manualshive.com logo in svg

Extreme Networks Altitude 3500 Series, Руководство по продукции

Поделиться
Скачать
Extreme Networks Altitude 3500 Series Скачать руководство пользователя страница 178

 

Configuring Access Point Security

Altitude 3500 Series Access Point Product Reference Guide

178

7

Select the 

Accounting 

tab as required to define a timeout period and retry interval Syslog for MUs 

interoperating with the Altitude 35xx and EAP authentication server. The items within this tab could 
be enabled or disabled depending on whether Internal or External has been selected from the 
RADIUS Server drop-down menu.

8

Select the 

Reauthentication 

tab as required to define authentication connection policies, intervals and 

maximum retries. The items within this tab are identical regardless of whether Internal or External is 
selected from the 

Radius Server

 drop-down menu.

Radius Shared 
Secret

Specify a shared secret for authentication on the Internal 
or Primary RADIUS server (External RADIUS Server only). 
The shared secret is required to match the shared secret 
on the RADIUS server. Optionally, specify a shared secret 
for a secondary (failover) server. Use shared secrets to 
verify RADIUS messages (with the exception of the 
Access-Request message) sent by a RADIUS enabled 
device configured with the same shared secret.

Apply the qualifications of a well-chosen password to the 
generation of a shared secret. Generate a random, case-
sensitive string using letters and numbers. Verify the 
shared secret is at least 22 characters to protect the 
RADIUS server from brute-force attacks. An example of a 
strong and secure shared secret is: 8d#>9fq4bV)H7%a3-
zE13sW.

External Radius 
Server Address

Specify the IP address of the external RADIUS server 
used to provide RADIUS accounting.

External Radius 
Port

Specify the port on which the RADIUS server is listening. 
The default port is 1813.

External Radius 
Shared Secret

Specify a shared secret for authentication. The shared 
secret is required to match the shared secret on the 
RADIUS server.

MU Timeout

Specify the time (in seconds) for the access point’s 
retransmission of EAP-Request packets. The default is 10 
seconds. If this time is exceeded, the authentication 
session is terminated.

Retries

Specify the number of retries for the MU to retransmit a 
missed frame to the RADIUS server before it times out of 
the authentication session. The default is 2 retries.

Enable Syslog

Select the 

Enable Syslog

 checkbox to enable RADIUS 

accounting syslog messages relating to EAP events to be 
written to the specified syslog server.

Syslog Server IP 
Address

Enter the IP address of the destination syslog server to be 
used to log EAP events.

Enable 
Reauthentication

Select the 

Enable Reauthentication

 checkbox to configure 

a wireless connection policy so MUs are forced to 
reauthenticate periodically. Periodic repetition of the EAP 
process provides ongoing security for current authorized 
connections.

Period (30-9999) 
secs 

Set the EAP reauthentication period to a shorter interval 
for tighter security on the WLAN's connections. Set the 
EAP reauthentication period to a longer time interval (at 
most, 9999 seconds) to relax security on wireless 
connections. The default interval of 3600 seconds is 
recommended.

Содержание Altitude 3500 Series

Страница 1: ...roe Street Santa Clara California 95051 888 257 3000 408 579 2800 http www extremenetworks com AltitudeTM 3500 Series Access Point Product Reference Guide Software Version 2 6 Published February 2012...

Страница 2: ...Watch Summit SummitStack Triumph Unified Access Architecture Unified Access RF Manager UniStack XNV the Extreme Networks logo the Alpine logo the BlackDiamond logo the Extreme Turbodrive logo the Summ...

Страница 3: ...io 18 Quality of Service QoS Support 18 Industry Leading Data Security 19 Kerberos Authentication 19 EAP Authentication 20 WEP Encryption 20 KeyGuard Encryption 21 Wi Fi Protected Access WPA Using TKI...

Страница 4: ...enna Options 39 Power Options 39 Altitude 3510 Power Options 39 Altitude 3550 Power Options 39 Power Tap Systems 40 Installing the Power Tap 40 Preparing for Site Installation 40 Cabling the Power Tap...

Страница 5: ...uring LAN1 and LAN2 Settings 119 Configuring Advanced DHCP Server Settings 122 Setting the Type Filter Configuration 123 Configuring WAN Settings 125 Configuring Network Address Translation NAT Settin...

Страница 6: ...25 Defining User Access Permissions by Group 226 Editing Group Access Permissions 228 Chapter 7 Monitoring Statistics 231 Viewing WAN Statistics 231 Viewing LAN Statistics 234 Viewing a LAN s STP Stat...

Страница 7: ...figuration Update Commands 492 Firmware Update Commands 499 Statistics Commands 503 Chapter 9 Configuring Mesh Networking 519 Mesh Networking Overview 519 The Altitude 35xx Client Bridge Association P...

Страница 8: ...Adaptive AP Adoption 560 Establishing Basic Adaptive AP Connectivity 560 Adaptive AP Configuration 560 Adopting an Adaptive AP Manually 561 Adopting an Adaptive AP Using a Configuration File 562 Adop...

Страница 9: ...Altitude 3500 Series Access Point Product Reference Guide 9 Configuring a Cisco VPN Device 586 Frequently Asked VPN Questions 587 Appendix C Customer Support 593 Registration 593 Documentation 593...

Страница 10: ...Altitude 3500 Series Access Point Product Reference Guide 10...

Страница 11: ...l configuration activities are applied to both models When command line interface CLI commands are displayed and apply to both models a 35xx convention is used Document Conventions The following docum...

Страница 12: ...Point Product Reference Guide 12 Bullets indicate action items lists of alternatives lists of required steps that are not necessarily sequential Sequential lists those describing step by step procedur...

Страница 13: ...tude 3510 and Altitude 3550 are available in only a dual radio SKU except the Israel SKU which has a single radio An Altitude 3550 cannot use the Altitude 3510 s 48 volt power supply and therefore is...

Страница 14: ...IPS allows administrators to identify and accurately locate attacks rogue devices and network vulnerabilities in real time and permits both a wired and wireless lockdown of wireless device connections...

Страница 15: ...nation local encryption decryption local traffic bridging the tunneling of centralized traffic to the wireless controller For a information overview of the adaptive AP feature as well as how to config...

Страница 16: ...7 Separate LAN and WAN Ports on page 17 Multiple Mounting Options on page 17 Antenna Support for 2 4 GHz and 5 GHz Radios on page 17 Sixteen Configurable WLANs on page 18 Support for 4 BSSIDs per Radi...

Страница 17: ...he WAN port might connect to a larger corporate network For a small business the WAN port might connect to a DSL or cable modem to access the Internet Regardless network address information must be co...

Страница 18: ...ess displayed on the Radio Settings screen is 00 A0 F8 72 20 DC then the BSSIDs for that radio will have the following MAC addresses For detailed information on strategically mapping BSSIDs to WLANs s...

Страница 19: ...Authentication is a means of verifying information transmitted from a secure source If information is authentic you know who created it and you know it has not been altered in any way since originate...

Страница 20: ...orms of WLAN security rely on encryption to various extents Encryption entails scrambling and coding information typically with mathematical formulas called algorithms before the information is transm...

Страница 21: ...11i standard that provides even stronger wireless security than Wi Fi Protected Access WPA and WEP Counter mode CBC MAC Protocol CCMP is the security standard used by the Advanced Encryption Standard...

Страница 22: ...irtual Local Area Network VLAN can electronically separate data on the same AP from a single broadcast domain into separate broadcast domains By using a VLAN you can group by logical function instead...

Страница 23: ...llowing 2 MIB files EXTR CC adp35xx MIB 2 0 standard common MIB file EXTR adp35xx MIB Altitude 35xx specific MIB file The access point s SNMP agent functions as a command responder and is a multilingu...

Страница 24: ...broadcast by the AP to keep the network synchronized A beacon includes the ESSID MAC address Broadcast destination addresses a time stamp a DTIM Delivery Traffic Indication Message and the TIM Traffi...

Страница 25: ...g configuration files see Importing Exporting Configurations on page 103 Default Configuration Restoration The access point has the ability to restore its default configuration or a partial default co...

Страница 26: ...mesh networking association process is identical to the access point s MU association process Once the association authentication process is complete the wireless client adds the connection as a port...

Страница 27: ...to define the data source authentication type and associate digital certificates with the authentication scheme The LDAP screen allows the administrator to configure an external LDAP Server for use w...

Страница 28: ...dynamically assigned IP address of a client changes the new IP address is sent to the DynDNS service and traffic for the specified domain s is routed to the new IP address For information on configur...

Страница 29: ...lled a Basic Service Set BSS or cell When in a particular cell the MU associates and communicates with the access point supporting the radio coverage area of that cell Adding access points to a single...

Страница 30: ...ation or interface information that is not used for a specified time The AP refreshes its database when it transmits or receives data from these destinations and interfaces Media Types The access poin...

Страница 31: ...sequence channel used by the access point Scanning is a periodic process where the MU sends out probe messages on all channels defined by the country code The statistics enable an MU to reassociate b...

Страница 32: ...nd LAN side the access point can assign private IP addresses Firewall A firewall protects against a number of known attacks Management Access Options Managing the access point includes viewing network...

Страница 33: ...adio1 802 11bg Random address located on the Web UI CLI and SNMP interfaces Radio2 802 11a Random address located on the Web UI CLI and SNMP interfaces The access point s BSS virtual AP MAC addresses...

Страница 34: ...Introduction Altitude 3500 Series Access Point Product Reference Guide 34...

Страница 35: ...Altitude 3550 LED Indicators on page 54 Setting Up MUs on page 54 CAUTION Extreme Networks recommends conducting a radio site survey prior to installing an access point A site survey is an excellent m...

Страница 36: ...erable Contact your sales associate for specific information Altitude 3550 Configurations An Altitude 3550 is only available in a dual radio configuration NOTE Extreme Networks recommends using the Al...

Страница 37: ...e 573 Access Point Placement For optimal performance install the access point regardless of model away from transformers heavy duty motors fluorescent lights microwave ovens refrigerators and other in...

Страница 38: ...na suite supporting the 2 4 GHz band and another antenna suite supporting the 5 GHz band Select an antenna model best suited to the intended operational environment of your Altitude 3510 NOTE On a dua...

Страница 39: ...supporting the 5 GHz band Select an antenna model best suited to the intended operational environment of your Altitude 3550 Similar to Altitude 3510 the Altitude 3550 antenna connectors N male for Ra...

Страница 40: ...ng 110 220 VAC power to combine low voltage DC with Ethernet data in a single cable connecting to the access point The access point can only use a Power Tap when connecting the unit to the access poin...

Страница 41: ...s point s LAN port CAUTION Cabling the Power Tap to the access point s WAN port renders the access point non operational Only use a Power Tap with the access point s LAN port Ensure the cable length f...

Страница 42: ...wnward orientation CAUTION Both the Dual and Single Radio model Altitude 3510 s use RSMA type antenna connectors On the Dual Radio Altitude 3510 a single dot on the antenna connector indicates the pri...

Страница 43: ...0mm Type D Self Tapping screw Two wall anchors Security cable optional To mount the Altitude 3510 on a wall 1 Orient the Altitude 3510 on the wall by its width or length 2 Using the arrows on one edge...

Страница 44: ...information 9 Verify the behavior of the Altitude 3510 LEDs For more information see Altitude 3510 LED Indicators on page 48 The Altitude 3510 is ready to configure For information on an Altitude 3510...

Страница 45: ...ply host and the Altitude 3510 LAN port b Verify the power adapter is correctly rated according the country of operation c Connect the power supply line cord to the power adapter d Attach the power ad...

Страница 46: ...rear panel status LEDs of the unit An above the ceiling Altitude 3510 installation enables installations compliant with drop ceilings suspended ceilings and industry standard tiles from 625 to 75 inc...

Страница 47: ...d surface of the ceiling tile when creating the light pipe hole and installing the light pipe 7 Remove the light pipe s rubber stopper before installing the light pipe 8 Connect the light pipe to the...

Страница 48: ...dapter is correctly rated according the country of operation c Connect the power supply line cord to the power adapter d Attach the power adapter cable into the power connector on the Altitude 3510 e...

Страница 49: ...n that has not been approved in a site survey Power Status Solid white indicates the Altitude 3510 is adequately powered Error Conditions Solid red indicates the Altitude 3510 is experiencing a proble...

Страница 50: ...clamp parts around the pole and tighten the nuts just enough to hold the bracket to the pole The bracket may need to be rotated around the pole during the antenna alignment process 3 Attach the square...

Страница 51: ...e power cable to the unit s three screw termination block and tighten the unit s LINE AC clamp by hand to ensure the power cable cannot be pulled from the unit d For Power Tap installations attach a g...

Страница 52: ...s in the wall that match the screws and wall plugs 3 Secure the bracket to the wall 4 Attach the square mounting plate to the bridge with the supplied screws Attach the bridge to the plate on the pole...

Страница 53: ...r cable cannot be pulled from the unit d For Power Tap installations attach a ground cable between the EARTH GROUND connector on the back of the unit to a suitable earth ground connection as defined b...

Страница 54: ...the ESSID and other configuration parameters until the network connection is verified MUs attach to the network and interact with the AP transparently Power Status Solid white indicates the access poi...

Страница 55: ...ociated MU before mounting and securing the access point Carefully follow the mounting instructions in one of the following sections to ensure the access point is installed correctly For installing an...

Страница 56: ...ss point CLI is accessed through the RS232 port via Telnet or SSH The CLI follows the same configuration conventions as the device user interface with a few documented exceptions Config file Readable...

Страница 57: ...and set the county code Refer to Country Codes on page 574 for a list of each available countries two digit country code 6 At the CLI prompt admin type summary The access point s LAN IP address will d...

Страница 58: ...isplays Change the password Enter the current password and a new admin password in fields provided Click Apply Once the admin password has been updated a warning message displays stating the access po...

Страница 59: ...ings in the Quick Setup screen the values also change within the screen where these parameters also exist Additionally if the values are updated in these other screens the values initially set within...

Страница 60: ...tically Refer to the access point Product Reference Guide for information on defining alternate time servers and setting a synchronization interval for the access point to adjust its displayed time Re...

Страница 61: ...oint automatically reestablishes the connection to the ISP b Specify the Username entered when connecting to the ISP When the Internet session begins the ISP authenticates the username c Specify the P...

Страница 62: ...lect the WLAN 1 tab WLANs 1 4 are available within the Quick Setup screen to define its ESSID and security scheme for basic operation NOTE A maximum of 16 WLANs are configurable within the Wireless Co...

Страница 63: ...asic security scheme in this case WEP 128 is recommended in a network environment wherein sensitive data is transmitted NOTE For information on configuring the other encryption and authentication opti...

Страница 64: ...o the specified MU address Refer to the Number of Responses value to assess the number of responses from the MU versus the number of ping packets transmitted by the access point Use the ratio of packe...

Страница 65: ...ime importing exporting device configurations and device firmware updates see System Configuration on page 67 For detailed information on configuring access point LAN interface subnet and WAN interfac...

Страница 66: ...Getting Started Altitude 3500 Series Access Point Product Reference Guide 66...

Страница 67: ...disable Microsoft s Java Virtual Machine if installed To connect to the access point an IP address is required If connected to the access point using the WAN port the default static IP address is 10...

Страница 68: ...tion set the country of operation and view device version information System Name Specify a device name for the access point Extreme Networks recommends selecting a name serving as a reminder of the u...

Страница 69: ...uptime of the access point defined in the System Name field System Uptime is the cumulative time since the access point was last rebooted or lost power Serial Number Displays the access point serial...

Страница 70: ...o securely exit the AP35xx Access Point applet A prompt displays confirming the logout before the applet is closed Adaptive AP Setup An access point needs settings defined to discover and adopt an ava...

Страница 71: ...ailable for connection The access point resolves the name to one or more IP addresses if a DNS IP address is present This method is used when the access point fails to obtain an IP address using DHCP...

Страница 72: ...either enabled or disabled It is not meant to function as an ACL in routers or other firewalls where you can specify and customize specific IPs to access specific interfaces Use the AP35xx Access scr...

Страница 73: ...on page 76 To configure access for the AP35xx 1 Select System Configuration AP35xx Access from the menu tree The Trusted Hosts field appears at the top of the screen but the remainder of the screen c...

Страница 74: ...ification If using this option the connected PC is required to have its RADIUS credentials verified with an external RADIUS server Additionally the RADIUS Server s Active Directory should have a valid...

Страница 75: ...assword Enter and confirm a new administrator password as required Message Settings Click the Message Settings button to display a screen used to create a text message Once displayed select the Enable...

Страница 76: ...x Access screen to the last saved configuration 12 Click Logout to securely exit the AP35xx Access Point applet A prompt displays confirming the logout before the applet is closed Defining Trusted Hos...

Страница 77: ...ted permission to access point resources 4 Select an existing IP address and click the Edit button to modify the address if no longer relevant 5 If you are near the capacity of 8 allowed IP addresses...

Страница 78: ...r information The AP35xx can import and maintain a set of CA certificates to use as an authentication option for Virtual Private Network VPN access To use the certificate for a VPN tunnel define a tun...

Страница 79: ...Imported root CA Certificates field to view the certificate issuer name subject and certificate expiration data 5 To delete a certificate select the Id from the drop down menu and click the Del button...

Страница 80: ...he generated certificate request displays in the drop down list of certificates within the Self Certificates screen Key ID Enter a logical name for the certificate to help distinguish between certific...

Страница 81: ...ipboard 7 Click the Paste from clipboard button The content of the email displays in the window Click the Load Certificate button to import the certificate and make it available for use as a VPN authe...

Страница 82: ...em Configuration Certificate Mgmt Self Certificates from the AP35xx menu tree 2 Click on the Add button to create the certificate request The Certificate Request screen displays 3 Complete the request...

Страница 83: ...ewal request using a base64 encoded PKCS file option Click Next to continue 12 Paste the content of certificate in the Saved Request field within the Submit a Saved Request screen NOTE An administrato...

Страница 84: ...ck the Load Certificate button 21 Verify the contents of the certificate file display correctly within the Self Certificates screen The certificate for the onboard RADIUS authentication of MUs has now...

Страница 85: ...certificate FTP Select the FTP radio button if using an FTP server to import or export the security certificate TFTP Select the TFTP radio button if using an FTP server to import or export the securit...

Страница 86: ...iable of a MIB The access point Web download package contains the following 2 MIB files EXTR CC adp35xx MIB 2 0 standard common MIB file EXTR adp35xx MIB Altitude 35xx specific MIB file NOTE The EXTR...

Страница 87: ...de the attempted security enhancements of other version 2 protocols Instead SNMP v2c defaults to SNMP standard community strings for read only and read write access SNMP version 3 v3 further enhances...

Страница 88: ...unity definition using a site appropriate name and access level Set up a read write definition at a minimum to facilitate full access by the AP35xx administrator 2 Configure the SNMP v1 v2 Configurati...

Страница 89: ...AuthNoPriv setting requires login authorization but no encryption The AuthPriv setting requires login authorization and uses the Data Encryption Standard DES protocol OID Use the OID Object Identifier...

Страница 90: ...s can read SNMP generated information and if capable modify related settings from an SNMP capable client Use the SNMP Access Control screen s Access Control List ACL to limit by Internet Protocol IP a...

Страница 91: ...on Use just the Starting IP Address column to specify a single SNMP user Use both the Starting IP Address and Ending IP Address columns to specify a range of addresses for SNMP users To add a single I...

Страница 92: ...orting this information Trap configuration depends on the network machine that receives the generated traps SNMP v1 v2c and v3 trap configurations function independently In a mixed SNMP environment ge...

Страница 93: ...e an entry for an SNMP v3 user Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by the AP35xx SNMP agent Port Specify a destination User Datagram Pro...

Страница 94: ...Configure the MU Traps field to generate traps for MU associations MU association denials and MU authentication denials When a trap is enabled a trap is sent every 10 seconds until the condition no l...

Страница 95: ...a link is lost between the AP35xx and a connected device DynDNS Update Generates a trap whenever domain name information is updated as a result of the IP address associated with that domain being modi...

Страница 96: ...pplet A prompt displays confirming the logout before the applet is closed Configuring SNMP RF Trap Thresholds Use the SNMP RF Trap Threshold screen as a means to track RF activity and the AP35xx s rad...

Страница 97: ...nter a maximum threshold for the total throughput in Pps Packets per second Throughput Set a maximum threshold for the total throughput in Mbps Megabits per second Average Bit Speed Enter a minimum th...

Страница 98: ...ros authentication time synchronization is required Use the Date and Time Settings screen to enable NTP and specify the IP addresses and ports of available NTP servers NOTE The current time is not set...

Страница 99: ...r to manually enter the access point s system time using a Year Month Day HH MM SS format This option is disabled when the Enable NTP checkbox has been selected and therefore should be viewed as a sec...

Страница 100: ...stination MAC address Certain TLVs are mandatory and always sent once LLDP is enabled while other TLVs are optionally configured LLDP defines a set of common advertisement messages a protocol for tran...

Страница 101: ...val in seconds 5 32768 to define the LLDP refresh interval transmit interval The Refresh Interval is the interval LLDP frames are transmitted on behalf of the LLDP agent The default is 30 seconds 4 Se...

Страница 102: ...d to save event logs set the log level and optionally port the AP35xx s log to an external server View Log Click View to save a log of events retained on the AP35xx The system displays a prompt reques...

Страница 103: ...int The exported file can be edited with any document editor if necessary NOTE Use the System Settings screen as necessary to restore an AP35xx s default configuration For more information on restorin...

Страница 104: ...iguration to a dual radio model access point In turn a dual radio model access point cannot import export its configuration to a single radio access point Use the Config Import Export screen to config...

Страница 105: ...tem displays a confirmation window indicating the administrator must log out of the AP35xx after the operation completes for the changes to take effect Click Yes to continue the operation Click No to...

Страница 106: ...ible Hardware Type Error message indicates the configuration was not applied due to a hardware compatibility issue between the importing and exporting devices Status After executing an operation by cl...

Страница 107: ...an the version currently in use on the access point Additionally the configuration version can be manually changed in the text file to cause the configuration to be applied when required The parameter...

Страница 108: ...he AP35xx current configuration settings before updating the firmware to have the most recent settings available after the firmware is updated Refer to Importing Exporting Configurations on page 103 f...

Страница 109: ...he file within the Filepath optional field 6 Enter an IP address for the FTP or TFTP server used for the update Only numerical IP address names are supported no DNS can be used 7 Select FTP or TFTP to...

Страница 110: ...successful If an error occurs one of the following error messages will display FAIL auto fw update check FAIL network activity time out FAIL firmware check FAIL exceed memory limit FAIL authenticatio...

Страница 111: ...Altitude 3500 Series Access Point Product Reference Guide 111 14 Click Logout to securely exit the AP35xx Access Point applet A prompt displays confirming the logout before the applet is closed...

Страница 112: ...System Configuration Altitude 3500 Series Access Point Product Reference Guide 112...

Страница 113: ...cal LAN port supporting two unique LAN interfaces The Altitude 35xx LAN port has its own MAC address The LAN port MAC address is always the value of the Altitude 35xx WAN port MAC address plus 1 The L...

Страница 114: ...trunking enabled and the correct management VLAN defined 2 Configure the LAN Settings field to enable the Altitude 35xx LAN1 and or LAN2 interface assign a timeout value enable 802 1q trunking configu...

Страница 115: ...can be active at any given time but only one can transmit over the access point s physical LAN connection thus the selected LAN has priority Enable 802 1q Trunking Select the Enable 802 1q Trunking ch...

Страница 116: ...VLANs have the same attributes as physical LANs but they enable system administrators to group MUs even when they are not members of the same network segment NOTE A WLAN supporting a mesh network does...

Страница 117: ...LAN from the Altitude 35xx menu tree 2 Ensure the Enable 802 1q Trunking button is selected from within the LAN Setting field Trunk links are required to pass VLAN information between destinations A t...

Страница 118: ...to extend an internal LAN between the locations An Altitude 35xx managed infrastructure could provide this connectivity but it requires VLAN numbering be managed carefully to avoid conflicts between...

Страница 119: ...When a frame arrives on the Altitude 35xx it queries the VMPS for the VLAN assignment based on the source MAC address of the arriving frame If statically mapping VLANs leave the Dynamic checkbox speci...

Страница 120: ...terface is a DHCP Client Select this button to enable DHCP to set network address information via this LAN1 or LAN2 connection This is recommended if the Altitude 35xx resides within a large corporate...

Страница 121: ...nced DHCP Server Click the Advanced DHCP Server button to display a screen used for generating a list of static MAC to IP address mappings for reserved clients A separate screen exists for each of the...

Страница 122: ...n IP address for as long as it remains in active use The lease time is the number of seconds an IP address is reserved for re connection after its last use Using very short leases DHCP can dynamically...

Страница 123: ...the window to navigate 5 Click the Del delete button to remove a selected table entry 6 Click OK to return to the LAN1 or LAN2 page where the updated settings within the Advanced DHCP Server screen ca...

Страница 124: ...te whether the Ethernet Types defined for the LAN are allowed or denied for use by the Altitude 35xx 3 To add an Ethernet type click the Add button The Add Ethernet Type screen displays Use this scree...

Страница 125: ...k Logout to securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed Configuring WAN Settings A Wide Area Network WAN is a widely dispersed telecommuni...

Страница 126: ...lient mode is enabled the other WAN IP configuration parameters are grayed out IP Address Specify a numerical non DNS name IP address for the Altitude 35xx s WAN connection This address defines the AP...

Страница 127: ...e information over its WAN port about data transmission speed and duplex capabilities Auto negotiation is helpful when using the access point in an environment where different devices are connected an...

Страница 128: ...active even when there is no traffic If the ISP drops the connection after an idle period the Altitude 35xx automatically re establishes the connection to the ISP Enabling Keep Alive mode disables gra...

Страница 129: ...anslates the WAN IP addresses on incoming packets to local IP addresses NAT is useful because it allows the authentication of incoming and outgoing requests and minimizes the number of WAN IP addresse...

Страница 130: ...cal IP address 1 to 1 mapping is useful when users need dedicated addresses and for public facing servers connected to the Altitude 35xx Set the NAT Type as 1 to Many to map a WAN IP address to multip...

Страница 131: ...ansport protocol used in this service The choices are ALL TCP UDP ICMP AH ESP and GRE Start Port and End Port Enter the port or ports used by the port forwarding service To specify a single port enter...

Страница 132: ...ly the primary WAN IP address To configure dynamic DNS for the Altitude 35xx 1 Select Network Configuration WAN DynDNS from the Altitude 35xx menu tree 2 Select the Enable checkbox to allow domain nam...

Страница 133: ...being lost 9 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the screen to the last saved configuration Enabling Wireless LANs WLANs A Wireless...

Страница 134: ...existing WLANs WLAN Name The Name field displays the name of each WLAN that has been defined The WLAN names can be modified within individual WLAN configuration screens See Creating Editing Individua...

Страница 135: ...existing WLAN ensure it is not being used by an Altitude 35xx radio or is a WLAN that is needed in its current configuration Once updated the previous configuration is not available unless saved CAUT...

Страница 136: ...name should be logical representation of WLAN coverage area engineering marketing etc The maximum number of characters that can be used for the name is 31 Available On Use the Available On checkboxes...

Страница 137: ...the WLAN available in the WLAN drop down menu within the Radio Configuration screen This checkbox can be ignored for WLANs not supporting mesh networking to purposely exclude them from the list of WLA...

Страница 138: ...password if Kerberos has been selected as the security scheme from within the Security Policies field The field is grayed out if Kerberos has not been selected for the WLAN Disallow MU to MU Communic...

Страница 139: ...ter See Configuring Access Point Security on page 169 for more details on configuring Altitude 35xx security For detailed information on the authentication and encryption options available to the Alti...

Страница 140: ...LAN For detailed information on assigning ACL policies to specific WLANs see Creating Editing Individual WLANs on page 135 To create or edit ACL policies for WLANs 1 Select Network Configuration Wirel...

Страница 141: ...r Edit MU ACL Policy screen and return to the Mobile Unit Access Control List Configuration screen Navigating away from the screen without clicking Apply results in changes to the screens being lost 6...

Страница 142: ...e new policies are defined they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based on MU interoperability requirements Extreme Networks recommends using t...

Страница 143: ...ss Point Product Reference Guide 143 2 Click the Create button to configure a new QoS policy or select a policy and click the Edit button to modify an existing QoS policy The access point supports a m...

Страница 144: ...ake use of multicast addresses Using this mechanism ensures that the multicast packets for these devices are not delayed by the packet queue 6 Use the drop down menu to select the radio traffic best r...

Страница 145: ...ultimedia traffic Video Video traffic includes music streaming and application traffic requiring priority over all other types of network traffic Voice Voice traffic includes VoIP traffic and typicall...

Страница 146: ...vice Rather than rely on built in 802 11security features to control access point association privileges configure a WLAN with no WEP an open network The access point issues an IP address to the user...

Страница 147: ...ogin page welcome page and fail page used for hotspot access Defining these settings is required when the Use External URL checkbox has been selected within the HTTP Redirection field Use Default File...

Страница 148: ...ation IP addresses These allowed destination IP addresses are called a White List Ten configurable IP addresses are allowed for each WLAN For more information see Defining the Hotspot White List on pa...

Страница 149: ...127 0 0 1 and cannot be used for the external RADIUS server Radius Port Specify the port on which the RADIUS accounting server is listening Shared Secret Specify a shared secret for accounting authent...

Страница 150: ...address for an allowed destination IP address 3 Select a White List entry and click the Del button to remove the address from the White List 4 Click OK to return to the Hotspot Config screen where th...

Страница 151: ...tabs are selected and configured separately to enable the radio s and set their mesh networking definitions To set the Altitude 35xx radio configuration this example is for a dual radio access point...

Страница 152: ...his is an existing radio within a mesh network this value updates in real time CAUTION A problem could arise if a Base Bridge s Indoor channel is not available on an Outdoor Client Bridge s list of av...

Страница 153: ...If the signal strength falls below a configurable threshold the link to the existing base bridge is dropped and a connection to the base bridge with the stronger signal is established Enter a value in...

Страница 154: ...changes have been applied 10 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the Radio Configuration screen to the last saved configuration 11 C...

Страница 155: ...selected for the Altitude 35xx MAC Address The Altitude 35xx like other Ethernet devices has a unique hardware encoded Media Access Control MAC or IEEE address MAC addresses determine the device sendi...

Страница 156: ...st average power level Select the Exclude Channels button to display a screen used to prohibit 802 11a or 802 11b g channels from operating with this radio When channel exceptions are defined the acce...

Страница 157: ...ude 35xx 802 11a radios Set Rates Click the Set Rates button to display a window for selecting minimum and maximum data transmit rates for the radio At least one Basic Rate must be selected as a minim...

Страница 158: ...interval controls the performance of power save stations A small interval may make power save stations more responsive but it will also cause them to consume more battery power A large interval makes...

Страница 159: ...Space Number and TXOPs Time for each Access Category These are the QoS policies for the 802 11a or 802 11b g radio not the QoS policies configured for the WLAN as created or edited from the Quality o...

Страница 160: ...LANs on a BSSID have the same security policy It is generally a bad idea to have WLANs with different security policies on the same BSSID as this will result in warning or error messages NOTE If using...

Страница 161: ...load sensor mode operation information to its parent WIPS Server Either or both of the access point s radios can be set as a WIPS sensor When an access point radio is functioning as a WIPS sensor it i...

Страница 162: ...titude 35xx menu tree The Wireless Intrusion Prevention System screen displays NOTE At least one radio is required to be set to WIPS within the Wireless Intrusion Prevention System screen to support W...

Страница 163: ...ole server 4 Click Apply to save any changes to the WIPS screen Navigating away from the screen without clicking Apply results in all changes to the screens being lost 5 Click Undo Changes if necessar...

Страница 164: ...those associated with destination IP addresses To change any of the network address information within the WAN screen see Configuring WAN Settings on page 125 3 From the Use Default Gateway drop down...

Страница 165: ...ion drop down menu Both for both directions Rx only receive only and TX only transmit only are available options No RIP The No RIP option prevents the access point s router from exchanging routing inf...

Страница 166: ...to save the changes Configuring IP Filtering Use the access point s IP filtering functionality to determine which IP packets are processed normally by the access point and which are discarded If disca...

Страница 167: ...ain their defined IP filtering configurations IP filtering is a network layer facility The IP filtering mechanism does not know anything about the application using the network connections only the co...

Страница 168: ...Network Management Altitude 3500 Series Access Point Product Reference Guide 168...

Страница 169: ...curely route traffic through a IPSEC tunnel and block transmissions with devices interpreted as Rogue APs NOTE Security for the Altitude 35xx can be configured in various locations throughout the Alti...

Страница 170: ...omputer to the Altitude 35xx LAN port using a standard CAT 5 cable 2 Set up the computer for TCP IP DHCP network addressing and make sure the DNS settings are not hardcoded 3 Start Internet Explorer w...

Страница 171: ...ings on page 68 Once the password has been set refer back to Configuring Security Options on page 169 to determine which Altitude 35xx security feature to configure next Resetting the Access Point Pas...

Страница 172: ...alent Privacy WEP is available in two encryption modes 40 bit also called WEP 64 and 104 bit also called WEP 128 The 104 bit encryption mode provides a longer algorithm better security that takes long...

Страница 173: ...5 Enable and configure an Encryption option if necessary for the target security policy Manually Pre Shared Key No Authentication Select this button to disable authentication This is the default value...

Страница 174: ...d and developed by MIT provides strong authentication for client server applications using secret key cryptography Using Kerberos a client must prove its identity to a server and vice versa across an...

Страница 175: ...tton to configure a new policy supporting Kerberos The New Security Policy screen displays with no authentication or encryption options selected 3 Select the Kerberos radio button The Kerberos Configu...

Страница 176: ...curity policy supporting 802 1x EAP continue to step 2 2 Click the Create button to configure a new policy supporting 802 1x EAP The New Security Policy screen displays with no authentication or encry...

Страница 177: ...ddresses RADIUS is a client server protocol and software enabling remote access clients to communicate with a server used to authenticate users and authorize access to the requested system or service...

Страница 178: ...shared secret is 8d 9fq4bV H7 a3 zE13sW External Radius Server Address Specify the IP address of the external RADIUS server used to provide RADIUS accounting External Radius Port Specify the port on...

Страница 179: ...k from a WEP flaw The existing 802 11 standard alone offers administrators no effective method to update keys Max Retries 1 99 retries Define the maximum number of MU retries to reauthenticate after f...

Страница 180: ...either the WEP 64 40 bit key or WEP 128 104 bit key radio button The WEP 64 Settings or WEP 128 Settings field displays within the New Security Policy screen 4 Ensure the Name of the security policy e...

Страница 181: ...uration screen These existing policies can be used as is or their properties edited by clicking the Edit button To configure a new security policy supporting KeyGuard continue to step 2 2 Click the Cr...

Страница 182: ...the Apply button to save any changes made within the KeyGuard Setting field of the New Security Policy screen Pass Key Specify a 4 to 32 character pass key and click the Generate button The pass key...

Страница 183: ...Fi Protected Access 2 WPA2 is an enhanced version of WPA WPA2 uses the Advanced Encryption Standard AES instead of TKIP AES supports 128 bit 192 bit and 256 bit keys WPA WPA2 also provide strong user...

Страница 184: ...st keys every 30 604800 seconds Specify a time period in seconds to rotate the key index used for the broadcast key Set the interval to a shorter duration like 3600 seconds for tighter broadcast traff...

Страница 185: ...d used by the Advanced Encryption Standard AES AES serves the same function TKIP does for WPA TKIP CCMP computes a Message Integrity Check MIC using the proven Cipher Block Chaining CBC technique Chan...

Страница 186: ...icy entered suits the intended configuration or function of the policy 5 Configure the Key Rotation Settings field as required to set Broadcast Key Rotation and the update interval Broadcast Key Rotat...

Страница 187: ...c string of 8 to 63 characters The string allows character spaces The Altitude 35xx converts the string to a numeric value This passphrase saves the administrator from entering the 256 bit key each ti...

Страница 188: ...threat in order to reduce processor overhead Use the WLAN Security screens WEP Kerberos etc as required for setting user authentication and data encryption parameters To configure the Altitude 35xx fi...

Страница 189: ...s to terminate the IP address translation process if no translation activity is detected after the specified interval SYN Flood Attack Check A SYN flood attack requests a connection and then fails to...

Страница 190: ...ss between these two areas Yellow Limited Access One or more protocol rules are specified Specific protocols are either enabled or disabled between these two areas Click the table cell of interest and...

Страница 191: ...on protocol using the Internet s TCP IP protocols FTP provides an efficient way to exchange files between computers on the Internet FTP uses TCP port 21 SMTP Simple Mail Transfer Protocol is a TCP IP...

Страница 192: ...sec The other key component is Encapsulating Security Protocol ESP AH provides authentication proving the packet sender really is the sender and the data really is the data sent AH can be used in tran...

Страница 193: ...ing and 1 to many mappings from the system Only enable advanced subnet access rules if your configuration requires rules that cannot be configured within the Subnet Access screen Import rules from Sub...

Страница 194: ...n button moves the selected rule down by one row in the table The index numbers for the affected rows adjust to reflect the new order Index The index number determines the order firewall rules are exe...

Страница 195: ...ltitude 35xx 1 Select Network Configuration WAN VPN from the Altitude 35xx menu tree 2 Use the VPN Tunnels field to add or delete a tunnel to the list of available tunnels list tunnel network address...

Страница 196: ...is selected this column displays Manual If Auto IKE Key Exchange is selected the field displays Automatic Tunnel Name Enter a name to define the VPN tunnel The tunnel name is used to uniquely identif...

Страница 197: ...nd other settings must match a transform set at the remote end of the gateway Use the Manual Key Settings screen to specify the transform sets used for VPN access To configure manual key settings for...

Страница 198: ...butes when possible AH Authentication AH provides data authentication and anti replay services for the VPN tunnel Select the required authentication method from the drop down menu None Disables AH aut...

Страница 199: ...ion ESP Encryption Algorithm Select the encryption and authentication algorithms for the VPN tunnel using the drop down menu DES Uses the DES encryption algorithm requiring 64 bit 16 character hexadec...

Страница 200: ...35xx menu tree 2 Refer to the VPN Tunnel Config field select the Auto IKE Key Exchange radio button and click the Auto Key Settings button Inbound ESP Authentication Key Define a key for computing th...

Страница 201: ...vailable range is from 300 to 65535 seconds The default is 300 seconds AH Authentication AH provides data authentication and anti replay services for the VPN tunnel Select the desired authentication m...

Страница 202: ...o button and click the IKE Settings button ESP Encryption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel DES Selects the DES algorithm No keys are r...

Страница 203: ...s faster but less secure than Main mode Identities are not encrypted unless public key encryption is used The authentication method cannot be negotiated if the initiator chooses public key encryption...

Страница 204: ...create and import certificates into the system IKE Authentication Algorithm IKE provides data authentication and anti replay services for the VPN tunnel Select an authentication methods from the drop...

Страница 205: ...reen is read only with no configurable parameters To configure a VPN tunnel use the VPN configuration screen in the WAN section of the Altitude 35xx menu tree Diffie Hellman Group Select a Diffie Hell...

Страница 206: ...VE When the tunnel is connected the status reads ACTIVE Outb SPI The Outb SPI column displays the outbound Security Parameter Index SPI for each tunnel The SPI is used locally by the Altitude 35xx to...

Страница 207: ...llows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound HTTP SMTP and FTP requests Tx Bytes The Tx Bytes column lists the amount of data in bytes transmitted th...

Страница 208: ...Blocking allows for blocking of specific HTTP commands going outbound on the Altitude 35xx WAN port HTTP blocks commands on port 80 only The Block Outbound HTTP option allows blocking of the following...

Страница 209: ...CPT Recipient Identifies a recipient of mail data DATA Tells the SMTP receiver to treat the following information as mail data from the sender QUIT Tells the receiver to respond with an OK reply and t...

Страница 210: ...f the country the access point is operating in The rogue detection interval is used in conjunction with Motorola MUs that identify themselves as rogue detection capable to the access point The detecti...

Страница 211: ...could render the Altitude 35xx s Rogue AP Detector Mode feature inoperable Contact your Extreme Networks sales associate for specific information To configure Rogue AP detection for the Altitude 35xx...

Страница 212: ...band is used as the detector radio RF A BG Scan Select this checkbox to scan for rouges over all channels on both of the access point s 11a and 11bg radio bands The switching of radio bands is based...

Страница 213: ...nables the user to view the list of detected rogue APs and if necessary select and move an AP into a list of allowed devices This is helpful when the settings defined within the Rogue AP Detection scr...

Страница 214: ...e AP Details on page 214 7 To remove the Rogue AP entries displayed within the e Rogue APs field click the Clear Rogue AP List button Extreme Networks only recommends clearing the list of Rogue APs wh...

Страница 215: ...hould be defined as an allowed AP RSSI Shows the Relative Signal Strength RSSI of the rogue AP Use this information to assess how close the rogue AP is The higher the RSSI the closer the rogue AP If m...

Страница 216: ...etection area can be significantly extended To use associated rogue AP enabled MUs to scan for rogue APs 1 Select Network Configuration Wireless Rogue AP Detection MU Scan from the Altitude 35xx menu...

Страница 217: ...en Only use this option if you are sure all of the devices detected and displayed within the Scan Results table are non hostile APs 5 Highlight a different MU from the Rogue AP enabled MUs field as ne...

Страница 218: ...S PAP are supported 3 Use the TTLS PEAP Configuration field to specify the RADIUS Server default EAP type EAP authentication type and a Server or CA certificate if used Local An internal user database...

Страница 219: ...ion method based on Microsoft s challenge response authentication protocol TTLS options include PAP Password Authentication Protocol sends a username and password over a network to a server that compa...

Страница 220: ...rnal LDAP server see Configuring the Radius Server on page 217 the LDAP screen is used to configure the properties of the external LDAP server To configure the LDAP server 1 Select System Configuratio...

Страница 221: ...he login attribute used by the LDAP server for authentication In most cases the default value should work Windows Active Directory users must use sAMAccountName as their login attribute to successfull...

Страница 222: ...confirming the logout before the applet is closed Configuring a Proxy Radius Server The access point has the capability to proxy authentication requests to a remote RADIUS server based on the suffix o...

Страница 223: ...r a value between 3 and 6 to indicate the number of times the access point attempts to reach a proxy server before giving up Timeout Enter a value between 5 and 10 to indicate the number of elapsed se...

Страница 224: ...mpt displays confirming the logout before the applet is closed Managing the Local User Database Use the User Database screen to create groups for use with the RADIUS server The database of groups is e...

Страница 225: ...s to Groups on page 225 8 Click Apply to save any changes to the Users screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost 9 Click Undo Change...

Страница 226: ...es can be applied to each group With this latest 2 0 version access point firmware individual groups can be associated with their own time based access policy Each group s policy has a user defined in...

Страница 227: ...ess Policy screen displays the following fields Groups The Groups field displays the names of those existing groups that can have access intervals applied to them Click the Edit button to display a sc...

Страница 228: ...include any hour of the day Ten unique access intervals can be defined for each existing group To update a group s access permissions 1 Select User Authentication Radius Server Access Policy from the...

Страница 229: ...and end time as defined using the Edit Access Policy screen Only during this period of time can authentication requests from users be honored with no overlaps Any authentication request outside of thi...

Страница 230: ...Configuring Access Point Security Altitude 3500 Series Access Point Product Reference Guide 230...

Страница 231: ...in the Altitude 35xx radio coverage area The type of AP detected can be displayed as well as the properties of individual APs See the following sections for more details on viewing statistics for the...

Страница 232: ...ble the WAN connection HW Address The Media Access Control MAC address of the Altitude 35xx WAN port The WAN port MAC address is hard coded at the factory and cannot be changed For more information on...

Страница 233: ...e WAN interface If this number appears excessive consider a new connection to the device RX Overruns RX overruns are buffer overruns on the WAN connection RX overruns occur when packets are received f...

Страница 234: ...before the applet is closed Viewing LAN Statistics Use the LAN Stats screen to monitor the activity of the Altitude 35xx s LAN1 or LAN2 connection The Information field of the LAN Stats screen displa...

Страница 235: ...speed is not achieved examine the number of transmit and receive errors or consider increasing the supported data rate Duplex Displays whether the current LAN connection is full or half duplex WLANs...

Страница 236: ...saging and initiate a spanning tree recalculation when spanning tree is enabled TX Packets TX packets are data packets sent over the Altitude 35xx LAN port The displayed number is a cumulative total s...

Страница 237: ...idge is powered up or when a topology change is detected Designated Root Displays the access point MAC address of the bridge defined as the root bridge in the Bridge STP Configuration screen For infor...

Страница 238: ...d learning state This time is equal to 15 sec by default but you can tune the time to be between 4 and 30 sec For information on setting the Bridge Forward Delay see Setting the LAN Configuration for...

Страница 239: ...thin the Wireless Statistics Summary screen see Enabling Wireless LANs WLANs on page 133 to enable the WLAN For information on configuring the properties of individual WLANs see Creating Editing Indiv...

Страница 240: ...WLAN that are non unicast Non unicast packets include broadcast and multicast packets Retries Displays the average number of retries per packet An excessive number could indicate possible network or...

Страница 241: ...lays the Extended Service Set ID ESSID for the target WLAN Radio s Displays the name of the 802 11a or 802 11b g radio the target WLAN is using for Altitude 35xx transmissions Authentication Type Disp...

Страница 242: ...ived The number in black represents statistics for the last 30 seconds and the number in blue represents statistics for the last hour If the bit speed is significantly slower than the selected data ra...

Страница 243: ...Statistics Summary Select the Radio Stats Summary screen to view high level information radio name type number of associated MUs etc for the radio s enabled on an Altitude 35xx Individual radio stati...

Страница 244: ...r 802 11b g currently deployed by the Altitude 35xx MUs Displays the total number of MUs currently associated with each Altitude 35xx radio T put Displays the total throughput in Megabits per second M...

Страница 245: ...screen There are four fields within the screen The Information field displays device address and location information as well as channel and power information The Traffic field displays statistics for...

Страница 246: ...lays the average total packets per second received The Tx column displays the average total packets per second transmitted The number in black represents this statistic for the last 30 seconds and the...

Страница 247: ...r If the signal is low consider mapping the MU to a different WLAN if a better functional grouping of MUs can be determined Avg MU Noise Displays the average RF noise for all MUs associated with the A...

Страница 248: ...he screen without clicking Apply results in changes to the screens being lost 3 Click Undo Changes if necessary to undo any changes made to the screen Undo Changes reverts the settings to the last sav...

Страница 249: ...erifying the link with an associated MU IP Address Displays the IP address of each of the associated MU MAC Address Displays the MAC address of each of the associated MU WLAN Displays the WLAN name ea...

Страница 250: ...The MU Details screen is separated into four fields MU Properties MU Traffic MU Signal and MU Errors The MU Properties field displays basic information such as hardware address IP address and associat...

Страница 251: ...second sent on the MU The number in black represents throughput for the last 30 seconds the number in blue represents throughput for the last hour Avg Bit Speed The Total column displays the average...

Страница 252: ...ts sent versus packets received to assess the link quality between MU and the Altitude 35xx 5 Click the Ok button to exit the Echo Test screen and return to the MU Stats Summary screen Avg Num of Retr...

Страница 253: ...ion Statistics button Use the displayed statistics to determine if the target MU would be better served with a different Altitude 35xx WLAN or Altitude 35xx radio 4 Click Ok to return to the MU Stats...

Страница 254: ...is used to create a known AP list The list has field indicating the properties of the access point discovered NOTE The Known AP Statistics screen only displays statistics for access points located on...

Страница 255: ...in order to begin new data collections 3 Click the Details button to display access point address and radio information IP Address The network assigned Internet Protocol address of the located AP MAC...

Страница 256: ...re target devices that are not Extreme Networks access points are unable to respond to the ping test 5 Click the Send Cfg to APs button to send the your access point s configuration to other access po...

Страница 257: ...he location of the devices displayed within the Known AP Statistics screen When an Altitude 35xx is highlighted and the Start Flash button is selected the LEDs on the selected Altitude 35xx flash When...

Страница 258: ...Monitoring Statistics Altitude 3500 Series Access Point Product Reference Guide 258...

Страница 259: ...t one end of a null modem serial cable to the AP35xx s serial connector NOTE If using an Altitude 3510 model access point a null modem cable is required If using an Altitude 3550 model access point an...

Страница 260: ...is is your first time logging into the access point you are unable to access any of the access point s commands until the country code is set A new password will also need to be created Admin and Comm...

Страница 261: ...rgument is treated as an argument Eg admin network lan set lan enable Here is an invalid extra argument because it is after the argument enable ctrl q go backwards in command history ctrl p go forward...

Страница 262: ...rd successfully updated For information on configuring passwords using the applet GUI see Setting Passwords on page 170 passwd Changes the admin password for AP35xx access This requires typing the old...

Страница 263: ...QoS Policy Default Rate Limiting disabled LAN1 Name LAN1 LAN1 Mode enable LAN1 IP 10 255 108 253 LAN1 Mask 255 255 255 0 LAN1 DHCP Mode client LAN2 Name LAN2 LAN2 Mode disable LAN2 IP 192 168 1 1 LAN2...

Страница 264: ...ference Guide 264 AP35xx admin Displays the parent menu of the current menu This command appears in all of the submenus under admin In each case it has the same function to move up one level in the di...

Страница 265: ...de 265 AP35xx admin Displays the root menu that is the top level CLI menu This command appears in all of the submenus under admin In each case it has the same function to move up to the top level in t...

Страница 266: ...he save command appears in all of the submenus under admin In each case it has the same function to save the current configuration Syntax Example admin save admin save Saves configuration settings The...

Страница 267: ...it Exits the command line interface session and terminates the session The quit command appears in all of the submenus under admin In each case it has the same function to exit out of the CLI Once the...

Страница 268: ...e Wireless Configuration submenu firewall Goes to the firewall submenu router Goes to the router submenu ipfilter Goes to the IP Filtering submenu Goes to the parent menu Goes to the root menu save Sa...

Страница 269: ...twork Mask 255 255 255 0 Default Gateway 10 255 108 1 Domain Name ADP35xxExtreme com Primary DNS Server 10 255 181 87 Secondary DNS Server 10 0 4 72 WINS Server 192 168 0 254 LAN2 Information LAN Name...

Страница 270: ...et port timeout seconds Sets the interval in seconds the AP35xx uses to terminate its LAN interface if no activity is detected for the specified interval trunking mode Enables or disables 802 11q Trun...

Страница 271: ...Access Point Product Reference Guide 271 Related Commands For information on configuring the LAN using the applet GUI see Configuring the LAN Interface on page 113 show Shows the current settings for...

Страница 272: ...iew of the access point s mesh networking options using the applet GUI see Configuring Mesh Networking on page 519 show Displays the mesh configuration parameters for the AP35xx s LANs set Sets the me...

Страница 273: ...lo Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 LAN2 Bridge Configuration Bridge Priority 65500 Hello Time seconds 2 Message Age Time seconds...

Страница 274: ...Entry Ageout Time seconds 300 LAN2 Mesh Configuration Bridge Priority 32768 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview...

Страница 275: ...onfiguring VLAN Support on page 116 show Displays the VLAN list currently defined for the AP35xx set Sets the AP35xx VLAN configuration create Creates a new AP35xx VLAN edit Edits the properties of an...

Страница 276: ...ement VLAN Tag 1 Native VLAN Tag 2 WLAN WLAN1 mapped to VLAN VLAN 2 VLAN Mode static admin network lan wlan mapping show lan wlan WLANs on LAN1 WLAN1 WLAN2 WLAN3 WLANs on LAN2 admin network lan wlan m...

Страница 277: ...in network lan wlan mapping set mode 1 static admin network lan wlan mapping show vlan cfg Management VLAN Tag 1 Native VLAN Tag 2 WLAN WLAN1 mapped to VLAN VLAN 2 VLAN Mode static For information on...

Страница 278: ...LAN for the AP35xx Syntax Example admin network lan wlan mapping admin network lan wlan mapping create 5 vlan 5 For information on creating VLANs using the applet GUI see Configuring VLAN Support on p...

Страница 279: ...n_002 3 3 Vlan_003 admin network lan wlan mapping edit name 1 VlanConfRoom admin network lan wlan mapping show name Index VLAN ID VLAN Name 1 1 VlanConfRoom 2 2 Vlan_002 3 3 Vlan_003 For information o...

Страница 280: ...n mapping show name Index VLAN ID VLAN Name 1 1 VlanConfRoom 2 2 Vlan_002 3 3 Vlan_003 admin network lan wlan mapping delete 2 admin network lan wlan mapping show name Index VLAN ID VLAN Name 1 1 Vlan...

Страница 281: ...WLAN Syntax Example admin network lan wlan mapping lan map wlan1 lan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 116 lan map wlan name Maps an existing...

Страница 282: ...o a WLAN Syntax Example admin network lan wlan mapping vlan map wlan1 vlan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 116 vlan map wlan name Maps an ex...

Страница 283: ...items available are displayed below show Displays DHCP parameters set Sets DHCP parameters add Adds static DHCP address assignments delete Deletes static DHCP address assignments list Lists static DH...

Страница 284: ...Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 LAN2 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168...

Страница 285: ...rk lan dhcp show LAN1 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the ap...

Страница 286: ...24 6 admin network lan dhcp add 1 00A0F1112234 192 169 24 7 admin network lan dhcp list 1 Index MAC Address IP Address 1 00A0F8112233 192 160 24 6 2 00A0F8112234 192 169 24 7 For information on addin...

Страница 287: ...min network lan dhcp delete 1 index mac address ip address 1 00A0F8102030 10 10 1 2 2 00A0F8112234 10 1 2 3 3 00A0F8112235 192 160 24 6 4 00A0F8112236 192 169 24 7 admin network lan dhcp delete 1 all...

Страница 288: ...dress IP Address 1 00A0F8112233 10 1 2 4 2 00A0F8102030 10 10 1 2 3 00A0F8112234 10 1 2 3 4 00A0F8112235 192 160 24 6 5 00A0F8112236 192 169 24 7 admin network lan dhcp For information on listing clie...

Страница 289: ...ilter submenu The items available under this command include show Displays the current Ethernet Type exception list set Defines Ethernet Type Filter parameters add Adds an Ethernet Type Filter entry d...

Страница 290: ...et Type Filter configuration Syntax Example admin network lan type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 For information on displaying the type filter configuration...

Страница 291: ...configuration Syntax Example admin network lan type filter set mode 1 allow For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on pa...

Страница 292: ...work wireless type filter add 2 0806 admin network wireless type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 2 0806 3 0800 4 8782 For information on configuring the type f...

Страница 293: ...Ethernet Type Filter mode allow index ethernet type 1 0806 2 0800 3 8782 admin network lan type filter delete 2 all admin network lan type filter show 2 Ethernet Type Filter mode allow index ethernet...

Страница 294: ...and the AP35xx s current PPPoE configuration set Defines the AP35xx s WAN and PPPoE configuration nat Displays the NAT submenu wherein Network Address Translations NAT can be defined vpn Goes to the...

Страница 295: ...negotiation disable Speed 100M Duplex full WAN IP 2 disable WAN IP 3 disable WAN IP 4 disable WAN IP 5 disable WAN IP 6 disable WAN IP 7 disable WAN IP 8 disable PPPoE Mode enable PPPoE User Name John...

Страница 296: ...on page 125 set wan enable disable Enables or disables the AP35xx WAN port dhcp enable disable Enables or disables WAN DHCP Client mode ipadr idx a b c d Sets up to 8 using indx from 1 to 8 IP address...

Страница 297: ...NAT configuration options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 129 show Displays the AP35xx s current NAT parameters for the specified index...

Страница 298: ...AT Type 1 to many Inbound Mappings Port Forwarding unspecified port forwarding mode enable unspecified port fwd ip address 111 223 222 1 one to many nat mapping LAN No WAN IP 1 157 235 91 2 2 157 235...

Страница 299: ...to many nat mapping LAN No WAN IP 1 157 235 91 2 2 10 1 1 1 For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 129 set...

Страница 300: ...et GUI see Configuring Network Address Translation NAT Settings on page 129 add idx name tran port1 port2 ip dst_port Sets an inbound network address translation NAT for WAN address idx where name is...

Страница 301: ...te 1 1 admin network wan nat list 1 index name prot start port end port internal ip translation port Related Commands For an overview of the NAT options available using the applet GUI see Configuring...

Страница 302: ...port start port end port internal ip translation port 1 special tcp 20 21 192 168 42 16 21 Related Commands 1 For an overview of the NAT options available using the applet GUI see Configuring Network...

Страница 303: ...ng the applet GUI see Configuring VPN Tunnels on page 194 add Adds VPN tunnel entries set Sets key exchange parameters delete Deletes VPN tunnel entries list Lists VPN tunnel entries reset Resets all...

Страница 304: ...I values and Keys must be configured after adding the tunnel admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 194 add name subnet idx l...

Страница 305: ...tions include DES 3DES AES128 AES192 or AES256 esp enckey name dir enckey Sets the Manual Encryption Key in ASCII for tunnel name and direction IN or OUT to the key enc key The size of the key depends...

Страница 306: ...FQDN myiddata name idtype Sets the Local ID data for IKE authentication for name to idtype This value is not required when the ID type is set to IP remiddata name idtype Sets the Local ID data for IKE...

Страница 307: ...68 33 1 192 168 24 198 SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn delete Eng2EngAnnex admin network wan vpn list Tunnel Name Type Remote IP Mask Remote Gateway...

Страница 308: ...rkey Detail listing of VPN entry Name SJSharkey Local Subnet 1 Tunnel Type Manual Remote IP 206 107 22 45 Remote IP Mask 255 255 255 224 Remote Security Gateway 206 107 22 2 Local Security Gateway 209...

Страница 309: ...network wan vpn reset Resets all of the AP35xx s VPN tunnels Syntax Example admin network wan vpn reset VPN tunnels reset admin network wan vpn For information on configuring VPN using the applet GUI...

Страница 310: ...atistics for all active tunnels Syntax Example admin network wan vpn stats Tunnel Name Status SPI OUT IN Life Time Bytes Tx Rx Eng2EngAnnex Not Active SJSharkey Not Active For information on displayin...

Страница 311: ...tate Dest IP Remaining Life Eng2EngAnnex Not Connected SJSharkey Not Connected admin network wan vpn For information on configuring IKE using the applet GUI see Configuring IKE Key Settings on page 20...

Страница 312: ...the Outbound Content Filtering menu The items available under this command include addcmd Adds control commands to block outbound traffic delcmd Deletes control commands to block outbound traffic lis...

Страница 313: ...raffic proxy Adds a Web proxy command activex Adds activex files file Adds Web URL extensions 10 files maximum smtp Adds SMTP commands to block outbound traffic helo helo command mail mail command rcp...

Страница 314: ...traffic proxy Deletes a Web proxy command activex Deletes activex files file Deletes Web URL extensions 10 files maximum smtp Deletes SMTP commands to block outbound traffic helo helo command mail ma...

Страница 315: ...wan content list smtp SMTP Commands HELO deny MAIL allow RCPT allow DATA deny QUIT allow SEND allow SAML allow RESET allow VRFY allow EXPN allow admin network wan content list ftp FTP Commands Storing...

Страница 316: ...items available under this command include For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 132 set Sets Dynamic DNS parameters update Set...

Страница 317: ...twork wan dyndns set host greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 132 set mode enable disable Enables or disables the D...

Страница 318: ...WAN IP address with the DynDNS service Syntax Example admin network wan dyndns update IP Address 157 235 91 231 Hostname greengiant For an overview of the Dynamic DNS options available using the apple...

Страница 319: ...n network wan dyndns show DynDNS Configuration Mode enable Username percival Password Hostname greengiant DynDNS Update Response IP Address 157 235 91 231 Hostname greengiant Status OK For an overview...

Страница 320: ...Goes to the Security Policy submenu acl Goes to the MU Access Control Policy submenu radio Goes to the Radio configuration submenu qos Goes to the Quality of Service submenu rate limiting Goes to the...

Страница 321: ...ns available to the using the applet GUI see Enabling Wireless LANs WLANs on page 133 show Displays the AP35xx s current WLAN configuration create Defines the parameters of a new WLAN edit Modifies th...

Страница 322: ...vailable Client Bridge Mesh Backhaul not available Hotspot not available Maximum MUs 127 Security Policy Default MU Access Control Default Kerberos User Name Kerberos Password Disallow MU to MU Commun...

Страница 323: ...limiting enable disable Per MU Rate Limiting limit w2wl set per MU rate limit wired to wireless limit wl2w set per MU rate limit wireless to wired Example admin network wireless wlan create show wlan...

Страница 324: ...Admin 3rd Floor 3 Demo Room 5th Floor admin network wireless wlan create show qos QOS Policy Name Associated WLANs 1 Default Front Lobby 2 Voice Audio Dept 3 Video Video Dept The CLI treats the follow...

Страница 325: ...AP35xx admin network wireless wlan edit Edits the properties of an existing WLAN policy Syntax For information on editing a WLAN using the applet GUI see Creating Editing Individual WLANs on page 135...

Страница 326: ...6 AP35xx admin network wireless wlan delete Deletes an existing WLAN Syntax For information on deleting a WLAN using the applet GUI see Creating Editing Individual WLANs on page 135 delete wlan name D...

Страница 327: ...on configuring the Hotspot options available to the using the applet GUI see Configuring WLAN Hotspot Support on page 146 show Show hotspot parameters redirection Goes to the hotspot redirection menu...

Страница 328: ...35 21 21 Primary Server Port 1812 Primary Server Secret Secondary Server Ip adr 157 235 32 12 Secondary Server Port 1812 Secondary Server Secret Accounting Mode disable Accounting Server Ip adr 0 0 0...

Страница 329: ...iguring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 146 redirection set page loc Sets the hotspot http re direction by index 1 1...

Страница 330: ...enu Syntax For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 146 set Sets the RADIUS hotspot configurat...

Страница 331: ...e Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 146 set server idx srvr_type ipadr Sets the RADIUS hotspot server IP address per wlan...

Страница 332: ...ary Server Secret Secondary Server Ip adr 0 0 0 0 Secondary Server Port 1812 Accounting Mode enable Accounting Server Ip adr 157 235 15 16 Accounting Server Port 1813 Accounting Server Secret Accounti...

Страница 333: ...ist Rules Idx IP Address 1 157 235 21 21 For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 146 white li...

Страница 334: ...configuration options available to the access point using the applet GUI see Configuring Security Options on page 169 show Displays the AP35xx s current security configuration set Sets security param...

Страница 335: ...Open Manual no encrypt 1st Floor WPA Countermeasure enable admin network wireless security show policy 1 Policy Name Default Authentication Manual Pre shared key No Authentication Encryption type no e...

Страница 336: ...remote to KDC IP address port sidx port Sets the Kerberos port to port KDC port for server ksidx 1 primary 2 backup or 3 remote Note EAP parameters are only in affect if eap is specified for the authe...

Страница 337: ...eout time Sets the server timeout time in seconds 1 255 svr retry count Sets the maximum number of server retries to count 1 255 Note The WEP authentication mechanism saves up to four different keys o...

Страница 338: ...Enables or disables preauthentication fast roaming type key type Sets the TKIP key type key 256 bit key Sets the TKIP key to 256 bit key phrase ascii phrase Sets the TKIP ASCII pass phrase to ascii p...

Страница 339: ...ecurity edit Edits the properties of a specific security policy A new context opens for the profile being edited AP35xx admin network wireless security edit For more information on this context see Ne...

Страница 340: ...rk wireless security edit Displays the AP35xx wireless security policy edit submenu The items available under this menu include show Displays the security policy parameters for the selected security p...

Страница 341: ...twork wireless security edit show Policy Name Default Authentication type Manual Pre shared key No authentication Encryption type WPA TKIP ccmp broadcast key rotate mode disable ccmp key type phrase c...

Страница 342: ...rimary 2 secondary and sets its IP address to ip port s idx p num Sets the RADIUS Server port number for server type s idx 1 primary 2 secondary to port number p num 1 65535 secret s idx c Sets the sh...

Страница 343: ...y index key idx 1 4 key str can be 10 hex digits for WEP40 and 26 digits for WEP104 Keyguard ascii key k idx key str Sets the ASCII key key str for the key index key idx 1 4 key str can be 5 chars for...

Страница 344: ...p interval 46 admin network wireless security edit show Policy Name Default Authentication type Manual Pre shared key No authentication Encryption type WPA TKIP ccmp broadcast key rotate mode disable...

Страница 345: ...etwork wireless security edit show Policy Name Default Authentication type Manual Pre shared key No authentication Encryption type WPA TKIP ccmp broadcast key rotate mode disable ccmp key type key ccm...

Страница 346: ...n network wireless acl Displays the AP35xx Mobile Unit Access Control List ACL submenu The items available under this command include delete sec name Removes the specified security policy from the lis...

Страница 347: ...by WLAN1 2 Admin Administration 3 Demo Room Customers admin network wireless acl show policy 1 Policy Name Default Policy Mode allow index start mac end mac 1 00A0F8348787 00A0F8348798 For information...

Страница 348: ...ireless acl create add policy For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 139 create show a...

Страница 349: ...access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 139 show Displays MU ACL policy and its parameters set Modifies the properties of an existing MU ACL policy add...

Страница 350: ...delete Removes an MU ACL policy Syntax For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 139 del...

Страница 351: ...io submenu The items available under this command include show Summarizes AP35xx radio parameters at a high level set Defines the access point radio configuration radio1 Displays the 802 11b g radio s...

Страница 352: ...ents 6 Client Bridge Mode disable Clitn Bridge WLAN WLAN1 Mesh Connection Timeout enable Radio 2 Name Radio 2 Radio Mode enable RF Band of Operation 802 11a 5 GHz RF Function WLAN Wireless Mesh Config...

Страница 353: ...5xx s 802 11a radio 11bg mode Enables or disables the AP35xx s 802 11b g radio rf function radio id rf func Sets the radio function as either a WIPS sensor or a WLAN radio mesh base mode Enables or di...

Страница 354: ...Point Product Reference Guide 354 Dot11 Auth Algorithm shared key allowed For information on configuring the Radio Configuration options available to the access point using the applet GUI see Setting...

Страница 355: ...le to the access point using the applet GUI see Setting the WLAN s Radio Configuration on page 150 show Displays 802 11b g radio settings set Defines specific 802 11b g radio parameters delete Deletes...

Страница 356: ...Supported Rates 1 2 5 5 6 9 11 12 18 24 36 48 54 Beacon Interval 100 K usec DTIM Interval per BSSID 1 10 beacon intvls 2 10 beacon intvls 3 10 beacon intvls 4 10 beacon intvls short preamble disable R...

Страница 357: ...TIMs for all four BSSIDs will be changed to 50 To change individual DTIMs for BSSIDs specify the BSS Index number for example set dtim 2 50 This will change the DTIM for BSSID 2 to 50 For information...

Страница 358: ...802 11bg set ch mode user admin network wireless radio 802 11bg set channel 1 admin network wireless radio 802 11bg set acs exception list 10 admin network wireless radio 802 11bg set antenna full ad...

Страница 359: ...CAUTION If you do NOT include the index number for example set dtim 50 the DTIMs for all four BSSIDs will be changed to 50 To change individual DTIMs for BSSIDs specify the BSS Index number for examp...

Страница 360: ...Displays the advanced submenu for the 802 11b g radio The items available under this command include show Displays advanced radio settings for the 802 11b g radio set Defines advanced parameters for...

Страница 361: ...onfiguration is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11bg advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio 11a...

Страница 362: ...radio 802 11bg advanced set wlan demoroom 1 admin network wireless radio 802 11bg advanced set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the access poin...

Страница 363: ...der this command include Syntax show Displays 802 11a radio settings set Defines specific 802 11a radio parameters delete Deletes the ACS exception channels advanced Displays the Advanced radio settin...

Страница 364: ...s 6 9 12 18 24 36 48 54 Beacon Interval 100 K usec DTIM Interval per BSSID 1 10 beacon intvls 2 10 beacon intvls 3 10 beacon intvls 4 10 beacon intvls RTS Threshold 2346 bytes Extended Range 0 miles Q...

Страница 365: ...ries Access Point Product Reference Guide 365 For information on configuring Radio 2 Configuration options available to the access point using the applet GUI see Configuring the 802 11a or 802 11b g R...

Страница 366: ...min network wireless radio 802 11a set ch mode user admin network wireless radio 802 11a set channel 1 admin network wireless radio 802 11a set acs exception list 44 153 161 admin network wireless rad...

Страница 367: ...s the advanced submenu for the 802 11a radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11a radio set Defines advanced parameters for the 8...

Страница 368: ...good configuration is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11bg advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Rad...

Страница 369: ...802 11a advanced set wlan demoroom 1 admin network wireless radio 802 11a advanced set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access point using t...

Страница 370: ...Quality of Service QoS submenu The items available under this command include show Displays AP35xx QoS policy information create Defines the parameters of the QoS policy edit Edits the settings of an...

Страница 371: ...ideo Vidio Dept admin network wireless qos show policy 1 Policy Name IP Phones Support Legacy Voice Mode disable Multicast Mask Address 1 01005E000000 Multicast Mask Address 2 09000E000000 WMM QOS Mod...

Страница 372: ...ata type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 1...

Страница 373: ...e data type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wif...

Страница 374: ...os delete Removes a QoS policy Syntax For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page...

Страница 375: ...network wireless rate limiting Displays the AP35xx Rate Limiting submenu The items available under this command include show Shows the Rate Limiting state and WLAN values set Sets the Rate Limiting s...

Страница 376: ...ss rate limiting show Displays the AP35xx s current Rate Limiting configuration Syntax Example admin network wireless rate limiting show summary Per MU Rate Limiting disable show summary wlan Displays...

Страница 377: ...tude 3500 Series Access Point Product Reference Guide 377 AP35xx admin network wireless rate limiting set Defines the AP35xx Rate Limiting configuration Syntax set rate limit Enable disable Rate Limit...

Страница 378: ...ude show Displays the current AP35xx Rogue AP detection configuration set Defines the Rogue AP detection method mu scan Goes to the Rogue AP mu uscan submenu allowed list Goes to the Rogue AP Allowed...

Страница 379: ...e ap show MU Scan disable MU Scan Interval 60 minutes On Channel disable Detector Radio Scan enable Auto Authorize Extreme APs disable Approved APs age out 0 minutes Rogue APs age out 0 minutes For in...

Страница 380: ...annel disable Detector Radio Scan disable Auto Authorize Extreme Networks APs enable Approved AP age out 10 minutes Rogue AP age out 10 minutes For information on configuring the Rogue AP options avai...

Страница 381: ...mu scan Displays the Rogue AP mu scan submenu add Add all or just one scan result to Allowed AP list show Displays all APs located by the MU scan start Initiates scan immediately by the MU Goes to th...

Страница 382: ...eless rogue ap mu scan start Initiates an MU scan for a user provided MAC address Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Conf...

Страница 383: ...network wireless rogue ap mu scan show Displays the results of an MU scan Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring...

Страница 384: ...wed list Displays the Rogue AP allowed list submenu show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list delete Deletes an entry or all entries from the all...

Страница 385: ...x Example admin network wireless rogue ap allowed list show Allowed AP List index ap mac essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing For information on configuring...

Страница 386: ...161BB 103 admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 fffffffffff 3 00 A0 F8 40 20 01 Marketing 4 00 A0 F8 31 61 BB 103 For information on...

Страница 387: ...address and ESSID to existing allowed list Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 210...

Страница 388: ...ess wips Displays the wips Locationing submenu The items available under this command include show Displays the current WLAN Intrusion Prevention configuration set Sets WLAN Intrusion Prevention param...

Страница 389: ...ork wireless wips show Shows the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips show WIPS Server 1 IP Address 192 168 0 21 WIPS Server 2 IP Address 10 10 1 1 admin...

Страница 390: ...5xx admin network wireless wips set Sets the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips set server 1 192 168 0 21 admin network wireless wips set idx 1 and 2 ip...

Страница 391: ...rk wireless mu locationing Displays the MU Locationing submenu The items available under this command include show Displays the current MU Locationing configuration set Defines MU Locationing paramete...

Страница 392: ...x admin network wireless mu locationing show Displays the MU probe table configuration Syntax Example admin network wireless mu locationing show MU Probe Table Mode disable MU Probe Table Size 200 adm...

Страница 393: ...Example admin network wireless mu locationing set admin network wireless mu locationing set mode enable admin network wireless mu locationing set size 200 admin network wireless mu locationing set Def...

Страница 394: ...e under this command include show Displays the AP35xx s current firewall configuration set Defines the AP35xx s firewall parameters access Enables disables firewall permissions through the LAN and WAN...

Страница 395: ...k filter enable syn flood attack filter enable unaligned ip timestamp filter enable source routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood...

Страница 396: ...ce routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 max mime headers 16 set mode mode Enabl...

Страница 397: ...440 2048 4 lan wan 654321 tcp 2048 2048 5 lan wan abc ah 100 1000 For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Settin...

Страница 398: ...eny 255 0 0 0 255 0 0 0 65535 65535 nat port 33 2 33 3 0 0 10 10 1 1 tcp 1 1 11 11 1 0 allow 255 255 255 0 255 255 255 0 65535 65535 nat port 0 For information on configuring the Firewall options avai...

Страница 399: ...bmenu The items available under this command are show Displays the existing AP35xx router configuration set Sets the RIP parameters add Adds user defined routes delete Deletes user defined routes list...

Страница 400: ...ric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 4 192 168 24 0 255 255 255 0 0 0 0 0 wan 0 5 157 235 19 5 255 255 2...

Страница 401: ...g the Router options available to the access point using the applet GUI see Configuring Router Settings on page 163 set auth Sets the RIP authentication type dir Sets RIP direction id Sets MD5 authent...

Страница 402: ...t index destination netmask gateway interface metric 1 192 168 3 0 255 255 255 0 192 168 2 1 lan1 1 For information on configuring the Router options available to the access point using the applet GUI...

Страница 403: ...2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan2 0 admin network router delete 2 admin network router list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 1...

Страница 404: ...t index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 192 168 0 1 lan1 1 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 For informatio...

Страница 405: ...sword exec execute a Linux command arp display arp table aap setup go to Adaptive AP Settings sub menu lldp go to LLDP sub menu access go to ADP 35xx Access sub menu cmgr go to Certificate Manager sub...

Страница 406: ...sure to save changes before resetting Are you sure you want to restart the AP35xx yes no AP35xx Boot Firmware Version 2 2 0 0 XXX Copyright c Extreme Networks 2007 All rights reserved Press escape key...

Страница 407: ...em uptime 0 days 0 hours 56 minutes 27 seconds led state enable DNS Relay Mode enable SSLv2 support from HTTP server enable weak cipher support in SSL enable SSHv1 support enable ADP 35xx firmware ver...

Страница 408: ...ocation email set ADP 35xx admin email address cc set ADP 35xx country code led set ADP 35xx LED state dns relay mode set DNS relay mode sslv2 set SSLv2 mode for apache enable disable weak ssl cipher...

Страница 409: ...Guide 409 AP35xx admin system lastpw Displays last expired debug password Example admin system lastpw AP35xx MAC Address is 00 15 70 02 7A 66 Last debug password was Extreme Networks Current debug pas...

Страница 410: ...61 A8 C ixp1 157 235 92 179 ether 00 14 22 F3 D7 39 C ixp1 157 235 92 248 ether 00 11 25 B2 09 60 C ixp1 157 235 92 180 ether 00 0D 60 D0 06 90 C ixp1 157 235 92 3 ether 00 D0 2B A0 D4 FC C ixp1 157...

Страница 411: ...ee Adaptive AP Setup on page 70 For an overview of adaptive AP functionality and its implications see Adaptive AP on page 551 show Displays Adaptive AP information set Defines the Adaptive AP configur...

Страница 412: ...0 IP Address 10 0 0 0 0 IP Address 11 0 0 0 0 IP Address 12 0 0 0 0 Tunnel to Controller disable AC keepalive 5 Load Balancing enable Inactivity Timeout 42 Current Controller 10 255 108 37 AP Adoption...

Страница 413: ...r ip addresses name set controller domain name port set control port passphrase set controller passphrase tunnel to cntrlr enable disable AP Controller Tunnel ac keepalive set the AC KeepAlive period...

Страница 414: ...ntax Example admin system aap setup delete 1 admin system aap setup For information on configuring adaptive AP using the applet GUI see Adaptive AP Setup on page 70 For an overview of adaptive AP func...

Страница 415: ...tax For information on configuring LLDP using the applet GUI see Configuring LLDP Settings on page 4 100 show Displays LLDP information set Sets LLDP parameters Goes to the parent menu Goes to the roo...

Страница 416: ...ystem lldp show Displays LLDP information Syntax ExampleExample admin system lldp show LLDP Status disable LLDP Referesh Interval 30 LLDP Holdtime Multiplier 4 For information on configuring LLDP usin...

Страница 417: ...admin system lldp set Sets the LLDP configuration Syntax show Displays LLDP information set Sets LLDP parameters Goes to the parent menu Goes to the root menu save Saves the current configuration to t...

Страница 418: ...in system access Displays the access point access submenu show Displays AP35xx system access capabilities set Goes to the AP35xx system access submenu Goes to the parent menu Goes to the root menu sav...

Страница 419: ...Disables global management access snmp http https telnet and ssh for up to 8 addresses hosts auth timout seconds Disables the radio interface if no data activity is detected after the interval define...

Страница 420: ...and telnet trusted host s 1 10 1 1 1 10 1 1 10 trusted host s 2 0 0 0 0 0 0 0 0 trusted host s 3 0 0 0 0 0 0 0 0 trusted host s 4 0 0 0 0 0 0 0 0 trusted host s 5 0 0 0 0 0 0 0 0 trusted host s 6 0 0...

Страница 421: ...CA listself list the Signed Certificate loaded loadca load root CA certificate delca delete the root CA certificate listca list the root CA certificate loaded showreq displays certificate request in P...

Страница 422: ...7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG C1f Bj8AszttSo bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX d6 Q1SMbs tG4RP0lRSr iWDyuvwx END CERTIFICATE REQUEST For information on configuring certificate management...

Страница 423: ...r delself Deletes a self certificate Syntax Example admin system cmgr delself MyCert2 For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for A...

Страница 424: ...e signed by the Certificate Authority Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on page 79 loadself IDna...

Страница 425: ...xx admin system cmgr listself Lists the loaded self certificates Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the V...

Страница 426: ...system cmgr loadca Loads a trusted certificate from the Certificate Authority Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 78...

Страница 427: ...erence Guide 427 AP35xx admin system cmgr delca Deletes a trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 78...

Страница 428: ...Reference Guide 428 AP35xx admin system cmgr listca Lists the loaded trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate...

Страница 429: ...howreq Displays a certificate request in PEM format Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 78 showreq IDname Displays a...

Страница 430: ...e Guide 430 AP35xx admin system cmgr delprivkey Deletes a private key Syntax For information on configuring certificate settings using the applet GUI see Creating Self Certificates for Accessing the V...

Страница 431: ...AP35xx admin system cmgr listprivkey Lists the names of private keys Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 78 listpriv...

Страница 432: ...tory default configuration admin system cmgr genreq generate Certificate Request delself delete Signed Certificate loadself load Signed Certificate signed by CA listself list the Signed Certificate lo...

Страница 433: ...ault configuration admin system cmgr genreq generate Certificate Request delself delete Signed Certificate loadself load Signed Certificate signed by CA listself list the Signed Certificate loaded loa...

Страница 434: ...ess menu The items available under this command are shown below access Goes to the SNMP access submenu traps Goes to the SNMP traps submenu Goes to the parent menu Goes to the root menu save Saves the...

Страница 435: ...the SNMP v3 engine ID Syntax Example admin system snmp access show eid AP35xx snmp v3 engine id 000001846B8B4567F871AC68 admin system snmp access For information on configuring SNMP access settings u...

Страница 436: ...chars E g 1 3 6 1 v3 user access oid sec auth pass1 priv pass2 user username 1 to 31 characters access read write access ro rw oid string 1 to 127 chars E g 1 3 6 1 sec security none auth auth priv au...

Страница 437: ...mp access list acl index start ip end ip For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 90 delete acl idx Deletes entry idx 1 10 f...

Страница 438: ...rivate read write 1 3 6 1 admin system snmp access list v3 2 index 2 username judy access permission read write object identifier 1 3 6 1 security level auth priv auth algorithm md5 auth password priv...

Страница 439: ...NMP traps submenu The items available under this command are shown below show Shows SNMP trap parameters set Sets SNMP trap parameters add Adds SNMP trap entries delete Deletes SNMP trap entries list...

Страница 440: ...olation disable SNMP Network Traps physical port status change enable denial of service enable denial of service trap rate limit 10 seconds SNMP System Traps system cold start disable system config ch...

Страница 441: ...te enable disable Enables disables dyndns update trap interval rate Sets denial of service trap interval cold enable disable Enables disables the system cold start trap cfg enable disable Enables disa...

Страница 442: ...see Configuring SNMP RF Trap Thresholds on page 96 add v1v2 ip port comm ver Adds an entry to the SNMP v1 v2 access list with the destination IP address set to ip the destination UDP port set to port...

Страница 443: ...s delete v1v2 all For information on configuring SNMP traps using the applet GUI see Configuring SNMP Settings on page 86 delete v1v2c idx Deletes entry idx from the v1v2c access control list all Dele...

Страница 444: ...comm v1 admin system snmp traps add v3 201 232 24 33 555 BigBoss none md5 admin system snmp traps list v3 all index 1 destination ip 201 232 24 33 destination port 555 username BigBoss security level...

Страница 445: ...es to the user database submenu For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 226 user Goes to the user submenu gr...

Страница 446: ...rds For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 226 add Adds a new user delete Deletes an existing user ID clear...

Страница 447: ...r to the user database Syntax Example admin system userdb user add george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining U...

Страница 448: ...te Removes a new user to the user database Syntax Example admin system userdb user delete george admin system userdb user For information on configuring User Database permissions using the applet GUI...

Страница 449: ...ves all existing user IDs from the system Syntax Example admin system userdb user clearall admin system userdb user For information on configuring User Database permissions using the applet GUI see De...

Страница 450: ...set Sets a password for a user Syntax Example admin system userdb user set george password admin system userdb user For information on configuring User Database permissions using the applet GUI see D...

Страница 451: ...User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 226 create Creates a group name delete Deletes a group name clearall Removes all existing group nam...

Страница 452: ...ame Once defined users can be added to the group Syntax Example admin system userdb group create 2 admin system userdb group For information on configuring User Database permissions using the applet G...

Страница 453: ...db group delete Deletes an existing group Syntax Example admin system userdb group delete 2 admin system userdb group For information on configuring User Database permissions using the applet GUI see...

Страница 454: ...Removes all existing group names from the system Syntax Example admin system userdb group clearall admin system userdb group For information on configuring User Database permissions using the applet G...

Страница 455: ...ser to an existing group Syntax Example admin system userdb group add lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining...

Страница 456: ...a user from an existing group Syntax Example admin system userdb group remove lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see D...

Страница 457: ...rdb group show groups List of Group Names engineering marketing demo room admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Acce...

Страница 458: ...ing the applet GUI see Configuring User Authentication on page 217 eap Goes to the EAP submenu policy Goes to the access policy submenu ldap Goes to the LDAP submenu proxy Goes to the proxy submenu cl...

Страница 459: ...DIUS user database Syntax Example admin system radius set database local admin system radius show all Database local admin system radius For information on configuring RADIUS using the applet GUI see...

Страница 460: ...ring EAP RADIUS using the applet GUI see Configuring User Authentication on page 217 peap Goes to the Peap submenu ttls Goes to the TTLS submenu import Imports the requested EAP certificates set Defin...

Страница 461: ...e Peap submenu Syntax For information on configuring PEAP RADIUS using the applet GUI see Configuring User Authentication on page 217 set Defines Peap parameters show Displays the Peap configuration s...

Страница 462: ...plays Peap parameters Syntax Example admin system radius eap peap set auth gtc admin system radius eap peap show PEAP Auth Type gtc For information on configuring EAP PEAP RADIUS values using the appl...

Страница 463: ...submenu Syntax For information on configuring EAP TTLS RADIUS values using the applet GUI see Configuring User Authentication on page 217 set Defines TTLS parameters show Displays the TTLS configurat...

Страница 464: ...plays TTLS parameters Syntax Example admin system radius eap ttls set auth pap admin system radius eap ttls show TTLS Auth Type pap For information on configuring EAP TTLS RADIUS values using the appl...

Страница 465: ...tion on configuring RADIUS access policies using the applet GUI see Configuring User Authentication on page 217 set Sets a group s WLAN access policy access time Goes to the time based login submenu s...

Страница 466: ...s WLAN access policy Syntax Example admin system radius policy set engineering 16 admin system radius policy For information on configuring RADIUS WLAN policy values using the applet GUI see Configuri...

Страница 467: ...e is in DayDDDD DDDD format show Displays the group s access time rule save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu Context Command Des...

Страница 468: ...access policy Syntax Example admin system radius policy show List of Access Policies engineering 16 marketing 10 demo room 3 test demo No Wlans admin system radius policy For information on configurin...

Страница 469: ...ation on configuring a RADIUS LDAP server using the applet GUI see Configuring LDAP Authentication on page 220 set Defines the LDAP parameters show Displays existing LDAP parameters command must be su...

Страница 470: ...tem radius ldap set groupname 0 0 0 0 admin system radius ldap set filter 123 admin system radius ldap set membership radiusGroupName admin system radius ldap For information on configuring a RADIUS L...

Страница 471: ...on LDAP Login Attribute uid Stripped User Name User Name LDAP Password attribute userPassword LDAP Group Name Attribue cn LDAP Group Membership Filter objectClass GroupOfNames member Ldap objectClass...

Страница 472: ...US proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 222 add Adds a proxy realm delete Deletes a proxy realm clearall Removes all proxy server records set Sets pro...

Страница 473: ...xy add lancelot 157 235 241 22 1812 muddy admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 222 add...

Страница 474: ...m radius proxy delete Deletes a proxy Syntax Example admin system radius proxy delete lancelot admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI...

Страница 475: ...ves all proxy server records from the system Syntax Example admin system radius proxy clearall admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI...

Страница 476: ...radius proxy set delay 10 admin system radius proxy set count 5 admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius...

Страница 477: ...g RADIUS client values using the applet GUI see Configuring the Radius Server on page 217 add Adds a RADIUS client to list of available clients delete Deletes a RADIUS client from list of available cl...

Страница 478: ...ADIUS server Syntax Example admin system radius client add 157 235 132 11 255 255 255 225 muddy admin system radius client For information on configuring RADIUS client values using the applet GUI see...

Страница 479: ...e available to the RADIUS server Syntax Example admin system radius client delete 157 235 132 11 admin system radius client For information on configuring RADIUS client values using the applet GUI see...

Страница 480: ...clients Syntax Example admin system radius client show Idx Subnet Host Netmask SharedSecret 1 157 235 132 11 255 255 255 225 admin system radius client For information on configuring RADIUS client val...

Страница 481: ...ns to be configured accurately on the AP35xx Syntax For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 98 show Shows NTP parameters settings date...

Страница 482: ...0 Time Zone ntp mode enable preferred Time server ip 203 21 37 18 preferred Time server port 123 first alternate server ip 203 21 37 19 first alternate server port 123 second alternate server ip 0 0 0...

Страница 483: ...date zone Show date time and time zone Syntax Example admin system ntp date zone Date Time Sat 1970 Jan 03 20 06 22 0000 UTC Time Zone UTC For information on configuring NTP using the applet GUI see C...

Страница 484: ...zone list Displays an extensive list of time zones for countries around the world Syntax Example admin system ntp zone list For information on configuring NTP using the applet GUI see Configuring Net...

Страница 485: ...configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 98 set mode ntp mode Enables or disables NTP server idx ip Sets the NTP sever IP address port idx port Defines t...

Страница 486: ...Displays the AP35xx log submenu Logging options include show Shows logging options set Sets log options and parameters view Views system log delete Deletes the system log send Sends log to the designa...

Страница 487: ...P35xx logging settings Syntax Example admin system logs show log level L6 Info syslog server logging enable syslog server ip address 192 168 0 102 For information on configuring logging settings using...

Страница 488: ...mation on configuring logging settings using the applet GUI see Logging Configuration on page 102 set level level Sets the level of the events that will be logged All events with a level at or above l...

Страница 489: ...up 6 days 16 16 load average 0 00 0 01 0 00 Jan 7 16 16 01 none CC Mem 62384 32520 29864 0 0 Jan 7 16 16 01 none CC 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 0...

Страница 490: ...erence Guide 490 AP35xx admin system logs delete Deletes the log files Syntax Example admin system logs delete For information on configuring logging settings using the applet GUI see Logging Configur...

Страница 491: ...transfer In progress File transfer Done admin system logs For information on configuring logging settings using the applet GUI see Logging Configuration on page 102 send Sends the system log file via...

Страница 492: ...the default AP35xx configuration partial Restores a partial default AP35xx configuration show Shows import export parameters set Sets import export AP35xx configuration parameters export Exports AP35...

Страница 493: ...default configuration Syntax Example admin system config default Are you sure you want to default the configuration yes no For information on importing exporting access point configurations using the...

Страница 494: ...P35xx s LAN WAN and SNMP settings are unaffected by the partial restore Syntax Example admin system config partial Are you sure you want to partially default AP35xx yes no For information on importing...

Страница 495: ...nfiguration file Syntax Example admin system config show cfg filename cfg txt cfg filepath ftp tftp server ip address 192 168 0 101 ftp user name myadmin ftp password For information on importing expo...

Страница 496: ...tftp server ip address 192 168 22 12 ftp user name myadmin ftp password For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations...

Страница 497: ...configuration file Done File transfer In progress File transfer Done Export Operation Done CAUTION Make sure a copy of the AP35xx s current configuration is exported to a secure location before expor...

Страница 498: ...on Done Import TFTP Example admin system config set server 192 168 0 101 admin system config set file config txt admin system config import tftp Import operation Started File transfer In progress File...

Страница 499: ...the reboot process to successfully update the device firmware regardless of whether the reboot is conducted using the GUI or CLI interfaces show Displays the current AP35xx firmware update settings s...

Страница 500: ...fw update show automatic firmware upgrade enable automatic config upgrade enable firmware filename APFW bin firmware path tftpboot ftp tftp server ip address 168 197 2 2 ftp user name jsmith ftp passw...

Страница 501: ...Device Firmware on page 107 set fw auto mode When enabled updates device firmware each time the firmware versions are found to be different between the AP35xx and the specified firmware on the remote...

Страница 502: ...process to successfully update the device firmware regardless of whether the reboot is conducted using the GUI or CLI interfaces admin system fw update update ftp For information on updating access p...

Страница 503: ...onfig file to another access point within the known AP table send cfg all Sends a config file to all access points within the known AP table clear Clears all statistic counters to zero flash all leds...

Страница 504: ...s Bridge Statistics known ap show Known APs Summary Details For information on displaying WAN port statistics using the applet GUI see Viewing WAN Statistics on page 231 For information on displaying...

Страница 505: ...all existing configuration parameters except Mesh settings LAN IP data WAN IP data and DHCP Server parameter information For information on copying the access point config to another access point usin...

Страница 506: ...cfg all admin stats NOTE The send cfg all command copies all existing configuration parameters except Mesh settings LAN IP data WAN IP data and DHCP Server parameter information For information on cop...

Страница 507: ...for specified LAN index either clear lan 1 or clear lan 2 all rf Clears all RF data all wlan Clears all WLAN summary information wlan Clears individual WLAN statistic counters all radio Clears AP35xx...

Страница 508: ...nt s LEDs Syntax Example admin stats admin stats flash all leds 1 start Password admin stats flash all leds 1 stop admin stats For information on flashing access point LEDs using the applet GUI see Vi...

Страница 509: ...sociated MU Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 252 show Shows the Mobile Unit Statistics Summary list Defines echo test parameters...

Страница 510: ...s Mobile Unit Statistics Summary Syntax Example admin stats echo show Idx IP Address MAC Address WLAN Radio T put ABS Retries 1 192 168 2 0 00 A0F8 72 57 83 demo 11a For information on MU Echo and Pin...

Страница 511: ...arameters and results Syntax Example admin stats echo list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats echo For information on MU Echo and Ping t...

Страница 512: ...f the echo test Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 252 set station mac Defines MU target MAC address request num Sets number of ec...

Страница 513: ...test Syntax Example admin stats echo start admin stats echo list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of MU Responses 2 For information on MU...

Страница 514: ...test to an AP with the same ESSID Syntax For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 252 ping show Shows Known AP Summary details list Defines ping test p...

Страница 515: ...erence Guide 515 AP35xx admin stats ping show Shows Known AP Summary Details Syntax Example admin stats ping show Idx IP Address MAC Address MUs KBIOS Unit Name 1 192 168 2 0 00 A0F8 72 57 83 3 0 acce...

Страница 516: ...ping test parameters and results Syntax Example admin stats ping list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats ping For information on Known A...

Страница 517: ...n stats ping set request 10 admin stats ping set length 100 admin stats ping set data 1 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 252 s...

Страница 518: ...es the ping test Syntax Example admin stats ping start admin stats ping list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of AP Responses 2 For informa...

Страница 519: ...igured as both a base and a client bridge function as repeaters to transmit data with associated MUs in their coverage area client bridge mode as well as forward traffic to other access points in the...

Страница 520: ...tter optimization of the mesh networking feature by enabling the access point to transmit to other mesh network members using one independent radio and transmit with associated MUs using the second in...

Страница 521: ...a base and client bridge In the case of a mesh enabled radio the client bridge configuration always takes precedence over the base bridge configuration Therefore when a radio is configured as a repea...

Страница 522: ...its own STP The WLAN assignment controls the subnet LAN1 or 2 upon which a given connection resides If WLAN2 is assigned to LAN1 and WLAN2 is used to establish a client bridge connection then the mesh...

Страница 523: ...as the root imposes these settings within the mesh network The user does not necessarily have to change these settings as the default settings will work However Extreme Networks encourages the user t...

Страница 524: ...en it exceeds the value set for the Maximum Message age timer Hello Time The Hello Time is the time between each bridge protocol data unit sent This time is equal to 2 seconds sec by default but you c...

Страница 525: ...same ESSID radio designation security policy MU ACL and Quality of Service policy If intending to use the access point for mesh networking support Extreme Networks recommends configuring at least one...

Страница 526: ...erent ESSID and WLAN assignments within a single mesh network one set between the Base Bridge and repeater and another between the repeater and Client Bridge However for ease of management and to not...

Страница 527: ...one of the existing policies are suitable select the Create button to the right of the Security Policy drop down menu and configure a policy suitable for the mesh network For information on configurin...

Страница 528: ...configuring a QoS policy see Setting the WLAN Quality of Service QoS Policy on page 142 13 Click Apply to save the changes made to the mesh network configured WLAN An access point radio is now ready...

Страница 529: ...e in real time CAUTION If a radio is disabled be careful not to accidentally configure a new WLAN expecting the radio to be operating when you have forgotten it was disabled 3 Select the Base Bridge c...

Страница 530: ...initiate client bridge connections with other mesh network supported access points radios on the same WLAN If the Client Bridge checkbox has been selected use the Mesh Network Name drop down menu to...

Страница 531: ...ection checkbox to allow the access point to select the links used by the client bridge to populate the mesh network Selecting this checkbox prohibits the user from selecting the order base bridges ar...

Страница 532: ...ers but still worthy of being on the preferred list select it and click the Down button to decrease its likelihood of being selected as a member of the mesh network 13 If a device MAC address is on th...

Страница 533: ...onnection must be re instated If updating the mesh network using a WAN connection the applet does not lose connection but the mesh network is unavailable until the changes have been applied 18 Click U...

Страница 534: ...scenarios will be addressed Scenario 1 Two base bridges redundant and one client bridge Scenario 2 A two hop mesh network with a base bridge repeater combined base bridge and client bridge mode and a...

Страница 535: ...Product Reference Guide 535 Configuring AP 1 1 Provide a known IP address for the LAN1 interface NOTE Enable the LAN1 Interface of AP 1 as a DHCP Server if you intend to associate MUs and require them...

Страница 536: ...Configuring Mesh Networking Altitude 3500 Series Access Point Product Reference Guide 536 2 Assign a Mesh STP Priority of 40000 to LAN1 Interface...

Страница 537: ...Altitude 3500 Series Access Point Product Reference Guide 537 3 Define a mesh supported WLAN...

Страница 538: ...Configuring Mesh Networking Altitude 3500 Series Access Point Product Reference Guide 538 4 Enable base bridge functionality on the 802 11a radio Radio 2...

Страница 539: ...Altitude 3500 Series Access Point Product Reference Guide 539 5 Define a channel of operation for the 802 11a radio...

Страница 540: ...LAN1 Interface different than that of AP 1 Assign a higher Mesh STP Priority 50000 to the AP 2 LAN1 Interface NOTE In a typical deployment each base bridge can be configured for a Mesh STP Priority of...

Страница 541: ...ries Access Point Product Reference Guide 541 Configuring AP 3 To define the configuration for AP 3 a client bridge connecting to both AP 1 and AP 2 simultaneously 1 Provide a known IP address for the...

Страница 542: ...ence Guide 542 2 Assign the maximum value 65535 for the Mesh STP Priority 3 Create a mesh supported WLAN with the Enable Client Bridge Backhaul option selected NOTE This WLAN should not be mapped to a...

Страница 543: ...client bridge functionality on the 802 11a radio Use the Mesh Network Name drop down menu to select the name of the WLAN created in step 3 NOTE You don t need to configure channel settings on the cli...

Страница 544: ...802 11bg radio if 802 11bg support is required for MUs on that 802 11 band Verifying Mesh Network Functionality for Scenario 1 You now have a three AP mesh network ready to demonstrate Associate a sin...

Страница 545: ...links In scenario 2 the following three AP configurations comprise the mesh network AP 1 is a base bridge AP 2 is a repeater client bridge base bridge combination AP 3 is a client bridge Configuring...

Страница 546: ...Configuring Mesh Networking Altitude 3500 Series Access Point Product Reference Guide 546 1 Enable client bridge backhaul on the mesh supported WLAN...

Страница 547: ...idge functionality on the 802 11a radio Configuring AP 3 To define AP 3 s configuration 1 The only change needed on AP 3 with respect to the configuration used in scenario 1 is to disable the Auto Lin...

Страница 548: ...each AP and pass traffic among the members of the mesh network Mesh Networking Frequently Asked Questions The following scenarios represent issues that could be encountered and resolved when defining...

Страница 549: ...Issue 5 Do I need to use secure beacons on a mesh backhaul supported WLAN Can I use secure beacons on the mesh backhaul supported WLAN Resolution Yes you can enable a secure beacon on a mesh backhaul...

Страница 550: ...connectivity when updating configurations When I make a configuration change and apply the changes on a client bridge or repeater I momentarily loose connectivity to that AP why Resolution That is ex...

Страница 551: ...a secure WAN link from a remote site to the central site already exists The controller can be discovered using one of the following mechanisms DHCP Controller fully qualified domain name FQDN Static I...

Страница 552: ...controller see How the AP Receives Its Adaptive Configuration on page 559 For an overview of how to configure both the access point and controller for basic AAP connectivity and operation see Establi...

Страница 553: ...to receive its configuration There are two methods of controller discovery Auto Discovery using DHCP on page 553 Manual Adoption Configuration on page 554 Auto Discovery using DHCP Extended Global Opt...

Страница 554: ...ich they are listed from 1 12 NOTE An AAP can use its LAN or WAN Ethernet interface to adopt The LAN is PoE and DHCP enabled by default The WAN has no PoE support and has a default static AP address o...

Страница 555: ...initialize this process takes less than 2 seconds forcing associated MUs to be deauthenticated MUs are quickly able to associate Securing Data Tunnels between the Controller and AAP If a secure link...

Страница 556: ...figuration changes 300 seconds after the last received controller configuration message When the configuration is applied on the Mesh AAP the radios shutdown and re initialize this process takes less...

Страница 557: ...eness of the deployment An AAP firmware upgrade will not be performed at the time of adoption from the wireless controller Instead the firmware is upgraded using the Altitude 35xx Access Point s firmw...

Страница 558: ...es all MU traffic be bridged locally by the AAP No wireless traffic is tunneled back to the controller Each extended WLAN is mapped to the access point s LAN1 interface The only traffic between the co...

Страница 559: ...requisites Converting an Altitude 3510 or Altitude 3550 model access point into an AAP requires A version 2 0 or higher firmware running on the access point An Extreme Networks controller The appropri...

Страница 560: ...tional information in greater detail on the controller configuration activities described above see Adopting an Adaptive AP Using a Configuration File on page 562 Establishing Basic Adaptive AP Connec...

Страница 561: ...correct management VLAN defined 2 Select the Auto Discovery Enable checkbox Enabling auto discovery will allow the AAP to be detected by a controller once its connectivity medium has been configured...

Страница 562: ...firmware see Updating Device Firmware on page 107 Adopting an Adaptive AP Using DHCP Options An AAP can be adopted to a wireless controller by providing the following options in the DHCP Offer NOTE Op...

Страница 563: ...e Controller Configuration File for IPSec and Independent WLAN on page 566 and take note of the CLI commands in red and associated comments in green Any WLAN configured on the controller becomes an ex...

Страница 564: ...n be defined as independent using the wlan index independent command from the config wireless context Once an AAP is adopted by the controller it displays within the controller Access Point Radios scr...

Страница 565: ...If deploying multiple independent WLANs mapped to different VLANs ensure the AP s LAN1 interface is connected to a trunk port on the L2 L3 controller and appropriate management and native VLANs are co...

Страница 566: ...cess list extended AAP ACL permit ip host 10 10 10 250 any rule precedence 20 spanning tree mst cisco interoperability enable spanning tree mst config name My Name country code us logging buffered 4 l...

Страница 567: ...sid qs5 open wlan 4 vlan 230 wlan 5 enable wlan 5 ssid Mesh wlan 5 vlan 111 wlan 5 encryption type ccmp wlan 5 dot11i phrase 0 admin123 To configure a WLAN as an independent WLAN wlan 5 independent wl...

Страница 568: ...le to match and transform and set to the Crypto Map crypto map AAP CRYPTOMAP 10 ipsec isakmp set peer 255 255 255 255 set mode aggressive match address AAP ACL set transform set AAP TFSET interface ge...

Страница 569: ...trunk allowed vlan add 1 9 100 110 120 130 140 150 160 170 controllerport trunk allowed vlan add 180 190 200 210 220 230 240 250 interface vlan1 ip address dhcp To attach a Crypto Map to a VLAN Inter...

Страница 570: ...Adaptive AP Altitude 3500 Series Access Point Product Reference Guide 570...

Страница 571: ...Characteristics on page 572 Altitude 3510 Physical Characteristics The Altitude 3510 has the following physical characteristics Dimensions 5 32 inches long x 9 45 inches wide x 1 77 inches thick 135 m...

Страница 572: ...concrete excluding side with connectors Dimensions 12 inches long x 8 25 inches wide x 3 5 inches thick Housing Aluminum Weight 4 lbs Operating Temperature 30 to 55 Celsius Storage Temperature 40 to 8...

Страница 573: ...Extreme Networks sales associate for specific information For more information about the antennas approved for the AP3510 refer to the Altitude 35xx 46xx AP Antenna Selection Guide Rev xx Operating C...

Страница 574: ...n using the access point configuration file CLI or the MIB to configure the access point Country Code Argentina AR Australia AU Austria AT Bahamas BS Bahrain BH Barbados BB Belarus BY Belgium BE Bermu...

Страница 575: ...ngary HU Iceland IS India IN Indonesia ID Ireland IE Israel IL Italy IT Jamaica JM Japan JP Jordan JO Kazakhstan KZ Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macau MO...

Страница 576: ...co PR Qatar QA Romania RO Russian Federation RU Saudi Arabia SA Serbia RS Singapore SG Slovak Republic SK Slovenia SI South Africa ZA South Korea KR Spain ES Sri Lanka LK Sweden SE Switzerland CH Taiw...

Страница 577: ...t The update process is conducted over the LAN or WAN port depending on which server responds first to the access point s request for an automatic update The firmware is automatically updated each tim...

Страница 578: ...er and access point on the same Ethernet segment 2 Configure the Windows based DHCP Server as follows a Highlight the Server Domain Name for example apfw extremenetworks com From the Action menu selec...

Страница 579: ...Windows DHCP Server 1 TFTP Server To configure Global options using extended standard options 1 Set the Windows DHCP Server and access point on the same Ethernet segment 2 Configure the Windows based...

Страница 580: ...oots up verify the access point Obtains and applies the expected IP Address from the DHCP Server Downloads the firmware and configuration files from the TFTP Server and updates both as required Verify...

Страница 581: ...the access point uses the file name configured for option 187 If the DHCP Server is configured for embedded and global options the embedded options take precedence Linux BootP Server Configuration Se...

Страница 582: ...P root directory NOTE The bf option prefixes a forward slash to the configuration file name The forward slash may not be supported on Windows based TFTP Servers 3 Copy the firmware and configuration f...

Страница 583: ...tP Priorities The following flowchart displays the priorities used by the access point when the BootP server is configured for multiple options If the BootP Server is configured for options 186 and 66...

Страница 584: ...ide of the access point s LAN To configure a VPN tunnel between two access points 1 Ensure the WAN ports are connected via the internet 2 On access point 1 select WAN VPN from the main menu tree 3 Cli...

Страница 585: ...ity needed as long as both devices on each end of the tunnel are configured exactly the same 9 Select the Auto IKE Key Exchange radio button 10 Select the Auto Key Settings button 11 For the ESP Type...

Страница 586: ...back to the VPN screen 17 Click Apply to make the changes 18 Check the VPN Status screen Notice the status displays NOT_ACTIVE This screen automatically refreshes to get the current status of the VPN...

Страница 587: ...f the entire configuration is setup correctly once the VPN tunnel is active The status field should display ACTIVE Frequently Asked VPN Questions The following are common questions that arise when con...

Страница 588: ...e used The VPN tunnel can be established only when these corresponding keys match Ensure the Inbound Outbound SPI and ESP Authentication Keys have been properly specified Question 5 Can an IPSec tunne...

Страница 589: ...ceived certificate FQDN tries to match the user entered remote ID data string to the domain name field of the received certificate UFQDN tries to match the user entered remote ID data string to the em...

Страница 590: ...N WAN Access page to configure my firewall Now that I use Advanced LAN Access my VPN stops working What am I doing wrong VPN requires certain packets to be passed through the firewall Subnet Access au...

Страница 591: ...ecial routes on the access point to get my VPN tunnel to work No However clients could need extra routing information Clients on the local LAN side should either use the access point as their gateway...

Страница 592: ...Altitude 3500 Series Access Point Product Reference Guide 592...

Страница 593: ...ustomer support see the Technical Assistance Center User Guide at www extremenetworks com go TACUserGuide The Extreme Networks eSupport website provides the latest information on Extreme Networks prod...

Страница 594: ...Altitude 3500 Series Access Point Product Reference Guide 594...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды