Symbol AP-51xx Скачать руководство пользователя страница 28 | Manualshive

Страница: 28 / 622

Symbol AP-51xx Скачать руководство пользователя страница 28

AP-51xx Access Point Product Reference Guide

1-10

•

WPA2-CCMP (802.11i) Encryption

In addition, the access point supports the following additional security features:

•

Firewall Security

•

VPN Tunnels

•

Content Filtering

For an overview on the encryption and authentication schemes available on the access point, refer to

Configuring Access Point Security on page 6-1

.

1.2.8.1 Kerberos Authentication

Authentication is a means of verifying information that is transmitted from a secure source. If
information is

authentic

, you know who created it and you know that it has not been altered in any

way since it was originated. Authentication entails a network administrator employing a software
“supplicant” on their computer or wireless device.

Authentication is critical for the security of any wireless LAN device. Traditional authentication
methods are not suitable for use in wireless networks where an unauthorized user can monitor
network traffic and intercept passwords. The use of strong authentication methods that do not
disclose passwords is necessary. Symbol uses the

Kerberos

authentication service protocol (specified

in RFC 1510), to authenticate users/clients in a wireless network environment and to securely
distribute the encryption keys used for both encrypting and decrypting.

A basic understanding of

RFC 1510 Kerberos Network Authentication Service (V5) i

s helpful in

understanding how Kerberos functions. By default, WLAN devices operate in

an open system network

where any wireless device can associate with an AP without authorization. Kerberos requires device
authentication before access to the wired network is permitted.

For detailed information on Kerbeors configurations, see

Configuring Kerberos Authentication on

page 6-8

.

1.2.8.2 EAP Authentication

The

Extensible Authentication Protocol (EAP)

feature provides access points and their associated

MU’s an additional measure of security for data transmitted over the wireless network. Using EAP,
authentication between devices is achieved through the exchange and verification of certificates.

EAP is a mutual authentication method whereby both the MU and AP are required to prove their
identities. Like Kerberos, the user loses device authentication if the server cannot provide proof of
device identification

«
...
26
27
28
29
30
...
»

Содержание AP-51xx

Страница 1: ...AP 51xx Access Point Product Reference Guide...

Страница 2: ......

Страница 3: ...AP 51xx Access Point Product Reference Guide 72E 92949 01 Revision A January 2007...

Страница 4: ......

Страница 5: ...k from a licensed program or use a licensed program in a network without written permission from Symbol The user agrees to maintain Symbol s copyright notice on the licensed programs delivered hereund...

Страница 6: ......

Страница 7: ...ns viii Service Information viii Chapter 1 Introduction New Features 1 2 Mesh Networking 1 2 Additional LAN Subnet 1 3 On board Radius Server Authentication 1 4 Hotspot Support 1 4 Routing Information...

Страница 8: ...Encryption 1 12 WPA2 CCMP 802 11i Encryption 1 12 Firewall Security 1 13 VPN Tunnels 1 13 Content Filtering 1 13 VLAN Support 1 13 Multiple Management Accessibility Options 1 14 Updatable Firmware 1...

Страница 9: ...Options 2 9 AP 5131 Power Options 2 9 AP 5181 Power Options 2 9 Symbol Power Injector and Power Tap Systems 2 10 Installing the Power Injector or Power Tap 2 10 Preparing for Site Installation 2 11 C...

Страница 10: ...2 Configuring Data Access 4 6 Managing Certificate Authority CA Certificates 4 10 Importing a CA Certificate 4 10 Creating Self Certificates for Accessing the VPN 4 13 Creating a Certificate for Onboa...

Страница 11: ...ent Settings 5 63 Configuring Router Settings 5 65 Setting the RIP Configuration 5 66 Chapter 6 Configuring Access Point Security Configuring Security Options 6 2 Setting Passwords 6 3 Resetting the A...

Страница 12: ...ser Access Policy 6 74 Chapter 7 Monitoring Statistics Viewing WAN Statistics 7 2 Viewing LAN Statistics 7 6 Viewing a LAN s STP Statistics 7 10 Viewing Wireless Statistics 7 12 Viewing WLAN Statistic...

Страница 13: ...Commands 8 90 Network Quality of Service QoS Commands 8 107 Network Bandwith Management Commands 8 112 Network Rogue AP Commands 8 115 Network Firewall Commands 8 125 Network Router Commands 8 130 Sy...

Страница 14: ...Mesh Networking Support 9 9 Configuring the Access Point Radio for Mesh Support 9 13 Usage Scenario Trion Enterprises 9 20 Trion s Initial Deployment 9 20 Adding 2 Client Bridges to Expand the Coverag...

Страница 15: ...sing Extended Standard Options B 4 DHCP Priorities B 5 Linux BootP Server Configuration B 6 BootP Options B 7 BootP Priorities B 9 Configuring an IPSEC Tunnel and VPN FAQs B 9 Configuring a VPN Tunnel...

Страница 16: ...AP 51xx Access Point Product Reference Guide xii...

Страница 17: ...model access points For the purposes of this guide the devices will be called AP 51xx or the generic term access point when identical conifiguration activities are applied to both models Document Con...

Страница 18: ...Symbol Customer Support Refer to Appendix C for contact information Before calling have the model number and serial number at hand If the problem cannot be solved over the phone you may need to retur...

Страница 19: ...onstructed to support outdoor installations while the AP 5131 model is constructed primarily for indoor deployments The AP 5131 is available in numerous single and dual radio SKUs while an AP 5181 is...

Страница 20: ...w features have been introduced to the existing feature set Mesh Networking Additional LAN Subnet On board Radius Server Authentication Hotspot Support Routing Information Protocol RIP Manual Date and...

Страница 21: ...in client bridge mode can establish up to 3 simultaneous wireless connections with other AP 5131s or AP 5181s A client bridge always initiates the connections and the base bridge is always the accepto...

Страница 22: ...based on the WLAN configurations For detailed information on configuring the access point for AAA Radius Server support see Configuring User Authentication on page 6 64 1 1 4 Hotspot Support The acce...

Страница 23: ...nt time using a Year Month Day HH MM SS format For detailed information on manually setting the access point s system time see Configuring Network Time Protocol NTP on page 4 36 1 1 7 Dynamic DNS The...

Страница 24: ...figurable WLANs Support for 4 BSSIDs per Radio Quality of Service QoS Support Industry Leading Data Security VLAN Support Multiple Management Accessibility Options Updatable Firmware Programmable SNMP...

Страница 25: ...rnet device when connected to the LAN port For detailed information on configuring the access point LAN port see Configuring the LAN Interface on page 5 1 A Wide Area Network WAN is a widely dispersed...

Страница 26: ...ies of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable for wireless networking Roaming users can be handed off from one access point to anot...

Страница 27: ...m the access point QoS implementation The WiFi Multimedia QOS Extensions WMM implementation used by the access point shortens the time between transmitting higher priority data traffic and is thus des...

Страница 28: ...is necessary Symbol uses the Kerberos authentication service protocol specified in RFC 1510 to authenticate users clients in a wireless network environment and to securely distribute the encryption k...

Страница 29: ...la for scrambling the data A key is the specific code used by the algorithm to encrypt or decrypt the data Decryption is the decoding and unscrambling of received encrypted data The same device host c...

Страница 30: ...knesses of WEP by including a per packet key mixing function a message integrity check an extended initialization vector with sequencing rules a re keying mechanism WPA uses an encryption method calle...

Страница 31: ...p is extended from one LAN across the public network to another LAN without sacrificing security A VPN behaves like a private network however because the data travels through the public network it nee...

Страница 32: ...le imported via FTP or TFTP MIB Management Information Base Command Line Interface CLI accessed via RS 232 or Telnet Use the access point DB 9 serial port for direct access to the command line interfa...

Страница 33: ...in obscure locations In the past a dedicated power source was required for each access point in addition to the Ethernet infrastructure This often required an electrical contractor to install power dr...

Страница 34: ...normally receive over other data traffic Voice prioritization allows the access point to assign priority to voice traffic over data traffic and if necessary assign legacy voice supported devices non W...

Страница 35: ...ss point has a configurable power level for each radio This enables the network administrator to define the antenna s transmission power level in respect to the access point s placement or network req...

Страница 36: ...on The access point can be set to only accept replies from DHCP or BOOTP servers or both this is the default setting Disabling DHCP disables BOOTP and DHCP and requires network settings to be set manu...

Страница 37: ...s A receiving antenna on the MU in the path of the waves absorbs the waves as electrical signals The receiving MU interprets demodulates the signal by reapplying the direct sequence chipping code This...

Страница 38: ...es its association statistics The user can configure the ESSID to correspond to up to 16 WLANs on each 802 11a or 802 11b g radio A Wireless Local Area Network WLAN is a data communications system tha...

Страница 39: ...a direct sequence system each cell can operates independently Adding cells to the network provides increased coverage area and total system capacity The RS 232 serial port provides a Command Line Int...

Страница 40: ...e with an access point based on the following conditions Signal strength between the access pointand MU Number of MUs currently associated with the access point MUs encryption and authentication capab...

Страница 41: ...access point functions as a layer 2 bridge similar to Symbol s existing AP 4131 access point The wired uplink can operate as a trunk and support multiple VLANs Up to 16 WLANs can be defined and mappe...

Страница 42: ...ser The AP 5131 or AP 5181 downloads site contains the following 2 MIB files Symbol CC WS2000 MIB 2 0 standard Symbol MIB file Symbol AP 5131 MIB AP 5131 AP 5181 MIB file Make configuration changes to...

Страница 43: ...Introduction 1 25 BSS2 Base radio MAC address 1 BSS3 Base radio MAC address 2 BSS4 Base radio MAC address 3...

Страница 44: ...AP 51xx Access Point Product Reference Guide 1 26...

Страница 45: ...tion connecting antennae and applying power Installation procedures vary for different environments See the following sections for more details Precautions Requirements Access Point Placement Power Op...

Страница 46: ...l recommends conducting a radio site survey prior to installing the access point A site survey is an excellent method of documenting areas of radio interference and providing a tool for device placeme...

Страница 47: ...5131 802 11a g Single Radio Access Point AP 5131 Install Guide Software and Documentation CD ROM Accessories Bag AP 5131 40021 WWR AP 5131 802 11a g Single Radio Access Point AP 5131 Install Guide So...

Страница 48: ...or specific information Symbol Part Description AP 5181 13040 WWR 1 AP 5181 802 11a g Dual Radio Access Point 1 AP 5181 Install Guide 1 WEEE Regulatory Addendum 1 set of cable connectors 3 antenna dus...

Страница 49: ...age Antenna coverage is analogous to lighting Users might find an area lit from far away to be not bright enough An area lit sharply might minimize coverage and create dark areas Uniform antenna place...

Страница 50: ...ormance and signal reception Symbol supports two antenna suites for the AP 5131 One antenna suite supporting the 2 4 GHz band and another antenna suite supporting the 5 2 GHz band Select an antenna mo...

Страница 51: ...ctional 8 5 ML 2499 HPA3 01R Omni Directional Antenna 3 3 ML 2499 BYGA2 01R Yagi Antenna 13 9 ML 2452 APA2 01 Dual Band 3 0 NOTE An additional adapter is required to use ML 2499 11PNA2 01 and ML 2499...

Страница 52: ...signal reception Symbol supports two antenna suites for the AP 5181 One antenna suite supporting the 2 4 GHz band and another antenna suite supporting the 5 2 GHz band Select an antenna model best su...

Страница 53: ...2 PNA5 01R Sector Antenna Dual Band 6 0 2 3 2 4 4 9 5 9 GHz 120 deg Sector Type N connector with pigtail Part Number Antenna Type Nominal Net Gain dBi Description ML 5299 FHPA6 01R Omni Directional An...

Страница 54: ...AC power to combine low voltage DC with Ethernet data in a single cable connecting to the access point The access point can only use a Power Injector or Power Tap when connecting the unit to the acce...

Страница 55: ...ta source and access point 1 Connect an RJ 45 Ethernet cable between the network data supply host and the Power Injector s Data In or the Power Tap s DATA IN connector 2 Connect an RJ 45 Ethernet cabl...

Страница 56: ...ns are complete before supplying power to the access point 2 6 1 3 Power Injector LED Indicators The Power Injector demonstrates the following LED behavior under normal and or problematic operating co...

Страница 57: ...o their correct connectors The antenna protection plate cannot be used in a desk mount configuration as the plate only allows antennas to be positioned in a downward orientation 3 Remove the backings...

Страница 58: ...3 ft The Power Injector has no On Off power switch The Power Injector receives power as soon as AC power is applied For more information on using the Power Injector see Symbol Power Injector and Power...

Страница 59: ...ts of Two Phillips pan head self tapping screws ANSI Standard 6 18 X 0 875in Type A or AB Self Tapping screw or ANSI Standard Metric M3 5 X 0 6 X 20mm Type D Self Tapping screw Two wall anchors Securi...

Страница 60: ...tandard Symbol 48 Volt Power Adapter Part No 50 24000 050 and line cord installations a Connect RJ 45 Ethernet cable between the network data supply host and the AP 5131 LAN port b Verify the power ad...

Страница 61: ...optional To install the AP 5131 on a ceiling T bar 1 If required loop a safety wire with a diameter of at least 1 01 mm 04 in but no more than 0 158 mm 0625 in through the tie post above the AP 5131 s...

Страница 62: ...d line cord installations a Connect RJ 45 Ethernet cable between the network data supply host and the AP 5131 LAN port b Verify the power adapter is correctly rated according the country of operation...

Страница 63: ...stallation requires placing the AP 5131 above a suspended ceiling and installing the provided light pipe under the ceiling tile for viewing the rear panel status LEDs of the unit An above the ceiling...

Страница 64: ...l to make a hole in the tile the approximate size of the AP 5131 LED light pipe 7 Remove the light pipe s rubber stopper before installing the light pipe 8 Connect the light pipe to the bottom of the...

Страница 65: ...eiling space 15 Cable the AP 5131 using either the Symbol Power Injector solution or an approved line cord and power supply CAUTION Both the Dual and Single Radio model AP 5131s use RSMA type antenna...

Страница 66: ...rk data supply host and the AP 5131 LAN port b Verify the power adapter is correctly rated according the country of operation c Connect the power supply line cord to the power adapter d Attach the pow...

Страница 67: ...he following color display and functionality Power Status Solid white indicates the AP 5131 is adequately powered Error Conditions Solid red indicates theAP 5131is experiencing a problem condition req...

Страница 68: ...steps to mount the AP 5181 to a 1 5 to 18 inch diameter steel pole or tube using the mounting bracket 1 Fit the edges of the V shaped clamp parts into the slots on the flat side of the rectangular pl...

Страница 69: ...using the provided nuts 6 Attach the radio antenna to their correct connectors NOTE The AP 5181 tilt angle may need to be adjusted during the antenna alignment process Verify the antenna polarization...

Страница 70: ...e Ensure the cable length from the Ethernet source host to the Power Tap or Power Injector and AP 5181 does not exceed 100 meters 333 ft Neither the Power Tap or Power injector has an On Off power sw...

Страница 71: ...mounting bracket 1 Attach the bracket to a wall with flat side flush against the wall see the illustration below Position the bracket in the intended location and mark the positions of the four mounti...

Страница 72: ...tween the network data supply host and the Power Tap s DATA IN connector or the Power Injector s Data In connector NOTE Once ready for the final positioning of the access point ensure the RJ45 cable c...

Страница 73: ...ector has an On Off power switch Each receives power as soon as AC power is applied For more information on using the see Symbol Power Injector and Power Tap Systems on page 2 10 8 Use the supplied ca...

Страница 74: ...iate attention Ethernet Activity Flashing white indicates data transfers and Ethernet activity 802 11a Radio Activity Flickering amber indicates beacons and data transfers over the AP 5131 802 11a rad...

Страница 75: ...Adapter Users Guide available from the Symbol Web site for installing drivers and client software if operating in an 802 11a g network environment Refer to the Spectrum24 LA 4121 PC Card LA 4123 PCI A...

Страница 76: ...AP 51xx Access Point Product Reference Guide 2 32...

Страница 77: ...r options outlined in Hardware Installation See the following sections for more details Installing the Access Point Configuration Options Basic Device Configuration 3 1 Installing the Access Point Mak...

Страница 78: ...et and power in one cable to an AP 5131 model access point see Symbol Power Injector and Power Tap Systems on page 2 10 To verify AP 5131 LED behavior once installed see AP 5131 LED Indicators on page...

Страница 79: ...P 5131 and AP 5181 model access point an AP 5181 does not have its own MIB 3 3 Default Configuration Changes for the Access Point The following table illustrates the changes made to the access point d...

Страница 80: ...point using the access point s LAN port 1 The LAN port default is set to DHCP Connect the access point s LAN port to a DHCP server The access point will receive its IP address automatically 2 To view...

Страница 81: ...ation of the access point 3 5 Basic Device Configuration For the basic setup described in this section the Java based Web UI will be used to configure the access point Use the access point s LAN inter...

Страница 82: ...uccessful the Change Admin Password window displays Change the password Enter the current password and a new admin password in fields provided and click Apply Once the admin password has been updated...

Страница 83: ...e When you change the settings in the Quick Setup screen the values also change within the screen where these parameters also exist Additionally if the values are updated in these other screens the va...

Страница 84: ...h country has its own regulatory restrictions concerning electromagnetic emissions and the maximum RF signal strength that can be transmitted To ensure compliance with national and local laws be sure...

Страница 85: ...the Internet will be possible MUs cannot communicate beyond the configured subnets b Select the This Interface is a DHCP Client checkbox to enable DHCP for the access point WAN connection This is usef...

Страница 86: ...to the ISP b Specify a Username entered when connecting to the ISP When the Internet session begins the ISP authenticates the username c Specify a Password entered when connecting to the ISP When the...

Страница 87: ...er client To avoid this ensure all statically mapped IP addresses are outside of the IP address range assigned to the DHCP server For additional access point LAN port configuration options see Configu...

Страница 88: ...save any changes to the access point Quick Setup screen Navigating away from the screen without clicking Apply results in all changes to the screens being lost 11 Click Undo Changes if necessary to un...

Страница 89: ...gs field displays within the New Security Policy screen 4 Configure the WEP 128 Settings field as required to define the Pass Key used to generate the WEP keys Pass Key Specify a 4 to 32 character pas...

Страница 90: ...Key 1 4 fields to specify key numbers The key can be either a hexidecimal or ASCII depending on which option is selected from the drop down menu For WEP 64 40 bit key the keys are 10 hexadecimal chara...

Страница 91: ...d the users it supports Refer to the following For detailed information on access point device access SNMP settings network time importing exporting device configurations and device firmware updates s...

Страница 92: ...AP 51xx Access Point Product Reference Guide 3 16...

Страница 93: ...5 0 or later or Netscape Navigator 6 0 or later To connect to the access point the IP address is required If connected to the access point using the WAN port the default static IP address is 10 1 1 1...

Страница 94: ...l NTP Logging Configuration Importing Exporting Configurations Updating Device Firmware 4 1 Configuring System Settings Use the System Settings screen to specify the name and location of the access po...

Страница 95: ...the access point supports engineering retail etc System Location Enter the location of the access point The System Location parameter acts as a reminder of where the AP can be found Use the System Nam...

Страница 96: ...rrent version of the device firmware Use this information to determine if the access point is running the most recent firmware available from Symbol Use the Firmware Update screen to keep the AP s fir...

Страница 97: ...t the Restore Partial Default Configuration button to restore a default configuration with the exception of the current LAN WAN SNMP settings and IP address used to launch the browser If selected a me...

Страница 98: ...isable LAN1 LAN2 and or WAN access using the protocols and ports listed If access is disabled this effectively locks out the administrator from configuring the access point using that interface To avo...

Страница 99: ...xes to enable access to the access point configuration applet using a Secure Sockets Layer SSL for encrypted HTTP sessions CLI TELNET port 23 Select the LAN1 LAN2 and or WAN checkboxes to enable acces...

Страница 100: ...client SSH sends a message through the encrypted channel to request a response from the client The default is 0 and no messages will be sent to the client until a non zero value is set Defining a Kee...

Страница 101: ...splay a screen for updating the AP administrator password Enter and confirm a new administrator password as required Message Settings Click the Message Settings button to display a screen used to crea...

Страница 102: ...saved configuration 11 Click Logout to securely exit the access point Symbol Access Point applet A prompt displays confirming the logout before the applet is closed 4 3 Managing Certificate Authority...

Страница 103: ...select the IKE settings to use either RSA or DES certificates For additional information on configuring VPN tunnels see Configuring VPN Tunnels on page 6 36 Refer to your network administrator to obta...

Страница 104: ...e displays in the Import a root CA Certificate field 3 Click the Import root CA Certificate button to import it into the CA Certificate list 4 Once in the list select the certificate ID within the Vie...

Страница 105: ...hority CA to be signed then import the signed certificate into the management system To create a self certificate 1 Select System Configuration Certificate Mgmt Self Certificates from the access point...

Страница 106: ...4 values are required the others optional Key ID Enter a logical name for the certificate to help distinguish between certificates The name can be up to 7 characters in length Subject The required Su...

Страница 107: ...ate Request button The generated certificate request displays in Self Certificates screen text box 6 Click the Copy to Clipboard button Signature Algorithm Use the drop down menu to select the signatu...

Страница 108: ...dius Server to generate certificates to authenticate MUs for use with the access point In addition a Windows 2000 or 2003 Server is used to sign the certificate before downloading it back to the acces...

Страница 109: ...ganization Organization Optionally enter the name of your organization for supporting information for the certificate request City Optionally enter the name of the City where the access point using th...

Страница 110: ...ck Next to continue 10 Select the Advanced request checkbox from within the Choose Request Type screen and click Next to continue 11 From within the Advanced Certificate Requests screen select the Sub...

Страница 111: ...e from Clipboard button The certificate is now ready to be loaded into the access point s flash memory 17 Click the Import root CA Certificate button from within the CA Certificates screen 18 Verify t...

Страница 112: ...re the AP 5131 use the table below to locate the MIB where the feature can be configured NOTE The Symbol AP 5131 MIB contains the majority of the information contained within the Symbol CC WS2000 MIB...

Страница 113: ...MIB LAN to WAN Access Symbol CC WS2000 MIB 2 0 Config Import Export Symbol AP 5131 MIB AdvancedLANAccess Symbol CC WS2000 MIB 2 0 MU Authentication Stats Symbol AP 5131 MIB Router Configuration Symbol...

Страница 114: ...cess Control sub screen Use the SNMP Access screen to define SNMP v1 v2c community definitions and SNMP v3 user definitions SNMP version 1 v1 provides a strong network management system but its securi...

Страница 115: ...lows a remote device to modify settings Symbol recommends considering adding a community definition using a site appropriate name and access level Set up a read write definition at a minimum to facili...

Страница 116: ...access allows a remote device to retrieve access point information while read write access allows a remote device to modify access point settings Add Click Add to create a new entry for an SNMP v3 use...

Страница 117: ...rd on both pages Access Use the Access pull down list to specify read only R access or read write RW access for a user Read only access permits a user to retrieve access point information while read w...

Страница 118: ...4 1 Configuring SNMP Access Control Use the SNMP Access Control screen as launched from the SNMP Access screen to specify which users can read SNMP generated information and if capable modify related...

Страница 119: ...an use a read write community definition Use just the Starting IP Address column to specify a single SNMP user Use both the Starting IP Address and Ending IP Address columns to specify a range of addr...

Страница 120: ...e settings for reporting this information Trap configuration depends on the network machine that receives the generated traps SNMP v1 v2c and v3 trap configurations function independently In a mixed S...

Страница 121: ...Delete Click Delete to remove a selected SNMP v1 v2c Trap Configuration entry Destination IP Specify a numerical non DNS name destination IP address for receiving the traps sent by the access point SN...

Страница 122: ...u to specify a security level of noAuth no authorization AuthNoPriv authorization without privacy or AuthPriv authorization with privacy The NoAuth setting specifies no login authorization or encrypti...

Страница 123: ...A prompt displays confirming the logout before the applet is closed 4 4 3 Configuring Specific SNMP Traps Use the SNMP Traps screen to enable specific traps on the access point Symbol recommends defi...

Страница 124: ...es unassociated with or gets dropped from one of the access point s WLANs MU denied association Generates a trap when an MU is denied association to a access point WLAN Can be caused when the maximum...

Страница 125: ...the IP address associated with that domain being modified Denial of service DOS attempts Generates a trap whenever a Denial of Service DOS attack is detected by the access point firewall A new trap i...

Страница 126: ...and the access point s radio and associated MU performance SNMP RF Traps are sent when RF traffic exceeds defined limits set in the RF Trap Thresholds field of the SNMP RF Traps screen Thresholds are...

Страница 127: ...Enter a minimum threshold for the average bit speed in Mbps Megabits per second Average Signal Enter a minimum threshold for the average signal strength in dBm for each device Average Retries Set a ma...

Страница 128: ...s clock to 07 04 59 upon reading a time of 07 04 59 from its designated NTP server Time synchronization is recommended for the access point s network operations For sites using Kerberos authentication...

Страница 129: ...g 3 Select the Set Date Time button to display the Manual Date Time Setting screen This screen enables the user to manually enter the access point s system time using a Year Month Day HH MM SS format...

Страница 130: ...d one or more specified NTP servers A preferred first alternate and second alternate NTP server cannot be defined unless this checkbox is selected Disable this option uncheck the checkbox if Kerberos...

Страница 131: ...ss point managed Local Area Network LAN Use the Logging Configuration screen to set the desired logging level standard syslog levels and view or save the current access point system log To configure e...

Страница 132: ...aved in the access point While the AP is in operation log data temporarily resides in memory AP memory is completely cleared each time the AP reboots Logging Level Use the Logging Level drop down menu...

Страница 133: ...erge with the configuration of the target access point The exported file can be edited with any document editor if necessary The export function will always export the encrypted Admin User password Th...

Страница 134: ...1 version access point Similarly a 1 1 baseline configuration file should not be imported to a 1 0 version access point Importing configuration files between different version access point s results i...

Страница 135: ...r must log out of the access point after the operation completes for the changes to take effect Click Yes to continue the operation Click No to cancel the configuration file import Export Configuratio...

Страница 136: ...loads exports to be successful pop up messages must be disabled Upload and Apply A Configuration File Click the Upload and Apply A Configuration File button to upload a configuration file to this acce...

Страница 137: ...t operation done 2 Import operation failed 3 Export operation failed 4 File transfer in progress 5 File transfer failed 6 File transfer done Auto cfg update Error in applying config Auto cfg update Er...

Страница 138: ...are is automatically updated each time firmware versions are found to be different between what is running on the access point and the firmware file located on the server The configuration file is aut...

Страница 139: ...1 If a firmware update is required use the Firmware Update screen to specify a filename and define a file location for updating the firmware CAUTION If downgrading firmware from a 1 1 to a 1 0 versio...

Страница 140: ...the access point s current configuration to have it available after the firmware is updated 2 Select System Configuration Firmware Update from the access point menu tree 3 Configure the DHCP Options...

Страница 141: ...ent between what is running on the access point and the firmware that resides on the server A firmware update will only occur if the access point is reset or when the access point does a DHCP request...

Страница 142: ...one of the following error messages will display FAIL auto fw update check FAIL network activity time out FAIL firmware check FAIL exceed memory limit FAIL authentication FAIL connection time out FAI...

Страница 143: ...tain functionalities may not be available to the user after an upgrade downgrade When downgrading from 1 1 1 1 1 to 1 0 the access point is configured to default values After a downgrade from 1 1 1 1...

Страница 144: ...t upgrades a single download will suffice Using Auto Update the access point will automatically update itself twice when upgrading Upgrading from v1 0 to v1 1 v1 1 1 retains existing settings Symbol r...

Страница 145: ...Settings 5 1 Configuring the LAN Interface The access point has one physical LAN port supporting two unique LAN interfaces The access point LAN port has its own MAC address The LAN port MAC address i...

Страница 146: ...gure the access point LAN interface 1 Select Network Configuration LAN from the access point menu tree 2 Configure the LAN Settings field to enable the access point LAN1 and or LAN2 interface assign a...

Страница 147: ...e 6 5 LAN Name Use the LAN Name field to modify the existing name of LAN1 and LAN2 LAN1 and LAN2 are the default names assigned to the LANs until modified by the user Ethernet Port The Ethernet Port r...

Страница 148: ...ices are connected and disconnected on a regular basis Selecting Auto Negotiate disables the Mbps and duplex checkbox options 100 Mbps Select this option to establish a 100 Mbps data transfer rate for...

Страница 149: ...ten referred to as memberships for individual WLANs Both methods have their advantages and disadvantages Static VLAN membership is perhaps the most widely used method because of the relatively small a...

Страница 150: ...s point and carry traffic for all those VLANs Trunking is a function that must be enabled on both sides of a link 3 Select the VLAN Name button The VLAN name screen displays The first time the screen...

Страница 151: ...AN between the locations An access point managed infrastructure could provide this connectivity but it requires VLAN numbering be managed carefully to avoid conflicts between two VLANs with the same I...

Страница 152: ...LAN1 and LAN2 A trunk port configured with 802 1Q tagging can receive both tagged and untagged traffic By default the access point forwards untagged traffic with the native VLAN configured for the po...

Страница 153: ...porting the sales area then WLAN1 should be mapped to sales if a sales VLAN has been already been created 13 Click Apply to return to the VLAN Name screen Click OK to return to the LAN screen Once at...

Страница 154: ...mation via this LAN1 or LAN2 connection This is recommended if the access point resides within a large corporate network or the Internet Service Provider ISP uses DHCP This setting is enabled for LAN1...

Страница 155: ...the IP address range specified that IP address could still be assigned to another client To avoid this ensure all statically mapped IP addresses are outside of the IP address range assigned to the DHC...

Страница 156: ...ed for re connection after its last use Using very short leases DHCP can dynamically reconfigure networks in which there are more computers than Secondary DNS Server Symbol recommends entering the num...

Страница 157: ...nds for available IP addresses using the DHCP Lease Time Seconds parameter An IP address is reserved for re connection for the length of time you specify The default interval is 86400 seconds 4 Click...

Страница 158: ...ards The Type Filtering feature prevents specific a potentially unneccesary frames from being processed by the access point in order to improve throughput These include certain broadcast frames from d...

Страница 159: ...designate whether the Ethernet Types defined for the LAN are allowed or denied for use by the access point 3 To add an Ethernet type click the Add button The Add Ethernet Type screen displays Use this...

Страница 160: ...hanges to the screens being lost 6 Click Cancel to securely exit the LAN1 or LAN2 Ethernet Type Filter Configuration screen without saving your changes 7 Click Logout to securely exit the access point...

Страница 161: ...figured as DHCP clients Enable WAN Interface Select the Enable WAN Interface checkbox to enable a connection between the access point and a larger network or outside world through the WAN port Disable...

Страница 162: ...address uses a series of four numbers expressed in dot notation for example 190 188 12 1 Subnet Mask Specify a subnet mask for the access point s WAN connection This number is available from the ISP f...

Страница 163: ...he IP address is a numerical non DNS name Refresh Click the Refresh button to update the network address information displayed within the WAN IP Configuration field Auto Negotiation Select the Auto Ne...

Страница 164: ...currently using or deploying this protocol PPPoE is a data link protocol for dialup connections PPPoE allows a host PC to use a broadband modem DSL for access to high speed data networks Username Spe...

Страница 165: ...ins active after outbound and inbound traffic is not detected The Idle Time field is grayed out if Keep Alive is enabled Authentication Type Use the Authentication Type menu to specify the authenticat...

Страница 166: ...side subnets One to many mapping with a configurable range of private side IP addresses Ranges can be specified from each of the private side subnets To configure IP address mappings for the access po...

Страница 167: ...s field This button displays a screen for mapping the LAN IP addresses that are associated with each subnet Define the NAT Type as none when routable IP addresses are used on the internal network Outb...

Страница 168: ...elect 1 to 1 or 1 to Many from the NAT Type drop down menu 3 Click on the Port Forwarding button within the Inbound Mappings area 4 Configure the Port Forwarding screen to modify the following Add Cli...

Страница 169: ...choices are ALL TCP UDP ICMP AH ESP and GRE Start Port and End Port Enter the port or ports used by the port forwarding service To specify a single port enter the port number in the Start Port area T...

Страница 170: ...and hostname must be specified for domain name information to be updated 3 Enter the DynDNS Username for the account you wish to use for the access point 4 Enter the DynDNS Password for the account y...

Страница 171: ...s the functionalities of a wired LAN A WLAN does not require lining up devices for line of sight transmission and are thus desirable Within the WLAN roaming users can be handed off from one access poi...

Страница 172: ...io designation VLAN ID and security policy of existing WLANs WLAN Name The Name field displays the name of each WLAN that has been defined The WLAN names can be modified within individual WLAN configu...

Страница 173: ...5 3 1 Creating Editing Individual WLANs If the WLANs displayed within the Wireless Configuration screen do not satisfy your network requirements you can either create a new WLAN or edit the propertie...

Страница 174: ...tree The Wireless Configuration screen displays 2 Click the Create button to configure a new WLAN or highlight a WLAN and click the Edit button to modify an existing WLAN Either the New WLAN or Edit...

Страница 175: ...ion field as required for the WLAN ESSID Enter the Extended Services Set Identification ESSID associated with the WLAN The WLAN name is auto generated using the ESSID until changed by the user The max...

Страница 176: ...each access point can only support a maximum 127 MUs spanned across its 16 available WLANs If you intend to define numerous WLANs ensure each is using a portion of the 127 available MUs and the sum of...

Страница 177: ...nu to select the security scheme best suited for the new or revised WLAN Click the Create button to jump to the New Security Policy screen where a new policy can be created to suit the needs of the WL...

Страница 178: ...it the access point s ESSID If a hacker tries to find an ESSID via an MU the ESSID does not display since the ESSID is not in the beacon Symbol recommends keeping the option enabled to reduce the like...

Страница 179: ...elect Network Configuration Wireless Security from the access point menu tree The Security Configuration screen appears with existing policies and their attributes displayed Configuring a WLAN securit...

Страница 180: ...defined they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based on MU interoperability requirements Symbol recommends using the New MU ACL Policy or Edit...

Страница 181: ...Management 5 37 2 Click the Create button to configure a new ACL policy or select a policy and click the Edit button to modify an existing ACL policy The access point supports a maximum of 16 MU ACL p...

Страница 182: ...bile Unit Access Control List field to allow or deny MU access to the access point The MU adoption list identifies MUs by their MAC address The MAC address is the MU s unique Media Access Control numb...

Страница 183: ...ine the QoS policies for advanced network traffic management and multimedia applications support If the existing QoS policies are insufficient a new policy can be created or an existing policy can be...

Страница 184: ...a policy and click the Edit button to modify an existing QoS policy The access point supports a maximum of 16 QoS policies NOTE When the access point is first launched a single QoS policy default is...

Страница 185: ...oducts that do not support Wi Fi Multimedia WMM to provide preferred queuing for these VOIP products If the Support Voice Prioritization checkbox is selected the access point will detect non WMM capab...

Страница 186: ...he access point s performance 11ag wifi Use this setting for high end multimedia devices that using the s high rate 802 11a or 802 11g radio 11b wifi Use this setting for high end devices multimedia d...

Страница 187: ...o a smaller increment for higher priority traffic Reduce the value when traffic on the WLAN is anticipated as being smaller CW Max The contention window maximum value is the maximum amount of time the...

Страница 188: ...des a periodic frame exchange between a voice capable MU and the access point during a VoIP call while legacy power management is still utilized for typical data frame exchanges The access point and i...

Страница 189: ...unauthenticated users to a specific page specified by the Hotspot provider User authentication Authenticates users using a Radius server Walled garden support Enables a list of IP address not domain...

Страница 190: ...P Redirection field to specify how the Login Welcome and Fail pages are maintained for this specific WLAN The pages can be hosted locally or remotely Use Default Files Select the Use Default Files che...

Страница 191: ...cted page you need to have a TCP termination locally On receiving the user credentials from the login page the access point connects to a radius server determines the identity of the connected wireles...

Страница 192: ...ternal Web server and the access point s WAN IP address should be entered in the White List Enable Accounting Select the Enable Accounting checkbox to enable a Radius Accounting Server used for Radius...

Страница 193: ...used for the primary server Pri Server IP Define the IP address of the primary Radius server This is the address of your first choice for Radius server Pri Port Enter the TCP IP port number for the s...

Страница 194: ...e is designed so the submit action always posts the login data on the access point To define the White List for a target WLAN 1 Click the White List Entries button from within the WLAN s Hotspot Confi...

Страница 195: ...sing a dual radio access point individual 802 11a and 802 11b g radios can be enabled or disabled using the Radio Configuration screen checkboxes The Radio Configuration screen displays with two tabs...

Страница 196: ...in real time 3 Select the Base Bridge checkbox to allow the access point radio to accept client bridge connections from other access points in client bridge mode The base bridge is the acceptor of me...

Страница 197: ...ttings within the Radio Configuration screen are applied for an initial deployment the current number of base bridges visible to the radio displays within the BBs Visible field and the number of base...

Страница 198: ...dio radio 2 is not affected Radio 2 continues to beacon and associate MUs but MU s can only communicate amongst themselves using the access point Disabled is the default value Uplink Detect When Uplin...

Страница 199: ...below as a sub menu item under the Radio Configuration menu item Use the radio configuration screen to set the radio s placement properties define the radio s threshold and QoS settings set the radio...

Страница 200: ...he country of operation selected for the access point MAC Address The access point like other Ethernet devices has a unique hardware encoded Media Access Control MAC or IEEE address MAC addresses dete...

Страница 201: ...channel for the intended country of operation The drop down menu is not available if this option is not selected Automatic Selection When the access point is booted the access point scans non overlap...

Страница 202: ...ameter does not apply to access point 802 11a radios Set Rates Click the Set Rates button to display a window for selecting minimum and maximum data transmit rates for the radio At least one Basic Rat...

Страница 203: ...The default is 100 Avoid changing this parameter as it can adversely affect performance DTIM Interval The DTIM interval defines how often broadcast frames are delivered for each of the four access po...

Страница 204: ...Click the Set RF QoS button to display the Set RF QOS screen to set QoS parameters for the radio Do not confuse with the QoS configuration screen used for a WLAN The Set RF QoS screen initially appea...

Страница 205: ...Network Management 5 61 6 Select the Advanced Settings tab to strategically map BSSIDs to WLANs in order to define them as primary WLANs...

Страница 206: ...ny changes to the Radio Settings and Advanced Settings screens Navigating away from the screen without clicking Apply results in changes to the screens being lost NOTE If using a single radio access p...

Страница 207: ...t Settings The access point can be configured to grant individual WLAN s network bandwidth priority levels Use the Bandwidth Management screen to control the network bandwidth allotted to WLANs Symbol...

Страница 208: ...from the access point on a first come first served basis This is the default setting Round Robin Each WLAN receives access point services in turn as long the access point has data traffic to forward W...

Страница 209: ...uter s connected routes To access the Router screen 1 Select Network Configuration Router from the access point menu tree 2 Refer to the access point Router Table field to view existing routes NOTE Th...

Страница 210: ...interior gateway protocol that specifies how routers exchange routing table information The Router screen also allows the administrator to select the type of RIP and the type of RIP authentication us...

Страница 211: ...a mature stable and widely supported protocol It is well suited for use in stub networks and in small autonomous systems that do not have enough redundant paths to warrant the overhead of a more sophi...

Страница 212: ...ed specify a password of up to 15 alphanumeric characters in the Password Simple Authentication area None This option disables the RIP authentication Simple This option enable RIP version 2 s simple a...

Страница 213: ...the Key 1 field Key 2 is optional Enter any numeric value between 0 and 256 into the MD5 ID area Enter a string consisting of up to 16 alphanumeric characters in the MD5 Auth Key area 6 Click the OK b...

Страница 214: ...AP 51xx Access Point Product Reference Guide 5 70...

Страница 215: ...teen separate ESSIDs WLANs can be supported on an access point and must be managed if necessary between the 802 11a and 802 11b g radio The user has the capability of configuring separate security pol...

Страница 216: ...page 6 16 To configure a security policy supporting KeyGuard see Configuring KeyGuard Encryption on page 6 18 To define a security policy supporting WPA TKIP see Configuring WPA WPA2 Using TKIP on pa...

Страница 217: ...default IP address in the address field To connect to the access point the IP address is required If connected to the access point using the WAN port the default static IP address is 10 1 1 1 The defa...

Страница 218: ...ptions on page 6 2 to determine which access point security feature to configure next 6 2 1 Resetting the Access Point Password The access point Command Line Interface CLI enables users who forget the...

Страница 219: ...swd default 8 Reset the access point by typing the following at the boot prompt reset system When the access point re boots again the password will return to its default value of symbol You can now ac...

Страница 220: ...policy does not satisfy the data protection requirements of a specific WLAN a new security policy using the authentication and encryption schemes discussed above can be created To enable an existing...

Страница 221: ...EAP button to display the 802 1x EAP Settings field within the New Security Policy screen For specific information on configuring EAP see Configuring 802 1x EAP Authentication on page 6 11 No Encrypt...

Страница 222: ...1 To create a security policy supporting WPA2 CCMP see Configuring WPA2 CCMP 802 11i on page 6 24 7 Click Cancel to return to the target WLAN screen without keeping any of the changes made within the...

Страница 223: ...Kerberos exist they appear within the Security Configuration screen These existing policies can be used as is or their properties edited by clicking the Edit button To configure a new security policy...

Страница 224: ...r A realm name functions similarly to a DNS domain name In theory the realm name is arbitrary However in practice a Kerberos realm is named by uppercasing the DNS domain name that is associated with h...

Страница 225: ...authentication on the access point 1 Select Network Configuration Wireless Security from the access point menu tree If security policies supporting 802 1x EAP exist they appear within the Security Con...

Страница 226: ...licy 5 If using the access point s Internal Radius server leave the Radius Server drop down menu in the default setting of Internal If an external Radius server is used select External from the drop d...

Страница 227: ...listen on ports 1812 and 1813 Port 1645 or 1812 is used for authentication Port 1646 or 1813 is used for accounting The ISP or a network administrator needs to confirm the appropriate primary and sec...

Страница 228: ...MU Timeout Specify the time in seconds for the access point s retransmission of EAP Request packets The default is 10 seconds If this time is exceeded the authetnication session is terminated Retries...

Страница 229: ...iet Period 1 65535 secs Specify an idle time in seconds between MU authentication attempts as required by the authentication server The default is 10 seconds MU Timeout 1 255 secs Define the time in s...

Страница 230: ...standard alone offers administrators no effective method to update keys To configure WEP on the access point 1 Select Network Configuration Wireless Security from the access point menu tree If securit...

Страница 231: ...s point and its MU to encrypt packets between the two devices Pass Key Specify a 4 to 32 character pass key and click the Generate button The pass key can be any alphanumeric string The access point o...

Страница 232: ...finalization of WPA TKIP This encryption implementation is based on the IEEE Wireless Fidelity Wi Fi standard 802 11i WPA2 CCMP not KeyGuard offers the highest level of security among the encryption m...

Страница 233: ...d by clicking the Edit button To configure a new security policy supporting KeyGuard continue to step 2 2 Click the Create button to configure a new policy supporting KeyGuard The New Security Policy...

Страница 234: ...een 8 Click the Cancel button to undo any changes made within the KeyGuard Setting field and return to the WLAN screen This reverts all settings to the last saved configuration Pass Key Specify a 4 to...

Страница 235: ...andard AES instead of TKIP AES supports 128 bit 192 bit and 256 bit keys WPA WPA2 also provide strong user authentication based on 802 1x EAP To configure WPA WPA2 encryption on the access point 1 Sel...

Страница 236: ...atively rotated on every interval specified in the Broadcast Key Rotation Interval Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN This value is disabled by default...

Страница 237: ...character spaces The access point converts the string to a numeric value This passphrase saves the administrator from entering the 256 bit key each time keys are generated 256 bit Key To use a hexade...

Страница 238: ...eys the administrator provides are used to derive other keys Messages are encrypted using a 128 bit secret key and a 128 bit block of data The end result is an encryption scheme as secure as any the a...

Страница 239: ...on every interval specified in the Broadcast Key Rotation Interval Enabling broadcast key rotation enhances the broadcast traffic security on the WLAN This value is disabled by default Update broadca...

Страница 240: ...256 bit key each time keys are generated 256 bit Key To use a hexadecimal value and not an ASCII passphrase select the checkbox and enter 16 hexadecimal characters into each of the four fields display...

Страница 241: ...rmation packets for known types of system attacks Some of the access point s filters are continuously enabled others are configurable Use the access point s Firewall screen to enable or disable the co...

Страница 242: ...This includes firewall filters NAT VP content filtering and subnet access Disabling the access point firewall makes the access point vulnerable to data attacks and is not recommended during normal ope...

Страница 243: ...network while exploiting the use of an intermediate host to gain access to a private host Winnuke Attack Check A Win nuking attack uses the IP address of a destination host to send junk packets to it...

Страница 244: ...et access 1 Select Network Configuration Firewall Subnet Access from the access point menu tree 2 Refer to the Overview table to view rectangles representing subnet associations The three possible col...

Страница 245: ...eny all protocols except Use the drop down menu to select either Allow or Deny The selected setting applies to all protocols except those with enabled checkboxes and any traffic that is added to the t...

Страница 246: ...uses TCP port 21 SMTP Simple Mail Transfer Protocol is a TCP IP protocol for sending and receiving email Due to its limited ability to queue messages at the receiving end SMTP is often used with POP3...

Страница 247: ...top of Internet Protocol IP networks Unlike TCP IP UDP IP provides few error recovery services UDP offers a way to directly connect and then send and receive datagrams over an IP network ICMP Internet...

Страница 248: ...networks across an Internet using globally assigned IP addresses 6 10 2 Configuring Advanced Subnet Access Use the Advanced Subnet Access screen to configure complex access rules and filtering based...

Страница 249: ...annot be undone Inbound or Outbound Select Inbound or Outbound from the drop down menu to specify if a firewall rule is intended for inbound traffic to an interface or outbound traffic from that inter...

Страница 250: ...is decrypted Source IP The Source IP range defines the origin address or address range for the firewall rule To configure the Source IP range click on the field A new window displays for entering the...

Страница 251: ...figuration WAN VPN from the access point menu tree 2 Use the VPN Tunnels field to add or delete a tunnel to the list of available tunnels list tunnel network address information and display key exchan...

Страница 252: ...column lists a remote gateway IP address for each tunnel The numeric remote gateway is the gateway IP address on the remote network the VPN tunnel connects to Ensure the address is the same as the WAN...

Страница 253: ...way address on the remote network the VPN tunnel connects to Default Gateway Displays the WAN interface s default gateway IP address Manual Key Exchange Selecting Manual Key Exchange requires you to m...

Страница 254: ...to protect data flow A transform set specifies one or two IPSec security protocols either AH ESP or both and specifies the algorithms to use for the selected security protocol If you specify an ESP p...

Страница 255: ...ncryption or authentication keys an error message could display stating the keys provided are weak Some WEP attack tools invoke a dictionary to hack WEP keys based on commonly used words To avoid ente...

Страница 256: ...rity check on outbound traffic with the selected authentication algorithm The key must be 32 40 for MD5 SHA1 hexadecimal 0 9 A F characters in length The key value must match the corresponding inbound...

Страница 257: ...length of the key is determined by the selected encryption algorithm The key must match the inbound key at the remote gateway ESP Authentication Algorithm Select the authentication algorithm to use w...

Страница 258: ...the keys To manually specify keys cancel out of the Auto Key Settings screen select the Manual Key Exchange radio button and set the keys within the Manual Key Setting screen To configure auto key se...

Страница 259: ...The Security Association Life Time is the configurable interval used to timeout association requests that exceed the defined interval The available range is from 300 to 65535 seconds The default is 3...

Страница 260: ...ption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel DES Selects the DES algorithm No keys are required to be manually provided 3DES Selects the 3DE...

Страница 261: ...automatically for the parties To configure IKE key settings for the access point 1 Select Network Configuration WAN VPN from the access point menu tree 2 Refer to the VPN Tunnel Config field select th...

Страница 262: ...symbol com UFQDN Select UFQDN if the local ID is a user fully qualified email such as johndoe symbol com Local ID Data Specify the FQDN or UFQDN based on the Local ID type assigned Remote ID Type Sel...

Страница 263: ...thentication mode you must provide a passphrase IKE Encryption Algorithm Select the encryption and authentication algorithms for the VPN tunnel from the drop down menu DES Uses the DES encryption algo...

Страница 264: ...configure a VPN tunnel use the VPN configuration screen in the WAN section of the access point menu tree To view VPN status 1 Select Network Configuration WAN VPN VPN Status from the access point menu...

Страница 265: ...When the tunnel is not in use the status reads NOT_ACTIVE When the tunnel is connected the status reads ACTIVE Outb SPI The Outb SPI column displays the outbound Security Parameter Index SPI for each...

Страница 266: ...Time Use the Life Time column to view the lifetime associated with a particular Security Association SA Each SA has a finite lifetime defined When the lifetime expires the SA can no longer be used to...

Страница 267: ...HTTP is the protocol used to transfer information to and from Web sites HTTP Blocking allows for blocking of specific HTTP commands going outbound on the access point WAN port HTTP blocks commands on...

Страница 268: ...he SMTP sender to the SMTP receiver MAIL Initiates a mail transaction where data is delivered to one or more mailboxes on the local server RCPT Recipient Identifies a recipient of mail data DATA Tells...

Страница 269: ...ined interval the access point waits to search for rogue APs Additionally the access point does not detect rogue APs on illegal channels channels not allowed by the regulatory requirements of the coun...

Страница 270: ...r a rogue AP A longer interval will have less of an impact to the MU s but it will increase the amount of time used to detect rogue APs Therefore the interval should be set according to the perceived...

Страница 271: ...n Select the RF On Channel Detection checkbox to enable the access point to detect rogue APs on its current legal channel setting RF Scan by Detector Radio If the access point supports a dual radio SK...

Страница 272: ...n the Rogue AP Detection screen inadvertently detect and define a device as a rogue AP To move detected rogue APs into a list of allowed APs 1 Select Network Configuration Wireless Rogue AP Detection...

Страница 273: ...e approved AP list permanently 3 Enter a value in minutes in the Rogue APs Age Out Time field to indicate the number of elapsed minutes before an AP will be removed from the rogue AP list and reevalua...

Страница 274: ...to the Active APs screen Navigating away from the screen without clicking Apply results in all changes to the screen being lost 9 Click Undo Changes if necessary to undo any changes made Undo Changes...

Страница 275: ...the device should be defined as an allowed AP ESSID Displays the ESSID of the rogue AP This information could be useful if the ESSID is determined to be non hostile and the device should be defined as...

Страница 276: ...on area can be significantly extended To use associated rogue AP enabled MUs to scan for rogue APs 1 Select Network Configuration Wireless Rogue AP Detection MU Scan from the access point menu tree Th...

Страница 277: ...n the table is truly a rogue device or one inadvertently detected as a rogue AP 3 If necessary highlight an individual MU from within the Scan Result field and click the Add to Allowed AP List button...

Страница 278: ...rmation and user authentication 6 14 1 Configuring the Radius Server The Radius Server screen enables an administrator to define data sources and specify authentication information for the RADIUS Serv...

Страница 279: ...orted EAP Type Use the EAP Type checkboxes to enable the default EAP type s for the RADIUS server Options include PEAP Select the PEAP checkbox to enable both PEAP types GTC and MSCHAP V2 available to...

Страница 280: ...for data verification MD5 takes as input a message of arbitrary length and produces a 128 bit fingerprint The MD5 algorithm is intended for digital signature applications in which a large file must be...

Страница 281: ...use an external LDAP server see Configuring the Radius Server on page 6 64 the LDAP screen is used to configure the properties of the external LDAP server To configure the LDAP server WARNING If you h...

Страница 282: ...values in this screen NOTE The LDAP screen displays with unfamiliar alphanumeric characters if new to LDAP configuration Symbol recommends only qualified administrators change the default values displ...

Страница 283: ...gin attribute used by the LDAP server for authentication In most cases the default value should work Windows Active Directory users must use sAMAccountName as their login attribute to successfully log...

Страница 284: ...ry count and timeout values CAUTION If using a proxy server for Radius authentication the Data Source field within the Radius server screen must be set to Local If set to LDAP the proxy server will no...

Страница 285: ...cal is selected as the Data Source from the Radius Server screen For information on selecting Local as the Data Source see Configuring the Radius Server on page 6 64 To add groups to the User database...

Страница 286: ...roups table 3 To remove a group select the group from the table and click the Del Delete key The Users table displays the entire list of users Up to 100 users can be entered here The users are listed...

Страница 287: ...he logout before the applet is closed 6 14 4 1 Mapping Users to Groups Once users have been created within the Users screen their access privileges need to be configured for inclusion to one some or a...

Страница 288: ...ist on the left and click the Delete button 5 Click the OK button to save your user and group mapping assignments and return to the Users screen 6 14 5 Defining the User Access Policy Refer to the Acc...

Страница 289: ...ys with the name of the user group appearing on the top of the screen and the names of existing WLANs displaying within the screen Each WLAN has a checkbox to the left of it for mapping the WLAN to th...

Страница 290: ...ssary to undo any changes made Undo Changes reverts the settings displayed on the Access Policy screen to the last saved configuration 7 Click Logout to securely exit the access point Symbol Access Po...

Страница 291: ...and 802 11b g radios An advanced radio statistics page is also available to display retry histograms for specific data packet retry information Associated MU stats can be displayed collectively for a...

Страница 292: ...iew real time statistics for monitoring the access point activity through its Wide Area Network WAN port The Information field of the WAN Stats screen displays basic WAN information generated from set...

Страница 293: ...plays no connection information and statistics To enable the WAN connection see Configuring WAN Settings on page 5 16 HW Address The Media Access Control MAC address of the access point WAN port The W...

Страница 294: ...the WAN port The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted RX Bytes RX bytes are bytes of information received over the WA...

Страница 295: ...n a new data collection see Configuring System Settings on page 4 2 TX Bytes TX bytes are bytes of information sent over the WAN connection The displayed number is a cumulative total since the WAN int...

Страница 296: ...Transmitted fields of the screen display statistics for the cumulative packets bytes and errors received and transmitted over the LAN1 or LAN2 port since it was last enabled or the access point was l...

Страница 297: ...e lists the WLANs using this LAN Either LAN1 or LAN2 as their LAN interface RX Packets RX packets are data packets received over the access point LAN port The number is a cumulative total since the LA...

Страница 298: ...access point was last restarted To begin a new data collection see Configuring System Settings on page 4 2 TX Bytes TX bytes are bytes of information sent over the LAN port The displayed number is a...

Страница 299: ...Monitoring Statistics 7 9 6 Click the Logout button to securely exit the access point Symbol Access Point applet There will be a prompt confirming logout before the applet is closed...

Страница 300: ...ge mode exchange configuration messages at regular intervals typically 1 to 4 seconds If a bridge fails neighboring bridges detect a lack of configuration messaging and initiate a spanning tree recalc...

Страница 301: ...ot path cost represents the distance cost from the sending bridge to the root bridge Bridge Max Msg Age The Max Msg Age measures the age of received protocol information recorded for a port and to ens...

Страница 302: ...guration message was sent State Displays whether a bridge is forwarding traffic to other members of the mesh network over this port or blocking traffic Each viable member of the mesh network must forw...

Страница 303: ...on the access point For information on enabling a WLAN see Enabling Wireless LANs WLANs on page 5 27 MUs Displays the total number of MUs currently associated with each enabled WLAN Use this informat...

Страница 304: ...r the WLAN stats if currently in an important data gathering activity or risk losing all data calculations to that point Total pkts per second Displays the average number of RF packets sent per second...

Страница 305: ...RF traffic and throughput The RF Status field displays information on RF signal averages from the associated MUs The Error field displays RF traffic errors based on retries dropped packets and undecr...

Страница 306: ...mber of MUs currently associated with the WLAN If this number seems excessive consider segregating MU s to other WLANs if appropriate Pkts per second The Total column displays the average total packet...

Страница 307: ...ckets for the last hour Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the selected WLAN The number in black represents this statistic for the last 30 seconds...

Страница 308: ...can be displayed as well by selecting a specific radio from within the access point menu tree To view high level access point radio statistics 1 Select Status and Statistics Radio Stats from the acce...

Страница 309: ...on page 5 51 MUs Displays the total number of MUs currently associated with each access point radio T put Displays the total throughput in Megabits per second Mbps for each access point radio listed...

Страница 310: ...rmation field displays device address and location information as well as channel and power information The Traffic field displays statistics for cumulative packets bytes and errors received and trans...

Страница 311: ...e factory and can be found on the bottom of the access point For more information on how access point MAC addresses are assigned see AP 51xx MAC Address Assignment on page 1 24 Radio Type Displays the...

Страница 312: ...The Total column displays average throughput on the radio TheRx column displays average throughput in Mbps for packets received The Tx column displays average throughput for packets transmitted The n...

Страница 313: ...he last 30 seconds and the number in blue represents MU noise for the last hour If MU noise is excessive consider moving the MU closer to the access point or in area with less conflicting network traf...

Страница 314: ...ts screen to assess overall radio performance To display a Retry Histogram screen for an access point radio 1 Select Status and Statistics Radio Stats Radio1 802 11b g Stats Retry Histogram from the a...

Страница 315: ...cess point Symbol Access Point applet A prompt displays confirming the logout before the applet is closed 7 5 Viewing MU Statistics Summary Use the MU Stats Summary screen to display overview statisti...

Страница 316: ...sociated MU WLAN Displays the WLAN name each MU is interoperating with Radio Displays the name of the 802 11a or 802 11b g radio each MU is associated with T put Displays the total throughput in Megab...

Страница 317: ...ss point Symbol Access Point applet A prompt displays confirming the logout before the applet is closed 7 5 1 Viewing MU Details Use the MU Details screen to display throughput signal strength and tra...

Страница 318: ...g with the AP frequently and for periods of time of two hours HW Address Displays the Media Access Control MAC address for the MU Radio Association Displays the name of the AP MU is currently associat...

Страница 319: ...ta rate of the AP if the current bit speed does not meet network requirements For more information see Configuring the 802 11a or 802 11b g Radio on page 5 55 The associated MU must also be set to the...

Страница 320: ...n for the selected MU The number in black represents the percentage of packets for the last 30 seconds and the number in blue represents the percentage of packets for the last hour of Undecryptable Pk...

Страница 321: ...the Echo Test screen and return to the MU Stats Summary screen 7 5 3 MU Authentication Statistics The access point can access and display authentication statistics for individual MUs To view access p...

Страница 322: ...s used to create a list of known wireless bridges To view detected mesh network statistics 1 Select Status and Statistics Mesh Stats from the access point menu tree The Mesh Statistics Summary screen...

Страница 323: ...rsion etc This information is used to create a known AP list The list has field indicating the properties of the access point discovered To view detected access point statistics 1 Select Status and St...

Страница 324: ...information IP Address The network assigned Internet Protocol address of the located AP MAC Address The unique 48 bit hard coded Media Access Control address known as the devices station identifier T...

Страница 325: ...information to determine whether this AP provides better MU association support than the locating access point or warrants consideration as a member of a different mesh network 4 Click the Ping butto...

Страница 326: ...is highlighted and the Start Flash button is selected the LEDs on the selected access point flash When the Stop Flash button is selected the LEDs on the selected access point go back to normal operat...

Страница 327: ...I 8 1 1 Accessing the CLI through the Serial Port To connect to the access point CLI through the serial port 1 Connect one end of a null modem serial cable to the access point s serial connector 2 Att...

Страница 328: ...LI via Telnet To connect to the access point CLI through a Telnet connection 1 If this is your first time connecting to your access point keep in mind the access point uses a static IP WAN address 10...

Страница 329: ...this command are shown below Syntax help Displays general user interface help passwd Changes the admin password summary Shows a system summary network Goes to the network submenu system Goes to the sy...

Страница 330: ...gument is treated as an argument Eg admin network lan set lan enable Here is an invalid extra argument because it is after the argument enable ctrl q go backwards in command history ctrl p go forwards...

Страница 331: ...nformation on configuring passwords using the applet GUI see Setting Passwords on page 6 3 passwd Changes the admin password for access point access This requires typing the old admin password and ent...

Страница 332: ...S Ploicy Default LAN1 Name LAN1 LAN1 Mode enable LAN1 IP 0 0 0 0 LAN1 Mask 0 0 0 0 LAN1 Mask client LAN2 Name LAN2 LAN2 Mode enable LAN2 IP 192 235 1 1 LAN2 Mask 255 255 255 0 LAN2 Mask client WAN Int...

Страница 333: ...admin Description Displays the parent menu of the current menu This command appears in all of the submenus under admin In each case it has the same function to move up one level in the directory struc...

Страница 334: ...x admin Description Displays the root menu that is the top level CLI menu This command appears in all of the submenus under admin In each case it has the same function to move up to the top level in t...

Страница 335: ...d appears in all of the submenus under admin In each case it has the same function to save the current configuration Syntax Example admin save admin save Saves configuration settings The save command...

Страница 336: ...on Exits the command line interface session and terminates the session The quit command appears in all of the submenus under admin In each case it has the same function to exit out of the CLI Once the...

Страница 337: ...mmand are shown below lan Goes to the LAN submenu wan Goes to the WAN submenu wireless Goes to the Wireless Configuration submenu firewall Goes to the firewall submenu router Goes to the router submen...

Страница 338: ...ons using the applet GUI see Configuring the LAN Interface on page 5 1 show Shows current access point LAN parameters set Sets LAN parameters bridge Goes to the mesh configuration submenu wlan mapping...

Страница 339: ...able Speed 100M Duplex full LAN1 Information LAN Name LAN1 LAN Interface enable 802 11q Trunking disable LAN IP mode DHCP client IP Address 192 168 0 1 Network Mask 255 255 255 255 Default Gateway 192...

Страница 340: ...Mask 255 255 255 255 Default Gateway 192 168 1 1 Domain Name Primary DNS Server 192 168 0 2 Secondary DNS Server 192 168 0 3 WINS Server 192 168 0 255 admin network lan For information on displaying L...

Страница 341: ...Sets the interval in seconds the access point uses to terminate its LAN interface if no activity is detected for the specified interval trunking mode Enables or disables 802 11q Trunking over the acce...

Страница 342: ...int Product Reference Guide 8 16 Related Commands For information on configuring the LAN using the applet GUI see Configuring the LAN Interface on page 5 1 show Shows the current settings for the acce...

Страница 343: ...ccess point s mesh networking options using the applet GUI see Configuring Mesh Networking on page 9 1 show Displays the mesh configuration parameters for the access point s LANs set Sets the mesh con...

Страница 344: ...lo Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 LAN2 Bridge Configuration Bridge Priority 32768 Hello Time seconds 2 Message Age Time seconds...

Страница 345: ...ut Time seconds 300 LAN2 Mesh Configuration Bridge Priority 32768 Hello Time seconds 2 Message Age Time seconds 20 Forward Delay Time seconds 15 Entry Ageout Time seconds 300 For an overview of the ac...

Страница 346: ...upport on page 5 5 show Displays the VLAN list currently defined for the access point set Sets the access point VLAN configuration create Creates a new access point VLAN edit Edits the properties of a...

Страница 347: ...ID VLAN Name 1 1 VLAN_1 2 2 VLAN_2 3 3 VLAN_3 4 4 VLAN_4 admin network lan wlan mapping show vlan cfg Management VLAN Tag 1 Native VLAN Tag 2 WLAN WLAN1 mapped to VLAN VLAN 2 VLAN Mode static admin n...

Страница 348: ...e 8 22 admin network lan wlan mapping show wlan WLAN1 WLAN Name WLAN1 ESSID 101 Radio VLAN Security Policy Default QoS Policy Default For information on displaying the VLAN screens using the applet GU...

Страница 349: ...network lan wlan mapping set mode 1 static admin network lan wlan mapping show vlan cfg Management VLAN Tag 1 Native VLAN Tag 2 WLAN WLAN1 mapped to VLAN VLAN 2 VLAN Mode static For information on con...

Страница 350: ...r the access point Syntax Example admin network lan wlan mapping admin network lan wlan mapping create 5 vlan 5 For information on creating VLANs using the applet GUI see Configuring VLAN Support on p...

Страница 351: ...Description Modifies a VLAN s name and ID Syntax For information on editing VLANs using the applet GUI see Configuring VLAN Support on page 5 5 edit name name Modifies an exisiting VLAN name 1 31 cha...

Страница 352: ...n network lan wlan mapping delete Description Deletes a specific VLAN or all VLANs Syntax For information on deleting VLANs using the applet GUI see Configuring VLAN Support on page 5 5 delete VLANid...

Страница 353: ...on Maps an access point VLAN to a WLAN Syntax admin network lan wlan mapping lan map wlan1 lan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 5 5 lan map w...

Страница 354: ...ription Maps an access point VLAN to a WLAN Syntax admin network lan wlan mapping vlan map wlan1 vlan1 For information on mapping VLANs using the applet GUI see Configuring VLAN Support on page 5 5 vl...

Страница 355: ...e items available are displayed below show Displays DHCP parameters set Sets DHCP parameters add Adds static DHCP address assignments delete Deletes static DHCP address assignments list Lists static D...

Страница 356: ...ting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 LAN2 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lea...

Страница 357: ...dhcp show LAN1 DHCP Information DHCP Address Assignment Range Starting IP Address 192 168 0 100 Ending IP Address 192 168 0 254 Lease Time 86400 For information on configuring DHCP using the applet G...

Страница 358: ...dmin network lan dhcp add 1 00A0F1112234 192 169 24 7 admin network lan dhcp list 1 Index MAC Address IP Address 1 00A0F8112233 192 160 24 6 2 00A0F8112234 192 169 24 7 For information on adding clien...

Страница 359: ...192 169 24 7 admin network lan dhcp delete 1 index mac address ip address 1 00A0F8102030 10 10 1 2 2 00A0F8112234 10 1 2 3 3 00A0F8112235 192 160 24 6 4 00A0F8112236 192 169 24 7 admin network lan dhc...

Страница 360: ...ddress IP Address 1 00A0F8112233 10 1 2 4 2 00A0F8102030 10 10 1 2 3 00A0F8112234 10 1 2 3 4 00A0F8112235 192 160 24 6 5 00A0F8112236 192 169 24 7 admin network lan dhcp For information on listing cli...

Страница 361: ...ilter submenu The items available under this command include e show Displays the current Ethernet Type exception list set Defines Ethernet Type Filter parameters add Adds an Ethernet Type Filter entry...

Страница 362: ...e Filter configuration Syntax Example admin network lan type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 For information on displaying the type filter configuration using...

Страница 363: ...nfiguration Syntax Example admin network lan type filter set mode 1 allow For information on configuring the type filter settings using the applet GUI see Setting the Type Filter Configuration on page...

Страница 364: ...ork wireless type filter add 2 0806 admin network wireless type filter show 1 Ethernet Type Filter mode allow index ethernet type 1 8137 2 0806 3 0800 4 8782 For information on configuring the type fi...

Страница 365: ...t Type Filter mode allow index ethernet type 1 0806 2 0800 3 8782 admin network lan type filter delete 2 all admin network lan type filter show 2 Ethernet Type Filter mode allow index ethernet type Fo...

Страница 366: ...configuration and the access point s current PPPoE configuration set Defines the access point s WAN and PPPoE configuration nat Displays the NAT submenu wherein Network Address Translations NAT can b...

Страница 367: ...ation disable Speed 100M Duplex full WAN IP 2 disable WAN IP 3 disable WAN IP 4 disable WAN IP 5 disable WAN IP 6 disable WAN IP 7 disable WAN IP 8 disable PPPoE Mode enable PPPoE User Name JohnDoe PP...

Страница 368: ...set wan enable disable Enables or disables the access point WAN port dhcp enable disable Enables or disables WAN DHCP Client mode ipadr idx a b c d Sets up to 8 using indx from 1 to 8 IP addresses a b...

Страница 369: ...figuration options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 21 show Displays the access point s current NAT parameters for the specified index...

Страница 370: ...7 235 91 2 NAT Type 1 to many One to many nat mapping LAN1 LAN2 Inbound Mappings Port Forwarding unspecified port forwarding mode enable unspecified port fwd ip address 111 223 222 1 admin network wan...

Страница 371: ...g mode enable unspecified port fwd ip address 111 223 222 1 For an overview of the NAT options available using the applet GUI see Configuring Network Address Translation NAT Settings on page 5 21 set...

Страница 372: ...see Configuring Network Address Translation NAT Settings on page 5 21 add idx name tran port1 port2 ip dst_port Sets an inbound network address translation NAT for WAN address idx where name is the na...

Страница 373: ...admin network wan nat list 1 index name prot start port end port internal ip translation port Related Commands For an overview of the NAT options available using the applet GUI see Configuring Networ...

Страница 374: ...port start port end port internal ip translation port 1 special tcp 20 21 192 168 42 16 21 Related Commands 1 For an overview of the NAT options available using the applet GUI see Configuring Network...

Страница 375: ...the applet GUI see Configuring VPN Tunnels on page 6 36 add Adds VPN tunnel entries set Sets key exchange parameters delete Deletes VPN tunnel entries list Lists VPN tunnel entries reset Resets all VP...

Страница 376: ...Manual proper SPI values and Keys must be configured after adding the tunnel admin network wan vpn For information on configuring VPN using the applet GUI see Configuring VPN Tunnels on page 6 36 add...

Страница 377: ...include DES 3DES AES128 AES192 or AES256 esp enckey name dir enckey Sets the Manual Encryption Key in ASCII for tunnel name and direction IN or OUT to the key enc key The size of the key depends on th...

Страница 378: ...a name idtype Sets the Local ID data for IKE authentication for name to idtype This value is not required when the ID type is set to IP remiddata name idtype Sets the Local ID data for IKE authenticat...

Страница 379: ...8 33 1 192 168 24 198 SJSharkey Manual 206 107 22 45 27 206 107 22 2 209 235 12 55 admin network wan vpn delete Eng2EngAnnex admin network wan vpn list Tunnel Name Type Remote IP Mask Remote Gateway L...

Страница 380: ...tail listing of VPN entry Name SJSharkey Local Subnet 1 Tunnel Type Manual Remote IP 206 107 22 45 Remote IP Mask 255 255 255 224 Remote Security Gateway 206 107 22 2 Local Security Gateway 209 239 16...

Страница 381: ...set Description Resets all of the access point s VPN tunnels Syntax Example admin network wan vpn reset VPN tunnels reset admin network wan vpn For information on configuring VPN using the applet GUI...

Страница 382: ...s for all active tunnels Syntax Example admin network wan vpn stats Tunnel Name Status SPI OUT IN Life Time Bytes Tx Rx Eng2EngAnnex Not Active SJSharkey Not Active For information on displaying VPN i...

Страница 383: ...est IP Remaining Life Eng2EngAnnex Not Connected SJSharkey Not Connected admin network wan vpn For information on configuring IKE using the applet GUI see Configuring IKE Key Settings on page 6 46 ike...

Страница 384: ...ems available under this command include For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 25 set Sets Dynamic DNS parameters update Sets...

Страница 385: ...wan dyndns set host greengiant For an overview of the Dynamic DNS options available using the applet GUI see Configuring Dynamic DNS on page 5 25 set mode enable disable Enables or disbales the Dynami...

Страница 386: ...ent WAN IP address with the DynDNS service Syntax Example admin network wan dyndns update IP Address 157 235 91 231 Hostname greengiant For an overview of the Dynamic DNS options available using the a...

Страница 387: ...an dyndns show DynDNS Configuration Mode 157 235 91 231 Username percival Password Hostname greengiant DynDNS Update Response IP Address 157 235 91 231 Hostname greengiant Status OK For an overview of...

Страница 388: ...trol List ACL submenu to restrict or allow MU access to access point WLANs radio Displays the radio configuration submenu used to specify how the 802 11a or 802 11b g radio is used with specific WLANs...

Страница 389: ...ess configuration options available to the using the applet GUI see Enabling Wireless LANs WLANs on page 5 27 show Displays the access point s current WLAN configuration create Defines the parameters...

Страница 390: ...Radio available 802 11b g Radio not available Client Bridge Mesh Backhaul available Hotspot not available Maximum MUs 127 Security Policy Default MU Access Control Default Kerberos User Name 101 Kerb...

Страница 391: ...o the access point 802 11b g radio mesh mode Enables or disables the Client Bridge Mesh Backhaul option hotspot mode Enables or disables the Hotspot mode max mu number Defines the maximum number of MU...

Страница 392: ...Floor admin network wireless wlan create show acl ACL Policy Name Associated WLANs 1 Default Front Lobby 2 Admin 3rd Floor 3 Demo Room 5th Floor admin network wireless wlan create show qos QOS Policy...

Страница 393: ...g a WLAN using the applet GUI see Creating Editing Individual WLANs on page 5 29 edit index Edits the properties of an existing WLAN policy show Displays the WLANs pamaters and summary set Edits the s...

Страница 394: ...etwork wireless wlan delete Description Deletes an existing WLAN Syntax For information on deleting a WLAN using the applet GUI see Creating Editing Individual WLANs on page 5 29 delete wlan name Dele...

Страница 395: ...nfiguring the Hotspot options available to the using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 show Show hotspot parameters redirection Goes to the hotspot redirection menu radi...

Страница 396: ...1 21 Primary Server Port 1812 Primary Server Secret Secondary Server Ip adr 157 235 32 12 Secondary Server Port 1812 Secondary Server Secret Accounting Mode disable Accounting Server Ip adr 0 0 0 0 Ac...

Страница 397: ...ring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 redirection set page loc Sets the hotspot http re direction by index 1 16...

Страница 398: ...ax For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 set Sets the Radius hotspot configuration sho...

Страница 399: ...ptions available to the access ointusing the applet GUI see Configuring WLAN Hotspot Support on page 5 45 set server idx srvr_type ipadr Sets the Radius hotpost server IP address per wlan index 1 16 p...

Страница 400: ...condary Server Ip adr 0 0 0 0 Secondary Server Port 1812 Primary Server Secret Accounting Mode enable Accounting Server Ip adr 157 235 15 16 Accounting Server Port 1812 Accounting Server Secret Accoun...

Страница 401: ...57 235 21 21 For information on configuring the Hotspot options available to the access point using the applet GUI see Configuring WLAN Hotspot Support on page 5 45 white list add rule Adds hotspot wh...

Страница 402: ...e security configuration options available to the access point using the applet GUI see Configuring Security Options on page 6 2 show Displays the access point s current security configuration create...

Страница 403: ...d Floor 3 Open Manual no encrypt 1st Floor admin network wireless security show policy 1 Policy Name Default Authentication Manual Pre shared key No Authentication Encryption type no encryption Relate...

Страница 404: ...AP 51xx Access Point Product Reference Guide 8 78 AP51xx admin network wireless security create Description Defines the parameter of access point security policies...

Страница 405: ...ros server sidx 1 primary 2 backup or 3 remote to KDC IP address port sidx port Sets the Kerberos port to port KDC port for server ksidx 1 primary 2 backup or 3 remote Note EAP parameters are only in...

Страница 406: ...g server IP address adv mu quiet time Set the EAP MU supplicant quiet period to time seconds 1 65535 mu timeout timeout Sets the EAP MU supplicant timeout in seconds 1 255 mu tx time Sets the EAP MU s...

Страница 407: ...ables or disabled the broadcast key interval time Sets the broadcast key rotation interval to time in seconds 300 604800 allow wpa2 tkip mode Enables or disables the interoperation with wpa2 tkip clie...

Страница 408: ...ailable to the access point using the applet GUI see Configuring Security Options on page 6 2 mixed mode mode Enables or disables mixed mode allowing WPA TKIP clients preauth mode Enables or disables...

Страница 409: ...Authentication Manual Pre shared key No Authentication Encryption type no encryption For information on configuring the encryption and authentication options available to the access point using the a...

Страница 410: ...ecurity policy Syntax For information on configuring the encryption and authentication options available to the access point using the applet GUI see Configuring Security Options on page 6 2 delete se...

Страница 411: ...ontrol List ACL submenu The items available under this command include show Displays the access point s current ACL configuration create Creates an MU ACL policy edit Edits the properties of an existi...

Страница 412: ...Lobby 2 Admin Administration 3 Demo Room Customers admin network wireless acl show policy 1 Policy Name Front Lobby Policy Mode allow index start mac end mac 1 00A0F8348787 00A0F8348798 For informatio...

Страница 413: ...te add policy For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 36 create show acl name Display...

Страница 414: ...access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 36 show Displays MU ACL policy and its parameters set Modifies the properties of an existing MU ACL policy ad...

Страница 415: ...cription Removes an MU ACL policy Syntax For information on configuring the ACL options available to the access point using the applet GUI see Configuring a WLAN Access Control List ACL on page 5 36 d...

Страница 416: ...Radio submenu The items available under this command include e show Summarizes access point radio parameters at a high level set Defines the access point radio configuration radio1 Displays the 802 11...

Страница 417: ...P Clients 6 Client Bridge Mode disable Clitn Bridge WLAN WLAN1 Mesh Connection Timeout enable Radio 2 Name Radio 2 Radio Mode enable RF Band of Operation 802 11a 5 GHz Wireless AP Configuration Base B...

Страница 418: ...ode enable RF Band of Operation 802 11b g 2 4 GHz Wireless AP Configuration Base Bridge Mode enable Max Wireless AP Clients 11 Client Bridge Mode disable Clitn Bridge WLAN WLAN1 Mesh Connection Timeou...

Страница 419: ...Configuration options available to the access point using the applet GUI see Setting the WLAN s Radio Configuration on page 5 51 show Displays 802 11b g radio settings set Defines specific 802 11b g r...

Страница 420: ...5920 Radio Type 802 11b g ERP Protection Off Channel Setting user selection Antenna Diversity full Power Level 5 dbm 4 mW 802 11b g mode B Only Basic Rates 1 2 5 5 11 Supported Rates 1 2 5 5 11 Beacon...

Страница 421: ...Voice 3 7 1 47 1 504 For information on configuring the Radio 1 Configuration options available to the access point using the applet GUI see Configuring the 802 11a or 802 11b g Radio on page 5 55 CAU...

Страница 422: ...ble to the access point using the applet GUI see Configuring the 802 11a or 802 11b g Radio on page 5 55 set placement Defines the access point radio placement as indoors or outdoors ch mode Determine...

Страница 423: ...anced submenu for the 802 11b g radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11b g radio set Defines advanced parameters for the 802 11...

Страница 424: ...configuration is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11bg advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio 11...

Страница 425: ...bg advanced set wlan demoroom 1 admin network wireless radio 802 11bg advanced set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the access point using the a...

Страница 426: ...he items available under this command include Syntax show Displays 802 11a radio settings set Defines specific 802 11a radio parameters advanced Displays the Advanced radio settings submenu mesh Goes...

Страница 427: ...ndoor MAC Address 00A0F8715920 Radio Type 802 11a Channel Setting user selection Antenna Diversity full Power Level 5 dbm 4 mW Basic Rates 6 12 24 Supported Rates 6 9 12 18 24 36 48 54 Beacon Interval...

Страница 428: ...t Access Category CWMin CWMax AIFSN TXOPs 32 sec TXOPs ms Background 15 1023 7 0 0 000 Best Effort 15 63 3 31 0 992 Video 7 15 1 94 3 008 Voice 3 7 1 47 1 504 For information on configuring Radio 2 Co...

Страница 429: ...work wireless radio 802 11bg set qos param set 11a default For information on configuring the Radio 2 Configuration options available to the access point using the applet GUI see Configuring the 802 1...

Страница 430: ...s the advanced submenu for the 802 11a radio The items available under this command include Syntax show Displays advanced radio settings for the 802 11a radio set Defines advanced parameters for the 8...

Страница 431: ...configuration is ok Office 3 Open good configuration is ok BSSID Primary WLAN 1 Lobby 2 HR 3 Office admin network wireless radio 802 11bg advanced show wlan WLAN 1 WLAN name WLAN1 ESS ID 101 Radio VLA...

Страница 432: ...802 11a advanced set wlan demoroom 1 admin network wireless radio 802 11a advanced set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access point using t...

Страница 433: ...of Service QoS submenu The items available under this command include e show Displays access point QoS policy information create Defines the parameters of the QoS policy edit Edits the settings of an...

Страница 434: ...Vidio Dept admin network wireless qos show policy 1 Policy Name IP Phones Support Legacy Voice Mode disable Multicast Mask Address 1 01005E000000 Multicast Mask Address 2 09000E000000 WMM QOS Mode di...

Страница 435: ...ed with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi 11g voice 11...

Страница 436: ...data type used with the qos policy and mesh network When set to a value other then manual editing the access category values is not necessary Options include 11g default 11b default 11g wifi 11b wifi...

Страница 437: ...ription Removes a QoS policy Syntax For information on configuring the WLAN QoS options available to the access point using the applet GUI see Setting the WLAN Quality of Service QoS Policy on page 5...

Страница 438: ...access point Bandwidth Management submenu The items available under this command include e show Displays Bandwidth Management information for how data is processed by the access point set Defines Ban...

Страница 439: ...ntax Example admin network wireless bandwidth show Bandwidth Share Mode First In First Out For information on configuring the Bandwidth Management options available to the access point using the apple...

Страница 440: ...ng the Bandwidth Management options available to the access point using the applet GUI see Configuring Bandwidth Management Settings on page 5 63 set mode bw mode Defines bandwidth share mode of First...

Страница 441: ...splays the current access point Rogue AP detection configuration set Defines the Rogue AP detection method mu scan Goes to the Rogue AP mu uscan submenu allowed list Goes to the Rogue AP Allowed List...

Страница 442: ...e ap show MU Scan disable MU Scan Interval 60 minutes On Channel disable Detector Radio Scan enable Auto Authorize Symbol APs disable Approved APs age out 0 minutes Rogue APs age out 0 minutes For inf...

Страница 443: ...able Detector Radio Scan disable Detector Radio Band none Auto Authorize Symbol APs enable Approved AP age out 10 minutes Rogue AP age out 10 minutes For information on configuring the Rogue AP option...

Страница 444: ...less rogue ap mu scan Description Displays the Rogue AP mu scan submenu Syntax show Displays all APs located by the MU scan start Initiates scan immediately by the MU Goes to the parent menu Goes to t...

Страница 445: ...rt Description Initiates an MU scan from a user provided MAC address Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue...

Страница 446: ...less rogue ap mu scan show Description Displays the results of an MU scan Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring...

Страница 447: ...lays the Rogue AP allowed list submenu show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list delete Deletes an entry or all entries from the allowed list Goe...

Страница 448: ...List Syntax Example admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing For information on configuring the Rogue...

Страница 449: ...00A0F83161BB 103 admin network wireless rogue ap allowed list show index ap essid 1 00 A0 F8 71 59 20 2 00 A0 F8 33 44 55 101 3 00 A0 F8 40 20 01 Marketing 4 00 A0 F8 31 61 BB 103 For information on c...

Страница 450: ...iption Deletes an AP MAC address and ESSID to existing allowed list Syntax For information on configuring the Rogue AP options available to the access point using the applet GUI see Configuring Rogue...

Страница 451: ...command include show Displays the access point s current firewall configuration set Defines the access point s firewall parameters access Enables disables firewall permissions through the LAN and WAN...

Страница 452: ...k filter enable syn flood attack filter enable unaligned ip timestamp filter enable source routing attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood...

Страница 453: ...attack filter enable winnuke attack filter enable seq num prediction attack filter enable mime flood attack filter enable max mime header length 8192 max mime headers 16 set mode mode Enables or disa...

Страница 454: ...n wan HTTP tcp 80 80 2 lan wan abc udp 0 0 3 lan wan 123456 ah 1440 2048 4 lan wan 654321 tcp 2048 2048 5 lan wan abc ah 100 1000 For information on configuring the Firewall options available to the a...

Страница 455: ...4 2 2 2 2 all 1 1 0 0 0 0 deny 255 0 0 0 255 0 0 0 65535 65535 nat port 33 2 33 3 0 0 10 10 1 1 tcp 1 1 11 11 1 0 allow 255 255 255 0 255 255 255 0 65535 65535 nat port 0 For information on configuri...

Страница 456: ...bmenu The items available under this command are show Displays the existing access point router configuration set Sets the RIP parameters add Adds user defined routes delete Deletes user defined route...

Страница 457: ...etric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 4 192 168 24 0 255 255 255 0 0 0 0 0 wan 0 5 157 235 19 5 255 255...

Страница 458: ...ng the Router options available to the access point using the applet GUI see Configuring Router Settings on page 5 65 set auth Sets the RIP authentication type dir Sets RIP direction id Sets MD5 authe...

Страница 459: ...tination netmask gateway interface metric 1 192 168 3 0 255 255 255 0 192 168 2 1 lan1 1 For information on configuring the Router options available to the access point using the applet GUI see Config...

Страница 460: ...2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan2 0 admin network router delete 2 admin network router list index destination netmask gateway interface metric 1 192 168 2 0 255 255 255 0 0 0 0 0 lan1 0 2 1...

Страница 461: ...nation netmask gateway interface metric 1 192 168 2 0 255 255 255 0 192 168 0 1 lan1 1 2 192 168 1 0 255 255 255 0 0 0 0 0 lan2 0 3 192 168 0 0 255 255 255 0 0 0 0 0 lan1 0 For information on configur...

Страница 462: ...rmation lastpw Displays last debug password exec Goes to a Linux command menu arp Dispalys the access point s arp table access Goes to the access point access submenu where access point access methods...

Страница 463: ...fore resetting Are you sure you want to restart the access point yes no access point Boot Firmware Version 1 1 0 0 xxx Copyright c Symbol Technologies Inc 2006 All rights reserved Press escape key to...

Страница 464: ...e BldgC system location Atlanta Field Office admin email address johndoe mycompany com system uptime 0 days 4 hours 41 minutes access point firmware version 1 1 0 0 30D country code us serial number 0...

Страница 465: ...t GUI see Configuring System Settings on page 4 2 Refer to Appendix A for information on the two character country codes set name name Sets the access point system name to name 1 to 59 characters The...

Страница 466: ...for field service use only and should not be used by unqualified personnel Example admin system debug Debug Password access point MAC Address is 00 A0 F8 71 6A 74 Last Password was symbol12 AP51xx adm...

Страница 467: ...14 61 A8 C ixp1 157 235 92 179 ether 00 14 22 F3 D7 39 C ixp1 157 235 92 248 ether 00 11 25 B2 09 60 C ixp1 157 235 92 180 ether 00 0D 60 D0 06 90 C ixp1 157 235 92 3 ether 00 D0 2B A0 D4 FC C ixp1 1...

Страница 468: ...ion Displays the access point access submenu show Displays access point system access capabilities set Goes to the access point system access submenu Goes to the parent menu Goes to the root menu save...

Страница 469: ...s parameters ssh Sets the CLI SSH access parameters auth timout seconds Disables the radio interface if no data activity is detected after the interval defined Default is 120 seconds inactive timeout...

Страница 470: ...e enable cli telnet access enable enable enable cli ssh access enable enable enable snmp access enable enable enable http s timeout 0 ssh server authetnication timeout 120 ssh server inactivity timeou...

Страница 471: ...Certificate signed by CA listself Lists the self certificate loaded loadca Loads trusted certificate from CA delca Deletes the trusted certificate listca Lists the trusted certificate loaded showreq...

Страница 472: ...ABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG C1f Bj8AszttSo bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX d6 Q1SMbs tG4RP0lRSr iWDyuvwx END CERTIFICATE REQUEST For information on configuring certificate management setti...

Страница 473: ...ion Deletes a self certificate Syntax Example admin system cmgr delself MyCert2 For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessi...

Страница 474: ...tion Loads a self certificate signed by the Certificate Authority Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the...

Страница 475: ...r listself Description Lists the loaded self certificates Syntax For information on configuring self certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on p...

Страница 476: ...Description Loads a trusted certificate from the Certificate Authority Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10 loadc...

Страница 477: ...P51xx admin system cmgr delca Description Deletes a trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10 delc...

Страница 478: ...AP51xx admin system cmgr listca Description Lists the loaded trusted certificate Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page...

Страница 479: ...escription Displays a certificate request in PEM format Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10 showreq IDname Displ...

Страница 480: ...dmin system cmgr delprivkey Description Deletes a private key Syntax For information on configuring certificate settings using the applet GUI see Creating Self Certificates for Accessing the VPN on pa...

Страница 481: ...AP51xx admin system cmgr listprivkey Description Lists the names of private keys Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page...

Страница 482: ...x admin system cmgr expcert Description Exports the certificaqte file Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10 expcer...

Страница 483: ...x admin system cmgr impcert Description Imports the target certificate file Syntax For information on configuring certificate settings using the applet GUI see Importing a CA Certificate on page 4 10...

Страница 484: ...system snmp Description Displays the SNMP submenu The items available under this command are shown below access Goes to the SNMP access submenu traps Goes to the SNMP traps submenu Goes to the parent...

Страница 485: ...Displays the SNMP Access menu The items available under this command are shown below show Shows SNMP v3 engine ID add Adds SNMP access entries delete Deletes SNMP access entries list Lists SNMP access...

Страница 486: ...e SNMP v3 engine ID Syntax Example admin system snmp access show eid access point snmp v3 engine id 000001846B8B4567F871AC68 admin system snmp access For information on configuring SNMP access setting...

Страница 487: ...access set to ro read only or rw read write and the Object Identifier oid a string of 1 127 numbers separated by dot such as 2 3 4 5 6 v3 user access oid sec auth pass1 priv pass2 Adds an SNMP v3 use...

Страница 488: ...mp access list acl index start ip end ip For information on configuring SNMP access settings using the applet GUI see Configuring SNMP Access Control on page 4 26 delete acl idx Deletes entry idx 1 10...

Страница 489: ...rite 1 3 6 1 admin system snmp access list v3 2 index 2 username judy access permission read write object identifier 1 3 6 1 security level auth priv auth algorithm md5 auth password privacy algorithm...

Страница 490: ...the SNMP traps submenu The items available under this command are shown below show Shows SNMP trap parameters set Sets SNMP trap parameters add Adds SNMP trap entries delete Deletes SNMP trap entries...

Страница 491: ...e SNMP Network Traps physical port status change enable denial of service enable denial of service trap rate limit 10 seconds SNMP System Traps system cold start disable system config changed disable...

Страница 492: ...disable Enables disables the denial of service trap interval rate Sets denial of service trap interval cold enable disable Enables disables the system cold start trap cfg enable disable Enables disab...

Страница 493: ...g SNMP RF Trap Thresholds on page 4 34 add v1v2 ip port comm ver Adds an entry to the SNMP v1 v2 access list with the destination IP address set to ip the destination UDP port set to port the communit...

Страница 494: ...delete v1v2 all For information on configuring SNMP traps using the applet GUI see Configuring SNMP Settings on page 4 20 delete v1v2c idx Deletes entry idx from the v1v2c access control list all Del...

Страница 495: ...ystem snmp traps add v3 201 232 24 33 555 BigBoss none md5 admin system snmp traps list v3 all index 1 destination ip 201 232 24 33 destination port 555 username BigBoss security level none auth algor...

Страница 496: ...correct network time is required for numerous functions to be configured accuaretly on the access point Syntax set show Shows NTP parameters settings date zone Show date time and time zone zone list D...

Страница 497: ...p mode enable preferred Time server ip 203 21 37 18 preferred Time server port 123 first alternate server ip 203 21 37 19 first alternate server port 123 second alternate server ip 0 0 0 0 second alte...

Страница 498: ...eference Guide 8 172 AP51xx admin system ntp date zone Description Show date time and time zone Syntax Example admin system ntp date zone Date Time Sat 1970 Jan 03 20 06 22 0000 UTC Time Zone date zon...

Страница 499: ...nce 8 173 AP51xx admin system ntp zone list Description Displays an extensive list of time zones for countries around the world Syntax Example admin system ntp zone list zone list Displays list of tim...

Страница 500: ...configuring NTP using the applet GUI see Configuring Network Time Protocol NTP on page 4 36 set mode ntp mode Enables or disables NTP server idx ip Sets the NTP sever IP address port idx port Defines...

Страница 501: ...ess point log submenu Logging options include Syntax show Shows logging options set Sets log options and parameters view Views system log delete Deletes the system log send Sends log to the designated...

Страница 502: ...current access point logging settings Syntax Example admin system logs show log level L6 Info syslog server logging enable syslog server ip address 192 168 0 102 For information on configuring loggin...

Страница 503: ...gging Configuration on page 4 39 set level level Sets the level of the events that will be logged All events with a level at or above level L0 L7 will be saved to the system log L0 Emergency L1 Alert...

Страница 504: ...6pm up 6 days 16 16 load average 0 00 0 01 0 00 Jan 7 16 16 01 none CC Mem 62384 32520 29864 0 0 Jan 7 16 16 01 none CC 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf...

Страница 505: ...n system logs delete Description Deletes the log files Syntax Example admin system logs delete For information on configuring logging settings using the applet GUI see Logging Configuration on page 4...

Страница 506: ...ransfer In progress File transfer Done admin system logs For information on configuring logging settings using the applet GUI see Logging Configuration on page 4 39 send Sends the system log file via...

Страница 507: ...s point configuration partial Restores a partial default access point configuration show Shows import export parameters set Sets import export access point configuration parameters export Exports acce...

Страница 508: ...default configuration Syntax Example admin system config default Are you sure you want to default the configuration yes no For information on importing exporting access point configurations using the...

Страница 509: ...and SNMP settings are uneffected by the partial restore Syntax Example admin system config partial Are you sure you want to partially default the access point yes no For information on importing expo...

Страница 510: ...configuration file Syntax Example admin system config show cfg filename cfg txt cfg filepath ftp tftp server ip address 192 168 0 101 ftp user name myadmin ftp password For information on importing e...

Страница 511: ...ip address 192 168 22 12 ftp user name myadmin ftp password For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 41...

Страница 512: ...figuration file Done File transfer In progress File transfer Done Export Operation Done For information on importing exporting access point configurations using the applet GUI see Importing Exporting...

Страница 513: ...operation Done For information on importing exporting access point configurations using the applet GUI see Importing Exporting Configurations on page 4 41 import ftp Imports the access point configur...

Страница 514: ...reboot process to successfully update the device firmware regardless of whether the reboot is conducted uing the GUI or CLI interfaces show Displays the current access point firmware update settings s...

Страница 515: ...are upgrade enable automatic config upgrade enable automatic upgrade interface WAN firmware filename APFW bin firmware path tftpboot ftp tftp server ip address 168 197 2 2 ftp user name pkeegan ftp pa...

Страница 516: ...to mode When enabled updates device configuration file each time the confif file versions are found to be different between the access point and the specified LAN or WAN interface iface wan lan1 lan2...

Страница 517: ...ice firmware using the applet GUI see Updating Device Firmware on page 4 46 update mode iface Defines the ftp ot tftp mode used to conduct the firmware update Specifies whether the update is executed...

Страница 518: ...nds a config file to another access point within the known AP table send cfg all Sends a config file to all access points within the known AP table clear Clears all statistic counters to zero flash al...

Страница 519: ...Summary on page 7 25 For information on displaying Mesh statistics using the applet GUI see Viewing the Mesh Statistics Summary on page 7 32 For information on displaying Known AP statistics using th...

Страница 520: ...point config to another access point using the applet GUI see Viewing Known Access Point Statistics on page 7 33 send cfg ap index Copies the access point s configuration to the access points within...

Страница 521: ...stats For information on copying the access point config to another access point using the applet GUI see Viewing Known Access Point Statistics on page 7 33 send cfg all Copies the access point s con...

Страница 522: ...rs LAN statistics counters all rf Clears all RF data all wlan Clears all WLAN summary information wlan Clears individual WLAN statistic counters all radio Clears access point radio summary information...

Страница 523: ...xample admin stats admin stats flash all leds 1 start Password admin stats flash all leds 1 stop admin stats For information on flashing access point LEDs using the applet GUI see Viewing Known Access...

Страница 524: ...sociated MU Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 show Shows the Mobile Unit Statistics Summary list Defines echo test parameter...

Страница 525: ...admin stats echo show Description Shows Mobile Unit Statistics Summary Syntax Example admin stats echo show Idx IP Address MAC Address WLAN Radio T put ABS Retries 1 192 168 2 0 00 A0F8 72 57 83 demo...

Страница 526: ...arameters and results Syntax Example admin stats echo list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats echo For information on MU Echo and Ping t...

Страница 527: ...st Syntax For information on MU Echo and Ping tests using the applet GUI see Pinging Individual MUs on page 7 30 set station mac Defines MU target MAC address request num Sets number of echo packets t...

Страница 528: ...test Syntax Example admin stats echo start admin stats echo list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of MU Responses 2 For information on MU...

Страница 529: ...with the same ESSID Syntax For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30 ping show Shows Known AP Summary details list Defines ping test packet length...

Страница 530: ...8 204 AP51xx admin stats ping show Description Shows Known AP Summary Details Syntax Example admin stats ping show Idx IP Address MAC Address MUs KBIOS Unit Name 1 192 168 2 0 00 A0F8 72 57 83 3 0 acc...

Страница 531: ...ameters and results Syntax Example admin stats ping list Station Address 00A0F8213434 Number of Pings 10 Packet Length 10 Packet Data in HEX 55 admin stats ping For information on Known AP tests using...

Страница 532: ...n stats ping set request 10 admin stats ping set length 100 admin stats ping set data 1 admin stats ping For information on Known AP tests using the applet GUI see Pinging Individual MUs on page 7 30...

Страница 533: ...est Syntax Example admin stats ping start admin stats ping list Station Address 00A0F843AABB Number of Pings 10 Packet Length 100 Packet Data in HEX 1 Number of AP Responses 2 For information on Known...

Страница 534: ...AP 51xx Access Point Product Reference Guide 8 208...

Страница 535: ...te other access points using the WLAP client s ESSID Then it is required to go through the association and authentication process to establish wireless connections with the located devices This associ...

Страница 536: ...hereby a network loop is not created and then the connection is not blocked Once the client bridge establishes at least one wireless connection it begins establishing other wireless connections as it...

Страница 537: ...referred connection list The association and authentication process is identical to the MU association process The client access point sends 802 11 authentication and association frames to the base ac...

Страница 538: ...ed with the following configurations AP 1 base bridge AP 2 repeater both a base and client bridge In the case of a mesh enabled radio the client bridge configuration always takes precedence over the b...

Страница 539: ...sh Networking and the AP 51xx s Two Subnets The access point now has a second subnet on the LAN side of the system This means wireless clients communicating through the same radio can reside on differ...

Страница 540: ...n parameters will get sent or saved to other access points However if using the Known AP Statistics screen s Send Cfg to APs functionality auto select and preferred list settings do not get imported 9...

Страница 541: ...Members of the mesh network can be configured as client bridges or additional base bridges with a higher priority value To define a LAN s Mesh STP Configuration 1 Select Network Configuration LAN fro...

Страница 542: ...point starts with a default bridge priority of 32768 Maximum Message age The Maximum Message age timer is used with the Message Age timer The Message Age timer is used to measure the age of the receiv...

Страница 543: ...ers of the mesh network 1 Select Network Configuration Wireless from the AP 5131 menu tree The Wireless Configuration screen displays with those existing WLANs displayed within the table 2 Select the...

Страница 544: ...D and Name to the WLAN that each access point will share when using this WLAN within their mesh network Symbol recommends assigning a unique name to a WLAN supporting a mesh network to differentiate i...

Страница 545: ...twork and setting it too high could prohibit other WLANs from granting access to the all the devices needed 6 Select the Enable Client Bridge Backhaul checkbox to make this WLAN available in the Mesh...

Страница 546: ...esh network For information on defining an ACL for use with the WLAN assigned to the mesh network see Configuring a WLAN Access Control List ACL on page 5 36 9 Select the Disallow MU to MU Communicati...

Страница 547: ...this option as it would prevent the AP from answering to blank ESSID probes from other mobile units 12 If there are certain requirements for the types of data proliferating the mesh network select an...

Страница 548: ...e settings are applied within this Radio Configuration screen the NOTE The dual radio model access point affords users better optimization of the mesh network feature by allowing the access point to t...

Страница 549: ...connections for this specific radio displays within the CBs Connected field If this is an existing radio within a mesh network this value updates in real time 5 Select the Client Bridge checkbox to e...

Страница 550: ...an initial deployment the current number of base bridges visible to the radio displays within the BBs Visible field and the number of base bridges currently connected to the radio displays within the...

Страница 551: ...the MAC Address corresponding to that Base Bridge you can add that to the Preferred List using the add button NOTE Auto link selection is based on the RSSI and load The client bridge will select the b...

Страница 552: ...hin the Advanced Client Bridge Settings screen 15 Click Cancel to undo any changes made within the Advanced Client Bridge Settings screen This reverts all settings for the screen to the last saved con...

Страница 553: ...ht down and stops beaconing after the timeout period 45 seconds This allows the client bridge radio 1 to roam without dropping the MU s associated to radio 2 The disadvantage is that radio 2 may beaco...

Страница 554: ...ping yard AP2 is intended to be a client bridge associated to AP1 and be placed on a wall of a receiving shack a remote building in the shipping yard with antennas oriented into the shipping yard AP2...

Страница 555: ...ll with the antennas orienting outward into the shipping and receiving yard The team then installs the AP2 on a wall on the receiving shack in the shipping yard The Trion IT department follows the ins...

Страница 556: ...Enable checkbox 5 The Trion IT department then selects Network Configuration LAN trion from the AP 5131 menu tree NOTE In this fictional mesh network deployment for Trion Enterprises AP1 and AP2 shou...

Страница 557: ...s the Forward Delay the time the access point LAN is spent in a listening and learning state to the factory default of 15 seconds Since only one additional access point is to be added to this point to...

Страница 558: ...the Wireless Page they determine the existing default WLAN should be left as is and a new WLAN should be created that can be dedicated to the mesh network supporting the shipping yard 10 The team sel...

Страница 559: ...e 14 The team wants to limit the number of MUs connecting to the mesh WLAN Therefore the team sets the Maximum MUs field to 10 and will use the Radio Configuration page to control the number of client...

Страница 560: ...elected and the team enters 16 hexadecimal characters into each of the four fields displayed Once completed the Apply button is selected and the access point applet returns to the WLAN screen 21 The t...

Страница 561: ...is known to the IT Team they select the Deny drop down menu option as the team wants to deny access to all MAC addresses except their own known range of device MAC addresses 25 The IT team then select...

Страница 562: ...he initial 2 AP mesh network deployment 27 The team selects the Use Secure Beacon checkbox from the Edit WLAN screen to not transmit the AP 5131 s ESSID between AP1 and AP2 If a hacker tries to find a...

Страница 563: ...ould have proliferated the WLAN the team would have selected 11ag wifi or 11ag voice However since simple data transfers are planned the 11ag default setting is appropriate 34 The IT Team clicks Apply...

Страница 564: ...ork Name drop down menu to assign the trion mesh WLAN to the radio 1 client bridge This is the WLAN the AP1 and AP2 radios will use to interoperate with the mesh network devices populating the shippin...

Страница 565: ...he addition of two additional access points AP3 and AP4 to be configured as repeaters both client and base bridges Configuring AP3 and AP4 as repeaters entails configuring an AP3 and an AP4 radio as b...

Страница 566: ...he instructions in Wall Mounted Installations on page 2 15 to install AP3 and AP4 3 The Trion IT department selects Network Configuration LAN from the AP 5131 menu tree 4 The Trion IT department verif...

Страница 567: ...m their default values The team clicks OK from within the Mesh STP Configuration screen and Apply from within the trion LAN1 screen to save the settings The Trion IT team now intends to assign WLANs t...

Страница 568: ...1 and AP2 should be able to see AP3 and AP4 as soon as they are deployed 11 The team assigns the name of trion mesh to the WLAN to be consistent with the WLAN supporting mesh networking on AP1 and AP2...

Страница 569: ...0 It is assumed all of the existing MU traffic defined for AP1 and AP2 will also be used in the extended coverage area for AP3 and AP4 with no known additions to the MU traffic at this time Thus the I...

Страница 570: ...ow the team defined the AP1 and AP2 QoS policy starting on step 25 within Trion s Initial Deployment on page 9 20 The WLAN configuration has now been set for both AP3 and AP4 The team now needs to def...

Страница 571: ...ct the Advanced button within the AP3 and AP4 WLAP Client Bridge Settings field 27 The Trion IT Team clicks Apply within both the AP3 and AP4 Radio Configuration screens to complete the mesh network c...

Страница 572: ...rage to the outer portion of the shipping yard without having to provide base bridge or repeater support to new members of the mesh network The remaining AP5 and AP5 radio can support shipping yard MU...

Страница 573: ...The Trion IT department verifies the LAN used to support the mesh network is enabled for both AP5 and AP6 by selecting the Enable checkbox 5 The Trion IT department then selects Network Configuration...

Страница 574: ...guration screen and Apply from within the trion LAN1 screen to save the settings The Trion IT team now intends to assign WLANs to use with the trion LAN that can be dedicated to their mesh network wit...

Страница 575: ...of 103 to be consistent with the trion mesh WLAN ESSID of the other four access points within the mesh network 11 The team assigns the name of trion mesh to the WLAN to be consistent with the WLAN sup...

Страница 576: ...1 4 and defines an ACL exactly like it for AP5 and AP6 The team also remembers to go to the ACL for AP1 AP3 and AP4 and add AP5 and AP6 in order for each device in the mesh network to communicate with...

Страница 577: ...esh WLAN to radio 1 25 As with APs 1 4 the IT Team decides to not select the Advanced button within the WLAP Client Bridge Settings field 26 The Trion IT Team clicks Apply within both the AP5 and AP6...

Страница 578: ...cess Point Product Reference Guide 9 44 coverage area But for now the 802 11a radio of both AP5 and AP6 can remain defined as a client bridge to support the outer fringes of the Trion Enterprises ship...

Страница 579: ...hnical Specifications This appendix provides technical specifications in the following areas Physical Characteristics Electrical Characteristics Radio Characteristics Antenna Specifications Country Co...

Страница 580: ...Plenum Housing UL2043 Weight 1 95 lbs 0 88 Kg single radio model 2 05 lbs 0 93 Kg dual radio model Operating Temperature 20 to 50 Celsius Storage Temperature 40 to 70 Celsius Altitude 8 000 feet 2438...

Страница 581: ...40 to 85 Celsius Altitude 8 000 feet 2438 m 28 Celsius operating 15 000 feet 4572 m 12 Celsius storage Vibration Vibration to withstand 02g Hz random sine 20 2k Hz Humidity 5 to 95 operating 5 to 95...

Страница 582: ...ever Symbol does recommend the AP PSBIAS 5181 01R model power supply for use the AP 5181 Operating Voltage 48Vdc Nom Operating Current 200mA Peak 48Vdc 170mA Nom 48Vdc Operating Channels 802 11a radio...

Страница 583: ...Mbit Sec 802 11b radio 1 2 5 5 11 Mbps Wireless Medium Direct Sequence Spread Spectrum DSSS Orthogonal Frequency Division Multiplexing OFDM CAUTION The antenna models described below are rated just f...

Страница 584: ...cessory s connector and cable type plus the length Symbol Part Number Antenna Type Nominal Net Gain dBi ML 5299 WPNA1 01R Panel Antenna 13 0 ML 5299 HPA1 01R Wide Band Omni Directional Antenna 5 0 ML...

Страница 585: ...enna Type Nominal Net Gain dBi Description ML 2499 FHPA5 01R Omni Directional Antenna 5 0 2 4 GHz Type N connector no pigtail ML 2499 FHPA9 01R Omni Directional Antenna 9 0 2 4 GHz Type N connector no...

Страница 586: ...nna suite includes the following models Part Number Antenna Type Nominal Net Gain dBi Description ML 5299 FHPA6 01R Omni Directional Antenna 7 0 4 900 5 850 GHz Type N connector no pigtail ML 5299 FHP...

Страница 587: ...o MA Bahamas BS Netherlands NL Bahrain BH Netherlands Antilles AN Barbados BB New Zealand NZ Belarus BY Nicaragua NI Bermuda BM Norfolk Island NF Belgium BE Norway NO Bolivia BO Oman OM Botswana BW Pa...

Страница 588: ...Egypt EG Sri Lanka LK Falkland Islands FK Sweden SE Finland FI Switzerland CH France FR Taiwan TW Germany DE Thailand TH Greece GR Trinidad and Tobago TT Guam GU Turkey TR Guatemala GT Ukraine UA Guin...

Страница 589: ...Technical Specifications A 11 Japan JP Jordan JO Kazakhstan KZ Kuwait KW Latvia LV Lebanon LB Liechtenstein LI Lithuania LT Luxembourg LU Macedonia MK Malaysia MY Malta MT Martinique MQ...

Страница 590: ...AP 51xx Access Point Product Reference Guide A 12...

Страница 591: ...using a DHCP or Linux BootP Server Configuring an IPSEC Tunnel and VPN FAQs B 1 Configuring Automatic Updates using a DHCP or Linux BootP Server This section provides specific details for configuring...

Страница 592: ...is cfg version 1 1 01 The access point only checks the two characters after the third hyphen 01 when making a comparison Change the last two characters to update the configuration The two characters c...

Страница 593: ...ction menu select Set Predefined Options e Add the following 3 new options under AP51xx Options class f Highlight Scope Options from the tree and select Configure Options g Go to the Advanced tab From...

Страница 594: ...Ethernet segment 2 Configure the Windows based DHCP Server as follows a Highlight the Server Domain Name for example apfw symbol com From the Action menu select Set Predefined Options b Add the follow...

Страница 595: ...rify the file versions within the System Settings screen B 1 1 3 DHCP Priorities The following flowchart indicates the priorities used by the access point when the DHCP server is configured for multip...

Страница 596: ...the DHCP Server is configured for options 187 and 67 for the firmware file the access point uses the file name configured for option 187 If the DHCP Server is configured for embedded and global optio...

Страница 597: ...thernet segment 2 Configure the bootptab file etc bootptab on the Linux Unix BootP Server in any one of the formats that follows Using options 186 187 and 188 Using options 66 67 and 129 AP 5131 ha 00...

Страница 598: ...is provided by the server the access point strips off the TFTP root directory from the fully qualified configuration file name to obtain a relative file name For example if using bf opt tftpdir ftp d...

Страница 599: ...e capability to create a tunnel between an access point and a VPN endpoint The access point can also create a tunnel from one access point to another access point The following instruction assumes the...

Страница 600: ...ed as Device 2 For this usage scenario the following components are required 2 access points either an AP 5131 or AP 5181 model 1 PC on each side of the access point s LAN To configure a VPN tunnel be...

Страница 601: ...Click Apply to save the changes 9 Select the Auto IKE Key Exchange radio button 10 Select the Auto Key Settings button 11 For the ESP Type select ESP with Authentication and use AES 128 bit as the ESP...

Страница 602: ...the changes 18 Check the VPN Status screen Notice the status displays NOT_ACTIVE This screen automatically refreshes to get the current status of the VPN tunnel Once the tunnel is active the IKE_STAT...

Страница 603: ...o PIX Below is how the access point VPN Status screen should look if the entire configuration is setup correctly once the VPN tunnel is active The status field should display ACTIVE NOTE The Cisco PIX...

Страница 604: ...um of 25 tunnels When using the Remote Subnet IP Address with an appropriate subnet mask the AP can access multiple subnets on the remote end For example If creating a tunnel using 192 168 0 0 16 for...

Страница 605: ...hentication scheme used The VPN tunnel can be established only when these corresponding keys match Ensure the Inbound Outbound SPI and ESP Authentication Keys have been properly specified Question 5 C...

Страница 606: ...l ID type refers to the way that IKE selects a local certificate to use IP tries the match the local WAN IP to the IP addresses specified in a local certificate FQDN tries to match the user entered lo...

Страница 607: ...two addresses are on the same subnet As a workaround point the access point s WAN default gateway to be the other VPN gateway and vice versa Question 10 I have setup my tunnel and the status still sa...

Страница 608: ...ure my firewall Now that I use Advanced LAN Access my VPN stops working What am I doing wrong VPN requires certain packets to be passed through the firewall Subnet Access automatically inserts these r...

Страница 609: ...LAN Access These rules should be configured first before other rules are configured Question 13 Do I need to add any special routes on the access point to get my VPN tunnel to work No However clients...

Страница 610: ...s only one LAN port and it is defaulted to DHCP BOOTP enabled The AP 5131 and AP 5181 are optimized for single cell deployment so the customer to use either as a drop in replacement for an existing AP...

Страница 611: ...mer Support specialists cannot solve a problem access to all technical disciplines within Symbol becomes available for further assistance and support Symbol Customer Support responds to calls by email...

Страница 612: ...Telephone 1 631 738 2400 1 800 SCAN 234 Fax 1 631 738 5990 Symbol Support Center for warranty and service information telephone 1 800 653 5350 fax 631 738 5410 Email support symbol com International C...

Страница 613: ...e http symbol com services Manual Updates http symbol com legacy_manuals wire accesspoints html Symbol Developer Program http devzone symbol com Additional Information Obtain additional information by...

Страница 614: ...AP 51xx Access Point Product Reference Guide C 4...

Страница 615: ...splays 1 17 AP 5131 version 4 4 AP 5131 13040 WW 2 2 2 4 AP 5131 13041 WW 2 2 AP 5131 13042 WW 2 2 AP 5131 13043 WW 2 3 AP 5131 40020 WW 2 3 AP 5131 40021 WW 2 3 AP 5131 40022 WW 2 3 AP 5131 40023 WW...

Страница 616: ...ics 8 192 CLI system access commands 8 142 CLI system commands 8 136 CLI telnet 8 2 CLI type filter commands 8 35 CLI WAN commands 8 40 CLI WAN NAT commands 8 43 CLI WAN VLAN Commands 8 49 8 58 Comman...

Страница 617: ...al radio AP 5131 9 3 STP 9 4 topology 9 5 use case 9 20 mesh overview 9 1 MIB 3 3 ML 2499 11PNA2 01 2 7 2 8 A 7 ML 2499 BYGA2 01 2 7 ML 2499 HPA3 01 2 7 2 8 A 7 ML 5299 WBPBX1 01 2 7 A 6 ML 5299 WPNA1...

Страница 618: ...4 SNMP v3 4 24 SNMP access control 4 26 SNMP RF trap thresholds 4 34 SNMP specific traps 4 31 SNMP traps 4 28 SNMP v1 v2c 4 29 SNMP v3 user definitions 4 24 statistics AP 5131 7 33 statistics LAN 7 6...

Страница 619: ...rwarding 5 24 WAN statistics 7 2 WEP 1 11 WEP encryption 1 9 1 11 Wi Fi Protected Access WPA 1 12 WLAN ACL 5 36 WLAN creating 5 29 WLAN editing 5 29 WLAN enabling 5 27 WLAN security 5 34 WLAN statisti...

Страница 620: ...AP 51xx Access Point Product Reference Guide IN 10...

Страница 621: ......

Страница 622: ...Symbol Technologies Inc One Symbol Plaza Holtsville New York 11742 1300 http www symbol com 72E 92949 01 Revision A January 2007...

Отзывы:

Нет отзывов