background image

35

„

Disable

—The access point does not monitor the wired network, and 

therefore, the radio interface does not shut down due to a broken Ethernet 
link. This is the default setting.

„

Enable

—The access point monitors the Ethernet link and shuts down radios if 

the link is broken.

„

Host PING Enable

—When enabled, the access point periodically PINGs a 

target host on the network to determine the status of the Ethernet link. IP 
settings must be configured correctly for the PING to work. When disabled, 
only the physical Ethernet link is checked.

„

Target IP Address—Enter the IP address of the reference check target. The 
target must be on the Ethernet network and may not be a wireless station.

„

PING Interval—Enter the time interval (in milliseconds) between PINGs to the 
reference target, if enabled.

„

Number of retries—This is the number of failed PINGs to the reference target 
that the access point will accept before if shuts down the radios.

RADIUS

The RADIUS page lets you define servers to be used for authentication and 
accounting. 

RADIUS (Remote Access Dial-In User Service) is a login authentication protocol 
that uses software running on a central AAA (Access, Authentication, and 
Accounting) server to control access to RADIUS-compliant devices on the 
network. There are no special settings on the access point to distinguish between 
the various RADIUS policies or authentication types (for example EAP-MD5, 
EAP-TLS, EAP-TTLS). These policies are setup and controlled on the AAA server. 
Note that for most RADIUS software packages, the access point is actually called 
the “RADIUS client” and has a shared secret or secret key corresponding to the 
RADIUS setup page (see 

KEY

 parameter below).

The access point can send connection parameters to a RADIUS server, as well as 
statistics for accounting purposes. The access point is compatible with RFC2866 
(the RADIUS Accounting specification).

Configuring a secondary RADIUS server provides a backup in case the primary 
server fails. The access point uses the secondary server if a failure is detected in 
the primary server. Once the access point switches over to the secondary 
authentication server, it periodically attempts to establish communication again 
with the primary authentication server. Once communication is established, the 
secondary authentication server reverts back to a backup server. 

Содержание 8250

Страница 1: ...http www 3com com support en_US productreg frontpg User Guide Wireless LAN Access Points 8250 8750 8850 3CRWE825075A 3CRWE875075A 3CRWE885075A Models WL 450 WL 463 WL 464 Part No DUA82507 5AAA01 Publ...

Страница 2: ...opy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the fo...

Страница 3: ...N for Roaming Wireless PCs 8 Advanced Network Configuration and Planning 9 Public Private Access Point Service 9 Remote Building Wireless Access with the AP8850 9 Remote Building Wireless Access with...

Страница 4: ...izard 31 Configuration Login 31 Setting the Country Code 31 Basic Setup 32 Advanced Setup 33 Identification 33 TCP IP Settings 33 DHCP Client 33 Web Servers 34 Smart Monitor 34 RADIUS 35 Authenticatio...

Страница 5: ...ing Virtual Access Point VAP 54 Changing Radio Settings 56 Security 58 Selecting a Virtual Access Point VAP 58 Configuring Authentication 58 Configuring Encryption 58 WPA Configuration 59 WEP Configur...

Страница 6: ......

Страница 7: ...providing wireless network access in remote buildings With their flexibility and unfettered access wireless LANs are changing the way people work Now with 3Com s enterprise class wireless access poin...

Страница 8: ...enterprise class access point in an 802 11g and an 802 11a WDS bridge SECURITY 3Com offers one of the most robust suite of standards based security on the market today To protect sensitive data broadc...

Страница 9: ...l G Radio Support Dual G Radio support allows you to install two 802 11g radios in the same device providing local access point service on one radio and a full bandwidth WDS bridge on the other radio...

Страница 10: ...nconvenience that may hinder wire installations A WDS link can be used in a simple point to point link a complex point to multipoint link or a multilayer topology Point to Point WDS Link The following...

Страница 11: ...o simplify bulk updates With Power over Ethernet PoE support the same Category 5 cable that connects your access point to the data network also provides its power A single cable installation dramatica...

Страница 12: ...t is at an entirely different radio spectrum it is not compatible with 802 11g The higher spectrum provides about 50 meters 164 feet of coverage about half what 802 11g offers Consider 802 11a when yo...

Страница 13: ...or a branch office or SOHO operation INFRASTRUCTURE WIRELESS LAN The access point can also provide access to a wired LAN for wireless workstations An integrated wired wireless LAN is called an infrast...

Страница 14: ...connect A wireless infrastructure can also support roaming for mobile workers More than one access point can be configured to create an Extended Service Set ESS By placing the access points so that a...

Страница 15: ...ess Point is configured to support one SSID that is broadcast with no security The second Virtual Access Point is configured with a different private SSID that is not broadcast The private SSID should...

Страница 16: ...5A Ultra Low Loss Cable 3CWE580 or 3CWE581 or 3CWE582 6 8 Dual Band Omnidirectional Antenna 3CWE591 Each Remote Location Child Bridge 802 11a g Bridging Access Point 3CRWE885075A Ultra Low Loss Cable...

Страница 17: ...tenna The remote bridges are configured as Child Bridges and use an 8 dBi directional antenna 3CWE495 which is aimed at the Root Bridge Because the WDS radio and the local access point radio are opera...

Страница 18: ...E825075A or 3CRWE725075A Ultra Low Loss Cable 3CWE580 or 3CWE581 or 3CWE582 8 dBi Omnidirectional Antenna 3CWE491 Each Remote Location Child Bridge AP8250 3CRWE825075A 802 11g Upgrade Kit 3CRWEGMOD75A...

Страница 19: ...SMA CA Carrier Sense Multiple Access with Collision Avoidance EAP Extensible Authentication Protocol which provides a generalized framework for several different authentication methods ESS Extended Se...

Страница 20: ...of hosts that are on physically different segments but that communicate as though they were on the same segment WEP Wired Equivalent Privacy is based on the use of security keys and the popular RC4 e...

Страница 21: ...anchors for drywall mounting If you do not have IEEE 802 3af power over Ethernet LAN equipment use the 3Com Integrated Power over Ethernet power supply that comes with the access point If your LAN eq...

Страница 22: ...his document refer to equipment that meets these requirements Because the power supply plug is the only means of disconnecting the access point from power make sure the power outlet is accessible See...

Страница 23: ...nt provides coverage at distances of up to 100 Meters 300 Feet Signal loss can occur if metal concrete brick walls floors or other architectural barriers block transmission If your location includes t...

Страница 24: ...nna Model on page 25 before selecting the final location and be sure to allow for routing the antenna cable as required For optimal performance ensure the access point operates in temperature ranges b...

Страница 25: ...Position the antennas so they turn out and away from the access point at a 45 degree angle After network startup you may need to adjust the antennas to fine tune coverage in your area Depending on th...

Страница 26: ...Integrated Power over Ethernet power supply In this case you need to supply a second Ethernet cable to connect to the wired LAN Connect the access point directly to your own power over Ethernet hub or...

Страница 27: ...o Access Point on the power supply 3 Connect the power cord to the power supply and plug the cord into a power outlet 4 To link the access point to your Ethernet network plug one end of another Ethern...

Страница 28: ...inks red to indicate radio activity Faster blinking indicates more activity Power LED lights green when operational code is running Reset Button Press this button and hold for 15 seconds to restore th...

Страница 29: ...nting plate as a template for vertical alignment as shown at right in the illustration above Use a 5 mm 3 16 in drill bit if using the plastic anchors provided For drywall mounts you can route the cab...

Страница 30: ...ou choose a flat surface mount select a location that is clear of obstructions and provides good reception Hold the access point at an angle Turn clockwise to engage and secure it on the mounting plat...

Страница 31: ...ctor on the antenna To ensure the physical safety of anyone near the antenna and to prevent damage to the access point follow the building codes for antenna installations in your area Use the antenna...

Страница 32: ...ing arrestor POWER SETTINGS ON THE EXTERNAL ANTENNAS The following tables describe the power settings for the 802 11g radio on the AP8250 and AP8750 USA European Community Note The power settings for...

Страница 33: ...sor Click on this link to download the 3Com Network Supervisor 3NS The 3Com 3NS graphically discovers maps and displays network links and IP devices including 3Com wireless access points It is not req...

Страница 34: ...28...

Страница 35: ...talled ensure that the device to be configured is either wired to the network associating with the wireless network or connected directly to the computer and connected to power If more than one device...

Страница 36: ...will then reside on the same subnet as your computer You can accept the suggested settings or change them as required For more information see Using the Pre IP Configuration Wizard on page 31 The nex...

Страница 37: ...hould leave the password field blank If an administration password has been set for the device enter the password and click Next The Configuration Management System main page appears in the Web browse...

Страница 38: ...he access point to operate with a data rate of up to 108 Mbps If Turbo Mode is not allowed in your country this option is not available 802 11a Radio Channel Set the operating radio channel number Aut...

Страница 39: ...ation Protocol Client is enabled and a DHCP server is located on the network the network DHCP server assigns the IP address subnet mask and default gateway to the access point If there is no DHCP serv...

Страница 40: ...n the browser window address pane for example http ipaddress portnumber This number can be set between 1024 and 65535 HTTPS Server Enable or disable the HTTPS protocol allowing connection to the acces...

Страница 41: ...ce is a login authentication protocol that uses software running on a central AAA Access Authentication and Accounting server to control access to RADIUS compliant devices on the network There are no...

Страница 42: ...gured the same on both the access point and the RADIUS server The Authentication and Accounting RADIUS servers can have different secret keys Timeout The number of seconds the access point waits for a...

Страница 43: ...he local access control list You must build this list called the MAC Authentication Table as described in Local MAC Authentication below Use this option if you want to restrict wireless clients authen...

Страница 44: ...t with the ability to authenticate itself to an 802 1x enabled switch port In an environment where network access is controlled via 802 1x the supplicant makes it possible for the access point to conn...

Страница 45: ...control You can find the MAC address of a network card as follows Windows 95 98 ME Click Start Run Type winipcfg and press Enter The MAC address is in the Adapter Address section Windows NT4 2000 XP A...

Страница 46: ...ed to create modify the VLAN ID the following attributes must be provisioned on the RADIUS Server to be passed back to the authenticating client The AP s IP address is the RADIUS Client Radius User Tu...

Страница 47: ...er this feature should be disabled Local Bridge Filter Enable this filter to prevent direct communication between wireless clients creating a more secure wireless network AP Management Filter Enable t...

Страница 48: ...sub net If an AP is located on the far side of the gateway i e on a different sub net its clients will NOT be blocked from communicating with clients on the local sub net of interest This feature is a...

Страница 49: ...es the system location Maximum length 255 characters Community Name Read Only Specifies a community string with read only access Authorized management stations are able to retrieve MIB objects Maximum...

Страница 50: ...oint is about to reboot sysRadiusServerChanged Sent when the RADIUS server has changed from Primary to Secondary or Secondary to Primary dot11StationAssociation Sent when a station successfully associ...

Страница 51: ...ailed to authenticate dot1xAuthNotInitiated Sent when a station did not initiate 802 1x authentication with the RADIUS server The trap also includes the MAC address of the station that failed to authe...

Страница 52: ...s the users to have different access rights Auth Type The SNMP v3 authentication protocol Passphrase The SNMP v3 authentication password Priv Type The SNMP v3 privacy protocol Passphrase The SNMP v3 p...

Страница 53: ...n Click Add to add an entry click Delete to remove an entry SNMP FILTER This table is used to set filter profiles Filter profiles are used to determine if particular management targets should receive...

Страница 54: ...ess point accepts SSH connections The default port number is 22 Enter a value between 1024 and 65535 Firmware Upgrade You can upgrade firmware from a remote FTP or TFTP server Select FTP or TFTP Enter...

Страница 55: ...t the access point All user configured information is lost You must reenter the default user name admin to regain management access to this device Reset Access Point Click Reset to perform a hardware...

Страница 56: ...forwards data to the Distribution System The access point can also have bridge children for which it acts as the bridge parent and helps to send data to the DS Root Bridge The access point behaves as...

Страница 57: ...OTOCOL SETTINGS Spanning Tree Protocol allows the access point to determine the most efficient path to forward data It also allows network administrators to set up redundancy in the network while avoi...

Страница 58: ...up a server to store event logs and to specify how the access point obtains the date and time When you are finished configuring items on this page click Apply Each logging message is tagged with a se...

Страница 59: ...Click Stations Status to view the configurations of connected stations The Station Status page displays basic connection information for all associated stations Select refresh on you browser to see up...

Страница 60: ...ccess point radio interface detects the number of radios installed and their type 802 11g Radio 802 11a Radio or 802 11b Radio The Radio Settings and Security options for the radio interface are descr...

Страница 61: ...e is ignored Note If clients have VLAN IDs assigned by a RADIUS server the RADIUS assigned VLAN ID takes precedence over the VLAN ID configured here Closed System Enabling this option prevents publicl...

Страница 62: ...d 802 11a only Select Auto Channel Select Enable to allow the access point to select a radio channel automatically Radio Channel From the pull down list select the radio channel over which the access...

Страница 63: ...e in power saving mode that a packet is waiting for them Fragment Length 256 2346 802 11g and 802 11a only The Fragment Length can be set between 256 and 2 346 If the packet size is smaller than the p...

Страница 64: ...elow When you are finished configuring items on this page click Apply SELECTING A VIRTUAL ACCESS POINT VAP Open the Virtual AP drop down box and select the VAP you want to configure Each VAP has its o...

Страница 65: ...P selected as the Cipher Mode ALL multicast traffic is sent out with WEP encryption It is recommended to only select WEP as the Cipher Mode if legacy client support is critical AES Advanced Encryption...

Страница 66: ...2 1x then the 802 1x Wireless Setup must be set to Supported on the Authentication Page instead WEP Configuration WEP encryption is based on the use of security keys and the popular RC4 encryption alg...

Страница 67: ...lect Advanced Setup 4 Click on RADIUS from the left frame page Menu 5 Enter all the settings of your Primary RADIUS Authentication Server make sure the IP Address and Key match those on the RADIUS Aut...

Страница 68: ...tch those on the RADIUS Authentication software 6 Click on Apply 7 Choose Authentication from the left frame page Menu 8 Make sure the following settings are set on the Authentication page a MAC Authe...

Страница 69: ...is Disabled if Local or RADIUS MAC Authentication is chosen MAC address filtering or authentication respectively will be done before the 802 1x authentication Therefore these setups must be validated...

Страница 70: ...quired The Windows XP Support Patch for Wireless Protected Access which you can download from the Microsoft Web site is required To allow WEP clients clear the WPA Configuration Required check box and...

Страница 71: ...8750 Enable WPA Configuration Required Multicast Cipher Mode AES WPA Key Management WPA 802 1x TKIP Open System Enable WPA Configuration Required Multicast Cipher Mode TKIP WPA Key Management WPA PSK...

Страница 72: ...66...

Страница 73: ...subnet as the wired LAN If necessary reset the access point to the factory defaults Try the solutions in the following table If you need further assistance contact 3Com Technical Support through the f...

Страница 74: ...ers can roam are configured to the same WEP setting SSID and authentication settings Slow or erratic performance Try changing the wireless channel on the access point Check the access point antennas c...

Страница 75: ...rvice area to match If you change the IP address and save the change you cannot continue to configure the access point using the old IP address Therefore if you want to continue configuring this acces...

Страница 76: ...70...

Страница 77: ...vice must not be co located or operated in conjunction with any other antenna or transmitter except the 3Com 802 11a Wireless LAN Access Point Upgrade Kit US Federal Communications Commission FCC EMC...

Страница 78: ...echnical specifications were met To reduce potential radio interference to other users the antenna type and its gain should be so chosen that the equivalent isotropically radiated power EIRP is not mo...

Страница 79: ...oestel RLAN device in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Bij deze verklaart 3Com Corporation dat deze RLAN device voldoet aan de essen...

Страница 80: ...stabilite dalla direttiva 1999 5 CE Spanish Por medio de la presente 3Com Corporation declara que el RLAN device cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o ex...

Страница 81: ...the 2 4GHz band Channels 1 13 except where noted below In Italy the end user must apply for a license from the national spectrum authority to operate this device outdoors In Belgium outdoor operation...

Страница 82: ...or use only when using channels 36 40 44 or 48 in the 5 15 to 5 25 GHz frequency range High power radars are allocated as primary users of the 5 25 to 5 35 GHz and 5 65 to 5 85 GHz bands These radar s...

Страница 83: ...the antenna type and its gain should be so chosen that the equivalent isotropically radiated power EIRP is not more than that required for successful communication To prevent radio interference to the...

Страница 84: ...toestel RLAN device in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Bij deze verklaart 3Com Corporation dat deze RLAN device voldoet aan de esse...

Страница 85: ...stabilite dalla direttiva 1999 5 CE Spanish Por medio de la presente 3Com Corporation declara que el RLAN device cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o ex...

Страница 86: ...point at that location and consult the local technical support staff responsible for the wireless network The 5GHz Turbo mode feature is not allowed for operation in any European Community country Thi...

Страница 87: ...door use only when using channels 36 40 44 or 48 in the 5 15 to 5 25 GHz frequency range High power radars are allocated as primary users of the 5 25 to 5 35 GHz and 5 65 to 5 85 GHz bands These radar...

Страница 88: ...antenna type and its gain should be so chosen that the equivalent isotropically radiated power EIRP is not more than that required for successful communication To prevent radio interference to the lic...

Страница 89: ...liance Este equipamento opera em car ter secund rio isto nao tem direito a prote ao contra interferencia prejudicial mesmo de esta oes do mesmo tipo e nao causar interferencia a sistema operando em ca...

Страница 90: ......

Страница 91: ...AC 39 MAC 37 open system 58 RADIUS MAC 38 shared key 58 automatic channel selection 56 B backup configuration 48 basic configuration 32 beacon interval 57 broadcast key refresh rate 38 C cable 15 chan...

Страница 92: ...ess 39 location configuration parameter 43 for installation 17 log 52 login 31 M MAC address locating 39 recording 18 use in locating devices 29 30 MAC authentication 37 management VLAN ID 40 maximum...

Страница 93: ...MP 43 software utilities installing 27 SSID 53 55 stations status 53 statistics accounting 36 status 53 subnet mask 33 system configuration 29 system log 52 T TCP IP settings 33 terminology 9 time and...

Отзывы: