- DL manuals
- 3Com
- Wireless Access Point
- 3CRWEASYA73 / WL-575
- User Manual
3Com 3CRWEASYA73 / WL-575 User Manual
Summary of 3CRWEASYA73 / WL-575
Page 1
Www.3com.Com user guide 3com outdoor 11a building to building bridge and 11bg access point 3crweasya73 / wl-575 part number 10016517 rev. Aa published december, 2007.
Page 2
3com corporation 350 campus drive marlborough, ma 01752-3064 copyright © 2007 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written pe...
Page 3: Introduction
Iii contents introduction product features 1-1 radio characteristics 1-2 approved channels 1-2 package checklist 1-3 hardware description 1-4 integrated high-gain antenna 1-4 external antenna options 1-4 ethernet port 1-5 power injector module 1-5 grounding point 1-6 water tight test point 1-6 wall-...
Page 4: Hardware Installation
Iv hardware installation testing basic link operation 3-2 mount the unit 3-2 using the pole-mounting bracket 3-2 using the wall-mounting bracket 3-4 connect external antennas 3-6 connect cables to the unit 3-7 connect the power injector 3-7 check the led indicators 3-9 align antennas 3-10 initial co...
Page 5: Command Line Interface
V configuring snmpv3 filters 5-29 rogue ap 5-30 ap management 5-31 telnet and ssh settings 5-33 administration 5-34 changing the password 5-34 changing the country code 5-35 upgrading firmware 5-35 auto-provisioning 5-38 wds and spanning tree settings 5-41 system log 5-49 enabling system logging 5-4...
Page 6: Troubleshooting
Vi using command history 6-5 understanding command modes 6-5 exec commands 6-5 configuration commands 6-6 command line processing 6-6 command groups 6-7 troubleshooting cables and pinouts twisted-pair cable assignments b-1 10/100base-tx pin assignments b-2 straight-through wiring b-3 crossover wirin...
Page 7: Erminology
Vii t erminology access point —an internet working device that seamlessly connects wired and wireless networks. Ad hoc —an ad hoc wireless lan is a group of computers, each with wireless adapters, connected as an independent wireless lan. Backbone —the core infrastructure of a network. The portion o...
Page 8
Viii rts threshold —transmitters contending for the medium may not be aware of each other (they are “hidden nodes”). The rts/cts mechanism can solve this problem. If the packet size is smaller than the preset rts threshold size, the rts/cts mechanism will not be enabled. Vap— virtual access point. A...
Page 9: Ntroduction
1-1 1 i ntroduction the 3com outdoor 11a building to building bridge and 11bg access point system provides point-to-point or point-to-multipoint bridge links between remote ethernet lans, and wireless access point services for clients in the local lan area. It includes an integrated high-gain antenn...
Page 10: Adio
1-2 provides access point services for the 5 ghz and 2.4 ghz radios using various external antenna options maximum data rate up to 108 mbps on the 802.11a (5 ghz) radio outdoor weatherproof design ieee 802.11a and 802.11b/g compliant local network connection via 10/100 mbps ethernet port powered thr...
Page 11: Ackage
1-3 p ackage c hecklist the 3com outdoor 11a building to building bridge and 11bg access point package includes: one 3com outdoor 11a building to building bridge and 11bg access point mounting bracket and hardware one weatherproof category 5 network cable one weatherproof console to rs232 cable poe ...
Page 12: Ardware
1-4 h ardware d escription i ntegrated h igh -g ain a ntenna the wl-575 bridge includes an integrated high-gain (17 dbi) flat-panel antenna for 5 ghz operation. With this antenna, in a direct line-of-sight link using a point-to-point deployment, the range can be as long as 15 km (9.3 miles), with a ...
Page 13
1-5 external antennas connect to the n-type rf connectors on the wireless bridge using the optional rf coaxial cables. Using the external antennas in a point-to-multipoint deployment, the maximum range for bridge links are: 802.11b,g: 2.2 km 802.11a: 3 km e thernet p ort the wireless bridge has one ...
Page 14
1-6 network interconnection devices such as a switch or router that provide mdi-x ports. However, when connecting the access point to a workstation or other device that does not have mdi-x ports, you must use crossover twisted-pair cable. The wireless bridge does not have a power switch. It is power...
Page 15: Ystem
1-7 w all - and p ole -m ounting b racket k it the wireless bridge includes a bracket kit that can be used to mount the bridge to a wall, pole, radio mast, or part of a tower structure. S ystem c onfiguration at each location where a unit is installed, it must be connected to the local network using...
Page 16
1-8 the wireless bridge modes connect two or more wired networks, for example networks in different buildings with no wired connections. You will need a 3com outdoor 11a building to building bridge and 11bg access point unit on both sides of the connection. The wireless bridge can connect up to six ...
Page 17
1-9 the following figure shows a point-to-multipoint “in-line” configuration with one bridge set to “master” and using a directional panel antenna. 19° beam angle.
Page 18
1-10
Page 19: Ridge
2-1 2 b ridge l ink p lanning the 3com ap bridge and 11bg access point supports fixed point-to-point or point-to-multipoint wireless links. A single link between two points can be used to connect a remote site to larger core network. Multiple bridge links can provide a way to connect widespread ethe...
Page 20: Ata
2-2 d ata r ates using the 5.0 ghz integrated antenna, two wl-575 bridges can operate over a range of up to 15.4 km (9.6 miles) or provide a high-speed connection of 54 mbps (108 mbps in turbo mode). However, the maximum data rate for a link decreases as the operating range increases. A 15.4 km link...
Page 21: Adio
2-3 r adio p ath p lanning although the wireless bridge uses ieee 802.11a radio technology, which is capable of reducing the effect of multipath signals due to obstructions, the wireless bridge link requires a “radio line-of-sight” between the two antennas for optimum performance. The concept of rad...
Page 22
2-4 • be sure there is enough clearance from buildings and that no building construction may eventually block the path. • check the topology of the land between the antennas using topographical maps, aerial photos, or even satellite image data (software packages are available that may include this i...
Page 23
2-5 note that to avoid any obstruction along the path, the height of the object must be added to the minimum clearance required for a clear radio line-of-sight. Consider the following simple example, illustrated in the figure below. A wireless bridge link is deployed to connect building a to a build...
Page 24
2-6 a ntenna p osition and o rientation once the required antenna height has been determined, other factors affecting the precise position of the wireless bridge must be considered: • be sure there are no other radio antennas within 2 m (6 ft) of the wireless bridge • place the wireless bridge away ...
Page 25
2-7 r adio i nterference the avoidance of radio interference is an important part of wireless link planning. Interference is caused by other radio transmissions using the same or an adjacent channel frequency. You should first scan your proposed site using a spectrum analyzer to determine if there a...
Page 26: Thernet
2-8 • snow and ice — falling snow, like rain, has no significant effect on the radio signal. However, a build up of snow or ice on antennas may cause the link to fail. In this case, the snow or ice has to be cleared from the antennas to restore operation of the link. E thernet c abling when a suitab...
Page 27: Ardware
3-1 3 h ardware i nstallation before mounting antennas to set up your wireless bridge links, be sure you have selected appropriate locations for each antenna. Follow the guidance and information in chapter 2, “wireless link planning.” also, before mounting units in their intended locations, you shou...
Page 28: Esting
3-2 t esting b asic l ink o peration set up the units over a very short range (15 to 25 feet), either outdoors or indoors. Connect the units as indicated in this chapter and be sure to perform all the basic configuration tasks outlined in chapter 4, “initial configuration.” when you are satisfied th...
Page 29
3-3 2 fit the edges of the v-shaped part into the slots in the rectangular plate, and tighten the nuts. 3 attach the adjustable rectangular plate to the bridge with supplied screws. Fit the edges of the v-shaped part into the slots attach the adjustable rectangular plate to the bridge.
Page 30
3-4 4 attach the bridge with bracket to the plate already fixed to the pole. 5 use the included nuts to secure the wireless bridge to the pole bracket. Note that the wireless bridge tilt angle may need to be adjusted during the antenna alignment process. Be sure to take account of the antenna polari...
Page 31
3-5 1 always attach the bracket to a wall with flat side flush against the wall (see following figure). 2 position the bracket in the intended location and mark the position of the four mounting screw holes. 3 drill four holes in the wall that match the screws and wall plugs included in the bracket ...
Page 32: Onnect
3-6 c onnect e xternal a ntennas the bridge’s primary antenna is it’s built-in internal antenna. For some applications when deploying an wl-575 unit for a bridge link or access point operation, you may need to mount external antennas and connect them to the bridge. Typically, a bridge link requires ...
Page 33: Onnect
3-7 c onnect c ables to the u nit 1 attach the ethernet cable to the ethernet port on the wireless bridge. 2 for extra protection against rain or moisture, apply weatherproofing tape (not included) around the ethernet connector. 3 be sure to ground the unit with an appropriate grounding wire (not in...
Page 34
3-8 1 connect the ethernet cable from the wireless bridge to the rj-45 port labeled “output” on the power injector. 2 connect a straight-through unshielded twisted-pair (utp) cable from a local lan switch to the rj-45 port labeled “input” on the power injector. Use category 5e or better utp cable fo...
Page 35: Heck
3-9 c heck the led i ndicators the bridge’s 11a and 11b/g leds operate in two display modes, which are configurable through the software. The default ap mode indicates data traffic rates. The rssi mode indicates the received signal power and is for use when aligning antennas in a bridge link. When t...
Page 36: Lign
3-10 a lign a ntennas after wireless bridge units have been mounted, connected, and their radios are operating, bridge link antennas must be accurately aligned to ensure optimum performance. This alignment process is particularly important for long-range point-to-point links. In a point-to-multipoin...
Page 37
3-11 when you move the antenna during alignment, the radio signal from the remote antenna can be seen to have a strong central main lobe and smaller side lobes. The object of the alignment process is to set the antenna so that it is receiving the strongest signal from the central main lobe. To align...
Page 38
3-12 1 pan the antenna horizontally back and forth while checking the leds. If using the pole-mounting bracket with the unit, you must rotate the mounting bracket around the pole. Other external antenna brackets may require a different horizontal adjustment. 2 find the point where the signal is stro...
Page 39: Nitial
4-1 4 i nitial c onfiguration the 3com ap bridge and 11bg access point offers a variety of management options, including a web-based interface. The initial configuration steps can be made through the web browser interface. The access point requests an ip address via dhcp by default. If no response i...
Page 40: 3Com W
4-2 c hapter 4: i nitial c onfiguration 1 connect a computer directly to the access point using the supplied standard category 5 utp ethernet cable. 2 enter the access point’s default ip address (169.254.2.1) into the computer’s web browser. If the configuration management system starts, the access ...
Page 41
4-3 figure 1 wireless interface device manager click on the properties button to see the following screen figure 2 wireless interface device manager - properties directly connect to the device through its ethernet port or console port. Follow the instructions below to login into the ap configuration...
Page 42: Sing
4-4 c hapter 4: i nitial c onfiguration to log on to the web interface: 1 username, type admin (case sensitive). 2 password, type password 3 click log on . F irst t ime o nly when you log in for the first time, you may be asked to select your country. Choose your country from the drop-down list and ...
Page 43
4-5 using the setup wizard the access point can be managed by any computer using a web browser (such as internet explorer 5.0 or above). Enter the default ip address: http://169.254.2.1. Logging in – enter the username “admin,” and password “password,” then click login. For information on configurin...
Page 44
4-6 c hapter 4: i nitial c onfiguration the home page displays the main menu. Figure 5 home page launching the setup wizard – to perform initial configuration, click setup wizard on the home page, select the vap you wish to configure, then click on the [next] button to start the process. Figure 6 se...
Page 45
4-7 using the setup wizard figure 7 setup wizard - step 1 2 radio channel – you must enable radio communications for 802.11a and 802.11b/g, and set the operating radio channel. Figure 8 setup wizard - step 2 note: available channel settings are limited by local regulations, which determine the chann...
Page 46
4-8 c hapter 4: i nitial c onfiguration 802.11a turbo mode – if you select enable, the access point will operate in turbo mode with a data rate of up to 108 mbps. Turbo mode supports only 5 channels. (default: disabled) 802.11a radio channel – set the operating radio channel number. Auto channel sel...
Page 47
4-9 using the setup wizard 4 security – set the authentication type to “open” to allow open access without authentication, or “shared” to require authentication based on a shared key. Enable encryption to encrypt data transmissions. To configure other security features use the advanced setup menu as...
Page 48
4-10 c hapter 4: i nitial c onfiguration 5 click finish. 6 click the ok button to complete the wizard. Figure 11 setup wizard - completed note: all wireless devices must be configured with the same key id values to communicate with the access point..
Page 49: Ystem
5-1 5 s ystem c onfiguration before continuing with advanced configuration, first complete the initial configuration steps described in chapter 4 to set up an ip address for the access point. The access point can be managed by any computer using a web browser (such as internet explorer 5.0 or above)...
Page 50: Dvanced
5-2 c hapter 5: s ystem c onfiguration figure 12 advanced setup the information in this chapter is organized to reflect the structure of the web screens for easy reference. However, it is recommended that you configure a user name and password as the first step under administration to control manage...
Page 51
5-3 advanced setup snmp configures snmp settings 5-21 rogue ap performs a scan on each vap to determine any unauthorized aps using, or attempting to use the network 5-30 ap management enables telnet, web and snmp on the device 5-31 administration configures user name and password for management acce...
Page 52: Ystem
5-4 c hapter 5: s ystem c onfiguration s ystem i dentification the system name for the access point can be left at its default setting. However, modifying this parameter can help you to more easily distinguish different devices in your network. Figure 13 system identification system name – an alias ...
Page 53: Tcp / Ip S
5-5 tcp / ip settings tcp / ip s ettings configuring the access point with an ip address expands your ability to manage the access point. A number of access point features depend on ip addressing to operate. By default, the access point will be automatically configured with ip settings from a dynami...
Page 54
5-6 c hapter 5: s ystem c onfiguration dhcp client (enable) – select this option to obtain the ip settings for the access point from a dhcp (dynamic host configuration protocol) server. The ip address, subnet mask, default gateway, and domain name server (dns) address are dynamically assigned to the...
Page 55
5-7 tcp / ip settings figure 15 smart monitor by enabling smart monitor (known as link integrity in the cli) and setting a target ip address, the ap will periodically (set by the ping interval) check to see if the target address responds to pings. If it fails to respond to a ping after the configure...
Page 56: Radius
5-8 c hapter 5: s ystem c onfiguration radius remote authentication dial-in user service (radius) is an authentication protocol that uses software running on a central server to control access to radius-aware devices on the network. An authentication server contains a database of user credentials fo...
Page 57
5-9 radius figure 16 radius authentication primary radius server setup – configure the following settings to use radius authentication on the access point. Ip address: specifies the ip address or host name of the radius server. Port: the udp port number used by the radius server for authentication m...
Page 58
5-10 c hapter 5: s ystem c onfiguration secondary radius server setup – configure a secondary radius server to provide a backup in case the primary server fails. The access point uses the secondary server if the primary server fails or becomes inaccessible. Once the access point switches over to the...
Page 59: Radius A
5-11 radius radius a ccounting radius accounting is used to send accounting information to the radius accounting server. Accounting information is sent to the server whenever a subscriber logs in or logs out and whenever a subscriber activates or deactivates a subscription. Figure 17 radius accounti...
Page 60: Uthentication
5-12 c hapter 5: s ystem c onfiguration ip address: specifies the ip address or host name of the radius server. Accounting port: the radius accounting server udp port used for accounting messages. (range: 1024-65535; default: 1813) key: a shared text string used to encrypt messages between the acces...
Page 61
5-13 authentication certificates, user names and passwords, or other) from the client to the radius server. Client authentication is then verified on the radius server before the access point grants client access to the network. The 802.1x eap packets are also used to pass dynamic unicast session ke...
Page 62
5-14 c hapter 5: s ystem c onfiguration figure 18 authentication mac authentication – you can configure a list of the mac addresses for wireless clients that are authorized to access the network. This provides a basic level of authentication for wireless clients attempting to gain access to the netw...
Page 63
5-15 authentication local mac: the mac address of the associating station is compared against the local database stored on the access point. Use the local mac authentication section of this web page to set up the local database, and configure all access points in the wireless network service area wi...
Page 64
5-16 c hapter 5: s ystem c onfiguration session key refresh rate: the interval at which the access point refreshes unicast session keys for associated clients. (range: 0-1440 minutes; default: 0 means disabled) 802.1x reauthentication refresh rate: the time period after which a connected client must...
Page 65: Ilter
5-17 filter control f ilter c ontrol the access point can employ network traffic frame filtering to control access to network resources and increase security. You can prevent communications between wireless clients and prevent access point management from wireless clients. Also, you can block specif...
Page 66
5-18 c hapter 5: s ystem c onfiguration using ieee 802.1x and a central radius server, up to 64 vlan ids can be mapped to specific wireless clients, allowing users to remain within the same vlan as they move around a campus site. This feature can also be used to control access to network resources f...
Page 67
5-19 filter control figure 19 filter control management vlan id – the vlan id that traffic must have to be able to manage the access point. (range 1-4094; default: 1) vlan classification – enables or disables vlan tagging support on the access point. Iapp – enables or disables roaming between multi-...
Page 68
5-20 c hapter 5: s ystem c onfiguration prevent inter and intra vap client communication: when enabled, clients cannot establish wireless communications with any other client, either those associated to the same vap interface or any other vap interface. Ap management filter – controls management acc...
Page 69: Snmp
5-21 snmp figure 21 ethernet type filter disabled: access point does not filter ethernet protocol types. Enabled: access point filters ethernet protocol types based on the configuration of protocol types in the filter table. If the status of a protocol is set to “on,” the protocol is filtered from t...
Page 70: Snmp
5-22 c hapter 5: s ystem c onfiguration the access point includes an onboard agent that supports snmp versions 1, 2c, and 3 clients. This agent continuously monitors the status of the access point, as well as the traffic passing to and from wireless clients. A network management station can access t...
Page 71
5-23 snmp figure 22 snmp snmp – globally enables or disables snmp management access and also enables the access point to send snmp traps (notifications). (default: disable) snmp v1/v2 – enables or disables snmpv1 and snmpv2 management access and trap notifications. Snmpv3 – enables of disables snmpv...
Page 72
5-24 c hapter 5: s ystem c onfiguration trap destination (1 to 4) – enables recipients (up to four) of snmp notifications. Trap destination ip address : specifies the recipient of snmp notifications. Enter the ip address or the host name. (host name: 1 to 63 characters, case sensitive) trap destinat...
Page 73
5-25 snmp figure 23 trap configuration trap configuration – allows selection of specific snmp notifications to send. The following items are available: syssystemup: the access point is up and running. Syssystemdown: the access point is about to shutdown and reboot. Sysradiusserverchanged: the access...
Page 74
5-26 c hapter 5: s ystem c onfiguration dot11stationauthentication: a client station has been successfully authenticated. Dot11stationrequestfail:a client station has failed association, re-association, or authentication. Dot11interfacebfail: the 802.11b interface has failed. Dot11interfaceafail: th...
Page 75: Snmp
5-27 snmp c onfiguring snmp v 3 u sers the access point allows up to 10 snmp v3 users to be configured. Each user must be defined by a unique name, assigned to one of three pre-defined security groups, and configured with specific authentication and encryption settings. Figure 24 configuring snmpv3 ...
Page 76: Snmp
5-28 c hapter 5: s ystem c onfiguration c onfiguring snmp v 3 g roups this feature is display only and details the configured snmpv3 groups configured. Figure 25 configuring snmpv3 groups c onfiguring snmp v 3 t argets an snmp v3 notification target id is specified by the snmp v3 user, ip address, a...
Page 77: Snmp
5-29 snmp assigned filter: the name of a user-defined notification filter that is applied to the target. C onfiguring snmp v 3 f ilters snmp v3 users can be configured to receive notification messages from the access point. An snmp target id is created that specifies the snmp v3 user, ip address, an...
Page 78: Ogue
5-30 c hapter 5: s ystem c onfiguration r ogue ap a “rogue ap” is either an access point that is not authorized to participate in the wireless network, or an access point that does not have the correct security configuration. Rogue aps can allow unauthorized access to the network, or fool client sta...
Page 79: Ap M
5-31 ap management authentication: enables or disables radius authentication. Enabling radius authentication allows the access point to discover rogue access points. With radius authentication enabled, the access point checks the mac address/ basic service set identifier (bssid) of each access point...
Page 80
5-32 c hapter 5: s ystem c onfiguration figure 29 ap management management ui – enables or disables management through telnet, wed (http), or snmp interfaces. Telnet ui status: enables or disables management access through telnet. (default: enable) web ui status: enables or disables management acces...
Page 81: Ssh S
5-33 ap management t elnet and ssh s ettings telnet is a remote management tool that can be used to configure the access point from anywhere in the network. However, telnet is not secure from hostile attacks. The secure shell (ssh) can act as a secure replacement for telnet. The ssh protocol uses ge...
Page 82: Dministration
5-34 c hapter 5: s ystem c onfiguration figure 31 web server settings web servers – enables or disables http and https settings. Http server: enables or disables communication to the unit through http. (default: enable) http port: specifies the http port number used for communication. (default: 80) ...
Page 83
5-35 administration figure 32 administration username – the name of the user. The default name is “admin.” (length: 3-16 characters, case sensitive) new password – the password for management access. (length: 3-16 characters, case sensitive) confirm new password – enter the password again for verifi...
Page 84
5-36 c hapter 5: s ystem c onfiguration figure 34 firmware upgrade before upgrading new software, verify that the access point is connected to the network and has been configured with a compatible ip address and subnet mask. If you need to download from an ftp or tftp server, take the following addi...
Page 85
5-37 administration new firmware file: specifies the name of the code file on the local drive. The new firmware file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters for files on the acces...
Page 86
5-38 c hapter 5: s ystem c onfiguration configuration data file: specifies the name of the configuration file. A path on the server can be specified using “/” in the name, providing the path already exists; for example, “myfolder/syscfg.” other than to indicate a path, the file name must not contain...
Page 87
5-39 administration figure 36 auto-configuration auto-config – schedules automatic updating of configuration data. Config autoupdate server: enables the bridge/ap to operate as a server that provides its configuration data to other bride/aps configured as autoupdate clients. When configured as a ser...
Page 88
5-40 c hapter 5: s ystem c onfiguration config file name: species the configuration file name to look for when performing a search. (default: syscfg) save auto-config/auto-upgrade settings: saves both the auto-config and auto-upgrade settings to system memory. If either the autoupdate or autoupgrade...
Page 89: Wds
5-41 wds and spanning tree settings firmware file server 1~4: specifies the address of the server on which to search for updates, up to a maximum of four servers. Using 0.0.0.0 disables communication. Login username and password: specifies the username and password used to gain access to the server/...
Page 90
5-42 c hapter 5: s ystem c onfiguration router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down. Figure 38 wds and spanning tree settings wds setting – configures bridge...
Page 91
5-43 wds and spanning tree settings • bridge: operates as a bridge to five other access points (slaves), and connects to the “root-bridge” (master). • repeater: operates as a wireless repeater, extending the range for remote wireless clients and connecting them to the root-bridge. In this mode, traf...
Page 92
5-44 c hapter 5: s ystem c onfiguration figure 39 wds scan copy to location – specifies the unit to which you want to copy wds settings. • bridge parent: selects the parent node in the wireless bridge network. • bridge child : selects one of the child nodes in the wireless bridge network. (range: 2~...
Page 93
5-45 wds and spanning tree settings figure 40 spanning tree protocol.
Page 94
5-46 c hapter 5: s ystem c onfiguration figure 41 spanning tree protocol spanning tree protocol – stp uses a distributed algorithm to select a bridging device (stp-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device...
Page 95
5-47 wds and spanning tree settings bridge priority – used in selecting the root device, root port, and designated port. The device with the highest priority becomes the stp root device. However, if all devices have the same priority, the device with the lowest mac address will then become the root ...
Page 96
5-48 c hapter 5: s ystem c onfiguration • default: ethernet interface: 19; wireless interface: 40 link port priority – defines the priority used for this port in the spanning tree protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.E., lowest valu...
Page 97: Ystem
5-49 system log s ystem l og the access point can be configured to send event and error messages to a system log server. The system clock can also be synchronized with a time server, so that all the messages sent to the syslog server are stamped with the correct time and date. Figure 42 system log e...
Page 98: Sntp
5-50 c hapter 5: s ystem c onfiguration primary server – the ip address the primary syslog server. (default: 0.0.0.0) secondary server – the ip address the secondary syslog server. (default: 0.0.0.0) enter time zone – sets the desired time zone + or - gmt. Enable daylight saving – adjusts the clock ...
Page 99
5-51 system log figure 43 sntp sntp server – configures the access point to operate as an sntp client. When enabled, at least one time server ip address must be specified. Primary server: the ip address of an sntp or ntp time server that the access point attempts to poll for a time update. Secondary...
Page 100: Rssi
5-52 c hapter 5: s ystem c onfiguration rssi the rssi value displayed on the rssi page represents a signal to noise ratio. A value of 30 would indicate that the power of the received signal is 30 dbm above the signal noise threshold. This value can be used to align antennas and monitor the quality o...
Page 101: Adio
5-53 radio interface rssi: auto refresh – enables or disables the refreshing of rssi information. Rssi value – the displayed rssi value for a selected port. Port number – selects a specific wds port for which to display the rssi output value. Ports 1-6 are available for a master unit, only port 1 fo...
Page 102
5-54 c hapter 5: s ystem c onfiguration 802.11b/g interface each radio supports up to four virtual access point (vap) interfaces numbered 1to 4. Each vap functions as a separate access point, and can be configured with its own service set identification (ssid) and security settings. However, most ra...
Page 103: 802.11
5-55 radio interface 802.11 a i nterface the ieee 802.11a interface operates within the 5 ghz band, at up to 54 mbps in normal mode or up to 108 mbps in turbo mode. First configure the radio settings that apply to the individual vaps (virtual access point) and the common radio settings that apply to...
Page 104
5-56 c hapter 5: s ystem c onfiguration vlan id – the vlan id assigned to wireless clients associated to the vap interface that are not assigned to a specific vlan by radius server configuration. (default: 1) hide ssid – when enabled, the vap interface does not include its ssid in beacon messages. N...
Page 105
5-57 radio interface c onfiguring c ommon r adio s ettings to configure common radio settings, select the radio settings page, and scroll down to below the vap radio settings. Figure 46 radio settings a and b/g country code – the current country code setting. This setting restricts operation of the ...
Page 106
5-58 c hapter 5: s ystem c onfiguration super mode – the atheros proprietary super a performance enhancements are supported by the access point. These enhancements include bursting, compression, and fast frames. Maximum throughput ranges between 40 to 60 mbps for connections to atheros-compatible cl...
Page 107
5-59 radio interface output antenna – specifies the id number of an approved antenna that is connected to the access point. The options are: 802.11a (5 ghz): original 3com integrated antenna 3cwe591 3com 6/8dbi dual-band omni antenna 3cwe596 3com 18/20dbi dual-band panel antenna 3cwe598 3com 8/10dbi...
Page 108: 802.11
5-60 c hapter 5: s ystem c onfiguration the dtim interval indicates how often the mac layer forwards broadcast/multicast traffic, which is necessary to wake up stations that are using power save mode. The default value of 1 indicates that the access point will save all broadcast/multicast frames for...
Page 109
5-61 radio interface first configure the radio settings that apply to the individual vaps (virtual access point) and the common radio settings that apply to all of the 802.11g interfaces. After you have configured the radio settings, enable the radio service for any of the vap interfaces, and then s...
Page 110
5-62 c hapter 5: s ystem c onfiguration figure 47 radio settings b/g client access mode – selects the operating mode for the 802.11g wireless interface. (default: 802.11b+g) 802.11b+g: both 802.11b and 802.11g clients can communicate with the access point (up to 54 mbps). 802.11b only: both 802.11b ...
Page 111
5-63 radio interface super mode – the atheros proprietary super g performance enhancements are supported by the access point. These enhancements include bursting, compression, fast frames and dynamic turbo. Maximum throughput ranges between 40 to 60 mbps for connections to atheros-compatible clients...
Page 112
5-64 c hapter 5: s ystem c onfiguration c onfiguring w i -f i m ultimedia wireless networks offer an equal opportunity for all devices to transmit data from any type of application. Although this is acceptable for most applications, multimedia applications (with audio and video) are particularly sen...
Page 113
5-65 radio interface wmm operation – wmm uses traffic priority based on the four acs; voice, video, best effort, and background. The higher the ac priority, the higher the probability that data is transmitted. When the access point forwards traffic, wmm adds data packets to four independent transmit...
Page 114
5-66 c hapter 5: s ystem c onfiguration figure 48 wmm backoff times for high-priority traffic, the aifsn and cw values are smaller. The smaller values equate to less backoff and wait time, and therefore more transmit opportunities. To configure wmm, select the radio settings page, and scroll down to...
Page 115
5-67 radio interface support: wmm will be used for any associated device that supports this feature. Devices that do not support this feature may still associate with the access point. Required: wmm must be supported on any device trying to associated with the access point. Devices that do not suppo...
Page 116: Ecurity
5-68 c hapter 5: s ystem c onfiguration s ecurity the access point is configured by default as an “open system,” which broadcasts a beacon signal including the configured ssid. Wireless clients with an ssid setting of “any” can read the ssid from the beacon and automatically set their ssid to allow ...
Page 117
5-69 security the access point can simultaneously support clients using various different security mechanisms. The configuration for these security combinations are outlined in the following table. Note that mac address authentication can be configured independently to work with all security mechani...
Page 118
5-70 c hapter 5: s ystem c onfiguration dynamic wep (802.1x) only authentication: open system encryption: enable 802.1x: required set 802.1x key refresh and re authentication rates local, radius, or disabled yes c 802.1x wpa only authentication: wpa encryption: enable wpa configuration: required cip...
Page 119
5-71 security w ired e quivalent p rivacy (wep) wep provides a basic level of security, preventing unauthorized access to the network, and encrypting data transmitted between wireless clients and the access point. Wep uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that ar...
Page 120
5-72 c hapter 5: s ystem c onfiguration note that all clients share the same keys, which are used for user authentication and data encryption. Up to four keys can be specified. These four keys are used for all vap interfaces on the same radio. To set up wep shared keys, click radio settings under 80...
Page 121
5-73 security encryption – enable or disable the access point to use data encryption (wep, tkip, or aes). If this option is selected when using static wep keys, you must configure at least one key on the access point and all clients. (default: disabled) cipher modes – selects an encryption method fo...
Page 122
5-74 c hapter 5: s ystem c onfiguration key – selects the key number to use for encryption for each vap interface. If the clients have all four keys configured to the same values, you can change the encryption key to any of the four settings without having to update the client keys. (default: key 1)...
Page 123
5-75 security • alphanumeric: enter keys as 5 alphanumeric characters for 64 bit keys, 13 alphanumeric characters for 128 bit keys, or 16 alphanumeric characters for 152 bit keys (802.11a radio only). Key – selects the key number to use for encryption for each vap interface. If the clients have all ...
Page 124
5-76 c hapter 5: s ystem c onfiguration temporal key integrity protocol (tkip): wpa specifies tkip as the data encryption method to replace wep. Tkip avoids the problems of wep static keys by dynamically changing data encryption keys. Basically, tkip starts with a master (temporal) key for each user...
Page 125
5-77 security for wpa2. However, the computational intensive operations of aes-ccmp requires hardware support on client devices. Therefore to implement wpa2 in the network, wireless clients must be upgraded to wpa2-compliant hardware. Wpa2 mixed-mode : wpa2 defines a transitional mode of operation f...
Page 126: Status Information
5-78 c hapter 5: s ystem c onfiguration status information the status page includes information on the following items: access point status the ap status window displays basic system configuration settings, as well as the settings for the wireless interface. Figure 53 ap status ap system configurati...
Page 127
5-79 security system contact: administrator responsible for the system. Ip address: ip address of the management interface for this device. Ip default gateway: ip address of the gateway router between this device and management stations that exist on other network segments. Http server: shows if man...
Page 128
5-80 c hapter 5: s ystem c onfiguration figure 54 station status the station configuration page displays basic connection information for all associated stations as described below. Note that this page is automatically refreshed every five seconds. Station address: the mac address of the wireless cl...
Page 129
5-81 security rogue ap status the neighbor ap detection status window shows the rssi values of neighboring aps detected by the unit during it’s last scan. Figure 55 rogue ap status the neighbor ap detection status table displays the following information: ssid – the service set identifyer for the de...
Page 130
5-82 c hapter 5: s ystem c onfiguration rssi the rssi monitor window performs a realtime scan that shows the rssi values of neighboring aps detected by the unit. The scan is performed when the rssi monitor tab is selected in the status menu. Figure 56 rssi monitor the rssi monitor table displays the...
Page 131
5-83 security bssid – the mac address that identifies the detected device. Event logs the event logs window shows the log messages generated by the access point and stored in memory. Figure 57 event logs the event logs table displays the following information: clear logs: clears the currently stored...
Page 132
5-84 c hapter 5: s ystem c onfiguration.
Page 133: Ommand
6-1 6 c ommand l ine i nterface u sing the c ommand l ine i nterface a ccessing the cli when accessing the management interface either over a direct connection to the console port, or via a telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. ...
Page 134
6-2 c hapter 6: c ommand l ine i nterface telnet connection telnet operates over the ip transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid ip address. Valid ip addresses consist of four numbers, 0 to 255, sepa...
Page 135
6-3 using the command line interface e ntering c ommands this section describes how to enter cli commands. Keywords and arguments a cli command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interf...
Page 136
6-4 c hapter 6: c ommand l ine i nterface showing commands if you enter a “?” at the command prompt, the system will display the first level of keywords for the current configuration mode (exec, global configuration, or interface). You can also display a list of valid keywords for a specific command...
Page 137
6-5 using the command line interface negating the effect of commands for many configuration commands you can enter the prefix keyword “ no ” to cancel the effect of a command or reset the configuration to the default value. For example, the logging command will log system messages to a host server. ...
Page 138
6-6 c hapter 6: c ommand l ine i nterface configuration commands configuration commands are used to modify access point settings. These commands modify the running configuration and are saved in memory. The configuration commands are organized into four different modes: • global configuration (gc) -...
Page 139
6-7 using the command line interface c ommand g roups the system commands can be broken down into the functional groups shown below. Table 9 command groups ctrl-c terminates a task and displays the command prompt. Ctrl-e shifts cursor to end of command line. Ctrl-f shifts cursor to the right one cha...
Page 140: General Commands
6-8 c hapter 6: c ommand l ine i nterface the access mode shown in the following tables is indicated by these abbreviations: exec (executive mode), gc (global configuration), ic-e (interface-ethernet configuration), ic-w (interface-wireless configuration), and ic-w-vap (interface-wireless vap config...
Page 141
6-9 using the command line interface command mode exec example related commands end (6-9) end this command returns to the previous configuration mode. Default setting none command mode global configuration, interface configuration example this example shows how to return to the configuration mode fr...
Page 144: System Management Commands
6-12 c hapter 6: c ommand l ine i nterface example in this example, the show history command lists the contents of the command history buffer: show line this command displays the console port’s configuration settings. Command mode exec example the console port settings are fixed at the values shown ...
Page 145
6-13 using the command line interface username configures the user name for management access gc 6-16 password specifies the password for management access gc 6-17 ip ssh-server enable enables the secure shell server ic-e 6-17 ip ssh-server port sets the secure shell port ic-e 6-18 ip telnet-server ...
Page 146
6-14 c hapter 6: c ommand l ine i nterface country this command configures the access point’s country code, which identifies the country of operation and sets the authorized radio channels. Syntax country country_code > country_code - a two character code that identifies the country of operation. Se...
Page 147
6-15 using the command line interface default setting 99 (no country set) command mode exec command usage • the available country code settings can be displayed by using the country ? Command. Example prompt this command customizes the cli prompt. Use the no form to restore the default prompt. Synta...
Page 148
6-16 c hapter 6: c ommand l ine i nterface default setting ap command mode global configuration example system name this command specifies or modifies the system name for this device. Syntax system name name > name - the name of this host. (maximum length: 32 characters) default setting enterprise o...
Page 149
6-17 using the command line interface command mode global configuration example password after initially logging onto the system, you should set the password. Remember to record it in a safe place. Use the no form to reset the default password. Syntax password password > no password password - passw...
Page 150
6-18 c hapter 6: c ommand l ine i nterface command usage • the access point supports secure shell version 2.0 only. • after boot up, the ssh server needs about two minutes to generate host encryption keys. The ssh server is disabled while the keys are being generated. The show system command display...
Page 151
6-19 using the command line interface command mode interface configuration (ethernet) example ip http port this command specifies the tcp port number used by the web browser interface. Use the no form to use the default port. Syntax ip http port port-number > no ip http port port-number - the tcp po...
Page 152
6-20 c hapter 6: c ommand l ine i nterface command mode global configuration example related commands ip http port (6-19) ip https port use this command to specify the udp port number used for https/ssl connection to the access point’s web interface. Use the no form to restore the default port. Synt...
Page 153
6-21 using the command line interface ip https server use this command to enable the secure hypertext transfer protocol (https) over the secure socket layer (ssl), providing secure access (i.E., an encrypted connection) to the access point’s web interface. Use the no form to disable this function. S...
Page 154
6-22 c hapter 6: c ommand l ine i nterface command mode global configuration command usage • the web redirect feature is used to support billing for a public access wireless network. After successful association to an access point, a client is “redirected” to an access point login web page as soon a...
Page 155
6-23 using the command line interface command mode global configuration command usage • if anyone tries to access a management interface on the access point from an invalid address, the unit will reject the connection, enter an event message in the system log, and send a trap message to the trap man...
Page 156
6-24 c hapter 6: c ommand l ine i nterface default setting all enabled command mode global configuration example this example restricts management access to the indicated addresses. Autoconfig server-status this command enables the unit to operate as a server that provides updated configuration file...
Page 158
6-26 c hapter 6: c ommand l ine i nterface default setting 24 hours command mode global configuration example this example schedules periodic updates every week (168 hours). Autoconfig filename this command specifies the filename to look for when performing a search for a configuration file update. ...
Page 160
6-28 c hapter 6: c ommand l ine i nterface command mode global configuration example this example specifies a username “3com1” to use for communication between the client and the server. Autoconfig password this command specifies a password for authentication between client and server. Syntax autoco...
Page 161
6-29 using the command line interface show autoconfig this command displays the auto-configuration settings. Syntax show autoconfig default setting disable command mode global configuration example this example displays all auto-configuration settings. Autoupgrade client-status this command enables ...
Page 162
6-30 c hapter 6: c ommand l ine i nterface • startup+periodic - schedules a search each time the unit boots up and periodically. The periodic parameter may be configured using the autoconfig interval command. Default setting disabled command mode global configuration example this example schedules a...
Page 163
6-31 using the command line interface autoupgrade directory this command specifies the directory in which to search for firmware updates on the local pc designated to be an auto-upgrade server. Syntax autoupgrade directory drive > • drive - specifies a drive or folder on which to look for firmware u...
Page 164
6-32 c hapter 6: c ommand l ine i nterface default setting 0.0.0.0 command mode global configuration example this example specifies the ip addresses for a server. Autoupgrade password this command specifies the password used to gain access to the server/s for firmware upgrades. Syntax autoupgrade pa...
Page 165
6-33 using the command line interface autoupgrade username this command specifies the username used to gain access to the server/s for firmware upgrades. Syntax autoconfig username string string - the username used to gain access to the server/s specified as having configuration file updates. (lengt...
Page 166
6-34 c hapter 6: c ommand l ine i nterface example this example displays all auto-upgrade settings. Show apmanagement this command shows the ap management configuration, including the ip addresses of management stations allowed to access the access point, as well as the interface protocols which are...
Page 167
6-35 using the command line interface show system this command displays basic system configuration settings. Default setting none command mode exec example ap #show system system information ========================================================== serial number : a123456789 system up time : 0 days...
Page 168
6-36 c hapter 6: c ommand l ine i nterface show version this command displays the software version for the system. Command mode exec example show config this command displays comprehensive and detailed configuration information for the system. Command mode exec example ap #show version version infor...
Page 169
6-37 using the command line interface 802.1x session timeout value : 0 min address filtering : allowed system default : allow addresses not found in filter table. Filter table ----------------------------------------------------------- no filter entries. =============================================...
Page 170
6-38 c hapter 6: c ommand l ine i nterface bridge port/link information (ethernet) =========================================================== port-no : 1 status : enabled state : forwarding priority : 128 path cost : 19 message age timer : inactive message age : 0 designated-root : priority = 0, ma...
Page 171
6-39 using the command line interface forward-transitions : 0 bridge port/link information (wireless a 3) =========================================================== port-no : 12 status : enabled state : forwarding priority : 128 path cost : 19 message age timer : inactive message age : 0 designated...
Page 172
6-40 c hapter 6: c ommand l ine i nterface bridge port/link information (wireless a 6) =========================================================== port-no : 15 status : enabled state : forwarding priority : 128 path cost : 19 message age timer : inactive message age : 0 designated-root : priority = ...
Page 173
6-41 using the command line interface bridge port/link information (wireless g 3) =========================================================== port-no : 18 status : enabled state : forwarding priority : 128 path cost : 19 message age timer : inactive message age : 0 designated-root : priority = 0, ma...
Page 174
6-42 c hapter 6: c ommand l ine i nterface bridge port/link information (wireless g 6) =========================================================== port-no : 21 status : enabled state : forwarding priority : 128 path cost : 19 message age timer : inactive message age : 0 designated-root : priority = ...
Page 175
6-43 using the command line interface id edgecore_vap_g 0, channel 13 (2472 mhz), rssi 6, type ess, privacy 0, rsn 0 jan 02 00:01:32 alert: 802.11g: invalid ap detected: bssid 00-13-f7-0a-2e-aa, ss id 802_11g_wep, channel 6 (2437 mhz), rssi 1, type ess, privacy 0, rsn 0 jan 02 00:01:32 alert: 802.11...
Page 176
6-44 c hapter 6: c ommand l ine i nterface jan 01 19:30:20 information: 802.11g:description updated to enterprise 802.11g access point jan 01 19:30:20 information: 802.11g:description updated to enterprise 802.11g access point jan 01 19:30:20 information: 802.11g:can't enable virtual ap when physica...
Page 177
6-45 using the command line interface traffic filter information ======================================================================= local bridge :traffic among client stas within same vap blocked ap management :enabled ethernet type filter :disabled uplink access table -------------------------...
Page 178
6-46 c hapter 6: c ommand l ine i nterface mic mode : software super a : disabled vlan id : 1 ----------------security------------------------------------------------- closed system : disabled multicast cipher : wep unicast cipher : tkip and aes wpa clients : disabled wpa key mgmt mode : pre shared ...
Page 179
6-47 using the command line interface ac3(voice) : logcwmin: 2 logcwmax: 3 aifsn: 1 admission control: no txop limit: 1.504 ms ========================================================================= wireless interface information ====================================================================...
Page 180
6-48 c hapter 6: c ommand l ine i nterface wmm ap parameters ac0(best effort) : logcwmin: 4 logcwmax: 6 aifsn: 3 admission control: no txop limit: 0.000 ms ac1(background) : logcwmin: 4 logcwmax: 10 aifsn: 7 admission control: no txop limit: 0.000 ms ac2(video) : logcwmin: 3 logcwmax: 4 aifsn: 1 adm...
Page 181
6-49 using the command line interface pre-authentication : disabled authentication type : open ----------------antenna-------------------------------------------------- antenna id : 3cwe591 3com 6/8dbi dual-band omni antenna (external) ----------------quality of service------------------------------...
Page 182
6-50 c hapter 6: c ommand l ine i nterface ----------------802.11 parameters---------------------------------------- transmit power : full (13 dbm) max station data rate : 54mbps multicast data rate : 6mbps fragmentation threshold : 2346 bytes rts threshold : 2347 bytes beacon interval : 100 tus aut...
Page 183
6-51 using the command line interface wmm ap parameters ac0(best effort) : logcwmin: 4 logcwmax: 6 aifsn: 3 admission control: no txop limit: 0.000 ms ac1(background) : logcwmin: 4 logcwmax: 10 aifsn: 7 admission control: no txop limit: 0.000 ms ac2(video) : logcwmin: 3 logcwmax: 4 aifsn: 1 admissio...
Page 184
6-52 c hapter 6: c ommand l ine i nterface common static keys : key 1: empty key 2: empty key 3: empty key 4: empty pre-authentication : disabled authentication type : open ----------------antenna-------------------------------------------------- antenna control method : diversity antenna id : 3cwe5...
Page 185
6-53 using the command line interface ----------------802.11 parameters---------------------------------------- radio mode : b & g mixed mode protection method : cts only transmit power : full (13 dbm) max station data rate : 54mbps multicast data rate : 5.5mbps fragmentation threshold : 2346 bytes ...
Page 186
6-54 c hapter 6: c ommand l ine i nterface txop limit: 3.008 ms ac3(voice) : logcwmin: 2 logcwmax: 3 aifsn: 2 admission control: no txop limit: 1.504 ms wmm ap parameters ac0(best effort) : logcwmin: 4 logcwmax: 6 aifsn: 3 admission control: no txop limit: 0.000 ms ac1(background) : logcwmin: 4 logc...
Page 187
6-55 using the command line interface pmksa lifetime : 720 minutes encryption : disabled default transmit key : 1 common static keys : key 1: empty key 2: empty key 3: empty key 4: empty pre-authentication : disabled authentication type : open ----------------antenna---------------------------------...
Page 188
6-56 c hapter 6: c ommand l ine i nterface ac0(best effort) : logcwmin: 4 logcwmax: 10 aifsn: 3 admission control: no txop limit: 0.000 ms ac1(background) : logcwmin: 4 logcwmax: 10 aifsn: 7 admission control: no txop limit: 0.000 ms ac2(video) : logcwmin: 3 logcwmax: 4 aifsn: 2 admission control: n...
Page 189
6-57 using the command line interface ====================================================== pppoe information ====================================================== state : disabled username : service name : ip allocation mode : dynamic dns negotiation : disabled remote ip : 0.0.0.0 echo interval :...
Page 190
6-58 c hapter 6: c ommand l ine i nterface timeout : 5 interimupdate : 3600 radius accounting secondary server information ======================================== accounting log options : radius authenticated client only accounting server state : down ======================================== rogue ...
Page 191
6-59 using the command line interface engineid :80:00:07:e5:80:00:00:27:04:00:00:00:12 engineboots:5 trap destinations: 1: 0.0.0.0, community: *****, state: disabled 2: 0.0.0.0, community: *****, state: disabled 3: 0.0.0.0, community: *****, state: disabled 4: 0.0.0.0, community: *****, state: disab...
Page 192
6-60 c hapter 6: c ommand l ine i nterface sntp information =========================================================== service state : disabled sntp (server 1) ip : 0.0.0.0 sntp (server 2) ip : 0.0.0.0 current time : 02 : 49, jan 2nd, 1970 time zone : -5 (bogota, eastern, indiana) daylight saving :...
Page 193
6-61 using the command line interface ============================================================== system information ============================================================== serial number : 9tcc7cj094f3a system up time : 1 days, 2 hours, 51 minutes, 42 seconds system name : enterprise outdo...
Page 194: System Logging Commands
6-62 c hapter 6: c ommand l ine i nterface show hardware this command displays the hardware version of the system. Command mode exec example system logging commands these commands are used to configure system logging on the access point. Table 13 system loggign commands logging on this command contr...
Page 195
6-63 using the command line interface command usage the logging process controls error messages saved to memory. You can use the logging level command to control the type of error messages that are stored in memory. Example logging host this command specifies syslog servers host that will receive lo...
Page 196
6-64 c hapter 6: c ommand l ine i nterface logging console this command initiates logging of error messages to the console. Use the no form to disable logging to the console. Syntax [ no ] logging console default setting disabled command mode global configuration example logging level this command s...
Page 197
6-65 using the command line interface command usage messages sent include the selected level down to emergency level. Example logging facility-type this command sets the facility type for remote logging of syslog messages. Syntax logging facility-type type> type - a number that indicates the facilit...
Page 198
6-66 c hapter 6: c ommand l ine i nterface example logging clear this command clears all log messages stored in the access point’s memory. Syntax logging clear command mode global configuration example show logging this command displays the logging configuration. Syntax show logging command mode exe...
Page 199: System Clock Commands
6-67 using the command line interface show event-log this command displays log messages stored in the access point’s memory. Syntax show event-log command mode exec example system clock commands these commands are used to configure sntp and system clock settings on the access point. Table 14 system ...
Page 201
6-69 using the command line interface default setting enabled command mode global configuration command usage the time acquired from time servers is used to record accurate dates and times for log events. Without sntp, the access point only records the time starting from the factory default set at t...
Page 202
6-70 c hapter 6: c ommand l ine i nterface sntp-server daylight-saving this command sets the start and end dates for daylight savings time. Use the no form to disable daylight savings time. Syntax [ no ] sntp-server daylight-saving default setting disabled command mode global configuration command u...
Page 203
6-71 using the command line interface command usage this command sets the local time zone relative to the coordinated universal time (utc, formerly greenwich mean time or gmt), based on the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must i...
Page 204: Dhcp Relay Commands
6-72 c hapter 6: c ommand l ine i nterface dhcp relay commands dynamic host configuration protocol (dhcp) can dynamically allocate an ip address and other configuration information to network clients that broadcast a request. To receive the broadcast request, the dhcp server would normally have to b...
Page 206: Snmp Commands
6-74 c hapter 6: c ommand l ine i nterface snmp commands controls access to this access point from management stations using the simple network management protocol (snmp), as well as the hosts that will receive trap messages. Table 16 snmp commands command function mode page snmp-server community se...
Page 208
6-76 c hapter 6: c ommand l ine i nterface default setting none command mode global configuration example related commands snmp-server location (6-76) snmp-server location this command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location text > ...
Page 209
6-77 using the command line interface snmp-server enable server this command enables snmp management access and also enables this device to send snmp traps (i.E., notifications). Use the no form to disable snmp service and trap messages. Syntax snmp-server enable server no snmp-server enable server ...
Page 210
6-78 c hapter 6: c ommand l ine i nterface • host_name - name of the host. (range: 1-63 characters) • community-string - password-like community string sent with the notification operation. Although you can set this string using the snmp-server host command by itself, we recommend that you define th...
Page 211
6-79 using the command line interface - dot11stationrequestfail - a client station has failed association, re-association, or authentication. - dot1xauthfail - a 802.1x client station has failed radius authentication. - dot1xauthnotinitiated - a client station did not initiate 802.1x authentication....
Page 212
6-80 c hapter 6: c ommand l ine i nterface command usage this command is used in conjunction with the snmp-server host and snmp-server enable server commands to enable snmp notifications. Example snmp-server engine-id this command is used for snmp v3. It is used to uniquely identify the access point...
Page 213
6-81 using the command line interface snmp-server user this command configures the snmp v3 users that are allowed to manage the access point. Use the no form to delete an snmp v3 user. Syntax snmp-server user user-name> user-name - a user-defined string for the snmp user. (32 characters maximum) def...
Page 214
6-82 c hapter 6: c ommand l ine i nterface - group-name - the name of the snmp group to which the user is assigned (32 characters maximum). There are three pre-defined groups: ro, rwauth, or rwpriv. - auth-proto - the authentication type used for user authentication: md5 or none. - a uth-passphrase ...
Page 215
6-83 using the command line interface • ip-addr - specifies the ip address of the management station to receive notifications. • sec-name - the defined snmp v3 user name that is to receive notifications. • version - the snmp version of notifications. Currently only version 3 is supported in this com...
Page 216
6-84 c hapter 6: c ommand l ine i nterface default setting none command mode global configuration command usage • the access point allows up to 10 notification filters to be created. Each filter can be defined by up to 20 mib subtree id entries. • use the command more than once with the same filter ...
Page 217
6-85 using the command line interface command mode global configuration example show snmp groups this command displays the snmp v3 pre-defined groups. Syntax show snmp groups command mode exec example ap(config)#snmp-server filter-assignments mytraps trapfilter ap(config)#exit ap#show snmp target ho...
Page 218
6-86 c hapter 6: c ommand l ine i nterface show snmp users this command displays the snmp v3 users and settings. Syntax show snmp users command mode exec example show snmp group-assignments this command displays the snmp v3 user group assignments. Syntax show snmp group-assignments command mode exec...
Page 219
6-87 using the command line interface show snmp target this command displays the snmp v3 notification target settings. Syntax show snmp target command mode exec example show snmp filter this command displays the snmp v3 notification filter settings. Syntax show snmp filter [ filter-id ] • filter-id ...
Page 220
6-88 c hapter 6: c ommand l ine i nterface show snmp filter-assignments this command displays the snmp v3 notification filter assignments. Syntax show snmp filter-assignments command mode exec example ap#show snmp filter-assignments hostid filterid mytraps trapfilter ap#.
Page 221
6-89 using the command line interface show snmp this command displays the snmp configuration settings. Command mode exec example ap #show snmp snmp information ============================================== service state : enable community (ro) : ***** community (rw) : ***** location : wc-19 contact...
Page 222: Flash/file Commands
6-90 c hapter 6: c ommand l ine i nterface flash/file commands these commands are used to manage the system code or configuration files. Table 17 flash/file commands bootfile this command specifies the image used to start up the system. Syntax bootfile filename > filename - name of the image file. D...
Page 223
6-91 using the command line interface copy this command copies a boot file, code image, or configuration file between the access point’s flash memory and a ftp/tftp server. When you save the configuration settings to a file on a ftp/tftp server, that file can later be downloaded to the access point ...
Page 224
6-92 c hapter 6: c ommand l ine i nterface the following example shows how to download a configuration file: delete this command deletes a file or image. Syntax delete filename > filename - name of the configuration file or image name. Default setting none command mode exec example this example show...
Page 225
6-93 using the command line interface dir this command displays a list of files in flash memory. Command mode exec command usage file information is shown below: example the following example shows how to display all file information: show bootfile this command displays the name of the current opera...
Page 226: Radius Client
6-94 c hapter 6: c ommand l ine i nterface example radius client remote authentication dial-in user service (radius) is a logon authentication protocol that uses software running on a central server to control access for radius-aware devices to the network. An authentication server contains a databa...
Page 227
6-95 using the command line interface default setting none command mode global configuration example radius-server port this command sets the radius server network port. Syntax radius-server [ secondary ] port port_number> • secondary - secondary server. • port_number - radius server udp port used f...
Page 228
6-96 c hapter 6: c ommand l ine i nterface command mode global configuration example radius-server retransmit this command sets the number of retries. Syntax radius-server [ secondary ] retransmit number_of_retries • secondary - secondary server. • number_of_retries - number of times the access poin...
Page 230
6-98 c hapter 6: c ommand l ine i nterface command mode global configuration example show radius this command displays the current settings for the radius server. Default setting none command mode exec example ap(config)#radius-server vlan-format ascii ap (config)# ap #show radius radius server info...
Page 231
6-99 using the command line interface radius accounting radius accounting is a logging service provided by the radius server that contains data on user activity. It is used primarily for billing and statistical purposes. Both users authenticated by radius and non-radius methods (such as mac authenti...
Page 232
6-100 c hapter 6: c ommand l ine i nterface radius-accounting enable this command enables the radius accounting server. Use the no form to disable the feature. Syntax radius-accounting enable no radius-accounting default setting disabled command mode global configuration command usage • when the rad...
Page 233
6-101 using the command line interface default setting none command mode global configuration command usage • when the radius accounting server address is specified user data may be logged to that address. • when a secondary radius accounting server address is specified user data is logged to the pr...
Page 235
6-103 using the command line interface radius-accounting retransmit this command sets the number of retries. Syntax radius-accounting [ secondary ] retransmit number_of_retries • secondary - secondary server. • number_of_retries - number of times the access point will try to authenticate logon acces...
Page 236: 802.1X Authentication
6-104 c hapter 6: c ommand l ine i nterface radius-accounting timeout-interim this command sets the interval between transmitting accounting updates to the radius accounting server. Syntax radius-accounting timeout-interim number_of_seconds> • number_of_seconds - number of seconds the access point w...
Page 238
6-106 c hapter 6: c ommand l ine i nterface • when 802.1x is required, the access point enforces 802.1x authentication for all 802.11 associated stations. If 802.1x authentication is not initiated by the station, the access point will initiate authentication. Only those stations successfully authent...
Page 239
6-107 using the command line interface 802.1x session-key-refresh-rate this command sets the interval at which unicast session keys are refreshed for associated stations using dynamic keying. Syntax 802.1x session-key-refresh-rate rate> rate - the interval at which the access point refreshes a sessi...
Page 240
6-108 c hapter 6: c ommand l ine i nterface example 802.1x-supplicant enable this command enables the access point to operate as an 802.1x supplicant for authentication. Use the no form to disable 802.1x authentication of the access point. Syntax 802.1x-supplicant enable no 802.1x-supplicant default...
Page 241
6-109 using the command line interface command mode global configuration command usage the access point currently only supports eap-md5 chap for 802.1x supplicant authentication. Example show authentication this command shows all 802.1x authentication settings, as well as the address filter table. C...
Page 242: Mac Address Authentication
6-110 c hapter 6: c ommand l ine i nterface mac address authentication use these commands to define mac authentication on the access point. For local mac authentication, first define the default filtering policy using the address filter default command. Then enter the mac addresses to be filtered, i...
Page 244
6-112 c hapter 6: c ommand l ine i nterface address filter delete this command deletes a mac address from the filter table. Syntax address filter delete mac-address> mac-address - physical address of client. (enter six pairs of hexadecimal digits separated by hyphens.) default none command mode glob...
Page 245: Filtering Commands
6-113 using the command line interface related commands address filter entry (6-111) radius-server address (6-94) 802.1x-supplicant user (6-108) mac-authentication session-timeout this command sets the interval at which associated clients will be re-authenticated with the radius server authenticatio...
Page 247
6-115 using the command line interface filter ap-manage this command prevents wireless clients from accessing the management interface on the access point. Use the no form to disable this filtering. Syntax [ no ] filter ap-manage default enabled command mode global configuration example filter uplin...
Page 248
6-116 c hapter 6: c ommand l ine i nterface default disabled command mode global configuration example filter ethernet-type enable this command checks the ethernet type on all incoming and outgoing ethernet packets against the protocol filtering table. Use the no form to disable this feature. Syntax...
Page 249
6-117 using the command line interface filter ethernet-type protocol this command sets a filter for a specific ethernet type. Use the no form to disable filtering for a specific ethernet type. Syntax filter ethernet-type protocol protocol> no filter ethernet-type protocol protocol> protocol - an eth...
Page 250: Wds Bridge Commands
6-118 c hapter 6: c ommand l ine i nterface example wds bridge commands the commands described in this section are used to set the operation mode for each access point interface and configure wireless distribution system (wds) forwarding table settings. Table 23 wds bridge commands ap #show filters ...
Page 252
6-120 c hapter 6: c ommand l ine i nterface when the access point is operating in this mode, traffic is not forwarded to the ethernet port from the radio interface. • up to six wds bridge links (mac addresses) per radio interface can be specified for each unit in the wireless bridge network. One uni...
Page 253
6-121 using the command line interface bridge-link parent this command configures the mac address of the parent bridge node. Syntax bridge-link parent mac-address > mac-address - the wireless mac address of the parent bridge unit. (12 hexadecimal digits in the form “xx-xx-xx-xx-xx-xx”). Default sett...
Page 254
6-122 c hapter 6: c ommand l ine i nterface • in bridge mode, up to five child links can be specified using link index numbers 2 to 6. Index number 1 is reserved for the parent link, which must be set using the bridge parent command. Example bridge dynamic-entry age-time this command sets the time f...
Page 255
6-123 using the command line interface show bridge filter-entry this command displays current entries in the wds forwarding table. Command mode exec example ap#show bridge filter-entry max entry numbers =512 current entry nums =13 **************************************************************** ****...
Page 257: Spanning Tree Commands
6-125 using the command line interface spanning tree commands the commands described in this section are used to set the mac address table aging time and spanning tree parameters for both the ethernet and wireless interfaces. Table 24 bridge commands ap#show bridge link wireless a 2 port-no : 11 sta...
Page 258
6-126 c hapter 6: c ommand l ine i nterface bridge stp enable this command enables the spanning tree protocol. Use the no form to disable the spanning tree protocol. Syntax [ no ] bridge stp enable default setting enabled command mode global configuration example this example globally enables the sp...
Page 259
6-127 using the command line interface command usage this command sets the maximum time (in seconds) the root device will wait before changing states (i.E., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it st...
Page 260
6-128 c hapter 6: c ommand l ine i nterface bridge stp max-age use this command to configure the spanning tree bridge maximum age globally for the wireless bridge. Use the no form to restore the default. Syntax bridge stp max-age seconds > no bridge stp max-age seconds - time in seconds. (range: 6-4...
Page 261
6-129 using the command line interface default setting 32768 command mode global configuration command usage bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the stp root device. However, if all devices have the same p...
Page 262
6-130 c hapter 6: c ommand l ine i nterface bridge-link port-priority use this command to configure the priority for the specified port. Syntax bridge-link port-priority index > priority> • index - specifies the bridge link number on the wireless bridge. (range: 1-6 required on wireless interface on...
Page 263: Ethernet Interface Commands
6-131 using the command line interface example ethernet interface commands the commands described in this section configure connection parameters for the ethernet port and wireless interface. Table 25 ehternet interface commands ap# show bridge stp bridge mac : 00:12:cf:05:b7:84 status : disabled pr...
Page 264
6-132 c hapter 6: c ommand l ine i nterface interface ethernet this command enters ethernet interface configuration mode. Default setting none command mode global configuration example to specify the 10/100base-tx network interface, enter the following command: dns server this command specifies the ...
Page 265
6-133 using the command line interface related commands show interface ethernet (6-136) ip address this command sets the ip address for the access point. Use the no form to restore the default ip address. Syntax ip address ip-address > netmask > gateway > no ip address • ip-address - ip address • ne...
Page 266
6-134 c hapter 6: c ommand l ine i nterface ip dhcp this command enables the access point to obtain an ip address from a dhcp server. Use the no form to restore the default ip address. Syntax [ no ] ip dhcp default setting enabled command mode interface configuration (ethernet) command usage • you m...
Page 268
6-136 c hapter 6: c ommand l ine i nterface command usage this command allows you to disable the ethernet port due to abnormal behavior (e.G., excessive collisions), and reenable it after the problem has been resolved. You may also want to disable the ethernet port for security reasons. Example the ...
Page 269: Wireless Interface Commands
6-137 using the command line interface wireless interface commands the commands described in this section configure connection parameters for the wireless interfaces. Table 26 wireless interface commands command function mode page interface wireless enters wireless interface configuration mode gc 6-...
Page 271
6-139 using the command line interface vap this command provides access to the vap (virtual access point) interface configuration mode. Syntax vap vap-id > vap-id - the number that identifies the vap interface. (options: 0-3) default setting none command mode interface configuration (wireless) examp...
Page 272
6-140 c hapter 6: c ommand l ine i nterface (e.G., setting the speed to 54 mbps limits the effective maximum speed to 108 mbps). Example turbo this command sets the access point to an enhanced proprietary modulation mode (not regulated in ieee 802.11a) that provides a higher data rate of up to 108 m...
Page 273
6-141 using the command line interface multicast-data-rate this command configures the maximum data rate at which the access point transmits multicast and management packets (excluding beacon packets) on the wireless interface. Syntax multicast-data-rate speed> speed - maximum transmit speed allowed...
Page 274
6-142 c hapter 6: c ommand l ine i nterface command usage • the available channel settings are limited by local regulations, which determine the number of channels that are available. • when multiple access points are deployed in the same area, be sure to choose a channel separated by at least two c...
Page 277
6-145 using the command line interface default setting 802.11a: embedded antenna, 802.11b/g: diversity command mode interface configuration (wireless) command usage the antenna id must be selected in conjunction with the antenna control method to configure proper use of any of the antenna options. E...
Page 278
6-146 c hapter 6: c ommand l ine i nterface command usage • the optional external antennas (if any) that are certified for use with the access point are listed by typing antenna control id ? . Selecting the correct antenna id ensures that the access point's radio transmissions are within regulatory ...
Page 279
6-147 using the command line interface beacon-interval this command configures the rate at which beacon signals are transmitted from the access point. Syntax beacon-interval interval> interval - the rate for transmitting beacon signals. (range: 20-1000 milliseconds) default setting 100 command mode ...
Page 280
6-148 c hapter 6: c ommand l ine i nterface command usage • the delivery traffic indication map (dtim) packet interval value indicates how often the mac layer forwards broadcast/multicast traffic. This parameter is necessary to wake up stations that are using power save mode. • the dtim is the inter...
Page 281
6-149 using the command line interface fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to set the fragment size larger if very little or no interference is present because it requires overhead to send multiple frames. Ex...
Page 282
6-150 c hapter 6: c ommand l ine i nterface super-a this command enables atheros proprietary super a performance enhancements. Use the no form to disable this function. Syntax [ no ] super-a default setting disabled command mode interface configuration (wireless - 802.11a) command usage super a enha...
Page 283
6-151 using the command line interface command usage these enhancements include bursting, compression, fast frames and dynamic turbo. Maximum throughput ranges between 40 to 60 mbps for connections to atheros-compatible clients. Example description this command adds a description to a the wireless i...
Page 284
6-152 c hapter 6: c ommand l ine i nterface command mode interface configuration (wireless-vap) command usage clients that want to connect to the wireless network via an access point must set their ssids to the same as that of the access point. Example closed-system this command prohibits access to ...
Page 285
6-153 using the command line interface default setting 64 command mode interface configuration (wireless-vap) example assoc-timeout-interval this command configures the idle time interval (when no frames are sent) after which the client is disassociated from the vap interface. Syntax assoc-timeout-i...
Page 286
6-154 c hapter 6: c ommand l ine i nterface command mode interface configuration (wireless-vap) example shutdown this command disables the wireless interface. Use the no form to restart the interface. Syntax [ no ] shutdown default setting interface enabled command mode interface configuration (wire...
Page 287
6-155 using the command line interface command mode exec example ap #show interface wireless g 0 wireless interface information ========================================================================= ----------------identification------------------------------------------- description : enterprise...
Page 288
6-156 c hapter 6: c ommand l ine i nterface ----------------security------------------------------------------------- closed system : disabled multicast cipher : wep unicast cipher : tkip and aes wpa clients : disabled wpa key mgmt mode : pre shared key wpa psk key type : passphrase wpa psk key : em...
Page 289
6-157 using the command line interface wmm ap parameters ac0(best effort) : logcwmin: 4 logcwmax: 6 aifsn: 3 admission control: no txop limit: 0.000 ms ac1(background) : logcwmin: 4 logcwmax: 10 aifsn: 7 admission control: no txop limit: 0.000 ms ac2(video) : logcwmin: 3 logcwmax: 4 aifsn: 1 admissi...
Page 290
6-158 c hapter 6: c ommand l ine i nterface show station this command shows the wireless clients associated with the access point. Command mode exec example ap #show station station table information ======================================================== if-wireless a vap [0] : 802.11a channel : 6...
Page 291: Rogue Ap Detection Commands
6-159 using the command line interface rogue ap detection commands a “rogue ap” is either an access point that is not authorized to participate in the wireless network, or an access point that does not have the correct security configuration. Rogue aps can potentially allow unauthorized users access...
Page 292
6-160 c hapter 6: c ommand l ine i nterface scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue ap. • a “rogue ap” is either an access point that is not authorized to participate in the wireless network, or an access point...
Page 293
6-161 using the command line interface the access points are allowed or are rogues. If you enable authentication, you should also configure a radius server for this access point (see “radius” on page 8). Example rogue-ap duration this command sets the scan duration for detecting access points. Synta...
Page 294
6-162 c hapter 6: c ommand l ine i nterface rogue-ap interval this command sets the interval at which to scan for access points. Syntax rogue-ap interval minutes - the interval between consecutive scans. (range: 30-10080 minutes) default setting 720 minutes command mode interface configuration (wire...
Page 295: Wireless Security Commands
6-163 using the command line interface example show rogue-ap this command displays the current rogue ap database. Command mode exec example wireless security commands the commands described in this section configure parameters for wireless security on the 802.11a and 802.11g interfaces. Table 28 wir...
Page 297
6-165 using the command line interface command usage • the auth command automatically configures settings for each authentication type, including encryption, 802.1x, and cipher suite. The command auth open-system disables encryption and 802.1x. • to use wep shared-key authentication, set the authent...
Page 298
6-166 c hapter 6: c ommand l ine i nterface • the “required” option places the vap into tkip only mode. The “supported” option places the vap into tkip+aes+wep mode. The “required” mode is used in wpa-only environments. • the “supported” mode can be used for mixed environments with legacy wpa produc...
Page 299
6-167 using the command line interface example related commands key (6-167) key this command sets the keys used for wep encryption. Use the no form to delete a configured key. Syntax key index > size > type > value > no key index • index - key index. (range: 1-4) • size - key size. (options: 64, 128...
Page 300
6-168 c hapter 6: c ommand l ine i nterface example related commands key (6-167) encryption (6-166) transmit-key (6-168) transmit-key this command sets the index of the key to be used for encrypting data frames for broadcast or multicast traffic transmitted from the vap to wireless clients. Syntax t...
Page 301
6-169 using the command line interface • in a mixed-mode environment with clients using static and dynamic keys, select transmit key index 2, 3, or 4. The access point uses transmit key index 1 for the generation of dynamic keys. Example cipher-suite this command defines the cipher algorithm used to...
Page 302
6-170 c hapter 6: c ommand l ine i nterface and a re-keying mechanism. Select tkip if there are clients in the network that are not wpa2 compliant. • tkip defends against attacks on wep in which the unencrypted initialization vector in encrypted packets is used to calculate the wep key. Tkip changes...
Page 303
6-171 using the command line interface command usage • the michael integrity check (mic) is part of the temporal key integrity protocol (tkip) encryption used in wi-fi protected access (wpa) security. The mic calculation is performed in the access point for each transmitted packet and this can impac...
Page 304
6-172 c hapter 6: c ommand l ine i nterface example related commands auth (6-164) pmksa-lifetime this command sets the time for aging out cached wpa2 pairwise master key security association (pmksa) information for fast roaming. Syntax pmksa-lifetime minutes> minutes - the time for aging out pmksa i...
Page 306: Link Integrity Commands
6-174 c hapter 6: c ommand l ine i nterface link integrity commands the access point provides a link integrity feature that can be used to ensure that wireless clients are connected to resources on the wired network. The access point does this by periodically sending ping messages to a host device i...
Page 307
6-175 using the command line interface host does not respond or is unreachable) exceeds the limit set by the link-integrity ping-fail-retry command, the link is determined as lost. Example link-integrity ping-host this command configures the link host name or ip address. Use the no form to remove th...
Page 308
6-176 c hapter 6: c ommand l ine i nterface example link-integrity ping-fail-retry this command configures the number of consecutive failed ping counts before the link is determined as lost. Syntax link-integrity ping-fail-retry counts > counts - the number of failed ping counts before the link is d...
Page 309: Iapp Commands
6-177 using the command line interface show link-integrity this command displays the current link integrity configuration. Command mode exec example iapp commands the command described in this section enables the protocol signaling required to ensure the successful handover of wireless clients roami...
Page 310: Vlan Commands
6-178 c hapter 6: c ommand l ine i nterface between access points from different vendors. This command is used to enable or disable 802.11f handover signaling between different access points, especially in a multi-vendor environment. Example vlan commands the access point can enable the support of v...
Page 311
6-179 using the command line interface vlan this command enables vlans for all traffic. Use the no form to disable vlans. Syntax [ no ] vlan enable default disabled command mode global configuration command description • when vlans are enabled, the access point tags frames received from wireless cli...
Page 312
6-180 c hapter 6: c ommand l ine i nterface command usage the management vlan is for managing the access point. For example, the access point allows traffic that is tagged with the specified vlan to manage the access point via remote management, ssh, snmp, telnet, etc. Example related commands vlan ...
Page 313: Wmm Commands
6-181 using the command line interface wmm commands the access point implements qos using the wi-fi multimedia (wmm) standard. Using wmm, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. Wmm em...
Page 316
6-184 c hapter 6: c ommand l ine i nterface default command mode interface configuration (wireless) example ap parameters wmm parameters ac0 (best effort) ac1 (background) ac2 (video) ac3 (voice) logcwmin 4 4 3 2 logcwmax 10 10 4 3 aifs 3 7 2 2 txop limit 0 0 94 47 admission control disabled disable...
Page 317: Roubleshooting
A-1 a t roubleshooting check the following items before you contact local technical support. 1 if wireless bridge units do not associate with each other, check the following: check the power injector led for each bridge unit to be sure that power is being supplied. Be sure that antennas in the link ...
Page 318
A-2 if authentication is being performed through ieee 802.1x, be sure the wireless users have installed and properly configured 802.1x client software. If mac address filtering is enabled, be sure the client’s address is included in the local filtering database or on the radius server database. If t...
Page 319
A-3 reset the bridge’s hardware using the console interface, web interface, or through a power reset..
Page 320
A-4.
Page 321: Ables
B-1 b c ables and p inouts t wisted -p air c able a ssignments for 10/100base-tx connections, a twisted-pair cable must have two pairs of wires. Each wire pair is identified by two different colors. For example, one wire might be green and the other, green with white stripes. Also, an rj-45 connecto...
Page 322: 10/100Base-Tx P
B-2 10/100base-tx p in a ssignments use unshielded twisted-pair (utp) or shielded twisted-pair (stp) cable for rj-45 connections: 100-ohm category 3 or better cable for 10 mbps connections, or 100-ohm category 5 or better cable for 100 mbps connections. Also be sure that the length of any twisted-pa...
Page 323
B-3 s traight -t hrough w iring because the 10/100 mbps input port on the power injector uses an mdi pin configuration, you must use “straight-through” cable for network connections to hubs or switches that only have mdi-x ports. However, if the device to which you are connecting supports automatic ...
Page 324
B-4 c rossover w iring because the 10/100 mbps port on the power injector uses an mdi pin configuration, you must use “crossover” cable for network connections to pcs, servers or other end nodes that only have mdi ports. However, if the device to which you are connecting supports automatic mdi/mdi-x...
Page 325: 8-P
B-5 8-p in din c onnector p inout the ethernet cable from the power injector connects to an 8-pin din connector on the wireless bridge. This connector is described in the following figure and table. 8-pin din ethernet port pinout pin signal name 1 transmit data plus (td+) 2 transmit data minus (td-)...
Page 326: 8-P
B-6 8-p in din to rj-45 c able w iring to construct an extended ethernet cable to connect from the power injector’s rj-45 output port to the wireless bridge’s 8-pin din connector, follow the wiring diagram below. Use category 5 or better utp or stp cable, maximum length 100 m (328 ft), and be sure t...
Page 327: Lossary
Glossary-1 g lossary 10base-t ieee 802.3 specification for 10 mbps ethernet over two pairs of category 3 or better utp cable. 100base-tx ieee 802.3u specification for 100 mbps fast ethernet over two pairs of category 5 or better utp cable. Access point an internetworking device that seamlessly conne...
Page 328
Glossary-2 broadcast key broadcast keys are sent to stations using 802.1x dynamic keying. Dynamic broadcast key rotation is often used to allow the access point to generate a random group key and periodically update all key-management capable wireless clients. Csma/ca carrier sense multiple access w...
Page 329
Glossary-3 ieee 802.11b a wireless standard that supports wireless communications in the 2.4 ghz band using direct sequence spread spectrum (dsss). The standard provides for data rates of 1, 2, 5.5, and 11 mbps. Ieee 802.11g a wireless standard that supports wireless communications in the 2.4 ghz ba...
Page 330
Glossary-4 radius a logon authentication protocol that uses software running on a central server to control access to the network. Roaming a wireless lan mobile user moves around an ess and maintains a continuous connection to the infrastructure network. Rts threshold transmitters contending for the...
Page 331
Glossary-5 network services. All the services are delivered using a single radio channel, enabling virtual ap technology to optimize the use of limited wlan radio spectrum. Virtual lan (vlan) a virtual lan is a collection of network nodes that share the same collision domain regardless of their phys...
Page 332
Glossary-6.
Page 333: Ndex
Index-7 i ndex numbers 802.11g 6-138 a aes 5-76 authentication 5-12 cipher suite 6-165 closed system 6-152 configuring 5-12 mac address 5-14, 6-110, 6-111 type 4-9, 5-68, 6-152 web redirect 5-16, 6-22 auto-configuration 5-38 enabling 6-24 enabling the client 6-25 interval 6-25 password 6-28 settings...
Page 334
Index-8 f factory defaults restoring 6-11 filter 5-17, 6-110 address 5-12, 6-110 between wireless clients 6-114 local bridge 6-114 local or remote 5-12, 6-112 management access 5-20, 6-115 protocol types 5-20, 6-116 vlans 5-56, 6-178 firmware displaying version 5-36, 6-36 upgrading 5-35, 5-36, 6-91 ...
Page 335
Index-9 threshold 5-60, 6-149 s secure socket layer see ssl security, options 5-68 session key 5-13, 5-16, 6-107 shared key 4-9, 5-75, 6-167 simple network time protocol see sntp snmp 5-22, 6-74 community name 6-75 community string 6-75 enabling traps 5-24, 6-77 trap destination 5-24, 6-77 trap mana...