Motorola P-7131N-FGR Скачать руководство пользователя страница 412

Страница: 412 / 700

Motorola Solutions AP-7131N-FGR Access Point Product Reference Guide

8-80

8.3.3.2 Network Security Commands

AP7131N>admin(network.wireless.security)>

Description:

Displays the access point wireless security submenu. The items available under this command include:

For information on the security configuration options available to the access point using the applet (GUI), see

Configuring Security Options

on page 6-2

show

Displays the access point’s current security configuration.

create

Creates a security policy.

edit

Edits the properties of an existing security policy.

delete

Removes a specific security policy.

Goes to the parent menu.

Goes to the root menu.

save

Saves the configuration to system flash.

quit

Quits the CLI.

Содержание P-7131N-FGR

Страница 1: ...Motorola Solutions AP 7131N FGR Product Reference Guide M ...

Страница 2: ...ons and the Stylized M logo are trademarks or registered trademarks of Motorola Trademark Holdings LLC and are used under license All other trademarks are a properties of their owners 2014 Motorola Solutions Inc All rights reserved ...

Страница 3: ...AP 7131N FGR Access Point Product Reference Guide ...

Страница 4: ......

Страница 5: ...port 1 6 Sensor Support 1 6 Mesh Roaming Client 1 9 Dual Mode Radio Options 1 9 Separate LAN and WAN Ports 1 9 Multiple Mounting Options 1 10 Antenna Support for 2 4 GHz and 5 GHz Radios 1 10 Sixteen Configurable WLANs 1 10 Support for 4 BSSIDs per Radio 1 10 Quality of Service QoS Support 1 11 Industry Leading Data Security 1 11 EAP Authentication 1 12 WPA2 CCMP 802 11i Encryption 1 12 Firewall S...

Страница 6: ... File Import Export Functionality 1 18 Default Configuration Restoration 1 18 DHCP Support 1 18 Mesh Networking 1 19 Additional LAN Subnet 1 20 On board Radius Server Authentication 1 20 Hotspot Support 1 20 Routing Information Protocol RIP 1 21 Manual Date and Time Settings 1 21 Dynamic DNS 1 21 Auto Negotiation 1 22 Adaptive AP 1 22 Rogue AP Enhancements 1 22 Radius Time Based Authentication 1 2...

Страница 7: ...D Indicators 2 18 Dual Radio 2 4 5 GHz LEDs 2 20 Rear LED 2 21 Setting Up MUs 2 21 Legacy MUs 2 21 802 11n MUs 2 22 Chapter 3 Getting Started Installing the Access Point 3 1 Configuration Options 3 2 Initially Connecting to the Access Point 3 3 Connecting to the Access Point using the WAN Port 3 3 Connecting to the Access Point using the LAN Port 3 3 Basic Configuration 3 4 Configuring Your Browse...

Страница 8: ...SNMP Traps 4 34 Configuring Specific SNMP Traps 4 36 Configuring SNMP RF Trap Thresholds 4 39 Configuring Network Time Protocol NTP 4 41 Logging Configuration 4 45 Importing Exporting Configurations 4 47 Updating Device Firmware 4 51 Key Zeroisation 4 54 Key Zeroisation Process 4 55 Chapter 5 Network Management Configuring the LAN Interface 5 1 Configuring VLAN Support 5 5 Configuring LAN1 and LAN...

Страница 9: ... the Access Point Password 6 4 Enabling Authentication and Encryption Schemes 6 4 Configuring 802 1x EAP Settings 6 6 Configuring WPA2 CCMP 802 11i 6 11 Configuring Firewall Settings 6 13 Configuring LAN to WAN Access 6 16 Available Protocols 6 17 Configuring Advanced Subnet Access 6 18 Configuring VPN Tunnels 6 22 Creating a VPN Tunnel between Two Access Points 6 26 Configuring Manual Key Setting...

Страница 10: ... Statistics 7 12 Viewing WLAN Statistics 7 15 Viewing Radio Statistics Summary 7 18 Viewing Radio Statistics 7 20 Retry Histogram 7 24 Viewing MU Statistics Summary 7 25 Viewing MU Details 7 27 Pinging Individual MUs 7 30 MU Authentication Statistics 7 31 Viewing the Mesh Statistics Summary 7 32 Viewing Known Access Point Statistics 7 34 Chapter 8 CLI Reference Connecting to the CLI 8 2 Accessing ...

Страница 11: ...all Commands 8 148 Network Router Commands 8 153 System Commands 8 159 Power Setup Commands 8 164 Adaptive AP Setup Commands 8 167 System Access Commands 8 171 System Certificate Management Commands 8 175 System SNMP Commands 8 188 System SNMP Access Commands 8 189 System SNMP Traps Commands 8 194 System User Database Commands 8 200 System Radius Commands 8 218 System Network Time Protocol NTP Com...

Страница 12: ...Client Bridge 9 20 Configuring AP 1 9 21 Configuring AP 2 9 24 Configuring AP 3 9 25 Verifying Mesh Network Functionality for Scenario 1 9 27 Scenario 2 Two Hop Mesh Network with a Base Bridge Repeater and a Client Bridge 9 27 Configuring AP 1 9 28 Configuring AP 2 9 29 Configuring AP 3 9 30 Verifying Mesh Network Functionality for Scenario 2 9 32 Mesh Networking Frequently Asked Questions 9 33 Ch...

Страница 13: ... Adaptive AP Manually 10 11 Adopting an Adaptive AP Using a Configuration File 10 13 Switch Configuration 10 13 Adaptive AP Deployment Considerations 10 15 Sample Switch Configuration File for IPSec and Independent WLAN 10 16 Appendix A Technical Specifications Physical Characteristics A 2 Electrical Characteristics A 2 Radio Characteristics A 3 Country Codes A 4 Appendix B Usage Scenarios Configu...

Страница 14: ...Motorola Solutions AP 7131N FGR Access Point Product Reference Guide 10 ...

Страница 15: ...l access point Document Conventions The following document conventions are used in this document NOTE Indicate tips or special requirements CAUTION Indicates conditions that can cause equipment damage or data loss WARNING Indicates a condition or procedure that could result in personal injury or equipment damage ...

Страница 16: ...umbered lists Service Information If a problem is encountered with the access point contact Customer Support Refer to Appendix C Customer Support for contact information Before calling have the model and serial number on hand If the problem cannot be solved over the phone you may need to return your equipment for servicing If that is necessary you will be given specific instructions Motorola Solut...

Страница 17: ...in access port into a single device This mode enables the deployment of a fully featured intelligent access point that can be centrally configured and managed via a Motorola Solutions wireless switch in either corporate headquarters or a network operations center NOC In the event the connection between the access point and the wireless switch is lost a Remote Site Survivability RSS feature ensures...

Страница 18: ...ts Unlike the AP 7131 and AP 7131N models however an AP 7131N FGR has specialized data protection mechanisms and prompts the user when secure information is displayed within the access point GUI applet The AP 7131N FGR enables you to configure one radio for 802 11a n support and the other for 802 11b g n support The two models available to the AP 7131N FGR series include AP 7131N 66040 FGR 802 11a...

Страница 19: ...ess points supported bandwidth management on a per WLAN basis Each WLAN could be configured to receive at most a certain percentage of the total available downstream bandwidth The new rate limiting feature is a replacement of the bandwidth management feature allowing for better MU radio bandwidth allotments on a per WLAN basis To globally enable or disable the MU rate limit and assess the WLANs in...

Страница 20: ... the maximum power available to the AP by a POE device Once an operational power configuration is defined the AP firmware can read the power setting and configure operating characteristics based on the AP s SKU and power configuration If the POE cannot provide sufficient power with all interfaces enabled the following interfaces could be disabled or modified Radio transmit power could be reduced d...

Страница 21: ... now since 802 11i WPA2 is considered more secure For information on configuring VPN support see Configuring VPN Tunnels on page 6 22 For instructions on configuring a IPSec VPN tunnel using two access points see Creating a VPN Tunnel between Two Access Points on page 6 26 1 2 Feature Overview The following legacy features have been carried forward into the 4 x firmware baseline 802 11n Support Se...

Страница 22: ...ents Radius Time Based Authentication QBSS Support 1 2 1 802 11n Support Motorola Solutions provides full life cycle support for either a new or existing 802 11n mobility deployment from network design to day to day support For information on deploying your 802 11n radio see Configuring the 802 11a n or 802 11b g n Radio on page 5 56 1 2 2 Sensor Support The Motorola Solutions Wireless Intrusion P...

Страница 23: ... is supported on the access point radio s available to each WLAN When an access point radio is functioning as a WIPS sensor it is able to scan in sensor mode across all channels within the 2 4 and 5 0 GHz bands The following is a network topology illustrating how a sensor functions within an access point supported wireless network NOTE Sensor support requires a Motorola Solutions AirDefense WIPS S...

Страница 24: ... and MUs operating in a WLAN Live view support exists throughout the WIPS application wherever a device icon appears in an information panel or navigation tree Access Live View by right clicking on the device which automatically limits the data to the specific device your choose Sensor radios can be tuned to channels in both the 2 4GHz and 5 0 GHz band The channels in use by a given radio are defi...

Страница 25: ...oint enables you to configure one radio for 802 11a n support and the other for 802 11b g n support The two models available to the AP 7131N FGR series include AP 7131N 66040 FGR 802 11an and 802 11bgn capable AP 7131N 44040 FGR 802 11a and 802 11bg capable For detailed information see Setting the WLAN s Radio Configuration on page 5 51 1 2 5 Separate LAN and WAN Ports The access point has one LAN...

Страница 26: ...al 802 11a n and 802 11b g n radio antennas Select the antenna best suited to the radio transmission requirements of your coverage area 1 2 8 Sixteen Configurable WLANs A Wireless Local Area Network WLAN is a data communications system that flexibly extends the functionalities of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable for wireles...

Страница 27: ...atency increases and throughput reductions These forms of higher priority data traffic can significantly benefit from the QoS implementation The WiFi Multimedia QOS Extensions WMM implementation used by the shortens the time between transmitting higher priority data traffic and is thus desirable for multimedia applications In addition U APSD WMM Power Save is also supported WMM defines four access...

Страница 28: ...if the server cannot provide proof of device identification Using EAP a user requests connection to a WLAN through the access point The access point then requests the identity of the user and transmits that identity to an authentication server The server prompts the AP for proof of identity supplied to the by the user and then transmits the user data back to the server to complete the authenticati...

Страница 29: ...information on configuring the access point s firewall see Configuring Firewall Settings on page 6 13 1 2 11 4 VPN Tunnels Virtual Private Networks VPNs are IP based networks using encryption and tunneling providing users remote access to a secure LAN In essence the trust relationship is extended from one LAN across the public network to another LAN without sacrificing security A VPN behaves like ...

Страница 30: ...s even when they are not members of the same network segment For detailed information on configuring VLAN support see Configuring VLAN Support on page 5 5 1 2 13 Multiple Management Accessibility Options The access point can be accessed and configured using one of the following Java Based Web UI Human readable config file imported via SFTP MIB Management Information Base Command Line Interface CLI...

Страница 31: ... network growth The access point supports SNMP management functions for gathering information from its network components The MIB files are available at https portal motorolasolutions com Support US EN In the given portal the user should serach for AP7131N GR MIBS 4 0 4 0 For more information refer Appendix C Customer Support Few acronyms used in the MIB files The access point s SNMP agent functio...

Страница 32: ...nt on the access point s LAN port eliminating the need for separate Ethernet and power cables For detailed information on using the Power Injector see Power Injector System on page 2 6 1 2 17 MU MU Transmission Disallow The access point s MU MU Disallow feature prohibits MUs from communicating with each other even if on the same WLAN assuming one of the WLAN s is configured to disallow MU MU commu...

Страница 33: ...isplay robust transmit and receive statistics for the WAN and LAN ports WLAN stats can be displayed collectively and individually for enabled WLANs Transmit and receive statistics are available for the access point s 802 11a n and 802 11b g n radios An advanced radio statistics page is also available to display retry histograms for specific data packet retry information Associated MU stats can be ...

Страница 34: ...default configuration or a partial default configuration with the exception of current WAN and SNMP settings Restoring the default configuration is a good way to create new WLANs if the MUs the access point supports have been moved to different radio coverage areas For detailed information on restoring a default or partial default configuration see Configuring System Settings on page 4 2 1 2 25 DH...

Страница 35: ...ss point radio to accept client bridge connections The two bridges communicate using the Spanning Tree Protocol STP The spanning tree determines the path to the root and detects if the current connection is part of a network loop with another connection Once the spanning tree converges both access points begin learning which destinations reside on which side of the network This allows them to forw...

Страница 36: ...information on configuring the access point for additional LAN subnet support see Configuring the LAN Interface on page 5 1 1 2 28 On board Radius Server Authentication The access point can function as a RADIUS Server to provide user database information and user authentication Several new screens have been added to the access point s menu tree to configure RADIUS server authentication and configu...

Страница 37: ...an interior gateway protocol that specifies how routers exchange routing table information The parent Router screen also allows the administrator to select the type of RIP and the type of RIP authentication used For detailed information on configuring RIP functionality as part of the access point s Router functionality see Setting the RIP Configuration on page 5 71 1 2 31 Manual Date and Time Sett...

Страница 38: ...ncryption decryption local traffic bridging the tunneling of centralized traffic to the wireless switch For a information overview of the adaptive AP feature as well as how to configure it refer to Adaptive AP on page 10 1 1 2 35 Rogue AP Enhancements The access point can scan for rogues over all channels on both of the access point s radio bands The switching of radio bands is based on a timer wi...

Страница 39: ...mit and receive electric signals without wires Users communicate with the network by establishing radio links between mobile units MUs and access points The access point uses DSSS direct sequence spread spectrum to transmit digital data from one device to another A radio signal begins with a carrier signal that provides the base or center frequency The digital data signal is encoded onto carriers ...

Страница 40: ...s point with a matching ESSID and synchronizes associates to establish communications This device association allows MUs within the coverage area to move about or roam As the MU roams from cell to cell it associates with a different access point The roam occurs when the MU analyzes the reception quality at a location and determines a different provides better signal strength and lower MU load dist...

Страница 41: ...ess Resolution Protocol request packet the access point forwards it over all enabled interfaces except over the interface the ARP request packet was received On receiving the ARP response packet the access point database keeps a record of the destination address along with the receiving interface With this information the access point forwards any directed packet to the correct destination Transmi...

Страница 42: ...cifications The bit redundancy within the chipping sequence enables the receiving MU to recreate the original data pattern even if bits in the chipping sequence are corrupted by interference The ratio of chips per bit is called the spreading ratio A high spreading ratio increases the resistance of the signal to interference A low spreading ratio increases the bandwidth available to the user The ac...

Страница 43: ...begins forwarding frames addressed to the target MU Each frame contains fields for the current direct sequence channel The MU uses these fields to resynchronize to the access point The scanning and association process continues for active MUs This process allows MUs to find new access points and discard out of range or deactivated access points By testing the airwaves MUs can choose the best netwo...

Страница 44: ...transfers on the AP interfaces The access point requires one of the following connection methods to perform a custom installation and manage the network Secure Java Based WEB UI use Sun Microsystems JRE 1 6 available from Sun s Web site and be sure to disable Microsoft s Java Virtual Machine if installed Command Line Interface CLI via Serial and SSH Config file Human readable Importable Exportable...

Страница 45: ...e access point chassis WAN GE2 WAN MAC address 1 LAN2 A virtual LAN not mapped to the LAN Ethernet port This address is the lowest of the two radio MAC addresses Radio1 802 11b g n Random address located on the Web UI CLI and SNMP interfaces Radio2 802 11a n Random address located on the Web UI CLI and SNMP interfaces The access point s BSS virtual AP MAC addresses are calculated as follows BSS1 T...

Страница 46: ...Motorola Solutions AP 7131N FGR Access Point Product Reference Guide 1 30 ...

Страница 47: ...ess point to the network connecting antennae and applying power Installation procedures vary for different environments See the following sections for more details Precautions Requirements Package Contents Access Point Placement Power Options Power Injector System Mounting an AP 7131N FGR LED Indicators Setting Up MUs ...

Страница 48: ...No 50 14000 247R or Power Injector Part No AP PSBIAS 1P3 AFR A power outlet Dual band antennae or an antenna specifically supporting the AP s 2 4 or 5 GHz band 2 3 Package Contents Check package contents for the correct model and accessories Each available configuration at a minimum contains AP 7131N FGR access point accessories dependent on SKU ordered AP 7131N FGR Install Guide China ROHS compli...

Страница 49: ...overage is analogous to lighting Users might find an area lit from far away to be not bright enough An area lit sharply might minimize coverage and create dark areas Uniform antenna placement in an area like even placement of a light bulb provides even efficient coverage Place the access point using the following guidelines NOTE The access point façade with 6 Element Antenna Part No ML 2452 PTA2M3...

Страница 50: ...fferent to support the radio coverage area Motorola Solutions recommends conducting a new site survey and developing a new coverage area floor plan when switching from legacy access points to a new AP 7131N FGR model as the device placement requirements could be significantly different 2 4 2 Antenna Options Motorola Solutions supports two antenna suites for AP 7131N FGR One antenna suite supportin...

Страница 51: ...i ML 2499 11PNA2 01R Wide Angle Directional 8 5 ML 2499 HPA3 01R Omni Directional Antenna 3 3 ML 2499 BYGA2 01R Yagi Antenna 13 9 ML 2452 APA2 01 Dual Band 3 4 ML 2452 PTA2M3X3 1 Facade with 6 Element Antenna Module 3 5 ML 2452 PTA3M3 036 3 Port MIMO Antenna 4 75 5 5 NOTE An additional adapter is required to use ML 2499 11PNA2 01 and ML 2499 BYGA2 01 model antennae Please contact Motorola Solution...

Страница 52: ...nna 13 ML 5299 HPA1 01R Wide Band Omni Directional Antenna 5 0 ML 2452 APA2 01 Dual Band 3 4 ML 2452 PTA2M3X3 1 Facade with 6 Element Antenna Module 4 75 5 5 ML 2452 PTA3M3 036 3 Port MIMO Antenna 5 5 ML 2452 APA6J 01 Dipole 2 4GHz Peak Gain 5 76dBi 5GHz Peak Gain band 1 3 77dBi band 2 3 38dBi band 3 2 84dBi band 4 2 94dBi CAUTION An AP 7131N FGR and must use the 48 Volt Power Supply designed spec...

Страница 53: ...131N can also be used with the 3af power injector AP PSBIAS 1P2 AFR However AP functionality is limited when powered by an AP PSBIAS 1P2 AFR since the AP has Ethernet connectivity limited to only the GE1 port The Motorola Solutions access point Power Supply Part No 50 14000 247R is not included with the access point and is orderable separately as an accessory If the access point is provided both P...

Страница 54: ... using the unit s wall mounting key holes The following guidelines should be adhered to before cabling the Power Injector to an Ethernet source and access point Do not block or cover airflow to the Power Injector Keep the unit away from excessive heat humidity vibration and dust CAUTION The access point supports any standards based compliant power source including non Motorola Solutions power sour...

Страница 55: ...On Off power switch The Power Injector receives power and is ready for access point connection and operation as soon as AC power is applied Refer to the Installation Guide shipped with the Power Injector for a description of the device s LED behavior 3 Verify all cable connections are complete before supplying power to the access point CAUTION To avoid problematic performance and restarts disable ...

Страница 56: ... 2 7 1 Wall Mounted Installations Wall mounting requires hanging the access point along its width or length using the pair of slots on the bottom of the unit and using the access point mounting template for the screws The hardware and tools customer provided required to install the access point on a wall consists of Two Phillips pan head self tapping screws ANSI Standard 6 18 X 0 875in Type A or A...

Страница 57: ...Hardware Installation 2 11 ...

Страница 58: ...screw and stop when there is 1mm between the screw head and the wall If pre drilling a hole the recommended hole size is 2 8mm 0 11in if the screws are going directly into the wall and 6mm 0 23in if wall anchors are being used 6 If required install and attach a security cable to the access point s lock port 7 Attach the antennas to their correct connectors For more information on available antenna...

Страница 59: ...or CAT6 Ethernet cable between the network data supply host and the access point s GE1 POE port b Verify the power adapter is correctly rated according the country of operation c Connect the power supply line cord to the power adapter d Attach the power adapter cable into the power connector on the access point e Plug the power adapter into an outlet 11 Verify the behavior of the access point s LE...

Страница 60: ...the Ethernet source to the Power Injector and access point does not exceed 100 meters 333 ft The Power Injector has no On Off power switch The Power Injector receives power as soon as AC power is applied For more information on using the Power Injector see Power Injector System on page 2 6 For standard 48 Volt Power Adapter Part No 50 14000 247R and line cord installations a Connect a RJ 45 CAT5e ...

Страница 61: ...ystem Configuration on page 4 1 2 7 3 Above the Ceiling Plenum Installations An above the ceiling installation requires placing the access point above a suspended ceiling and installing the provided light pipe under the ceiling tile for viewing the rear panel status LEDs of the unit An above the ceiling installation enables installations compliant with drop ceilings suspended ceilings and industry...

Страница 62: ...6 Use a drill to make a hole in the tile the approximate size of the LED light pipe 7 Remove the light pipe s rubber stopper before installing the light pipe NOTE The AP 7131N FGR is Plenum rated to UL2043 and NEC1999 to support above the ceiling installations CAUTION Motorola Solutions does not recommend mounting the access point directly to any suspended ceiling tile with a thickness less than 1...

Страница 63: ...e point or security cable if used to the access point s lock port 13 Align the ceiling tile into its former ceiling space 14 Cable the access point using either a Power Injector or approved line cord and power supply For Power Injector installations a Connect a RJ 45 CAT5e or CAT6 Ethernet cable between the network data supply host and the Power Injector Data In connector b Connect a RJ 45 CAT5e o...

Страница 64: ...int is ready to configure For information on an access point default configuration see Getting Started on page 3 1 For specific details on system configurations see System Configuration on page 4 1 2 8 LED Indicators An AP 7131N FGR model access point has six LEDs on the top of the access point housing and one optional LED light pipe at the bottom of the unit However an AP 7131N FGR model access p...

Страница 65: ...ble in wall and below ceiling installations The top housing LEDs have the following display and functionality NOTE Depending on how the 5 GHz and 2 4 GHz radios are configured the LEDs will blink at different intervals between amber and yellow 5 GHz radio and emerald and yellow 2 4 GHz radio ...

Страница 66: ...802 11a activity A 5 second Amber and Yellow blink rate defines 802 11an activity A 2 second Amber and Yellow blink rate defines 802 11an 40 MHz activity When functioningas a sensor LED alternates between Amber and Yellow The blink interval is 0 5 seconds It s 1 second when no Server is connected Blinking Emerald indicates 802 11bg activity A 5 second Emerald and Yellow blink rate defines 802 11bg...

Страница 67: ...Refer to the LA 5030 LA 5033 Wireless Networker PC Card and PCI Adapter Users Guide available from the Motorola Solutions Web site for installing drivers and client software if operating in an 802 11a g network environment Refer to the Spectrum24 LA 4121 PC Card LA 4123 PCI Adapter LA 4137 Wireless Networker User Guide available from the Motorola Solutions Web site for installing drivers and clien...

Страница 68: ...hange the access point s settings to support legacy 802 11a bg operation using Windows XP 1 Select My Network Places 2 Right click and select Properties The Network Connections screen displays 3 Select right click on the adapter supporting 802 11n operation with the access point and select Properties 4 Click on the Configure button The Network Connection screen displays supporting the 802 11n adap...

Страница 69: ...ick OK to save the updates to the adapter s configuration NOTE If re enabling the adapter for 802 11 support ensure additional 802 11n settings Aggregation Channel Width Guard Interval etc are also enabled to ensure optimal operation ...

Страница 70: ...Motorola Solutions AP 7131N FGR Access Point Product Reference Guide 2 24 ...

Страница 71: ...er options outlined in Hardware Installation See the following sections for more details Installing the Access Point Configuration Options Basic Configuration 3 1 Installing the Access Point Make the required cable and power connections before mounting the access point in its final operating position Test the access point with an associated MU before mounting and securing the access point Carefull...

Страница 72: ...e the network Secure Java Based WEB UI use Sun Microsystems JRE 1 6 available from Sun s Web site Disable Microsoft s Java Virtual Machine if installed For information on using the Web UI to set access point default configuration see Basic Configuration on page 3 4 or chapters 4 through 7 of this guide Command Line Interface CLI via Serial and SSH The access point CLI is accessed through the RS232...

Страница 73: ...nitially connect to the access point using the access point s LAN port 1 The LAN or GE1 POE port has a default static IP address of 192 168 0 1 24 2 To view the IP address connect one end of a null modem serial cable to the access point and the other end to the serial port of a computer running HyperTerminal or similar emulation program 3 Configure the following settings Baud Rate 19200 Data Bits ...

Страница 74: ...itionally ensure JRE version 1 6 is installed on the computer accessing the AP 7131N FGR GUI applet The following sections describe how to change your browser settings using either Internet Explorer or Mozilla Firefox in order to correctly launch and display the AP 7131N FGR GUI applet Without these browser modifications you will not be able to access the AP 7131N FGR GUI applet 3 4 1 1 Accessing ...

Страница 75: ... Firefox used 3 Within the Protocols field ensure the Use TLS 1 0 option is selected Remember the AP 7131N FGR does not support SSL 2 0 or SSL 3 0 A Website Certified by an Unknown Authority screen displays stating Firefox is unable to define a trusted site 4 Select either the Accept this certificate permanently or Accept this certificate temporarily for this session Click the OK button to continu...

Страница 76: ...refox require unique settings be defined in order for the browser to access the AP 7131N FGR GUI applet For instructions on configuring these browser settings see Configuring Your Browser for AP 7131N FGR Support on page 3 4 1 Start a browser and enter the following IP address in the address field https 192 168 0 1 2 Log in using admin as the default Username and motorola as the default Password U...

Страница 77: ...iguring Device Settings on page 3 8 to validate the country setting The export function will always export the encrypted Admin User password The import function will import the Admin Password only if the access point is set to factory default If the access point is not configured to factory default settings the Admin User password WILL NOT get imported NOTE Though the access point can have its bas...

Страница 78: ...displayed 2 Select the System Configuration tab to define the access point s system WIPS server and radio configuration NOTE Beginning with the 4 0 release of the access point firmware a new scheme for radio configuration and WIPS server management has been implemented within the Quick Setup GUI applet These radio buttons define how WLAN and sensor functionality are supported amongst the radios av...

Страница 79: ...g message also displays stating an incorrect country setting may result in illegal radio operation Selecting the correct country is central to legally operating the access point Each country has its own regulatory restrictions concerning electromagnetic emissions and the maximum RF signal strength that can be transmitted To ensure compliance with national and local laws set the country accurately ...

Страница 80: ...tting alternate time servers and setting a synchronization interval for the access point to adjust its displayed time WIPS Servers Define a primary and alternate WIPS server IP Address for WIPS Server 1 and 2 These are the addresses of the primary and secondary WIPS console server WIPS support requires a Motorola Solutions AirDefense WIPS Server on the network WIPS functionality is not provided by...

Страница 81: ...ers for using the WAN interface a Select the Enable WAN Interface checkbox to enable a connection between the access point and a larger network or outside world through the WAN port Disable this Sensor only Spectrum Analysis mode no WLAN Radio 1 WIPS Radio 2 WIPS 2 4 GHz WLAN no Sensor Radio1 WLAN Radio 2 Disabled 5 0 GHz WLAN no Sensor Radio1 Disabled Radio 2 WLAN Radios Off Radios 1 and 2 Disabl...

Страница 82: ...xample 255 255 255 0 is a valid subnet mask e Define a Default Gateway address for the access point s WAN connection The ISP or a network administrator provides this address f Specify the address of a Primary DNS Server The ISP or a network administrator provides this address g Optionally use the Enable PPP over Ethernet checkbox to enable Point to Point Protocol over Ethernet PPPoE for a high spe...

Страница 83: ...e Bootp client option to enable a diskless system to discover its own IP address c Enter the network assigned IP Address of the access point d The Subnet Mask defines the size of the subnet The first two sets of numbers specify the network domain the next set specifies the subset of hosts within a larger network These values help divide a network into subnetworks and simplify routing and data tran...

Страница 84: ...o2 and configure the Radio Settings field at a minimum If you know the radio s Properties Performance and Beacon Settings those fields can also be defined at this time Define the Channel Settings Power Level and 802 11 mode in respect to the 2 4 or 5 GHz 802 11b g n or 802 11a n radio traffic and anticipated gain of the antennas NOTE A maximum of 16 WLANs are configurable within the Wireless Confi...

Страница 85: ...the Security Policy item At a minimum a basic security scheme in this case WPA2 CCMP is recommended in a network environment where sensitive data is transmitted 2 Ensure the Name of the security policy entered suits the intended configuration or function of the policy Multiple WLANs can share the same security policy so be careful not to name security policies after specific WLANs or risk defining...

Страница 86: ...natively rotated on every interval specified in the Broadcast Key Rotation Interval Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN This value is disabled by default Update broadcast keys every 30 604800 seconds Specify a time period in seconds to rotate the key index used for the broadcast key Set the interval to a shorter duration like 3600 seconds for tighter...

Страница 87: ...ss Network Management Protocol WNMP ping packets to the associated MU Use the Echo Test screen to specify a target MU and 256 bit Key To use a hexadecimal value and not an ASCII passphrase select the checkbox and enter 16 hexadecimal characters into each of the four fields displayed Pre Authentication Selecting this option enables an associated MU to carry out an 802 1x authentication with another...

Страница 88: ...urn to the MU Stats Summary screen 3 4 5 Where to Go from Here Once basic connectivity has been verified the access point can be fully configured to meet the needs of the network and the users it supports Refer to the following For detailed information on access point device access SNMP settings network time importing exporting device configurations and device firmware updates see Chapter 4 System...

Страница 89: ...rk Management on page 5 1 For detailed information on configuring specific encryption and authentication security schemes for individual access point WLANs see Chapter 6 Configuring Access Point Security on page 6 1 To view detailed statistics on the access point and its associated MUs see Chapter 7 Monitoring Statistics on page 7 1 ...

Страница 90: ...Motorola Solutions AP 7131N FGR Access Point Product Reference Guide 3 20 ...

Страница 91: ...nternet Explorer 5 0 or later or Netscape Navigator 6 0 or later To connect to the access point an IP address is required If connected to the access point using the WAN port the default static IP address is 10 1 1 1 The default password is motorola If connected to the access point using the LAN port the default static IP addrees is 192 168 0 1 24 The user is required to know the IP address to conn...

Страница 92: ...e the System Settings screen to specify the name and location of the access point assign an e mail address for the network administrator restore the AP s default configuration or restart the AP To configure System Settings for the access point 1 Select System Configuration System Settings from the access point menu tree CAUTION The access point s country of operation is set from within the System ...

Страница 93: ...gured as a sensor and the WIPS functionality connects to the WIPS server The WIPS module only accepts names with up to 20 characters keep that if intending to use this AP as a sensor System Location Enter the location of the access point The System Location parameter acts as a reminder of where the AP can be found Use the System Name field as a specific identifier of device location Use the System...

Страница 94: ... most recent firmware available from Motorola Solutions Use the Firmware Update screen to keep the AP s firmware up to date For more information see Updating Device Firmware on page 4 51 System Uptime Displays the current uptime of the access point defined in the System Name field System Uptime is the cumulative time since the access point was last rebooted or lost power Serial Number Displays the...

Страница 95: ... Restore Partial Default Configuration Select the Restore Partial Default Configuration button to restore a default configuration with the exception of the current LAN WAN SNMP settings and IP address used to launch the browser If selected a message displays warning the user all current configuration settings will be lost with the exception of WAN and SNMP settings Before using this feature Motoro...

Страница 96: ... available and other status information One of the primary functions of the CPLD is to determine the access point s maximum power budget When the AP is powered on or performing a cold reset the CPLD determines the maximum power provided by the POE device and the budget available to the access point The CPLD also determines the access point hardware SKU and the number of radios If the access point ...

Страница 97: ...s point s radio at full power and should not be exceeded NOTE An AP 7131N FGR model uses 22 watts when its power status is 3af 23 26 watts when its power status is 3at and 27 watts when its power status is Full Power CAUTION The power modes described in the section are only obtainable using the 48 Volt Power Supply Part No 50 14000 247R designed for an AP 7131N FGR or using the single port Power I...

Страница 98: ...z 20 17 MCS0 MCS8 5 HT20 40 23 20 MCS1 MCS9 10 HT20 40 23 20 MCS2 MCS10 13 HT20 40 23 20 MCS3 MCS11 16 HT20 40 23 19 MCS4 MCS12 19 HT20 40 22 19 MCS5 MCS13 22 HT20 40 22 18 MCS6 MCS14 25 HT20 40 21 17 MCS7 MCS15 28 HT20 40 20 17 CAUTION Exceeding the limits listed below can cause damage to the access point or cause the radio to operate unpredictably Thus these values should be viewed as the safe l...

Страница 99: ... MCS0 MCS8 5 HT20 40 22 19 MCS1 MCS9 10 HT20 40 22 19 MCS2 MCS10 13 HT20 40 21 18 MCS3 MCS11 16 HT20 40 21 17 MCS4 MCS12 19 HT20 40 20 17 MCS5 MCS13 22 HT20 40 19 16 MCS6 MCS14 25 HT20 40 18 15 MCS7 MCS15 28 HT20 40 17 15 NOTE The access point could allow the operation of only one radio depending on the POE power level provided When only one radio is operational it is configured as either a WIPS o...

Страница 100: ... tree 2 Refer to the following to assess the access point s current power state Once known determine how available power resources are applied to the access point s radios a NOTE Within the Power Settings field an installation professional selects a power mode as auto or 3af Contact Motorola Solutions Support if unsure of your access point s optimal power management settings ...

Страница 101: ...he power budget available to the access point Using the Auto setting default setting the access point automatically determines the best power configuration based on the available power budget If 3af is selected the AP assumes 12 95 watts are available If the mode is changed the access point requires a reset to implement the change Power Status Refer to the read only power status field to review th...

Страница 102: ...he switch FQDN to transmit and receive with the AAP The default control port is 24576 Switch FQDN Add a complete switch fully qualified domain name FQDN to add a switch to the 12 available switch IP addresses available for connection The access point resolves the name to one or more IP addresses if a DNS IP address is present This method is used when the access point fails to obtain an IP address ...

Страница 103: ...he Adaptive AP Setup screen to the last saved configuration Auto Discovery Enable When the Auto Discovery Enable checkbox is selected the access point begins the switch discovery adoption process using DHCP first then a user provided domain name lastly using static IP addresses This setting is disabled by default When disabled the AP functions as a standalone access point without trying to adopt a...

Страница 104: ...creen checkboxes to enable or disable LAN1 LAN2 and or WAN access using the protocols and ports listed If access is disabled this effectively locks out the administrator from configuring the access point using that interface To avoid jeopardizing the network data managed by the access point Motorola Solutions recommends enabling only those interfaces used in the routine daily management of the net...

Страница 105: ...iguration applet using a Secure Sockets Layer SSL for encrypted HTTP sessions CLI SSH2 port 22 Select the LAN1 LAN2 and or WAN checkboxes to enable access to the access point CLI using the SSH Secure Shell protocol SNMP port 161 Select the LAN1 LAN2 and or WAN checkboxes to enable access to the access point configuration settings from an SNMP capable client HTTPS Timeout Disables access to the acc...

Страница 106: ...H session to the access point if no data activity is detected over the session after the user defined interval The default value is 2 minutes Local The access point verifies the authentication connection Radius Designates that a RADIUS server is used in the authentication credential verification If using this option the connected PC is required to have its RADIUS credentials verified with an exter...

Страница 107: ... case sensitive string using letters and numbers The default is motorola Change Admin Password Click the Change Admin Password button to display a screen for updating the AP administrator password Enter and confirm a new administrator password as required Message Settings Click the Message Settings button to display a screen used to create a banner text message The user can enter a 1024 characters...

Страница 108: ... 11 Click Logout to securely exit the access point Access Point applet A prompt displays confirming the logout before the applet is closed 4 5 Managing Certificate Authority CA Certificates Certificate management includes the following sections Importing a CA Certificate Creating Self Certificates 4 5 1 Importing a CA Certificate A certificate authority CA is a network authority that issues and ma...

Страница 109: ...point s firmware version using either the GUI or CLI After a certificate has been successfully loaded export it to a secure location to ensure its availability after a firmware update If restoring the access point s factory default firmware you must export the certificate file BEFORE restoring the access point s factory default configuration Import the file back after the updated firmware is insta...

Страница 110: ... to import it into the CA Certificate list 4 Once in the list select the certificate ID within the View Imported root CA Certificates field to view the certificate issuer name subject and certificate expiration data 5 To delete a certificate select the ID from the drop down menu and click the Del button 4 5 2 Creating Self Certificates The access point requires two kinds of certificates CA certifi...

Страница 111: ...to create the certificate request The Certificate Request screen displays 3 Complete the request form with the pertinent information Only 4 values are required the others optional CAUTION Self certificates can only be generated using the access point GUI and CLI interfaces No functionality exists for creating a self certificate using the access point s SNMP configuration option ...

Страница 112: ...l name for the certificate to help distinguish between certificates The name can be up to 7 characters in length Subject The required Subject value contains important information about the certificate Contact the CA signing the certificate to determine the content of the Subject parameter Signature Algorithm Use the drop down menu to select the signature algorithm used for the certificate The opti...

Страница 113: ... e mail to your CA paste the content of the request into the body of the message and send it to the CA The CA signs the certificate and will send it back Once received copy the content from the e mail into the clipboard 7 Click the Paste from clipboard button Note that this feature will work with Internet Explorer browser version 6 and above only The content of the e mail displays in the window Cl...

Страница 114: ...tion Certificate Mgmt Self Certificates from the access point menu tree 2 Click on the Add button to create the certificate request The Certificate Request screen displays 3 Complete the request form with the pertinent information NOTE If the access point is restarted after a certificate request has been generated but before the signed certificate is imported the import will not execute properly D...

Страница 115: ...sing the certificate resides State Optionally enter the name of the State where the access point using the certificate resides Postal Code Optionally enter the name of the Postal Zip Code where the access point using the certificate resides Country Code Optionally enter the access point s Country Code Email Enter a organizational e mail address avoid using a personal address if possible to associa...

Страница 116: ...ertificate request using a base 64 encoded PKCS 10 file or a renewal request using a base64 encoded PKCS file option Click Next to continue 12 Paste the content of certificate in the Saved Request field within the Submit a Saved Request screen If you do not have administrative privileges ensure the Web Server option has been selected from the Certificate Template drop down menu Click Submit 13 Sel...

Страница 117: ...tication of MUs has now been generated and loaded into the access point s flash memory 4 6 Configuring SNMP Settings Simple Network Management Protocol SNMP facilitates the exchange of management information between network devices SNMP uses Management Information Bases MIBs to manage the device configuration and monitor Internet devices in potentially remote locations MIB information accessed via...

Страница 118: ...tion apWlanSecPolicyTable MU ACL Configuration apWlanMuAclPolicyTable QOS Configuration apWlanQosPolicyTable Radio Configuration apRadio Bandwidth Management apWlanRateLimit SNMP Trap Selection apTrapCtrl SNMP RF Trap Thresholds apTrapCtrlEnableTable MU Authentication Stats apnStats Feature MIB Reference Subnet Configuration ccSubnet DHCP Server Configuration ccSubnetDhcpServer WAN IP Configuratio...

Страница 119: ...unctions as a command responder and is a multilingual agent responding to SNMP v3 managers command generators The factory default configuration maintains SNMP v3 support of the community names hence providing backward compatibility Firewall Configuration ccWanFirewall Router Configuration ccRouter System Settings ccAdmin NTP Server Configuration ccNtp Logging Configuration ccLogging Firmware Updat...

Страница 120: ...ved security SNMP v3 encrypts transmissions and provides authentication for users generating requests To configure SNMP v3 user definitions for the access point 1 Select System Configuration SNMP Access from the access point menu tree 2 Configure the SNMP v3 User Definitions field if SNMP v3 is used to add and configure SNMP v3 user definitions SNMP v3 user definitions allow read only or read writ...

Страница 121: ...u to specify SHA1 as the authentication algorithm Use the Privacy Algorithm drop down menu to define an algorithm of AES 128bit When entering the same username on the SNMP Traps and SNMP Access screens the password entered on the SNMP Traps page overwrites the password entered on the SNMP Access page To avoid this problem enter the same password on both pages Access Use the Access pull down list t...

Страница 122: ...nfiguration 7 Click Logout to securely exit the access point Access Point applet A prompt displays confirming the logout before the applet is closed For additional SNMP configuration information see Configuring SNMP Access Control Enabling SNMP Traps Configuring Specific SNMP Traps Configuring SNMP RF Trap Thresholds SNMP v3 Engine ID The access point SNMP v3 Engine ID field lists the unique SNMP ...

Страница 123: ...L to limit by Internet Protocol IP address who can access the access point SNMP interface To configure SNMP user access control for the access point 1 Select System Configuration SNMP Access from the access point menu tree Click on the SNMP Access Control button from within the SNMP Access screen 2 Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP acces...

Страница 124: ...IP and End IP addresses numerical addresses only no DNS names supported to specify a range of user that can access the access point SNMP interface An SNMP capable client can be set up whereby only the administrator for example can use a read write community definition Use just the Starting IP Address column to specify a SNMP user Use both the Starting IP Address and Ending IP Address columns to sp...

Страница 125: ...een properly configured to protect communications with the external SNMP server Changes will not be applied otherwise Add Click Add to create a new SNMP v3 Trap Configuration entry Delete Select Delete to remove an entry for an SNMP v3 user Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by the access point SNMP agent Port Specify a destination U...

Страница 126: ...urations for both SNMP v3 To configure specific SNMP traps on the access point 1 Select System Configuration SNMP Access SNMP Traps from the menu tree Username Enter a username specific to the SNMP capable client receiving the traps Security Level Use the Security Level drop down menu to specify security level as AuthPriv authorization with privacy The AuthPriv setting requires login authorization...

Страница 127: ... Generates a trap when an MU becomes unassociated with or gets dropped from one of the access point s WLANs MU denied association Generates a trap when an MU is denied association to a access point WLAN Can be caused when the maximum number of MUs for a WLAN is exceeded or when an MU violates the access point s Access Control List ACL MU denied authentication Generates a trap when an MU is denied ...

Страница 128: ...ata This can result from an incorrect login or missing incorrect user credentials SNMP ACL violation Generates a trap when an SNMP client cannot access SNMP management functions or data due to an Access Control List ACL violation This can result from a missing incorrect IP address entered within the SNMP Access Control screen Physical port status change Generates a trap whenever the status changes...

Страница 129: ...ld of the SNMP RF Traps screen Thresholds are displayed for the access point WLAN selected radio and the associated MU To configure specific SNMP RF Traps on the access point 1 Select System Configuration SNMP Access SNMP RF Trap Thresholds from the menu tree System Cold Start Generates a trap when the access point re initializes while transmitting possibly altering the SNMP agent s configuration ...

Страница 130: ...ternal SNMP server Changes will not be applied otherwise NOTE Average Bit Speed of Non Unicast Average Signal Average Retries Dropped and Undecryptable are not access point statistics Pkts s Enter a maximum threshold for the total throughput in Pps Packets per second Throughput Set a maximum threshold for the total throughput in Mbps Megabits per second Average Bit Speed Enter a minimum threshold ...

Страница 131: ...ck with a master clock an NTP server For example the access point resets its clock to 07 04 59 upon reading a time of 07 04 59 from its designated NTP server Average Signal Enter a minimum threshold for the average signal strength in dBm for each device Average Retries Set a maximum threshold for the average number of retries for each device Dropped Enter a maximum threshold for the total percenta...

Страница 132: ...rver is defined to provide the access point the correct time or the correct time is manually set the access point displays 1970 01 01 00 00 00 as the default time CAUTION If using the RADIUS time based authentication feature to authenticate access point user permissions ensure UTC has been selected from the Date and Time Settings screen s Time Zone field If UTC is not selected time based authentic...

Страница 133: ...ng 3 Select the Set Date Time button to display the Manual Date Time Setting screen This screen enables the user to manually enter the access point s system time using a Year Month Day HH MM SS format This option is disabled when the Enable NTP checkbox has been selected and therefore should be viewed as a second means to define the access point system time 4 If using the Manual Date Time Setting ...

Страница 134: ... selected time based authentication will not work properly For information on configuring RADIUS time based authentication see Defining User Access Permissions by Group on page 6 67 EnableNTPonaccess point Select the Enable NTP on access point checkbox to allow a connection between the access point and one or more specified NTP servers A preferred first alternate and second alternate NTP server ca...

Страница 135: ...reen to set the desired logging level standard syslog levels and view or save the current access point system log To configure event logging for the access point 1 Select System Configuration Logging Configuration from the access point menu tree 2 Configure the Log Options field to save event logs set the log level and optionally port the access point s log to an external server CAUTION Ensure IPS...

Страница 136: ...des in memory AP memory is completely cleared each time the AP reboots Logging Level Use the Logging Level drop down menu to select the desired log level for tracking system events Eight logging levels 0 to 7 are available Log Level 6 Info is the access point default log level These are the standard UNIX LINUX syslog levels The levels are as follows 0 Emergency 1 Alert 2 Critical 3 Errors 4 Warnin...

Страница 137: ...ture to speed up the setup process significantly at sites using multiple access points Another benefit is the opportunity to save the current AP configuration before making significant changes or restoring the default configuration All options on the access point are deleted and updated by the imported file Therefore the imported configuration is not a merge with the configuration of the target ac...

Страница 138: ...ion Config Import Export from the access point menu tree 2 Execute the command transfer_keys_cfg from Console SSH before importing exporting the configuration Refer the command AP7131N admin system config transfer_keys_cfg on page 8 260 NOTE When modifying the text file manually and spaces are used for wireless security MU policy names etc ensure you use 20 between the spaces For example Second 20...

Страница 139: ...ines the optional path name used to import export the target configuration file Username Specify a username to be used when logging in to the SFTP Server Import Configuration Click the Import Configuration button to import the configuration file from the server with the assigned filename and login information The system displays a confirmation window indicating the administrator must log out of th...

Страница 140: ...formation is only exported when the This interface is a DHCP Client checkbox is not selected For more information on these settings see Configuring the LAN Interface on page 5 1 and Configuring WAN Settings on page 5 16 The system displays a confirmation window prompting the administrator to log out of the access point after the operation completes for the changes to take effect Click Yes to conti...

Страница 141: ...rt their 1 0 configuration for backup purposes prior to upgrading When downloading to a lower firmware version all configuration settings are lost and the access point returns to factory default settings of the lower version If a firmware update is required use the Firmware Update screen to specify a filename and define a file location for updating the firmware CAUTION An AP 7131N FGR model access...

Страница 142: ... for instructions on exporting the access point s current configuration to have it available after the firmware is updated 2 Select System Configuration Firmware Update from the access point menu tree Execute the command transfer_keys_fw from Console SSH before upgrading the image from GUI Refer AP7131N admin system fw update transfer_keys_fw on page 8 264 NOTE The firmware file must be available ...

Страница 143: ...te path for the file within the Filepath optional field 5 Enter an IP address for the SFTP server used for the update Only numerical IP address names are supported no DNS can be used 6 Set the username for the SFTP server login 7 Click the Perform Update button to initiate the update Upon confirming the firmware update the AP reboots and completes the update NOTE Click Apply to save the settings b...

Страница 144: ...ity Parameters CSP by overwriting the storage area three times with an alternating pattern i e three different patterns Key zeroisation can be invoked in following ways Hard reset via AP7131N s reset button When the AP7131N boots up you will be prompted with a message Press AP reset buton to perform key zeroization default the config as well Through a CLI command Through a GUI button Once Zeroisat...

Страница 145: ...EAP primary password EAP secondary password RADIUS accounting password RADIUS shared password 2 Zeroise RADIUS variables using three patterns RADIUS related local and global variables 3 Zeroise DynDNS password using three patterns DynDNS password 4 Zeroise AP Firmware Image Signing Keys using three patterns AP Firmware Image Signing Keys 40 Digit Image Verification Keys 5 Zeroise VPN IPsec related...

Страница 146: ... files Admin password RADIUS client configuration file EAP configuration file RADIUS CA certificate RADIUS client certificate RADIUS client password file HTTPS certificate Image Verification Keys file 8 Restore factory default configuration Restore factory default configuration 9 Reboot the AP Reboot the AP ...

Страница 147: ... LANs WLANs Configuring Router Settings Configuring IP Filtering 5 1 Configuring the LAN Interface The AP 7131N FGR has one physical LAN port supporting two unique LAN interfaces The AP 7131N FGR LAN port has its own MAC address The LAN port MAC address is always the value of the access point WAN port MAC address plus 1 The LAN and WAN port MAC addresses can be located within the LAN and WAN Stats...

Страница 148: ...sign them names define which LAN is currently active on the access point Ethernet port and assign a timeout value to disable the LAN connection if no data traffic is detected within a defined interval To configure the access point LAN interface 1 Select Network Configuration LAN from the access point menu tree 2 Configure the LAN Settings field to enable the access point LAN1 and or LAN2 interface...

Страница 149: ...led by default LAN Name Use the LAN Name field to modify the existing LAN name LAN1 and LAN2 are the default names assigned to the LANs until modified by the user Ethernet Port The Ethernet Port radio buttons allow you to select one of the two available LANs as the LAN actively transmitting over the access point s LAN port Both LANs can be active at any given time but only one can transmit over th...

Страница 150: ...r basis Selecting Auto Negotiate disables the Mbps and duplex checkbox options 1000 Mbps Select this option to establish a 1000 Mbps data transfer rate for the selected half duplex or full duplex transmission over the access point s LAN port This option is not available if Auto Negotiation is selected 100 Mbps Select this option to establish a 100 Mbps data transfer rate for the selected half dupl...

Страница 151: ...point An administrator can map 16 WLANs to 16 VLANs and enable or disable dynamic VLAN assignment VLANs enable organizations to share network resources in various network segments within large areas airports shopping malls etc A VLAN is a group of clients with a common set of requirements independent of their physical location VLANs have the same attributes as physical LANs but they enable system ...

Страница 152: ... VLAN is assigned to it If it is not in the database it simply uses a default VLAN assignment The VLAN assignment is sent to the access point The access point then maps the target WLAN for the assigned VLAN and traffic passes normally allowing for the completion of the DHCP request and further traffic To create new VLANs or edit the properties of an existing VLAN 1 Select Network Configuration LAN...

Страница 153: ...dit the properties of an existing VLAN click the Edit button 4 Assign a unique VLAN ID from 1 to 4095 to each VLAN added or modified The VLAN ID associates a frame with a specific VLAN and provides the information the access point needs to process the frame across the network Therefore it may be practical to assign a name to a VLAN representative or the area or type of network traffic it represent...

Страница 154: ...stination these tags help distinguish data traffic Authentication servers such as Radius must be on the same Management VLAN Additionally DHCP and BOOTP servers must be on the same Management VLAN as well 9 Define a Native VLAN Tag for LAN1 and LAN2 A trunk port configured with 802 1Q tagging can receive both tagged and untagged traffic By default the access point forwards untagged traffic with th...

Страница 155: ... settings for that LAN For more information see Configuring Advanced DHCP Server Settings on page 5 13 Additionally LAN1 and LAN2 each have separate Type Filter submenu items used to prevent specific an potentially unneccesary frames from being processed for more information see Setting the Type Filter Configuration on page 5 14 To configure unique settings for either LAN1 or LAN2 1 Select Network...

Страница 156: ...a protocol that includes mechanisms for IP address allocation and delivery of host specific configuration parameters from a DHCP server to a host If DHCP Client is selected the first DHCP or BOOTP server to respond sets the IP address and network address values since DHCP and BOOTP are interoperable This interface is a BOOTP Client Select this button to enable BOOTP to set access point network add...

Страница 157: ...Network Mask The first two sets of numbers specify the network domain the next set specifies the subset of hosts within a larger network These values help divide a network into subnetworks and simplify routing and data transmission The subnet mask defines the size of the subnet Default Gateway The Default Gateway parameter defines the numerical non DNS name IP address of a router the access point ...

Страница 158: ...twork maintains hello forward delay and max age timers These settings can be used as is using the current default settings or be modified However if these settings are modified they need to be configured for the LAN connecting to the mesh network WLAN For information on mesh networking capabilities see Configuring Mesh Networking on page 9 1 If new to mesh networking and in need of an overview see...

Страница 159: ...long as it remains in active use The lease time is the number of seconds an IP address is reserved for re connection after its last use Using very short leases DHCP can dynamically reconfigure networks in which there are more computers than available IP addresses This is useful for example in education and customer environments where MU users change frequently Use longer leases if there are fewer ...

Страница 160: ...he updated settings within the Advanced DHCP Server screen can be saved by clicking the Apply button 7 Click Cancel to undo any changes made Undo Changes reverts the settings displayed to the last saved configuration 5 1 2 2 Setting the Type Filter Configuration Each access point LAN either LAN1 or LAN2 can keep a list of frame types that it forwards or discards The Type Filtering feature prevents...

Страница 161: ... designate whether the Ethernet Types defined for the LAN are allowed or denied for use by the access point 3 To add an Ethernet type click the Add button The Add Ethernet Type screen displays Use this screen to add one type filter option at a time for a list of up to 16 entries ...

Страница 162: ...ply results in all changes to the screens being lost 6 Click Cancel to securely exit the LAN1 or LAN2 Ethernet Type Filter Configuration screen without saving your changes 7 Click Logout to securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed 5 2 Configuring WAN Settings A Wide Area Network WAN is a widely dispersed telecommunications network Th...

Страница 163: ...onfigured as DHCP clients Enable WAN Interface Select the Enable WAN Interface checkbox to enable a connection between the access point and a larger network or outside world through the WAN port Disable this option to effectively isolate the access point s WAN No connections to a larger network or the Internet are possible MUs cannot communicate beyond the LAN By default the WAN port is static wit...

Страница 164: ...strator An IP address uses a series of four numbers expressed in dot notation for example 190 188 12 1 Subnet Mask Specify a subnet mask for the access point s WAN connection This number is available from the ISP for a DSL or cable modem connection or from an administrator if the access point connects to a larger network A subnet mask uses a series of four numbers expressed in dot notation similar...

Страница 165: ...ation displayed within the WAN IP Configuration field Auto Negotiation Select the Auto Negotiation checkbox to enable the access point to automatically exchange information over its WAN port about data transmission speed and duplex capabilities Auto negotiation is helpful when using the access point in an environment where different devices are connected and disconnected on a regular basis Selecti...

Страница 166: ...that the access point can incorrectly carry over previously configured static IP information and maintain two connected routes once it gets an IP address from a PPPOE connection Enable Use the checkbox to enable Point to Point over Ethernet PPPoE for a high speed connection that supports this protocol Most DSL providers are currently using or deploying this protocol PPPoE is a data link protocol f...

Страница 167: ...fter outbound and inbound traffic is not detected The Idle Time field is grayed out if Keep Alive is enabled Authentication Type Use the Authentication Type menu to specify the authentication protocol s for the WAN connection Choices include PAP or CHAP PAP or CHAP Password Authentication Protocol PAP and Challenge Handshake Authentication Protocol CHAP are competing identify verification methods ...

Страница 168: ...ble range of private side IP addresses Ranges can be specified from each of the private side subnets To configure IP address mappings for the access point 1 Select Network Configuration WAN NAT from the access point menu tree 2 Configure the Address Mappings field to generate a WAN IP address define the NAT type and set outbound inbound NAT mappings WAN IP Address The WAN IP addresses on the NAT s...

Страница 169: ...ny from the NAT Type drop down menu 3 Click on the Port Forwarding button within the Inbound Mappings area Outbound Mappings When 1 to 1 NAT is selected a single IP address can be entered in the Outbound Mappings area This address provides a 1 to 1 mapping of the WAN IP address to the specified IP address When 1 to Many is selected as the NAT Type the Outbound Mappings area displays a 1 to Many Ma...

Страница 170: ...eing forwarded The name can be any alphanumeric string and is used for identification of the service Transport Use the Transport pull down menu to specify the transport protocol used in this service The choices are ALL TCP UDP ICMP AH ESP and GRE Start Port and End Port Enter the port or ports used by the port forwarding service To specify a single port enter the port number in the Start Port area...

Страница 171: ...cess point 1 Select Network Configuration WAN DynDNS from the access point menu tree 2 Select the Enable checkbox to allow domain name information to be updated when the IP address associated with that domain changes A username password and hostname must be specified for domain name information to be updated IP Address Enter the numerical non DNS name IP address to which the specified service is f...

Страница 172: ... displayed on the screen to the last saved configuration 5 3 Enabling Wireless LANs WLANs A Wireless Local Area Network WLAN is a data communications system that flexibly extends the functionalities of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable Within the WLAN roaming users can be handed off from one access point to another like a ce...

Страница 173: ...on VLAN ID and security policy of existing WLANs WLAN Name The Name field displays the name of each WLAN that has been defined The WLAN names can be modified within individual WLAN configuration screens See Creating Editing Individual WLANs on page 5 29 to change the name of a WLAN ESSID Displays the Extended Services Set Identification ESSID associated with each WLAN The ESSID can be modified wit...

Страница 174: ... 6 Click Logout to securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed Radio The Radio field displays the name of the access point radio the WLAN is mapped to either the 802 11a n radio or the 802 11b g n radio To change the radio designation for a specific WLAN see Creating Editing Individual WLANs on page 5 29 VLAN The VLAN field displays the...

Страница 175: ... properties of an existing WLAN 1 Select Network Configuration Wireless from the access point menu tree The Wireless Configuration screen displays 2 Click the Create button to configure a new WLAN or highlight a WLAN and click the Edit button to modify an existing WLAN Either the New WLAN or Edit WLAN screen displays NOTE Before editing the properties of an existing WLAN ensure it is not being use...

Страница 176: ...arameters in the Configuration field as required for the WLAN CAUTION When using the access point s hotspot functionality ensure MUs are re authenticated when changes are made to the characteristics of a hotspot enabled WLAN as MUs within the WLAN will be dropped from device association ...

Страница 177: ...o be configured as a base bridge or repeater base and client bridge on the radio If the radio for the WLAN is to be defined as a client bridge only the Available On checkbox should not be selected For more information on defining a WLAN for mesh support see Configuring a WLAN for Mesh Networking Support on page 9 9 Max MUs Use the Max MUs field to define the number of MUs permitted to interoperate...

Страница 178: ... Hotspot button launches a screen wherein the parameters of the hotspot can be defined For information on configuring a target WLAN for hotspot support see Configuring WLAN Hotspot Support on page 5 45 For an overview of what a hotspot is and what it can provide your wireless network see Hotspot Support on page 1 20 CAUTION A WLAN cannot be enabled for both mesh and hotspot support at the same tim...

Страница 179: ...rently using Sites with heightened security requirements may want to leave the checkbox unselected and configure each MU with an ESSID The default is selected enable Rate Limiting Select this checkbox to set MU rate limiting values for this WLAN in both the upstream and downstream direction Once selected two fields display enabling you to set MU radio bandwidth for each associated MU in both the w...

Страница 180: ...o any WLAN A security policy can be used by more than one WLAN if its logical to do so For example there may be two or more WLANs within close proximity of each other requiring the same data protection scheme To create a new security policy or modify an existing policy 1 Select Network Configuration Wireless Security from the access point menu tree The Security Configuration screen appears with ex...

Страница 181: ...ccess points and how to configure them see to Configuring Security Options on page 6 2 2 Click Logout to exit the Security Configuration screen 5 3 1 2 Configuring a WLAN Access Control List ACL An Access Control List ACL affords a system administrator the ability to grant or restrict MU access by specifying a MU MAC address or range of MAC addresses to either include or exclude from access NOTE W...

Страница 182: ...ACL policies meeting the requirements of the particular WLANs they may map to However be careful not to name policies after specific WLANs as individual ACL policies can be used by more than one WLAN For detailed information on assigning ACL policies to specific WLANs see Creating Editing Individual WLANs on page 5 29 To create or edit ACL policies for WLANs 1 Select Network Configuration Wireless...

Страница 183: ... Management 5 37 2 Click the Create button to configure a new ACL policy or select a policy and click the Edit button to modify an existing ACL policy The access point supports a maximum of 16 MU ACL policies ...

Страница 184: ...within the Mobile Unit Access Control List field to allow or deny MU access to the access point The MU adoption list identifies MUs by their MAC address The MAC address is the MU s unique Media Access Control number printed on the device for example 00 09 5B 45 9B 07 by the manufacturer A maximum of 200 MU MAC addresses can be added to the New Edit MU ACL Policy screen Access for the listed Mobile...

Страница 185: ...S policies for advanced network traffic management and multimedia applications support If the existing QoS policies are insufficient a new policy can be created or an existing policy can be modified using the New QoS Policy or Edit QoS Policy screens Once new policies are defined they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based on MU interoperab...

Страница 186: ...icy or select a policy and click the Edit button to modify an existing QoS policy The access point supports a maximum of 16 QoS policies NOTE When the access point is first launched a single QoS policy default is available and mapped to WLAN 1 It is anticipated additional QoS policies will be created as the list of WLANs grows ...

Страница 187: ...ertain products may not receive priority over other voice or data traffic Consequently ensure the Support Voice Prioritization checkbox is selected if using products that do not support Wi Fi Multimedia WMM to provide preferred queuing for these VOIP products If the Support Voice Prioritization checkbox is selected the access point will detect non WMM capable legacy phones that connect to the acce...

Страница 188: ...cess Categories for the radio traffic within this WLAN Only advanced users should manually configure the Access Categories as setting them inappropriately could negatively impact the access point s performance 11n wifi Use this setting for high end multimedia devices that using the high rate 802 11n radio 11b wifi Use this setting for high end devices multimedia devices that use the 802 11b radio ...

Страница 189: ...udes music streaming and application traffic requiring priority over all other types of network traffic Voice Voice traffic includes VoIP traffic and typically receives priority over Background and Best Effort traffic CW Min The contention window minimum value is the least amount of time the MU waits before transmitting when there is no other data traffic on the network The longer the interval the...

Страница 190: ...proach when a VoIP traffic stream is detected The MU then buffers frames from the voice traffic stream and sends a VoIP frame with an implicit poll request to its associated access point The access point responds to the poll request with buffered VoIP stream frame s When a voice enabled MU wakes up at a designated VoIP frame interval it sends a VoIP frame with an implicit poll request to its assoc...

Страница 191: ...pot provider User authentication Authenticates users using a Radius server Walled garden support Enables a list of IP address not domain names accessed without authentication Billing system integration Sends accounting records to a Radius accounting server To configure hotspot functionality for an access point WLAN 1 Ensure the Enable Hotspot checkbox is selected from within the target WLAN screen...

Страница 192: ...er to the HTTP Redirection field to specify how the Login Welcome and Fail pages are maintained for this specific WLAN The pages can be hosted locally or remotely Use Default Files Select the Use Default Files checkbox if the login welcome and fail pages reside on the access point ...

Страница 193: ...the login welcome and fail pages To create a redirected page you need to have a TCP termination locally On receiving the user credentials from the login page the access point connects to a radius server determines the identity of the connected wireless user and allows the user to access the Internet based on successful authentication NOTE If an external URL is used the external Web pages are requi...

Страница 194: ...t s WAN IP address should be entered in the White List Enable Accounting Select the Enable Accounting checkbox to enable a Radius Accounting Server used for Radius authentication for a target hotspot user Server Address Specify an IP address for the external Radius Accounting server used to provide Radius accounting for the hotspot If using this option an internal Radius server cannot be used The ...

Страница 195: ...e used for the primary server Pri Server IP Define the IP address of the primary Radius server This is the address of your first choice for Radius server Pri Port Enter the TCP IP port number for the server acting as the primary Radius server The default port is 1812 Pri Secret Enter the shared secret password used with the primary Radius Server Sec Server IP Define the IP address of the secondary...

Страница 196: ...sure the Login page is designed so the submit action always posts the login data on the access point To define the White List for a target WLAN 1 Click the White List Entries button from within the WLAN s Hotspot Config screen 2 Click the Add button to define an IP address for an allowed destination IP address 3 Select a White List entry and click the Del button to remove the address from the Whit...

Страница 197: ...nect Wireless Sniffing All received frames are reported to the WIPS server This feature provides the WIPS server with visibility into the activity on the wireless network The WIPS server processes the received traffic and provides the IT administrator with useful information about the 802 11 RF activities in the enterprise Spectrum Analysis The data needed to provide the current RF Spectrum is pro...

Страница 198: ...y right clicking on the device which automatically limits the data to the specific device your choose The Radio Configuration screen displays with tabs for each access point radio Verify tabs are selected and configured separately to enable the radio s and optionally set their mesh network definitions To set the access point radio configuration 1 Select Network Configuration Wireless Radio Configu...

Страница 199: ...presenting the maximum for dual radio models Once the settings within the Radio Configuration screen are applied for an initial deployment the current number of client bridge connections for this specific radio displays NOTE This section describes mesh networking setting the radio s base and client bridge configuration at a high level For a detailed overview on the theory of mesh networking see Me...

Страница 200: ...isting radio within a mesh network these values update in real time 6 Click the Advanced button to define a prioritized list of access points to define Mesh Connection links For a detailed overview on mesh networking and how to configure the radio for mesh networking support see Configuring Mesh Networking Support on page 9 7 7 With dual radio model AP 7131N FGR access points refer to the Mesh Tim...

Страница 201: ...oon as the first mesh connection is established However if the client bridge radio loses its uplink connection the second radio shuts down immediately Uplink detect is the recommended setting within a multi hop mesh network Enabled If the mesh connection is down on one radio radio 1 the other radio radio 2 is brought down and stops beaconing after the timeout period 45 65535 seconds This allows th...

Страница 202: ... as a sub menu item under the Radio Configuration menu item Use the radio configuration screen to set the radio s placement properties define the radio s threshold and QoS settings set the radio s channel and antenna settings and define beacon and DTIM intervals To configure the access point s 802 11a n or 802 11b g n radio 1 Select Network Configuration Wireless Radio Configuration Radio1 default...

Страница 203: ... hardware encoded Media Access Control MAC or IEEE address MAC addresses determine the device sending or receiving data A MAC address is a 48 bit number written as six hexadecimal bytes separated by colons For example 00 A0 F8 24 9A C8 For additional information on access point MAC address assignments see MAC Address Assignment on page 1 29 Radio Type The Radio Type parameter simply displays the r...

Страница 204: ...d exclusively for 802 11b legacy clients or transmits in the 2 4 Ghz band for 802 11g n clients Selecting b and g enables the access point to transmit to both b and g clients if legacy clients 802 11b partially comprise the network Select accordingly based on the MU requirements of the network The rates for the access point s 2 4 GHz radio are as follows B G and N Allows only basic rates default s...

Страница 205: ...llowing channel selection options exist User Selected This is the default setting If 20 40 MHz is selected as the Channel Width supporting 11n the Secondary Channel drop down menu becomes enabled The user must define the primary channel first Then depending on the primary channel defined the secondary channel list is filled with channels making the combination of primary and secondary channels val...

Страница 206: ...tes as needed for additional supported rates Enable the Support Short Guard Interval checkbox to set a guard interval for interference protection for 20 MHz and 40 MHz channel widths When enabled the AP s radio defines values to enable a packet to be transmitted with guard interval based on the configuration and capabilities of associated clients Clients can associate to an access point regardless...

Страница 207: ...Network Management 5 61 4 Configure the Performance field to set the preamble thresholds values and QoS values for the radio ...

Страница 208: ... RF QOS screen to set QoS parameters for the radio Do not confuse with the QoS configuration screen used for a WLAN The Set RF QoS screen initially appears with default values displayed Select manual from the Select Parameter set drop down menu to edit the CW min and CW max contention window AIFSN Arbitrary Inter Frame Space Number and TXOPs Time for each Access Category These are the QoS policies...

Страница 209: ... transmitted by the access point Select the Enable Transmit A MPDU checkbox within the A MPDU Aggregation field to allow the aggregation of MAC Protocol frames When enabled long frames can be both sent and received up to 64 KB When enabled define an A MPDU Transmit Size Limit default is 2 bytes A MPDU Receive Size Limit default is 65535 bytes and an A MPDU Minimum Spacing Time default is 0 usec Se...

Страница 210: ...d increase power savings The default is 100 Avoid changing this parameter as it can adversely affect performance DTIM Interval The DTIM interval defines how often broadcast frames are delivered for each of the four access point BSSIDs If a system has an abundance of broadcast traffic and it needs to be delivered quickly Motorola recommends decreasing the DTIM interval for that specific BSSID Howev...

Страница 211: ...rimary WLANs can Enable QBSS load element When enabled the access point communicates channel usage data to associated devices using an interval you define The QBSS load represents the percentage of time the channel is in use by the access point and the access point s MU count This information is helpful in assessing the access point s overall load on a channel its availability for additional devic...

Страница 212: ...n changes to the screens being lost 10 Click Undo Changes if necessary to undo any changes made to the screen and its sub screens Undo Changes reverts the settings to the last saved configuration NOTE When using a AP 7131N FGR dual radio access point 4 BSSIDs for the 802 11b g n radio and 4 BSSIDs for the 802 11a n radio are available WLAN Lists the WLAN names available to the 802 11a n or 802 11b...

Страница 213: ...allotted to individual WLANs MU rate limiting enables an administrator to determine how much radio bandwidth is allowed to each MU within any one of the 16 supported AP WLANs To define MU rate limits for specific WLANs on an access point radio 1 Select Network Configuration Wireless Rate Limit from the access point menu tree 2 Select the enable Rate Limiting option to globally enable MU rate limit...

Страница 214: ...reverts the settings displayed on the Bandwidth Management screen to the last saved configuration 6 Click Logout to securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed 5 4 Configuring Router Settings The access point router uses routing tables and protocols to forward data packets from one network to another The access point router manages traf...

Страница 215: ...network mask and gateway settings are those belonging to each subnet Displayed interfaces are those associated with destination IP addresses To change any of the network address information within the WAN screen see Configuring WAN Settings on page 5 16 3 From the Use Default Gateway drop down menu select the WAN or either of the two LANs if enabled to server as the default gateway to forward data...

Страница 216: ...ick the Add button to create a new table entry b Highlight an entry and click the Del delete button to remove an entry c Specify the destination IP address subnet mask and gateway information for the internal static route d Select an enabled subnet from the Interface s column s drop down menu to complete the table entry Information in the Metric column is a user defined value from 1 to 65535 used ...

Страница 217: ...vate LAN RIP v1 RIP version 1 is a mature stable and widely supported protocol It is well suited for use in stub networks and in small autonomous systems that do not have enough redundant paths to warrant the overhead of a more sophisticated protocol RIP v2 v1 compat RIP version 2 compatible with version 1 is an extension of RIP v1 s capabilities but it is still compatible with RIP version 1 RIP v...

Страница 218: ... of compromises to the LAN or LAN firewall Select Yes to acknowledge the risk and continue or No to return to the Router screen None This option disables the RIP authentication Simple This option enable RIP version 2 s simple authentication mechanism This setting activates the Password Simple Authentication field MD5 This option enables the MD5 algorithm for data verification MD5 takes as input a ...

Страница 219: ...ring rules can be enforced on the access point s LAN1 or LAN2 interfaces and within any of the 16 access point WLANs An additional default action is also available denying traffic when filter rules fail Lastly imported and exported configurations retain their defined IP filtering configurations IP filtering is a network layer facility The IP filtering mechanism does not know anything about the app...

Страница 220: ... you create a filter policy apply it to an interface in either an incoming or outgoing direction Traffic entering the access point s LAN1 LAN2 or WLAN 1 16 from a client is classified as Incoming traffic Traffic leaving the access point s LAN1 LAN2 or WLAN 1 16 in route to a client is classified as Outgoing traffic To filter packets to better segregate desired versus undesired data traffic 1 Selec...

Страница 221: ...wed or denied permission to the target LAN1 LAN2 or WLAN Port End Defines the socket number or port number representing the ending protocol port range either allowed or denied permission to the target LAN1 LAN2 or WLAN Src Start Creates a range beginning source IP address to be either allowed or denied IP packet forwarding The source address is where the packet originated Setting the Src End value...

Страница 222: ...om the LAN1 or LAN2 screen a Select Network Configuration LAN LAN1 or LAN2 from the access point menu tree b Select the Enable IP Filtering button in the lower right hand side of the screen c Select the IP Filtering button From the Wireless screen a Select Network Configuration Wireless from the access point menu tree b Click the Create button to apply the filter to a new WLAN or highlight an exis...

Страница 223: ...recedence 2 Use the Filter name drop menu to select an existing filter 3 Set the Direction as Incoming or Outgoing as required 4 Apply an Action of Allow or Deny to permit or restrict the rules of this filter in the direction selected 5 Select Add to apply the filter s and their rules and permissions to the LAN or WLAN 6 Click Insert to insert the filter s to the LAN or WLAN 7 Click OK add the IP ...

Страница 224: ...Motorola Solutions AP 7131N FGR Access Point Product Reference Guide 5 78 ...

Страница 225: ...ccess point Sixteen separate ESSIDs WLANs can be supported on an access point and must be managed if necessary between the 802 11a n and 802 11b g n radio The user has the capability of configuring separate security policies for each WLAN Each security policy can be configured based on the authentication 802 1x EAP or encryption WPA2 CCMP scheme best suited to the coverage area that security polic...

Страница 226: ...gs on page 6 13 To create VPN tunnels allowing traffic to route securely through a IPSEC tunnel to a private network see Configuring VPN Tunnels on page 6 22 To configure the access point to block transmissions with devices detected as Rogue AP s hostile devices see Configuring Rogue AP Detection on page 6 42 6 2 Setting Passwords Before setting the access point security parameters verify an admin...

Страница 227: ... The user is required to know the IP address to connect to the access point using a Web browser The access point Login screen displays 4 Log in using the admin as the default Username and motorola as the default Password If the default login is successful the Change Admin Password window displays Change the default login and password to significantly decrease the likelihood of hacking NOTE For opt...

Страница 228: ...AN side of the access point the WLAN side of the access point supports authentication and encryption schemes Authentication is a challenge response procedure for validating user credentials such as username password and sometimes secret key information Encryption applies a specific algorithm to alter its appearance and prevent unauthorized reading Decryption applies the algorithm in reverse to res...

Страница 229: ...n type selected 4 Enable and configure an Authentication option if necessary for the target security policy 5 Enable and configure an Encryption option if necessary for the target security policy CAUTION Mesh configurations do not support mismatched security policies when operating using a mixed mode scheme Ensure the encryptions and authentication schemes used by APs in a mesh network are complim...

Страница 230: ...t device tries to connect with an authenticator in this case the authentication server The access point passes EAP packets from the client to an authentication server on the wired side of the access point All other packet types are blocked until the authentication server typically a Radius server verifies the MU s identity To configure 802 1x EAP authentication on the access point 1 Select Network...

Страница 231: ... Name of the security policy entered suits the intended configuration or function of the policy 5 If using the access point s Internal Radius server leave the Radius Server drop down menu in the default setting of Internal If an external Radius server is used select External from the drop down menu CAUTION When using external radius authentication with admin users when the connectivity to the Radi...

Страница 232: ... Radius server is listening Optionally specify the port of a secondary failover server Older Radius servers listen on ports 1645 and 1646 Newer servers listen on ports 1812 and 1813 Port 1645 or 1812 is used for authentication Port 1646 or 1813 is used for accounting The ISP or a network administrator needs to confirm the appropriate primary and secondary port numbers for authentication This setti...

Страница 233: ... the authentication session The default is 2 retries Enable Syslog Select the Enable Syslog checkbox to enable Radius accounting syslog messages relating to EAP events to be written to the specified syslog server Syslog Server IP Address Enter the IP address of the destination syslog server to be used to log EAP events Enable Reauthentication Select the Enable Reauthentication checkbox to configur...

Страница 234: ...t Period 1 65535 secs Specify an idle time in seconds between MU authentication attempts as required by the authentication server The default is 10 seconds MU Timeout 1 255 secs Define the time in seconds for the access point s retransmission of EAP Request packets The default is 10 seconds MU Tx Period 1 65635 secs Specify the time period in seconds for the access point s retransmission of the EA...

Страница 235: ...block of data The end result is an encryption scheme as secure as any the access point provides To configure WPA2 CCMP on the AP 7131N FGR 1 Select Network Configuration Wireless Security from the access point menu tree If security policies supporting WPA2 CCMP exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by clickin...

Страница 236: ...ternatively rotated on every interval specified in the Broadcast Key Rotation Interval Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN This value is disabled by default Update broadcast keysevery 30 604800 seconds Specify a time period in seconds to rotate the key index used for the broadcast key Set the interval to a shorter duration like 3600 seconds for tight...

Страница 237: ...ms located in the gateway on the WAN side of the access point The firewall uses a collection of filters to screen information packets for known types of system attacks Some of the access point s filters are continuously enabled others are configurable 256 bit Key To use a hexadecimal value and not an ASCII passphrase select the checkbox and enter 16 hexadecimal characters into each of the four fie...

Страница 238: ...and data encryption parameters To configure the access point firewall settings 1 Select Network Configuration Firewall from the access point menu tree 2 Refer to the Timeout Configuration field to define a timeout interval to terminate IP address translations NAT Timeout Network Address Translation NAT converts an IP address in one network to a different IP address or set of IP addresses in a diff...

Страница 239: ...loiting the use of an intermediate host to gain access to a private host Winnuke Attack Check A Win nuking attack uses the IP address of a destination host to send junk packets to its receiving port FTP Bounce Attack Check An FTP bounce attack uses the PORT command in FTP mode to gain access to arbitrary ports on machines other than the originating client IP Unaligned Timestamp Check An IP unalign...

Страница 240: ...on Firewall Subnet Access from the access point menu tree 2 Refer to the Overview field to view rectangles representing subnet associations The three possible colors indicate the current access level as defined for each subnet association Color Access Type Description Green Full Access No protocol exceptions rules are specified All traffic may pass between these two areas Yellow Limited Access One...

Страница 241: ...settings displayed on the Subnet Access screen to the last saved configuration 5 Click Logout to securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed 6 6 1 1 Available Protocols Protocols that are not pre configured can be specified using the drop down list within the Transport column within the Subnet Access and Advanced Subnet Access screens T...

Страница 242: ...etween two end points Also AH can be used in tunnel mode providing security like that of a Virtual Private Network VPN ESP Encapsulating Security Protocol is one of two key components of IP Security Protocol IPsec The other key component is Authentication Header AH ESP encrypts the packets and provides authentication services ESP can be used in transport mode providing security between two end poi...

Страница 243: ...bnet access rules port forwarding and 1 to many mappings from the system Only enable advanced subnet access rules if your configuration requires rules that cannot be configured within the Subnet Access screen Import rules from Subnet Access Select this checkbox to import existing access ruls NAT packet forwarding VPN rules etc into the Firewall Rules field This rule import overrides any existing r...

Страница 244: ...ton to insert a new rule at the bottom of the table Click on a row to display a new window with configuration options for that field Insert Click the Insert button to insert a new rule directly above a selected rule in the table Clicking on a field in the row displays a new window with configuration options Del Delete Click Del to remove the selected rule from the table The index numbers for all t...

Страница 245: ...ress or address range for the firewall rule To configure the Source IP range click on the field A new window displays for entering the IP address and range Destination IP The Destination IP range determines the target address or address range for the firewall rule To configure the Destination IP range click on the field A new window displays for entering the IP address and range Transport Select a...

Страница 246: ...rough an IPSec tunnel to a private network A VPN port is a virtual port which handles tunneled traffic When connecting to another site using a VPN the traffic is encrypted so if anyone intercepts the traffic they cannot see what it is unless they can break the encryption The traffic is encrypted from your computer through the network to the VPN At that point the traffic is decrypted Use the VPN sc...

Страница 247: ...onfigure a specific tunnel select it from the list and use the parameters within the VPN Tunnel Config field to set its properties Del Click Del to delete a highlighted VPN tunnel There is no confirmation before deleting the tunnel Tunnel Name The Tunnel Name column lists the name of each VPN tunnel on the access point Remote Subnet The Remote Subnet column lists the remote subnet for each tunnel ...

Страница 248: ... Type column lists the key exchange type for passing keys between both ends of a VPN tunnel If Manual Key Exchange is selected this column displays Manual If Auto IKE Key Exchange is selected the field displays Automatic NOTE When creating a tunnel the remote subnet and remote subnet mask must be that of the target device s LAN settings The remote gateway must be that of the target device s WAN IP...

Страница 249: ...hange Selecting Manual Key Exchange requires you to manually enter keys for AH and or ESP encryption and authentication Click the Manual Key Settings button to configure the settings Manual Key Settings Select Manual Key Exchange and click the Manual Key Settings button to open a screen where AH authentication and ESP encryption authentication can be configured and keys entered For more informatio...

Страница 250: ... describes how to define a simple configuration using two access points to create an IPSec tunnel To create a IPSec VPN tunnel between two access points 1 Ensure the WAN ports are connected via the internet 2 Select Network Configuration WAN VPN from the access point menu tree 3 Enter any tunnel name tunnel names do not need to match 4 Enter the WAN port IP address of AP 1 in the Local WAN IP fiel...

Страница 251: ...red Key PSK 13 Enter the Passphrase Passphrases must match on both VPN devices 14 Select AES 128 bit 15 Select Group 2 16 Click OK This will take you back to the main VPN configuration screen 17 Click Apply to save the updates 18 Select Network Configuration WAN VPN VPN Status from the access point menu tree Check the VPN status on the access point ...

Страница 252: ...protect data flow A transform set specifies one or two IPSec security protocols either AH ESP or both and specifies the algorithms to use for the selected security protocol If you specify an ESP protocol in a transform set specify just an ESP encryption transform or both an ESP encryption transform and an ESP authentication transform When the particular transform set is used during negotiations fo...

Страница 253: ...bound encryption or authentication keys an error message could display stating the keys provided are weak Some attack tools invoke a dictionary to hack keys based on commonly used words To avoid entering a weak key try to not to produce a key using commonly used terms and attempt to mix alphabetic and numerical key attributes when possible ...

Страница 254: ...y check on outbound traffic with the selected authentication algorithm The key must be 32 40 hexadecimal 0 9 A F characters in length The key value must match the corresponding inbound key on the remote security gateway Inbound SPI Hex Enter an up to six character hexadecimal value to identify the inbound security association created by the AH algorithm The value must match the corresponding outbo...

Страница 255: ...s include SHA1 Enables Secure Hash Algorithm 1 which requires 160 bit 40 character hexadecimal keys Inbound ESP Authentication Key Define a key for computing the integrity check on the inbound traffic with the selected authentication algorithm The key must be 32 40 hexadecimal 0 9 A F characters in length The key must match the corresponding outbound key on the remote security gateway Outbound ESP...

Страница 256: ...y Settings screen select the Manual Key Exchange radio button and set the keys within the Manual Key Setting screen To configure auto key settings for the access point 1 Select Network Configuration WAN VPN from the access point menu tree 2 Refer to the VPN Tunnel Config field select the Auto IKE Key Exchange radio button and click the Auto Key Settings button 3 Configure the Auto Key Settings scr...

Страница 257: ...e the drop down menu to select the ESP type ESP Enables ESP for this tunnel ESP with Authentication Enables ESP with authentication ESP Encryption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel AES 128 bit Selects the Advanced Encryption Standard algorithm with 128 bit No keys are required to be manually provided AES 192 bit Selects the Advanced ...

Страница 258: ...automatic means of negotiation and authentication for communication between two or more parties In essence IKE manages IPSec keys automatically for the parties To configure IKE key settings for the access point 1 Select Network Configuration WAN VPN from the access point menu tree 2 Refer to the VPN Tunnel Config field select the Auto IKE Key Exchange radio button and click the IKE Settings button...

Страница 259: ... if the remote ID type is the IP address specified as part of the tunnel FQDN Select FQDN if the remote ID type is a fully qualified domain name such as sj motorola com The setting for this field does not have to be fully qualified however it must match the setting for the Certificate Authority UFQDN Select this item if the remote ID type is a user unqualified email address such as johndoe motorol...

Страница 260: ...lect the encryption and authentication algorithms for the VPN tunnel from the drop down menu AES 128 bit Uses the Advanced Encryption Standard algorithm with 128 bit No keys are required to be manually provided AES 192 bit Enables the Advanced Encryption Standard algorithm with 192 bit No keys are required to be manually provided AES 256 bit Uses the Advanced Encryption Standard algorithm with 256...

Страница 261: ...he access point For information on configuring a tunnel see Configuring VPN Tunnels on page 6 22 Status The Status column lists the status of each configured tunnel When the tunnel is not in use the status reads NOT_ACTIVE When the tunnel is connected the status reads ACTIVE Outb SPI The Outb SPI column displays the outbound Security Parameter Index SPI for each tunnel The SPI is used locally by t...

Страница 262: ... defined When the lifetime expires the SA can no longer be used to protect data traffic The maximum SA lifetime is 65535 seconds Tx Bytes The Tx Bytes column lists the amount of data in bytes transmitted through each configured tunnel Rx Bytes The Rx Bytes column lists the amount of data in bytes received through each configured tunnel Tunnel Name Displays the name of each of the tunnels configure...

Страница 263: ...stem administrators selective control on the content proliferating the network and is a powerful data and network screening tool Content filtering allows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound requests To configure content filtering for the access point 1 Select Network Configuration WAN Content Filtering from the access point menu tree 2 Configur...

Страница 264: ...the access point WAN port HTTP blocks commands on port 80 only The Block Outbound HTTP option allows blocking of the following user selectable outgoing HTTP requests Web Proxy Blocks the use of Web proxies by clients ActiveX Blocks all outgoing ActiveX requests by clients Selecting ActiveX only blocks traffic scripting language with an ocx extension Block Outbound URL Extensions Enter a URL extens...

Страница 265: ...ntifies a recipient of mail data DATA Tells the SMTP receiver to treat the following information as mail data from the sender QUIT Tells the receiver to respond with an OK reply and terminate communication with the sender SEND Initiates a mail transaction where mail is sent to one or more remote terminals SAML Send and Mail Initiates a transaction where mail data is sent to one or more local mailb...

Страница 266: ...he user defined interval the access point waits to search for rogue APs Additionally the access point does not detect rogue APs on illegal channels channels not allowed by the regulatory requirements of the country the access point is operating in Block Outbound FTP Actions File Transfer Protocol FTP is the Internet standard for host to host mail transport FTP generally operates over TCP port 20 a...

Страница 267: ...rogue AP A longer interval will have less of an impact to the MU s but it will increase the amount of time used to detect rogue APs Therefore the interval should be set according to the perceived risk of rogue devices and the criticality of MU performance To configure Rogue AP detection for the access point 1 Select Network Configuration Wireless Rogue AP Detection from the access point menu tree ...

Страница 268: ...U or access point and define the 802 11a n or 802 11b g n radio to conduct the rogue AP search CAUTION Users cannot define a rogue detection method when one of the access point radios is functioning as a WIPS sensor To use one of the radios as a detector you must disable WIPS sensor mode first then set a radio for the desired detection method ...

Страница 269: ... If the access point is a dual radio model select the RF Scan by Detector Radio checkbox to enable the selected 11a or 11b g radio to scan for rogue APs For example if 11b g is selected the existing 11a radio would act as the detector radio scanning on all 11b g channels while the existing 11b g radio continues to service MUs The assumption is when planning to do an all channel scan on one band th...

Страница 270: ...f allowed APs 1 Select Network Configuration Wireless Rogue AP Detection Active APs from the access point menu tree Del Delete Click the Delete button to remove the highlighted line from the Rule Management field The MAC and ESS address information previously defined is no longer applicable unless the previous configuration is restored Delete All Click the Delete All button to remove all entries f...

Страница 271: ...he approved AP list permanently 3 Enter a value in minutes in the Rogue APs Age Out Time field to indicate the number of elapsed minutes before an AP will be removed from the rogue AP list and reevaluated A zero 0 for this value default value indicates an AP can remain on the rogue AP list permanently 4 Highlight an AP from within the Rogue APs table and click the Add to Allowed APs List button to...

Страница 272: ...ply to save any changes to the Active APs screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost 9 Click Undo Changes if necessary to undo any changes made Undo Changes reverts the settings displayed on the Active APs screen to the last saved configuration 10 Click Logout to securely exit the Access Point applet A prompt displays confirming th...

Страница 273: ...d the device should be defined as an allowed AP ESSID Displays the ESSID of the rogue AP This information could be useful if the ESSID is determined to be non hostile and the device should be defined as an allowed AP RSSI Shows the Relative Signal Strength RSSI of the rogue AP Use this information to assess how close the rogue AP is The higher the RSSI the closer the rogue AP If multiple access po...

Страница 274: ...rogue detection area can be significantly extended To use associated rogue AP enabled MUs to scan for rogue APs 1 Select Network Configuration Wireless Rogue AP Detection MU Scan from the access point menu tree The On Demand MU Scan screen displays with associated MUs with rogue AP detection enabled Detection Method Displays the RF Scan by MU RF On Channel Detection or RF Scan by Detector Radio me...

Страница 275: ...ESSID and RSSI values to determine the device listed in the table is truly a rogue device or one inadvertently detected as a rogue AP 3 If necessary highlight an individual MU from within the Scan Result field and click the Add to Allowed AP List button to move the AP into the Allowed APs table within the Active APs screen 4 Additionally if necessary click the Add All to Allowed APs List button to...

Страница 276: ...ernal LDAP Servers AAA Servers to provide user database information and user authentication 6 10 1 Configuring the Radius Server The Radius Server screen enables an administrator to define data sources and specify authentication information for the Radius Server To configure the Radius Server 1 Select System Configuration User Authentication Radius Server from the menu tree CAUTION Ensure IPSec ha...

Страница 277: ...source Use the User Database screen to enter the user data For more information see Managing the Local User Database on page 6 61 LDAP If LDAP is selected the switch will use the data in an LDAP server Configure the LDAP server settings on the LDAP screen under Radius Server on the menu tree For more information see Configuring LDAP Authentication on page 6 57 NOTE When using LDAP only PEAP GTC an...

Страница 278: ...AP uses a TLS layer on top of EAP as a carrier for other EAP modules PEAP is an ideal choice for networks using legacy EAP authentication methods TTLS Select the TTLS checkbox to enable all three TTLS types MD5 PAP and MSCHAP V2 available to the access point TTLS is similar to EAP TLS but the client authentication portion of the protocol is not performed until after a secure transport tunnel is es...

Страница 279: ... is authorized WatchGuard products do not support the PAP protocol because the username and password are sent as clear text that a hacker can read MSCHAP V2 Microsoft CHAP MSCHAP V2 is an encrypted authentication method based on Microsoft s challenge response authentication protocol MD5 This option enables the MD5 algorithm for data verification MD5 takes as input a message of arbitrary length and...

Страница 280: ...sing a server certificate signed by a CA import that CA s root certificate using the CA certificates screen for information see Importing a CA Certificate on page 4 18 After a valid CA certificate has been imported it is available from the CA Certificate drop down menu WARNING If you have imported a Server or CA certificate the certificate will not be saved when updating the access point s firmwar...

Страница 281: ...ons with the external LDAP server Changes will not be applied otherwise NOTE For the onboard Radius server to work with Windows Active Directory or open LDAP as the database the user has to be present in a group within the organizational unit The same group must be present within the onboard Radius server s database The group configured within the onboard Radius server is used for group policy con...

Страница 282: ... the data source for the Radius server The LDAP server must be accessible from the WAN port or from the access point s active subnet Port Enter the TCP IP port number for the LDAP server acting as a data source for the Radius The default port is 389 Login Attribute Specify the login attribute used by the LDAP server for authentication In most cases the default value should work Windows Active Dire...

Страница 283: ...ed name used to bind with the LDAP server Password Enter a valid password for the LDAP server The password length must be 8 to 16 characters Base Distinguished Name Enter a name that establishes the base object for the search The base object is the point in the LDAP tree at which to start searching Group Attribute Define the group attribute used by the LDAP server Group Filter Specify the group fi...

Страница 284: ...onfiguration field to define the proxy server s retry count and timeout values CAUTION When configuring the credentials of an MU ensure its login or user name is a Fully Qualified Domain Name FQDN or it cannot be authenticated by the access point s proxy server For example ap7131 2kserver FUSCIA com CAUTION Ensure IPSec has been properly configured to protect communications with the external Proxy...

Страница 285: ...he Radius server The database of groups is employed if Local is selected as the Data Source from the Radius Server screen For information on selecting Local as the Data Source see Configuring the Radius Server on page 6 52 To add groups to the User database Retry Count Enter a value between 3 and 6 to indicate the number of times the access point attempts to reach a proxy server before giving up T...

Страница 286: ...be added and deleted but there is no capability to edit the name of a group 4 Click the List of Groups cell A new screen displays enabling you to associate groups with the user For more information on mapping groups with a user see Mapping Users to Groups on page 6 65 5 Click Apply to save any changes to the Users screen Navigating away from the screen without clicking Apply results in all changes...

Страница 287: ...unt 3 To add a new user click the Add button at the bottom of the Management Users Upto 24 users can be added for managing the AP So there can be a total of 25 management users including the default admin user NOTE The default admin user has the following special privileges compared to other management users Add Delete Edit operations are only allowed for default admin user other management users ...

Страница 288: ...button A small window displays Enter a new password for the user and click Apply button to save the changes Change Login Password button is available for non default management user accounts only 6 Click Apply to save any changes to the Users screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost ...

Страница 289: ...red for inclusion to one some or all of the groups also created within the Users screen To map users to groups for group authentication privileges 1 If you are not already in the Users screen select System Configuration User Authentication User Database from the menu tree Existing users and groups display within their respective fields If user or group requires creation or modification make your c...

Страница 290: ...e Add button Assigned users will display within the Assigned table Map one or more groups as needed for group authentication access for this particular user 4 To remove the user from a group select the group in the Assigned list on the left and click the Delete button 5 Click the OK button to save your user and group mapping assignments and return to the Users screen ...

Страница 291: ...hin the Users screen displays in the Access Policy screen within the groups column Similarly existing WLANs can be individually mapped to user groups by clicking the WLANs button to the right of each group name For more information on creating groups and users see Managing the Local User Database on page 6 61 For information on creating a new WLAN or editing the properties of an existing WLAN see ...

Страница 292: ...e access intervals for specific days and hours A mechanism also exists for mapping specific WLANs to these intervals For more information see Editing Group Access Permissions on page 6 69 For information on creating a new group see Managing the Local User Database on page 6 61 Time of Access The Time of Access field displays the days of the week and the hours defined for group access to access poi...

Страница 293: ...for any day of the week and include any hour of the day Ten unique access intervals can be defined for each existing group To update a group s access permissions 1 Select User Authentication Radius Server Access Policy from the menu tree 2 Select an existing group from within the groups field 3 Select the Edit button The Edit Access Policy screen displays Associated WLANs The Associated WLANs fiel...

Страница 294: ... the week for which each policy applies If continual access is required select the All Days option If continual access is required during Monday through Friday but not Saturday or Sunday select the Weekdays option Use the Start Time and End Time values to define the access interval in HHMM format for each access policy Each policy for a given group should have unique intervals Policies can be crea...

Страница 295: ...ccess Policy screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost 7 Click Cancel if necessary to undo any changes made Undo Changes reverts the settings displayed on the Edit Access Policy screen to the last saved configuration NOTE Groups have a strict start and end time as defined using the Edit Access Policy screen Only during this period...

Страница 296: ...Motorola Solutions AP 7131N FGR Access Point Product Reference Guide 6 72 ...

Страница 297: ...n and 802 11b g n radios An advanced radio statistics page is also available to display retry histograms for specific data packet retry information Associated MU stats can be displayed collectively for associated MUs and individually for specific MUs An echo ping test is also available to ping specific MUs to assess the strength of the AP association Finally the access point can detect and display...

Страница 298: ...s screen to view real time statistics for monitoring the access point activity through its Wide Area Network WAN port The Information field of the WAN Stats screen displays basic WAN information generated from settings on the WAN screen The Received and Transmitted fields display statistics for the cumulative packets bytes and errors received and transmitted through the WAN interface since it was ...

Страница 299: ...n displays no connection information and statistics To enable the WAN connection see Configuring WAN Settings on page 5 16 HW Address The Media Access Control MAC address of the access point WAN port The WAN port MAC address is hard coded at the factory and cannot be changed For more information on how access point MAC addresses are assigned see MAC Address Assignment on page 1 29 IP Addresses The...

Страница 300: ... received over the WAN port The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted RX Bytes RX bytes are bytes of information received over the WAN port The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted To restart the access point to begin a new data collecti...

Страница 301: ...llection see Configuring System Settings on page 4 2 TX Bytes TX bytes are bytes of information sent over the WAN connection The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted To begin a new data collection see Configuring System Settings on page 4 2 TX Errors TX errors include dropped data packets buffer overruns and carrier ...

Страница 302: ...e Received and Transmitted fields of the screen display statistics for the cumulative packets bytes and errors received and transmitted over the LAN1 or LAN2 port since it was last enabled or the access point was last restarted The LAN Stats screen is view only with no user configurable data fields To view access point LAN connection stats 1 Select Status and Statistics LAN Stats LAN1 Stats or LAN...

Страница 303: ...his information to assess the current connection status of LAN 1 or LAN2 Speed The LAN 1 or LAN 2 connection speed is displayed in Megabits per second Mbps for example 54Mbps If the throughput speed is not achieved examine the number of transmit and receive errors or consider increasing the supported data rate To change the data rate of the 802 11a n or 802 11b g n radio see Configuring the 802 11...

Страница 304: ...Packets TX packets are data packets sent over the access point LAN port The displayed number is a cumulative total since the LAN connection was last enabled or the access point was last restarted To begin a new data collection see Configuring System Settings on page 4 2 TX Bytes TX bytes are bytes of information sent over the LAN port The displayed number is a cumulative total since the LAN Connec...

Страница 305: ...bility to track its own unique STP statistics Refer to the LAN STP Stats page when assessing mesh networking functionality for each of the two access point LANs Access points in bridge mode exchange configuration messages at regular intervals typically 1 to 4 seconds If a bridge fails neighboring bridges detect a lack of configuration messaging and initiate a spanning tree recalculation when spann...

Страница 306: ... calculation to occur when the bridge is powered up or when a topology change is detected Designated Root Displays the access point MAC address of the bridge defined as the root bridge in the Bridge STP Configuration screen For information on defining an access point as a root bridge see Setting the LAN Configuration for Mesh Networking Support on page 9 7 Bridge ID The Bridge ID identifies the pr...

Страница 307: ...n tuned between 1 and 10 sec For information on setting the Bridge Hello Time see Setting the LAN Configuration for Mesh Networking Support on page 9 7 The 802 1d specification recommends the Hello Time be set to a value less than half of the Max Message age value Bridge Forward Delay The Bridge Forward Delay value is the time spent in a listening and learning state This time is equal to 15 sec by...

Страница 308: ... WAN Settings on page 5 16 to enable the WLAN For information on configuring the properties of individual WLANs see Creating Editing Individual WLANs on page 5 29 To view access point WLAN Statistics 1 Select Status and Statistics Wireless Stats from the access point menu tree Designated Bridge There is only one root bridge within each mesh network All other bridges are designated bridges that loo...

Страница 309: ...splays the total number of MUs currently associated with each enabled WLAN Use this information to assess if the MUs are properly grouped by function within each enabled WLAN To adjust the maximum number of MUs permissible per WLAN see Creating Editing Individual WLANs on page 5 29 T put Displays the total throughput in Megabits per second Mbps for each active WLAN ABS Displays the Average Bit Spe...

Страница 310: ...a gathering activity or risk losing all data calculations to that point Total pkts per second Displays the average number of RF packets sent per second across all active WLANs on the access point The number in black represents packets for the last 30 seconds and the number in blue represents total pkts per second for the last hour Total bits per second Displays the average bits sent per second acr...

Страница 311: ...n RF traffic and throughput The RF Status field displays information on RF signal averages from the associated MUs The Error field displays RF traffic errors based on retries dropped packets and undecryptable packets The WLAN Stats screen is view only with no user configurable data fields To view statistics for an individual WLAN 1 Select Status and Statistics Wireless Stats WLANx Stats x target W...

Страница 312: ...number of MUs currently associated with the WLAN If this number seems excessive consider segregating MU s to other WLANs if appropriate Packets per second The Total column displays the average total packets per second crossing the selected WLAN The Rx column displays the average total packets per second received on the selected WLAN The Tx column displays the average total packets per second sent ...

Страница 313: ...ackets for the last hour Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the selected WLAN The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour If the signal is low consider mapping the MU to a different WLAN if a better functional grouping of MUs can be determined Avg MU No...

Страница 314: ...ics can be displayed as well by selecting a specific radio from within the access point menu tree To view high level access point radio statistics 1 Select Status and Statistics Radio Stats from the access point menu tree Dropped Packets Displays the percentage of packets which the AP gave up on for all MUs associated with the selected WLAN The number in black represents this statistic for the las...

Страница 315: ...n on page 5 51 MUs Displays the total number of MUs currently associated with each access point radio T put Displays the total throughput in Megabits per second Mbps for each access point radio listed To adjust the data rate for a specific radio see Configuring the 802 11a n or 802 11b g n Radio on page 5 56 ABS Displays the Average Bit Speed ABS in Megabits per second Mbps for each access point r...

Страница 316: ...nformation field displays device address and location information as well as channel and power information The Traffic field displays statistics for cumulative packets bytes and errors received and transmitted The Traffic field does not add retry information to the stats displayed Refer to the RF Status field for an average MU signal noise and signal to noise ratio information Finally the Errors f...

Страница 317: ...the factory and can be found on the bottom of the access point For more information on how access point MAC addresses are assigned see MAC Address Assignment on page 1 29 Radio Type Displays the radio type either 802 11a n or 802 11b g n Power The power level in milliwatts mW for RF signal strength To change the power setting for the radio see Configuring the 802 11a n or 802 11b g n Radio on page...

Страница 318: ...e last hour Throughput The Total column displays average throughput on the radio TheRx column displays average throughput in Mbps for packets received The Tx column displays average throughput for packets transmitted The number in black represents statistics for the last 30 seconds and the number in blue represents statistics for the last hour Use this information to assess whether the current thr...

Страница 319: ... last 30 seconds and the number in blue represents MU noise for the last hour If MU noise is excessive consider moving the MU closer to the access point or in area with less conflicting network traffic Avg MU SNR Displays the average Signal to Noise Ratio SNR for all MUs associated with the access point radio The Signal to Noise Ratio is an indication of overall RF performance on your wireless net...

Страница 320: ...e To display a Retry Histogram screen for an access point radio 1 Select Status and Statistics Radio Stats Radio1 802 11b g n Stats Retry Histogram from the access point menu tree A Radio Histogram screen is available for each access point radio regardless of single or dual radio model The table s first column shows 0 under Retries The value under the Packets column directly to the right shows the...

Страница 321: ... confirming the logout before the applet is closed 7 5 Viewing MU Statistics Summary Use the MU Stats Summary screen to display overview statistics for mobile units MUs associated with the access point The MU List field displays basic information such as IP Address and total throughput for each associated MU The MU Stats screen is view only with no user configurable data fields However individual ...

Страница 322: ...h of the associated MU WLAN Displays the WLAN name each MU is interoperating with Radio Displays the name of the 802 11a n or 802 11b g n radio each MU is associated with T put Displays the total throughput in Megabits per second Mbps for each associated MU ABS Displays the Average Bit Speed ABS in Megabits per second Mbps for each associated MU Retries Displays the average number of retries per p...

Страница 323: ...o securely exit the Access Point applet A prompt displays confirming the logout before the applet is closed 7 5 1 Viewing MU Details Use the MU Details screen to display throughput signal strength and transmit error information for a specific MU associated with the access point The MU Details screen is separated into four fields MU Properties MU Traffic MU Signal and MU Errors The MU Properties fi...

Страница 324: ...radio traffic Motorola recommends CAM for those MUs transmitting with the AP frequently and for periods of time of two hours HW Address Displays the Media Access Control MAC address for the MU Radio Association Displays the name of the AP MU is currently associated with If the name of the access point requires modification see Configuring System Settings on page 4 2 QoS Client Type Displays the da...

Страница 325: ...a rate of the AP if the current bit speed does not meet network requirements For more information see Configuring the 802 11a n or 802 11b g n Radio on page 5 56 The associated MU must also be set to the higher rate to interoperate with the access point at that data rate of Non unicast pkts Displays the percentage of the total packets for the selected mobile unit that are non unicast Non unicast p...

Страница 326: ...t received on for the selected MU The number in black represents the percentage of packets for the last 30 seconds and the number in blue represents the percentage of packets for the last hour of Undecryptable Pkts Displays the percentage of undecryptable packets for the MU The number in black represents the percentage of undecryptable packets for the last 30 seconds and the number in blue represe...

Страница 327: ...t the Echo Test screen and return to the MU Stats Summary screen 7 5 3 MU Authentication Statistics The access point can access and display authentication statistics for individual MUs To view access point authentication statistics for a specific MU 1 Select Status and Statistics MU Stats from the access point menu tree 2 Highlight a target MU from within the MU List field 3 Click the MU Authentic...

Страница 328: ...information is used to create a list of known wireless bridges To view detected mesh network statistics 1 Select Status and Statistics Mesh Stats from the access point menu tree The Mesh Statistics Summary screen displays the following information Conn Type Displays whether the bridge has been defined as a base bridge or a client bridge For information on defining configuring the access point as e...

Страница 329: ...station identifier This value is hard coded at the factory by the manufacturer and cannot be changed WLAN Displays the WLAN name each wireless bridge is interoperating with Radio Displays the name of the 802 11a n or 802 11b g n radio each bridge is associated with T put Displays the total throughput in Megabits per second Mbps for each associated bridge ABS Displays the Average Bit Speed ABS in M...

Страница 330: ... Access Point applet A prompt displays confirming the logout before the applet is closed 7 7 Viewing Known Access Point Statistics The access point has the capability of detecting and displaying the properties of other Motorola access points located within its coverage area Detected access point s transmit a WNMP message ...

Страница 331: ...nown AP Stats from the access point menu tree The Known AP Statistics screen displays the following information NOTE The Known AP Statistics screen only displays statistics for access points located on the same subnet IP Address The network assigned Internet Protocol address of the located AP MAC Address The unique 48 bit hard coded Media Access Control address known as the devices station identif...

Страница 332: ... Start Flash button to flash the LEDs of other access points detected and displayed within the Known AP Statistics screen Use the Start Flash button to determine the location of the devices displayed within the Known AP Statistics screen When an access point is highlighted and the Start Flash button is selected the LEDs on the selected access point flash When the Stop Flash button is selected the ...

Страница 333: ...ess point CLI follows the same conventions as the Web based user interface The CLI does however provide an escape sequence to provide diagnostics for problem identification and resolution The CLI treats the following as invalid characters In order to avoid problems when using the CLI these characters should be avoided ...

Страница 334: ...untry code is set A new password will also need to be created 8 1 2 Accessing the CLI via SSH To connect to the access point CLI through a SSH connection 1 If this is your first time connecting to your access point keep in mind the access point uses a static IP WAN address 10 1 1 1 Additionally the access point s LAN port default static IP address is 192 168 0 1 24 2 Enter the default username of ...

Страница 335: ...mand are shown below Syntax help Displays general user interface help passwd Changes the admin password summary Shows a system summary network Goes to the network submenu system Goes to the system submenu stats Goes to the stats submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 336: ... a function argument is treated as an argument Eg admin network lan set lan enable Here is an invalid extra argument because it is after the argument enable ctrl q go backwards in command history ctrl p go forwards in command history Note 1 commands can be incomplete Eg sh sho show 2 introduces a comment and gets no resposne from CLI admin help Displays command line help using combinations of func...

Страница 337: ...For information on configuring passwords using the applet GUI see Setting Passwords on page 6 2 passwd Changes the admin password for access point access This requires typing the old admin password and entering a new password and confirming it Passwords can be between 8 and19 characters The access point CLI treats the following as invalid characters In order to avoid problems when using the access...

Страница 338: ...s 2 4 and 5 0 GHz VLAN VLAN1 Security Policy Default QoS Policy Default Rate Limiting disabled LAN1 Name LAN1 LAN1 Mode enable LAN1 IP 0 0 0 0 LAN1 Mask 0 0 0 0 LAN1 DHCP Mode client LAN2 Name LAN2 LAN2 Mode enable LAN2 IP 192 235 1 1 LAN2 Mask 255 255 255 0 LAN2 DHCP Mode client WAN Interface IP Address Network Mask Default Gateway DHCP Client enable 172 20 23 10 255 255 255 192 172 20 23 20 enab...

Страница 339: ...scription Displays the parent menu of the current menu This command appears in all of the submenus under admin In each case it has the same function to move up one level in the directory structure Example admin network lan admin network ...

Страница 340: ...de 8 8 AP7131N admin Description Displays the root menu that is the top level CLI menu This command appears in all of the submenus under admin In each case it has the same function to move up to the top level in the directory structure Example admin network lan admin ...

Страница 341: ...s in all of the submenus under admin In each case it has the same function to save the current configuration Syntax Example admin save admin save Saves configuration settings The save command works at all levels of the CLI The save command must be issued before leaving the CLI for updated settings to be retained ...

Страница 342: ...quit Description Exits the command line interface session and terminates the session The quit command appears in all of the submenus under admin In each case it has the same function to exit out of the CLI Once the quit command is executed the login prompt displays again Example admin quit ...

Страница 343: ...oes to the LAN submenu wan Goes to the WAN submenu wireless Goes to the Wireless Configuration submenu firewall Goes to the Firewall submenu router Goes to the Router submenu ipfilter Goes to the IP Filter submenu Goes to the parent menu Goes to the root menu save Saves the current configuration to the system flash quit Quits the CLI and exits the current session ...

Страница 344: ...e applet GUI see Configuring the LAN Interface on page 5 1 show Shows current access point LAN parameters set Sets LAN parameters bridge Goes to the mesh configuration submenu wlan mapping Goes to the WLAN Lan Vlan Mapping submenu dhcp Goes to the LAN DHCP submenu type filter Goes to the Ethernet Type Filter submenu ipfpolicy Goes to the LAN IP Filter Policy submenu Goes to the parent menu Goes to...

Страница 345: ...M Duplex full LAN1 Information LAN Name LAN1 LAN Interface enable 802 11q Trunking disable LAN IP mode DHCP client IP Address 192 168 0 1 Network Mask 255 255 255 255 Default Gateway 192 168 0 1 Domain Name Primary DNS Server 192 168 0 1 Secondary DNS Server 192 168 0 2 WINS Server 192 168 0 254 Native VLAN Tag Mode untagged LAN2 Information LAN Name LAN2 LAN Interface disable 802 11q Trunking dis...

Страница 346: ...ress 192 168 1 1 Network Mask 255 255 255 255 Default Gateway 192 168 1 1 Domain Name Primary DNS Server 192 168 0 2 Secondary DNS Server 192 168 0 3 WINS Server 192 168 0 255 admin network lan For information on displaying LAN information using the applet GUI see Configuring the LAN Interface on page 5 1 ...

Страница 347: ...seconds Sets the interval in seconds the access point uses to terminate its LAN interface if no activity is detected for the specified interval trunking mode Enables or disables 802 11q Trunking over the access point LAN port native vlan tag mode Specifies 802 1q native vlan tag mode as tagged untagged auto negotiation mode Enables or disables auto negotiation for the access point LAN port speed m...

Страница 348: ...Information LAN Name LAN1 LAN Interface enable 802 1q Trunking disable Native VLAN Tag Mode untagged LAN IP mode Static IP IP Address 172 16 10 22 Network Mask 255 255 255 0 Default Gateway 192 168 0 1 Domain Name Primary DNS Server 192 168 0 1 Secondary DNS Server 192 168 0 1 WINS Server 192 168 0 254 admin network lan Related Commands For information on configuring the LAN using the applet GUI s...

Страница 349: ...int s mesh networking options using the applet GUI see Configuring Mesh Networking on page 9 1 show Displays the mesh configuration parameters for the access point s LANs set Sets the mesh configuration parameters for the access point s LANs Moves to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI and exits the session ...

Страница 350: ...iority 65500 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 LAN2 Bridge Configuration Bridge Priority 65500 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview of the access point s mesh networking options using the applet GUI see Configuring Mesh Networking on pag...

Страница 351: ...seconds 300 LAN2 Mesh Configuration Bridge Priority 63335 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview of the access point s mesh networking options using the applet GUI see Configuring Mesh Networking on page 9 1 set priority LAN idx seconds Sets bridge priority time in seconds 0 65535 for specified LAN hello LAN idx ...

Страница 352: ...guring VLAN Support on page 5 5 show Displays the VLAN list currently defined for the access point set Sets the access point VLAN configuration create Creates a new access point VLAN edit Edits the properties of an existing access point VLAN delete Deletes a VLAN lan map Maps access point existing WLANs to an enabled LAN vlan map Maps access point existing WLANs to VLANs Moves to the parent menu G...

Страница 353: ... 1 VLAN_1 2 2 VLAN_2 3 3 VLAN_3 4 4 VLAN_4 admin network lan wlan mapping show vlan cfg LAN No Management VLAN Tag Native VLAN Tag 1 1 1 2 1 1 WLAN WLAN1 mapped to VLAN none VLAN Mode static admin network lan wlan mapping show lan wlan WLANs on LAN1 WLAN1 WLAN2 WLAN3 WLANs on LAN2 show name Displays the existing list of VLAN names vlan cfg Shows WLAN VLAN mapping and VLAN configuration lan wlan Di...

Страница 354: ... Warning This will display secure information Do you want to continue n y y WLAN1 WLAN Name WLAN1 ESSID 101 Radio Bands 2 4 and 5 0 GHz VLAN Security Policy Default QoS Policy Default Rate Limiting disabled For information on displaying the VLAN screens using the applet GUI see Configuring VLAN Support on page 5 5 ...

Страница 355: ...ic admin network lan wlan mapping show vlan cfg LAN No Management VLAN Tag Native VLAN Tag 1 10 12 2 1 1 WLAN WLAN1 mapped to VLAN none VLAN Mode static For information on configuring VLANs using the applet GUI see Configuring VLAN Support on page 5 5 set mgmt tag id Defines the Management VLAN tag index 1 or 2 to tag number 1 4095 native tag id Sets the Native VLAN tag index 1 or 2 to tag number ...

Страница 356: ...tes a VLAN for the access point Syntax Example admin network lan wlan mapping admin network lan wlan mapping create 5 vlan 5 For information on creating VLANs using the applet GUI see Configuring VLAN Support on page 5 5 create vlan id id Defines the VLAN ID 1 4095 vlan name name Specifies the name of the VLAN 1 31 characters in length ...

Страница 357: ...tion Modifies a VLAN s name and ID Syntax For information on editing VLANs using the applet GUI see Configuring VLAN Support on page 5 5 edit name name Modifies an exisiting VLAN name 1 31 characters in length id id Modifies an existing VLAN ID 1 4095 characters in length ...

Страница 358: ...7131N admin network lan wlan mapping delete Description Deletes a specific VLAN or all VLANs Syntax For information on deleting VLANs using the applet GUI see Configuring VLAN Support on page 5 5 delete VLANid Deletes a specific VLAN ID 1 16 all Deletes all defined VLAN entries ...

Страница 359: ...Syntax admin network lan wlan mapping lan map wlan1 lan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 5 5 lan map wlanname Maps an existing WLAN to an enabled LAN All names and IDs are case sensitive lanname Defines enabled LAN name All names and IDs are case sensitive ...

Страница 360: ...s point VLAN to a WLAN Syntax admin network lan wlan mapping vlan map wlan1 vlan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 5 5 vlan map wlanname Maps an existing WLAN to an enabled LAN All names and IDs are case sensitive vlanname Defines the existing VLAN name All names and IDs are case sensitive ...

Страница 361: ...available are displayed below show Displays DHCP parameters set Sets DHCP parameters add Adds static DHCP address assignments delete Deletes static DHCP address assignments list Lists static DHCP address assignments Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI and exits the session ...

Страница 362: ...ent Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 LAN2 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the applet GUI see Configuring the LAN Interface on page 5 1 show Displays DHCP parameter settings for the access point These para...

Страница 363: ...DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the applet GUI see Configuring the LAN Interface on page 5 1 set range LAN idx ip1 ip2 Sets the DHCP assignment range from IP address ip1 to IP address ip2 for the specified LAN 1 lan1 2 lan2 lease LAN idx lease Sets the DHCP le...

Страница 364: ...92 160 24 6 admin network lan dhcp add 1 00A0F1112234 192 169 24 7 admin network lan dhcp list 1 Index MAC Address IP Address 1 00A0F8112233 192 160 24 6 2 00A0F8112234 192 169 24 7 For information on adding client MAC and IP address information using the applet GUI see Configuring Advanced DHCP Server Settings on page 5 13 add LAN idx mac ip Adds a reserved static IP address to a MAC address for ...

Страница 365: ... 7 admin network lan dhcp delete 1 index mac address ip address 1 00A0F8102030 10 10 1 2 2 00A0F8112234 10 1 2 3 3 00A0F8112235 192 160 24 6 4 00A0F8112236 192 169 24 7 admin network lan dhcp delete 1 all index mac address ip address For information on deleting client MAC and IP address information using the applet GUI see Configuring Advanced DHCP Server Settings on page 5 13 delete LAN idx entry...

Страница 366: ...MAC Address IP Address 1 00A0F8112233 10 1 2 4 2 00A0F8102030 10 10 1 2 3 00A0F8112234 10 1 2 3 4 00A0F8112235 192 160 24 6 5 00A0F8112236 192 169 24 7 admin network lan dhcp For information on listing client MAC and IP address information using the applet GUI see Configuring Advanced DHCP Server Settings on page 5 13 list LAN idx cr Lists the static DHCP address assignments for the specified LAN ...

Страница 367: ...ubmenu The items available under this command include show Displays the current Ethernet Type exception list set Defines Ethernet Type Filter parameters add Adds an Ethernet Type Filter entry delete Removes an Ethernet Type Filter entry Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 368: ...nt Ethernet Type Filter configuration Syntax Example admin network lan type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 For information on displaying the type filter configuration using the applet see Setting the Type Filter Configuration on page 5 14 show LAN idx Displays the existing Type Filter configuration for the specified LAN ...

Страница 369: ... Syntax Example admin network lan type filter set mode 1 allow For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on page 5 14 set mode LAN idx mode allow or deny Allows or denies the access point from processing a specified Ethernet data type for the specified LAN ...

Страница 370: ...network wireless type filter add 2 0806 admin network wireless type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 2 0806 3 0800 4 8782 For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on page 5 14 add LAN idx type Adds entered Ethernet Type to list of data types either allowed or denied access point pr...

Страница 371: ...e Filter mode allow index ethernet type 1 0806 2 0800 3 8782 admin network lan type filter delete 2 all admin network lan type filter show 2 Ethernet Type Filter mode allow index ethernet type For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on page 5 14 delete LAN idx index Deletes the specified Ethernet Type index entry 1 thro...

Страница 372: ...n and the access point s current PPPoE configuration set Defines the access point s WAN and PPPoE configuration nat Displays the NAT submenu wherein Network Address Translations NAT can be defined vpn Goes to the VPN submenu where the access point VPN tunnel configuration can be set content Goes to the outbound content filtering menu dyndns Displays the Dynamic DNS submenu wherein dyndns settings ...

Страница 373: ...NS Server 0 0 0 0 Auto negotiation enable Speed 100M Duplex full WAN IP 2 disable WAN IP 3 disable WAN IP 4 disable WAN IP 5 disable WAN IP 6 disable WAN IP 7 disable WAN IP 8 disable PPPoE Mode enable PPPoE User Name JohnDoe PPPoE Password PPPoE keepalive mode enable PPPoE Idle Time 600 PPPoE Authentication Type pap chap PPPoE State admin network wan For an overview of the WAN configuration optio...

Страница 374: ...WAN Settings on page 5 16 set wan enable disable Enables or disables the access point WAN port dhcp enable disable Enables or disables WAN DHCP Client mode ipadr idx a b c d Sets up to 8 using indx from 1 to 8 IP addresses a b c d for the access point WAN interface mask a b c d Sets the subnet mask for the access point WAN interface dgw a b c d Sets the default gateway IP address to a b c d dns id...

Страница 375: ...on options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 22 show Displays the access point s current NAT parameters for the specified index set Defines the access point NAT settings add Adds NAT entries delete Deletes NAT entries list Lists NAT entries Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit...

Страница 376: ... 2 NAT Type 1 to many Inbound Mappings Port Forwarding unspecified port forwarding mode enable unspecified port fwd ip address 111 223 222 1 one to many nat mapping LAN No WAN IP 1 157 235 91 2 2 157 235 91 2 admin network wan nat For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 22 show idx cr Displays access point...

Страница 377: ... mapping LAN No WAN IP 1 157 235 91 2 2 10 1 1 1 For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 22 set type index type Sets the type of NAT translation for WAN address index idx 1 8 to type none 1 to 1 or 1 to many ip index ip Sets NAT IP mapping associated with WAN address idx to the specified IP address ip inb ...

Страница 378: ...e applet GUI see Configuring Network Address Translation NAT Settings on page 5 22 add idx name tran port1 port2 ip dst_port Sets an inbound network address translation NAT for WAN address idx where name is the name of the entry 1 to 7 characters tran is the transport protocol one of tcp udp icmp ah esp gre or all port1 is the starting port number in a port range port2 is the ending port number in...

Страница 379: ...etwork wan nat list 1 index name Transport start port end port internal ip translation Related Commands For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 22 delete idx entry Deletes a specified NAT index entry entry associated with the WAN idx all Deletes all NAT entries associated with the WAN add Adds entries to t...

Страница 380: ...ex name Transport start port end port internal ip translation 1 special tcp 20 21 192 168 42 16 21 Related Commands For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 22 list idx Lists the inbound NAT entries associated with the WAN index 1 8 delete Deletes inbound NAT entries from the list add Adds entries to the li...

Страница 381: ...et GUI see Configuring VPN Tunnels on page 6 22 add Adds VPN tunnel entries set Sets key exchange parameters delete Deletes VPN tunnel entries list Lists VPN tunnel entries reset Resets all VPN tunnels stats Lists security association status for the VPN tunnels ikestate Displays an Internet Key Exchange IKE summary Goes to the parent menu Goes to the root menu save Saves the configuration to syste...

Страница 382: ... tunnel type is Manual proper SPI values and Keys must be configured after adding the tunnel admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 6 22 add name idx LWANIP RSubnetIP RSubnetMask RGatewayIP Creates a tunnel name 1 to 13 characters to gain access through local WAN IP LWanIP from the remote subnet with address RSubnetIP and s...

Страница 383: ... esp enckey name dir enckey Sets the Manual Encryption Key in ASCII for tunnel name and direction IN or OUT to the key enc key The size of the key depends on the encryption algorithm 32 hex characters for AES128 48 hex characters for AES192 64 hex characters for AES256 esp authalgo name authalgo Sets the ESP authentication algorithm Option is r SHA1 esp authkey name dir authkey Sets ESP Authentica...

Страница 384: ...ion for name to idtype This value is not required when the ID type is set to IP remiddata name idtype Sets the Local ID data for IKE authentication for name to idtype This value is not required when the ID type is set to IP authtype name authtype Sets the IKE Authentication type for name to authtype PSK authalgo name authalgo Sets the IKE Authentication Algorithm for name to SHA1 phrase name phras...

Страница 385: ...92 168 24 198 SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn delete Eng2EngAnnex admin network wan vpn list Tunnel Name Type Remote IP Mask Remote Gateway Local WAN IP SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 6 22 delete all Delet...

Страница 386: ... 2 209 235 12 55 admin network wan vpn list SJSharkey Detail listing of VPN entry Name SJSharkey Local Subnet 1 Tunnel Type Manual Remote IP 206 107 22 45 Remote IP Mask 255 255 255 224 Remote Security Gateway 206 107 22 2 Local Security Gateway 209 239 160 55 AH Algorithm None Encryption Type ESP Encryption Algorithm AES ESP Inbound SPI 0x00000100 ESP Outbound SPI 0x00000100 For information on di...

Страница 387: ...tion Resets all of the access point s VPN tunnels Syntax Example admin network wan vpn reset VPN tunnels reset admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 6 22 reset Resets all VPN tunnel states ...

Страница 388: ...sts statistics for all active tunnels Syntax Example admin network wan vpn stats Tunnel Name Status SPI OUT IN Life Time Bytes Tx Rx Eng2EngAnnex Not Active SJSharkey Not Active For information on displaying VPN information using the applet GUI see Viewing VPN Status on page 6 36 stats Display statistics for all VPN tunnels ...

Страница 389: ...emaining Life Eng2EngAnnex Not Connected SJSharkey Not Connected admin network wan vpn For information on configuring IKE using the applet GUI see Configuring IKE Key Settings on page 6 34 ikestate Displays status about Internet Key Exchange IKE for all tunnels In particular the table indicates whether IKE is connected for any of the tunnels it provides the destination IP address and the remaining...

Страница 390: ...bound Content Filtering menu The items available under this command include addcmd Adds control commands to block outbound traffic delcmd Deletes control commands to block outbound traffic list Lists application control commands Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 391: ...and activex Adds activex files file Adds Web URL extensions 10 files maximum The filename should be 1 15 characters smtp Adds SMTP commands to block outbound traffic helo helo command mail mail command rcpt rcpt command data data command quit quit command send send command saml saml command reset reset command vrfy vrfy command expn expn command ftp Adds FTP commands to block outbound traffic put ...

Страница 392: ...tbound traffic proxy Deletes a Web proxy command activex Deletes activex files file Deletes Web URL extensions 10 files maximum smtp Deletes SMTP commands to block outbound traffic helo helo command mail mail command rcpt rcpt command data data command quit quit command send send command saml saml command reset reset command vrfy vrfy command expn expn command ftp Deletes FTP commands that block o...

Страница 393: ...st smtp SMTP Commands HELO deny MAIL allow RCPT allow DATA deny QUIT allow SEND allow SAML allow RESET allow VRFY allow EXPN allow admin network wan content list ftp FTP Commands Storing Files deny Retreiving Files allow Directory Files allow Create Directory allow Change Directory allow Passive Operation allow list web Lists WEB application control record smtp Lists SMTP application control recor...

Страница 394: ...ubmenu The items available under this command include For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 25 set Sets Dynamic DNS parameters update Sets key exchange parameters show Shows the Dynamic DNS configuration Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 395: ...ns set host greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 25 set mode enable disable Enables or disbales the Dynamic DNS service for the access point username name Enter a 1 32 character username for the account used for the access point password password Enter a 1 32 character password for the account used for the access...

Страница 396: ...s point s current WAN IP address with the DynDNS service Syntax Example admin network wan dyndns update IP Address 157 235 91 231 Hostname greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 25 update Updates the access point s current WAN IP address with the DynDNS service ...

Страница 397: ...secure information Do you want to continue n y y DynDNS Configuration Mode enable Username percival Password Hostname greengiant DynDNS Update Response IP Address 157 235 91 231 Hostname greengiant Status OK For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 25 show Shows the access point s current Dynamic DNS configuration ...

Страница 398: ... ACL submenu to restrict or allow MU access to access point WLANs radio Displays the radio configuration submenu used to specify how the 802 11a n or 802 11b g radio is used with specific WLANs qos Displays the Quality of Service QoS submenu to prioritize specific kinds of data traffic within a WLAN rate limiting Displays the Rate Limiting submenu rogue ap Displays the Rogue AP submenu to configur...

Страница 399: ...cessary to undo any changes made Undo Changes reverts the settings displayed on the screen to the last saved configuration on page 5 26 show Displays the access point s current WLAN configuration create Defines the parameters of a new WLAN edit Modifies the properties of an existing WLAN delete Deletes an existing WLAN hotspot Displays the WLAN hotspot menu ipfpolicy Goes to the WLAN IP Filter Pol...

Страница 400: ... 5 0 GHz Radio available 802 11n 2 4 GHz Radio not available Client Bridge Mesh Backhaul available Hotspot not available Maximum MUs 127 MU Idle Timeout 30 Security Policy Default MU Access Control Default disallow MU to MU Communication disable Use Secure Beacon disable answer Broadcast ESSID enable QoS Policy Default per mu rate limiting disabled per mu rate limit wired to wl 1000 kb per mu rate...

Страница 401: ...Enables or disables the Client Bridge Mesh Backhaul option hotspot mode Enables or disables the Hotspot mode max mu number Defines the maximum number of MU able to operate within the WLAN default 127 MUs idle timeout minutes Sets the interval the access point uses to timeout idle MUs from WLAN inclusion Set between 1 65535 minutes Default is 30 minutes security name Sets the security policy to the...

Страница 402: ...t Lobby WPA Countermeasure enable admin network wireless wlan create show acl ACL Policy Name Associated WLANs 1 Default Front Lobby 2 Admin 3rd Floor 3 Demo Room 5th Floor admin network wireless wlan create show qos QOS Policy Name Associated WLANs 1 Default Front Lobby 2 Voice Audio Dept 3 Video Video Dept The CLI treats the following as invalid characters thus they should not be used in the cre...

Страница 403: ... edit Description Edits the properties of an existing WLAN policy Syntax For information on editing a WLAN using the applet GUI see Creating Editing Individual WLANs on page 5 29 edit index Edits the properties of an existing and specified WLAN policy 1 16 ...

Страница 404: ...n Deletes an existing WLAN Syntax Example admin network wireless wlan delete all admin network wireless wlan For information on deleting a WLAN using the applet GUI see Creating Editing Individual WLANs on page 5 29 delete wlan name Deletes a target WLAN using the name supplied all Deletes all WLANs defined except default WLAN ...

Страница 405: ... the Hotspot options available to the using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 show Show hotspot parameters redirection Goes to the hotspot redirection menu radius Goes to the hotspot Radius menu white list Goes to the hotspot white list menu save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 406: ...L External Fail URL Primary Server Ip adr 157 235 21 21 Primary Server Port 1812 Primary Server Secret Secondary Server Ip adr 157 235 32 12 Secondary Server Port 1812 Secondary Server Secret Accounting Mode disable Accounting Server Ip adr 0 0 0 0 Accounting Server Port 1813 Accounting Server Secret Accoutning Timeout 10 Accoutning Retry count 3 Session Timeout Mode enable Session Timeout 15 Whit...

Страница 407: ...figuring the hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 redirection set page loc Sets the hotspot http re direction by index 1 16 for the specified URL exturl Shows hotspot http redirection details for specifiec index 1 16 for specified page login welcome fail and target URL show Shows hotspot http redirection details save S...

Страница 408: ...dius menu Syntax For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 set Sets the Radius hotspot configuration show Shows Radius hotspot server details save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 409: ... Hotspot options available to the access ointusing the applet GUI see Configuring WLAN Hotspot Support on page 5 45 set server idx srvr_type ipadr Sets the Radius hotpost server IP address per wlan index 1 16 secret idx srvr_type secret Sets the Radius hotspot server shared secret password acct mode idx mode Sets the Radius hotspot server accounting mode enable disable acct server idx ipadr Sets t...

Страница 410: ... 157 235 12 12 Primary Server Port 1812 Primary Server Secret Secondary Server Ip adr 0 0 0 0 Secondary Server Port 1812 Accounting Mode enable Accounting Server Ip adr 157 235 15 16 Accounting Server Port 1813 Accounting Server Secret Accounting Timeout 10 Accounting Retry count 3 Session Timeout Mode enable admin network wireless wlan hotspot radius For information on configuring the Hotspot opt...

Страница 411: ...IP Address 1 157 235 21 21 For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 white list add rule Adds hotspot whitelist rules by index 1 16 for specified IP address clear Clears hotspot whitelist rules for specified index 1 16 show Shows hotspot whitelist rules for specified index 1 16 save Saves ...

Страница 412: ...de For information on the security configuration options available to the access point using the applet GUI see Configuring Security Options on page 6 2 show Displays the access point s current security configuration create Creates a security policy edit Edits the properties of an existing security policy delete Removes a specific security policy Goes to the parent menu Goes to the root menu save ...

Страница 413: ...icy 1 Warning This will display secure information Do you want to continue n y y Policy Name Default Authentication type 802 1x EAP Server Settings primary radius server 0 0 0 0 secondary radius server 0 0 0 0 primary radius server port 1812 secondary radius server port 1812 primary radius shared secret secondary radius shared secret Reauthentication eap reauth mode disable Radius Accounting accou...

Страница 414: ...cryption type WPA2 CCMP 802 11i ccmp broadcast key rotate mode disable 802 11i ccmp preauthentication disable WPA2 PTK timeout 2 admin network wireless security Related Commands For information displaying existing WLAN security settings using the applet GUI see Enabling Authentication and Encryption Schemes on page 6 4 create Defines security parameters for the specified WLAN ...

Страница 415: ...1 primary or 2 secondary The default password is now motorola instead of symbol Be cognizant of this when importing a configuration from the 1 1 baseline as this shared secret will have to be changed to motorola after the import to avoid MU authentication failures This change can only be made using the access point CLI reauth mode mode Enables or disables EAP reauthentication period time Sets the ...

Страница 416: ... retry count Sets the EAP maximum number of MU retries to count 1 10 svr timeout time Sets the server timeout time in seconds 1 255 svr retry count Sets the maximum number of server retries to count 1 255 enc idx type Sets the encryption type to type for the WLAN idx ccmp rotate mode mode Enables or disabled the broadcast key interval time Sets the broadcast key rotation interval to time in second...

Страница 417: ...r information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 6 2 Disregards the policy creation and exits the CLI session ...

Страница 418: ...to continue n y y admin network wireless security edit 1 admin network wireless security edit For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 6 2 set index Edits security policy parameters The values subject to modification are the same ones created using the AP7131N admin network w...

Страница 419: ...te that all WLANs will be assigned the default security policy admin network wireless security For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 6 2 delete sec name Removes the specified security policy from the list of supported policies all Removes all security policies except the d...

Страница 420: ...Mobile Unit Access Control List ACL submenu The items available under this command include show Displays the access point s current ACL configuration create Creates an MU ACL policy edit Edits the properties of an existing MU ACL policy delete Removes an MU ACL policy Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 421: ...dmin Administration 3 Demo Room Customers admin network wireless acl show policy 1 Policy Name Default Policy Mode allow index start mac end mac 1 00A0F8348787 00A0F8348798 For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 35 show summary Displays the list of existing MU ACL policies policy ind...

Страница 422: ...k wireless acl create add policy For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 35 create show acl name Displays the parameters of a new ACL policy set acl name index Sets the MU ACL policy name mode acl mode Sets the ACL mode for the defined index 1 16 Allowed MUs can access the access poin...

Страница 423: ...sing the applet GUI see Configuring a WLAN Access Control List ACL on page 5 35 show Displays MU ACL policy and its parameters set Modifies the properties of an existing MU ACL policy add addr Adds an MU ACL table entry delete Deletes an MU ACL table entry including starting and ending MAC address ranges change Completes the changes made and exits the session Cancels the changes made and exits the...

Страница 424: ...less acl delete Description Removes an MU ACL policy Syntax For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 35 delete idx Deletes a partilcular MU ACL policy index all Deletes all MU ACL policies ...

Страница 425: ...u The items available under this command include show Summarizes access point radio parameters at a high level set Defines the access point radio configuration radio1 Displays the 2 4 GHz radio submenu radio2 Displays the 5 0 GHz radio submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 426: ...ble Max Wireless AP Clients 6 Client Bridge Mode disable Roaming Client Bridge Mode disable Client Bridge WLAN WLAN1 Mesh Connection Timeout enable Radio 2 Name Radio 2 Radio Mode enable Radio Function WIPS RF Band of Operation 802 11n 5 GHz Roaming Client Bridge Mode disabled Wireless Mesh Configuration Base Bridge Mode enable Max Wireless AP Clients 5 Client Bridge Mode disable Roaming Client Br...

Страница 427: ...ground 24 25 26 27 28 29 30 31 3 best effort 32 33 34 35 36 37 38 39 4 video 40 41 42 43 44 45 46 47 5 video 48 49 50 51 52 53 54 55 6 voice 56 57 58 59 60 61 62 63 7 voice admin network wireless radio For information on configuring the Radio Configuration options available to the access point using the applet GUI see Setting the WLAN s Radio Configuration on page 5 51 ...

Страница 428: ... not apply to single radio access points mesh base mode idx Enables or disables base bridge mode based on radio index mesh max clients Sets the maximum number of wireless bridge clients mesh client mode Enables or Disables client bridge mode mesh roaming client mode Enables or disables the mesh roaming client mode For information on the Mesh Roaming Client feature see Mesh Roaming Client on page 1...

Страница 429: ...ork wireless radio set mesh roaming client 1 enable admin network wireless radio set mesh wlan wlan1 admin network wireless radio set dot11 auth shared key allowed Two Radio SKU For information on the options available to the access point see Setting the WLAN s Radio Configuration on page 5 51 set radio config value 1 7 1 Radio 1 WLAN Radio 2 WIPS 2 Radio 1 WIPS Radio 2 WLAN 3 Radio 1 WLAN Radio 2...

Страница 430: ...n configuring Radio 1 Configuration options available to the access point using the applet GUI see Setting the WLAN s Radio Configuration on page 5 51 show Displays 802 11n 2 4 GHz radio settings set Defines specific 802 11n 2 4 GHz radio parameters advanced Displays the Adavanced radio settings submenu mesh Goes to the Wireless AP Connections submenu Goes to the parent menu Goes to the root menu ...

Страница 431: ...HT Channel Setting user selection Power Level 5 dbm 4 mW 802 11 rate compatibility mode B G and N Beacon Interval 100 K usec DTIM Interval 10 beacon intvls short preamble disable RTS Threshold 2341 bytes QBSS Channel Util Beacon Intervl 10 beacon intvls QBSS Load Element Mode enable Single Anetenna disable show radio Displays specific 802 11n 2 4 GHz radio settings rates Displays specific 802 11n ...

Страница 432: ...21 5 Mbps 7 Supported 65 0 Mbps 135 0 Mbps 8 Supported 13 0 Mbps 27 0 Mbps 9 Supported 26 0 Mbps 54 0 Mbps 10 Supported 39 0 Mbps 81 0 Mbps 11 Supported 52 0 Mbps 108 0 Mbps 12 Supported 78 0 Mbps 162 0 Mbps 13 Supported 104 0 Mbps 216 0 Mbps 14 Supported 117 0 Mbps 243 0 Mbps 15 Supported 130 0 Mbps 270 0 Mbps admin network wireless radio 802 11n 2 4 GHz admin network wireless radio 802 11n 2 4 G...

Страница 433: ...e 3 7 1 47 1 504 For information on configuring the Radio 1 configuration options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 35 CAUTION If you do NOT include the index number for example set dtim 50 the DTIMs for all four BSSIDs will be changed to 50 To change individual DTIMs for BSSIDs specify the BSS Index number for example set d...

Страница 434: ... 2 4 GHz set qbss beacon 110 admin network wireless radio 802 11n 2 4 GHz set qbss mode enable For information on configuring the Radio 1 Configuration options available to the access point using the applet GUI see Configuring the 802 11a n or 802 11b g n Radio on page 5 56 set placement Defines the access point radio placement as indoors or outdoors ch mode Determines how the radio channel is sel...

Страница 435: ... for the 802 11n 2 4 GHz radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11n 2 4 GHz radio set Defines advanced parameters for the 802 11n 2 4 GHz radio Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 436: ...uration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11n 2 4 GHz advanced show wlan Warning This will display secure information Do you want to continue n y y WLAN 1 WLAN name WLAN1 ESS ID 101 Radio Band s 2 4 and 5 0 GHz VLAN none Security Policy Default QoS Policy Default Rate Limiting disabled For information on configuring Radio 1 Configuration options availa...

Страница 437: ...advanced set wlan demoroom 1 admin network wireless radio 802 11n 2 4 GHz advanced set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the access point using the applet GUI see Configuring the 802 11a n or 802 11b g n Radio on page 5 56 set wlan wlan name bssid Defines advanced WLAN to BSSID mapping for the target radio bss bss id wlan name Sets the BSSID t...

Страница 438: ... GHz radio The items available under this command include Syntax show Displays mesh settings and status for the 802 11n 2 4 GHz radio set Defines mesh parameters for the 802 11n 2 4 GHz radio add Adds a 802 11n 2 4 GHz radio mesh connection delete Deletes a 802 11n 2 4 GHz radio mesh connection Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits th...

Страница 439: ...tax Example admin network wireless radio 802 11n 2 4 GHz mesh show config Mesh Connection Auto Select enable admin network wireless radio 802 11n 2 4 GHz mesh show status idx AP MAC Address Channel Signal dBm admin network wireless radio 802 11n 2 4 GHz mesh show config Displays the connection list configuration status Shows the available mesh connection status ...

Страница 440: ...Hz mesh set Description Defines mesh parameters for the 802 11n 2 4 GHz radio Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh set auto select enable admin network wireless radio 802 11n 2 4 GHz mesh show config Mesh Connection Auto Select enable set auto select Enables or disables auto select mesh connections ...

Страница 441: ...io 802 11n 2 4 GHz mesh add Description Adds a 802 11n 2 4 GHz radio mesh connection Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh add 2 AA21DCDD12DE add priority Defines the connection priority 1 16 mac Sets the access point MAC address ...

Страница 442: ...radio 802 11n 2 4 GHz mesh delete Description Deletes a 802 11n 2 4 GHz radio mesh connection by specified index or by removing all entries Syntax Example admin network wireless radio 802 11n 2 4 GHz mesh delete 2 delete idx Deletes a mesh connection by specified index 1 16 all Removes all mesh connections ...

Страница 443: ...available under this command include Syntax show Displays 802 11n 5 0 GHz radio settings set Defines specific 802 11n 5 0 GHz radio parameters advanced Displays the Advanced radio settings submenu mesh Goes to the Mesh Connections submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 444: ... GHz HT Protection Mode Pure HT Channel Setting uniform spreading Power Level 20 dbm 100 mW 802 11 rate compatibility mode A and N Beacon Interval 100 K usec DTIM Interval 10 beacon intvls RTS Threshold 2341 bytes QBSS Channel Util Beacon Intervl 10 beacon intvls QBSS Load Element Mode enable Single Antenna disable show radio Displays specific 802 11n 5 0 GHz radio settings rates Displays specific...

Страница 445: ...5 0 Mbps 8 Supported 13 0 Mbps 27 0 Mbps 9 Supported 26 0 Mbps 54 0 Mbps 10 Supported 39 0 Mbps 81 0 Mbps 11 Supported 52 0 Mbps 108 0 Mbps 12 Supported 78 0 Mbps 162 0 Mbps 13 Supported 104 0 Mbps 216 0 Mbps 14 Supported 117 0 Mbps 243 0 Mbps 15 Supported 130 0 Mbps 270 0 Mbps admin network wireless radio 802 11n 5 0 GHz admin network wireless radio 802 11n 5 0 GHz show aggr Radio Aggregation Set...

Страница 446: ... Set 11n default Access Category CWMin CWMax AIFSN TXOPs 32 usec TXOPs ms Background 15 1023 7 0 0 000 Best Effort 15 63 3 31 0 992 Video 7 15 1 94 3 008 Voice 3 7 1 47 1 504 For information on configuring the Radio 2 Configuration options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 35 ...

Страница 447: ...ormation on configuring the Radio 2 Configuration options available to the access point using the applet GUI see Configuring the 802 11a n or 802 11b g n Radio on page 5 56 set placement Defines the access point radio placement as indoors or outdoors ch mode Determines how the radio channel is selected channel Defines the actual channel used by the radio Channel allowed depends on actual country o...

Страница 448: ...isplays the advanced submenu for the 802 11n 5 0 GHz radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11n 5 0 GHz radio set Defines advanced parameters for the 802 11n 5 0 GHz radio Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 449: ...mary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11n 5 0 GHz advanced show wlan Warning This will display secure information Do you want to continue n y y WLAN 1 WLAN name WLAN1 ESS ID 101 Radio 2 4 and 5 0 GHz VLAN none Security Policy Default QoS Policy Default Rate Limiting disable For information on configuring the Radio 2 Configuration options available to the access point usi...

Страница 450: ... radio 802 11n 5 0 GHz advanced set wlan demoroom 1 admin network wireless radio 802 11n 5 0 GHz advanced set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access point using the applet GUI see Configuring the 802 11a n or 802 11b g n Radio on page 5 56 set wlan wlan name bssid Defines advanced WLAN to BSSID mapping for the target 5 0 GHz radio bss bs...

Страница 451: ...ble under this command include Syntax show Displays mesh settings and status for the 802 11n 5 0 GHz radio set Defines mesh parameters for the 802 11n 5 0 GHz radio add Adds a 802 11n 5 0 GHz radio mesh connection delete Deletes a 802 11n 5 0 GHz radio mesh connection Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 452: ...he 802 11n 5 0 GHz radio Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh show config Mesh Connection Auto Select enable admin network wireless radio 802 11n 5 0 GHz mesh show status idx AP MAC Address Channel Signal dBm admin network wireless radio 802 11n 5 0 GHz mesh show config Displays the connection list configuration status Shows the available mesh connection status ...

Страница 453: ...nes mesh parameters for the 802 11n 5 0 GHz radio Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh set auto select enable admin network wireless radio 802 11n 5 0 GHz mesh show config Mesh Connection Auto Select enable set auto select Enables or disables auto select mesh connections ...

Страница 454: ... admin network wireless radio 802 11n 5 0 GHz mesh add Description Adds a 802 11n 5 0 GHz radio mesh connection Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh add 2 AA21DCDD12DE add priority Defines the connection priority 1 16 mac Sets the access point MAC address ...

Страница 455: ...delete Description Deletes a 802 11n 5 0 GHz radio mesh connection by specified index or by removing all entries Syntax Example admin network wireless radio 802 11n 5 0 GHz mesh delete 2 delete idx Deletes a mesh connection by specified index 1 16 all Removes all mesh connections ...

Страница 456: ...ccess point Quality of Service QoS submenu The items available under this command include show Displays access point QoS policy information create Defines the parameters of the QoS policy edit Edits the settings of an existing QoS policy delete Removes an existing QoS policy Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 457: ...wireless qos show policy 1 Policy Name Default Support Voice Prioritization disable Multicast Mask Address 1 01005E000000 Multicast Mask Address 2 09000E000000 WMM QOS Mode disable WMM QOS Parameter Set 11ag default For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page 5 39 show summary Disp...

Страница 458: ... mac index Defines primary and secondary Multicast MAC address Defines multicast address index between 1 2 wmm qos index Enables or disables the QoS policy index specified param set set name Defines the data type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wi...

Страница 459: ...by index for legacy VOIP devices mcast mac Defines primary and secondary Multicast MAC address wmm qos index Enables or disables the QoS policy index specified param set set name Defines the data type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 11g voice...

Страница 460: ...ete Description Removes a QoS policy Syntax For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page 5 39 delete qos name all Deletes the specified QoS polciy index or all of the policies except default policy ...

Страница 461: ...cess point Rate Limiting submenu The items available under this command include show Displays Rate Limiting information for how data is processed by the access point set Defines Rate Limiting parameters for the access point Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 462: ...admin network wireless rate limiting show wlan Warning This will display secure information Do you want to continue n y y WLAN 1 WLAN Name WLAN1 ESSID 101 Radio Band s 2 4 and 5 0 GHz VLAN none Security Policy Default QoS Policy Default Rate Limiting disable For information on configuring the Rate Limiting options available to the access point using the applet GUI see Configuring MU Rate Limiting ...

Страница 463: ... configuration Syntax Example admin network wireless rate limiting set mode enable admin network wireless rate limiting For information on configuring the Rate Limiting options available to the access point using the applet GUI see Configuring MU Rate Limiting on page 5 67 set mode mode Enables or disables Rate Limiting ...

Страница 464: ...and include show Displays the current access point Rogue AP detection configuration set Defines the Rogue AP detection method mu scan Goes to the Rogue AP mu uscan submenu allowed list Goes to the Rogue AP Allowed List submenu active list Goes the Rogue AP Active List submenu rogue list Goes the Rogue AP List submenu Goes to the parent menu Goes to the root menu save Saves the configuration to sys...

Страница 465: ...an disable MU Scan Interval 60 minutes On Channel disable Detector Radio Scan enable Auto Authorize Motorola APs disable Approved APs age out 0 minutes Rogue APs age out 0 minutes For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 42 show Displays the current access point Rogue AP detection configurati...

Страница 466: ...l 10 minutes On Channel disable Detector Radio Scan disable Auto Authorize Motorola APs enable Approved AP age out 10 minutes Rogue AP age out 10 minutes For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 42 set mu scan mode Enables or disables to permit MUs to scan for rogue APs interval minutes Defin...

Страница 467: ... the Rogue AP mu scan submenu Syntax add Add all or just one scan result to Allowed AP list show Displays all APs located by the MU scan start Initiates scan immediately by the MU Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 468: ...an from a user provided MAC address Syntax Example admin network wireless rogue ap mu scan start 00af8000001 admin network wireless rogue ap mu scan For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 42 start mu mac Initiates MU scan from user provided MAC address ...

Страница 469: ...Syntax Example admin network wireless rogue ap mu scan show Scan Result Not Available admin network wireless rogue ap mu scan For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 42 show Displays all APs located by the MU scan ...

Страница 470: ...ist Description Displays the Rogue AP allowed list submenu show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list delete Deletes an entry or all entries from the allowed list Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 471: ...n network wireless rogue ap allowed list show Allowed AP List index ap mac essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 42 show Displays the rogue AP allowed list ...

Страница 472: ...00A0F83161BB 103 admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 fffffffffff 3 00 A0 F8 40 20 01 Marketing 4 00 A0 F8 31 61 BB 103 For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 42 add mac addr ess id Adds an AP MAC address and ESSID to exist...

Страница 473: ...e admin network wireless rogue ap allowed list delete 1 cfg read write failed admin network wireless rogue ap allowed list For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue AP Detection on page 6 42 delete idx 1 50 all Deletes an AP MAC address and ESSID or all addresses from the allowed list ...

Страница 474: ...wireless wips Description Displays the WIPS submenu The items available under this command include show Displays the current WLAN Intrusion Prevention configuration set Sets WLAN Intrusion Prevention parameters Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 475: ...vention configuration Syntax Example admin network wireless wips show Warning This will display secure information Do you want to continue n y y WIPS Server 1 IP Address 192 168 0 21 WIPS Server 2 IP Address 10 1 1 1 admin network wireless wips show Displays the WLAN Intrusion Prevention configuration ...

Страница 476: ...dmin network wireless wips set Description Sets the WLAN Intrusion Prevention configuration Syntax Example admin network wireless wips set server 1 192 168 0 21 admin network wireless wips set idx 1 and 2 ip Defines the WLAN Intrusion Prevention Server IP Address for server IPs 1 and 2 ...

Страница 477: ...ning Description Displays the MU Locationing submenu The items available under this command include show Displays the current MU Locationing configuration set Defines MU Locationing parameters Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 478: ...in network wireless mu locationing show Description Displays the MU probe table configuration Syntax Example admin network wireless mu locationing show MU Probe Table Mode disable MU Probe Table Size 200 admin network wireless mu locationing show Displays the MU probe table configuration ...

Страница 479: ...tax Example admin network wireless mu locationing set admin network wireless mu locationing set mode enable admin network wireless mu locationing set size 200 admin network wireless mu locationing set Defines the MU probe table configuration mode Enables disables a mu probe scan size Defines the number of MUs in the table the maximum allowed is 200 ...

Страница 480: ...vailable under this command include show Displays the access point s current firewall configuration set Defines the access point s firewall parameters access Enables disables firewall permissions through the LAN and WAN ports advanced Displays interoperaility rules between the LAN and WAN ports Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits th...

Страница 481: ...e syn flood attack filter enable unaligned ip timestamp filter enable source routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 bytes max mime headers 16 headers For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Set...

Страница 482: ...e routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 bytes max mime headers 16 headers set nat timeout interval Defines the NAT timeout value syn mode Enables or disables SYN flood attack check src mode Enables or disables source routing check win mode Enables or disables Winnuke attack check...

Страница 483: ...321 tcp 2048 2048 5 lan wan abc ah 100 1000 For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Settings on page 6 13 show Displays LAN to WAN access rules set Sets LAN to WAN access rules add Adds LAN to WAN exception rules delete Deletes LAN to WAN access exception rules list Displays LAN to WAN access exception rules fo...

Страница 484: ...rewall adv lan access outb list Idx RuleId Src IP Netmask Dst IP Netmask Tp Src Ports Dst Ports NAT Action 1 10 111 110 0 15 157 235 205 30 all 1 65535 1 65535 none null 255 255 255 0 255 255 255 0 For information on configuring the Firewall options available to the access point using the applet GUI see Configuring Firewall Settings on page 6 13 show Shows advanced subnet access parameters set Set...

Страница 485: ...s available under this command are show Displays the existing access point router configuration set Sets the RIP parameters add Adds user defined routes delete Deletes user defined routes list Lists user defined routes Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 486: ...0 255 255 255 0 0 0 0 0 wan 0 5 157 235 19 5 255 255 255 0 192 168 24 1 wan 1 Default gateway Interface wan admin network router show rip Warning This will display secure information Do you want to continue n y y rip type off rip direction both rip authentication type none rip simple auth password rip md5 id 1 1 rip md5 key 1 rip md5 id 2 2 rip md5 key 2 admin network router For information on con...

Страница 487: ...ngs on page 5 68 set auth Sets the RIP authentication type none simple or MD5 dir Sets RIP direction rx tx or both id Sets MD5 authetication ID 1 256 for specific index 1 2 key Sets MD5 authetication key up to 16 characters for specified inded 1 2 passwd Sets the password up to 16 characters for simple authentication type Defines the RIP type off ripv1 ripv2 or ripv1v2 dgw iface Sets the default g...

Страница 488: ...er list index destination netmask gateway interface metric 1 192 168 3 0 255 255 255 0 192 168 2 1 lan1 1 For information on configuring the Router options available to the access point using the applet GUI see Configuring Router Settings on page 5 68 add dest netmask gw iface metric Adds a route with destination IP address dest IP netmask netmask destination gateway IP address gw interface LAN1 L...

Страница 489: ...0 0 255 255 255 0 0 0 0 0 lan2 0 admin network router delete 2 admin network router list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 admin network router For information on configuring the Router options available to the access point using the applet GUI see Configuring Router Settings on page 5 68 delete ...

Страница 490: ...er list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 192 168 0 1 lan1 1 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 For information on configuring the Router options available to the access point using the applet GUI see Configuring Router Settings on page 5 68 list Displays a list of user defined routes ...

Страница 491: ... Adaptive AP Settings submenu access Goes to the access point access submenu where access point access methods can be enabled cmgr Goes the Certificate Manager submenu snmp Goes to the SNMP submenu userdb Goes to the user database submenu radius Goes to the Radius submenu ntp Goes to the Network Time Protocol submenu logs Displays the log file submenu config Goes to the configuration file update s...

Страница 492: ...ase be sure to save changes before resetting Are you sure you want to restart the AP 7131N yes no AP 7131N Boot Firmware Version 4 0 0 0 002GDN Copyright c Motorola 2009 All rights reserved Press escape key to run boot firmware Power On Self Test testing ram pass testing nor flash pass testing nand flash pass testing ethernet pass For information on restarting the access point using the applet GUI...

Страница 493: ...location Atlanta Field Office admin email address johndoe mycompany com system uptime 0 days 4 hours 41 minutes AP 7131N firmware version 4 0 2 0 021GDN country code us ap mode independent serial number 05224520500336 model AP 7131N admin system For information on displaying System Settings using the applet GUI see Configuring System Settings on page 4 2 show Displays access point system informati...

Страница 494: ...9 characters The access point does not allow intermediate space characters between characters within the system name For example AP7131N sales must be changed to AP7131Nsales to be a valid system name loc loc Sets the access point system location to loc 0 to 59 characters email email Sets the access point admin email address to email 0 to 59 characters cc code Sets the access point country code us...

Страница 495: ...1 25 14 61 A8 C 157 235 92 179 ether 00 14 22 F3 D7 39 C 157 235 92 248 ether 00 11 25 B2 09 60 C 157 235 92 180 ether 00 0D 60 D0 06 90 C 157 235 92 3 ether 00 D0 2B A0 D4 FC C 157 235 92 181 ether 00 15 C5 0C 19 27 C 157 235 92 80 ether 00 11 25 B2 0D 06 C 157 235 92 95 ether 00 14 22 F9 12 AD C 157 235 92 161 ether 00 06 5B 97 BD 6D C 157 235 92 126 ether 00 11 25 B2 29 64 C admin system ...

Страница 496: ... information on configuring power settings using the applet GUI see Configuring Power Settings on page 4 6 show Displays the current power setting configuration set Defines the access point s power setting configuration Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits the CLI and exits the current session ...

Страница 497: ...mple admin system power setup show Power Mode 3af Power Status Mid Power 3af Power Option option 3at Power Option default Default Radio Radio2 admin system power setup For information on configuring power settings using the applet GUI see Configuring Power Settings on page 4 6 show Displays the access point s current power configuration ...

Страница 498: ... power setup set power option 3af option admin system power setup set def radio 1 For information on configuring power settings using the applet GUI see Configuring Power Settings on page 4 6 set mode Sets the power mode to either Auto or 3af Changing the power mode restarts the AP for the change to take effect power option Defines the power option def radio Defines the radio receiving access port...

Страница 499: ...P Setup on page 4 11 For an overview of adaptive AP functionality and its implications see Adaptive AP on page 10 1 show Displays Adaptive AP information set Defines the Adaptive AP configuration delete Deletes static switch address assignments Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits the CLI and exits the curren...

Страница 500: ...P Address 4 0 0 0 0 IP Address 5 0 0 0 0 IP Address 6 0 0 0 0 IP Address 7 0 0 0 0 IP Address 8 0 0 0 0 IP Address 9 0 0 0 0 IP Address 10 0 0 0 0 IP Address 11 0 0 0 0 IP Address 12 0 0 0 0 Tunnel to Switch disable AC Keepalive 5 Load Balancing enable Current Switch 157 235 22 11 AP Adoption State AAP not adopted admin system aap setup For information on configuring adaptive AP using the applet G...

Страница 501: ...stem aap setup For information on configuring adaptive AP using the applet GUI see Adaptive AP Setup on page 4 11 For an overview of adaptive AP functionality and its implications see Adaptive AP on page 10 1 set auto discovery Sets the switch auto discovery mode enable disable ipadr Defines the switch IP address used name Defines the switch name for DNS lookups up to 127 characters port Sets the ...

Страница 502: ...ts Syntax Example admin system aap setup delete 1 admin system aap setup For information on configuring Adaptive AP using the applet GUI see Adaptive AP Setup on page 4 11 For an overview of adaptive AP functionality and its implications see Adaptive AP on page 10 1 delete idx Deletes static switch address assignments by selected index all Deletes all assignments ...

Страница 503: ... access submenu show Displays access point system access capabilities set Goes to the access point system access submenu rmlock Removes AP login locks Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits the CLI and exits the current session ...

Страница 504: ...rs from LAN swan Enables disables applet HTTPS access parameters from WAN app timeout minutes Sets the applet timeout Default is 300 Mins ssh Sets the CLI SSH access parameters auth timout seconds Disables the radio interface if no data activity is detected after the interval defined Default is 120 seconds inactive timeout minutes Inactivity interval resulting in the AP terminating its connection ...

Страница 505: ...le enable enable https timeout in mins 3 ssh server authentication timeout in secs 120 ssh server inactivity timeout in secs 500 remote login failure threshold SSH GUI 1 console inactivity timeout in secs 550 admin authentication mode local Login Message This is a User Configured Message Related Commands For information on configuring access point access settings using the applet GUI see Configuri...

Страница 506: ... 8 174 AP7131N admin system access rmlock Description Removes AP login locks The lock can be removed through console management interface local RS 232 port only Syntax Example admin system access rmlock ssh admin system access rmlock Removes login locks of access point ...

Страница 507: ...cate signed by CA listself Lists the self certificate loaded loadca Loads trusted certificate from CA delca Deletes the trusted certificate listca Lists the trusted certificate loaded showreq Displays a certificate request in PEM format delprivkey Deletes the private key listprivkey Lists names of private keys expcert Exports the certificaqte file impcert Imports the certificate file Goes to the p...

Страница 508: ...lIo7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG C1f Bj8AszttSo bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX d6 Q1SMbs tG4RP0lRSr iWDyuvwx END CERTIFICATE REQUEST For information on configuring certificate management settings using the applet GUI see Managing Certificate Authority CA Certificates on page 4 18 genreq IDname Subject ou OrgUnit on OrgName cn City st State p PostCode cc CCode e Email d Domain i IP...

Страница 509: ...iption Deletes a self certificate Syntax Example admin system cmgr delself MyCert2 For information on configuring self certificate settings using the applet GUI see Creating Self Certificates on page 4 20 delself IDname Deletes the self certificate named IDname ...

Страница 510: ...ertificate Authority Syntax Example admin system cmgr loadself 1 Currently Only certificates in PEM format can be uploaded Enter Ctrl C to abort Paste the certificate For information on configuring self certificate settings using the applet GUI see Creating Self Certificates on page 4 20 loadself IDname Load the self certificate signed by the CA with name IDname ...

Страница 511: ...oaded self certificates Syntax Example admin system cmgr listself Self Certificate List admin system cmgr For information on configuring self certificate settings using the applet GUI see Creating Self Certificates on page 4 20 listself Lists all self certificates that are loaded ...

Страница 512: ...cate Authority Syntax Example admin system cmgr loadca Currently Only certificates in PEM format can be uploaded Enter Ctrl C to abort Paste the certificate For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 18 loadca Loads the trusted certificate in PEM format only that is pasted into the command line ...

Страница 513: ...min system cmgr delca Description Deletes a trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 18 delca IDname Deletes the trusted certificate ...

Страница 514: ... Guide 8 182 AP7131N admin system cmgr listca Description Lists the loaded trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 18 listca Lists the loaded trusted certificates ...

Страница 515: ...on Displays a certificate request in PEM format Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 18 showreq IDname Displays a certificate request named IDname generated from the genreq command ...

Страница 516: ...nce Guide 8 184 AP7131N admin system cmgr delprivkey Description Deletes a private key Syntax For information on configuring certificate settings using the applet GUI see Creating Self Certificates on page 4 20 delprivkey IDname Deletes private key named IDname ...

Страница 517: ...rivkey Description Lists the names of private keys Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 18 listprivkey Lists all private keys and displays their certificate associations ...

Страница 518: ...nreq generate a certificate request delself deletes a signed certificate loadself loads a signed certficiate signed by the CA listself lists the loaded signed self certificate loadca loads the root CA certificate delca deletes the root CA certificate listca lists the loaded root CA certificate showreq displays certificate request in PEM format delprivkey deletes the private key listprivkey lists t...

Страница 519: ... request delself deletes a signed certificate loadself loads a signed certficiate signed by the CA listself lists the loaded signed self certificate loadca loads the root CA certificate delca deletes the root CA certificate listca lists the loaded root CA certificate showreq displays certificate request in PEM format delprivkey deletes the private key listprivkey lists the names of the private key...

Страница 520: ...AP7131N admin system snmp Description Displays the SNMP submenu The items available under this command are shown below access Goes to the SNMP access submenu traps Goes to the SNMP traps submenu Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 521: ... the SNMP Access menu The items available under this command are shown below show Shows SNMP v3 engine ID add Adds SNMP access entries delete Deletes SNMP access entries list Lists SNMP access entries Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 522: ...iption Shows the SNMP v3 engine ID Syntax Example admin system snmp access show eid AP 7131N snmp v3 engine id 000001846B8B4567F871AC68 admin system snmp access For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 4 33 show eid Shows the SNMP v3 Engine ID ...

Страница 523: ...sername 1 to 31 characters access read write access ro rw oid string 1 to 127 chars E g 1 3 6 1 sec security auth priv auth algorithm sha1 required only if sec is auth auth priv pass1 auth password 8 to 31 chars required only if sec is auth auth priv priv algorithm aes required only if sec is auth priv pass2 privacy password 8 to 31 chars required only if sec is auth priv The following parameters ...

Страница 524: ...9 236 24 46 admin system snmp access delete acl all admin system snmp access list acl index start ip end ip For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 4 33 delete acl idx Deletes entry idx 1 10 from the access control list all Deletes all entries from the access control list v3 idx Deletes entry idx 1 10 from the v3 user def...

Страница 525: ...ant to continue n y y index 1 username user access permission read write object identifier 1 3 6 1 security level auth priv auth algorithm sha1 auth password privacy algorithm aes privacy password admin system snmp access For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 4 33 list acl Lists SNMP access control list entries v3 idx L...

Страница 526: ...ion Displays the SNMP traps submenu The items available under this command are shown below show Shows SNMP trap parameters set Sets SNMP trap parameters add Adds SNMP trap entries delete Deletes SNMP trap entries list Lists SNMP trap entries Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI ...

Страница 527: ...etwork Traps physical port status change enable denial of service enable denial of service trap rate limit 10 seconds SNMP System Traps system cold start disable system config changed disable rogue ap detection disable ap radar detection disable wpa counter measure disable mu hotspot status disable vlan disable lan monitor disable DynDNS Update enable For information on configuring SNMP traps usin...

Страница 528: ...e trap interval rate Sets denial of service trap interval cold enable disable Enables disables the system cold start trap cfg enable disable Enables disables a configuration changes trap rogue ap enable disable Enables disables a trap when a rogue ap is detected ap radar enable disable Enables disables the AP Radar Detection trap wpa counter enable disable Enables disables the WPA counter measure ...

Страница 529: ...acy password For information on configuring SNMP traps using the applet GUI see Configuring SNMP RF Trap Thresholds on page 4 39 add v3 ip user sec auth pass1 priv pass2 Adds an entry to the SNMP v3 access list with the destination IP address set to ip the destination UDP port is set to port the username set to user 1 to 31 characters and the authentication type set to one of auth or auth priv The...

Страница 530: ...Description Deletes SNMP trap entries Syntax Example admin system snmp traps delete v3 all For information on configuring SNMP traps using the applet GUI see Configuring SNMP Settings on page 4 27 delete v3 idx Deletes entry idx from the v3 access control list all Deletes all entries from the v3 access control list ...

Страница 531: ...nmp traps list v3 all index 1 destination ip 201 232 24 33 destination port 555 username BigBoss security level none auth algorithm sha1 auth password privacy algorithm aes privacy password For information on configuring SNMP traps using the applet GUI see Configuring SNMP RF Trap Thresholds on page 4 39 ist v3 idx Lists SNMP v3 access entry idx 1 10 all Lists all SNMP v3 access entries ...

Страница 532: ...escription Goes to the user database submenu Syntax For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 user Goes to the user submenu group Goes to the group submenu save Saves the configuration to system flash Goes to the parent menu Goes to the root menu ...

Страница 533: ... Group on page 6 67 Wireless Users add Adds a new user delete Deletes a new user clearall Removes all existing user IDs from the system set Sets a password for a user show Displays the current user database configuration Goes to the parent menu Goes to the root menu save Saves the configuration to system flash Management Users mgmt user add Adds a new management user mgmt delete Deletes a manageme...

Страница 534: ...w user to the user database Syntax Example admin system userdb user add george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 add Adds a new user ID id and password pw string 8 19 characters to the user database ...

Страница 535: ...er database Syntax Example admin system userdb user delete george admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 delete Removes a user ID id and password pw string from the user database ...

Страница 536: ...scription Removes all existing user IDs from the system Syntax Example admin system userdb user clearall admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 clearall Removes all existing user IDs from the system ...

Страница 537: ...ax Example admin system userdb user set george password admin system userdb user For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 set user pw Sets user id and password pw string 8 19 characters for a specific user ...

Страница 538: ...06 AP7131N admin system userdb user mgmt add Description Adds a new management user Syntax Example admin system userdb user mgmt add John Motorola123 admin system userdb user mgmt add user pw Creates a user id and password pw string 8 19 characters for a new management user ...

Страница 539: ...7 AP7131N admin system userdb user mgmt delete Description Deletes a management user identity Syntax Example admin system userdb user mgmt delete george admin system userdb user mgmt delete user Deletes a management user ...

Страница 540: ... AP7131N admin system userdb user mgmt clearall Description Removes all the management user accounts except admin account Syntax Example admin system userdb user mgmt clearall admin system userdb user mgmt clearall Removes all the management user accounts except admin account ...

Страница 541: ...r mgmt set Description Sets the password for management user Syntax Example admin system userdb user mgmt set john motorola123 admin system userdb user mgmt set user pw Sets a user id and password pw string 8 19 characters for a specific management user ...

Страница 542: ...s existing user details Syntax Example admin system userdb user show mgmt users Warning This will display secure information Do you want to continue n y y List of User Ids John admin system userdb user show mgmt users Displays existing management users users Displays configured user IDs for a group groups Displays configured groups ...

Страница 543: ...atabase permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 create Creates a group name delete Deletes a group name clearall Removes all existing group names from the system add Adds a user to an existing group remove Removes a user from an existing group show Displays existing groups save Saves the configuration to system flash Goes to the parent menu Moves...

Страница 544: ...p name Once defined users can be added to the group Syntax Example admin system userdb group create 2 admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 create Creates a group name string Once defined users can be added to the group ...

Страница 545: ...tes an existing group Syntax Example admin system userdb group delete 2 admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 delete Deletes an existing group name string ...

Страница 546: ...ption Removes all existing group names from the system Syntax Example admin system userdb group clearall admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 clearall Removes all existing group names from the system ...

Страница 547: ...ting group Syntax Example admin system userdb group add lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 add userid group Adds a user userid to an existing group group ...

Страница 548: ...emoves a user from an existing group Syntax Example admin system userdb group remove lucy group x admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 remove userid group Removes a user userid from an existing group group ...

Страница 549: ...re information Do you want to continue n y y List of Group Names engineering marketing demo room admin system userdb group For information on configuring User Database permissions using the applet GUI see Defining User Access Permissions by Group on page 6 67 show Displays existing groups and users users Displays configured user IDs for a group groups Displays configured groups ...

Страница 550: ...ing Radius using the applet GUI see Configuring User Authentication on page 6 52 eap Goes to the EAP submenu policy Goes to the access policy submenu ldap Goes to the LDAP submenu proxy Goes to the proxy submenu client Goes to the client submenu set Sets Radius parameters show Displays Radius parameters save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to...

Страница 551: ...base Syntax Example admin system radius set database local admin system radius show all Database local admin system radius For information on configuring Radius using the applet GUI see Configuring User Authentication on page 6 52 set Sets the Radius user database show all Displays the Radius user database ...

Страница 552: ... on configuring EAP Radius using the applet GUI see Configuring User Authentication on page 6 52 peap Goes to the Peap submenu ttls Goes to the TTLS submenu import Imports the requested EAP certificates set Defines EAP parameters show Displays the EAP configuration save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 553: ... Syntax For information on configuring PEAP Radius using the applet GUI see Configuring User Authentication on page 6 52 set Defines Peap parameters show Displays the Peap configuration save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 554: ...and displays Peap parameters Syntax Example admin system radius eap peap set auth gtc admin system radius eap peap show PEAP Auth Type gtc For information on configuring EAP PEAP Radius values using the applet GUI see Configuring User Authentication on page 6 52 set Sets the Peap authentication type show Displays the Peap authentication type ...

Страница 555: ...x For information on configuring EAP TTLS Radius values using the applet GUI see Configuring User Authentication on page 6 52 set Defines TTLS parameters show Displays the TTLS configuration save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 556: ...displays TTLS parameters Syntax Example admin system radius eap ttls set auth pap admin system radius eap ttls show TTLS Auth Type pap For information on configuring EAP TTLS Radius values using the applet GUI see Configuring User Authentication on page 6 52 set Sets the default TTLS authentication type show Displays the TTLS authentication type ...

Страница 557: ...nfiguring Radius access policies using the applet GUI see Configuring User Authentication on page 6 52 set Sets a group s WLAN access policy access time Goes to the time based login submenu show Displays the group s access policy save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 558: ...LAN access policy Syntax Example admin system radius policy set engineering 16 admin system radius policy For information on configuring Radius WLAN policy values using the applet GUI see Configuring User Authentication on page 6 52 set group name wlan name Defines the group s group name WLAN access policy defined as a string delimited by a space ...

Страница 559: ...ime permissions Access time is in Day DDDD DDDD format show Displays the group s access time rule save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu Context Command Description system radius policy access time set start time group value group Valid group name value 4 digit value representing HHMM 0000 2359 allowed system radius policy acce...

Страница 560: ...min system radius policy show Warning This will display secure information Do you want to continue n y y List of Access Policies engineering 16 marketing 10 demo room 3 test demo No Wlans admin system radius policy For information on configuring Radius WLAN policy values using the applet GUI see Configuring User Authentication on page 6 52 show Displays a group s access policy ...

Страница 561: ...For information on configuring a Radius LDAP server using the applet GUI see Configuring LDAP Authentication on page 6 57 set Defines the LDAP parameters show all Displays existing LDAP parameters save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 562: ...LANgroup admin system radius ldap set filter 123 admin system radius ldap set membership radiusGroupName admin system radius ldap For information on configuring a Radius LDAP server using the applet GUI see Configuring LDAP Authentication on page 6 57 set Defines the LDAP parameters ipadr Sets LDAP IP address binddn Sets LDAP bind distinguished name basedn Sets LDAP base distinguished name passwd ...

Страница 563: ...s LDAP Base DN o radius LDAP Login Attribute uid Stripped User Name User Name LDAP Password attribute userPassword LDAP Group Name Attribue Wlangroup LDAP Group Membership Filter objectClass GroupOfNames member Ldap objectClass GroupOfUniqueNames uniquemember Ldap UserDn LDAP Group Membership Attribute radiusGroupName admin system radius ldap For information on configuring a Radius LDAP server usi...

Страница 564: ...nfiguring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 59 add Adds a proxy realm delete Deletes a proxy realm clearall Removes all proxy server records set Sets proxy server parameters show Displays current Radius proxy server parameters save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 565: ...elot 157 235 241 22 1812 muddy admin system radius proxy For information on configuring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 59 add Adds a proxy realm name name Realm name ip1 ip1 Authentication server IP address The default port is set to 1812 sec sec Shared secret password ...

Страница 566: ...tem radius proxy delete Description Adds a proxy Syntax Example admin system radius proxy delete lancelot admin system radius proxy For information on configuring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 59 delete name Deletes a realm name ...

Страница 567: ...server records from the system Syntax Example admin system radius proxy clearall admin system radius proxy For information on configuring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 59 clearall Removes all proxy server records from the system ...

Страница 568: ...radius proxy set count 5 admin system radius proxy For information on configuring Radius proxy server values using the applet GUI see Configuring a Proxy Radius Server on page 6 59 set Sets Radius proxy server parameters delay Defines retry delay time in seconds for the proxy server The minimum value is 5 and maximum value is 10 count Defines retry count value for the proxy server The minimum valu...

Страница 569: ...us client values using the applet GUI see Configuring the Radius Server on page 6 52 add Adds a Radius client to list of available clients delete Deletes a Radius client from list of available clients show Displays a list of configured clients save Saves the configuration to system flash quit Quits the CLI Goes to the parent menu Goes to the root menu ...

Страница 570: ...tax Example admin system radius client add 157 235 132 11 255 255 255 225 muddy admin system radius client For information on configuring Radius client values using the applet GUI see Configuring the Radius Server on page 6 52 add Adds a proxy ip ip Client s IP address mask ip1 Network mask address of the client secret sec Shared secret password The password length must be 8 16 characters ...

Страница 571: ...e to the Radius server Syntax Example admin system radius client delete 157 235 132 11 admin system radius client For information on configuring Radius client values using the applet GUI see Configuring the Radius Server on page 6 52 delete ipadr Removes a specified Radius client ipadr from those available to the Radius server ...

Страница 572: ...stem radius client show Warning This will display secure information Do you want to continue n y y Idx Subnet Host Netmask SharedSecret 1 157 235 132 11 255 255 255 225 admin system radius client For information on configuring Radius client values using the applet GUI see Configuring the Radius Server on page 6 52 show Removes a specified Radius client from those available to the Radius server ...

Страница 573: ...gured accurately on the access point Syntax For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 41 show Shows NTP parameters settings date zone Show date time and time zone zone list Displays list of time zones set Sets NTP parameters Goes to the parent menu Goes to the root menu save Saves the configuration to system flash quit Quits the CLI...

Страница 574: ...plays the NTP server configuration Syntax Example admin system ntp show current time Tue 2011 Dec 13 16 58 59 0530 IST time zone Asia Calcutta ntp mode disable admin system ntp For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 41 show Shows all NTP server settings ...

Страница 575: ...tp date zone Date Time Tue 2011 Jan 02 18 35 37 0000 UTC Time Zone UTC CliAuditLog User admin Command date zone Status success From Ssh 172 16 10 10 MU_Mac NULL admin system ntp For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 41 date zone Show date time and time zone ...

Страница 576: ...tem ntp zone list Index TimeZone 1 Africa Abidjan 2 Africa Accra 3 Africa Addis_Ababa 4 Africa Algiers 5 Africa Asmera 6 Africa Bamako 7 Africa Bangui 8 Africa Banjul 9 Africa Bissau 10 Africa Blantyre Hit any key to continue admin system ntp For information on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 41 zone list Displays list of time zone indexes f...

Страница 577: ...on on configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 41 set mode ntp mode Enables or disables NTP server idx ip Sets the NTP sever IP address intrvl period Defines the clock synchronization interval used between the access point and the NTP server in minutes 15 65535 time time Sets the current system time yyyy year mm month dd day of the month hh hour of t...

Страница 578: ...plays the access point log submenu Logging options include Syntax show Shows logging options filter show Shows all filters set Sets log options and parameters unset filter Unsets filters view Views system log delete Deletes the system log Goes to the parent menu Goes to the root menu save Saves configuration to system flash quit Quits the CLI ...

Страница 579: ...ng settings Syntax Example admin system logs show log level L6 Info syslog server logging enable syslog server ip address 192 168 0 102 For information on configuring logging settings using the applet GUI see Logging Configuration on page 4 45 show Displays the current access point logging configuration ...

Страница 580: ...ce console MU MAC any IP address any Filter Precedence 3 is not yet set Filter Precedence 4 is not yet set Filter Precedence 5 is not yet set Filter Precedence 6 is not yet set Filter Precedence 7 is not yet set Filter Precedence 8 is not yet set Filter Precedence 9 is not yet set Filter Precedence 10 is not yet set admin system logs admin system logs filter show 2 Filter Precedence 2 Permission l...

Страница 581: ... 2 Unset Filter precedence 3 is not yet set Filter precedence 4 is not yet set Filter precedence 5 is not yet set Filter precedence 6 is not yet set Filter precedence 7 is not yet set Filter precedence 8 is not yet set Filter precedence 9 is not yet set Filter precedence 10 is not yet set admin system logs unset filter idx Unsets filters based on the specified rule precedence number all Unsets all...

Страница 582: ...o the system log L0 Emergency L1 Alert L2 Critical L3 Errors L4 Warning L5 Notice L6 Info default setting L7 Debug mode mode Enables or disables syslog server logging ipadr ip Sets the external syslog server IP address to ip a b c d audit filter Sets audit filter for filtering the logs rule Sets the rule precedence value from 1 10 for filtering the logs log no log Allows or Disallows system loggin...

Страница 583: ...n 7 16 16 01 none CC 4 16pm up 6 days 16 16 load average 0 00 0 01 0 00 Jan 7 16 16 01 none CC Mem 62384 32520 29864 0 0 Jan 7 16 16 01 none CC 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000 Jan 7 16 16 13 none klogd ps log fc queue maintenance Jan 7 16 16 44 none klogd ps log fc queue maintenance Jan 7 16 17 15 none klogd ps l...

Страница 584: ... 8 252 AP7131N admin system logs delete Description Deletes the log files Syntax Example admin system logs delete For information on configuring logging settings using the applet GUI see Logging Configuration on page 4 45 delete Deletes the access point system log file ...

Страница 585: ... partial default access point configuration show Shows import export parameters set Sets import export access point configuration parameters export Exports access point configuration to a designated system import Imports configuration to the access point transfer_keys_cfg Exports SSH keys to turn off interactive mode Goes to the parent menu Goes to the root menu save Saves the configuration to acc...

Страница 586: ... point factory default configuration Syntax Example admin system config default Are you sure you want to default the configuration yes no For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 47 default Restores the access point to the original factory configuration ...

Страница 587: ... SNMP settings are uneffected by the partial restore Syntax Example admin system config partial Are you sure you want to partially default AP 7131N yes no For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 47 default Restores a partial access point configuration ...

Страница 588: ...on file Syntax Example admin system config show Warning This will display secure information Do you want to continue n y y cfg filename cfg txt cfg filepath sftp server ip address 192 268 0 10 sftp user name For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 47 show Shows all import export parameters ...

Страница 589: ... line such as set rf function X wips wlan where X is 1 or 2 is never generated For configuration file import the legacy command set rf function X wips wlan is processed There is no CLI menu allowing the user to enter set rf function X wips wlan where X is 1 or 2 Instead the command set radio configX where X is 1 2 3 4 5 6 7 or 8 is created in the configuration files for export For information on i...

Страница 590: ... progress File transfer Done Export Operation Done For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 47 export sftp Exports the access point configuration to the SFTP server Use the set command to set the server user password and file name before using this command CAUTION Make sure a copy of the access point s ...

Страница 591: ...ee Importing Exporting Configurations on page 4 47 import sftp Imports the access point configuration file from the SFTP server Use the set command to set the server user password and file CAUTION A single radio model access point cannot import export its configuration to a dual radio model access point In turn a dual radio model access point cannot import export its configuration to a single radi...

Страница 592: ...n system config transfer_keys_cfg Description Exports SSH keys in order to turn off interactive mode Syntax Example admin system config transfer_keys_cfg Transfer of ssh public key in progress Done admin system config transfer_keys Exports SSH keys in order to turn off interactive mode xx ...

Страница 593: ...rmware regardless of whether the reboot is conducted uing the GUI or CLI interfaces show Displays the current access point firmware update settings set Defines the access point firmware update parameters transfer_keys_fw Exports ssh keys to turn off interactive mode for firmware update Executes the firmware update Goes to the parent menu Goes to the root menu save Saves the current configuration t...

Страница 594: ...in system fw update show Warning This will display secure information Do you want to continue n y y firmware filename apn bin firmware path sftpboot sftp server ip address 168 197 2 2 sftp user name jsmith For information on updating access point device firmware using the applet GUI see Updating Device Firmware on page 4 51 show Shows the current system firmware update settings for the access poin...

Страница 595: ...235 111 22 admin system fw update set user mudskipper For information on updating access point device firmware using the applet GUI see Updating Device Firmware on page 4 51 set file name Defines the firmware file name 1 to 39 characters path path Specifies a path for the file 1 to 39 characters server ip The IP address for the SFTP server used for the firmware and or config file update user name ...

Страница 596: ... firmware Syntax Example admin system fw update transfer_keys_fw ssh keygen for cli in progress Transfer of ssh public key in progress for CLI ssh keygen for applet in progress Transfer of ssh public key in progress for Applet Checking For Image Verification Keys Required for Firmware Upgrade for Applet Done admin system fw update transfer_keys_fw Exports ssh keys to turn off interactive mode on f...

Страница 597: ...ss point device firmware using the applet GUI see Updating Device Firmware on page 4 51 update mode Defines the sftp mode used to conduct the firmware update Specifies whether the update is executed over the access point s WAN LAN1 or LAN2 interface NOTE The access point must complete the reboot process to successfully update the device firmware regardless of whether the reboot is conducted uing t...

Страница 598: ...menu The items available under this command are shown below run self test Performs self test zeroisekeys Zeroization of critical security parameters showlog Displays the PoST Log File success or error status Goes to the parent menu Goes to the root menu save Saves the current configuration to the access point system flash quit Quits the CLI and exits the current session ...

Страница 599: ...18 47 52 2012 6e HMAC SHA 224 hash successful Fri Aug 31 18 47 52 2012 6f HMAC SHA 256 hash successful Fri Aug 31 18 47 52 2012 6g HMAC SHA 384 hash successful Fri Aug 31 18 47 52 2012 6h HMAC SHA 512 hash successful Fri Aug 31 18 47 52 2012 The tests completed without errors Fri Aug 31 18 47 52 2012 openSSL power up self test successful Fri Aug 31 18 47 52 2012 FIPS power up tests for wireless cr...

Страница 600: ...e concatenated into a combined key and the SHA 256 hash of this combined key is calculated This hash value is stored in a file As authorized users create custom keys to use instead of the defaults this process is repeated to generate a new hash over the modified keyset During startup the combined SHA 256 Hash of the persistent keys are calculated and compared against the stored hash value This int...

Страница 601: ...quired Syntax admin system fips test zeroisekeys WARNING Zeroizing Do you want to continue n y WARNING Zeroizing Do you want to continue n y y System will now reset for restoring default configuration After the system restarts you will need to set the country code for correctc operation admin system fips test zeroisekeys Conducts a zeroization of critical security parameters The country code must ...

Страница 602: ...ference Guide 8 270 AP7131N admin system fips test showlog Description Displays the PoST Logs File file success or error state Syntax admin system fips test showlog admin system fips test showlog file Displays the PoST Logs File file success or error state ...

Страница 603: ...Displays access point WLAN MU LAN and WAN statistics clear Clears all statistic counters to zero flash all leds Starts and stops the flashing of all access point LEDs echo Defines the parameters for pinging a designated station ping Iniates a ping test Moves to the parent menu Goes to the root menu save Saves the current configuration to system flash quit Quits the CLI ...

Страница 604: ...ewing MU Statistics Summary on page 7 25 For information on displaying Mesh statistics using the applet GUI see Viewing the Mesh Statistics Summary on page 7 32 For information on displaying Known AP statistics using the applet GUI see Viewing Known Access Point Statistics on page 7 34 show wan Displays stats for the access point WAN port lan Displays stats for the access point LAN port stp Displa...

Страница 605: ...N index either clear lan 1 or clear lan 2 all rf Clears all RF data all wlan Clears all WLAN summary information wlan Clears individual WLAN statistic counters all radio Clears access point radio summary information radio1 Clears statistics counters specific to radio1 radio2 Clears statistics counters specific to radio2 all mu Clears all MU statistic counters mu Clears MU statistics counters known...

Страница 606: ...int s LEDs Syntax Example admin stats admin stats flash all leds 1 start Password admin stats flash all leds 1 stop admin stats For information on flashing access point LEDs using the applet GUI see Viewing Known Access Point Statistics on page 7 34 flash all leds index Defines the Known AP index number of the target AP to flash stop start Begins or terminates the flash activity ...

Страница 607: ...ntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 show Shows the Mobile Unit Statistics Summary list Defines echo test parameters and result set Determines echo test packet data start Begins echoing the defined station Goes to parent menu Goes to root menu quit Quits CLI session ...

Страница 608: ...n Shows Mobile Unit Statistics Summary Syntax Example admin stats echo show Idx IP Address MAC Address WLAN Radio T put ABS Retries 1 192 168 2 0 00 A0F8 72 57 83 demo 11a For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 show Shows Mobile Unit Statistics Summary ...

Страница 609: ...results Syntax Example admin stats echo list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats echo For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 list Lists echo test parameters and results ...

Страница 610: ...ters of the echo test Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 set station mac Defines MU target MAC address request num Sets number of echo packets to transmit 1 539 length num Determines echo packet length in bytes 1 539 data hex Defines the particular packet data ...

Страница 611: ...xample admin stats echo start admin stats echo list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of MU Responses 2 For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 start Initiates the echo test ...

Страница 612: ...a ping test to an AP with the same ESSID Syntax For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 ping show Shows Known AP Summary details list Defines ping test packet length set Determines ping test packet data start Begins pinging the defined station Goes to parent menu Goes to root menu quit Quits CLI session ...

Страница 613: ...dmin stats ping show Description Shows Known AP Summary Details Syntax Example admin stats ping show Idx IP Address MAC Address MUs KBIOS Unit Name 1 192 168 2 0 00 A0F8 72 57 83 3 0 access point show Shows Known AP Summary Details ...

Страница 614: ...Lists ping test parameters and results Syntax Example admin stats ping list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 list Lists ping test parameters and results ...

Страница 615: ...et request 10 admin stats ping set length 100 admin stats ping set data 1 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 set station Defines the AP target MAC address request Sets number of ping packets to transmit 1 539 length Determines ping packet length in bytes 1 539 data Defines the particular packet data ...

Страница 616: ...Initiates the ping test Syntax Example admin stats ping start admin stats ping list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of AP Responses 2 For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 start Initiates the ping test ...

Страница 617: ...locate other access points using the WLAP client s ESSID Then it is required to go through the association and authentication process to establish wireless connections with the located devices This association process is identical to the access point s current MU association process Once the association and authentication process is complete the wireless client adds the connection as a port on its...

Страница 618: ... is not blocked Once the client bridge establishes at least one wireless connection it begins establishing other wireless connections as it finds them available Thus the client bridge is able to establish simultaneous redundant links A mesh network must use one of the two access point LANs If intending to use the access point for mesh networking support Motorola recommends configuring at least one...

Страница 619: ...red preferred connection list The association and authentication process is identical to the MU association process The client access point sends 802 11 authentication and association frames to the base access point The base access point responds as if the client is an actual mobile unit Depending on the security policy the two access point s engage in the normal handshake mechanism to establish k...

Страница 620: ...ase bridge AP 2 repeater both a base and client bridge In the case of a mesh enabled radio the client bridge configuration always takes precedence over the base bridge configuration Therefore when a radio is configured as a repeater AP 2 the base bridge configuration takes effect only after the client bridge connection to AP 1 is established Thus AP 2 keeps scanning to find the base bridge form th...

Страница 621: ...assigned to one of two different subnets From a layer 2 perspective the system has two different bridge functionalities each with its own STP The WLAN assignment controls the subnet LAN1 or 2 upon which a given connection resides If WLAN2 is assigned to LAN1 and WLAN2 is used to establish a client bridge connection then the mesh network connection resides on LAN1 Therefore depending upon the WLAN ...

Страница 622: ... other access points mesh network configuration parameters will get sent or saved to other access points However if using the Known AP Statistics screen s Send Cfg to APs functionality auto select and preferred list settings do not get imported CAUTION When using the Import Export screen to import a mesh supported configuration do not import a base bridge configuration into an existing client brid...

Страница 623: ...he user does not necessarily have to change these settings as the default settings will work However Motorola encourages the user to define an access point as a base bridge and root using the base bridge priority settings within the Bridge STP Configuration screen Members of the mesh network can be configured as client bridges or additional base bridges with a higher priority value To define a LAN...

Страница 624: ...ult bridge priority of 63335 Maximum Message age The Maximum Message age timer is used with the Message Age timer The Message Age timer is used to measure the age of the received protocol information recorded for a port and to ensure the information is discarded when it exceeds the value set for the Maximum Message age timer Hello Time The Hello Time is the time between each bridge protocol data u...

Страница 625: ...mbers of the mesh network 1 Select Network Configuration Wireless from the AP 7131 menu tree The Wireless Configuration screen displays with those existing WLANs displayed within the table 2 Select the Create button to configure a new WLAN specifically to support mesh networking An existing WLAN can be modified or used as is for mesh networking support by selecting it from the list of available WL...

Страница 626: ...e it from WLANs defined for non mesh support The name assigned to the WLAN is what is selected from the Radio Configuration screen for use within the mesh network NOTE It is possible to have different ESSID and WLAN assignments within a single mesh network one set between the Base Bridge and repeater and another between the repeater and Client Bridge However for ease of management and to not waste...

Страница 627: ...ed 6 Select the Enable Client Bridge Backhaul checkbox to make this WLAN available in the Mesh Network Name drop down menu within the Radio Configuration screen Only WLANs defined for mesh networking support should have this checkbox selected in order to keep the list of WLANs available within the Radio Configuration screen restricted to just WLANs configured specifically with mesh attributes 7 Re...

Страница 628: ...evices within the mesh network If a hacker tries to find an ESSID via an MU the access point s ESSID does not display since the ESSID is not in the beacon Motorola recommends keeping the option enabled to reduce the likelihood of hacking into the WLAN 11 Select the Accept Broadcast ESSID checkbox to associate an MU that has a blank ESSID regardless of which ESSID the access point is currently usin...

Страница 629: ... Configuration Wireless Radio Configuration from the access point menu tree NOTE The dual radio model AP 7131N FGR affords users better optimization of the mesh network feature by allowing the access point to transmit to other access points in base or client bridge mode using one independent radio and transmit with its associated devices using the second independent radio A single radio access poi...

Страница 630: ... is an existing radio within a mesh network these values update in real time NOTE With this 4 0 release of the access point firmware a new scheme for radio configuration and WIPS server management has been implemented within the Quick Setup GUI applet Up to eight radio buttons are now available depending on the number radios supported by the SKU These radio buttons define how WLAN and WIPS are sup...

Страница 631: ...use the Mesh Network Name drop down menu to select the WLAN ESS the client bridge uses to establish a wireless link The default setting is WLAN1 Motorola recommends creating and naming a WLAN specifically for mesh networking support to differentiate the Mesh supported WLAN from non Mesh supported WLANs For more information see Configuring a WLAN for Mesh Networking Support on page 9 9 Once the set...

Страница 632: ...s becomes unavailable 8 Refer to the Available Base Bridge List to view devices located by the access point using the WLAN selected from the Radio Configuration screen Refer the following for information on located base bridges NOTE Ensure you have verified the radio configuration for both Radio 1 and Radio 2 before saving the existing settings and exiting the Radio Configuration screen NOTE Auto ...

Страница 633: ...ck the Down button to decrease its likelihood of being selected as a member of the mesh network 13 If a device MAC address is on the Preferred Base Bridge List and constitutes a threat as a potential member of the mesh network poor RSSI etc select it and click the Remove button to exclude it from the preferred list If all of the members of the Preferred Base Bridge List constitute a risk as a memb...

Страница 634: ...dio 1 does not have a mesh connection the other radio radio 2 is not affected Radio 2 continues to beacon and associate MUs but MU s can only communicate amongst themselves using the access point Disabled is the default value Uplink Detect When Uplink Detect is selected the access point only boots up the radio configured as a client bridge The access point boots up the second radio as soon as the ...

Страница 635: ... from the AP 7131 menu tree For additional information on configuring the access point s radio see Configuring the 802 11a n or 802 11b g n Radio on page 5 56 For two fictional deployment scenarios see Mesh Network Deployment Quick Setup on page 9 20 CAUTION When defining a Mesh configuration and changes are saved the mesh network temporarily goes down The mesh network is unavailable because the a...

Страница 636: ...mesh network with a base bridge repeater combined base bridge and client bridge mode and a client bridge 9 3 1 Scenario 1 Two Base Bridges and One Client Bridge In scenario 1 the following three access point configurations will be deployed within the mesh network AP 1 An active base bridge AP 2 A redundant base bridge AP 3 A client bridge connecting to both AP 1 and AP 2 simultaneously AP 1 and AP...

Страница 637: ...rking 9 21 9 3 1 1 Configuring AP 1 1 Provide a known IP address for the LAN1 interface NOTE Enable the LAN1 Interface of AP 1 as a DHCP Server if you intend to associate MUs and require them to obtain an IP address via DHCP ...

Страница 638: ...Motorola Solutions AP 7131N FGR Access Point Product Reference Guide 9 22 2 Assign a Mesh STP Priority of 40000 to LAN1 Interface 3 Define a mesh supported WLAN ...

Страница 639: ...Configuring Mesh Networking 9 23 4 Enable base bridge functionality on the 802 11a n radio Radio 2 ...

Страница 640: ... AP 2 can be configured the same as AP 1 with the following exceptions Assign an IP Address to the LAN1 Interface different than that of AP 1 Assign a higher Mesh STP Priority 50000 to the AP 2 LAN1 Interface NOTE In a typical deployment each base bridge can be configured for a Mesh STP Priority of 50000 In this example different values are used to force AP 1 to be the forwarding link since it s a...

Страница 641: ...iguration for AP 3 a client bridge connecting to both AP 1 and AP 2 simultaneously 1 Provide a known IP address for the LAN1 interface NOTE Ensure AP 1 and AP 2 use the same channel for each 802 11a n radio or the APs will not be able to hear each other over different channels ...

Страница 642: ...ge checkbox to enable client bridge functionality on the 802 11a n radio Use the Mesh Network Name drop down menu to select the name of the WLAN created in step 3 NOTE This WLAN should not be mapped to any radio Therefore leave both of the Available On radio options unselected NOTE You don t need to configure channel settings on the client bridge AP 3 It automatically finds the base bridges AP 1 a...

Страница 643: ...ce completed pass traffic among the three APs comprising the mesh network 9 3 2 Scenario 2 Two Hop Mesh Network with a Base Bridge Repeater and a Client Bridge By default the mesh algorithm runs an automatic link selection algorithm to determine the best possible active and redundant links If member APs are not far apart in physical distance the algorithm intelligently chooses a single hop link to...

Страница 644: ...P 3 is a client b ridge 9 3 2 1 Configuring AP 1 The setup of AP 1 within this usage scenario is exactly the same as the AP 1 configuration within Scenario 1 Two Base Bridges and One Client Bridge for step by step instructions for configuring AP 1 see Configuring AP 1 on page 9 21 Once completed return to Configuring AP 2 on page 9 29 within this section ...

Страница 645: ...king 9 29 9 3 2 2 Configuring AP 2 AP 2 requires the following modifications from AP 2 in the previous scenario to function in base bridge client bridge repeater mode 1 Enable client bridge backhaul on the mesh supported WLAN ...

Страница 646: ...bridge functionality on the 802 11a n radio 9 3 2 3 Configuring AP 3 To define AP 3 s configuration 1 The only change needed on AP 3 with respect to the configuration used in scenario 1 is to disable the Auto Link Selection option Click the Advanced button within the Mesh Client Bridge Settings field ...

Страница 647: ...02 11a n radio if each AP The Radio MAC Address the BSSID 1 MAC Address is used for the AP 2 Preferred Base Bridge List Ensure both the AP 1 and AP 2 Radio MAC Addresses are in the Available Base Bridge List Add the AP 2 MAC Address into the Preferred Base Bridge List 3 Determine the Radio MAC Address and BSSID MAC Addresses ...

Страница 648: ... 9 32 9 3 2 4 Verifying Mesh Network Functionality for Scenario 2 You now have a three AP demo multi hop mesh network ready to demonstrate Associate an MU on the WLANs configured on the 802 11b g n radio for each AP and pass traffic among the members of the mesh network ...

Страница 649: ...e Connectivity You have configured three access points in mesh mode one base bridge AP1 one client bridge base bridge AP2 and one client bridge AP3 However the client bridge AP3 is connecting to both AP1 and AP2 and using its link to base bridge AP1 to forward traffic Resolution This is valid behavior you see this when your mesh APs are close enough in proximity so the client bridge can see both t...

Страница 650: ...a secure beacon on a mesh backhaul supported WLAN In fact it is a Motorola recommended practice Mesh Deployment Issue 6 Is my mesh topology complete How can I determine if all my mesh APs are connected and the mesh topology is complete Resolution Each mesh AP has a Known AP Table available in the applet CLI and SNMP All APs whether they are supporting mesh or not periodically exchange ID messages ...

Страница 651: ...FGR support wireless firmware updates Mesh Deployment Issue 12 Can I perform firmware configuration file updates with DHCP options Can I use the AP s Automatic Firmware Configuration update functionalities with DHCP Options on the AP for mesh nodes as well Resolution Yes mesh nodes also support Automatic Firmware Configuration updates using DHCP Options Make sure you create DHCP reservations for e...

Страница 652: ...tion Yes all client bridges perform periodic background scanning both passively by sniffing the air for beacons and actively by sending Probe Requests Therefore a client bridge automatically detects the presence of a new base bridge or repeater added to the mesh network topology and forms a seam less connection without affecting current operation Mesh Deployment Issue 15 Can a mesh supported AP re...

Страница 653: ...e access point connects to a Motorola RFS7000 model switch and receives its AAP configuration An AAP provides local 802 11 traffic termination local encryption decryption local traffic bridging the tunneling of centralized traffic to the wireless switch The switch can be discovered using one of the following mechanisms Switch fully qualified domain name FQDN Static IP addresses ...

Страница 654: ...h your existing infrastructure 10 1 1 Where to Go From Here Refer to the following for a further understanding of AAP operation Adaptive AP Management Licensing Switch Discovery Securing a Configuration Channel Between Switch and AP Adaptive AP WLAN Topology Configuration Updates Securing Data Tunnels between the Switch and AAP Adaptive AP Switch Failure Remote Site Survivability RSS Adaptive Mesh...

Страница 655: ... a switch can be used for an AAP deployment Regardless of how many AP300 and or AAPs are deployed you must ensure the license used by the switch supports the number of radio ports both AP300s and AAPs you intend to adopt 10 1 4 Switch Discovery For an access point to function as an AAP regardless of mode it needs to connect to a switch to receive its configuration Manual Adoption Configuration 10 ...

Страница 656: ...ndent WLANs are local to an AAP and can be configured from the switch You must specify a WLAN as independent to stop traffic from being forwarded to the switch Independent WLANs behave like WLANs on a standalone access point Both Extended and independent WLANs are configured from the switch and operate simultaneously 10 1 7 Configuration Updates An AAP receives its configuration from the switch in...

Страница 657: ...pt the AAP using an IPSec tunnel To review a sample AAP configuration see Sample Switch Configuration File for IPSec and Independent WLAN on page 10 16 10 1 9 Adaptive AP Switch Failure In the event of a switch failure an AAP s independent WLAN continues to operate without disruption The AAP attempts to connect to another switch if available in background Extended WLANs are disabled once switch ad...

Страница 658: ...kes less than 2 seconds forcing associated MUs to be deauthenticated and the Mesh link will go down MUs are able to quickly associate but the Mesh link will need to be re established before MUs can pass traffic This typically takes about 90 to 180 seconds depending on the size of the mesh topology For an overview of mesh networking and how to configure an access point to support mesh see Configuri...

Страница 659: ...me of adoption from the wireless switch Instead the firmware is upgraded using the firmware update procedure manually An AAP can use its LAN1 interface or WAN interface for adoption The default gateway interface is set to LAN1 If the WAN Interface is used explicitly configure WAN as the default gateway interface Motorola recommends using the LAN1 interface for adoption in multi cell deployments If...

Страница 660: ...lly by the AAP No wireless traffic is tunneled back to the switch Each independent WLAN is mapped to the access point s LAN1 interface The only traffic between the switch and the AAP are control messages for example heartbeats statistics and configuration updates 10 2 4 Extended WLANs with Independent WLANs An AAP can have both extended WLANs and independent WLANs operating in conjunction When use...

Страница 661: ...wnloads a configuration file from the switch it obtains the version number of the image it should be running The switch does not have the capacity to hold the access point s firmware image and configuration The access point image must be downloaded using a means outside the switch If there is still an image version mismatch between what the switch expects and what the AAP is running the switch wil...

Страница 662: ...able on the switch to adopt the required number of AAPs 2 As soon as the AAP displays in the adopted list Adjust each AAP s radio configuration as required This includes WLAN radio mappings and radio parameters WLAN VLAN mappings and WLAN parameters are global and cannot be defined on a per radio basis WLANs can be assigned to a radio as done today for an AP300 model access port Optionally configu...

Страница 663: ...sisting of the adaptive parameters pushed to the access point Each of these adoption techniques is described in the sections that follow 10 4 1 1 Adopting an Adaptive AP Manually To manually enable the access point s switch discovery method and connection medium required for adoption 1 Select System Configuration Adaptive AP Setup from the access point s menu tree NOTE Refer to Adaptive AP Deploym...

Страница 664: ...for AAP connection The AAP will begin establishing a connection with the first addresses in the list If unsuccessful the AP will continue down the list in order until a connection is established 4 If a numerical IP address is unknown but you know a switch s fully qualified domain name FQDN enter the name as the Switch FQDN value 5 Select the Enable AP Switch Tunnel option to allow AAP configuratio...

Страница 665: ...are on page 4 51 10 4 2 Switch Configuration RFS7000 running firmware version 4 0 or later require an explicit adaptive configuration to adopt an access point if IPSec is not being used for adoption The same licenses currently used for AP300 adoption can be used for an AAP Disable the switch s Adopt unconfigured radios automatically option and manually add AAPs requiring adoption or leave as defau...

Страница 666: ... Only checkbox Selecting the checkbox designates the WLAN as independent and prevents traffic from being forwarded to the switch Independent WLANs behave like WLANs as used on a a standalone access point Leave this option unselected as is by default to keep this WLAN an extended WLAN a typical centralized WLAN created on the switch Once an AAP is adopted by the switch it displays within the switch...

Страница 667: ...ement and native VLANs are configured The WLAN used for mesh backhaul must always be an independent WLAN The switch configures an AAP If manually changing wireless settings on the AP they are not updated on the switch It s a one way configuration from the switch to the AP An AAP always requires a router between the AP and the switch An AAP can be used behind a NAT An AAP uses UDP port 24576 for co...

Страница 668: ...re 3 network element id RFS7000 username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 40fc8eaf6500a3e4ba113b2be120af8f93b6ae00 ip access list extended My ACL deny ip host 172 16 10 160 any log rule precedence 10 permit ip 172 16 10 160 29 host 172 19 97 167 log rule precedence 20 permit ip host 172 16 10 168 host 172 19 9...

Страница 669: ... log rule precedence 10 spanning tree mst cisco interoperability enable spanning tree mst configuration name My Name crypto pki trustpoint MS CA subject name RFS7000 CC IN KAR BANGALORE MOTOROLA EWLAN crypto pki trustpoint WIN2008 CA subject name RFS7000 CC IN KAR BLR MOTO EWLAN crypto pki trustpoint Win2008 CA subject name CC RFS TLS IN KAR BANG MOTO EWLAN country code fr redundancy group id 13 r...

Страница 670: ...e crypto isakmp key 2 FBZx1Kdh3F1jRcala5eptQWPgXER9 pBp 92wgv6T3IA address 255 255 255 255 crypto isakmp key 2 X11qUCSaU3ANqPhD6ZANQKYeiH9Ey0DcQ3v5MAsA cGA address 0 0 0 0 crypto isakmp key 2 eLiatzafD9AY7Mxh0iI0WwiUle1jA t4u87VBeU62pNA address 192 168 5 89 crypto isakmp key 2 gfagIEbg7lGebx2pRlFpBgx6Q9hlV5OTlqsVqRo0UUAA address 192 168 0 10 crypto isakmp key 2 YZPZWUHNyPz9ZD2v1XrTXwFM8gI Ai uqWFr...

Страница 671: ...1 radius server primary 192 168 0 10 wlan 1 radius server primary radius key 2 FpIbb6rdLjRpRPpzcP ePR6wJ56t8l3pi7STrYFpbTLA wlan 1 aap proxy radius enable no wlan 1 dot11i pmk caching no wlan 1 dot11i opp pmk caching wlan 2 ssid R D U wlan 2 vlan 40 wlan 2 encryption type ccmp wlan 2 authentication type eap wlan 2 inactivity timeout 60 wlan 2 radius server primary 192 168 0 4 wlan 4 enable wlan 4 ...

Страница 672: ...adio 1 description RADIO16 radio 1 radio number 1 radio add 2 00 23 AE 0E 85 D6 11an aap7131 radio 2 description RADIO18 radio 2 radio number 2 radio add 3 00 23 AE 0D 85 D8 11bgn aap7131 radio 3 radio number 1 radio add 4 00 23 AE 0D 85 D8 11an aap7131 radio 4 radio number 2 radio 4 bss 1 1 radio add 5 00 23 AE 0D 85 D8 11bgn aap7131 radio 5 radio number 3 no ap ip default ap switch ip ap 00 23 A...

Страница 673: ...ent unauthorized ap using authorized ssid filter ageout 60 smart rf radio 1 radio mac 00 23 68 97 D4 10 radio 2 radio mac 00 23 68 97 D2 60 radio 3 radio mac 00 23 68 0F 46 10 radio 4 radio mac 00 23 68 0F 45 F0 radio 5 radio mac 00 23 68 0F 48 60 wireless radius server local authentication eap auth type all ca trust point Win2008 CA server trust point Win2008 CA rad user user1 password 2 SBJs6Egy...

Страница 674: ...ec transform set REMOTE TFSET esp 3des esp sha hmac mode transport crypto ipsec transform set RADIUS TFS esp 3des esp sha hmac mode tunnel crypto map AAP SYSLOG MAP 13 ipsec isakmp set peer 255 255 255 255 set mode main match address AAP ACL set transform set AAP TFSET crypto map AAP SYSLOG MAP 11 ipsec isakmp set peer 192 168 0 10 match address RADIUS ACL set transform set RADIUS TFS crypto map C...

Страница 675: ...rface ge3 switchport access vlan 192 ip dhcp trust interface ge4 switchport access vlan 10 ip dhcp trust interface me1 ip address 10 1 1 100 24 interface vlan1 ip address dhcp crypto map CLUSTER MOB MAP interface vlan192 ip address dhcp crypto map AAP SYSLOG MAP interface vlan222 ip address 222 222 222 222 24 ip dhcp pool Vlan222 ...

Страница 676: ...lt router 222 222 222 222 network 222 222 222 0 24 address range 222 222 222 2 222 222 222 200 service dhcp rtls rfid espi sole ip route 172 20 0 0 16 192 168 0 13 line con 0 exec timeout 35791 0 line vty 0 exec timeout 2 0 line vty 1 exec timeout 1 0 line vty 2 24 auth time 1 end ...

Страница 677: ...Technical Specifications This appendix provides technical specifications for the following Physical Characteristics Electrical Characteristics Radio Characteristics Country Codes ...

Страница 678: ...stics Dimensions 5 50 in Depth x 7 88 in Width x 1 38 in Height 14 cm Depth x 20 32 cm Width x 3 5 cm Height Housing Metal plenum rated housing UL2043 Weight 2 7 lbs Operating Temperature 4 F to 122 F 20 C to 50 C Storage Temperature 40 F to 158 F 40 C to 70 C Altitude 8000 ft 2438 m 82 F 28 C Operating 15000 ft 4572 m 53 F 12 C Storage Humidity 5 to 95 RH non condensing Electrostatic Discharge 15...

Страница 679: ...nd 54Mbps 802 11n MCS 0 15 up to 300Mbps Wireless Medium Direct Sequence Spread Spectrum DSSS Orthogonal Frequency Division Multiplexing OFDM Spatial multiplexing MIMO Network Standards 802 11a 802 11b 802 11g 802 3 802 11n Draft 2 0 Maximum Available Transmit Power Maximum available conducted transmit power per chain 2 4Ghz 23dBm Maximum available conducted transmit power all chains 2 4GHz 27 7dB...

Страница 680: ... MD Austria AT Morocco MA Bahamas BS Nambia NA Bahrain BH Netherlands NL Barbados BB Netherlands Antilles AN Belarus BY New Zealand NZ Belgium BE Nicaragua NI Bermuda BM Norfolk Island NF Bolivia BO Northern Mariana Islands MP Botswana BW Norway NO Botznia Herzegovina BA Oman OM Brazil BR Pakistan PK Bulgaria BG Panama PA Canada CA Paraguay PY Cayman Islands KY Peru PE Chile CL Philippines PH Chin...

Страница 681: ...ds FK Spain ES Finland FI Sri Lanka LK France FR Sweden SE French Guiana GF Switzerland CH Germany DE Taiwan TW Greece GR Thailand TH Guadeloupe GP Trinidad and Tobago TT Guam GU Tunisia TN Guyana GY Turkey TR Haiti HT Ukraine UA Honduras HN UAE AE Hong Kong HK United Kingdom GB Hungary HU USA US Iceland IS Uruguay UY India IN Venezuela VE Indonesia ID Vietnam VN Ireland IE Virgin Islands British ...

Страница 682: ...ss Point Product Reference Guide A 6 Italy IT Jamaica JM Japan JP Jordan JO Kazakhstan KZ Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macedonia MK Malaysia MY Malta MT Martinique MQ Country Code Country Code ...

Страница 683: ...age scenarios for many of the access point s key features This information should be referenced as a supplement to the information contained within this Product Reference Guide The following scenario is described Configuring an IPSEC Tunnel and VPN FAQs ...

Страница 684: ...etween Two Access Points Configuring a Cisco VPN Device Frequently Asked VPN Questions B 1 1 Configuring a VPN Tunnel Between Two Access Points The access point can connect to a non AP device supporting IPSec such as a Cisco VPN device labeled as Device 2 For this usage scenario the following components are required 2 access points 1 PC on each side of the access point s LAN To configure a VPN tun...

Страница 685: ...2 7 Enter the WAN port IP address of AP 2 Device 2 for a Remote Gateway 8 Click Apply to save the changes 9 Select the Auto IKE Key Exchange radio button 10 Select the Auto Key Settings button NOTE For this example Auto IKE Key Exchange is used Any key exchange can be used depending on the security needed as long as both devices on each end of the tunnel are configured exactly the same ...

Страница 686: ...roup14 as the Diffie Hellman Group Click OK This will take you back to the VPN screen 17 Click Apply to make the changes 18 Check the VPN Status screen Notice the status displays NOT_ACTIVE This screen automatically refreshes to get the current status of the VPN tunnel Once the tunnel is active the IKE_STATE changes from NOT_CONNECTED to SA_MATURE 19 On access point 2 Device 2 repeat the same proc...

Страница 687: ...co PIX Below is how the access point VPN Status screen should look if the entire configuration is setup correctly once the VPN tunnel is active The status field should display ACTIVE NOTE The Cisco PIX device configuration should match the access point VPN configuration in terms of Local WAN IP PIX WAN Remote WAN Gateway access point WAN IP Remote Subnet access point LAN Subnet and the Remote Subn...

Страница 688: ...3 x etc Question 2 Even if a wildcard entry of 0 0 0 0 is entered in the Remote Subnet field in the VPN configuration page can the AP access multiple subnets on the other end of a VPN concentrator for the APs LAN WAN side No Using a 0 0 0 0 wildcard is an unsupported configuration In order to access multiple subnets the steps in Question 1 must be followed Question 3 Can the AP be accessed via its...

Страница 689: ...uestion 9 I have setup my tunnel and the status still says Not Connected What should I do now VPN tunnels are negotiated on an as needed basis If you have not sent any traffic between the two subnets the tunnel will not get established Once a packet is sent between the two subnets the VPN tunnel setup occurs Question 10 I still can t get my tunnel to work after attempting to initiate traffic betwe...

Страница 690: ...t flow for IPSec to work properly with Advanced LAN Access These rules should be configured first before other rules are configured Question 12 Do I need to add any special routes on the access point to get my VPN tunnel to work Scr Remote Subnet IP range Dst Local Subnet IP range Transport ANY Scr port 1 65535 Dst port 1 65535 Rev NAT None Scr Local Subnet IP range Dst Remote Subnet IP range Tran...

Страница 691: ...ver clients could need extra routing information Clients on the local LAN side should either use the access point as their gateway or have a route entry tell them to use the access point as the gateway to reach the remote subnet ...

Страница 692: ...Motorola Solutions AP 7131N FGR Access Point Product Reference Guide B 10 ...

Страница 693: ... Central provides our customers with a wealth of information and online assistance including developer tools software downloads product manuals and online repair requests When contacting the Motorola Solutions Support Center please provide the following information serial number of unit model number or product name software type and version number ...

Страница 694: ...ide North America Motorola Solutions inc Symbol Place Winnersh Triangle Berkshire RG41 5TP United Kingdom 0800 328 2424 Inside UK 44 118 945 7529 Outside UK Web Support Sites Product Downloads and Manuals https portal motorolasolutions com Support US EN Additional Information Obtain additional information by contacting Motorola Solutions at 1 800 722 6234 inside North America 1 516 738 5200 in out...

Страница 695: ...1 Firmware 1 14 AP 5131 management options 1 14 AP 5131 operating modes 1 27 AP 5131 placement 2 3 AP 5131 statistical displays 1 17 association process beacon 1 17 RSSI 1 27 available protocols 6 17 B Bandwidth Management 5 67 basic device configuration 3 4 beacon 1 17 CAM stations 1 17 PSP stations 1 17 BSSID 1 10 C CA certificate 4 18 CAM 1 17 certificate authority 4 18 certificate management 4...

Страница 696: ...tion options 3 2 configuration restoration 1 18 Content Filtering 1 13 content filtering 6 39 country codes 4 4 A 4 customer support B 1 D data access configuring 4 14 data encryption 1 11 data security 1 11 device firmware 4 51 device settings 3 8 DHCP support 1 18 DHCP advanced settings 5 13 direct sequence spread spectrum 1 26 Document Conventions 1 vii E EAP 1 12 EAP authentication 1 12 electr...

Страница 697: ...autions 2 2 programmable SNMP trap 1 9 PSP 1 17 PSP stations 1 17 beacon 1 17 MU 1 17 Q QoS support 1 11 Quality of Service QoS 1 11 R radio options 1 9 radio retry histogram 7 24 radio statistics 7 18 restore default configuration 4 5 roaming across routers TIM 1 17 rogue AP detection 6 42 rogue AP detection allowed APs 6 46 rogue AP details 6 49 Routing Information Protocol RIP 1 21 S security c...

Страница 698: ...erations 1 23 transmit power control 1 17 type filter configuration 5 14 V VLAN support 1 14 VLAN configuring 5 5 VLAN management tag 5 8 VLAN name 5 3 VLAN native tag 5 8 Voice prioritization 1 16 VPN 1 13 VPN Tunnels 1 13 VPN auto key settings 6 32 VPN configuring 6 22 VPN IKE key settings 6 34 VPN manual key settings 6 28 VPN status 6 36 W wall mounting 2 10 WAN port 1 9 WAN configuring 5 16 WA...

Страница 699: ......

Страница 700: ...MOTOROLA Solutions INC 1301 E ALGONQUIN ROAD SCHAUMBURG IL 60196 1078 U S A http www motorolasolutions com 72E 161311 01 Revision B March 2014 ...

Результаты поиска

Содержание P-7131N-FGR

Отзывы:

Похожие инструкции для P-7131N-FGR

Бренды по названию

Популярные бренды

Motorola P-7131N-FGR, Руководство по продукции

Результаты поиска

Содержание P-7131N-FGR

Отзывы:

Похожие инструкции для P-7131N-FGR

Бренды по названию

Популярные бренды