manualshive.com logo in svg

Extreme Networks Altitude 4700 Series, Руководство по продукции

Поделиться
Скачать
Extreme Networks Altitude 4700 Series Скачать руководство пользователя страница 643

 

Altitude 4700 Series Access Point Product Reference Guide

643

Question 2: Even if a wildcard entry of “0.0.0.0” is entered in the Remote Subnet field in the VPN 
configuration page, can the AP access multiple subnets on the other end of a VPN concentrator 
for the APs LAN/WAN side?

No.

 Using a 

0.0.0.0

 wildcard is an unsupported configuration. In order to access multiple subnets, 

the steps in Question #1 must be followed.

Question 3: Can the AP be accessed via its LAN interface of AP#1 from the local subnet of AP#2 
and vice versa?

Yes.

Question 4: Will the default “Manual Key Exchange” settings work without making any changes? 

No

. Changes need to be made. Enter Inbound and Outbound ESP Encryption keys on both APs. 

Each one should be of 16 Hex characters (depending on the encryption or authentication scheme 
used). The VPN tunnel can be established only when these corresponding keys match. Ensure the 
Inbound/Outbound SPI and ESP Authentication Keys have been properly specified.

Question 5: Can an IPSec tunnel over a PPPoE connection be established - such as a PPPoE 
enabled DSL link?

Yes

. The Access Point supports tunneling when using a PPPoE username and password.

Question 6: Can I setup an Access Point so clients can access both the WAN normally and only 
use the VPN when talking to specific networks?

Yes

. Only packets that match the VPN Tunnel Settings will be sent through the VPN tunnel. All 

other packets will be handled by whatever firewall rules are set.

Question 7: How do I specify which certificates to use for an IKE policy from the Access Point 
certificate manager?

When generating a certificate to use with IKE, use one of the following fields: 

IP address

Domain 

Name

, or 

Email 

address. Also, make sure you are using NTP when attempting to use the certificate 

manager. Certificates are time sensitive.

Configure the following on the 

IKE Settings 

page:

Local ID type 

refers to the way that IKE selects a local certificate to use.

IP—

tries the match the local WAN IP to the IP addresses specified in a local certificate.

FQDN—

tries to match the user entered local ID data string to the domain name field of the 

certificate.

UFQDN—

tries to match the user entered local ID data string to the email address field of the 

certificate.

Remote ID type

 refers to the way you identify an incoming certificate as being associated with the 

remote side.

IP—

tries the match the remote gateway IP to the IP addresses specified in the received certificate.

FQDN—

tries to match the user entered remote ID data string to the domain name field of the 

received certificate.

Содержание Altitude 4700 Series

Страница 1: ...onroe Street Santa Clara California 95051 888 257 3000 408 579 2800 http www extremenetworks com AltitudeTM 4700 Series Access Point Product Reference Guide Software Version 4 1 Published March 2011 P...

Страница 2: ...iceWatch Summit SummitStack Triumph Unified Access Architecture Unified Access RF Manager UniStack XNV the Extreme Networks logo the Alpine logo the BlackDiamond logo the Extreme Turbodrive logo the S...

Страница 3: ...26 Antenna Support for 2 4 GHz and 5 GHz Radios 26 Sixteen Configurable WLANs 26 Support for 4 BSSIDs per Radio 26 Quality of Service QoS Support 27 Industry Leading Data Security 27 VLAN Support 30...

Страница 4: ...uirements 45 Package Contents 46 Access Point Placement 47 Site Surveys 47 Antenna Options 47 Power Options 48 Power Injector System 48 Installing the Power Injector 49 Mounting an Altitude 4700 Serie...

Страница 5: ...LAN Support 126 Configuring LAN1 and LAN2 Settings 129 Configuring WAN Settings 135 Configuring Network Address Translation NAT Settings 141 Configuring Dynamic DNS 145 Enabling Wireless LANs WLANs 14...

Страница 6: ...iewing a LAN s STP Statistics 268 Viewing a LAN s IP Filter Statistics 270 Viewing Wireless Statistics 271 Viewing WLAN Statistics 272 Viewing a WLAN s IP Filter Statistics 275 Viewing Radio Statistic...

Страница 7: ...in network wan 327 AP4700 admin network wan show 328 AP4700 admin network wan set 329 AP4700 admin network wan nat 331 AP4700 admin network wan nat show 332 AP4700 admin network wan nat set 333 AP4700...

Страница 8: ...etwork wireless radio set 391 AP4700 admin network wireless radio 802 11n 2 4 GHz 393 AP4700 admin network wireless radio 802 11n 2 4 GHz show 394 AP4700 admin network wireless radio 802 11n 2 4 GHz s...

Страница 9: ...441 AP4700 admin network wireless mu locationing set 442 Network Firewall Commands 443 AP4700 admin network firewall 443 AP4700 admin network firewall show 444 AP4700 admin network firewall set 445 A...

Страница 10: ...dmin system snmp access 492 AP4700 admin system snmp access show 493 AP4700 admin system snmp access add 494 AP4700 admin system snmp access delete 495 AP4700 admin system snmp access list 496 AP4700...

Страница 11: ...ocol NTP Commands 539 AP4700 admin system ntp 539 AP4700 admin system ntp show 540 AP4700 admin system ntp date zone 541 AP4700 admin system ntp zone list 542 AP4700 admin system ntp set 543 System Lo...

Страница 12: ...Scenario 2 Two Hop Mesh Network with a Base Bridge Repeater and a Client Bridge 597 Mesh Networking Frequently Asked Questions 601 Chapter 10 Adaptive AP 605 Adaptive AP Overview 605 Where to Go From...

Страница 13: ...titude 4750 Radio Characteristics 626 Country Codes 627 Appendix B Usage Scenarios 631 Configuring Automatic Updates using a DHCP or Linux BootP Server 631 Windows DHCP Server Configuration 632 Linux...

Страница 14: ...Altitude 4700 Series Access Point Product Reference Guide 14...

Страница 15: ...d the generic term Access Point when identical configuration activities are applied to both models When command line interface CLI commands are displayed and apply to both models an AP4700 convention...

Страница 16: ...document Italics are used to highlight specific items in the general text and to identify chapters and sections in this and related documents Bullets indicate action items lists of alternatives lists...

Страница 17: ...Survivability RSS feature ensures the delivery of uninterrupted wireless services at the local or remote site All traffic between the adaptive Access Points and the wireless controller is secured thou...

Страница 18: ...types 0 Default antenna 1 Dual band antenna 2 Omni antenna 3 Yagi antenna 4 Embedded antenna 5 Panel antenna 6 Patch antenna and 7 Sector antenna The antenna gain can be defined using either the Acces...

Страница 19: ...o allow failover from the primary wired WAN connection to a 3G WAN connection Since a 3G cellular network infrastructure is completely separate from the access point s wired infrastructure such a wire...

Страница 20: ...equesting packets to the target MU Through this process the Access Point can pass ARP requests in both directions making an MU appear to be connected to a public network even though it s on a private...

Страница 21: ...onfiguration The new enhancement provides an option to increase performance by transmitting broadcast multicast group packets at a higher rate based on the radio s defined basic data rates This option...

Страница 22: ...page 23 Sensor Support on page 23 Mesh Roaming Client on page 25 Separate LAN and WAN Ports on page 25 Multiple Mounting Options on page 26 Antenna Support for 2 4 GHz and 5 GHz Radios on page 26 Six...

Страница 23: ...ystem WIPS protects your wireless network mobile devices and traffic from attacks and unauthorized access WIPS provides tools for standards compliance and around the clock 802 11a b g wireless network...

Страница 24: ...pectrum is provided to the WIPS server The Access Point does not display the data but it is available to the WIPS server Spectrum analysis can operate only when there are no WLAN radios configured The...

Страница 25: ...rted to avoid a loop within the mesh topology Thus the Mesh Roaming Client is always an end point by design within the mesh wireless topology The base bridge will need STP disabled to immediately begi...

Страница 26: ...and are thus desirable for wireless networking Roaming users can be handed off from one Access Point to another like a cellular phone system WLANs can therefore be configured around the needs of speci...

Страница 27: ...n page 156 Industry Leading Data Security The Access Point supports numerous encryption and authentication techniques to protect the data transmitting on the WLAN The following authentication techniqu...

Страница 28: ...ess Point by the user and then transmits the user data back to the server to complete the authentication process An MU is not able to access the network if not authenticated When configured for EAP su...

Страница 29: ...ryption Wi Fi Protected Access WPA is a security standard for systems operating with a Wi Fi wireless connection WEP s lack of user authentication mechanisms is addressed by WPA Compared to WEP WPA pr...

Страница 30: ...ors to block specific commands and URL extensions from going out through the WAN port Therefore content filtering affords system administrators selective control on the content proliferating the netwo...

Страница 31: ...information accessed via SNMP is defined by a set of managed objects called Object Identifiers OIDs An OID is used to uniquely identify each object variable of a MIB SNMP allows a network administrat...

Страница 32: ...oritize the network traffic requirements for associated MUs A WLAN QoS page is available for each enabled WLAN on either the 802 11a n or 802 11b g n radio Use the QoS page to enable voice prioritizat...

Страница 33: ...network requirements as defined in the site survey For detailed information on setting the radio transmit power level see Configuring the 802 11a n or 802 11b g n Radio on page 174 Advanced Event Log...

Страница 34: ...authentication process to establish a wireless connection The mesh networking association process is identical to the Access Point s MU association process Once the association authentication process...

Страница 35: ...o define the data source authentication type and associate digital certificates with the authentication scheme The LDAP screen allows the administrator to configure an external LDAP Server for use wit...

Страница 36: ...vice Dynamic DNS or DynDNS is a feature offered by www dyndns com allowing the mapping of domain names to dynamically assigned IP addresses When the dynamically assigned IP address of a client changes...

Страница 37: ...ssions by Group on page 259 QBSS Support Each Access Point radio can be configured to optionally allow the Access Point to communicate channel usage data to associated devices and define the beacon in...

Страница 38: ...able the MU rate limit and assess the WLANs in which it s currently invoked see Configuring MU Rate Limiting on page 184 To define the actual MU rate limit maximum downstream bandwidth allocation in k...

Страница 39: ...less Radio Configuration Radio1 screen IPSec VPN Support A VPN ensures data privacy between two end points even while using a communication medium which is itself insecure like the Internet VPNs creat...

Страница 40: ...ll the MU associates and communicates with the Access Point supporting the radio coverage area of that cell Adding Access Points to a single LAN establishes more cells to extend the range of the netwo...

Страница 41: ...d for a specified time The AP refreshes its database when it transmits or receives data from these destinations and interfaces Media Types The Access Point radio interface conforms to IEEE 802 11 spec...

Страница 42: ...ronizing its channel to the Access Point The MU continues communicating with that Access Point until it needs to switch cells or roam MUs perform partial scans at programmed intervals when missing exp...

Страница 43: ...nt can assign private IP addresses Firewall A Firewall protects against a number of known attacks Management Access Options Managing the Access Point includes viewing network statistics and setting co...

Страница 44: ...I CLI and SNMP interfaces Radio2 802 11a n Random address located on the Web UI CLI and SNMP interfaces The Access Point s BSS virtual AP MAC addresses are calculated as follows BSS1 The same as the c...

Страница 45: ...ltitude 4700 Series Access Point on page 50 LED Indicators on page 57 Setting Up MUs on page 60 CAUTION Extreme Networks recommends conducting a radio site survey prior to installing an Access Point A...

Страница 46: ...ports both Altitude 4710 and Altitude 4750 models China ROHS compliance addendum Wall mount screw and anchor kit Accessories Bag 4 rubber feet and an LED light pipe and badge with label for above the...

Страница 47: ...of 802 11a n Access Points differs from 802 11b g n Access Points because the locations and number of Access Points required are different to support the radio coverage area Extreme Networks recommend...

Страница 48: ...ector System The AP4700 access point can receive power via an Ethernet cable connected to the access point s GE1 POE LAN port When users purchase a WLAN solution they often need to place access points...

Страница 49: ...Networks is reselling Motorola Power Supply Part No 50 14000 247R as an accessory for AP4700 CAUTION The access point supports any standards based compliant POE sources 802 3at and 802 3af Using a non...

Страница 50: ...le with an appropriate ground connection approved for the country of operation 1 Connect an RJ 45 Ethernet cable between the network data supply host and the Power Injector s Data In connector 2 Conne...

Страница 51: ...ires hanging the Access Point along its width or length using the pair of slots on the bottom of the unit and using the Access Point mounting template for the screws CAUTION An Access Point should be...

Страница 52: ...template needs to be positioned vertically The cabling shall exit the Access Point in a vertical direction If the installation requires the antenna be positioned horizontally the vertical centerline...

Страница 53: ...he country of operation c Connect the power supply line cord to the power adapter d Attach the power adapter cable into the power connector on the Access Point e Plug the power adapter into an outlet...

Страница 54: ...meters 333 ft The Power Injector has no On Off power switch The Power Injector receives power as soon as AC power is applied For more information on using the Power Injector see Power Injector System...

Страница 55: ...nded ceilings and industry standard tiles from 625 to 75 inches thick NOTE The Altitude 4700 Series Access Points are Plenum rated to UL2043 and NEC1999 to support above the ceiling installations CAUT...

Страница 56: ...aken not to damage the finished surface of the ceiling tile when creating the light pipe hole and installing the light pipe 7 Remove the light pipe s rubber stopper before installing the light pipe 8...

Страница 57: ...ready to configure For information on an Access Point default configuration see Getting Started on page 63 For specific details on system configurations see System Configuration on page 77 LED Indicat...

Страница 58: ...amber and yellow 5 GHz radio and emerald and yellow 2 4 GHz radio The LEDs on the top housing of the Access Point are clearly visible in wall and below ceiling installations The top housing LEDs have...

Страница 59: ...cates the radio is defined as a sensor but is disabled Alternates between Emerald and Amber when the radio is defined as a sensor with no Server connected The blink interval is 1 second Alternates bet...

Страница 60: ...ndows XP settings so the adapter can use settings defined for legacy 802 11a bg adapter operation Once network conditions improve use Windows XP to re enable the adapter for 802 11n support To change...

Страница 61: ...ce Guide 61 NOTE If re enabling the adapter for 802 11 support ensure additional 802 11n settings Aggregation Channel Width Guard Interval etc are also enabled to ensure optimal operation 9 Click OK t...

Страница 62: ...Hardware Installation Altitude 4700 Series Access Point Product Reference Guide 62...

Страница 63: ...e required cable and power connections before mounting the Access Point in its final operating position Test the Access Point with an associated MU before mounting and securing the Access Point Carefu...

Страница 64: ...ngs for an Access Point can be downloaded from the current configuration of another Access Point meeting the import export requirements For information on importing or exporting configuration files se...

Страница 65: ...d and set the county code Refer to Country Codes on page 627 for a list of each available countries two digit country code 6 At the CLI prompt admin type summary The Access Point s LAN IP address will...

Страница 66: ...y The export function will always export the encrypted Admin User password The import function will import the Admin Password only if the Access Point is set to factory default If the Access Point is...

Страница 67: ...ement has been added within the Quick Setup GUI applet Up to eight radio buttons are now available depending on the number radios supported by the Access Point These radio buttons define how WLAN and...

Страница 68: ...peration The Access Point prompts for the correct country code on the first login A warning message also displays stating an incorrect country setting may result in illegal radio operation Selecting t...

Страница 69: ...d their implications 5 Select the Quick Setup screen s Network Configuration tab to define a minimum set of WAN or LAN configuration values The WAN tab displays by default 2 4 GHz WLAN 5 0 GHz WLAN on...

Страница 70: ...c configuration parameters from a DHCP server to a host Some of these parameters are IP address network mask and gateway NOTE Extreme Networks recommends that the WAN and LAN ports should not be confi...

Страница 71: ...s Interface drop down menu to specify how network address information is defined over the LAN connection Select DHCP Client if the larger corporate network uses DHCP DHCP is a protocol that includes m...

Страница 72: ...Performance and Beacon Settings those fields can also be defined at this time Define the Channel Settings Power Level and 802 11 mode in respect to the 2 4 or 5 GHz 802 11b g n or 802 11a n radio tra...

Страница 73: ...d in a network environment wherein sensitive data is transmitted NOTE For information on configuring the other encryption and authentication options available to the access point see Configuring Secur...

Страница 74: ...efer to the Number of Responses value to assess the number of responses from the MU versus the number of ping packets transmitted by the Access Point Use the ratio of packets sent versus the number of...

Страница 75: ...ime importing exporting device configurations and device firmware updates see System Configuration on page 77 For detailed information on configuring access point LAN interface subnet and WAN interfac...

Страница 76: ...Getting Started Altitude 4700 Series Access Point Product Reference Guide 76...

Страница 77: ...Java Virtual Machine if installed To connect to the Access Point an IP address is required If connected to the Access Point using the WAN port the default static IP address is 10 1 1 1 The default pas...

Страница 78: ...access point CAUTION The Access Point s country of operation is set from within the System Settings screen If the country code is changed the Access Point s power level primary channel and secondary...

Страница 79: ...ncerning electromagnetic emissions channel range and the maximum RF signal strength transmitted To ensure compliance with national and local laws be sure to set the Country field correctly Disable LED...

Страница 80: ...ure Shell SSH is a protocol that provides a secure remote connection to an Access Point This feature is enabled by default Enable Weak Cipher Support Select the radio button to enable the Access Point...

Страница 81: ...et When the AP is powered on or performing a cold reset the CPLD determines the maximum power provided by the POE device and the budget available to the Access Point The CPLD also determines the Acces...

Страница 82: ...sing full power each radio has 3x3 antenna mode support and its intended transmit power budget Radios at Full Power The table below describes the maximum transmit power available to each radio at vary...

Страница 83: ...onal it is configured as either a WIPS or WLAN radio Consequently if the Access Point transitions from dual to single radio operation a WIPS radio might not be available MCS6 MCS14 25 HT20 40 21 17 MC...

Страница 84: ...d Option as best suited to that hardware For example if Option is selected for 3af Power and the Access Point is a dual radio model the following configuration is set LAN port ON 1000 BAST T WAN port...

Страница 85: ...s CLI Power Mode When the Access Point is powered on for the first time the system determines the power budget available to the Access Point Using the Auto setting default setting the Access Point au...

Страница 86: ...ddresses available for connection The Access Point resolves the name to one or more IP addresses if a DNS IP address is present This method is used when the Access Point fails to obtain an IP address...

Страница 87: ...cess options are either enabled or disabled It is not meant to function as an ACL in routers or other firewalls where you can specify and customize specific IPs to access specific interfaces Use the A...

Страница 88: ...the LAN1 LAN2 and or WAN checkboxes to enable access to the access point configuration applet using a Secure Sockets Layer SSL for encrypted HTTP sessions CLI TELNET port 23 Select the LAN1 LAN2 and o...

Страница 89: ...on Radius Designates that a RADIUS server is used in the authentication credential verification If using this option the connected PC is required to have its RADIUS credentials verified with an extern...

Страница 90: ...ow your customized message to be displayed when the user is logging into the Access Point If the checkbox is not selected as is the case by default the user will encounter the login screen with no add...

Страница 91: ...and maintain a set of CA certificates to use as an authentication option for Virtual Private Network VPN access To use the certificate for a VPN tunnel define a tunnel and select the IKE settings to...

Страница 92: ...tton to import it into the CA Certificate list 4 Once in the list select the certificate ID within the View Imported root CA Certificates field to view the certificate issuer name subject and certific...

Страница 93: ...Only 4 values are required the others optional 4 When the form is completed click the Generate button Key ID Enter a logical name for the certificate to help distinguish between certificates The name...

Страница 94: ...certificate and will send it back Once received copy the content from the email into the clipboard 7 Click the Paste from clipboard button The content of the email displays in the window Click the Loa...

Страница 95: ...ration Certificate Mgmt Self Certificates from the access point menu tree 2 Click on the Add button to create the certificate request The Certificate Request screen displays 3 Complete the request for...

Страница 96: ...e or a renewal request using a base64 encoded PKCS file option Click Next to continue 12 Paste the content of certificate in the Saved Request field within the Submit a Saved Request screen NOTE An ad...

Страница 97: ...s the exchange of management information between network devices SNMP uses Management Information Bases MIBs to manage the device configuration and monitor Internet devices in potentially remote locat...

Страница 98: ...AP4700 MIB 02a02 NAT Address Mapping EXTR CC AP4700 MIB 2 0 MU ACL Configuration EXTR AP4700 MIB 02a02 VPN Tunnel Configuration EXTR CC AP4700 MIB 2 0 QOS Configuration EXTR AP4700 MIB 02a02 VPN Tunn...

Страница 99: ...he SNMP community includes users whose IP addresses are specified on the SNMP Access Control screen A read only community string allows a remote device to retrieve information while a read write commu...

Страница 100: ...v authorization with privacy The NoAuth setting specifies no login authorization or encryption for the user The AuthNoPriv setting requires login authorization but no encryption The AuthPriv setting r...

Страница 101: ...rated information and if capable modify related settings from an SNMP capable client Use the SNMP Access Control screen s Access Control List ACL to limit by Internet Protocol IP address who can acces...

Страница 102: ...e community definition Use just the Starting IP Address column to specify a single SNMP user Use both the Starting IP Address and Ending IP Address columns to specify a range of addresses for SNMP use...

Страница 103: ...tion Trap configuration depends on the network machine that receives the generated traps SNMP v1 v2c and v3 trap configurations function independently In a mixed SNMP environment generated traps can b...

Страница 104: ...r Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by the access point SNMP agent Port Specify a destination User Datagram Protocol UDP port for rece...

Страница 105: ...e MU Traps field to generate traps for MU associations MU association denials and MU authentication denials When a trap is enabled a trap is sent every 10 seconds until the condition no longer exists...

Страница 106: ...and a connected device DynDNS Update Generates a trap whenever domain name information is updated as a result of the IP address associated with that domain being modified Denial of service DOS attemp...

Страница 107: ...old screen as a means to track RF activity and the access point s radio and associated MU performance SNMP RF Traps are sent when RF traffic exceeds defined limits set in the RF Trap Thresholds field...

Страница 108: ...representing the physical network connections of a given network management domain The LLDP neighbor discovery protocol allows you to discover and maintain accurate network topologies in a multivendor...

Страница 109: ...rtisements containing device information and media specific configuration information to neighbors attached to the same network LLDP agents cannot solicit information from other agents by way of LLDP...

Страница 110: ...r the Access Point s network operations For sites using Kerberos authentication time synchronization is required Use the Date and Time Settings screen to enable NTP and specify the IP addresses and po...

Страница 111: ...bles the user to manually enter the Access Point s system time using a Year Month Day HH MM SS format This option is disabled when the Enable NTP checkbox has been selected and therefore should be vie...

Страница 112: ...level standard syslog levels and view or save the current access point system log Enable NTP on AP4700 Select the Enable NTP on access point checkbox to allow a connection between the access point and...

Страница 113: ...uesting the administrator password before saving the log After the password has been entered click Get File to display a dialogue with buttons to Open or Save the log txt file Click Save and specify a...

Страница 114: ...Access Point are deleted and updated by the imported file Therefore the imported configuration is not a merge with the configuration of the target Access Point The exported file can be edited with an...

Страница 115: ...ted NOTE When modifying the text file manually and spaces are used for wireless security MU policy names etc ensure you use 20 between the spaces For example Second 20Floor 20Lab When imported the nam...

Страница 116: ...th the assigned filename and login information The system displays a confirmation window indicating the administrator must log out of the access point after the operation completes for the changes to...

Страница 117: ...re Type Error message indicates the configuration was not applied due to a hardware compatibility issue between the importing and exporting devices Status After executing an operation by clicking any...

Страница 118: ...ent than the name of the file previously loaded on the Access Point or when the file version on the server is different than the version currently in use on the Access Point Additionally the configura...

Страница 119: ...perform the update CAUTION Make sure a copy of the access point s configuration is exported before updating the firmware To conduct a firmware update on the access point 1 Export the access point curr...

Страница 120: ...If the target firmware file resides within a directory specify a complete path for the file within the Filepath optional field 6 Enter an IP address for the SFTP FTP or TFTP server used for the update...

Страница 121: ...splay FAIL auto fw update check FAIL network activity time out FAIL firmware check FAIL exceed memory limit FAIL authentication FAIL connection time out FAIL control channel error FAIL data channel er...

Страница 122: ...System Configuration Altitude 4700 Series Access Point Product Reference Guide 122...

Страница 123: ...g two unique LAN interfaces The access point LAN port has its own MAC address The LAN port MAC address is always the value of the access point WAN port MAC address plus 1 The LAN and WAN port MAC addr...

Страница 124: ...Name Use the LAN Name field to modify the existing LAN name LAN1 and LAN2 are the default names assigned to the LANs until modified by the user Ethernet Port The Ethernet Port radio buttons allow you...

Страница 125: ...o 16 mappings are possible per Access Point Auto Negotiation Select the Auto Negotiation checkbox to enable the Access Point to automatically exchange information over its LAN port about data transmis...

Страница 126: ...ators to group MUs even when they are not members of the same network segment NOTE A WLAN supporting a mesh network does not need to be assigned to a particular VLAN as all the traffic proliferating t...

Страница 127: ...a link 3 Select the VLAN Name button The VLAN name screen displays The first time the screen is launched a default VLAN name of 1 and a default VLAN ID of 1 display The VLAN name is auto generated on...

Страница 128: ...ement VLAN uses a default tag value of 1 The Management VLAN is used to distinguish VLAN traffic flows for the LAN The trunk port marks the frames with special tags as they pass between the access poi...

Страница 129: ...o configure VLAN memberships manually The Dynamic checkbox is enabled only when a WLAN is having EAP configured Otherwise the checkbox is disabled 13 Use the VLAN drop down menu to select the name of...

Страница 130: ...re the DHCP Configuration field to define the DHCP settings used for the LAN NOTE When setting the LAN interface to be a DHCP Server and adding an IP address the primary DNS IP address might not be up...

Страница 131: ...ress Assignment Range Use the address assignment parameter to specify a range of numerical non DNS name IP addresses reserved for mapping client MAC addresses to IP addresses If a manually static mapp...

Страница 132: ...ive use The lease time is the number of seconds an IP address is reserved for re connection after its last use Using very short leases DHCP can dynamically reconfigure networks in which there are more...

Страница 133: ...gned to the DHCP server If multiple entries exist within the Reserved Clients field use the scroll bar to the right of the window to navigate 5 Click the Del delete button to remove a selected table e...

Страница 134: ...d or denied for use by the access point 3 To add an Ethernet type click the Add button The Add Ethernet Type screen displays Use this screen to add one type filter option at a time for a list of up to...

Страница 135: ...ports an express card slot that can provide a secondary link in the event of a wired WAN failure The Altitude 4710 s wired WAN is the primary WAN link as long as it s enabled and connected and the WWA...

Страница 136: ...access point 1 Select Network Configuration WAN from the access point menu tree 2 Refer to the WAN IP Configuration field to enable the WAN interface and set network address information for the WAN co...

Страница 137: ...address for the access point s WAN connection This address defines the AP s presence on a larger network or on the Internet Obtain a static dedicated IP address from the ISP or network administrator A...

Страница 138: ...ission speed and duplex capabilities Auto negotiation is helpful when using the Access Point in an environment where different devices are connected and disconnected on a regular basis Selecting Auto...

Страница 139: ...s the connection after an idle period the access point automatically re establishes the connection to the ISP Enabling Keep Alive mode disables grays out the Idle Time field Idle Time seconds Specify...

Страница 140: ...he username cannot exceed 48 characters Password Specify a password entered when connecting to the ISP supporting the express card When the Internet session starts the ISP authenticates the password T...

Страница 141: ...d translates the WAN IP addresses on incoming packets to local IP addresses NAT is useful because it allows the authentication of incoming and outgoing requests and minimizes the number of WAN IP addr...

Страница 142: ...rom address settings applied on the WAN screen NAT Type Specify the NAT Type as 1 to 1 to map a WAN IP address to a single host local IP address 1 to 1 mapping is useful when users need dedicated addr...

Страница 143: ...o 1 or 1 to Many from the NAT Type drop down menu 3 Click on the Port Forwarding button within the Inbound Mappings area Outbound Mappings When 1 to 1 NAT is selected a single IP address can be entere...

Страница 144: ...fy the transport protocol used in this service The choices are ALL TCP UDP ICMP AH ESP and GRE Start Port and End Port Enter the port or ports used by the port forwarding service To specify a single p...

Страница 145: ...the DynDNS service and traffic for the specified domain s is routed to the new IP address NOTE DynDNS supports only the primary WAN IP address To configure dynamic DNS for the access point 1 Select N...

Страница 146: ...ges to the Dynamic DNS screen Navigating away from the screen without clicking the Apply button results in all changes to the screens being lost 9 Click Undo Changes if necessary to undo any changes m...

Страница 147: ...WLAN names can be modified within individual WLAN configuration screens See Creating Editing Individual WLANs on page 148 to change the name of a WLAN ESSID Displays the Extended Services Set Identif...

Страница 148: ...to a public network even though it s on a private network hidden behind the Access Point Select the following options as required a Select Dynamic for the Access Point to respond to an ARP request for...

Страница 149: ...ties of an existing WLAN 1 Select Network Configuration Wireless from the access point menu tree The Wireless Configuration screen displays 2 Click the Create button to configure a new WLAN or highlig...

Страница 150: ...e Max MUs field to define the number of MUs permitted to interoperate within the new or revised WLAN The maximum and default is 127 However each Access Point can only support a maximum 127 MUs spanned...

Страница 151: ...see Configuring a WLAN Access Control List ACL on page 153 Kerberos User Name Displays the read only Kerberos User Name used to associate the wireless client This value is the ESSID of the Access Poin...

Страница 152: ...ection scheme To create a new security policy or modify an existing policy 1 Select Network Configuration Wireless Security from the access point menu tree The Security Configuration screen appears wi...

Страница 153: ...ection that describes your intended security scheme 2 Click Logout to exit the Security Configuration screen Configuring a WLAN Access Control List ACL An Access Control List ACL affords a system admi...

Страница 154: ...rk Configuration Wireless MU ACL from the access point menu tree The Mobile Unit Access Control List Configuration screen displays with existing ACL policies and their current WLAN if mapped to a WLAN...

Страница 155: ...Edit MU ACL Policy screen and return to the Mobile Unit Access Control List Configuration screen Navigating away from the screen without clicking Apply results in changes to the screens being lost 6...

Страница 156: ...new policies are defined they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based on MU interoperability requirements Extreme Networks recommends using th...

Страница 157: ...w QoS policy or select a policy and click the Edit button to modify an existing QoS policy The Access Point supports a maximum of 16 QoS policies 3 Assign a name to the new or edited QoS policy that m...

Страница 158: ...adio traffic best representing the network requirements of this WLAN Options include CAUTION Extreme Networks recommends using the drop down menu to define the intended radio traffic within the WLAN O...

Страница 159: ...ll other types of network traffic Voice Voice traffic includes VoIP traffic and typically receives priority over Background and Best Effort traffic CW Min The contention window minimum value is the le...

Страница 160: ...net browser as a secure authentication device Rather than rely on built in 802 11 security features to control Access Point association privileges configure a WLAN with no WEP an open network The Acce...

Страница 161: ...Ns on the Access Point can be configured as a hotspot For hotspot enabled WLANs DHCP DNS HTTP and HTTPS traffic is allowed before you login to the hotspot while TCP IP packets are redirected to the po...

Страница 162: ...e Access Point s internal RADIUS Server for user authentication 6 Click the White List Entries button within the WhiteList Configuration field to create a set of allowed destination IP addresses These...

Страница 163: ...he IP address of the internal RADIUS server is fixed at 127 0 0 1 and cannot be used for the external RADIUS server Radius Port Specify the port on which the RADIUS accounting server is listening Shar...

Страница 164: ...page URL is specified in the location s HTTP header To host a Login page on the external Web server the IP address of the Web server should be in the White list list of IP addresses allowed to access...

Страница 165: ...etworks provides a default set of HTML files for the login welcome and fail pages and one css file that s referenced by these HTML files The professional installer is also provided two default images...

Страница 166: ...characters that can be entered into the text area is 10240 5 Select Apply to save the updates made thus far 6 Select the CSS Editor tab to review a guide describing css file customizations impacting h...

Страница 167: ...ceed 12500 bytes or it cannot be exported back onto the Access Point for effective deployment with the hotspot 7 Select the FTP Transfer tab to define the configuration of the FTP server configuration...

Страница 168: ...ress Enter the IP address of the FTP server used by the Access Point to import and export hotspot file information to the clients providing hotspot access Username Specify a username to be used when l...

Страница 169: ...the dual radio model The Altitude 4750 model Access Point is available in a three radio model The third Altitude 4750 radio is never a WLAN radio The third radio is either disabled or set to WIPS mod...

Страница 170: ...ided to the WIPS server The Access Point does not display the data but it is available to the WIPS server Spectrum analysis can operate only when there are no WLAN radios configured The WIPS daemon an...

Страница 171: ...level For a detailed overview on the theory of mesh networking see Mesh Networking Overview on page 577 For detailed information on the implications of setting the mesh configuration see Configuring M...

Страница 172: ...Access Point again Once the settings within the Radio Configuration screen are applied for an initial deployment the current number of client bridge connections for this specific radio displays withi...

Страница 173: ...e Out EPTO setting on the LAN page when the Access Point is in bridge mode As long as the mesh is down the Access Point acts in accordance to the Mesh Time Out setting regardless of the state of the E...

Страница 174: ...ick Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the Radio Configuration screen to the last saved configuration 10 Click Logout to securely exit th...

Страница 175: ...MAC addresses determine the device sending or receiving data A MAC address is a 48 bit number written as six hexadecimal bytes separated by colons For example 00 A0 F8 24 9A C8 Radio Type The Radio Ty...

Страница 176: ...ansmit to both b and g clients if legacy clients 802 11b partially comprise the network Select accordingly based on the MU requirements of the network The rates for the Access Point s 2 4 GHz radio ar...

Страница 177: ...l Selection The following channel selection options exist User Selected This is the default setting If 20 40 MHz is selected as the Channel Width supporting 11n the Secondary Channel drop down menu be...

Страница 178: ...egulatory domain restrictions Once the antenna type and gain are provided the Access Point calculates the power range Antenna gain relates the intensity of an antenna in a given direction to the inten...

Страница 179: ...needed for additional supported rates Enable the Support Short Guard Interval checkbox to set a guard interval for interference protection for 20 MHz and 40 MHz channel widths When enabled the AP s ra...

Страница 180: ...11b radio The preamble length for 802 11b transmissions is rate dependant A short preamble is 50 shorter than a long preamble Leave the checkbox unselected if in a mixed MU AP environment as MUs and...

Страница 181: ...ltimedia traffic default is typical data traffic and voice is for Voice Over IP supported wireless devices Click OK to implement the selected QoS values and return to the 802 11a n or 802 11b g n radi...

Страница 182: ...power save stations less responsive but could increase power savings The default is 100 Avoid changing this parameter as it can adversely affect performance DTIM Interval The DTIM interval defines ho...

Страница 183: ...oadcast multicast rate control is supported in both standalone and adaptive AP configurations and can be imported exported as part of the Access Point s existing configuration import and export capabi...

Страница 184: ...d Configuring MU Rate Limiting Use the Rate Limiting screen to control the MU rate limit allotted to individual WLANs MU rate limiting enables an administrator to determine how much radio bandwidth is...

Страница 185: ...defined thus far for any of the Access Point s 16 WLANs The rates are displayed in Kbps for both wired to wireless and wireless to wired traffic flows from the WLAN and its radio configuration 4 Click...

Страница 186: ...ess point Router Table field to view existing routes The access point Router Table field displays a list of connected routes between an enabled subnet and the router These routes can be changed by mod...

Страница 187: ...let A prompt displays confirming the logout before the applet is closed Setting the RIP Configuration To set the RIP configuration 1 From within the RIP Configuration field select the RIP Type from th...

Страница 188: ...the MD5 Auth Key area 6 Click the OK button to return to the Router screen From there click Apply to save the changes Configuring IP Filtering Use the Access Point s IP filtering functionality to dete...

Страница 189: ...ith the filter policy list Packets are always filtered in sequential order filtering always begins with the first filter policy displayed in the IP Filtering screen then the second third and so on The...

Страница 190: ...olicy or filtering rule attributes require definition Filter name Create a name for the filter policy unique to its function in order to differentiate it from others that may have somewhat similar con...

Страница 191: ...ithin the main IP Filtering menu To apply an existing IP filter policy to LAN1 LAN2 or a WLAN 1 Display the IP Filtering menu From the LAN1 or LAN2 screen a Select Network Configuration LAN LAN1 or LA...

Страница 192: ...of Allow or Deny to permit or restrict the rules of this filter in the direction selected 5 Select Add to apply the filter s and their rules and permissions to the LAN or WLAN 6 Click OK add the IP f...

Страница 193: ...ALL 10 1 1 1 11 1 1 1 NO 10 1 1 10 11 1 1 10 admin network ipfilter Once created the filter displays within the Network Configuration IP Filtering screen Applying the Filter to a WLAN or LAN Once cre...

Страница 194: ...ering on a LAN or WLAN By default when IP filtering is enabled all inbound and outbound traffic is disabled Default filters are applied when no other applied filter is matched When applying multiple f...

Страница 195: ...applet see Applying a Filter to LAN1 LAN2 or a WLAN 1 16 on page 191 Assessing IP Filter Stats Detailed IP filter statistics can be displayed as follows from the Access Point CLI admin stats show s w...

Страница 196: ...ation LAN Interface 1 enable IP Address 1 192 168 0 1 Network Mask 255 255 255 0 Ethernet Address 0015700078C5 Speed 100 Mbps Duplex full LAN Rx Information rx packets 12520 rx bytes 2663360 rx errors...

Страница 197: ...securely route traffic through a IPSEC tunnel and block transmissions with devices interpreted as Rogue APs NOTE Security for the access point can be configured in various locations throughout the acc...

Страница 198: ...sword protect and restrict access point device access 1 Connect a wired computer to the access point LAN port using a standard CAT 5 cable 2 Set up the computer for TCP IP DHCP network addressing and...

Страница 199: ...ettings on page 78 Once the password has been set refer back to Configuring Security Options on page 197 to determine which access point security feature to configure next Resetting the Access Point P...

Страница 200: ...w security policy using the authentication and encryption schemes discussed above can be created CAUTION Mesh configurations do not support mismatched security policies when operating using a mixed mo...

Страница 201: ...x EAP Authentication on page 204 No Encryption If No Encryption is selected encryption is disabled for the security policy If security is not an issue this setting avoids the overhead an encryption pr...

Страница 202: ...Kerberos assumes that it is running on a trusted host with an untrusted network If host security is compromised Kerberos is compromised as well Kerberos uses the Network Time Protocol NTP for synchron...

Страница 203: ...omain name In theory the realm name is arbitrary However in practice a Kerberos realm is named by uppercasing the DNS domain name that is associated with hosts in the realm Primary KDC Specify a numer...

Страница 204: ...exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by clicking the Edit button To configure a new security policy supporti...

Страница 205: ...fy the numerical non DNS IP address of a primary Remote Dial In User Service RADIUS server Optionally specify the IP address of a secondary server The secondary server acts as a failover server if the...

Страница 206: ...ch the shared secret on the RADIUS server Optionally specify a shared secret for a secondary failover server Use shared secrets to verify RADIUS messages with the exception of the Access Request messa...

Страница 207: ...d to a longer time interval at most 9999 seconds to relax security on wireless connections The default interval of 3600 seconds is recommended Max Retries 1 99 retries Define the maximum number of MU...

Страница 208: ...WEP on the access point 1 Select Network Configuration Wireless Security from the access point menu tree If security policies supporting WEP exist they appear within the Security Configuration screen...

Страница 209: ...e access point menu tree If security policies supporting KeyGuard exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by cli...

Страница 210: ...packets between the two devices Default hexadecimal keys for KeyGuard include Pass Key Specify a 4 to 32 character pass key and click the Generate button The pass key can be any alphanumeric string Th...

Страница 211: ...s Temporal Key Integrity Protocol TKIP TKIP addresses WEP s weaknesses with a re keying mechanism a per packet mixing function a message integrity check and an extended initialization vector Wi Fi Pro...

Страница 212: ...ation enhances the broadcast traffic security on the WLAN This value is disabled by default Update broadcast keys every 300 604800 seconds Specify a time period in seconds to rotate the key index used...

Страница 213: ...sed by the Advanced Encryption Standard AES AES serves the same function TKIP does for WPA TKIP CCMP computes a Message Integrity Check MIC using the proven Cipher Block Chaining CBC technique Changin...

Страница 214: ...t menu tree If security policies supporting WPA2 CCMP exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by clicking the Ed...

Страница 215: ...secs ASCII Passphrase To use an ASCII passphrase and not a hexadecimal value select the checkbox enter an alphanumeric string of 8 to 63 characters The string allows character spaces The access point...

Страница 216: ...To support this feature certain security policy combinations need to be available on a per WLAN basis The following combinations are supported WEP 64 and WPA WPA2 TKIP WEP 64 and WPA2 CCMP WEP 128 and...

Страница 217: ...gn it a security scheme see Creating Editing Individual WLANs on page 148 For information on how to assign a WLAN a security policy supporting WEP see Configuring WEP Encryption on page 208 2 Create a...

Страница 218: ...ewall uses a collection of filters to screen information packets for known types of system attacks Some of the access point s filters are continuously enabled others are configurable Use the access po...

Страница 219: ...ll checkbox to disable all firewall functions on the access point This includes firewall filters NAT VP content filtering and subnet access Disabling the access point firewall makes the access point v...

Страница 220: ...net associations The three possible colors indicate the current access level as defined for each subnet association SYN Flood Attack Check A SYN flood attack requests a connection and then fails to pr...

Страница 221: ...o areas Click the table cell of interest and look at the exceptions area in the lower half of the screen to determine the protocols that are either allowed or denied Red No Access All protocols are de...

Страница 222: ...is an application protocol using the Internet s TCP IP protocols FTP provides an efficient way to exchange files between computers on the Internet FTP uses TCP port 21 SMTP Simple Mail Transfer Proto...

Страница 223: ...e other key component is Encapsulating Security Protocol ESP AH provides authentication proving the packet sender really is the sender and the data really is the data sent AH can be used in transport...

Страница 224: ...les port forwarding and 1 to many mappings from the system Only enable advanced subnet access rules if your configuration requires rules that cannot be configured within the Subnet Access screen Impor...

Страница 225: ...e down by one row in the table The index numbers for the affected rows adjust to reflect the new order Index The index number determines the order firewall rules are executed Rules are executed from t...

Страница 226: ...n break the encryption The traffic is encrypted from your computer through the network to the VPN At that point the traffic is decrypted Use the VPN screen to add and remove VPN tunnels To configure a...

Страница 227: ...te network the VPN tunnel connects to Ensure the address is the same as the WAN port address of the target gateway AP or controller Key Exchange Type The Key Exchange Type column lists the key exchang...

Страница 228: ...l Key Exchange Selecting Manual Key Exchange requires you to manually enter keys for AH and or ESP encryption and authentication Click the Manual Key Settings button to configure the settings Manual K...

Страница 229: ...er the LAN IP subnet and mask of AP 2 in the Remote Subnet and Remote Subnet Mask fields 6 Enter the WAN port IP address of AP 2 in the Remote Gateway field 7 Click Add to add the tunnel to the list 8...

Страница 230: ...ied to IPSec protected traffic During security association SA negotiation both gateways agree to use a particular transform set to protect data flow A transform set specifies one or two IPSec security...

Страница 231: ...ting the keys provided are weak Some WEP attack tools invoke a dictionary to hack WEP keys based on commonly used words To avoid entering a weak key try to not to produce a WEP key using commonly used...

Страница 232: ...igured on the remote security gateway ESP Type ESP provides packet encryption optional data authentication and anti replay services for the VPN tunnel Use the drop down menu to select the ESP type Opt...

Страница 233: ...5 Enables the Message Digest 5 algorithm which requires 128 bit 32 character hexadecimal keys SHA1 Enables Secure Hash Algorithm 1 which requires 160 bit 40 character hexadecimal keys Inbound ESP Auth...

Страница 234: ...The Security Association Life Time is the configurable interval used to timeout association requests that exceed the defined interval The available range is from 300 to 65535 seconds The default is 3...

Страница 235: ...the IKE Settings button ESP Encryption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel DES Selects the DES algorithm No keys are required to be manu...

Страница 236: ...e Aggressive mode is faster but less secure than Main mode Identities are not encrypted unless public key encryption is used The authentication method cannot be negotiated if the initiator chooses pub...

Страница 237: ...certificates into the system IKE Authentication Algorithm IKE provides data authentication and anti replay services for the VPN tunnel Select an authentication methods from the drop down menu MD5 Enab...

Страница 238: ...f the tunnels configured on the access point as well as their lifetime transmit and receive statistics The VPN Status screen is read only with no configurable parameters To configure a VPN tunnel use...

Страница 239: ...nel is connected the status reads ACTIVE Outb SPI The Outb SPI column displays the outbound Security Parameter Index SPI for each tunnel The SPI is used locally by the access point to identify a secur...

Страница 240: ...ntent filtering allows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound HTTP SMTP and FTP requests Tx Bytes The Tx Bytes column lists the amount of data in byt...

Страница 241: ...or blocking of specific HTTP commands going outbound on the access point WAN port HTTP blocks commands on port 80 only The Block Outbound HTTP option allows blocking of the following user selectable o...

Страница 242: ...he local server RCPT Recipient Identifies a recipient of mail data DATA Tells the SMTP receiver to treat the following information as mail data from the sender QUIT Tells the receiver to respond with...

Страница 243: ...Access Point is operating in The rogue detection interval is used in conjunction with Motorola MUs that identify themselves as rogue detection capable to the Access Point The detection interval define...

Страница 244: ...sociate for specific information To configure Rogue AP detection for the access point 1 Select Network Configuration Wireless Rogue AP Detection from the access point menu tree CAUTION Users cannot de...

Страница 245: ...A BG Scan Select this checkbox to scan for rouges over all channels on both of the Access Point s 11a and 11bg radio bands The switching of radio bands is based on a timer with no user intervention re...

Страница 246: ...the Access Point applet A prompt displays confirming the logout before the applet is closed Moving Rogue APs to the Allowed AP List The Active APs screen enables the user to view the list of detected...

Страница 247: ...s table For more information on the displaying information on detected rogue APs see Displaying Rogue AP Details on page 247 7 To remove the Rogue AP entries displayed within the Rogue APs field click...

Страница 248: ...ined to be non hostile and the device should be defined as an allowed AP RSSI Shows the Relative Signal Strength RSSI of the rogue AP Use this information to assess how close the rogue AP is The highe...

Страница 249: ...enabled 2 Highlight an MU from within the Rogue AP enabled MUs field and click the scan button The target MU begins scanning for rogue devices using the detection parameters defined within the Rogue A...

Страница 250: ...6 Click Logout to return to the Rogue AP Detection screen Configuring User Authentication The Access Point can work with external RADIUS and LDAP Servers AAA Servers to provide user database informat...

Страница 251: ...n the menu tree For more information see Configuring LDAP Authentication on page 253 EAP Type Use the EAP Type checkboxes to enable the default EAP type s for the RADIUS server Options include PEAP Se...

Страница 252: ...in the table server access is authorized WatchGuard products do not support the PAP protocol because the username and password are sent as clear text that a hacker can read MD5 This option enables th...

Страница 253: ...rnal LDAP server To configure the LDAP server 1 Select System Configuration User Authentication RADIUS Server LDAP from the menu tree NOTE For the onboard RADIUS server to work with Windows Active Dir...

Страница 254: ...ource for the RADIUS The default port is 389 Login Attribute Specify the login attribute used by the LDAP server for authentication In most cases the default value should work Windows Active Directory...

Страница 255: ...Radius Server The Access Point has the capability to proxy authentication requests to a remote RADIUS server based on the suffix of the user ID such as myisp com or company com The Access Point suppor...

Страница 256: ...screen without clicking Apply results in all changes to the screen being lost Retry Count Enter a value between 3 and 6 to indicate the number of times the Access Point attempts to reach a proxy serv...

Страница 257: ...ation on selecting Local as the Data Source see Configuring the Radius Server on page 250 To add groups to the User database NOTE Each group can be configured to have its own access policy using the A...

Страница 258: ...lost 9 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the Users screen to the last saved configuration 10 Click Logout to securely exit the Ac...

Страница 259: ...policy Each group s policy has a user defined interval defining the days and hours access is permitted Authentication requests for users belonging to the group are honored only during these defined h...

Страница 260: ...also exists for mapping specific WLANs to these intervals For more information see Editing Group Access Permissions on page 261 For information on creating a new group see Managing the Local User Dat...

Страница 261: ...To update a group s access permissions 1 Select User Authentication Radius Server Access Policy from the menu tree 2 Select an existing group from within the groups field 3 Select the Edit button The...

Страница 262: ...LANs field to select existing WLANs to apply to the selected group s set of access permissions The group s existing WLANs are already selected within the Edit screen Select those additional WLANs requ...

Страница 263: ...ithin the access point radio coverage area The type of AP detected can be displayed as well as the properties of individual APs See the following sections for more details on viewing statistics for th...

Страница 264: ...Control MAC address of the access point WAN port The WAN port MAC address is hard coded at the factory and cannot be changed IP Addresses The displayed Internet Protocol IP addresses for the access p...

Страница 265: ...ed field displays the number of data packets that fail to reach the WAN interface If this number appears excessive consider a new connection to the device RX Overruns RX overruns are buffer overruns o...

Страница 266: ...urable data fields To view access point LAN connection stats 1 Select Status and Statistics LAN Stats LAN1 Stats or LAN2 Stats from the access point menu tree 2 Refer to the Information field to view...

Страница 267: ...include dropped data packets buffer overruns and frame errors on inbound traffic The number of RX errors is a total of RX Dropped RX Overruns and RX Carrier errors Use this information to determine pe...

Страница 268: ...e when assessing mesh networking functionality for each of the two Access Point LANs Access points in bridge mode exchange configuration messages at regular intervals typically 1 to 4 seconds If a bri...

Страница 269: ...r the Maximum Message age timer For information on setting the Maximum Message Age Bridge Hello Time The Bridge Hello Time is the time between each bridge protocol data unit sent This time is equal to...

Страница 270: ...These rules determine which IP packets are processed normally by LANs 1 and 2 and which are discarded For more information on how IP Filtering works and how its configured on the Access Point see Conf...

Страница 271: ...or active enabled WLANs on the access point The WLAN Summary field displays basic information such as number of Mobile Units MUs and total throughput for each of the active WLANs The Total RF Traffic...

Страница 272: ...NU Displays a percentage of the total packets for each active WLAN that are non unicast Non unicast packets include broadcast and multicast packets Retries Displays the average number of retries per p...

Страница 273: ...m the access point menu tree ESSID Displays the Extended Service Set ID ESSID for the target WLAN Radio s Displays the name of the 802 11a n or 802 11b g n radio the target WLAN is using for access po...

Страница 274: ...the average bit speed in Mbps for a given time period on the selected WLAN This includes all packets that are sent and received The number in black represents statistics for the last 30 seconds and t...

Страница 275: ...policies supporting impacting the WLAN The LAN IP Filter Statistics screen shows a running count of packet traffic either allowed or denied when filter rules fail These rules determine which IP packe...

Страница 276: ...f packets either allowed or denied access by the Access Point s filtering rules These are packets that are outgoing from the selected Access Point WLAN 4 Click the Clear LAN Stats button to reset each...

Страница 277: ...g n currently deployed by the access point MUs Displays the total number of MUs currently associated with each access point radio T put Displays the total throughput in Megabits per second Mbps for ea...

Страница 278: ...on field displays device address and location information as well as channel and power information The Traffic field displays statistics for cumulative packets bytes and errors received and transmitte...

Страница 279: ...ts this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour Throughput The Total column displays average throughput on the radio The Rx column displays...

Страница 280: ...the number in blue represents the average signal for the last hour If the signal is low consider mapping the MU to a different WLAN if a better functional grouping of MUs can be determined Avg MU Noi...

Страница 281: ...without clicking Apply results in changes to the screens being lost 3 Click Undo Changes if necessary to undo any changes made to the screen Undo Changes reverts the settings to the last saved configu...

Страница 282: ...detailed information on conducting a ping test for an MUs see Pinging Individual MUs on page 285 IP Address Displays the IP address of each of the associated MU MAC Address Displays the MAC address o...

Страница 283: ...rors The MU Properties field displays basic information such as hardware address IP address and associated WLAN and AP Reference the MU Traffic field for MU RF traffic and throughput data Use the RF S...

Страница 284: ...put for the last hour Avg Bit Speed The Total column displays the average bit speed in Mbps for a given time period on the MU This includes all packets sent and received The number in black represents...

Страница 285: ...kets received to assess the link quality between MU and the access point Click the Ok button to exit the Echo Test screen and return to the MU Stats Summary screen MU Authentication Statistics The acc...

Страница 286: ...s point WLAN or access point radio 4 Click Ok to return to the MU Stats Summary screen Viewing the Mesh Statistics Summary The access point has the capability of detecting and displaying the propertie...

Страница 287: ...ress The unique 48 bit hard coded Media Access Control address known as the devices station identifier This value is hard coded at the factory by the manufacturer and cannot be changed WLAN Displays t...

Страница 288: ...OTE The Known AP Statistics screen only displays statistics for Access Points located on the same subnet To view detected Access Point statistics 1 Select Status and Statistics Known AP Stats from the...

Страница 289: ...Ping button to display a screen for verifying the link with a highlighted Access Point NOTE A ping test initiated from the access point Known AP Statistics screen uses WNMP pings Therefore target devi...

Страница 290: ...cted and displayed within the Known AP Statistics screen Use the Start Flash button to determine the location of the devices displayed within the Known AP Statistics screen When an access point is hig...

Страница 291: ...acters should be avoided Connecting to the CLI Accessing the CLI through the Serial Port To connect to the access point CLI through the serial port 1 Connect one end of a null modem serial cable to th...

Страница 292: ...r access point keep in mind the access point uses a static IP WAN address 10 1 1 1 Additionally the access point s LAN port is set as a DHCP client 2 Enter the default username of admin and the defaul...

Страница 293: ...nder this command are shown below Syntax help Displays general user interface help passwd Changes the admin password summary Shows a system summary network Goes to the network submenu system Goes to t...

Страница 294: ...ction argument is treated as an argument Eg admin network lan set lan enable Here is an invalid extra argument because it is after the argument enable ctrl q go backwards in command history ctrl p go...

Страница 295: ...s For information on configuring passwords using the applet GUI see Setting Passwords on page 198 passwd Changes the admin password for access point access This requires typing the old admin password...

Страница 296: ...ty Policy Default QoS Policy Default Rate Limiting disabled LAN1 Name LAN1 LAN1 Mode enable LAN1 IP 10 255 108 230 LAN1 Mask 255 255 255 0 LAN1 DHCP Mode client LAN2 Name LAN2 LAN2 Mode enable LAN2 IP...

Страница 297: ...Guide 297 AP4700 admin Displays the parent menu of the current menu This command appears in all of the submenus under admin In each case it has the same function to move up one level in the directory...

Страница 298: ...nce Guide 298 AP4700 admin Displays the root menu that is the top level CLI menu This command appears in all of the submenus under admin In each case it has the same function to move up to the top lev...

Страница 299: ...command appears in all of the submenus under admin In each case it has the same function to save the current configuration Syntax Example admin save admin save Saves configuration settings The save c...

Страница 300: ...dmin quit Exits the command line interface session and terminates the session The quit command appears in all of the submenus under admin In each case it has the same function to exit out of the CLI O...

Страница 301: ...submenu The items available under this command are shown below lan go to LAN sub menu wan go to WAN sub menu wireless go to Wireless sub menu firewall go to Firewall sub menu router go to Router sub...

Страница 302: ...UI see Configuring the LAN Interface on page 123 show Shows current access point LAN parameters set Sets LAN parameters bridge Goes to the mesh configuration submenu wlan mapping Goes to the WLAN Lan...

Страница 303: ...1 Network Mask 255 255 255 255 Default Gateway 192 168 0 1 Domain Name Primary DNS Server 192 168 0 1 Secondary DNS Server 192 168 0 2 WINS Server 192 168 0 254 LAN2 Information LAN Name LAN2 LAN Inte...

Страница 304: ...on the Ethernet port timeout seconds Sets the interval in seconds the access point uses to terminate its LAN interface if no activity is detected for the specified interval trunking mode Enables or d...

Страница 305: ...ess point s mesh networking options using the applet GUI see Configuring Mesh Networking Support on page 581 show Displays the mesh configuration parameters for the access point s LANs set Sets the me...

Страница 306: ...5 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 LAN2 Bridge Configuration Bridge Priority 63335 Hello Time seconds 2 Message Age Time sec...

Страница 307: ...eout Time seconds 300 LAN2 Mesh Configuration Bridge Priority 63335 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview of the...

Страница 308: ...N Support on page 126 show Displays the VLAN list currently defined for the access point set Sets the access point VLAN configuration create Creates a new access point VLAN edit Edits the properties o...

Страница 309: ...Tag 1 1 1 2 1 1 WLAN WLAN1 mapped to VLAN none VLAN Mode static admin network lan wlan mapping show lan wlan WLANs on LAN1 WLAN1 WLAN2 WLAN3 WLANs on LAN2 admin network lan wlan mapping show wlan WLA...

Страница 310: ...pping set mode 1 static admin network lan wlan mapping show vlan cfg LAN No Management VLAN Tag Native VLAN Tag 1 10 12 2 1 1 WLAN WLAN1 mapped to VLAN none VLAN Mode static For information on configu...

Страница 311: ...r the access point Syntax Example admin network lan wlan mapping admin network lan wlan mapping create 5 vlan 5 For information on creating VLANs using the applet GUI see Configuring VLAN Support on p...

Страница 312: ...ork lan wlan mapping edit Modifies a VLAN s name and ID Syntax For information on editing VLANs using the applet GUI see Configuring VLAN Support on page 126 edit name name Modifies an existing VLAN n...

Страница 313: ...700 admin network lan wlan mapping delete Deletes a specific VLAN or all VLANs Syntax For information on deleting VLANs using the applet GUI see Configuring VLAN Support on page 126 delete VLAN id Del...

Страница 314: ...VLAN to a WLAN Syntax Example admin network lan wlan mapping lan map wlan1 lan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 126 lan map wlan name Maps a...

Страница 315: ...WLAN Syntax Example admin network lan wlan mapping vlan map wlan1 vlan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 126 vlan map wlan name Maps an existi...

Страница 316: ...ubmenu The items available are displayed below show Displays DHCP parameters set Sets DHCP parameters add Adds static DHCP address assignments delete Deletes static DHCP address assignments list Lists...

Страница 317: ...ting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 LAN2 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lea...

Страница 318: ...rk lan dhcp show LAN1 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the ap...

Страница 319: ...dmin network lan dhcp add 1 00A0F1112234 192 169 24 7 admin network lan dhcp list 1 Index MAC Address IP Address 1 00A0F8112233 192 160 24 6 2 00A0F8112234 192 169 24 7 For information on adding clien...

Страница 320: ...A0F8112236 192 169 24 7 admin network lan dhcp delete 1 index mac address ip address 1 00A0F8102030 10 10 1 2 2 00A0F8112234 10 1 2 3 3 00A0F8112235 192 160 24 6 4 00A0F8112236 192 169 24 7 admin netw...

Страница 321: ...IP Address 1 00A0F8112233 10 1 2 4 2 00A0F8102030 10 10 1 2 3 00A0F8112234 10 1 2 3 4 00A0F8112235 192 160 24 6 5 00A0F8112236 192 169 24 7 admin network lan dhcp For information on listing client MAC...

Страница 322: ...int Type Filter submenu The items available under this command include show Displays the current Ethernet Type exception list set Defines Ethernet Type Filter parameters add Adds an Ethernet Type Filt...

Страница 323: ...ype Filter configuration Syntax Example admin network lan type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 For information on displaying the type filter configuration usin...

Страница 324: ...e Filter configuration Syntax Example admin network lan type filter set mode 1 allow For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configurat...

Страница 325: ...ess type filter add 2 0806 admin network wireless type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 2 0806 3 0800 4 8782 For information on configuring the type filter sett...

Страница 326: ...r show 1 Ethernet Type Filter mode allow index ethernet type 1 0806 2 0800 3 8782 admin network lan type filter delete 2 all admin network lan type filter show 2 Ethernet Type Filter mode allow index...

Страница 327: ...configuration set set WAN PPPoE and 3G WWAN configuration delete delete WWAN CRM Remote Gateways clear clear WWAN AP name nat go to NAT menu vpn go to VPN menu content go to Outbound Content Filtering...

Страница 328: ...0 Auto negotiation disable Speed 100M Duplex full WAN IP 2 disable WAN IP 3 disable WAN IP 4 disable WAN IP 5 disable WAN IP 6 disable WAN IP 7 disable WAN IP 8 disable PPPoE Mode enable PPPoE User N...

Страница 329: ...ables WAN DHCP Client mode ipadr idx a b c d Sets up to 8 using indx from 1 to 8 IP addresses a b c d for the access point WAN interface mask a b c d Sets the subnet mask for the access point WAN inte...

Страница 330: ...CLI Reference Altitude 4700 Series Access Point Product Reference Guide 330 For an overview of the WAN configuration options available using the applet GUI see Configuring WAN Settings on page 135...

Страница 331: ...onfiguration options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 141 show Displays the access point s current NAT parameters for the specified index...

Страница 332: ...Type 1 to many Inbound Mappings Port Forwarding unspecified port forwarding mode enable unspecified port fwd ip address 111 223 222 1 one to many nat mapping LAN No WAN IP 1 157 235 91 2 2 157 235 91...

Страница 333: ...to many nat mapping LAN No WAN IP 1 157 235 91 2 2 10 1 1 1 For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 141 set...

Страница 334: ...w of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 141 add idx name tran port1 port2 ip dst_port Sets an inbound network address trans...

Страница 335: ...te 1 1 admin network wan nat list 1 index name Transport start port end port internal ip translation Related Commands For an overview of the NAT options available using the applet GUI see Configuring...

Страница 336: ...e Transport start port end port internal ip translation 1 special tcp 20 21 192 168 42 16 21 Related Commands For an overview of the NAT options available using the applet GUI see Configuring Network...

Страница 337: ...ng the applet GUI see Configuring VPN Tunnels on page 225 add Adds VPN tunnel entries set Sets key exchange parameters delete Deletes VPN tunnel entries list Lists VPN tunnel entries reset Resets all...

Страница 338: ...l type is Manual proper SPI values and Keys must be configured after adding the tunnel admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page...

Страница 339: ...dir enckey Sets the Manual Encryption Key in ASCII for tunnel name and direction IN or OUT to the key enc key The size of the key depends on the encryption algorithm 16 hex characters for DES 48 hex...

Страница 340: ...ntication for name to idtype This value is not required when the ID type is set to IP remiddata name idtype Sets the Local ID data for IKE authentication for name to idtype This value is not required...

Страница 341: ...192 168 33 1 192 168 24 198 SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn delete Eng2EngAnnex admin network wan vpn list Tunnel Name Type Remote IP Mask Remote Ga...

Страница 342: ...SJSharkey Detail listing of VPN entry Name SJSharkey Local Subnet 1 Tunnel Type Manual Remote IP 206 107 22 45 Remote IP Mask 255 255 255 224 Remote Security Gateway 206 107 22 2 Local Security Gatewa...

Страница 343: ...work wan vpn reset Resets all of the access point s VPN tunnels Syntax Example admin network wan vpn reset VPN tunnels reset admin network wan vpn For information on configuring VPN using the applet G...

Страница 344: ...atistics for all active tunnels Syntax Example admin network wan vpn stats Tunnel Name Status SPI OUT IN Life Time Bytes Tx Rx Eng2EngAnnex Not Active SJSharkey Not Active For information on displayin...

Страница 345: ...tate Dest IP Remaining Life Eng2EngAnnex Not Connected SJSharkey Not Connected admin network wan vpn For information on configuring IKE using the applet GUI see Configuring IKE Key Settings on page 23...

Страница 346: ...ontent Filtering menu The items available under this command include addcmd Adds control commands to block outbound traffic delcmd Deletes control commands to block outbound traffic list Lists applica...

Страница 347: ...raffic proxy Adds a Web proxy command activex Adds activex files file Adds Web URL extensions 10 files maximum smtp Adds SMTP commands to block outbound traffic helo helo command mail mail command rcp...

Страница 348: ...traffic proxy Deletes a Web proxy command activex Deletes activex files file Deletes Web URL extensions 10 files maximum smtp Deletes SMTP commands to block outbound traffic helo helo command mail ma...

Страница 349: ...wan content list smtp SMTP Commands HELO deny MAIL allow RCPT allow DATA deny QUIT allow SEND allow SAML allow RESET allow VRFY allow EXPN allow admin network wan content list ftp FTP Commands Storing...

Страница 350: ...ys the Dynamic DNS submenu The items available under this command include set set dyndns parameters update manual dyndns update show show dyndns parameters save save cfg to system flash quit quit cli...

Страница 351: ...twork wan dyndns set host greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 145 set mode enable disable Enables or disbales the D...

Страница 352: ...t s current WAN IP address with the DynDNS service Syntax Example admin network wan dyndns update IP Address 157 235 91 231 Hostname greengiant For an overview of the Dynamic DNS options available usi...

Страница 353: ...n network wan dyndns show DynDNS Configuration Mode enable Username percival Password Hostname greengiant DynDNS Update Response IP Address 157 235 91 231 Hostname greengiant Status OK For an overview...

Страница 354: ...ss point WLANs acl Displays to the Access Control List ACL submenu to restrict or allow MU access to access point WLANs radio Displays the radio configuration submenu used to specify how the 802 11a n...

Страница 355: ...et Sets the access point s wireless proxy arp configuration Syntax Example admin network wireless set proxy arp enable For informarton on configuring proxy arp support using the applet GUI see Enablin...

Страница 356: ...how Displays the access point s wireless proxy arp configuration Syntax Example admin network wireless show Proxy ARP dynamic For informarton on configuring proxy arp support using the applet GUI see...

Страница 357: ...ns available to the using the applet GUI see Enabling Wireless LANs WLANs on page 146 show Displays the access point s current WLAN configuration create Defines the parameters of a new WLAN edit Modif...

Страница 358: ...n 2 4 GHz Radio not available Client Bridge Mesh Backhaul available Hotspot not available Maximum MUs 127 MU Idle Timeout 30 Security Policy Default MU Access Control Default Kerberos User Name Kerber...

Страница 359: ...utes Sets the interval the access point uses to timeout idle MUs from WLAN inclusion Set between 1 65532 minutes Default is 30 minutes security name Sets the security policy to the WLAN 1 32 acl name...

Страница 360: ...show security Secu Policy Name Authen Encryption Associated WLANs 1 Default Manual no encrypt Front Lobby 2 WEP Demo Manual WEP 64 2nd Floor 3 Open Manual no encrypt 1st Floor WPA Countermeasure enab...

Страница 361: ...WLAN using the applet GUI see Creating Editing Individual WLANs on page 148 edit index Edits the properties of an existing and specified WLAN policy 1 16 show Displays the WLANs pamaters and summary...

Страница 362: ...dmin network wireless wlan delete Deletes an existing WLAN Syntax For information on deleting a WLAN using the applet GUI see Creating Editing Individual WLANs on page 148 delete wlan name Deletes a t...

Страница 363: ...irection Goes to the hotspot redirection menu radius Goes to the hotspot RADIUS menu white list Goes to the hotspot white list menu set Sets the WLAN s hotspot configuration hs_import Imports hotspot...

Страница 364: ...Server Ip adr 157 235 32 12 Secondary Server Port 1812 Secondary Server Secret Accounting Mode disable Accounting Server Ip adr 0 0 0 0 Accounting Server Port 1813 Accounting Server Secret Accoutning...

Страница 365: ...ormation on configuring the hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 160 redirection set page loc Sets the hotspot http re direct...

Страница 366: ...enu Syntax For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 160 set Sets the RADIUS hotspot configurat...

Страница 367: ...tspot options available to the access ointusing the applet GUI see Configuring WLAN Hotspot Support on page 160 set server idx srvr_type ipadr Sets the RADIUS hotpost server IP address per wlan index...

Страница 368: ...ecret Secondary Server Ip adr 0 0 0 0 Secondary Server Port 1812 Secondary Server Secret Accounting Mode enable Accounting Server Ip adr 157 235 15 16 Accounting Server Port 1813 Accounting Server Sec...

Страница 369: ...ist Rules Idx IP Address 1 157 235 21 21 For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 160 white li...

Страница 370: ...the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 160 set file wlan idx file1 file2 Sets the hotspot customized file name s for the s...

Страница 371: ...Syntax Example admin network wireless wlan hotspot hs_import 2 Import Operation Started File Transfer In Progress File Transfer Completed For information on configuring the Hotspot options available...

Страница 372: ...lan idx Syntax Example admin network wireless wlan hotspot hs_export 2 Export Operation Started File Transfer In Progress File Transfer Completed For information on configuring the Hotspot options ava...

Страница 373: ...files to a specified WLAN index wlan idx Syntax Example admin network wireless wlan hotspot default 2 For information on configuring the Hotspot options available to the access point using the applet...

Страница 374: ...ndex wlan idx Syntax Example admin network wireless wlan hotspot delete 2 Warning This will delete all the files from the corresponding directory For information on configuring the Hotspot options ava...

Страница 375: ...guration options available to the access point using the applet GUI see Configuring Security Options on page 197 show Displays the access point s current security configuration set Enables disables th...

Страница 376: ...Floor 3 Open Manual no encrypt 1st Floor WPA Countermeasure enable admin network wireless security show policy 1 Policy Name Default Authentication type Manual Pre shared key No authentication Encrypt...

Страница 377: ...ow summary Secu Policy Name Authen Encryption Associated WLANs 1 Default Manual no encrypt Lobby 2 WEP Demo Manual WEP 64 2nd Floor 3 Open Manual no encrypt 1st Floor WPA Countermeasure enable Related...

Страница 378: ...e to KDC IP address port sidx port Sets the Kerberos port to port KDC port for server ksidx 1 primary 2 backup or 3 remote Note EAP parameters are only in affect if eap is specified for the authentica...

Страница 379: ...count Sets the maximum number of server retries to count 1 255 Note The WEP authentication mechanism saves up to four different keys one for each WLAN It is not requirement to set all keys but you mus...

Страница 380: ...e key 256 bit key Sets the TKIP key to 256 bit key phrase ascii phrase Sets the TKIP ASCII pass phrase to ascii phrase 8 63 characters ccmp rotate mode mode Enables or disabled the broadcast key inter...

Страница 381: ...n Encryption type no encryption For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 197...

Страница 382: ...security policy Syntax For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 197 delete s...

Страница 383: ...Control List ACL submenu The items available under this command include show Displays the access point s current ACL configuration create Creates an MU ACL policy edit Edits the properties of an exis...

Страница 384: ...Front Lobby WLAN1 2 Admin Administration 3 Demo Room Customers admin network wireless acl show policy 1 Policy Name Default Policy Mode allow index start mac end mac 1 00A0F8348787 00A0F8348798 For i...

Страница 385: ...l create add policy For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 153 create show acl name Di...

Страница 386: ...to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 153 show Displays MU ACL policy and its parameters set Modifies the properties of an existing MU ACL pol...

Страница 387: ...eless acl delete Removes an MU ACL policy Syntax For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on pag...

Страница 388: ...oint Radio submenu The items available under this command include show Summarizes access point radio parameters at a high level set Defines the access point radio configuration radio1 Displays the 2 4...

Страница 389: ...Roaming Client Bridge Mode disable Client Bridge WLAN WLAN1 Mesh Connection Timeout enable Radio 2 Name Radio 2 Radio Mode enable Radio Function WIPS RF Band of Operation 802 11n 5 GHz Roaming Client...

Страница 390: ...4700 Series Access Point Product Reference Guide 390 For information on configuring the Radio Configuration options available to the access point using the applet GUI see Setting the WLAN s Radio Con...

Страница 391: ...depending on the single dual or three radio configuration deployed see examples below max mus mus Defines the maximum number of MUs assigned to the specified radio idx 1 or 2 The range can be defined...

Страница 392: ...rmation on the options available to the access point see Setting the WLAN s Radio Configuration on page 169 7 Radio 1 Disabled Radio 2 WLAN Radio 3 Disabled 8 Radio 1 Disabled Radio 2 Disabled Radio 3...

Страница 393: ...show 802 11n radio parameters set set 802 11n radio parameters delete delete 802 11n radio parameters advanced go to Advanced Settings sub menu mesh go to Mesh Connections sub menu go to parent menu g...

Страница 394: ...l Util Beacon Intervl 10 beacon intvls QBSS Load Element Mode enable Single Anetenna disable Dynamic Chain Selection disable TKIP HT rates compatibility disable Current BCMC Tx Speed for range optimiz...

Страница 395: ...enable Transmit A MPDU Size Limit 65536 bytes Receive A MPDU Size Limit 65536 bytes Receive A MPDU Minimum Spacing 0 usec admin network wireless radio 802 11n 2 4 GHz admin network wireless radio 802...

Страница 396: ...lude 0 Default antenna 1 Dual band antenna 2 Omni antenna 3 Yagi antenna 4 Embedded antenna 5 Panel antenna 6 Patch antenna 7 Sector antenna antenna gain Sets the gain used by the selected antenna typ...

Страница 397: ...network wireless radio 802 11n 2 4 GHz set qos cwmax 255 admin network wireless radio 802 11n 2 4 GHz set qos aifsn 7 admin network wireless radio 802 11n 2 4 GHz set qos txops 0 admin network wirele...

Страница 398: ...the advanced submenu for the 802 11n 2 4 GHz radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11n 2 4 GHz radio set Defines advanced param...

Страница 399: ...ffice 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11n 2 4 GHz advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio Band s 2 4 and 5...

Страница 400: ...adio 802 11n 2 4 GHz advanced set wlan demoroom 1 admin network wireless radio 802 11n 2 4 GHz advanced set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the...

Страница 401: ...items available under this command include Syntax show Displays mesh settings and status for the 802 11n 2 4 GHz radio set Defines mesh parameters for the 802 11n 2 4 GHz radio add Adds a 802 11n 2 4...

Страница 402: ...11n 2 4 GHz radio Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh show config Mesh Connection Auto Select enable admin network wireless radio 802 11n 2 4 GHz mesh show status idx AP M...

Страница 403: ...mesh set Defines mesh parameters for the 802 11n 2 4 GHz radio Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh set auto select enable admin network wireless radio 802 11n 2 4 GHz mes...

Страница 404: ...P4700 admin network wireless radio 802 11n 2 4 GHz mesh add Adds a 802 11n 2 4 GHz radio mesh connection Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh add 2 AA21DCDD12DE add priorit...

Страница 405: ...dio 802 11n 2 4 GHz mesh delete Deletes a 802 11n 2 4 GHz radio mesh connection by specified index or by removing all entries Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh delete 2...

Страница 406: ...02 11n 5 0 GHz radio 2 submenu The items available under this command include Syntax show show 802 11n radio parameters set set 802 11n radio parameters delete delete 802 11n radio parameters advanced...

Страница 407: ...ngle Antenna disable Dynamic Chain Selection disable TKIP HT rates compatibility disable Current BCMC Tx Speed for range optimization admin network wireless radio 802 11n 5 0 GHz show rates Basic Rate...

Страница 408: ...e Transmit A MSDU enable Transmit A MSDU Buffer Limit 3839 bytes Enable Transmit A MPDU enable Transmit A MPDU Size Limit 65536 bytes Receive A MPDU Size Limit 65536 bytes Receive A MPDU Minimum Spaci...

Страница 409: ...adio type channel and country antenna type Sets the numerical antenna type used with the access point 0 7 Antenna types include 0 default antenna 1 dual band antenna 2 Omni antenna 3 Yagi antenna 4 Em...

Страница 410: ...nable admin network wireless radio 802 11n 5 0 GHz set tkip ht compatibility disable admin network wireless radio 802 11n 5 0 GHz set bcmc tx speed range CAUTION A 40 MHz channel is composed of two 20...

Страница 411: ...vanced submenu for the 802 11n 5 0 GHz radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11n 5 0 GHz radio set Defines advanced parameters f...

Страница 412: ...ion is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11n 5 0 GHz advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio 2 4 an...

Страница 413: ...n 5 0 GHz advanced set wlan demoroom 1 admin network wireless radio 802 11n 5 0 GHz advanced set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access poi...

Страница 414: ...dio The items available under this command include Syntax show Displays mesh settings and status for the 802 11n 5 0 GHz radio set Defines mesh parameters for the 802 11n 5 0 GHz radio add Adds a 802...

Страница 415: ...GHz radio Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh show config Mesh Connection Auto Select enable admin network wireless radio 802 11n 5 0 GHz mesh show status idx AP MAC Addr...

Страница 416: ...5 0 GHz mesh set Defines mesh parameters for the 802 11n 5 0 GHz radio Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh set auto select enable admin network wireless radio 802 11n 5 0...

Страница 417: ...dmin network wireless radio 802 11n 5 0 GHz mesh add Adds a 802 11n 5 0 GHz radio mesh connection Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh add 2 AA21DCDD12DE add priority Defin...

Страница 418: ...less radio 802 11n 5 0 GHz mesh delete Deletes a 802 11n 5 0 GHz radio mesh connection by specified index or by removing all entries Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh de...

Страница 419: ...y of Service QoS submenu The items available under this command include show Displays access point QoS policy information create Defines the parameters of the QoS policy edit Edits the settings of an...

Страница 420: ...o Dept admin network wireless qos show policy 1 Policy Name Default Support Voice Prioritization disable Multicast Mask Address 1 01005E000000 Multicast Mask Address 2 09000E000000 WMM QOS Mode disabl...

Страница 421: ...pe used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 11g voi...

Страница 422: ...data type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi...

Страница 423: ...te Removes a QoS policy Syntax For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page 156 del...

Страница 424: ...Displays the access point Rate Limiting submenu The items available under this command include show Displays Rate Limiting information for how data is processed by the access point set Defines Rate L...

Страница 425: ...U Rate Limiting disable admin network wireless rate limiting show wlan WLAN 1 WLAN Name WLAN1 ESSID 101 Radio Band s 2 4 and 5 0 GHz VLAN none Security Policy Default QoS Policy Default Rate Limiting...

Страница 426: ...work wireless rate limiting set Defines the access point Rate Limiting configuration Syntax For information on configuring the Rate Limiting options available to the access point using the applet GUI...

Страница 427: ...isplays the current access point Rogue AP detection configuration set Defines the Rogue AP detection method mu scan Goes to the Rogue AP mu uscan submenu allowed list Goes to the Rogue AP Allowed List...

Страница 428: ...ss rogue ap show MU Scan disable MU Scan Interval 60 minutes On Channel disable Detector Radio Scan enable Auto Authorize Extreme APs disable Approved APs age out 0 minutes Rogue APs age out 0 minutes...

Страница 429: ...rogue ap admin network wireless rogue ap set mu scan enable admin network wireless rogue ap set interval 10 admin network wireless rogue ap set on channel disable admin network wireless rogue ap set...

Страница 430: ...ys the Rogue AP mu scan submenu Syntax add Add all or just one scan result to Allowed AP list show Displays all APs located by the MU scan start The access point initiates an immediate scan for known...

Страница 431: ...gue ap mu scan start Initiates an MU scan from a user provided MAC address Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring...

Страница 432: ...admin network wireless rogue ap mu scan show Displays the results of an MU scan Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Confi...

Страница 433: ...t Displays the Rogue AP allowed list submenu show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list delete Deletes an entry or all entries from the allowed li...

Страница 434: ...t Syntax Example admin network wireless rogue ap allowed list show Allowed AP List index ap mac essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing For information on confi...

Страница 435: ...03 admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 fffffffffff 3 00 A0 F8 40 20 01 Marketing 4 00 A0 F8 31 61 BB 103 For information on configu...

Страница 436: ...ist delete Deletes an AP MAC address and ESSID to existing allowed list Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Ro...

Страница 437: ...ss wips Displays the WIPS submenu The items available under this command include show Displays the current WLAN Intrusion Prevention configuration set Sets WLAN Intrusion Prevention parameters Goes to...

Страница 438: ...ireless wips show Shows the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips show WIPS Server 1 IP Address 192 168 0 21 WIPS Server 2 IP Address 10 1 1 1 admin networ...

Страница 439: ...in network wireless wips set Sets the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips set server 1 192 168 0 21 admin network wireless wips set idx 1 and 2 ip Define...

Страница 440: ...n network wireless mu locationing Displays the MU Locationing submenu The items available under this command include show Displays the current MU Locationing configuration set Defines MU Locationing p...

Страница 441: ...rk wireless mu locationing show Displays the MU probe table configuration Syntax Example admin network wireless mu locationing show MU Probe Table Mode disable MU Probe Table Size 200 admin network wi...

Страница 442: ...ocating MUs Syntax Example admin network wireless mu locationing set admin network wireless mu locationing set mode enable admin network wireless mu locationing set size 200 admin network wireless mu...

Страница 443: ...is command include show Displays the access point s current firewall configuration set Defines the access point s firewall parameters access Enables disables firewall permissions through the LAN and W...

Страница 444: ...ce attack filter enable syn flood attack filter enable unaligned ip timestamp filter enable source routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mim...

Страница 445: ...outing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 max mime headers 16 set mode mode Enables o...

Страница 446: ...40 2048 4 lan wan 654321 tcp 2048 2048 5 lan wan abc ah 100 1000 For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Setting...

Страница 447: ...255 0 0 0 255 0 0 0 65535 65535 nat port 33 2 33 3 0 0 10 10 1 1 tcp 1 1 11 11 1 0 allow 255 255 255 0 255 255 255 0 65535 65535 nat port 0 For information on configuring the Firewall options availabl...

Страница 448: ...r submenu The items available under this command are show Displays the existing access point router configuration set Sets the RIP parameters add Adds user defined routes delete Deletes user defined r...

Страница 449: ...show routes index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 4 192 1...

Страница 450: ...figuring Router Settings on page 186 set auth Sets the RIP authentication type none simple or MD5 dir Sets RIP direction rx tx or both id Sets MD5 authetication ID 1 256 for specific index 1 2 key Set...

Страница 451: ...destination netmask gateway interface metric 1 192 168 3 0 255 255 255 0 192 168 2 1 lan1 1 For information on configuring the Router options available to the access point using the applet GUI see Co...

Страница 452: ...0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan2 0 admin network router delete 2 admin network router list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan...

Страница 453: ...destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 192 168 0 1 lan1 1 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 For information on co...

Страница 454: ...er submenu The items available under this command are show Displays Global IP Filter table entries set Sets Global IP Filter table entries add Adds a filter to the Global IP Filter table delete Delete...

Страница 455: ...5 AP4700 admin network ipfilter show Displays Global IP Filter table entries Syntax Example admin network ipfilter show Idx name Protocol Port Start End SrcIP Start End DestIP Start End In Use admin n...

Страница 456: ...ts the protocol of the IP filter port start Sets the starting port of the IP Filter port end Sets the end port of the IP Filter saddr start Sets the source address start of the IP Filter saddr end Set...

Страница 457: ...col loc Adds protocol for IP Filter start port port Adds a starting port for IP Filter end port port Adds an ending port for IP Filter start src address ip Adds a starting source IP address for IP Fil...

Страница 458: ...0 admin network ipfilter delete Deletes a filter from the Global IP Filter table Syntax Example admin network ipfilter delete all admin network ipfilter delete index idx Deletes a filter index from th...

Страница 459: ...to the Power Settings submenu aap setup Goes to the Adaptive AP Settings submenu lldp Goes to the LLDP submenu access Goes to the access point access submenu where access point access methods can be...

Страница 460: ...s point is reset Please be sure to save changes before resetting Are you sure you want to restart the AP4700 yes no AP4700 Boot Firmware Version 4 1 0 0 xxx Press escape key to run boot firmware Power...

Страница 461: ...l address system uptime 3 days 23 hours 17 minutes 14 seconds DNS Relay Mode enable SSLv2 support from HTTP server enable weak cipher support in SSL enable SSHv1 support enable led state enable AP4700...

Страница 462: ...ng the applet GUI see Configuring System Settings on page 78 set name name Sets the access point system name to name 1 to 59 characters The access point does not allow intermediate space characters be...

Страница 463: ...nce Guide 463 AP4700 admin system lastpw Displays last expired debug password Example admin system lastpw AP 4700 MAC Address is 00 15 70 02 7A 66 Last debug password was extreme Current debug passwor...

Страница 464: ...35 92 210 ether 00 11 25 14 61 A8 C 157 235 92 179 ether 00 14 22 F3 D7 39 C 157 235 92 248 ether 00 11 25 B2 09 60 C 157 235 92 180 ether 00 0D 60 D0 06 90 C 157 235 92 3 ether 00 D0 2B A0 D4 FC C 15...

Страница 465: ...configuring power settings using the applet GUI see Configuring Power Settings on page 81 show Displays the current power setting configuration set Defines the access point s power setting configurati...

Страница 466: ...t power configuration Syntax Example admin system power setup show Power Mode Auto Power Status Full Power 3af Power Option default 3at Power Option default Default Radio Radio1 For information on con...

Страница 467: ...em power setup set power option 3af option admin system power setup set def radio 1 For information on configuring power settings using the applet GUI see Configuring Power Settings on page 81 set mod...

Страница 468: ...e Adaptive AP Setup on page 85 For an overview of adaptive AP functionality and its implications see Adaptive AP Overview on page 605 show Displays Adaptive AP information set Defines the Adaptive AP...

Страница 469: ...IP Address 6 0 0 0 0 IP Address 7 0 0 0 0 IP Address 8 0 0 0 0 IP Address 9 0 0 0 0 IP Address 10 0 0 0 0 IP Address 11 0 0 0 0 IP Address 12 0 0 0 0 Tunnel to Controller disable AC Keepalive 5 Load B...

Страница 470: ...daptive AP using the applet GUI see Adaptive AP Setup on page 85 For an overview of adaptive AP functionality and its implications see Adaptive AP Overview on page 605 set auto discovery Sets the cont...

Страница 471: ...admin system aap setup delete 1 admin system aap setup For information on configuring Adaptive AP using the applet GUI see Adaptive AP Setup on page 85 For an overview of adaptive AP functionality an...

Страница 472: ...DP submenu For information on configuring LLDP using the applet GUI see Configuring LLDP Settings on page 108 show Displays LLDP information set Sets LLDP parameters Goes to the parent menu Goes to th...

Страница 473: ...ldp show Displays LLDP information Syntax admin system lldp show LLDP Status enable LLDP Refresh Interval 30 LLDP Holdtime Mutiplier 4 admin system lldp For information on configuring LLDP using the a...

Страница 474: ...lldp mode enable admin system lldp set lldp refresh 100 admin system lldp set lldp holdtime 2 admin system lldp For information on configuring LLDP using the applet GUI see Configuring LLDP Settings o...

Страница 475: ...Displays the access point access submenu show Displays access point system access capabilities set Goes to the access point system access submenu Goes to the parent menu Goes to the root menu save Sa...

Страница 476: ...I SSH access parameters auth timout seconds Disables the radio interface if no data activity is detected after the interval defined Default is 120 seconds inactive timeout minutes Inactivity interval...

Страница 477: ...able enable cli ssh access enable enable enable snmp access enable enable enable SSLV2 enable http s timeout 0 ssh server authetnication timeout 120 ssh server inactivity timeout 120 admin authetnicat...

Страница 478: ...ds a Self Certificate signed by CA listself Lists the self certificate loaded loadca Loads trusted certificate from CA delca Deletes the trusted certificate listca Lists the trusted certificate loaded...

Страница 479: ...7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG C1f Bj8AszttSo bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX d6 Q1SMbs tG4RP0lRSr iWDyuvwx END CERTIFICATE REQUEST For information on configuring certificate management...

Страница 480: ...tem cmgr delself Deletes a self certificate Syntax Example admin system cmgr delself MyCert2 For information on configuring self certificate settings using the applet GUI see Creating Self Certificate...

Страница 481: ...oads a self certificate signed by the Certificate Authority Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on...

Страница 482: ...82 AP4700 admin system cmgr listself Lists the loaded self certificates Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessin...

Страница 483: ...cmgr loadca Loads a trusted certificate from the Certificate Authority Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 91 loadca...

Страница 484: ...uct Reference Guide 484 AP4700 admin system cmgr delca Deletes a trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on p...

Страница 485: ...ce Guide 485 AP4700 admin system cmgr listca Lists the loaded trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page...

Страница 486: ...dmin system cmgr showreq Displays a certificate request in PEM format Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 91 showreq...

Страница 487: ...487 AP4700 admin system cmgr delprivkey Deletes a private key Syntax For information on configuring certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on p...

Страница 488: ...88 AP4700 admin system cmgr listprivkey Lists the names of private keys Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 91 listpr...

Страница 489: ...e a certificate request delself deletes a signed certificate loadself loads a signed certficiate signed by the CA listself lists the loaded signed self certificate loadca loads the root CA certificate...

Страница 490: ...generate a certificate request delself deletes a signed certificate loadself loads a signed certficiate signed by the CA listself lists the loaded signed self certificate loadca loads the root CA cert...

Страница 491: ...00 admin system snmp Displays the SNMP submenu The items available under this command are shown below access Goes to the SNMP access submenu traps Goes to the SNMP traps submenu Goes to the parent men...

Страница 492: ...p access Displays the SNMP Access menu The items available under this command are shown below show Shows SNMP v3 engine ID add Adds SNMP access entries delete Deletes SNMP access entries list Lists SN...

Страница 493: ...the SNMP v3 engine ID Syntax Example admin system snmp access show eid AP4700 snmp v3 engine id 000001846B8B4567F871AC68 admin system snmp access For information on configuring SNMP access settings u...

Страница 494: ...chars E g 1 3 6 1 v3 user access oid sec auth pass1 priv pass2 user username 1 to 31 characters access read write access ro rw oid string 1 to 127 chars E g 1 3 6 1 sec security none auth auth priv a...

Страница 495: ...mp access list acl index start ip end ip For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 101 delete acl idx Deletes entry idx 1 10...

Страница 496: ...vate read write 1 3 6 1 admin system snmp access list v3 2 index 2 username judy access permission read write object identifier 1 3 6 1 security level auth priv auth algorithm md5 auth password privac...

Страница 497: ...NMP traps submenu The items available under this command are shown below show Shows SNMP trap parameters set Sets SNMP trap parameters add Adds SNMP trap entries delete Deletes SNMP trap entries list...

Страница 498: ...ork Traps physical port status change enable denial of service enable denial of service trap rate limit 10 seconds SNMP System Traps system cold start disable system config changed disable rogue ap de...

Страница 499: ...al cold enable disable Enables disables the system cold start trap cfg enable disable Enables disables a configuration changes trap rogue ap enable disable Enables disables a trap when a rogue ap is d...

Страница 500: ...ee Configuring SNMP RF Trap Thresholds on page 107 add v1v2 ip port comm ver Adds an entry to the SNMP v1 v2 access list with the destination IP address set to ip the destination UDP port set to port...

Страница 501: ...s delete v1v2 all For information on configuring SNMP traps using the applet GUI see Configuring SNMP Settings on page 97 delete v1v2c idx Deletes entry idx from the v1v2c access control list all Dele...

Страница 502: ...m v1 admin system snmp traps add v3 201 232 24 33 555 BigBoss none md5 admin system snmp traps list v3 all index 1 destination ip 201 232 24 33 destination port 555 username BigBoss security level non...

Страница 503: ...to the user database submenu Syntax For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 259 user Goes to the user submen...

Страница 504: ...ords Syntax For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 259 add Adds a new user delete Deletes a new user cleara...

Страница 505: ...the user database Syntax Example admin system userdb user add george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User A...

Страница 506: ...a new user to the user database Syntax Example admin system userdb user delete george admin system userdb user For information on configuring User Database permissions using the applet GUI see Defini...

Страница 507: ...ves all existing user IDs from the system Syntax Example admin system userdb user clearall admin system userdb user For information on configuring User Database permissions using the applet GUI see De...

Страница 508: ...ssword for a user Syntax Example admin system userdb user set george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User A...

Страница 509: ...ng User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 259 create Creates a group name delete Deletes a group name clearall Removes all existing group...

Страница 510: ...Once defined users can be added to the group Syntax Example admin system userdb group create 2 admin system userdb group For information on configuring User Database permissions using the applet GUI s...

Страница 511: ...up delete Deletes an existing group Syntax Example admin system userdb group delete 2 admin system userdb group For information on configuring User Database permissions using the applet GUI see Defini...

Страница 512: ...Removes all existing group names from the system Syntax Example admin system userdb group clearall admin system userdb group For information on configuring User Database permissions using the applet G...

Страница 513: ...ser to an existing group Syntax Example admin system userdb group add lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining...

Страница 514: ...a user from an existing group Syntax Example admin system userdb group remove lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see D...

Страница 515: ...rdb group show groups List of Group Names engineering marketing demo room admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Acce...

Страница 516: ...using the applet GUI see Configuring User Authentication on page 250 eap Goes to the EAP submenu policy Goes to the access policy submenu ldap Goes to the LDAP submenu proxy Goes to the proxy submenu...

Страница 517: ...DIUS user database Syntax Example admin system radius set database local admin system radius show all Database local admin system radius For information on configuring RADIUS using the applet GUI see...

Страница 518: ...ring EAP RADIUS using the applet GUI see Configuring User Authentication on page 250 peap Goes to the Peap submenu ttls Goes to the TTLS submenu import Imports the requested EAP certificates set Defin...

Страница 519: ...e Peap submenu Syntax For information on configuring PEAP RADIUS using the applet GUI see Configuring User Authentication on page 250 set Defines Peap parameters show Displays the Peap configuration s...

Страница 520: ...meters Syntax Example admin system radius eap peap set auth gtc admin system radius eap peap show PEAP Auth Type gtc For information on configuring EAP PEAP RADIUS values using the applet GUI see Conf...

Страница 521: ...submenu Syntax For information on configuring EAP TTLS RADIUS values using the applet GUI see Configuring User Authentication on page 250 set Defines TTLS parameters show Displays the TTLS configurat...

Страница 522: ...Syntax Example admin system radius eap ttls set auth pap admin system radius eap ttls show TTLS Auth Type pap For information on configuring EAP TTLS RADIUS values using the applet GUI see Configurin...

Страница 523: ...tion on configuring RADIUS access policies using the applet GUI see Configuring User Authentication on page 250 set Sets a group s WLAN access policy access time Goes to the time based login submenu s...

Страница 524: ...WLAN access policy Syntax Example admin system radius policy set engineering 16 admin system radius policy For information on configuring RADIUS WLAN policy values using the applet GUI see Configuring...

Страница 525: ...e is in DayDDDD DDDD format show Displays the group s access time rule save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu Context Command Des...

Страница 526: ...access policy Syntax Example admin system radius policy show List of Access Policies engineering 16 marketing 10 demo room 3 test demo No Wlans admin system radius policy For information on configurin...

Страница 527: ...nu Syntax For information on configuring a RADIUS LDAP server using the applet GUI see Configuring LDAP Authentication on page 253 set Defines the LDAP parameters show all Displays existing LDAP param...

Страница 528: ...s ldap set groupname 0 0 0 0 admin system radius ldap set filter 123 admin system radius ldap set membership radiusGroupName admin system radius ldap For information on configuring a RADIUS LDAP serve...

Страница 529: ...on LDAP Login Attribute uid Stripped User Name User Name LDAP Password attribute userPassword LDAP Group Name Attribue cn LDAP Group Membership Filter objectClass GroupOfNames member Ldap objectClass...

Страница 530: ...RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 255 add Adds a proxy realm delete Deletes a proxy realm clearall Removes all proxy server records set Sets...

Страница 531: ...xy add lancelot 157 235 241 22 1812 muddy admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 255 add...

Страница 532: ...n system radius proxy delete Adds a proxy Syntax Example admin system radius proxy delete lancelot admin system radius proxy For information on configuring RADIUS proxy server values using the applet...

Страница 533: ...ves all proxy server records from the system Syntax Example admin system radius proxy clearall admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI...

Страница 534: ...radius proxy set delay 10 admin system radius proxy set count 5 admin system radius proxy For information on configuring RADIUS proxy server values using the applet GUI see Configuring a Proxy Radius...

Страница 535: ...uring RADIUS client values using the applet GUI see Configuring the Radius Server on page 250 add Adds a RADIUS client to list of available clients delete Deletes a RADIUS client from list of availabl...

Страница 536: ...ADIUS server Syntax Example admin system radius client add 157 235 132 11 255 255 255 225 muddy admin system radius client For information on configuring RADIUS client values using the applet GUI see...

Страница 537: ...om those available to the RADIUS server Syntax Example admin system radius client delete 157 235 132 11 admin system radius client For information on configuring RADIUS client values using the applet...

Страница 538: ...clients Syntax Example admin system radius client show Idx Subnet Host Netmask SharedSecret 1 157 235 132 11 255 255 255 225 admin system radius client For information on configuring RADIUS client val...

Страница 539: ...to be configured accurately on the access point Syntax For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 110 show Shows NTP parameters settings...

Страница 540: ...m ntp show Displays the NTP server configuration Syntax Example admin system ntp show current time 2006 07 31 14 35 20 time zone UTC ntp mode enable For information on configuring NTP using the applet...

Страница 541: ...ate zone Show date time and time zone Syntax Example admin system ntp date zone Date Time Sat 1970 Jan 03 20 06 22 0000 UTC Time Zone UTC For information on configuring NTP using the applet GUI see Co...

Страница 542: ...zone list Displays an extensive list of time zones for countries around the world Syntax Example admin system ntp zone list For information on configuring NTP using the applet GUI see Configuring Netw...

Страница 543: ...configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 110 set mode ntp mode Enables or disables NTP server idx ip Sets the NTP sever IP address port idx port Defines...

Страница 544: ...ys the access point log submenu Logging options include Syntax show Shows logging options set Sets log options and parameters view Views system log delete Deletes the system log send Sends log to the...

Страница 545: ...ss point logging settings Syntax Example admin system logs show log level L6 Info syslog server logging enable syslog server ip address 192 168 0 102 For information on configuring logging settings us...

Страница 546: ...rmation on configuring logging settings using the applet GUI see Logging Configuration on page 112 set level level Sets the level of the events that will be logged All events with a level at or above...

Страница 547: ...6pm up 6 days 16 16 load average 0 00 0 01 0 00 Jan 7 16 16 01 none CC Mem 62384 32520 29864 0 0 Jan 7 16 16 01 none CC 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf...

Страница 548: ...nce Guide 548 AP4700 admin system logs delete Deletes the log files Syntax Example admin system logs delete For information on configuring logging settings using the applet GUI see Logging Configurati...

Страница 549: ...ansfer In progress File transfer Done admin system logs For information on configuring logging settings using the applet GUI see Logging Configuration on page 112 send Sends the system log file via FT...

Страница 550: ...ult access point configuration partial Restores a partial default access point configuration show Shows import export parameters set Sets import export access point configuration parameters export Exp...

Страница 551: ...default configuration Syntax Example admin system config default Are you sure you want to default the configuration yes no For information on importing exporting access point configurations using the...

Страница 552: ...ss point s LAN WAN and SNMP settings are unaffected by the partial restore Syntax Example admin system config partial Are you sure you want to partially default AP4700 yes no For information on import...

Страница 553: ...configuration file Syntax Example admin system config show cfg filename cfg txt cfg filepath ftp tftp server ip address 192 168 0 101 ftp user name myadmin ftp password For information on importing e...

Страница 554: ...is never be generated For configuration file import the legacy command set rf function X wips wlan is processed as it has historically There is no CLI menu allowing the user to enter set rf function X...

Страница 555: ...xport Operation Done CAUTION Make sure a copy of the access point s current configuration is exported to a secure location before exporting the access point s configuration as you will want a valid ve...

Страница 556: ...nt cannot import export its configuration to a dual radio model access point In turn a dual radio model access point cannot import export its configuration to a single radio access point CAUTION Extre...

Страница 557: ...oot process to successfully update the device firmware regardless of whether the reboot is conducted uing the GUI or CLI interfaces show Displays the current access point firmware update settings set...

Страница 558: ...fw update show automatic firmware upgrade enable automatic config upgrade enable firmware filename apn bin firmware path tftpboot ftp tftp server ip address 168 197 2 2 ftp user name jsmith ftp passwo...

Страница 559: ...ware on page 118 set fw auto mode When enabled updates device firmware each time the firmware versions are found to be different between the access point and the specified firmware on the remote syste...

Страница 560: ...t process to successfully update the device firmware regardless of whether the reboot is conducted uing the GUI or CLI interfaces admin system fw update update ftp For information on updating access p...

Страница 561: ...a config file to another access point within the known AP table send cfg all Sends a config file to all access points within the known AP table clear Clears all statistic counters to zero flash all l...

Страница 562: ...mmary on page 286 For information on displaying Known AP statistics using the applet GUI see Viewing Known Access Point Statistics on page 288 show wan Displays stats for the access point WAN port lan...

Страница 563: ...ll existing configuration parameters except Mesh settings LAN IP data WAN IP data and DHCP Server parameter information For information on copying the access point config to another access point using...

Страница 564: ...cfg all admin stats NOTE The send cfg all command copies all existing configuration parameters except Mesh settings LAN IP data WAN IP data and DHCP Server parameter information For information on cop...

Страница 565: ...r specified LAN index either clear lan 1 or clear lan 2 all rf Clears all RF data all wlan Clears all WLAN summary information wlan Clears individual WLAN statistic counters all radio Clears access po...

Страница 566: ...LEDs Syntax Example admin stats admin stats flash all leds 1 start Password admin stats flash all leds 1 stop admin stats For information on flashing access point LEDs using the applet GUI see Viewing...

Страница 567: ...sociated MU Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 285 show Shows the Mobile Unit Statistics Summary list Defines echo test parameters...

Страница 568: ...s Mobile Unit Statistics Summary Syntax Example admin stats echo show Idx IP Address MAC Address WLAN Radio T put ABS Retries 1 192 168 2 0 00 A0F8 72 57 83 demo 11a For information on MU Echo and Pin...

Страница 569: ...arameters and results Syntax Example admin stats echo list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats echo For information on MU Echo and Ping t...

Страница 570: ...f the echo test Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 285 set station mac Defines MU target MAC address request num Sets number of ec...

Страница 571: ...test Syntax Example admin stats echo start admin stats echo list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of MU Responses 2 For information on MU...

Страница 572: ...test to an AP with the same ESSID Syntax For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 285 ping show Shows Known AP Summary details list Defines ping test p...

Страница 573: ...erence Guide 573 AP4700 admin stats ping show Shows Known AP Summary Details Syntax Example admin stats ping show Idx IP Address MAC Address MUs KBIOS Unit Name 1 192 168 2 0 00 A0F8 72 57 83 3 0 Acce...

Страница 574: ...ping test parameters and results Syntax Example admin stats ping list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats ping For information on Known A...

Страница 575: ...n stats ping set request 10 admin stats ping set length 100 admin stats ping set data 1 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 285 s...

Страница 576: ...es the ping test Syntax Example admin stats ping start admin stats ping list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of AP Responses 2 For informa...

Страница 577: ...ing the WLAP client s ESSID Then it is required to go through the association and authentication process to establish wireless connections with the located devices This association process is identica...

Страница 578: ...ing This gives the user the freedom to configure their topology in a variety of ways without limitations This is important when configuring multiple Access Points for base bridge support in areas like...

Страница 579: ...st connection needs to be established before the system starts bridging traffic The dual radio model Access Point affords users better optimization of the mesh networking feature by allowing the Acces...

Страница 580: ...re information see Configuring Mesh Networking Support on page 581 Mesh Networking and the Access Point s Two Subnets The Access Point now has a second subnet on the LAN side of the system This means...

Страница 581: ...defined to correctly function as a base or client bridge within a mesh network This section describes the configuration activities required to define a mesh network s LAN configuration As the Spanning...

Страница 582: ...it exceeds the value set for the Maximum Message age timer Hello Time The Hello Time is the time between each bridge protocol data unit sent This time is equal to 2 seconds sec by default but you can...

Страница 583: ...and Quality of Service policy If intending to use the Access Point for mesh networking support Extreme Networks recommends configuring at least one WLAN of the 16 WLANs available specifically for mesh...

Страница 584: ...ing it too high could prohibit other WLANs from granting access to the all the devices needed 6 Select the Enable Client Bridge Backhaul checkbox to make this WLAN available in the Mesh Network Name d...

Страница 585: ...using Traffic within a mesh network probably consists of known devices so you may want to leave the checkbox unselected and configure each MU with an ESSID The default is selected However for WLANs u...

Страница 586: ...checkbox to allow the Access Point radio to accept client bridge connections from other Access Points in client bridge mode The base bridge is the acceptor of mesh network data from those client brid...

Страница 587: ...a wireless link The default setting is WLAN1 Extreme Networks recommends creating and naming a WLAN specifically for mesh networking support to differentiate the Mesh supported WLAN from non Mesh sup...

Страница 588: ...ty and a greater likelihood of joining the mesh network if an association with another device is lost If a MAC address is not desirable as others but still worthy of being on the preferred list select...

Страница 589: ...nnection must be re instated If updating the mesh network using a WAN connection the applet does not lose connection but the mesh network is unavailable until the changes have been applied 18 Click Un...

Страница 590: ...eployment scenarios will be addressed Scenario 1 Two base bridges redundant and one client bridge Scenario 2 A two hop mesh network with a base bridge repeater combined base bridge and client bridge m...

Страница 591: ...Configuring AP 1 1 Provide a known IP address for the LAN1 interface NOTE Enable the LAN1 Interface of AP 1 as a DHCP Server if you intend to associate MUs and require them to obtain an IP address via...

Страница 592: ...Configuring Mesh Networking Altitude 4700 Series Access Point Product Reference Guide 592 3 Define a mesh supported WLAN...

Страница 593: ...Altitude 4700 Series Access Point Product Reference Guide 593 4 Enable base bridge functionality on the 802 11a n radio Radio 2 5 Define a channel of operation for the 802 11a n radio...

Страница 594: ...e LAN1 Interface different than that of AP 1 Assign a higher Mesh STP Priority 50000 to the AP 2 LAN1 Interface NOTE In a typical deployment each base bridge can be configured for a Mesh STP Priority...

Страница 595: ...erence Guide 595 Configuring AP 3 To define the configuration for AP 3 a client bridge connecting to both AP 1 and AP 2 simultaneously 1 Provide a known IP address for the LAN1 interface 2 Assign the...

Страница 596: ...cted 4 Select the Client Bridge checkbox to enable client bridge functionality on the 802 11a n radio Use the Mesh Network Name drop down menu to select the name of the WLAN created in step 3 NOTE You...

Страница 597: ...and redundant links If member APs are not far apart in physical distance the algorithm intelligently chooses a single hop link to forward data To force APs to use multiple hops for demonstrations use...

Страница 598: ...Access Point Product Reference Guide 598 Configuring AP 2 AP 2 requires the following modifications from AP 2 in the previous scenario to function in base bridge client bridge repeater mode 1 Enable c...

Страница 599: ...dge functionality on the 802 11a n radio Configuring AP 3 To define AP 3 s configuration 1 The only change needed on AP 3 with respect to the configuration used in scenario 1 is to disable the Auto Li...

Страница 600: ...N is mapped to BSS1 on the 802 11a n radio if each AP The Radio MAC Address the BSSID 1 MAC Address is used for the AP 2 Preferred Base Bridge List Ensure both the AP 1 and AP 2 Radio MAC Addresses ar...

Страница 601: ...e members of the mesh network Mesh Networking Frequently Asked Questions The following scenarios represent issues that could be encountered and resolved when defining an Access Point supported mesh co...

Страница 602: ...Bridge Backhaul option Mesh Deployment Issue 4 Do I need to map a WLAN to a radio when configuring mesh backhaul on a Client Bridge When creating a mesh backhaul WLAN on a client bridge only AP do yo...

Страница 603: ...make a configuration change and apply the changes on a client bridge or repeater I momentarily loose connectivity to that AP why Resolution That is expected behavior when you make a configuration cha...

Страница 604: ...Configuring Mesh Networking Altitude 4700 Series Access Point Product Reference Guide 604...

Страница 605: ...is an Access Point that can adopt like an Altitude 4600 Series Access Point L3 The management of an AAP is conducted by the controller once the Access Point connects to a Extreme Networks controller...

Страница 606: ...gured for the Access Point and its connected controller see How the AP Receives its Adaptive Configuration on page 612 For an overview of how to configure both the Access Point and controller for basi...

Страница 607: ...tion 43 Vendor Specific options can be embedded in Option 43 using the vendor class identifier ExtremeAP 4700 The Access Point uses an encryption key to hash passphrases and security keys To obtain th...

Страница 608: ...can choose from When providing a list the AAP tries to adopt based on the order in which they are listed from 1 12 NOTE An AAP can use its LAN or WAN Ethernet interface to adopt The LAN is PoE and DHC...

Страница 609: ...he configuration changes it receives from the controller after 30 seconds from the last received controller configuration message When the configuration is applied on the AAP the radios shutdown and r...

Страница 610: ...ller configuration message When the configuration is applied on the Mesh AAP the radios shutdown and re initialize this process takes less than 2 seconds forcing associated MUs to be deauthenticated a...

Страница 611: ...wired controller Be aware IPSec Mode supports NAT Traversal NAT T Extended WLANs Only An extended WLAN configuration forces all MU traffic through the controller No wireless traffic is locally bridged...

Страница 612: ...s its configuration from the controller If the AP s WAN link fails it continues to operate using the last valid configuration until its link is re established and a new configuration is pushed down fr...

Страница 613: ...information in greater detail on the AP configuration activities described above see Adaptive AP Configuration on page 614 Configuring the Controller for Adaptive AP Adoption The tasks described below...

Страница 614: ...page 614 Controller Configuration on page 616 NOTE Refer to Adaptive AP Deployment Considerations on page 619 for usage and deployment caveats that should be considered before defining the AAP config...

Страница 615: ...to 12 Controller IP Addresses constituting the target controllers available for AAP connection The AAP will begin establishing a connection with the first addresses in the list If unsuccessful the AP...

Страница 616: ...sing DHCP Options An AAP can be adopted to a wireless controller by providing the following options in the DHCP Offer NOTE Options 189 and 192 are mandatory to trigger adoption using DHCP options Unli...

Страница 617: ...ontroller Configuration File for IPSec and Independent WLAN on page 620 and take note of the CLI commands in red and associated comments in green Any WLAN configured on the controller becomes an exten...

Страница 618: ...a WLAN can be defined as independent using the wlan index independent command from the config wireless context Once an AAP is adopted by the controller it displays within the controller Access Port Ra...

Страница 619: ...ropriate management and native VLANs are configured The WLAN used for mesh backhaul must always be an independent WLAN The controller configures an AAP If manually changing wireless settings on the AP...

Страница 620: ...rivilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f To configure the ACL to be used in the CRYPTO MAP ip access list extended AAP ACL permit ip host 10 10 10 250 a...

Страница 621: ...wlan 2 encryption type tkip wlan 2 dot11i phrase 0 admin123 wlan 3 enable wlan 3 ssid qs5 wep128 wlan 3 vlan 220 wlan 3 encryption type wep128 wlan 4 enable wlan 4 ssid qs5 open wlan 4 vlan 230 wlan 5...

Страница 622: ...to ipsec transform set AAP TFSET esp aes 256 esp sha hmac mode tunnel To create a Crypto Map add a remote peer set the mode add a ACL rule to match and transform and set to the Crypto Map crypto map A...

Страница 623: ...rport trunk allowed vlan none controllerport trunk allowed vlan add 1 9 100 110 120 130 140 150 160 170 controllerport trunk allowed vlan add 180 190 200 210 220 230 240 250 interface vlan1 ip address...

Страница 624: ...Adaptive AP Altitude 4700 Series Access Point Product Reference Guide 624...

Страница 625: ...and Altitude 4750 Physical Characteristics on page 625 Altitude 4710 and Altitude 4750 Physical Characteristics An Altitude 4710 and Altitude 4750 Access Point has the following physical characteristi...

Страница 626: ...5825 MHz except channel 52 64 Channels 1 13 EU Channels 1 11 US Canada Channel 14 2484 MHz Japan only Actual operating frequencies depend on regulatory Data Rates Supported 802 11g 1 2 5 5 11 6 9 12...

Страница 627: ...ry Code Algeria DZ Anguilla AI Argentina AR Australia AU Austria AT Bahamas BS Bahrain BH Barbados BB Belarus BY Belgium BE Bermuda BM Bolivia BO Botswana BW Botznia Herzegovina BA Brazil BR Bulgaria...

Страница 628: ...y IT Jamaica JM Japan JP Jordan JO Kazakhstan KZ Kenya KE Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macau MO Macedonia MK Malaysia MY Malta MT Martinique MQ Mexico MX...

Страница 629: ...Romania RO Russia RU Saudi Arabia SA Serbia RS Singapore SG Slovak Republic SK Slovenia SI South Africa ZA South Korea KR Spain ES Sri Lanka LK Sweden SE Switzerland CH Taiwan TW Thailand TH Trinidad...

Страница 630: ...Altitude 4700 Series Access Point Product Reference Guide 630...

Страница 631: ...is reset or does a DHCP request The update process is conducted over the LAN or WAN port depending on which server responds first to the Access Point s request for an automatic update The firmware is...

Страница 632: ...for automatic updates 1 Set the Windows DHCP Server and Access Point on the same Ethernet segment 2 Configure the Windows based DHCP Server as follows a Highlight the Server Domain Name for example a...

Страница 633: ...Altitude 4750 model 1 Microsoft Windows DHCP Server 1 TFTP Server To configure Global options using extended standard options 1 Set the Windows DHCP Server and Access Point on the same Ethernet segmen...

Страница 634: ...oots up verify the Access Point Obtains and applies the expected IP Address from the DHCP Server Downloads the firmware and configuration files from the TFTP Server and updates both as required Verify...

Страница 635: ...e DHCP Server is configured for options 187 and 67 for the firmware file the Access Point uses the file name configured for option 187 If the DHCP Server is configured for embedded and global options...

Страница 636: ...file Using options 66 67 and 129 AP47xx ha 00a0f88aa6d8 LAN MAC Address sm 255 255 255 0 Subnet Mask ip 157 235 93 128 IP Address gw 157 235 93 2 gateway T66 157 235 93 250 TFTP Server IP T67 apfw bi...

Страница 637: ...ile name If T136 is not specified the Access Point uses the entire bf field as the config file name NOTE The update process is conducted over the LAN or WAN port depending on which Server responds fir...

Страница 638: ...ng a Cisco VPN Device on page 641 Frequently Asked VPN Questions on page 642 Configuring a VPN Tunnel Between Two Access Points The Access Point can connect to a non AP device supporting IPSec such as...

Страница 639: ...mask of AP 2 Device 2 7 Enter the WAN port IP address of AP 2 Device 2 for a Remote Gateway 8 Click Apply to save the changes NOTE For this example Auto IKE Key Exchange is used Any key exchange can b...

Страница 640: ...th Authentication and use AES 128 bit as the ESP encryption algorithm and MD5 as the authentication algorithm Click OK 12 Select the IKE Settings button 13 Select Pre Shared Key PSK from the IKE Authe...

Страница 641: ...the same procedure However replace Access Point 2 information with Access Point 1 information 20 Once both tunnels are established ping each side of the tunnel to ensure connectivity Configuring a Ci...

Страница 642: ...ess Point IPSec tunnel support multiple subnets on the other end of a VPN concentrator Yes The Access Point can access multiple subnets on the other end of the VPN Concentrator from the Access Point s...

Страница 643: ...setup an Access Point so clients can access both the WAN normally and only use the VPN when talking to specific networks Yes Only packets that match the VPN Tunnel Settings will be sent through the VP...

Страница 644: ...VPN gateway and vice versa Question 9 I have setup my tunnel and the status still says Not Connected What should I do now VPN tunnels are negotiated on an as needed basis If you have not sent any tra...

Страница 645: ...und rules need to be configured to control incoming outgoing packet flow for IPSec to work properly with Advanced LAN Access These rules should be configured first before other rules are configured Qu...

Страница 646: ...Altitude 4700 Series Access Point Product Reference Guide 646...

Страница 647: ...ustomer support see the Technical Assistance Center User Guide at www extremenetworks com go TACUserGuide The Extreme Networks eSupport website provides the latest information on Extreme Networks prod...

Страница 648: ...Altitude 4700 Series Access Point Product Reference Guide 648...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды