ...nfig RSSI The RSSI value displayed on the RSSI page represents a signal to noise ratio A value of 30 would indicate that the power of the received signal is 30 dBm above the ambient noise floor This value can be used to align antennas see page 4 6 and monitor the quality of the received signal for bridge links An RSSI value of about 30 or more indicates a strong enough signal to support the maximu...

Page 92: ...6 System Configuration The RSSI controls allow the external connector to be disabled and the receive signal for each WDS port displayed 6 38 ...

Page 93: ...for a Master unit only port 1 for a Slave unit Default 1 Distance Mode Indicates if the 802 11a radio is operating in normal or Turbo mode See Radio Settings A on page 6 53 Distance The approximate distance between antennas in a bridge link LED Status Mode Selects AP mode or Bridge mode Bridge Port Allows the user to select the bridge port on which to monitor traffic Default 1 Range 1 6 There are ...

Page 94: ...th the format of the MIB specifications and the protocol used to access this information over the network The access point includes an onboard agent that supports SNMP versions 1 2c and 3 clients This agent continuously monitors the status of the access point as well as the traffic passing to and from wireless clients A network management station can access this information using SNMP management s...

Page 95: ...NMP Enables or disables SNMP management access and also enables the access point to send SNMP traps notifications Default Disable Location A text string that describes the system location Maximum length 255 characters Contact A text string that describes the system contact Maximum length 255 characters Community Name Read Only Defines the SNMP community access string that has read only access Auth...

Page 96: ... with the notification operation Maximum length 23 characters case sensitive Default public Engine ID Sets the engine identifier for the SNMPv3 agent that resides on the access point This engine protects against message replay delay and redirection The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A default ...

Page 97: ... A client station has failed MAC address authentication with the RADIUS server dot1xAuthNotInitiated A client station did not initiate 802 1X authentication dot1xAuthSuccess A 802 1X client station has been successfully authenticated by the RADIUS server dot1xAuthFail A 802 1X client station has failed RADIUS authentication dot1xSuppAuthenticated A supplicant station has been successfully authenti...

Page 98: ...tact commands to indicate the physical location of the access point and define a system contact To set the read only and read write community names use the snmp server community command Use the snmp server host command to define a trap receiver host and the snmp server trap command to enable or disable specific traps Enterprise AP config snmp server enable server 7 42 Enterprise AP config snmp ser...

Page 99: ...State Disabled 3 0 0 0 0 Community State Disabled 4 0 0 0 0 Community State Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuc...

Page 100: ...rresponding Passphrase field Priv Type The data encryption type used for the SNMP user either DES or none When DES is selected enter a key in the corresponding Passphrase field Passphrase The password or key associated with the authentication and privacy settings A minimum of eight plain text characters is required Action Click the Add button to add a new user to the list Click the edit button to ...

Page 101: ...group settings use the show snmp users or show snmp group assignments commands Enterprise AP config snmp server engine id 1a 2b 3c 4d 00 ff 7 45 Enterprise AP config snmp server user 7 46 User Name 1 32 chris Group Name 1 32 RWPriv Authtype md5 cr none md5 Passphrase 8 32 a good secret Privacy des cr none des Passphrase 8 32 a very good secret Enterprise AP config exit Enterprise AP show snmp user...

Page 102: ...defined by up to 20 MIB subtree ID entries To configure a new notification filter click the New button A new page opens to configure the filter see below To edit an existing filter select the radio button next to the entry in the table and then click the Edit button To delete a filter select the radio button next to the entry in the table and then click the Delete button When you click on the New ...

Page 103: ... Subtree OID Specifies MIB subtree to be filtered The MIB subtree must be defined in the form 1 3 6 1 and always start with a Filter Type Indicates if the filter is to include or exclude the MIB subtree objects from the filter Note that MIB objects included in the filter are not sent to the receiving target and objects excluded are sent By default all traps are sent so you can first use an include...

Page 104: ... trapfilter Type include Subtree iso Mask None Type exclude Subtree iso 3 6 1 2 1 2 2 1 1 23 Mask None Enterprise AP Configuring SNMPv3 Targets An SNMP v3 notification Target ID is specified by the SNMP v3 user IP address and UDP port A user defined filter can also be assigned to specific targets to limit the notifications received to specific MIB objects Note that the filter must first be configu...

Page 105: ...gth 32 characters IP Address Specifies the IP address of the receiving management station UDP Port The UDP port that is used on the receiving management station for notification messages SNMP User The defined SNMP v3 user that is to receive notification messages Assigned Filter The name of a user defined notification filter that is applied to the target CLI Commands for Configuring SNMPv3 Targets ...

Page 106: ...ble with 802 11b These interfaces are configured independently under the following web pages Radio Interface A 802 11a Radio Interface G 802 11b g Each radio supports up to four virtual access point VAP interfaces numbered 0 to 3 Each VAP functions as a separate access point and can be configured with its own Service Set Identification SSID and security settings However most radio signal parameter...

Page 107: ...n radio settings that apply to the overall system After you have configured the radio settings go to the Security page under the 802 a Interface See Security on page 6 73 enable the radio service for any of the VAP interfaces and then set an SSID to identify the wireless network service provided by each VAP Remember that only clients with the same SSID can associate with a VAP Note You must first ...

Page 108: ...6 System Configuration Configuring VAP Radio Settings To configure VAP radio settings select the Radio Settings page 6 54 ...

Page 109: ...s disassociated from the VAP interface Range 5 60 minutes Default 30 minutes WPA2 PMKSA Life Time WPA2 provides fast roaming for authenticated clients by retaining keys and other security settings in a cache for each VAP In this way when clients roam back into a VAP they had previously been using re authentication is not required When a WPA2 client is first authenticated it receives a Pairwise Mas...

Page 110: ... wireless a vap 0 7 95 Enterprise AP if wireless a VAP 0 description RD AP 3 7 107 Enterprise AP if wireless a VAP 0 vlan id 1 7 134 Enterprise AP if wireless a VAP 0 closed system 7 108 Enterprise AP if wireless a VAP 0 authentication timeout interval 30 7 109 Enterprise AP if wireless a VAP 0 association timeout interval 20 7 109 Enterprise AP if wireless a VAP 0 max association 32 7 108 Enterpr...

Page 111: ...d the access point checks the MAC address Basic Service Set Identifier BSSID of each access point that it finds against a RADIUS server to determine whether the access point is allowed With RADIUS authentication disabled the access point can detect its neighboring access points only it cannot identify whether the access points are allowed or are rogues If you enable RADIUS authentication you must ...

Page 112: ...e AP if wireless g rogue ap interval 120 7 116 Enterprise AP if wireless g rogue ap scan 7 117 Enterprise AP if wireless g rogueApDetect Completed Radio G 5 APs detected rogueAPDetect Radio G refreshing ap database now Enterprise AP if wireless g exit Enterprise AP show rogue ap 7 118 802 11a Channel Rogue AP Status AP Address BSSID SSID Channel MHz RSSI 802 11g Channel Rogue AP Status AP Address ...

Page 113: ... to 108 Mbps Enabling Turbo Mode allows the access point to provide connections up to 108 Mbps Default Disabled Note In normal mode the access point provides a channel bandwidth of 20 MHz and supports the maximum number of channels permitted by local regulations e g 13 channels for the United States In Turbo Mode the channel bandwidth is increased to 40 MHz to support the increased data rate Howev...

Page 114: ...aximum supported clients You also have to ensure that high power signals do not interfere with the operation of other radio devices in the service area Options 100 50 25 12 minimum Default 100 Note When operating the access point using 5 GHz channels in a European Community country the end user and installer are obligated to operate the device in accordance with European regulatory requirements fo...

Page 115: ...versity system Right The radio uses a single antenna on the right side Select this method when using an optional external antenna that is connected to the right antenna connector Left The radio uses a single antenna on the left side Select this method when using an optional external antenna that is connected to the left antenna connector Also select this method when using the integrated 5 GHz ante...

Page 116: ... the access point The beacon signals allow wireless clients to maintain contact with the access point They may also carry power management information Range 20 1000 TUs Default 100 TUs Data Beacon Rate The rate at which stations in sleep mode must wake up to receive broadcast multicast transmissions Known also as the Delivery Traffic Indication Map DTIM interval it indicates how often the MAC laye...

Page 117: ...cations The access point sends RTS frames to a receiving station to negotiate the sending of a data frame After receiving an RTS frame the station sends a CTS clear to send frame to notify the sending station that it can start sending data If the RTS threshold is set to 0 the access point always sends RTS signals If set to 2347 the access point never sends RTS signals If set to any other value and...

Page 118: ...prise AP if wireless a fragmentation length 512 7 104 Enterprise AP if wireless a rts threshold 256 7 105 Enterprise AP if wireless a Configuring Wi Fi Multimedia Wireless networks offer an equal opportunity for all devices to transmit data from any type of application Although this is acceptable for most applications multimedia applications with audio and video are particularly sensitive to the d...

Page 119: ...rwards traffic WMM adds data packets to four independent transmit queues one for each AC depending on the 802 1D priority tag of the packet Data packets without a priority tag are always added to the Best Effort AC queue From the four queues an internal virtual collision resolution mechanism first selects data with the highest priority to be granted a transmit opportunity Then the same collision r...

Page 120: ...f Minimum Wait Time Random Wait Time Figure 6 1 WMM Backoff Wait Times For high priority traffic the AIFSN and CW values are smaller The smaller values equate to less backoff and wait time and therefore more transmit opportunities To configure WMM select the Radio Settings page and scroll down to the WMM configuration settings 6 66 ...

Page 121: ...it of the random backoff wait time before wireless medium access can be attempted The initial wait time is a random value between zero and the CWMin value Specify the CWMin value in the range 0 15 microseconds Note that the CWMin value must be equal or less than the CWMax value logCWMax Maximum Contention Window The maximum upper limit of the random backoff wait time before wireless medium access ...

Page 122: ... access point The wmm acknowledge policy command is used to enable or disable a policy for each access category The wmmparms command defines detailed WMM parameters Enterprise AP if wireless a wmm required 7 136 Enterprise AP if wireless a wmm acknowledge policy 0 noack 7 136 Enterprise AP if wireless a wmmparams ap 0 4 6 3 1 1 7 137 6 68 ...

Page 123: ...ode DISABLED Channel 36 AUTO Status DISABLED MAC Address 00 12 cf 05 95 0c 802 11 Parameters Transmit Power FULL 16 dBm Max Station Data Rate 54Mbps Multicast Data Rate 6Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Maximum Association 64 stations MIC Mode ...

Page 124: ...XOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 1 Admission Control No TXOP Limit 1 504 ms Enterprise AP Radio Settings G 802 11g The IEEE 802 11g standard operates within the 2 4 GHz band at up to 54 Mbps Also note that because the IEEE 802 11g standard is an extension of the IEEE 802 11b standard it allows clients with 802 11b wireless network cards to associate to an 802 11g access poi...

Page 125: ...ecific to the 802 11g interface are included in this section To configure the 802 11g radio settings select the Radio Settings page Radio Mode Selects the operating mode for the 802 11g wireless interface Default 802 11b g 802 11b g Both 802 11b and 802 11g clients can communicate with the access point up to 54 Mbps 802 11b only Both 802 11b and 802 11g clients can communicate with the access poin...

Page 126: ...e is affected by the data rate The lower the data rate the longer the transmission distance Default 54 Mbps Super G The Atheros proprietary Super G performance enhancements are supported by the access point These enhancements include bursting compression fast frames and dynamic turbo Maximum throughput ranges between 40 to 60 Mbps for connections to Atheros compatible clients Default Disabled Prea...

Page 127: ...P if wireless g Security The access point is configured by default as an open system which broadcasts a beacon signal including the configured SSID Wireless clients with an SSID setting of any can read the SSID from the beacon and automatically set their SSID to allow immediate connection to the nearest access point To improve wireless network security you have to implement two main functions Auth...

Page 128: ...ers support for legacy WEP clients but with increased security risk i e WEP authentication keys disabled Requires configured RADIUS server 802 1X EAP type may require management of digital certificates for clients and server WPA PSK Mode Requires WPA enabled system and network card driver native support provided in Windows XP Provides good security in small networks Requires manual management of p...

Page 129: ...ings Authentication Shared Key or Open System Encryption Enable 802 1x Disable Local RADIUS or Disabled Yesc Dynamic WEP 802 1x only Interface Detail Settings Authentication Open System Encryption Enable 802 1x Required Set 802 1x key refresh and reauthentication rates Local RADIUS or Disabled Yesc 802 1x WPA only Interface Detail Settings Authentication WPA Encryption Enable WPA Configuration Req...

Page 130: ... Encryption Enable WPA Configuration Required Cipher Suite AES CCMP 802 1x Required Set 802 1x key refresh and reauthentication rates Local or Disabled Yes WPA2 Pre Shared Key only Interface Detail Settings Authentication WPA2 PSK Encryption Enable WPA Configuraton Required Cipher Suite AES CCMP 802 1x Disable WPA Pre shared Key Type Hexadicmal or Alphanumeric Enter a WPA Pre shared key Local or D...

Page 131: ...02 1X authentication is not performed Enabling the VAPs Before enabling the Virtual Access Point VAP radio interfaces first configure all of the relevant raido settings see Radio Settings A 802 11a on page 6 53 or Radio Settings G 802 11g on page 6 70 After you have configured the radio settings select Security under Radio A or Radio G set an SSID to identify the wireless network service provided ...

Page 132: ...ed for a high level of network security For more robust wireless security the access point provides Wi Fi Protected Access WPA for improved data encryption and user authentication Setting up shared keys enables the basic IEEE 802 11 Wired Equivalent Privacy WEP on the access point to prevent unauthorized access to the network If you choose to use WEP shared keys instead of an open system be sure t...

Page 133: ...with clients using static WEP keys and WPA select WEP transmit key index 2 3 or 4 The access point uses transmit key index 1 for the generation of dynamic keys To enable WEP shared keys for a VAP interface click Security under Radio A or Radio G Then select the VAP interface that will use WEP keys by clicking More and configure the Authentication Type Setup and Encryption fields Authentication Typ...

Page 134: ... web or CLI in order to enable all types of encryption WEP TKIP or AES in the access point CLI Commands for WEP Shared Key Security To enable WEP shared key security for the 802 11g interface use the interface wireless g command from the CLI configuration mode to access the interface mode for the 802 11g radio First use the key command to define up to four WEP keys that can be used for all VAP int...

Page 135: ... mixed mode Transmit Power FULL 5 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Preamble Length SHORT OR LONG Maximum Association 64 stations MIC Mode Software Super G Disabled VLAN ID 1 Security Close...

Page 136: ...C3 Voice logCwMin 2 logCwMax 3 AIFSN 2 Admission Control No TXOP Limit 1 504 ms WMM AP Parameters AC0 Best Effort logCwMin 4 logCwMax 6 AIFSN 3 Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 1 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 1 Admissi...

Page 137: ... a client the access point and a RADIUS server that prevents users from accidentally joining a rogue network Only when a RADIUS server has authenticated a user s credentials will encryption keys be sent to the access point and client Note To implement WPA on wireless clients requires a WPA enabled network card driver and 802 1X client software that supports the EAP authentication type that you wan...

Page 138: ...upport for TKIP encryption The main differences and enhancements in WPA2 can be summarized as follows Advanced Encryption Standard AES WPA2 uses AES Counter Mode encryption with Cipher Block Chaining Message Authentication Code CBC MAC for message integrity The AES Counter Mode CBCMAC Protocol AES CCMP provides extremely robust data confidentiality using a 128 bit key The AES CCMP encryption ciphe...

Page 139: ...eless network it has to be fully authenticated When the client is about to roam to another access point in the network the access point sends pre authentication messages to the new access point that include the client s security association information Then when the client sends an association request to the new access point the client is known to be already authenticated so it proceeds directly t...

Page 140: ...ication WPA2 PSK Clients using WPA2 with a Pre shared Key are accepted for authentication WPA WPA2 mixed Clients using WPA or WPA2 over 802 1X are accepted for authentication WPA WPA2 PSK mixed Clients using WPA or WPA2 with a Pre shared Key are accepted for authentication WPA Configuration Each VAP interface can be configured to allow only WPA enabled clients to access the network Required or to ...

Page 141: ...m the VAP interface configuration mode use the auth wpa psk required command to enable WPA Pre shared Key security To enter a key value use the wpa pre shared key command to specify a hexadecimal or alphanumeric key To view the current security settings use the show interface wireless a 0 3 or show interface wireless g 0 3 command not shown in example Enterprise AP config interface wireless g 7 88...

Page 142: ...6 Enterprise AP if wireless g VAP 0 802 1X session timeout 300 7 67 Enterprise AP if wireless g VAP 0 Configuring 802 1X IEEE 802 1X is a standard framework for network access control that uses a central RADIUS server for user authentication This control feature prevents unauthorized access to the network by requiring an 802 1X client application to submit user credentials for authentication The 8...

Page 143: ...s not initiate 802 1X authentication For clients initiating 802 1X only those successfully authenticated are allowed to access the network For those clients not initiating 802 1X access to the network is allowed after successful wireless association with the access point The 802 1X supported mode allows access for clients not using WPA or WPA2 security Required The access point enforces 802 1X aut...

Page 144: ...t key refresh rate 5 7 66 Enterprise AP if wireless g VAP 0 802 1X session key refresh rate 5 7 67 Enterprise AP if wireless g VAP 0 802 1X session timeout 300 7 67 Enterprise AP Status Information The Status page includes information on the following items Menu Description Page AP Status Displays configuration settings for the basic system and the wireless interface 6 90 Station Status Shows the ...

Page 145: ...C The physical layer address for the 802 11b g interface System Name Name assigned to this system System Contact Administrator responsible for the system IP Address IP address of the management interface for this device IP Default Gateway IP address of the gateway router between this device and management stations that exist on other network segments HTTP Server Shows if management access via HTTP...

Page 146: ...tings To view the current access point system settings use the show system command from the Exec mode To view the current radio interface settings use the show interface wireless a or show interface wireless g command see page 7 111 Enterprise AP show system 7 23 System Information Serial Number A123456789 System Up time 0 days 4 hours 33 minutes 29 seconds System Name Enterprise Wireless AP Syste...

Page 147: ...Privacy WEP to verify client identity by distributing a shared key to stations before attempting authentication Associated Shows if the station has been successfully associated with the access point Once authentication is completed stations can associate with the current access point or reassociate with a new access point The association procedure allows the wireless system to track the location o...

Page 148: ...mation if wireless A VAP 0 802 11a Channel Auto No 802 11a Channel Stations if wireless A VAP 1 802 11a Channel Auto No 802 11a Channel Stations No 802 11a Channel Stations if wireless A VAP 3 802 11a Channel Auto No 802 11a Channel Stations if wireless G VAP 0 802 11g Channel Auto No 802 11g Channel Stations if wireless G VAP 1 802 11g Channel Auto No 802 11g Channel Stations No 802 11g Channel S...

Page 149: ...r Messages An example of a logged error message is Station Failed to authenticate unsupported algorithm This message may be caused by any of the following conditions Access point was set to Open Authentication but a client sent an authentication request frame with a Shared key Access point was set to Shared Key Authentication but a client sent an authentication frame for Open System WEP keys do no...

Page 150: ...om the Global Configuration mode Enterprise AP show event log 7 33 Mar 09 11 57 55 Information 802 11g 11g Radio Interface Enabled Mar 09 11 57 55 Information 802 11g Radio channel updated to 8 Mar 09 11 57 34 Information 802 11g 11g Radio Interface Enabled Mar 09 11 57 18 Information 802 11g 11g Radio Interface Enabled Mar 09 11 56 35 Information 802 11a 11a Radio Interface Enabled Mar 09 11 55 5...

Page 151: ...ach port ID Displays the port ID number Priority The priority designated to the specified port Path Cost Displays the path cost value for the specified port Status Displays if STP is enabled or disabled for the specified port State Display the STP state for the specified port 6 97 ...

Page 152: ...6 System Configuration 6 98 ...

Page 153: ...gin screen displays Username admin Password Enterprise AP Caution Command examples shown later in this chapter abbreviate the console prompt to AP for simplicity Telnet Connection Telnet operates over the IP transport protocol In this environment your management station and any network device you want to manage over the network must have a valid IP address Valid IP addresses consist of four number...

Page 154: ... the Telnet command the login screen displays Username admin Password Enterprise AP Caution You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identify a command and arguments specify configuration parameters For example in the command show i...

Page 155: ...w displays a list of possible show commands Enterprise AP show APmanagement Show management AP information authentication Show Authentication parameters bootfile Show bootfile name bridge Show bridge config System snapshot for tech support dhcp relay Show DHCP Relay Configuration event log Show event log on console filters Show filters hardware Show hardware version history Display the session his...

Page 156: ...mands that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configuration classes Exec commands g...

Page 157: ...on and include command such as dns and ip Interface Wireless Configuration IC W These commands modify the wireless port configuration of global parameters for the radio and include commands such as channel and transmit power Interface Wireless Virtual Access Point Configuration IC W VAP These commands modify the wireless port configuration for each VAP and include commands such as ssid and authent...

Page 158: ...rent command line on a new line Ctrl N Enters the next command line in the history buffer Ctrl P Shows the last command Ctrl R Repeats current command line on a new line Ctrl U Deletes the entire line Ctrl W Deletes the last word typed Esc B Moves the cursor backward one word Esc D Deletes from the cursor to the end of the word Esc F Moves the cursor forward one word Delete key or backspace key Er...

Page 159: ...encryption settings 7 114 Rogue AP Detection Configures settings for the detection of rogue access points in the network 7 114 Link Integrity Configures a link check to a host device on the wired network 7 128 IAPP Enables roaming between multi vendor access points 7 132 VLANs Configures VLAN membership 7 133 WMM Configures WMM quality of service parameters 7 135 The access mode shown in the follo...

Page 160: ...lt Setting None Command Mode Exec Example Enterprise AP configure Enterprise AP config Related Commands end 7 8 end This command returns to the previous configuration mode Default Setting None Command Mode Global Configuration Interface Configuration Example This example shows how to return to the Configuration mode from the Interface Configuration mode Enterprise AP if ethernet end Enterprise AP ...

Page 161: ...ng None Command Mode Exec Command Usage Use the ping command to see if another site on the network can be reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this desti...

Page 162: ...ys run the Power On Self Test Example This example shows how to reset the system Enterprise AP reset board Reboot system now y n y show history This command shows the contents of the command history buffer Default Setting None Command Mode Exec Command Usage The history buffer size is fixed at 10 commands Use the up or down arrow keys to scroll through the commands in the history buffer Example In...

Page 163: ...e Designation prompt Customizes the command line prompt GC 7 14 system name Specifies the host name for the access point GC 7 14 snmp server contact Sets the system contact string GC 7 41 snmp server location Sets the system location string GC 7 42 Management Access username Configures the user name for management access GC 7 15 password Specifies the password for management access GC 7 15 ip ssh ...

Page 164: ...ration information for the system Exec 7 24 show hardware Displays the access point s hardware version Exec 7 28 country This command configures the access point s country code which identifies the country of operation and sets the authorized radio channels Syntax country country_code country_code A two character code that identifies the country of operation See the following table for a full list...

Page 165: ...Chile CL Ireland IE Pakistan PK United States US China CN Israel IL Panama PA Uruguay UY Colombia CO Italy IT Peru PE Uzbekistan UZ Costa Rica CR Japan JP Philippines PH Yemen YE Croatia HR Jordan JO Poland PL Venezuela VE Cyprus CY Kazakhstan KZ Portugal PT Vietnam VN Czech Republic CZ North Korea KP Puerto Rico PR Zimbabwe ZW Denmark DK Korea Republic KR Slovenia SI Elsalvador SV Luxembourg LU S...

Page 166: ...o prompt string Any alphanumeric string to use for the CLI prompt Maximum length 32 characters Default Setting Enterprise AP Command Mode Global Configuration Example Enterprise AP config prompt RD2 RD2 config system name This command specifies or modifies the system name for this device Use the no form to restore the default system name Syntax system name name no system name name The name of this...

Page 167: ...dmin Command Mode Global Configuration Example Enterprise AP config username bob Enterprise AP config password After initially logging onto the system you should set the password Remember to record it in a safe place Use the no form to reset the default password Syntax password password no password password Password for management access Length 3 16 characters case sensitive Default Setting smcadm...

Page 168: ...ate host encryption keys The SSH server is disabled while the keys are being generated The show system command displays the status of the SSH server Example Enterprise AP if ethernet ip ssh server enable Enterprise AP if ethernet ip ssh server port This command sets the Secure Shell server port Use the no form to disable the server Syntax ip ssh server port port number port number The UDP port use...

Page 169: ...AP if ethernet ip telnet server enable Enterprise AP if ethernet ip http port This command specifies the TCP port number used by the web browser interface Use the no form to use the default port Syntax ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1024 65535 Default Setting 80 Command Mode Global Configuration Example Enterprise AP conf...

Page 170: ...rise AP config ip http server Enterprise AP config Related Commands ip http port 7 17 ip http session timeout This command sets the time limit for an idle web interface session Syntax ip http session timeout time time Sets the web interface session timeout Range 0 1800 seconds 0 means disabled Default Setting 300 seconds Command Mode Global Configuration Example Enterprise AP config ip http sessio...

Page 171: ...se the same port To avoid using common reserved TCP port numbers below 1024 the configurable range is restricted to 443 and between 1024 and 65535 If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format https device port_number Example Enterprise AP config ip https port 1234 Enterprise AP config ip https server Us...

Page 172: ...TTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for ...

Page 173: ...interface on the access point from an invalid address the unit will reject the connection enter an event message in the system log and send a trap message to the trap manager IP address can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the sa...

Page 174: ...bles the selected management access method Default Setting All enabled Command Mode Global Configuration Example This example restricts management access to the indicated addresses Enterprise AP config apmgmtui SNMP enable Enterprise AP config show apmanagement This command shows the AP management configuration including the IP addresses of management stations allowed to access the access point as...

Page 175: ...ontact System Country Code US UNITED STATES MAC Address 00 30 F1 F0 9A 9C IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED Management VLAN ID AP 1 IAPP State ENABLED DHCP Client ENABLED HTTP Server ENABLED HTTP Server Port 80 HTTPS Server ENABLED HTTPS Server Port 443 Slot Status Dual band a g Boot Rom Version v3 0 3 Software Version v4 3 1 9 SSH Server ...

Page 176: ...le Enterprise AP show config Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeout Value 0 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering ALLOWED System Default ALLOW addresses not found in filter table Filter Table No Filter Entries Bootfile Information Bootfile ec img bin Protocol Filter Information ...

Page 177: ...0 5 dBm Data Rate 54Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs DTIM Interval 1 beacon Maximum Association 64 stations Native VLAN ID 1 Security Closed System DISABLED Multicast cipher WEP Unicast cipher TKIP and AES WPA clients REQUIRED WPA Key Mgmt Mode PRE SHARED KEY WPA PSK Key Type ALPHANUMERIC Encryption DISABLED Default Transmit Key 1 Static Keys...

Page 178: ... 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Radius Secondary Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX SNMP Information Service State Disable Community ro Community rw Location Contact Contact EngineId 80 00 07 e5 80 00 00 29 f6 00 00 00 0c EngineBoots 2 Trap Destination...

Page 179: ...sabled SNTP server 1 IP 137 92 140 80 SNTP server 2 IP 192 43 244 18 Current Time 00 14 Jan 1st 1970 Time Zone 5 BOGOTA EASTERN INDIANA Daylight Saving Disabled Station Table Information if wireless A VAP 0 802 11a Channel Auto N o 802 11a Channel Stations if wireless G VAP 0 802 11g Channel Auto N o 802 11g Channel Stations System Information Serial Number System Up time 0 days 0 hours 16 minutes...

Page 180: ...g on the access point Table 7 6 System Logging Commands Command Function Mode Page logging on Controls logging of error messages GC 7 29 logging host Adds a syslog server host IP address that will receive logging messages GC 7 29 logging console Initiates logging of error messages to the console GC 7 30 logging level Defines the minimum severity level for event logging GC 7 30 logging facility typ...

Page 181: ...e stored in memory Example Enterprise AP config logging on Enterprise AP config logging host This command specifies syslog servers host that will receive logging messages Use the no form to remove syslog server host Syntax logging host 1 2 3 4 host_name host_ip_address udp_port no logging host 1 2 3 4 1 First syslog server 2 Second syslog server 3 Third syslog server 4 Fourth syslog server host_na...

Page 182: ... to the console Syntax logging console no logging console Default Setting Disabled Command Mode Global Configuration Example Enterprise AP config logging console Enterprise AP config logging level This command sets the minimum severity level for event logging Syntax logging level Emergency Alert Critical Error Warning Notice Informational Debug Default Setting Informational Command Mode Global Con...

Page 183: ...tions e g return false unexpected return Notice Normal but significant condition such as cold start Informational Informational messages only Debug Debugging messages Example Enterprise AP config logging level alert Enterprise AP config logging facility type This command sets the facility type for remote logging of syslog messages Syntax logging facility type type type A number that indicates the ...

Page 184: ...ears all log messages stored in the access point s memory Syntax logging clear Command Mode Global Configuration Example Enterprise AP config logging clear Enterprise AP config show logging This command displays the logging configuration Syntax show logging Command Mode Exec Example Enterprise AP show logging Logging Information Syslog State Enabled Logging Console State Enabled Logging Level Aler...

Page 185: ...mation 802 11a 11a Radio Interface Disabled Mar 09 11 55 40 Information 802 11a Transmit Power set to QUARTER Press n next p previous a abort y continue to end Enterprise AP configure Enter configuration commands one per line End with CTRL Z Enterprise AP config logging clear System Clock Commands These commands are used to configure SNTP and system clock settings on the access point Table 7 7 Sys...

Page 186: ...abled using the sntp server enable command the sntp server ip command specifies the time servers from which the access point polls for time updates The access point will poll the time servers in the order specified until a response is received Example Enterprise AP config sntp server ip 10 1 0 19 Enterprise AP Related Commands sntp server enable 7 34 show sntp 7 37 sntp server enable This command ...

Page 187: ...ple Enterprise AP config sntp server enable Enterprise AP config Related Commands sntp server ip 7 34 show sntp 7 37 sntp server date time This command sets the system clock Default Setting 00 14 00 January 1 1970 Command Mode Global Configuration Example This example sets the system clock to 17 37 June 19 2003 Enterprise AP sntp server date time Enter Year 1970 2100 2003 Enter Month 1 12 6 Enter ...

Page 188: ...specified period Example This sets daylight savings time to be used from July 1st to September 1st Enterprise AP config sntp server daylight saving Enter Daylight saving from which month 1 12 6 and which day 1 31 1 Enter Daylight saving end to which month 1 12 9 and which day 1 31 1 Enterprise AP config sntp server timezone This command sets the time zone for the access point s internal clock Synt...

Page 189: ...and minutes your time zone is east before or west after of UTC Example Enterprise AP config sntp server timezone 8 Enterprise AP config show sntp This command displays the current time and configuration settings for the SNTP client Command Mode Exec Example Enterprise AP show sntp SNTP Information Service State Enabled SNTP server 1 IP 137 92 140 80 SNTP server 2 IP 192 43 244 18 Current Time 08 0...

Page 190: ... dhcp relay enable Enables the DHCP relay agent GC 7 38 dhcp relay Sets the primary and secondary DHCP server address GC 7 39 show dhcp relay Shows current DHCP relay configuration settings Exec 7 39 dhcp relay enable This command enables the access point s DHCP relay agent Use the no form to disable the agent Syntax no dhcp relay enable Default Setting Disabled Command Mode Global Configuration C...

Page 191: ...ddress IP address of the server Default Setting Primary and secondary 0 0 0 0 Command Mode Global Configuration Example Enterprise AP config dhcp relay primary 192 168 1 10 Enterprise AP config show dhcp relay This command displays the current DHCP relay configuration Command Mode Exec Example Enterprise AP show dhcp relay DHCP Relay ENABLED Primary DHCP Server 192 168 1 10 Secondary DHCP Server 0...

Page 192: ...ications GC 7 44 snmp server engine id Sets the engine ID for SNMP v3 GC 7 45 snmp server user Sets the name of the SNMP v3 user GC 7 46 snmp server targets Configures SNMP v3 notification targets GC 7 48 snmp server filter Configures SNMP v3 notification filters GC 7 49 snmp server filter assignments Assigns SNMP v3 notification filters to targets GC 7 50 show snmp groups Displays the pre defined...

Page 193: ...re able to both retrieve and modify MIB objects Default Setting public Read only access Authorized management stations are only able to retrieve MIB objects private Read write access Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Command Usage If you enter a community string without the ro or rw option the default is read only Exam...

Page 194: ...ation text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Enterprise AP config snmp server location WC 19 Enterprise AP config Related Commands snmp server contact 7 41 snmp server enable server This command enables SNMP management access and also enables this device to send SNMP traps i e notifications Use the...

Page 195: ...t Syntax snmp server host 1 2 3 4 host_ip_address host_name community string no snmp server host 1 First SNMP host 2 Second SNMP host 3 Third SNMP host 4 Fourth SNMP host host_ip_address IP of the host the targeted recipient host_name Name of the host Range 1 63 characters community string Password like community string sent with the notification operation Although you can set this string using th...

Page 196: ...1StationAuthentication A client station has been successfully authenticated dot11StationReAssociation A client station has successfully re associated with the access point dot11StationRequestFail A client station has failed association re association or authentication dot1xAuthFail A 802 1X client station has failed RADIUS authentication dot1xAuthNotInitiated A client station did not initiate 802 ...

Page 197: ...erChanged The access point has changed from the primary RADIUS server to the secondary or from the secondary to the primary sysSystemDown The access point is about to shutdown and reboot sysSystemUp The access point is up and running Default Setting All traps enabled Command Mode Global Configuration Command Usage This command is used in conjunction with the snmp server host and snmp server enable...

Page 198: ...er user user name user name A user defined string for the SNMP user 32 characters maximum Default Setting None Command Mode Global Configuration Command Usage Up to 10 SNMPv3 users can be configured on the access point The SNMP engine ID is used to compute the authentication privacy digests from the pass phrase You should therefore configure the engine ID with the snmp server engine id command bef...

Page 199: ... none auth passphrase The user password required when authentication is used 8 32 characters priv proto The encryption type used for SNMP data encryption des or none priv passphrase The user password required when data encryption is used 8 32 characters Users must be assigned to groups that have the same security levels If a user who has AuthPriv security uses authentication and encryption is assi...

Page 200: ...name The defined SNMP v3 user name that is to receive notifications version The SNMP version of notifications Currently only version 3 is supported in this command udp port The UDP port that is used on the receiving management station for notifications notification type The type of notification that is sent Currently only TRAP is supported Default Setting None Command Mode Global Configuration Com...

Page 201: ...ws up to 10 notification filters to be created Each filter can be defined by up to 20 MIB subtree ID entries Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects Note that the filter entries are applied in the sequence that they are defined The MIB subtree must be defined in the form 1 3 6 1 and always start with a The mask is a he...

Page 202: ...ers filter id A user defined name that identifies an SNMP v3 notification filter Maximum length 32 characters Default Setting None Command Mode Global Configuration Example Enterprise AP config snmp server filter assignments mytraps trapfilter Enterprise AP config exit Enterprise AP show snmp target Host ID mytraps User chris IP Address 192 168 1 33 UDP Port 162 Enterprise AP show snmp filter assi...

Page 203: ...tyLevel AuthPriv Enterprise AP show snmp users This command displays the SNMP v3 users and settings Syntax show snmp users Command Mode Exec Example Enterprise AP show snmp users UserName chris GroupName RWPriv AuthType MD5 Passphrase PrivType DES Passphrase Enterprise AP show snmp group assignments This command displays the SNMP v3 user group assignments Syntax show snmp group assignments Command...

Page 204: ...mp target Host ID mytraps User chris IP Address 192 168 1 33 UDP Port 162 Enterprise AP show snmp filter This command displays the SNMP v3 notification filter settings Syntax show snmp filter filter id filter id A user defined name that identifies an SNMP v3 notification filter Maximum length 32 characters Command Mode Exec Example Enterprise AP show snmp filter Filter trapfilter Type include Subt...

Page 205: ...Commands 7 This command displays the SNMP v3 notification filter assignments Syntax show snmp filter assignments Command Mode Exec Example Enterprise AP show snmp filter assignments HostID FilterID Enterprise AP mytraps trapfilter 7 53 ...

Page 206: ...e Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuccess EnablediappContextDataSent Enabled iappStationRoamedFrom Enabled iapp...

Page 207: ...n flash memory Exec 7 58 show bootfile Displays the name of the current operation code file that booted the system Exec 7 58 bootfile This command specifies the image used to start up the system Syntax bootfile filename filename Name of the image file Default Setting None Command Mode Exec Command Usage The file name should not contain slashes or the leading letter of the file name should not be a...

Page 208: ...on file from flash memory Default Setting None Command Mode Exec Command Usage The system prompts for data required to complete the copy command Only a configuration file can be uploaded to an FTP TFTP server but every type of file can be downloaded to the access point The destination file name should not contain slashes or the leading letter of the file name should not be a period and the maximum...

Page 209: ... Command Mode Exec Caution Beware of deleting application images from flash memory At least one application image is required in order to boot the access point If there are multiple image files in flash memory and the one used to boot the access point is deleted be sure you first use the bootfile command to update the application image file booted at startup before you reboot the access point Exam...

Page 210: ...bytes Example The following example shows how to display all file information Enterprise AP dir File Name Type File Size dflt img bin 2 1044140 syscfg 5 16860 syscfg_bak 5 16860 zz img bin 2 1044140 1048576 byte s available Enterprise AP show bootfile This command displays the name of the current operation code file that booted the system Syntax show snmp filter assignments Command Mode Exec Examp...

Page 211: ...retries GC 7 61 radius server timeout Sets the interval between sending authentication requests GC 7 61 radius server port accounting Sets the RADIUS Accounting server network port GC 7 62 radius server timeout interim Sets the interval between transmitting accounting updates to the RADIUS server GC 7 62 radius server radius mac format Sets the format for specifying MAC addresses on the RADIUS ser...

Page 212: ... Range 1024 65535 Default Setting 1812 Command Mode Global Configuration Example Enterprise AP config radius server port 181 Enterprise AP config radius server key This command sets the RADIUS encryption key Syntax radius server secondary key key_string secondary Secondary server key_string Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum le...

Page 213: ...nfiguration Example Enterprise AP config radius server retransmit 5 Enterprise AP config radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Syntax radius server secondary timeout number_of_seconds secondary Secondary server number_of_seconds Number of seconds the access point waits for a reply before resending a request Range 1 60...

Page 214: ...a RADIUS accounting session is automatically started for each user that is successfully authenticated to the access point Example Enterprise AP config radius server port accounting 1813 Enterprise AP config radius server timeout interim This command sets the interval between transmitting accounting updates to the RADIUS server Syntax radius server secondary timeout interim number_of_seconds second...

Page 215: ...iter Enter MAC addresses in the form xxxxxxxxxxxx single dash Enter MAC addresses in the form xxxxxx xxxxxx Default Setting No delimiter Command Mode Global Configuration Example Enterprise AP config radius server radius mac format multi dash Enterprise AP config radius server vlan format This command sets the format for specifying VLAN IDs on the RADIUS server Syntax radius server vlan format hex...

Page 216: ...d Mode Exec Example Enterprise AP show radius Radius Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Radius Secondary Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 Radius MAC format no delimiter Radius VLAN format HEX Enterprise AP 7 64 ...

Page 217: ...ons using 802 1X dynamic keying IC W VAP 7 66 802 1x session key refresh rate Sets the interval at which unicast session keys are refreshed for associated stations using dynamic keying IC W VAP 7 67 802 1x session timeout Sets the timeout after which a connected client must be re authenticated IC W VAP 7 67 802 1x supplicant enable Enables the access point to operate as a 802 1X supplicant GC 7 66...

Page 218: ...quired the access point enforces 802 1X authentication for all 802 11 associated stations If 802 1X authentication is not initiated by the station the access point will initiate authentication Only those stations successfully authenticated with 802 1X are allowed to access the network 802 1X does not apply to the 10 100Base TX port Example Enterprise AP config 802 1x supported Enterprise AP config...

Page 219: ...sword no 802 1x supplicant user username The access point name used for authentication to the network Range 1 32 alphanumeric characters password The MD5 password used for access point authentication Range 1 32 alphanumeric characters Default None Command Mode Global Configuration Command Usage The access point currently only supports EAP MD5 CHAP for 802 1X supplicant authentication Example Enter...

Page 220: ...tication Authentication Information MAC Authentication Server DISABLED MAC Auth Session Timeout Value 0 min 802 1x supplicant DISABLED 802 1x supplicant user EMPTY 802 1x supplicant password EMPTY Address Filtering ALLOWED System Default ALLOW addresses not found in filter table Filter Table MAC Address Status 00 70 50 cc 99 1a DENIED 00 70 50 cc 99 1b ALLOWED Enterprise AP config 7 68 ...

Page 221: ...e Removes a MAC address from the filter table GC 7 70 mac authentication server Sets address filtering to be performed with local or remote options GC 7 71 mac authentication session timeout Sets the interval at which associated clients will be re authenticated with the RADIUS server authentication database GC 7 71 show authentication Shows all 802 1X authentication settings as well as the address...

Page 222: ... Global Configuration Command Mode The access point supports up to 1024 MAC addresses An entry in the address table may be allowed or denied access depending on the global setting configured for the address entry default command Example Enterprise AP config address filter entry 00 70 50 cc 99 1a allowed Enterprise AP config Related Commands address filter default 7 69 802 1x supplicant user 7 67 a...

Page 223: ...n database during 802 11 association remote Authenticate the MAC address of wireless clients with the RADIUS server during 802 1X authentication Default Disabled Command Mode Global Configuration Example Enterprise AP config mac authentication server remote Enterprise AP config Related Commands address filter entry 7 70 radius server address 7 59 802 1x supplicant user 7 67 mac authentication sess...

Page 224: ...ommands Command Function Mode Page filter local bridge Disables communication between wireless clients GC 7 73 filter ap manage Prevents wireless clients from accessing the management interface GC 7 73 filter uplink enable Ethernet port MAC address filtering GC 7 74 filter uplink Adds or deletes a MAC address from the filtering table GC 7 74 filter ethernet type enable Checks the Ethernet type for...

Page 225: ...ents can communicate with clients associated to other VAP interfaces Default Disabled Command Mode Global Configuration Command Usage This command can disable wireless to wireless communications between clients via the access point However it does not affect communications between wireless clients and the wired network Example Enterprise AP config filter local bridge Enterprise AP config filter ap...

Page 226: ... add delete MAC address MAC address Specifies a MAC address in the form xx xx xx xx xx xx A maximum of four addresses can be added to the filtering table Default Disabled Command Mode Global Configuration Example Enterprise AP config filter uplink add 00 12 34 56 78 9a Enterprise AP config filter ethernet type enable This command checks the Ethernet type on all incoming and outgoing Ethernet packe...

Page 227: ...et type protocol protocol protocol An Ethernet protocol type Options ARP RARP Berkeley Trailer Negotiation LAN Test X25 Level 3 Banyan CDP DEC XNS DEC MOP Dump Load DEC MOP DEC LAT Ethertalk Appletalk ARP Novell IPX old Novell IPX new EAPOL Telxon TXP Aironet DDP Enet Config Test IP IPv6 NetBEUI PPPoE_Discovery PPPoE_PPP_Session Default None Command Mode Global Configuration Command Usage Use the ...

Page 228: ...ion System WDS forwarding table settings Command Function Mode Page bridge mode Selects Master or Slave mode IC W 7 77 bridge role Selects the bridge operation mode for a radio interface IC W 7 77 bridge channel auto sync Automatically finds the parent bridge operating channel IC W 7 78 bridge link parent Configures the MAC addresses of the parent bridge node IC W 7 78 bridge link child Configures...

Page 229: ... extending the range for remote wireless clients and connecting them to the root bridge The Parent link to the root bridge must be configured In this mode traffic is not forwarded to the Ethernet port from the radio interface bridge Operates as a bridge to other access points also in bridge mode root bridge Operates as the root bridge in the wireless bridge network Default Setting AP Command Mode ...

Page 230: ... the operating channel of its parent bridge Caution Do not enable Channel Auto Sync on a master bridge if there is no root bridge acting as the master bridge s parent Syntax bridge channel auto sync enable disable enable The bridge will automatically search and find the operating channel of its parent disable The bridge must have the operating channel manually set to the operating channel of its p...

Page 231: ...the child node Range 1 6 mac address The wireless MAC address of a child bridge unit 12 hexadecimal digits in the form xx xx xx xx xx xx Default Setting None Command Mode Interface Configuration Wireless Command Usage In root bridge mode up to six child bridge links can be specified using link index numbers 1 to 6 In bridge mode up to five child links can be specified using link index numbers 2 to...

Page 232: ...conds Command Mode Global Configuration Command Usage If the MAC address of an entry in the address table is not seen on the associated interface for longer than the aging time the entry is discarded Example Enterprise AP config bridge dynamic entry age time 100 Enterprise AP config show bridge aging time This command displays the current WDS forwarding table aging time setting Command Mode Exec E...

Page 233: ...0 30 f1 f0 9b 23 1 0 1 300 300 Static 00 30 f1 f0 9b 24 1 0 1 300 300 Static 00 30 f1 f0 9b 25 1 0 1 300 300 Static 00 30 f1 f0 9b 26 1 0 1 300 300 Static 00 30 f1 f0 9b 27 1 0 1 300 300 Static 00 30 f1 2f be 30 1 3 0 300 175 Dynamic 00 30 f1 f0 9a 9c 1 0 1 300 300 Static ff ff ff ff ff ff 0 4 4095 300 300 Static Enterprise AP show bridge link This command displays WDS bridge link and spanning tre...

Page 234: ...te Disabled priority 0 path cost 19 message age Timer Inactive message age 4469 designated root priority 32768 MAC 00 30 F1 F0 9A 9C designated cost 0 designated bridge priority 32768 MAC 00 30 F1 F0 9A 9C designated port priority 0 port No 11 forward transitions 0 Enterprise AP Enterprise AP show bridge link ethernet status Enabled state Forwarding priority 0 path cost 19 message age Timer Inacti...

Page 235: ...ge GC 7 85 bridge stp priority Configures the spanning tree bridge priority GC 7 85 bridge link path cost Configures the spanning tree path cost of a port IC 7 86 bridge link port priority Configures the spanning tree priority of a port IC 7 86 show bridge stp Displays the global spanning tree settings Exec 7 87 show bridge link Displays current bridge settings for specified interfaces Exec 7 81 b...

Page 236: ...t receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to the discarding state otherwise temporary data loops might result Example Enterprise AP config bridge stp forwarding delay 20 Enterprise AP config bridge stp hello time Use this command to configure the spanning tree brid...

Page 237: ...econds a device can wait without receiving a configuration message before attempting to reconfigure All device ports except for designated ports should receive configuration messages at regular intervals Any port that ages out STP information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the d...

Page 238: ...dge Range 1 6 required on wireless interface only cost The path cost for the port Range 1 65535 Default Setting 19 Command Mode Interface Configuration Command Usage This command is used by the Spanning Tree Protocol to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost ...

Page 239: ...ireless a bridge link port priority 1 64 Enterprise AP if wireless a Related Commands bridge link path cost 7 86 show bridge stp This command displays aging time and spanning tree settings for the Ethernet and wireless interfaces Syntax show bridge stp Command Mode Exec Example Enterprise AP show bridge stp Bridge MAC 00 12 CF 05 B7 84 Status Disabled priority 0 designated root priority 0 MAC 00 0...

Page 240: ...7 89 ip address Sets the IP address for the Ethernet interface IC E 7 89 ip dhcp Submits a DHCP request for an IP address IC E 7 90 speed duplex Configures speed and duplex operation on the Ethernet interface IC E 7 91 shutdown Disables the Ethernet interface IC E 7 92 show interface ethernet Shows the status for the Ethernet interface Exec 7 92 interface ethernet This command enters Ethernet inte...

Page 241: ...servers are queried in sequence Example This example specifies two domain name servers Enterprise AP if ethernet dns primary server 192 168 1 55 Enterprise AP if ethernet dns secondary server 10 1 0 55 Enterprise AP if ethernet Related Commands show interface ethernet 7 92 ip address This command sets the IP address for the access point Use the no form to restore the default IP address Syntax ip a...

Page 242: ... be accepted by the configuration program Example Enterprise AP config interface ethernet Enter Ethernet configuration commands one per line Enterprise AP if ethernet ip address 192 168 1 2 255 255 255 0 192 168 1 253 Enterprise AP if ethernet Related Commands ip dhcp 7 90 ip dhcp This command enables the access point to obtain an IP address from a DHCP server Use the no form to restore the defaul...

Page 243: ...lex This command configures the speed and duplex mode of a given interface when autonegotiation is disabled Use the no form to restore the default Syntax speed duplex auto 10MH 10MF 100MF 100MH auto autonegotiate speed and duplex mode 10MH Forces 10 Mbps half duplex operation 10MF Forces 10 Mbps full duplex operation 100MH Forces 100 Mbps half duplex operation 100MF Forces 100 Mbps full duplex ope...

Page 244: ...ble the Ethernet port due to abnormal behavior e g excessive collisions and reenable it after the problem has been resolved You may also want to disable the Ethernet port for security reasons Example The following example disables the Ethernet port Enterprise AP if ethernet shutdown Enterprise AP if ethernet show interface ethernet This command displays the status for the Ethernet interface Syntax...

Page 245: ...face configuration mode IC W 7 95 speed Configures the maximum data rate at which the access point transmits unicast packets IC W 7 96 turbo Configures turbo mode to use a faster data rate IC W a 7 96 multicast data rate Configures the maximum rate for transmitting multicast packets on the wireless interface IC W 7 97 channel Configures the radio channel IC W 7 98 transmit power Adjusts the power ...

Page 246: ...roprietary Super G performance enhancements IC W b g 7 106 description Adds a description to the wireless interface IC W VAP 7 107 ssid Configures the service set identifier IC W VAP 7 107 closed system Opens access to clients without a pre configured SSID IC W VAP 7 108 max association Configures the maximum number of clients that can be associated with the access point at the same time IC W VAP ...

Page 247: ...To specify the 802 11a interface enter the following command Enterprise AP config interface wireless a Enterprise AP if wireless a vap This command provides access to the VAP Virtual Access Point interface configuration mode Syntax vap vap id vap id The number that identifies the VAP interface Options 0 3 Default Setting None Command Mode Interface Configuration Wireless Example Enterprise AP if w...

Page 248: ... to the table for maximum distances on page C 6 When turbo mode is enabled page 7 107 for 802 11a the effective maximum speed specified by this command is double the entered value e g setting the speed to 54 Mbps limits the effective maximum speed to 108 Mbps Example Enterprise AP if wireless g speed 6 Enterprise AP if wireless g turbo This command sets the access point to an enhanced proprietary ...

Page 249: ...d to 40 MHz to support the increased data rate However this reduces the number of channels supported e g 5 channels for the United States Example Enterprise AP if wireless a turbo Enterprise AP if wireless a multicast data rate This command configures the maximum data rate at which the access point transmits multicast and management packets excluding beacon packets on the wireless interface Syntax...

Page 250: ...number of channels that are available When multiple access points are deployed in the same area be sure to choose a channel separated by at least two channels for 802 11a to avoid having the channels interfere with each other and at least five channels for 802 11b g You can deploy up to four access points in the same area for 802 11a e g channels 36 56 149 165 and three access points for 802 11b g...

Page 251: ...operating mode for the 802 11g wireless interface Syntax radio mode b g b g b b only mode Both 802 11b and 802 11g clients can communicate with the access point but 802 11g clients can only transfer data at 802 11b standard rates up to 11 Mbps g g only mode Only 802 11g clients can communicate with the access point up to 54 Mbps b g b g mixed mode Both 802 11b and 802 11g clients can communicate w...

Page 252: ...g Sets the preamble to short if no 802 11b clients are detected 96 microseconds Default Setting Short or Long Command Mode Interface Configuration Wireless 802 11b g Command Usage Using a short preamble instead of a long preamble can increase data throughput on the access point but requires that all clients can support a short preamble Set the preamble to long to ensure the access point can suppor...

Page 253: ...optional external antenna that is connected to the right antenna connector Default Setting Diversity Command Mode Interface Configuration Wireless Command Usage The antenna ID must be selected in conjunction with the antenna control method to configure proper use of any of the antenna options Example Enterprise AP if wireless g antenna control right Enterprise AP if wireless g antenna id This comm...

Page 254: ...is indicated as id 0x0000 module NA Example Enterprise AP if wireless g antenna id id 0x0000 module NA id 0x0106 module ACC04 050090 Directional Panel Ant id 0x0107 module ACC04 05028A Omni Directional Ant id 0x0108 module ACC04 05427A Omni Directional Ant id 0x0109 module ACC04 053830 0 Degree Sector Ant Enterprise AP if wireless g antenna id 0000 Enterprise AP if wireless g antenna location This...

Page 255: ...f wireless g dtim period This command configures the rate at which stations in sleep mode must wake up to receive broadcast multicast transmissions Syntax dtim period interval interval Interval between the beacon frames that transmit broadcast or multicast traffic Range 1 255 beacon frames Default Setting 1 Command Mode Interface Configuration Wireless Command Usage The Delivery Traffic Indication...

Page 256: ...ength Minimum packet size for which fragmentation is allowed Range 256 2346 bytes Default Setting 2346 Command Mode Interface Configuration Wireless Command Usage If the packet size is smaller than the preset Fragment size the packet will not be segmented Fragmentation of the PDUs Package Data Unit can increase the reliability of transmissions because it increases the probability of a successful t...

Page 257: ...ds RTS signals If set to 2347 the access point never sends RTS signals If set to any other value and the packet size equals or exceeds the RTS threshold the RTS CTS Request to Send Clear to Send mechanism will be enabled The access point sends RTS frames to a receiving station to negotiate the sending of a data frame After receiving an RTS frame the station sends a CTS frame to notify the sending ...

Page 258: ...ns to Atheros compatible clients Example Enterprise AP if wireless a super a Enterprise AP if wireless a super g This command enables Atheros proprietary Super G performance enhancements Use the no form to disable this function Syntax no super g Default Setting Disabled Command Mode Interface Configuration Wireless 802 11g Command Usage These enhancements include bursting compression fast frames a...

Page 259: ...ise AP if wireless g VAP 0 description RD AP 3 Enterprise AP if wireless g VAP 0 ssid This command configures the service set identifier SSID Syntax ssid string string The name of a basic service set supported by the access point Range 0 7 characters Default Setting 802 11a Radio VAP_TEST_11A 0 to 3 802 11g Radio VAP_TEST_11G 0 to 3 Command Mode Interface Configuration Wireless VAP Command Usage C...

Page 260: ...on messages Nor will it respond to probe requests from clients that do not include a fixed SSID Example Enterprise AP if wireless g VAP 0 closed system Enterprise AP if wireless g max association This command configures the maximum number of clients that can be associated with the access point at the same time Syntax max association count count Maximum number of associated stations Range 0 64 Defa...

Page 261: ...ss g VAP 0 association timeout interval 20 Enterprise AP if wireless g VAP 0 auth timeout value This command configures the time interval within which clients must complete authentication to the VAP interface Syntax auth timeout value minutes minutes The number of minutes before re authentication Range 5 60 Default Setting 60 Command Mode Interface Configuration Wireless VAP Example Enterprise AP ...

Page 262: ...e enabled Command Mode Interface Configuration Wireless VAP Command Usage You must first enable VAP interface 0 before you can enable VAP interfaces 1 2 3 4 5 6 or 7 Example Enterprise AP if wireless g VAP 0 shutdown Enterprise AP if wireless g 7 110 ...

Page 263: ...ion Method CTS only Transmit Power FULL 16 dBm Max Station Data Rate 54Mbps Multicast Data Rate 5 5Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs Authentication Timeout Interval 60 Mins Association Timeout Interval 30 Mins DTIM Interval 1 beacon Preamble Length LONG Maximum Association 64 stations MIC Mode Software Super G Disabled VLAN ID 1 Security Close...

Page 264: ...FSN 3 Admission Control No TXOP Limit 0 000 ms AC1 Background logCwMin 4 logCwMax 10 AIFSN 7 Admission Control No TXOP Limit 0 000 ms AC2 Video logCwMin 3 logCwMax 4 AIFSN 2 Admission Control No TXOP Limit 3 008 ms AC3 Voice logCwMin 2 logCwMax 3 AIFSN 2 Admission Control No TXOP Limit 1 504 ms WMM AP Parameters AC0 Best Effort logCwMin 4 logCwMax 6 AIFSN 3 Admission Control No TXOP Limit 0 000 ms...

Page 265: ...P 0 802 11a Channel 60 No 802 11a Channel Stations if wireless G VAP 0 802 11g Channel 1 802 11g Channel Station Table Station Address 00 04 23 94 9A 9C VLAN ID 0 Authenticated Associated Forwarding KeyType TRUE FALSE FALSE NONE Counters pkts Tx Rx bytes Tx Rx 20 0 721 0 Time Associated LastAssoc LastDisAssoc LastAuth 0 0 0 0 if wireless G VAP 1 802 11g Channel 1 No 802 11g Channel Stations Enterp...

Page 266: ...age rogue ap enable Enables the periodic detection of other nearby access points GC 7 114 rogue ap authenticate Enables identification of all access points GC 7 115 rogue ap duration Sets the duration that all channels are scanned GC 7 116 rogue ap interval Sets the time between each scan GC 7 116 rogue ap scan Forces an immediate scan of all radio channels GC 7 117 show rogue ap Shows the current...

Page 267: ... command forces the unit to authenticate all access points on the network Use the no form to disable this function Syntax no rogue ap authenticate Default Setting Disabled Command Mode Interface Configuration Wireless Command Usage Enabling authentication in conjunction with a database of approved access points stored on a RADIUS server allows the access point to discover rogue APs With authentica...

Page 268: ... A long scan duration time will detect more access points in the area but causes more disruption to client access Example Enterprise AP if wireless g rogue ap duration 200 Enterprise AP if wireless g Related Commands rogue ap interval 7 116 rogue ap interval This command sets the interval at which to scan for access points Syntax rogue ap interval minutes minutes The interval between consecutive s...

Page 269: ...ion Wireless Command Usage While the access point scans a channel for rogue APs wireless clients will not be able to connect to the access point Therefore avoid frequent scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue AP Example Enterprise AP if wireless g rogue ap scan Enterprise AP if wireless g rogueApDetect Compl...

Page 270: ...s section configure parameters for wireless security on the 802 11a and 802 11g interfaces Table 7 19 Wireless Security Commands Command Function Mode Page auth Defines the 802 11 authentication type allowed by the access point IC W VAP 7 122 encryption Defines whether or not WEP encryption is used to provide privacy for wireless communications IC W VAP 7 121 key Sets the keys used for WEP encrypt...

Page 271: ... on a shared key that has been distributed to all stations wpa Clients using WPA are accepted for authentication wpa psk Clients using WPA with a Pre shared Key are accepted for authentication wpa2 Clients using WPA2 are accepted for authentication wpa2 psk Clients using WPA2 with a Pre shared Key are accepted for authentication wpa wpa2 mixed Clients using WPA or WPA2 are accepted for authenticat...

Page 272: ...e available in the wired network If a WPA WPA2 Pre shared Key mode is selected WPA PSK WPA2 PSK or WPA WPA2 PSK mixed the key must first be generated and distributed to all wireless clients before they can successfully associate with the access point Use the wpa preshared key command to configure the key see key on page 77 122 and transmit key on page 77 123 WPA2 defines a transitional mode of ope...

Page 273: ...this device to prevent unauthorized access to your wireless network For more secure data transmissions enable encryption with this command and set at least one static WEP key with the key command The WEP settings must be the same on each client in your wireless network Note that WEP protects data transmitted between wireless nodes but does not protect any transmissions over your wired network or o...

Page 274: ...Command Usage To enable Wired Equivalent Privacy WEP use the auth shared key command to select the shared key authentication type use the key command to configure at least one key and use the transmit key command to assign a key to one of the VAP interfaces If WEP option is enabled all wireless clients must be configured with the same shared keys to communicate with the access point The encryption...

Page 275: ...a signals that it sends to client devices Other keys can be used for decryption of data from clients When using IEEE 802 1X the access point uses a dynamic key to encrypt unicast and broadcast messages to 802 1X enabled clients However because the access point sends the keys during the 802 1X authentication process these keys do not have to appear in the client s key list In a mixed mode environme...

Page 276: ...ients supported by the access point are not WPA enabled the multicast cipher algorithm must be set to WEP WEP is the first generation security protocol used to encrypt data crossing the wireless medium using a fairly short key Communicating devices must use the same WEP key to encrypt and decrypt radio signals WEP has many security flaws and is not recommended for transmitting highly sensitive dat...

Page 277: ... command specifies how to calculate the Message Integrity Check MIC Syntax mic_mode hardware software hardware Uses hardware to calculate the MIC software Uses software to calculate the MIC Default Setting software Command Mode Interface Configuration Wireless Command Usage The Michael Integrity Check MIC is part of the Temporal Key Integrity Protocol TKIP encryption used in Wi Fi Protected Access...

Page 278: ...d Usage To support WPA or WPA2 for client authentication use the auth command to specify the authentication type and use the wpa preshared key command to specify one static key If WPA or WPA2 is used with pre shared key mode all wireless clients must be configured with the same pre shared key to communicate with the access point s VAP interface Example Enterprise AP if wireless g VAP 0 wpa pre sha...

Page 279: ...AP 0 wpa pre shared key ASCII agoodsecret Enterprise AP if wireless g VAP 0 pre authentication This command enables WPA2 pre authentication for fast secure roaming Syntax pre authentication enable disable enable Enables pre authentication for the VAP interface disable Disables pre authentication for the VAP interface Default Setting Disabled Command Mode Interface Configuration Wireless VAP Comman...

Page 280: ...twork If the access point detects that the connection to the host has failed it disables the radio interfaces forcing clients to find and associate with another access point When the connection to the host is restored the access point re enables the radio interfaces Table 7 20 Link Integrity Commands Command Function Mode Page link integrity ping detect Enables link integrity detection GC 7 129 li...

Page 281: ...number of failed responses either the host does not respond or is unreachable exceeds the limit set by the link integrity ping fail retry command the link is determined as lost Example Enterprise AP config link integrity ping detect Enterprise AP config link integrity ping host This command configures the link host name or IP address Use the no form to remove the host setting Syntax link integrity...

Page 282: ...This command configures the number of consecutive failed Ping counts before the link is determined as lost Syntax link integrity ping fail retry counts counts The number of failed Ping counts before the link is determined as lost Range 1 10 Default Setting 6 Command Mode Global Configuration Example Enterprise AP config link integrity ping fail retry 10 Enterprise AP config link integrity ethernet...

Page 283: ...Detect SUCCESS RADIO S ENABLED Enterprise AP config show link integrity This command displays the current link integrity configuration Command Mode Exec Example Enterprise AP show link integrity Link Integrity Information Ethernet Detect Enabled Ping Detect Enabled Target IP Name 192 168 0 140 Ping Fail Retry 6 Ping Interval 30 Enterprise AP 7 131 ...

Page 284: ...g between different 802 11f compliant access points Use the no form to disable 802 11f signaling Syntax no iapp Default Enabled Command Mode Global Configuration Command Usage The current 802 11 standard does not specify the signaling required between access points in order to support clients roaming from one access point to another In particular this can create a problem for clients roaming betwe...

Page 285: ... not include a VLAN tag To maintain network connectivity to the access point and wireless clients be sure that the access point is connected to a device port on a wired network that supports IEEE 802 1Q VLAN tags The VLAN commands supported by the access point are listed below Table 7 21 VLAN Commands Command Function Mode Page vlan Enables a single VLAN for all traffic GC 7 133 management vlanid ...

Page 286: ...AN ID for the access point Syntax management vlanid vlan id vlan id Management VLAN ID Range 1 4094 Default Setting 1 Command Mode Global Configuration Command Usage The management VLAN is for managing the access point For example the access point allows traffic that is tagged with the specified VLAN to manage the access point via remote management SSH SNMP Telnet etc Example Enterprise AP config ...

Page 287: ...prise AP if wireless g VAP 0 vlan id 3 Enterprise AP if wireless g VAP 0 WMM Commands The access point implements QoS using the Wi Fi Multimedia WMM standard Using WMM the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time WMM employs techniques that are a subset of the developing IEEE 802 11e QoS s...

Page 288: ... if wireless a wmm required Enterprise AP if wireless a wmm acknowledge policy This command allows the acknowledgement wait time to be enabled or disabled for each Access Category AC Syntax wmm acknowledge policy ac_number ack noack ac_number Access categories Range 0 3 ack Require the sender to wait for an acknowledgement from the receiver noack Does not require the sender to wait for an acknowle...

Page 289: ...1D priority tags as shown in Table 6 1 Range 0 3 LogCwMin Minimum log value of the contention window This is the initial upper limit of the random backoff wait time before wireless medium access can be attempted The initial wait time is a random value between zero and the LogCwMin value Specify the LogCwMin value Note that the LogCwMin value must be equal or less than the LogCwMax value Range 1 15...

Page 290: ...Voice LogCwMin 4 4 3 2 LogCwMax 10 10 4 3 AIFS 3 7 2 2 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled BSS Parameters WMM Parameters AC0 Best Effort AC1 Background AC2 Video AC3 Voice LogCwMin 4 4 3 2 LogCwMax 6 10 4 3 AIFS 3 7 1 1 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled Command Mode Interface Configuration Wireless Example Enterprise A...

Page 291: ... Set ESS are configured to the same SSID and authentication method 2 If the access point cannot be configured using the Telnet a web browser or SNMP software Be sure to have configured the access point with a valid IP address subnet mask and default gateway If VLANs are enabled on the access point the management station should be configured to send tagged frames with a VLAN ID that matches the acc...

Page 292: ... parity and 9600 bps Check that the null modem serial cable conforms to the pin out connections provided on page B 3 4 If you forgot or lost the password Contact your dealer for help 5 If all other recovery measure fail and the access point is still not functioning properly take any of these steps Reset the access point s hardware using the console interface web interface or through a power reset ...

Page 293: ...e following figure illustrates how the pins on the RJ 45 connector are numbered Be sure to hold the connectors in the same orientation when attaching the wires to the pins 8 8 1 1 10 100BASE TX Pin Assignments Use unshielded twisted pair UTP or shielded twisted pair STP cable for RJ 45 connections 100 ohm Category 3 or better cable for 10 Mbps connections or 100 ohm Category 5 or better cable for ...

Page 294: ... pair Straight Through Wiring Because the 10 100 Mbps port on the access point uses an MDI pin configuration you must use straight through cable for network connections to hubs or switches that only have MDI X ports However if the device to which you are connecting supports auto MDIX operation you can use either straight through or crossover cable EIA TIA 568B RJ 45 Wiring Standard 10 100BASE TX S...

Page 295: ... White Orange Stripe Orange 1 End A 2 3 4 5 6 7 8 White Green Stripe Blue White Blue Stripe Green White Brown Stripe 1 2 End B 3 4 5 6 7 8 Brown 8 Pin DIN Connector Pinout The Ethernet cable from the power injector connects to an 8 pin DIN connector on the wireless bridge This connector is described in the following figure and table 2 1 3 7 4 8 5 6 8 Pin DIN Ethernet Port Pinout Pin Signal Name 1 ...

Page 296: ...ry 5 or better UTP or STP cable maximum length 100 m 328 ft and be sure to connect all four wire pairs Note To construct a reliable Ethernet cable always use the proper tools or ask a professional cable supplier to construct the cable White Orange Stripe 8 Pin DIN 1 Female 2 3 4 5 6 7 8 1 2 7 3 6 8 5 4 8 Pin DIN Female Front View Orange White Green Stripe Blue White Blue Stripe Green White Brown S...

Page 297: ... 1 11 Maximum Clients 64 per VAP interface Operating Range See Antenna Specifications on page C 6 Data Rate See Antenna Specifications on page C 6 802 11a Normal Mode 6 9 12 18 24 36 48 54 Mbps per channel Turbo Mode 12 18 24 36 48 54 96 108 Mbps per channel 802 11g 6 9 11 12 18 24 36 48 54 Mbps per channel 802 11b 1 2 5 5 11 Mbps per channel Modulation Type 802 11a BPSK QPSK 16 QAM 64 QAM 802 11g...

Page 298: ...8 VDC 1 2 A Power consumption 13 2 watts Unit Power Supply PoE input 48 VDC 0 6 A maximum Power consumption 28 watts maximum Physical Size 19 5 x 19 x 7 4 cm 7 68 x 7 48 x 2 91 in Weight 1 54 kg 3 4 lbs LED Indicators PWR Power Link Ethernet Link Activity 11a and 11g Wireless Link Activity Network Management Web browser RS232 console Telnet SSH SNMP Temperature Operating 40 to 60 C 40 to 140 F non...

Page 299: ...15E 15 407 11a Full range Wi Fi DGT TELEC RSS210 Canada C Tick Electromagnetic Compatibility CE Class B EN55022 CE EN55024 IEC61000 3 2 IEC61000 3 3 IEC61000 4 2 IEC61000 4 3 IEC61000 4 4 IEC61000 4 5 IEC61000 4 6 IEC61000 4 8 IEC61000 4 11 FCC Class B Part 15 VCCI Class B ICES 003 Canada Standards IEEE 802 3 10BASE T IEEE 802 3u 100BASE TX IEEE 802 11a b g C 3 ...

Page 300: ... QPSK 12 Mbps 88 87 87 87 QPSK 18 Mbps 85 85 85 84 16 QAM 24 Mbps 81 81 83 80 16 QAM 36 Mbps 78 78 79 77 64 QAM 48 Mbps 73 73 74 71 64QAM 54 Mbps 71 71 72 67 Table C 2 Sensitivity 802 11g Data Rate Sensitivity dBm 6 Mbps 91 9 Mbps 90 12 Mbps 89 17 Mbps 88 24 Mbps 84 36 Mbps 80 48 Mbps 75 54 Mbps 73 Table C 3 Sensitivity 802 11b Data Rate Sensitivity dBm 1 Mbps 96 2 Mbps 93 5 5 Mbps 93 11 Mbps 90 C...

Page 301: ...17 48 Mbps 17 5 17 17 16 5 54 Mbps 17 5 17 16 5 15 Table C 5 Transmit Power 802 11g IEEE 802 11g Maximum Output Power GHz dBm Data Rate 2 412 2 417 2 467 2 472 6 Mbps 20 20 20 9 Mbps 20 20 20 12 Mbps 20 20 20 18 Mbps 20 20 20 24 Mbps 20 20 20 36 Mbps 19 19 18 5 48 Mbps 19 19 18 5 54 Mbps 18 18 18 Table C 6 Transmit Power 802 11b IEEE 802 11b Maximum Output Power GHz dBm Data Rate 2 412 2 417 2 467...

Page 302: ...n Linear vertical horizontal HPBW Horizontal 15 Vertical 15 Front to Back Ratio 26 dB Power Handling 50 W cw Impedance 50 Ohms Connector N female Radome Material Powder coated iron Color White Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 3 6 x 3 6 x 0 16 cm diameter 1 4 x 1 4 x 0 062 in Weight 1600g 3 52 lbs C 6 ...

Page 303: ...BW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N type female Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 52 x 1 9 cm diameter 20 47 x 0 75 in Weight 340 g 0 75 lbs Antenna Specifications C C 7 ...

Page 304: ...ion Linear vertical HPBW Linear 120 Vertical 15 Downtilt 0 Power Handling 5 W cw Impedance 50 Ohms Connector N Jack Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 75 x 8 8 x 7 cm 29 5 x 3 46 x 2 75 in Weight 670 g 1 47 lbs C 8 ...

Page 305: ...tical HPBW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N plug Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 51 x 2 1 cm 20 x 0 83 in Weight 170 g 0 37 lbs Antenna Specifications C C 9 ...

Page 306: ...zation Linear vertical HPBW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N plug Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 2 2 x 3 25 cm 0 866 x 1 279 in Weight 110 g 0 242 lbs C 10 ...

Page 307: ...ertical HPBW Horizontal 120 Vertical 6 Downtilt 0 Power Handling 5 W cw Impedance 50 Ohms Connector N type female Radome Material ABS Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 25 C Mechanical Dimensions 62 x 8 8 x 7 cm 24 41 x 3 46 x 2 76 in Weight 555 g 1 223 lbs Antenna Specifications C C 11 ...

Page 308: ...r vertical HPBW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N type female Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 7 7 x 8 x 3 73 cm diameter 3 07 x 3 149 x 1 47 in Weight 227g 0 5 lbs C 12 ...

Page 309: ... Vertical 9 Front to Back Ratio 30 dB Cross Polarization 25 dB Power Handling 20 W cw Impedance 50 Ohms Connector N type female Radome Material ABS UV resistant Color White Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 25 C Mechanical Dimensions 32 x 32 x 1 8 cm 12 95 x 14 17 x 0 7 in Weight 1200 g 2 65 lbs Antenna Specifications C C 13 ...

Page 310: ...zation Linear vertical HPBW Horizontal 360 Vertical 15 Downtilt 0 Power Handling 10 W cw Impedance 50 Ohms Connector N plug Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 2 2 x 3 25 cm 0 866 x 1 279 in Weight 110 g 0 242 lbs C 14 ...

Page 311: ... HPBW Horizontal 360 Vertical 12 Downtilt 0 Power Handling 5W cw Impedance 50 Ohms Connector N plug Radome Material Fiber glass Color Gray white Environmental Survival Wind Speed 216 km hr Temperature 40 C to 80 C Humidity 95 55 C Mechanical Dimensions 8 x 7 8 x 3 73 cm 3 15 x 3 X 1 49in Weight 227g 0 5 lbs Antenna Specifications C C 15 ...

Page 312: ...C Specifications C 16 ...

Page 313: ...erät anhand folgender Schritte mit der Montagehalterung an einen Stahlmast oder eine Stahlröhre mit einem Durchmesser von 1 5 bis 2 Zoll 1 Befestigen Sie die Halterung immer so an einen Mast dass das offene Ende der Montagerillen nach oben weist 2 Legen Sie den V förmigen Teil der Halterung um den Mast und ziehen Sie die Befestigungsmuttern gerade so fest an dass sie die Halterung am Mast festhalt...

Page 314: ...n Sie die Ränder der V förmigen Halterung in die Aussparungen in der rechteckigen Platte und ziehen Sie die Muttern fest an Schlitze 4 Befestigen Sie die verstellbare rechteckige Platte mit den beigefügten Schrauben an der Bridge D 2 ...

Page 315: ...lben Polarisierung montiert werden Verwenden der Halterung fü r Wandmontage Montieren Sie das Gerät anhand folgender Schritte mit der Halterung für Wandmontage an eine Wand Achtung Die Halterung für Wandmontage ist nicht dafür vorgesehen dass die integrierte Antenne der drahtlosen Bridge ausgerichtet werden kann Sie ist für die Geräteverwendung mit einer externen Antenne gedacht 1 Befestigen Sie d...

Page 316: ... die Positionen der drei Löcher für die Montageschrauben 3 Bohren Sie drei Löcher in die Wand passend zu den Schrauben und den Dübeln die der Halterung beigelegt sind und befestigen Sie die Halterung an der Wand 4 Befestigen Sie die drahtlose Bridge mit den beigefügten Muttern an der Halterung D 4 ...

Page 317: ...n Bridge Link eine 5 0 GHz Antenne und ein Zugriffspunkt eine 2 4 GHz Antenne WA6202A AM Geräte die als verwaltete Zugriffspunkte fungieren benötigen auch eine externe Antenne für 2 4 GHz Betrieb Führen Sie folgende Schritte aus 1 Montieren Sie die externe Antenne innerhalb eines Abstands von 3 m 10 Fuß mit der Halterung die der Antenne mitgeliefert ist an derselben Stützstruktur wie die Bridge 2 ...

Page 318: ...egen Regen oder Feuchtigkeit den Ethernet Anschluss mit wasserdichtem Klebeband nicht mitgeliefert 3 Achten Sie darauf das Gerät mit einer passenden Erdungsleitung nicht mitgeliefert zu erden indem Sie die Leitung an der Erdungsschraube am Gerät anbringen Achtung Vergewissern Sie sich dass ein Schutzleiter verfügbar ist und dass er den örtlichen und staatlichen Vorschriften für elektrische Anlagen...

Page 319: ...er IEEE 802 3af PoE verfügt Schließen Sie das Gerät immer an das mitgelieferte Injector Modul für Stromversorgung an 1 Verbinden Sie das Ethernet Kabel von der drahtlosen Bridge mit dem RJ 45 Anschluss am Injector Modul der mit Output Ausgang gekennzeichnet ist 2 Verbinden Sie ein durchgehendes nicht abgeschirmtes UTP Kabel von einem lokalen LAN Switch mit dem RJ 45 Anschluss am Injector Modul der...

Page 320: ...en Sie das andere Ende der Netzleitung mit einer geerdeten 3 poligen Netzstromquelle Hinweis Bei internationaler Verwendung müssen Sie eventuell die Netzleitung austauschen Sie müssen eine Netzleitung verwenden die für den Steckdosentyp in Ihrem Land geprüft und abgenommen ist 3 Prüfen Sie die LED oben auf dem Injector Modul um sich zu vergewissern dass die drahtlose Bridge über die Ethernet Verbi...

Page 321: ...ithm that implements symmetric key cryptography AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP Authentication The process to verify the identity of a client requesting network access IEEE 802 11 specifies two forms of authentication open system and shared key Backbone The core infrastructure of a network The portion of the network that transpor...

Page 322: ...S More than one wireless cell can be configured with the same Service Set Identifier to allow mobile users can roam between different cells with the Extended Service Set Extensible Authentication Protocol EAP An authentication protocol used to authenticate network clients EAP is combined with IEEE 802 1X port authentication and a RADIUS authentication server to provide mutual authentication betwee...

Page 323: ...ess signaling required to ensure the successful handover of wireless clients roaming between different 802 11f compliant access points Local Area Network LAN A group of interconnected computer and support devices MAC Address The physical layer address used to uniquely identify network nodes Network Time Protocol NTP NTP provides the mechanisms to synchronize time across the network The time server...

Page 324: ...abled Service Set Identifier SSID An identifier that is attached to packets sent over the wireless LAN and functions as a password for joining a particular radio cell i e Basic Service Set BSS Session Key Session keys are unique to each client and are used to authenticate a client connection and correlate traffic passing between a specific client and the access point Shared Key A shared key can be...

Page 325: ...rum Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same LAN Wi Fi Protected Access WPA employs 802 1X as its basic framework for user...

Page 326: ...Glossary Glossary 6 ...

Page 327: ...1 configuration settings saving or restoring 6 31 7 56 configuration initial setup 5 1 console port required settings 5 1 country code configuring 5 3 7 12 crossover cable B 3 CSMA CA 1 1 CTS 6 63 7 105 D data rate options C 1 device status displaying 6 90 7 23 DHCP 6 5 7 89 7 90 DNS 6 6 7 89 Domain Name Server See DNS downloading software 6 29 7 56 DTIM 6 62 7 103 Dynamic Host Configuration Proto...

Page 328: ... M MAC address authentication 6 13 7 69 7 70 maximum associated clients 6 60 maximum data rate 7 97 802 11a interface 7 97 802 11g interface 7 97 MDI RJ 45 pin configuration 1 6 N network topologies infrastructure 2 2 infrastructure for roaming 2 3 O OFDM 1 1 open system 6 73 7 108 operating frequency C 2 P package checklist 1 2 password configuring 6 28 6 29 6 31 7 15 management 6 28 6 29 6 31 7 ...

Page 329: ...us 6 93 7 113 status displaying device status 6 90 7 23 displaying station status 6 93 7 113 straight through cable B 2 system clock setting 6 35 7 35 system log enabling 6 33 7 29 server 6 33 7 29 system software downloading from server 6 29 7 56 T Telnet for managenet access 7 1 Temporal Key Integrity Protocol See TKIP time zone 6 36 7 36 TKIP 6 83 transmit power configuring 6 60 7 98 trap desti...

Page 330: ...Index Index 4 ...

Page 331: ......

Page 332: ...Model Number WA6202A WA6202AM Pub Number 149100034900E E112006 DT R01 ...

Reviews:

No comments

Related manuals for WA6202A

OBERON 1020 Installation Tips preview
1020
Brand: OBERON Pages: 5
Ubiquiti Bullet Quick Setup Manual preview
Bullet
Brand: Ubiquiti Pages: 36
OBERON 1041 Installation Manual preview
1041
Brand: OBERON Pages: 2
extronics iWAP300 Installation & Operating Manual preview
iWAP300
Brand: extronics Pages: 18
FS AP-D1200 Quick Installation Manual preview
AP-D1200
Brand: FS Pages: 12
Global Telecom MiFi 8000 Reference Manual preview
MiFi 8000
Brand: Global Telecom Pages: 5
Hootoo HT-TM01 TripMate User Manual preview
HT-TM01 TripMate
Brand: Hootoo Pages: 47
Ruckus Wireless ZoneFlex series Installation Manual preview
ZoneFlex series
Brand: Ruckus Wireless Pages: 68
Zonet ZSR1124WE User Manual preview
ZSR1124WE
Brand: Zonet Pages: 51
peplink PePLink Surf User Manual preview
PePLink Surf
Brand: peplink Pages: 30
Netis WF-2409B Quick Installation Manual preview
WF-2409B
Brand: Netis Pages: 16
Linksys WAP11 v2.2 User Manual preview
WAP11 v2.2
Brand: Linksys Pages: 16
LG ARND20BDAR2 Installation And Operation Manual preview
ARND20BDAR2
Brand: LG Pages: 56
LG LCB-003 Manual preview
LCB-003
Brand: LG Pages: 10
LG PWFMDD201 User Manual preview
PWFMDD201
Brand: LG Pages: 20
LG LCWB-001 User Manual preview
LCWB-001
Brand: LG Pages: 14
LG GoldStream LR3001 System Manual preview
GoldStream LR3001
Brand: LG Pages: 89
LG CR820 User Manual preview
CR820
Brand: LG Pages: 104

Brands by name

Popular brands

Load more brands