3Com OfficeConnect WX1200 Reference Manual

Other manuals for OfficeConnect WX1200: User Manual, Command Reference Manual, Configuration Manual, Hardware Installation Manual, Reference manual, Command Reference Manual, Quick Start Manual, Quick Start Manual, Quick Start Manual, Release Note

Manual is about: Wireless LAN Mobility System Wireless LAN Switch and Controller

Page of 520

Download

Print this page

Bookmark us

http://www.3Com.com/

Part No.

10015404 Rev. AA

Published August 2006

Wireless LAN Mobility System

Wireless LAN Switch Manager

Reference Manual

WX4400

3CRWX440095A

WX1200

3CRWX120695A

WXR100

3CRWXR10095A

WX2200

3CRWX220095A

1 2 3 4 5 6 7 Next › »

Summary of OfficeConnect WX1200

Page 1
Http://www.3com.Com/ part no. 10015404 rev. Aa published august 2006 wireless lan mobility system wireless lan switch manager reference manual wx4400 3crwx440095a wx1200 3crwx120695a wxr100 3crwxr10095a wx2200 3crwx220095a.
Page 2
3com corporation 350 campus drive marlborough, ma usa 01752-3064 copyright © 2006, 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without writt...
Page 3: Ontents
C ontents a bout t his g uide conventions 17 documentation 18 documentation comments 19 1 i nstalling 3wxm hardware requirements 21 hardware requirements for 3wxm client 21 hardware requirements for 3wxm monitoring service 22 software requirements 23 preparing for installation 23 user privileges 23 ...
Page 4
Copying, pasting, and deleting objects 44 copy and paste in the organizer panel 44 copy and paste replace in the organizer panel 45 copy and paste in the content panel 45 enabling keyboard shortcut mnemonics (windows xp only) 46 3 g etting s tarted starting 3wxm 49 restricting access to 3wxm 52 crea...
Page 5
5 p lanning the 3c om m obility s ystem rf planning overview 71 accessing the rf planning tools 72 creating or modifying a site 74 creating or modifying buildings in a site 76 creating or modifying floors 79 importing or drawing floor details 80 importing a drawing of a floor 80 file recommendations...
Page 6: Wx S
Reading the rf measurement table 155 generating rf network design information 157 6 c onfiguring wx s ystem p arameters wx switch configuration objects 159 adding a wx switch to the network plan 163 creating a wx switch as part of rf planning 163 creating a wx switch using the create wireless switch...
Page 7
Viewing management service settings 188 changing management service settings 188 configuring snmp 189 viewing and setting log and trace settings 200 viewing log settings 200 changing log settings 200 viewing and configuring ip services settings 203 viewing ip services setting 203 creating a static r...
Page 8
7 c onfiguring w ireless p arameters viewing and configuring wireless services 237 wireless service parameters 238 viewing wireless services 243 configuring an 802.1x wireless service 244 configuring a voice over wireless service 246 configuring a web-portal (webaaa) service 249 configuring an open ...
Page 9: , A
Adding an entry to the client black list 286 enabling countermeasures 286 enabling map signatures 287 8 c onfiguring a uthentication , a uthorization , and a ccounting p arameters creating and managing users in the local user database 289 viewing users and groups in the local database 290 creating a...
Page 10: Wx S
Viewing and configuring aaa support for third-party ap users 324 viewing settings for third-party ap aaa support 324 creating a proxy access rule 324 configuring a radius proxy for a client 326 specifying the wx port connected to the third-party ap 326 viewing and changing location policy rules 327 ...
Page 11
Synchronizing local and network changes 352 reviewing switch configuration changes 352 accepting network changes 353 undoing local or network changes 353 deploying switch configuration changes 354 synchronizing when the network and 3wxm have nonmatching changes 355 distributing system images 356 usi...
Page 12
13 c onfiguring and a pplying p olicies how changes are managed 375 policies created when you migrate a 3.X network plan to 4.1 375 viewing policies 376 creating a policy 376 configuring feature settings in a policy 377 applying policy changes to switches 377 14 u sing the e vent l og displaying the...
Page 13
Generating a site survey order 400 generating a work order 401 16 m onitoring the n etwork overview 403 requirements for monitoring 404 accessing monitored data 404 using the explore window 405 toolbar options 407 threshold flags 409 displaying object details 412 displaying 802.11 coverage 412 takin...
Page 14: 3Wxm P
Using the rogue detection screen 464 toolbar options 465 filtering the rogue list 466 displaying rogue details 467 displaying a rogue’s geographical location 470 ignoring friendly third-party devices 472 adding a device to the attack list 473 converting a rogue into a third party ap 473 to convert a...
Page 15: 3Wxm S
B c hanging 3wxm s ervices p references overview 493 starting or stopping the 3wxm services 494 starting or stopping 3wxm services on windows systems 495 starting or stopping 3wxm services on linux systems 496 connecting to 3wxm services 497 certificate check 498 verifying that the 3wxm client is re...
Page 17: Bout
A bout t his g uide this manual shows you how to plan, configure, deploy, and manage a mobility system wireless lan (wlan) using the 3com wireless lan switch manager (3wxm). Read this manual if you are a network administrator or a person responsible for managing a wlan. If release notes are shipped ...
Page 18
18 a bout t his g uide this manual uses the following text and syntax conventions: documentation the 3wxm documentation set includes the following documents. Wireless lan switch manager (3wxm) release notes these notes provide information about the 3wxm software release, including new features and b...
Page 19
Documentation comments 19 wireless lan switch manager reference manual this manual shows you how to plan, configure, deploy, and manage a mobility system wireless lan (wlan) using the 3com wireless lan switch manager (3wxm). Wireless lan switch manager user’s guide this guide shows you how to plan, ...
Page 20
20 a bout t his g uide example: wireless lan switch and controller configuration guide part number 730-9502-0071, revision b page 25 please note that we can only respond to comments and questions about 3com product documentation at this e-mail address. Questions related to technical support or sales...
Page 21: Nstalling
1 i nstalling 3wxm this chapter describes how to install 3com wireless lan switch manager (3wxm). Hardware requirements hardware requirements for 3wxm client table 3 shows the minimum and recommended requirements to run the 3wxm client on windows and linux platforms. Table 3 hardware requirements fo...
Page 22
22 c hapter 1: i nstalling 3wxm hardware requirements for 3wxm monitoring service table 4 shows the minimum and recommended requirements to run the 3wxm monitoring service on windows and linux platforms. Table 5 contains general recommended guidelines for hardware requirements and memory allocation ...
Page 23
Software requirements 23 software requirements 3wxm client and 3wxm monitoring services are each supported on the following operating systems: microsoft windows server 2003 microsoft windows xp with service pack 1 (sp1) or later microsoft windows 2000 with service pack 4 suse linux 9.1 and red hat w...
Page 24
24 c hapter 1: i nstalling 3wxm serial number and license key 3wxm comes with a base license key, which is provided on the cd cover. To use 3wxm services, you need to enter the base key and an activation key, which you obtain from 3com. The base key and activation key enable you to manage up to 10 w...
Page 25
Installing 3wxm 25 2 open the 3com wireless switch management folder. 3 select 3com wireless switch manager. 4 click the view button. The 3com wireless lan switch manager (3wxm) information screen appears. 5 click the install button. The installation begins. During the installation, the 3com wireles...
Page 26
26 c hapter 1: i nstalling 3wxm 6 when the installation is complete, maximize the 3com wireless switch manager installation wizard screen, and then press the contents button. 7 press the exit button to close the wizard, or navigate to the other items on the cd. See “getting started” on page 49 for m...
Page 27
Installation log file 27 using the installation wizard to use the installation wizard on a linux system: 1 on the choose installation type page, choose one of the following: to install both the 3wxm server and the client, click the 3wxm services icon. To install only the 3wxm client, click the 3wxm ...
Page 28
28 c hapter 1: i nstalling 3wxm upgrading 3wxm you can upgrade 3wxm by installing a newer version of 3wxm over a previous version. You do not need to uninstall the previous version before installing a newer version. Before you upgrade, 3com recommends that you make a backup of the config-db director...
Page 29
Uninstalling 3wxm on windows systems 29 3 click uninstall. The 3wxm uninstall options dialog appears. By default, the following are removed when you uninstall the client application: network plans access control if the monitoring service was also installed, the monitoring service’s database director...
Page 30
30 c hapter 1: i nstalling 3wxm uninstalling 3wxm on linux systems to uninstall 3wxm on linux systems: 1 log in as superuser. 2 in a shell window, change directories to the 3wxm installation directory. By default, the installation directory is /opt/3wxm. 3 at the prompt, enter cd uninstallerdata. 4 ...
Page 31: Orking
2 w orking with the 3wxm u ser i nterface this chapter describes how to use the 3com wireless lan switch manager (3wxm) interface. Overview when you start 3wxm client and log into 3wxm services, the network plan is displayed by the 3wxm client. Toolbar organizer panel content panel alerts panel lock...
Page 32
32 c hapter 2: w orking with the 3wxm u ser i nterface the network plan is the workspace in 3wxm you use to design and manage a 3com network. The network plan defines the following: network equipment (wx switches, maps, and third-party access points) network site, including floor plans, rf character...
Page 33
Display panels 33 the organizer panel can contain the following object trees, depending on the option selected on the tool bar: policies (displayed by the policies tool bar option) — the set of device configuration policies included in your network plan. Equipment (displayed by the configuration too...
Page 34
34 c hapter 2: w orking with the 3wxm u ser i nterface to expand the view of an object in the tree, click on the plus sign next to the object. For example, to display the buildings in a site, click on the plus sign next to the site name. To display the floors in the building, click next to the build...
Page 35
Display panels 35 content panel the content panel displays information or configuration settings, based on the selected tool bar option. The content panel is located to the right of the organizer panel. (see the figure on page 31.) the policies, rf planning, and configuration tool bar options displa...
Page 36
36 c hapter 2: w orking with the 3wxm u ser i nterface saving or discarding configuration changes when you select the policies, rf planning, or configuration tool bar option, the content panel contains a save button and a discard button. Save—click save to send unsaved configuration changes to 3wxm ...
Page 37
Display panels 37 to resolve errors and deploy the changes, use the verification option. The verification option provides detailed information for errors and warnings and enables you to resolve them. Generally, you can resolve an error or warning by ignoring it or by clicking a link to open a config...
Page 38
38 c hapter 2: w orking with the 3wxm u ser i nterface some wizards contain multiple pages. Click the next and previous buttons at the bottom of a wizard to navigate among the wizard’s pages. The finish button saves the changes. If applicable, saving the changes also results in the newly configured ...
Page 39
Display panels 39 properties dialogs to open a version of the configuration wizard that contains all the configurable settings for the object, even ones that rarely need to be changed, select the object in the table, then click properties. Resizing a display panel you can resize a panel by clicking ...
Page 40
40 c hapter 2: w orking with the 3wxm u ser i nterface menu bar options table 8 lists the options available from the menu at the top of the main 3wxm window. Click on a menu category to display the options for that category. Table 8 3wxm menu options menu option description file connect log on to 3w...
Page 41
Tool bar options 41 tool bar options table 9 lists the options available from the tool bar of the main 3wxm window. Click on an option to open the data or tabs for that option. Some tool bar options fill the content panel. Others fill the entire window area under the tool bar. The larger icons provi...
Page 42
42 c hapter 2: w orking with the 3wxm u ser i nterface rf planning display the tree of configured sites in the organizer panel. To display information about a site or an object in that site, click on it. The information appears in the content panel. To perform site-related tasks, click task links in...
Page 43
Tool bar options 43 verification display the config verification and network verification tabs. The verification tabs enable you to troubleshoot configuration issues on wx switches in the network plan or in the live network. To display more information about an error or warning message, click on the...
Page 44
44 c hapter 2: w orking with the 3wxm u ser i nterface copying, pasting, and deleting objects you can copy, paste, and delete objects in the organizer panel or in the content panel. In the organizer panel, right-click on an object to display a menu with the following options: copy—copy the selected ...
Page 45
Copying, pasting, and deleting objects 45 copy and paste replace in the organizer panel to replace an object with the copy and paste replace options: 1 select the object you want to copy in the organizer panel. 2 right-click on the object and select copy. 3 select the object you want to replace. 4 r...
Page 46
46 c hapter 2: w orking with the 3wxm u ser i nterface enabling keyboard shortcut mnemonics (windows xp only) keyboard shortcut mnemonics (also called action mnemonics) in 3wxm underline shortcut characters in action names in toolbars and menus. When a character is underlined, you can press the corr...
Page 47
Enabling keyboard shortcut mnemonics (windows xp only) 47 4 clear the box labeled hide underlined letters for keyboard navigation until i press the alt key. Clearing this option allows programs to show the underlined character for mnemonics in 3wxm. 5 click ok. 6 in the display properties dialog box...
Page 48
48 c hapter 2: w orking with the 3wxm u ser i nterface.
Page 49: Etting
3 g etting s tarted this chapter contains information about starting 3com wireless lan switch manager (3wxm), restricting access to 3wxm, creating and managing network plans, and defining a mobility domain. Starting 3wxm the following steps describe how to start 3wxm. You must install a license key ...
Page 50
50 c hapter 3: g etting s tarted if this is the first time you are starting 3wxm, or you have not yet activated your license, the client will not establish a connection to the server when you click next. Instead, the client will briefly contact the server, then display the following message: missing...
Page 51
Starting 3wxm 51 8 if you plan to manage 10 or fewer wireless lan switches, click finish and go to step 13. If you plan to manage more than 10 wireless lan switches, click next and go to step 9. If you are activating an evaluation copy, you can manage up to 10 wireless lan switches. 9 type the upgra...
Page 52
52 c hapter 3: g etting s tarted restricting access to 3wxm by default, all users who have been successfully authenticated to a system with 3wxm installed on it can run 3wxm. You can restrict the users allowed to access 3wxm on a system and define their access privileges by creating three types of 3...
Page 53
Restricting access to 3wxm 53 creating an administrator account before you can restrict user access to 3wxm, you must create an administrator account. After creating an administrator account, you can create provision or monitor accounts. To create an administrator account: 1 select tools > 3wxm serv...
Page 54
54 c hapter 3: g etting s tarted creating provision or monitor accounts after creating an administrator account, you can create provision or monitor accounts. To create a provision or monitor account: 1 access the 3wxm services setup dialog box. 2 to add a provision user account, click add provision...
Page 55: Orking
4 w orking with n etwork p lans a network plan is the workspace in 3wxm you use to design a 3com network. In a network plan, you define components of the network (wx switches, map access points, and optional third-party access points). Regardless of whether you intend to use physical planning featur...
Page 56
56 c hapter 4: w orking with n etwork p lans creating a network plan to create a network plan: 1 from the main 3wxm window, select file > new. The create network plan wizard appears. 2 in the network plan name box, type a name for the network plan. You can use 1 to 60 alphanumeric characters, with n...
Page 57
Managing network plans 57 wireless switch—use a wizard to configure basic switch parameters. (see “using the create wireless switch wizard” on page 167.) third-party ap—add a third-party ap for use in network planning. (see “creating a third-party ap” on page 65.) country code—change the regulatory ...
Page 58
58 c hapter 4: w orking with n etwork p lans 3com recommends that you regularly back up the config-db directory so that you have additional copies of your network plans. (in addition to this section, see “managing network plans” on page 506.) if the plan has unsaved changes and 3wxm services becomes...
Page 59
Managing network plans 59 to open a network plan: 1 establish a connection to the 3wxm services host on which the network plan is saved. You can do this by restarting 3wxm or selecting file > open, and then entering the ip address of the 3wxm services host in the 3wxm services connection dialog box....
Page 60
60 c hapter 4: w orking with n etwork p lans 3wxm compares the object names in the plan to be imported with the object names in the open plan. If both plans have objects of the same name and type, the objects are listed and conflict appears in the status column. 3 do one of the following, depending ...
Page 61
Managing network plans 61 to delete a network plan 1 in the main 3wxm window, select file > delete network plan. The delete network plan wizard appears. 2 select the network plan you want to delete from the list. 3 click next. The network plan is deleted. 4 click finish. Sharing a network plan since...
Page 62
62 c hapter 4: w orking with n etwork p lans to disable notification 1 in the main 3wxm window, select tools > preferences. 2 click the persistence tab. 3 to disable change notification, clear plan change notification. 4 click close. Defining a mobility domain a mobility domain is a collection of wx...
Page 63
Defining a mobility domain 63 mobility domain communications are stable. Generally, the communications required for roaming are the same as those required for vlan tunneling. Roaming between ports on a wx is possible even if the mobility domain is down. Authentication, authorization, and accounting ...
Page 64
64 c hapter 4: w orking with n etwork p lans traffic ports used by a mobility domain when deploying a mobility domain, you might attach the wx switches to subnets that have firewalls or access controls between them. Within a mobility domain, the wx switches exchange information and other types of tr...
Page 65
Creating a wx switch 65 6 in the available devices list, select the wx switches you want to add to the mobility domain. 7 click next. 8 select the switch to act as the seed switch for the mobility domain. 9 click finish. Creating a wx switch 1 select the configuration tool bar option. 2 in the organ...
Page 66
66 c hapter 4: w orking with n etwork p lans 9 in the http port number box, specify the port number for http service. 10 click next. 11 in the ap model drop-down list, select one of the following: ap (dual radio)—802.11a and 802.11b or 802.11b/g ap (single radio)—802.11a, 802.11b, or 802.11g 12 in t...
Page 67
Changing the country code 67 changing the country code the country code determines the valid radio types as well as channel numbers and power settings for map radios. The country code is one of the parameters you set when you create a network plan. If you need to change a plan’s country code, use th...
Page 68
68 c hapter 4: w orking with n etwork p lans 5 select the scope: mobility domain wx switch radio profile individual map radio to select a radio profile, display it first by clicking on the plus sign next to the wx switch. To select an individual radio, display it first by displaying its radio profil...
Page 69
Converting auto daps into statically configured aps 69 converting auto daps into statically configured aps distributed maps that are not configured on any wx switches in the mobility domain can nonetheless be booted and managed by a switch if the switch has a profile for distributed maps, and has ca...
Page 70
70 c hapter 4: w orking with n etwork p lans to simplify configuration, 3wxm assumes that the extent of the network domain is the same as extent of the entire network plan. 3wxm also automatically sets the seed affinities on each switch as described in table 11. 3com recommends that you allow 3wxm t...
Page 71: Lanning
5 p lanning the 3c om m obility s ystem the 3com wireless lan switch manager (3wxm) planning tools help you plan your mobility system. This chapter discusses the building wizard and describes how to create a site, create or modify buildings, import or draw floor details, specify the rf characteristi...
Page 72
72 c hapter 5: p lanning the 3c om m obility s ystem accessing the rf planning tools to access the rf planning tools, select the rf planning tool bar option and do one of the following: if you are creating a new building, click on the site name in the organizer panel and select create building in th...
Page 73
Rf planning overview 73 adjust the paper space (crop the drawing). Define the drawing scale. Change the grid size. Zoom in. Zoom out. Fit view in window. Print the view displayed in the floor display area. Toggle ap label. Copy selected objects. Paste selected objects. Undo last change. Redo last ch...
Page 74
74 c hapter 5: p lanning the 3c om m obility s ystem creating or modifying a site a site is a folder that contains the buildings in the network plan. A site usually represents a campus of geographically colocated buildings. If your network plan encompasses multiple campuses, create a site for each c...
Page 75
Creating or modifying a site 75 1 in the site name box, type a name for the site (1 to 80 alphanumeric characters, with no spaces or tabs). 2 to change the country code, select setup country code in the task list panel, then in the change country code dialog, select the country where the network is ...
Page 76
76 c hapter 5: p lanning the 3c om m obility s ystem creating or modifying buildings in a site to create or modify a building in a site: 1 select the rf planning tool bar option. 2 in the organizer panel, click the site name. 3 do one of the following: if you are creating a new building, click on th...
Page 77
Creating or modifying buildings in a site 77 1 in the building name box, type the name of the building (1 to 30 alphanumeric characters, with no spaces or tabs). 2 in the task list panel, under other, click edit building. The edit building dialog box is displayed. 3 in the number of floors box, spec...
Page 78
78 c hapter 5: p lanning the 3c om m obility s ystem 4 in the starting floor level box, specify the floor number of the first floor in the building. To start with a subterranean floor, you can specify 0 or a negative floor number. 5 in the skip floor levels box, specify floor numbers you want to ski...
Page 79
Creating or modifying floors 79 creating or modifying floors to create or modify a floor in a building: 1 select the rf planning tool bar option. 2 in the organizer panel, click the building name. 3 do one of the following: if you are creating a new floor, click on the building name in the organizer...
Page 80
80 c hapter 5: p lanning the 3c om m obility s ystem 6 in the height of the ceiling box, type the number of feet or meters from the floor to the ceiling (1 to 1000 feet or meters). The ceiling height is based on the surface of the ceiling where the access points will be mounted, not on the center of...
Page 81
Importing or drawing floor details 81 file recommendations for optimal results, use a dwg or dxf drawing. These types of drawings are made of vector graphics line objects (lines), which you can easily convert into rf obstacles after importing the drawing into 3wxm. In addition, the drawing objects a...
Page 82
82 c hapter 5: p lanning the 3c om m obility s ystem in autocad, when you load the drawing file, you might see messages about the files not being found. To check for external references, you can select insert > xref manager. If you look at the layers, externally referenced layers have a common prefi...
Page 83
Importing or drawing floor details 83 to check the contents of the invisible layers to make sure the information can be discarded, reverse the frozen/unfrozen status of all layers, to that only the layers that normally are frozen are visible. In turbocad, delete the unneeded layers. In autocad, clic...
Page 84
84 c hapter 5: p lanning the 3c om m obility s ystem to move objects to the new rf layers, click-drag to select objects, select modify >properties, and change the objects’ layer. Save the drawing on dwg and dxf formats, in case one format does not import well. To save the file into a specific format...
Page 85
Importing or drawing floor details 85 importing the drawing to import a floor drawing: 1 select the rf planning tool bar option. 2 in the organizer panel, click on the plus sign next to the building to expand it, then click on the name of the floor for which you are importing the drawing. An empty f...
Page 86
86 c hapter 5: p lanning the 3c om m obility s ystem figure 1 floor plan after importing at this point, you can edit the floor contents. Go to “cropping the paper space”, next, to begin. Cropping the paper space you can crop the paper space of a drawing to remove unneeded space and objects around th...
Page 87
Importing or drawing floor details 87 if you click yes, all objects and paper space outside the area you selected are removed and the image is resized to fill the removed space. Figure 1 on page 86 shows the same floor plan as figure 2 (below) after cropping the paper space. Figure 2 floor plan afte...
Page 88
88 c hapter 5: p lanning the 3c om m obility s ystem adjusting the origin point 3wxm uses a building’s origin point to understand what is above or below a given floor. When calculating rf coverage, 3wxm needs to understand where map access points on adjacent floors are located so that 3wxm can take ...
Page 89
Importing or drawing floor details 89 in this example, the origin point has been moved to an interior shaft. Working with layers most drawings contain multiple layers of information. 3wxm allows you to hide, add and delete individual layers. You also can add and remove objects and move objects from ...
Page 90
90 c hapter 5: p lanning the 3c om m obility s ystem for best performance and simpler planning, 3com recommends that you hide or remove unnecessary layers and remove unnecessary objects. The clean layout option automatically deletes all objects that meet the cleanup criteria, which you can modify. (...
Page 91
Importing or drawing floor details 91 adding or removing a layer to add a new layer to a drawing, do the following: 1 right-click the list of layers in the organizer panel. 2 select add layer from the menu that is displayed. 3wxm adds the new layer to the list and highlights its name so you can edit...
Page 92
92 c hapter 5: p lanning the 3c om m obility s ystem to clean up a drawing 1 display the floor plan in the content panel. 2 in the task list panel, under rf planning, click clean layout. The floor plan clean up wizard appears. 3 in the remove lines and remove objects group boxes, click next to any i...
Page 93
Importing or drawing floor details 93 6 to change the maximum size of objects to be removed, type the new horizontal and vertical dimensions in the x-axis and y-axis boxes. 3wxm removes all objects that fit within both the specified axes. 7 in the layer list group box, select the layers you want to ...
Page 94
94 c hapter 5: p lanning the 3c om m obility s ystem 10 do one of the following: click finish to accept the changes. Click previous to change the cleanup constraints. Go back to step 2 on page 77. Click cancel to cancel the changes..
Page 95
Importing or drawing floor details 95 drawing floor objects manually you can use the free draw palette to add objects to your floor drawing that are not related to rf obstacles (for example, a conference room table). The tools for drawing non-rf objects work the same as the tools for drawing rf obje...
Page 96
96 c hapter 5: p lanning the 3c om m obility s ystem specifying the rf characteristics of a floor 3wxm uses rf attenuation information in the floor plan when calculating how many maps you need and where to place them to provide the wireless coverage required for the floor. The rf attenuation informa...
Page 97
Specifying the rf characteristics of a floor 97 converting objects into rf obstacles you have several options when creating rf obstacles: convert all objects in a layer of a cad drawing into rf obstacles. Convert all objects in an area of the drawing into rf obstacles. Convert multiple objects in th...
Page 98
98 c hapter 5: p lanning the 3c om m obility s ystem to create rf obstacles by grouping objects you can group several objects in a drawing to specify them as one rf obstacle. For example, if a wall consists of several lines, the lines can be grouped. If you subsequently ungroup the objects, the rf o...
Page 99
Specifying the rf characteristics of a floor 99 3 in the attenuation factor boxes, specify the attenuation factor for 802.11a and 802.11b/g technology (0 to 100 db). The default is the typical attenuation factor for the material chosen. 4 click finish to save the changes and close the dialog box. If...
Page 100
100 c hapter 5: p lanning the 3c om m obility s ystem using an object other than a line to represent an rf obstacle’s dimensions does not materially affect the calculation of rf attenuation. When 3wxm calculates attenuation along any vector passing through the obstacle, it counts the obstacle’s rf a...
Page 101
Specifying the rf characteristics of a floor 101 to use this method, perform the following tasks: 1 in 3wxm, identify the major rf obstacles and assign an attenuation value to them. You can select any attenuation value. 3wxm will use the rf measurement data from the site survey to correct the attenu...
Page 102
102 c hapter 5: p lanning the 3c om m obility s ystem site survey recommendations this manual does not describe how to use the site survey application. For this information, consult the ekahau site survey documentation. When conducting the survey, use the following best practices for optimal results...
Page 103
Specifying the rf characteristics of a floor 103 5 click yes next to file. 6 in the file format listbox, select ekahau. 7 click choose to navigate to the csv file that contains the los points. 8 click next. The mac addresses of the los points appear..
Page 104
104 c hapter 5: p lanning the 3c om m obility s ystem 9 click next to the mac address of each los point you want to import. The mac addresses are associated with specific radio types. Select the mac addresses for the radio types you want to use in the network. 10 click finish. 11 place the los point...
Page 105
Specifying the rf characteristics of a floor 105 when you place an los point onto the floor plan, the icon disappears from the organizer panel. To create los points in 3wxm 1 display the floor plan in the content panel. 2 in the task list panel, click tools. 3 under site survey, click the icon. 4 on...
Page 106
106 c hapter 5: p lanning the 3c om m obility s ystem 5 in the name box, type a name for the los point and click next. 6 in the ap model listbox, select the type or model of ap you plan to use for the portable ap. If the model is not listed, select ap (dual radio) for a dual-radio ap or ap (single r...
Page 107
Specifying the rf characteristics of a floor 107 9 in the channel number listbox, specify the channel number on which the ap radio will be operating. 10 in the transmit power listbox, specify the transmit power of the ap’s radio. 11 in the mac address box, type the mac address you want to use for th...
Page 108
108 c hapter 5: p lanning the 3c om m obility s ystem to move an los point to move an los icon, click-and-drag to select the icon and move it to its new location. To temporarily remove an los point onto the objects to place tab to temporarily remove an los point from the floor without deleting it, c...
Page 109
Specifying the rf characteristics of a floor 109 4 select the scope for which you want generate a site survey order. You can specify the network plan, an individual site, an individual building, or an individual floor. 5 select the language for the site survey order: english german 6 to specify the ...
Page 110
110 c hapter 5: p lanning the 3c om m obility s ystem 9 select a floor to display los point information for that floor. Scroll down to view the mac address assignments for the los points. Use the instructions in the ekahau site survey initial setup section of the work order to set up the survey. Whe...
Page 111
Specifying the rf characteristics of a floor 111 4 click yes next to file. 5 in the format listbox, select ekahau. 6 click choose to navigate to the csv file that contains the rf measurement data. 7 in the map name field, specify the map name. The map name must match the name specified in the site s...
Page 112
112 c hapter 5: p lanning the 3c om m obility s ystem applying the rf measurements to the floor plan 1 under site survey in the task list panel, click optimize. A wizard appears, listing the progress of the request. The total number of rf measurements that did not intersect any object line lists the...
Page 113
Defining wireless coverage areas 113 you must also identify the wireless technology required (802.11a or 802.11b/g) for coverage areas. For areas requiring multiple wireless technologies, two completely overlapping coverage areas are created—one for 802.11a and one for 802.11b/g. You define coverage...
Page 114
114 c hapter 5: p lanning the 3c om m obility s ystem 5 in the name box, type the name of the wiring closet (1 to 60 characters, with no tabs). 6 if you have not defined a wx switch in 3wxm, click finish to save the changes. Otherwise, go to step 7. 3wxm determines how many wx switches are needed wh...
Page 115
Defining wireless coverage areas 115 defining a coverage area using the coverage area drawing tool, you can specify the coverage area graphically on your floor plan. You perform the following tasks to define a coverage area: 1 “drawing a coverage area” on page 116 2 “specifying the wireless technolo...
Page 116
116 c hapter 5: p lanning the 3c om m obility s ystem the coverage areas shown in figure 6 cannot share coverage and are not supported by 3wxm. (however, separate, nonshared coverage areas can overlap.) figure 6 unsupported shared coverage area example keep the following in mind when planning shared...
Page 117
Defining wireless coverage areas 117 if you are using a complex concave polygon as a coverage area, computation of map access points might take longer than the computation for an area with a less complicated shape. When drawing a coverage area, make sure it extends just short of external walls. If t...
Page 118
118 c hapter 5: p lanning the 3c om m obility s ystem the create coverage area wizard appears. Go to “specifying the wireless technology for a coverage area”. Specifying the wireless technology for a coverage area (to draw a coverage area, see “drawing a coverage area” on page 116.) to specify wirel...
Page 119
Defining wireless coverage areas 119 2 to refine the dimensions of the coverage area, specify the appropriate dimension in the x-length and y-length boxes. 3 click next. The wizard presents properties and association pages for the technology you chose in step 1. The following example shows the wizar...
Page 120
120 c hapter 5: p lanning the 3c om m obility s ystem 4 click next. The floor properties page appears. Specifying floor properties for the coverage area you can optionally specify floor properties for the coverage area (if they are different from the defaults for the floor): 1 to change the ceiling ...
Page 121
Defining wireless coverage areas 121 specifying default device settings for the coverage area you can optionally specify the wx switch or map models that 3wxm uses when calculating the devices to include in the coverage area. 1 to change the wx switch model, select the model from the wx model list. ...
Page 122
122 c hapter 5: p lanning the 3c om m obility s ystem if the maps are directly connected to the wx, ensure that utp cat 5 cabling distances between the map and the wx in the wiring closet do not exceed 100 meters (330 feet). An indirectly attached map requires power over ethernet (poe) from a source...
Page 123
Defining wireless coverage areas 123 2 to change the map connection type for the redundant connection, select direct or distributed from the map connection type list. Wx4400 switches support indirect map connections only. 3 to change the number of redundant connections for the distributed connection...
Page 124
124 c hapter 5: p lanning the 3c om m obility s ystem configuring capacity calculation for data 3wxm can perform multiple calculations for map placement. One is based on coverage only. Another is based on capacity for data traffic, using the data capacity parameters. 3wxm compares the results of the...
Page 125
Defining wireless coverage areas 125 configuring capacity calculation for voice 3wxm can perform multiple calculations for map placement. One is based on coverage only. Another is based on capacity for voice over ip service, using the capacity for voice parameters. 3wxm compares the results of the c...
Page 126
126 c hapter 5: p lanning the 3c om m obility s ystem 3 in the active handsets per ap list, specify the number of voice over ip phones that you want each map to handle. 4 in the expected handset count list, specify the number of voice over ip phones you expect to be in the coverage area. 5 in the ha...
Page 127
Defining wireless coverage areas 127 specifying mobility domain, radio profile, and wiring closet associations to specify association information for the coverage area: 1 in the mobility domain list, select the mobility domain that contains the maps used for this coverage area. 2 in the radio profil...
Page 128
128 c hapter 5: p lanning the 3c om m obility s ystem 4 select the coverage area you want to edit and click properties. The coverage area properties dialog for the selected coverage area appears. (you can also display this dialog by displaying the floor plan, selecting coverage areas in the organize...
Page 129
Defining wireless coverage areas 129 5 under the general tab, you can do the following: in the name box, edit the name of the coverage area (1 to 60 characters long, with no tabs). In the technology list, select one of the following: 802.11a 802.11b 802.11g 802.11a and 802.11b 802.11a and 802.11g se...
Page 130
130 c hapter 5: p lanning the 3c om m obility s ystem in the active handsets per ap list, specify the number of voice over ip phones that you want each map to handle. In the expected handset count list, specify the number of voice over ip phones you expect to be in the coverage area. In the handset ...
Page 131
Defining wireless coverage areas 131 8 under the constraints tab, you can do the following: to change the ceiling height, specify the new height in the height of the ceiling box. To change the height where maps are mounted, specify the new mounting height in the ap placement height box. To change th...
Page 132
132 c hapter 5: p lanning the 3c om m obility s ystem to use the same wx switch for redundant connections, select use the same wx for redundancy. This option places both of a map’s wired connections on the same wx switch. For optimal resiliency, 3com recommends the use of different wx switches for r...
Page 133
Placing third-party access points 133 moving a third-party ap icon to its floor location if you added a third-party access point while using the configuration or rogue detection tool bar options, the access point is on the objects to place tab. 1 in rf planning, navigate to the floor plan. 2 in the ...
Page 134
134 c hapter 5: p lanning the 3c om m obility s ystem 5 in the name box, type a name for the access point. You can use 1 to 32 characters, with no punctuation except the following: period (.), hyphen (-), or underscore (_). 6 optionally, in the manufacturer id box, type the manufacturer identificati...
Page 135
Placing third-party access points 135 12 in the ap model drop-down list, select one of the following: ap (dual radio)—802.11a and 802.11b or 802.11b/g ap (single radio)—802.11a, 802.11b, or 802.11g 13 in the radio type drop-down list, select one of the following: 11a, 11b, 11g. The choices available...
Page 136
136 c hapter 5: p lanning the 3c om m obility s ystem 15 verify the radio slot number and radio type. For a dual-radio access point, 802.11b/g radios have a slot number of 1. 802.11a radios have a slot number of 2. 16 in the channel number list, select the channel number for the radio. 17 in the tra...
Page 137
Placing installed and auto-configured maps 137 placing installed and auto-configured maps you can place maps that are already installed on the floor into the network plan. To do this, you upload the map configuration into 3wxm, associate the map with a coverage area, then place them on the floor pla...
Page 138
138 c hapter 5: p lanning the 3c om m obility s ystem computing map placement after you provide information about floor plans, rf obstacles, and wireless coverage requirements, 3wxm can design your 3com wireless network for this floor using the following process: compute and place maps (see “computi...
Page 139
Computing map placement 139 if you are modifying an existing coverage area with deployed maps or if you need to preserve manual changes made to the current configuration, you can lock the maps. Locked maps cannot be moved or deleted during the compute and place process. You perform the following tas...
Page 140
140 c hapter 5: p lanning the 3c om m obility s ystem 5 to change the height where maps are mounted, specify the new mounting height in the ap placement height box. 6 to change the wx switch model, select the model from the wx model list. 7 to change the map connection type, select the type from the...
Page 141
Computing map placement 141 12 to change the number of redundant connections for the distributed connection type, type the number in the redundant level box. For direct connections, the redundancy level is always 1. 13 click next. The coverage area selection dialog is displayed. 14 to update all the...
Page 142
142 c hapter 5: p lanning the 3c om m obility s ystem to compute and place maps 1 display the floor plan in the content panel. 2 in the task list panel, click rf planning. 3 under rf planning, click compute and place. The compute and place wizard appears. 4 to remove a coverage area from map placeme...
Page 143
Computing map placement 143 10 go to “to review coverage area computation”. To review coverage area computation 1 review the number of maps required for each coverage area, and the overriding criterion used (coverage or capacity). 2 click finish to apply the changes. Icons for the suggested map loca...
Page 144
144 c hapter 5: p lanning the 3c om m obility s ystem to see the rf coverage area for an area, right-click on the area (either in the organizer panel or on the floor) and select display rf coverage. If the area supports more than one radio technology, you also need to select the technology. The choi...
Page 145
Computing map placement 145 you must now compute the optimal power. See “computing optimal power” on page 149. Locking and unlocking maps after you compute and place the necessary maps for a coverage area, you can move them to fine-tune the wireless coverage. If you need a map to be located at a fix...
Page 146
146 c hapter 5: p lanning the 3c om m obility s ystem assigning map channels if you do not plan to use the rf auto-tuning feature to automatically set the channels on the maps after deployment and installation, use the assign channels to maps option to assign channels to the maps. Appropriate assign...
Page 147
Computing map placement 147 3 to change the starting floor for channel assignment, select the floor from the begin on floor list. By default, 3wxm starts at the top floor and works down. 4 to change the ending floor for channel assignment, select the floor from the end on floor list. The ending floo...
Page 148
148 c hapter 5: p lanning the 3c om m obility s ystem 9 click finish to accept the channel assignments. The new channel assignments are reflected in the coverage areas panel. 10 do one of the following: to verify the rf network, see “verifying the wireless network” on page 152. Click finish to save ...
Page 149
Computing map placement 149 yellow—up (but with minor service degradation) orange—up (but with major service degradation) red—down blue—unknown a map with a blue background is not in the live network even though it is on the floor plan. The channel number for this map will match the channel number a...
Page 150
150 c hapter 5: p lanning the 3c om m obility s ystem 3 to optimize the ap count, select optimize ap count. This option checks for coverage overlaps and removes a map if neighboring maps provide enough coverage to make the map unnecessary. This option applies only to coverage areas that are configur...
Page 151
Computing map placement 151 to resolve optimal power computation problems if power levels for one or more coverage areas could not be optimized, show the rf coverage at baseline association and minimum transmit rates for the coverage areas by doing the following: 1 in the show rf coverage using list...
Page 152
152 c hapter 5: p lanning the 3c om m obility s ystem verifying the wireless network you can use the following tools to help verify the wireless network: show rf coverage. Place rf measurement points. Use rf interactive measurement mode. Showing rf coverage looking at the rf coverage allows you to s...
Page 153
Verifying the wireless network 153 3 in the show rf coverage using listbox, select how you want to display the coverage: baseline association rate—coverage is shown based on the map radio baseline association rate. The baseline association rate is the typical data rate the radio is expected to suppo...
Page 154
154 c hapter 5: p lanning the 3c om m obility s ystem 4 on the floor plan, click where you want the measurement point to be placed. The create rf measurement point dialog box appears. 5 in the description box, type a description for the measurement point (1 to 60 characters). 6 in the rssi options b...
Page 155
Verifying the wireless network 155 7 click ok to save the changes and close the box. 8 do one of the following: to use the rf interactive measurement mode, see “using rf interactive measurement mode”. To generate network design information, see “generating rf network design information” on page 157....
Page 156
156 c hapter 5: p lanning the 3c om m obility s ystem table 15 shows the information available in the rf measurement table. Table 15 rf measurement information item value x distance in the x direction from the 0,0 coordinate (the upper left corner of the panel). Y distance in the y direction from th...
Page 157
Generating rf network design information 157 generating rf network design information after 3wxm has calculated the number of maps required to provide wireless coverage, you can generate a work order report. The work order report provides all of the necessary information for the physical installatio...
Page 158
158 c hapter 5: p lanning the 3c om m obility s ystem 4 specify whether to include the following information in the work order: rf coverage rssi projections show disabled maps (only available if rssi projections is selected) show rf coverage on entire floor (only available if rssi projections is sel...
Page 159: Onfiguring
6 c onfiguring wx s ystem p arameters this chapter and the following two chapters describe how to view and configure wx switches using 3wxm. If you want to use 3wxm planning to configure switches for you as part of coverage planning, see “planning the 3com mobility system” on page 71. If you are pla...
Page 160
160 c hapter 6: c onfiguring wx s ystem p arameters table 16 wx switch object types category object type description system ports settings for individual ports. (see “viewing and changing port settings” on page 178.) port groups settings for port groups. (see “viewing and changing port groups” on pa...
Page 161
Wx switch configuration objects 161 system, cont. Vlans groups of physical ports configured as a distinct layer 2 broadcast domain. Each vlan has its own spanning tree protocol (stp) and internet group management protocol (igmp) settings. Optionally, a vlan can be associated with an ip interface. (s...
Page 162
162 c hapter 6: c onfiguring wx s ystem p arameters wireless, cont. Rf detection configuration parameters for rogue detection and countermeasures (see “viewing and changing rf detection settings” on page 284.) aaa local user database users configured on the wx switch instead of on the radius server ...
Page 163
Adding a wx switch to the network plan 163 adding a wx switch to the network plan you can use any of the following methods to add a wx switch to a network plan: allow 3wxm to create the switch as part of rf planning. Use the create wireless switch wizard. Copy and paste a switch that is already in t...
Page 164
164 c hapter 6: c onfiguring wx s ystem p arameters creating a new wx switch based on a configured switch in the network plan you can copy and modify a switch that is already in the network plan, by copying and pasting the switch in the organizer panel. 1 select the configuration tool bar option. 2 ...
Page 165
Adding a wx switch to the network plan 165 9 to modify the management interface, select the ip interface and vlan from the vlan/ip drop-down list. 10 to modify the enable password, edit the string in the enable password box. Use this option when you are creating a new switch in 3wxm. This option mod...
Page 166
166 c hapter 6: c onfiguring wx s ystem p arameters configuring basic and advanced settings clicking on an option in the task list panel opens a configuration wizard. Configuration wizards enable you to configure basic settings for an object. For most types of wx switch objects, after you configure ...
Page 167
Using the create wireless switch wizard 167 deploying changes to deploy all the changes, click deploy. 3wxm compares the changes to the verification rules, and lists any warnings or error messages. If there are any errors, 3wxm will not deploy the changes. To deploy the changes, you must first resol...
Page 168
168 c hapter 6: c onfiguring wx s ystem p arameters the move button removes the ports from all other vlans, and places them in the new vlan. The ports appear in the current members list. 10 to tag ports in the vlan, select tag and edit the tag value. Use this option if you used the add button instea...
Page 169
Setting up a switch 169 setting up a switch after you create a switch, you can use the system setup wizard to configure the following essential operation and management parameters: snmp settings for monitoring of the switch by 3wxm vlans radius servers and server groups wireless services auto-dap pr...
Page 170
170 c hapter 6: c onfiguring wx s ystem p arameters authrequest-unsecurednotify—snmp message exchanges are authenticated but are not encrypted, and notifications are neither authenticated nor encrypted. The only security level supported for snmpv1 and snmpv2c is unsecured. To use a higher security l...
Page 171
Setting up a switch 171 notify-only—the switch can use the string to send notifications. Read-write-notify—an snmp management application using the string can get and set object values on the switch. The switch can use the string to send notifications. I click next. 6 configure vlans. Vlans that alr...
Page 172
172 c hapter 6: c onfiguring wx s ystem p arameters custom service profile—provides wireless access based on the combination of options you choose. (use this option only if none of the other options applies to the type of service you want to offer.) b see “viewing and configuring wireless services” ...
Page 173
Modifying basic switch parameters 173 default source ip address used in unsolicited communications such as aaa accounting reports and snmp notifications 6 to enable the switch to be managed by 3wxm, select managed. Until this option is selected, you cannot deploy the switch configuration you create ...
Page 174
174 c hapter 6: c onfiguring wx s ystem p arameters changing the wx software version to change the wx software version: 1 select the configuration tool bar option. 2 in the organizer panel, select the wx switch. 3 in the task list panel, select change software version. The change software version wi...
Page 175
Modifying basic switch parameters 175 6 optionally, in the offset minutes box, select the number of minutes (between -59 to 59) to subtract from or add to utc. 7 in the dst name box, type the name for the summertime offset (1 to 16 alphanumeric characters, with no spaces or tabs). 8 in the start mon...
Page 176
176 c hapter 6: c onfiguring wx s ystem p arameters 6 in the prompt box, type the cli prompt for the wx. If you do not specify a prompt, the cli uses the following default prompts: wx1200> for restricted access wx1200# for enabled access 7 in the message of the day box, type the message that appears...
Page 177
Modifying basic switch parameters 177 deleting auto daps 3wxm automatically updates an auto dap’s information in the network plan when the dap either is converted into a configured map, or reboots and then connects to a different wx. However, if an auto dap leaves the network without being converted...
Page 178
178 c hapter 6: c onfiguring wx s ystem p arameters launching a web management session with the switch this option is available only if the switch is running and can be reached through the network by 3wxm services. This option also requires the managed option for the switch to be enabled. (see step ...
Page 179
Viewing and changing port settings 179 3 to specify the speed of a 10/100 ethernet port, select one of the following: auto—sets the port to automatically detect the traffic speed and set the speed accordingly. This is the default value. 10—sets the speed to 10 mbps. 100—sets the speed to 100 mbps. T...
Page 180
180 c hapter 6: c onfiguring wx s ystem p arameters b in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to system. D select ports. 2 select the port. 3 click properties. 4 select snmp link traps. 5 click ok. Configuring a port for a directly connected ap a...
Page 181
Viewing and changing port settings 181 6 click next. The non-editable number (1 or 2) indicates the radio number on the map. 7 to enable the radio, select enabled. 8 in the channel number list, select the channel number for the radio. If rf auto-tuning for channel configuration is enabled, setting t...
Page 182
182 c hapter 6: c onfiguring wx s ystem p arameters 1 access the configure wired auth wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to system. D select ports. E select the row for the port. F in the...
Page 183
Viewing and changing port settings 183 b specify the user glob in the matching user glob box. To match on all usernames, leave the wildcards (**) in the box. (for syntax information, see “access rules” on page 240.) to use an existing rule, leave the rule in the list. C click next. D select the eap ...
Page 184
184 c hapter 6: c onfiguring wx s ystem p arameters to use an existing rule, leave the rule in the list. C click next. D select the authentication and accounting method (radus server group or local database). (for information, see “aaa methods (radius server groups and the local user database)” on p...
Page 185
Viewing and changing port settings 185 10 create a web portal authentication rule to control access to the port, or use one that has already been created. To create a new rule: a click create. B specify the user glob in the matching user glob box. To match on all usernames, leave the wildcards (**) ...
Page 186
186 c hapter 6: c onfiguring wx s ystem p arameters if you select web portal in step 2, 3wxm automatically creates a user named web-portal-wired. Similarly, if you select open access, 3wxm creates a user called last-resort-wired. Do not delete or modify these users. (you can add, modify, or delete u...
Page 187
Viewing and changing port groups 187 creating a port group to create a port group: 1 in the task list panel, select port group. The create port group wizard appears. 2 in the port group name box, type the name of the port group (1 to 16 alphanumeric characters, with no spaces or tabs). 3 click next....
Page 188
188 c hapter 6: c onfiguring wx s ystem p arameters viewing and changing management settings by default, https is enabled on the wx, allowing you to use web management on port 443 for a secure session. If you disable https, you cannot use web management. 3wxm communications also use https, but 3wxm ...
Page 189
Viewing and changing management settings 189 you can specify from 0 to 86400 seconds (one day). The default is 3600 (one hour). If you specify 0, the idle timeout is disabled. The timeout interval is in 30-second increments. For example, the interval can be 0, or 30 seconds, or 60 seconds, or 90 sec...
Page 190
190 c hapter 6: c onfiguring wx s ystem p arameters 3 select the version(s) of snmp you want the switch to run: v1 v2c usm (snmpv3) 4 see the following sections for more configuration options. Configuring an snmp v1 or v2c community string 1 access the create community wizard: a select the configura...
Page 191
Viewing and changing management settings 191 configuring a usm (snmp v3) user 1 access the create usm user wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to system. D select management services. E in...
Page 192
192 c hapter 6: c onfiguring wx s ystem p arameters b if you select hex or ip, type the hexadecimal string or ip address in the value box and click next and go to step 5. Otherwise, click finish. 5 select the authentication type used to authenticate communications with the remote snmp engine: none—n...
Page 193
Viewing and changing management settings 193 configuring a notification profile a notification profile is a named list of all the notification types that can be generated by a switch, and for each notification type, the action to take (drop or send) when an event occurs. 1 access the create notifica...
Page 194
194 c hapter 6: c onfiguring wx s ystem p arameters 2 specify the target id. 3 type the ip address of the target. 4 specify the protocol port on which the target listens for snmp notifications. The default is 162. 5 click next. 6 select the notification profile that will use this target. To view the...
Page 195
Viewing and changing management settings 195 9 click next. If you selected v1 or v2c in step 7, go to step 10. If you selected usm in step 7, go to step 12. 10 for snmpv1 or snmpv2c, select or create the snmp community string. If a community string with access type read-write-notify, read-notify, or...
Page 196
196 c hapter 6: c onfiguring wx s ystem p arameters b in the username box, type the name of the snmpv3 user. The name can be 1 to 32 alphanumeric characters, with no spaces or tabs. C select the access type. Read-notify—an snmp management application using the string can get object values on the swi...
Page 197
Viewing and changing management settings 197 b in the retry count box, specify the number of times the mss snmp engine will resend a notification that has not been acknowledged by the target. You can specify from 0 to 3 retries. The default is 0. 16 click finish. Modifying a usm user, notification p...
Page 198
198 c hapter 6: c onfiguring wx s ystem p arameters authenticated—snmp message exchanges are authenticated but are not encrypted. (this security level is the same as the authnopriv level described in snmpv3 rfcs.) encrypted—snmp message exchanges are authenticated and encrypted. (this security level...
Page 199
Viewing and changing management settings 199 if a usm user with access type read-write-notify, read-notify, or notify-only is already configured, you can select it. Otherwise, you must create a new one. You also can create a new usm user even if one is already configured. To create a new usm user: a...
Page 200
200 c hapter 6: c onfiguring wx s ystem p arameters viewing and setting log and trace settings system logs provide information about system events that you can use to monitor and troubleshoot mss. Event messages for the wx switch and its attached maps can be stored or sent to the following destinati...
Page 201
Viewing and setting log and trace settings 201 critical—you must resolve the critical condition. If you do not resolve the condition, the wx can reboot or shut down. Error—the wx is missing data or unable to form a connection. Warning—a possible problem exists. Notice—events that can cause system pr...
Page 202
202 c hapter 6: c onfiguring wx s ystem p arameters creating an external log server you can specify a syslog server. Syslog facilities are identifiers that allow a syslog server to handle different syslog messages from different sources. You can use a facility in the range of local 0 through local 7...
Page 203
Viewing and configuring ip services settings 203 3 optionally, in the level box, specify the amount of information included in the trace output (0 to 10). 0 provides the minimum amount of information and 10 proves the maximum amount of information. The default is 5. 4 optionally, in the user name bo...
Page 204
204 c hapter 6: c onfiguring wx s ystem p arameters creating a static route the ip routing table contains routes that mss uses for determining the interfaces for a wx switch’s external communications. When you add an ip interface to a vlan that is up, mss automatically adds corresponding entries to ...
Page 205
Viewing and configuring ip services settings 205 create an ip alias you can map an ip address to a name by creating an ip alias. For example, if you create an ip alias carmel for ip address 10.20.30.40, you could type telnet carmel rather than telnet 10.20.30.40. You can use ip aliases in conjunctio...
Page 206
206 c hapter 6: c onfiguring wx s ystem p arameters b in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to system. D select ip services. E in the task list panel, select dns server. 4 type the server address in the ip address box. 5 select whether the serv...
Page 207
Viewing and configuring ip services settings 207 configuring arp the address resolution protocol (arp) table maps ip addresses to mac addresses. Arp is enabled by default on the wx and cannot be disabled. An arp entry is added to the table in one of the following ways: automatically by the wx. The w...
Page 208
208 c hapter 6: c onfiguring wx s ystem p arameters viewing and configuring vlans a virtual lan (vlan) is a layer 2 broadcast domain that can span multiple wired or wireless lan segments. Each vlan is a separate logical network, and, if you configure ip interfaces on the vlans, mss treats each vlan ...
Page 209
Viewing and configuring vlans 209 roaming and vlans wx switches in a mobility domain contain a user’s traffic within the vlan the user is assigned to. For example, if you assign a user to vlan red, the wx switches in the mobility domain contain the user’s traffic within vlan red configured on the sw...
Page 210
210 c hapter 6: c onfiguring wx s ystem p arameters vlan names must be globally unique across a mobility domain to ensure the intended user connectivity as determined through authentication and authorization. Every vlan on a wx has a vlan name, used for authorization purposes, and a vlan number. Vla...
Page 211
Viewing and configuring vlans 211 changing vlan membership a port or port group can be in one or more vlans. To be in multiple vlans, the port or group must have an 802.1q vlan tag. A tag is a numeric value that identifies a virtual port within the vlan. The same vlan can have different tag values o...
Page 212
212 c hapter 6: c onfiguring wx s ystem p arameters 6 to tag a port or port group, select the tag checkbox. If you specify a tag value, 3com recommends that you use the same value as the vlan number. 3com switches do not require the vlan number and tag value to be the same, but some other vendors’ d...
Page 213
Viewing and configuring vlans 213 2 in the content panel, select the vlan. 3 in the task list panel, select configure spanning tree. This wizard configures stp features for an individual vlan but does not configure fast convergence features, which are global. (see “enabling stp fast convergence feat...
Page 214
214 c hapter 6: c onfiguring wx s ystem p arameters if stp is enabled on the vlan, spanning tree packets are dropped at the port. If stp is disabled on the vlan, spanning tree packets are forwarded transparently through the vlan to and from that port. 6 in the port priority box, specify a priority v...
Page 215
Viewing and configuring vlans 215 enabling stp fast convergence features the standard stp timers delay traffic forwarding briefly after a topology change. The time a port takes to change from the listening state to the learning state or from the learning state to the forwarding state is called the f...
Page 216
216 c hapter 6: c onfiguring wx s ystem p arameters 2 to switch to an alternate port if the root port fails, select enable uplink fast. 3 to enable the backbone fast convergence feature, select enable backbone fast. 4 click save. Changing vlan igmp settings internet group management protocol (igmp) ...
Page 217
Viewing and configuring vlans 217 8 in the other querier present interval box, specify how long (1 to 65,535 seconds) the wx switch waits for a general query to arrive before making itself the querier. The default interval is 255 seconds. 9 in the query response interval box, specify how long (1 to ...
Page 218
218 c hapter 6: c onfiguring wx s ystem p arameters you cannot add map ports or wired authentication ports as static multicast ports. However, mss can dynamically add these port types to the list of multicast ports based on multicast traffic. To add or remove static multicast router and receiver por...
Page 219
Viewing and configuring vlans 219 restricting layer 2 traffic among clients in a vlan by default, clients within a vlan are able to communicate with one another directly at layer 2. You can enhance network security by restricting layer 2 forwarding among clients in the same vlan. When you restrict l...
Page 220
220 c hapter 6: c onfiguring wx s ystem p arameters restricting layer 3 traffic among clients in a vlan to restrict layer 3 traffic among clients in the same vlan, use an acl. You can configure the acl yourself or use the restrict l3 traffic option in 3wxm. 1 access the vlan table: a select the conf...
Page 221
Viewing and configuring vlans 221 c click the plus sign next to system. D select vlans. 2 in the tunnel affinity box, specify the numeric value (1 to 10) that the wx will advertise to other wx switches in the mobility domain for the vlan. The default is 5. A higher tunnel affinity indicates a greate...
Page 222
222 c hapter 6: c onfiguring wx s ystem p arameters by default, all addresses except the host address of the vlan, the network broadcast address, and the subnet broadcast address are included in the range. If you specify the range, the start address must be lower than the stop address, and all addre...
Page 223
Viewing and configuring acls 223 you can choose to count the number of times an ace is matched. This hit count is useful for troubleshooting complex acl configurations and for monitoring traffic load for specific network applications or protocols. The hit count can only be seen from the cli. To star...
Page 224
224 c hapter 6: c onfiguring wx s ystem p arameters to configure an acl 1 access the create acl wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to system. D select acls. E in the task list panel, sele...
Page 225
Viewing and configuring acls 225 b select the well-known name of the protocol from the protocol name drop-down list. If the protocol’s name is not listed, select other to activate the protocol number box, then type or select the number. C click ok. D if you selected tcp or udp, go to step 7. Otherwi...
Page 226
226 c hapter 6: c onfiguring wx s ystem p arameters not equal range none (no comparison is required) c select the well-known port name from the port name drop-down list. If the name is not in the list, select other and type or select the port number in the port number box. D if you selected range as...
Page 227
Viewing and configuring acls 227 0 (normal)—packets with normal tos defined are filtered. 1 (minimum monetary cost)—packets with minimum monetary cost tos defined are filtered. 2 (maximum reliability)—packets with maximum reliability tos defined are filtered. 4 (maximum throughput)—packets with maxi...
Page 228
228 c hapter 6: c onfiguring wx s ystem p arameters configuring advanced acl settings after you configure an acl, you can configure the following advanced settings: hit counter (enable or disable) hit sample rate (applies if the hit counter is enabled) established option, to apply a new tcp ace only...
Page 229
Viewing and configuring acls 229 to enable the established option for tcp aces by default, a new tcp ace applies to new sessions as well as established (existing) sessions. To apply the ace only to established sessions, enable the established option. 1 select the tcp ace in the acl table. 2 in the t...
Page 230
230 c hapter 6: c onfiguring wx s ystem p arameters adding a new ace to a configured acl to add a new ace to a configured acl: 1 access the acl table: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to system...
Page 231
Viewing and configuring acls 231 4 select the mapping type: to map to a physical port, select port and go to step 5. To map to a virtual port, select vport and go to step 6. To map to a vlan, select vlan and go to step 7. To map to a distributed map, select dap and go to step 8. 5 to map an acl to a...
Page 232
232 c hapter 6: c onfiguring wx s ystem p arameters b in the direction list, select in to filter incoming packets or out to filter outgoing packets. 9 click finish. The mapping appears in the acl mappings table. Deleting an acl to delete an acl: 1 access the acl table: a select the configuration too...
Page 233
Viewing and changing cos mappings 233 viewing and changing cos mappings mss supports layer 2 and layer 3 classification and marking of traffic, to help provide end-to-end qos throughout the network. Qos support includes support of wi-fi multimedia (wmm), which provides wireless qos for time-sensitiv...
Page 234
234 c hapter 6: c onfiguring wx s ystem p arameters the qos mappings appear in the content panel. The dscp to cos table lists the internal cos values to which mss maps dscp values during classification of ingress traffic. The cos to dscp table lists the dscp values to which mss maps internal cos val...
Page 235
Viewing and changing cos mappings 235 setting a range of dscp values to a single cos value to set a range of dscp values to a single cos value: 1 access the qos tables: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus s...
Page 236
236 c hapter 6: c onfiguring wx s ystem p arameters.
Page 237: Onfiguring
7 c onfiguring w ireless p arameters this chapter describes how to view and configure the following wireless parameters for wx switches: service set identifiers (ssids), which are managed by service profiles radio profiles, which assign ieee 802.11 settings and a service profile to radios auto-dap p...
Page 238
238 c hapter 7: c onfiguring w ireless p arameters wireless service parameters a wireless service consists of the following parameters: service profile access rules service profiles a service profile configures an ssid. Table 18 lists the parameters. For parameters that are assigned default values b...
Page 239
Viewing and configuring wireless services 239 custom web portal login page subdirectory path and filename of an html page customized for login to the ssid blank (default page with 3com logo is used) security modes for encrypted ssids only, the types of encryption supported: robust security network (...
Page 240
240 c hapter 7: c onfiguring w ireless p arameters you don’t need to select the values for all these parameters when you configure a service. The service profile wizards help you configure the essential parameters and assign appropriate values to the rest. Some of the parameters that 3wxm automatica...
Page 241
Viewing and configuring wireless services 241 for windows domain clients using protected eap (peap), the user glob is in the format windows_domain_name\username. The windows domain name is the netbios domain name and must be specified in capital letters. For example, example\sydney, or example\*.*, ...
Page 242
242 c hapter 7: c onfiguring w ireless p arameters uses challenge-response to compare hashes. Provides no encryption or integrity checking for the connection. The eap-md5 option does not work with microsoft wired authentication clients. Peap offload—protected eap with microsoft challenge handshake a...
Page 243
Viewing and configuring wireless services 243 if you specify a radius server group as the first method and a user is denied access by the radius server, no authentication and authorization are attempted with the other methods specified in the list. If you specify local as the first method and a user...
Page 244
244 c hapter 7: c onfiguring w ireless p arameters configuring an 802.1x wireless service the 802.1x service profile wizard requires you to select one or more radius server groups and does not allow you to complete the configuration without selecting one. To be available for selection in the wizard,...
Page 245
Viewing and configuring wireless services 245 10 select the eap type: eap-md5 offload peap offload local eap-tls external radius server if you select peap, the eap sub-protocol is ms-chapv2. For other protocols, the eap sub-protocol is none. (for information, see “eap type (802.1x only)” on page 241...
Page 246
246 c hapter 7: c onfiguring w ireless p arameters if you have not planned rf coverage or configured any maps in the network plan yet, no radios are listed. You can add the radios later. (select the radio profile, click properties, then select radio selection. See “configuring advanced radio profile...
Page 247
Viewing and configuring wireless services 247 the next step depends on the encryption type you selected in step 5: if you selected encrypted, go to step 8. If you selected clear, go to step 18. 8 select the access type: 802.1x access—device is allowed onto the ssid only after successful authenticati...
Page 248
248 c hapter 7: c onfiguring w ireless p arameters by default, data in unicast and multicast packets are encrypted using wep key 1. To use another key for either type of packet, select the key number in the wep unicast key index or wep multicast key index box. 17 click next. 18 select or type the na...
Page 249
Viewing and configuring wireless services 249 to create a new radio profile: a select create new radio profile and click next. B type the radio profile name in the name box and click next. C select the radios you want to manage with the radio profile and click move to move them to the current member...
Page 250
250 c hapter 7: c onfiguring w ireless p arameters if you selected clear in step 5, go to step 15. 7 select the security modes you want the ssid to support. You can select one or more of the following: rsn (wpa2) wpa static wep 8 click next. 9 if you selected rsn or wpa in step 7, you can select whe...
Page 251
Viewing and configuring wireless services 251 16 click next. The aces (acl rules) that 3wxm will configure for the web-portal service are listed. The aces are required to allow dhcp traffic while blocking all other traffic while a user is being authenticated. These aces are used only during authenti...
Page 252
252 c hapter 7: c onfiguring w ireless p arameters (you can add, modify, or delete users at any time, even after this wizard is closed. See “creating and managing users in the local user database” on page 289.) 20 select or create the radio profile to map to this service profile. By default, the def...
Page 253
Viewing and configuring wireless services 253 5 select the ssid type from the ssid type drop-down list: encrypted—traffic on the ssid is encrypted. Clear—traffic on the ssid is unencrypted. 6 click next. If you selected encrypted in step 5, configure the encryption settings. Go to step 7. If you sel...
Page 254
254 c hapter 7: c onfiguring w ireless p arameters 14 click next. 15 select the vlan into which you want the switch to place users of the ssid. If you want to specify the vlan later when configuring the access rules, you can leave the vlan name box blank. 16 select or create the radio profile to map...
Page 255
Viewing and configuring wireless services 255 modifying service profile settings you can modify the following service profile settings in the wireless service profiles table itself: ssid name ssid type (encrypted or clear) beacon state (advertisement of the ssid) radio profile (maps map radios to th...
Page 256
256 c hapter 7: c onfiguring w ireless p arameters static wep tab all of the settings on the static wep tab are explained in the sections on the service profile wizards. Authorization attributes tab the authorization attributes tab lists the default authorization attributes for the ssid. When a user...
Page 257
Viewing and configuring wireless services 257 radio profile selection tab the radio profile selection tab list the radio profiles mapped to the service profiles. Service profile wizards map the service profiles to the default radio profile by default. To map another radio profile to the service prof...
Page 258
258 c hapter 7: c onfiguring w ireless p arameters long retry count—number of times (1 to 15) the map transmits an unacknowledged unicast frame that is equal to or longer than the fragment threshold before discarding the frame. The default is 5. Client timeout tab the client timeout tab lists settin...
Page 259
Viewing and configuring wireless services 259 multicast rate—data rate at which the radio sends multicast frames. The valid rates depend on the radio type and are the same as the mandatory rates. The default is automatic, which sets the multicast rate to the highest rate that can reach all clients c...
Page 260
260 c hapter 7: c onfiguring w ireless p arameters soda tab the soda tab has settings for the sygate on-demand (soda) feature. Soda is an endpoint security solution that allows enterprises to enforce security policies on client devices without having to install any special software on the client mac...
Page 261
Viewing and configuring wireless services 261 b click on the plus sign next to wireless. C select wireless services. 2 select the service profile in the table. A set of tasks appears under setup in the task list panel. 3 to display encryption settings and access rules, select one of the following th...
Page 262
262 c hapter 7: c onfiguring w ireless p arameters modifying ssid encryption settings and access rules you can create access rules for a service profile from within a service profile wizard. You also can create or modify a service profile’s access rules after creating the service profile. 1 display ...
Page 263
Viewing and configuring wireless services 263 5 select the encryption algorithms to use: aes (ccmp)—usually used with rsn (wpa2) tkip—usually used with wpa wep-104—used with dynamic wep wep-40—used with dynamic wep 6 click next. 7 if you selected static wep, specify wep keys. For each key (up to fou...
Page 264
264 c hapter 7: c onfiguring w ireless p arameters do not change the deny rule at the bottom of the acl. This rule must be present and the capture option must be used with the rule. If the rule does not have the capture option, the web portal user never receives a login page. 11 to modify access rul...
Page 265
Viewing and configuring radio profiles 265 viewing and configuring radio profiles a radio profile is a set of attributes that you can apply to multiple radios. A default radio profile named default is provided and cannot be deleted. Rather than configuring each radio individually, you can create a n...
Page 266
266 c hapter 7: c onfiguring w ireless p arameters creating a radio profile to create a radio profile: 1 access the create radio profile wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to wireless. D ...
Page 267
Viewing and configuring radio profiles 267 5 click reset to default. 6 click ok. Configuring advanced radio profile settings after you configure a radio profile, you can select the radio profile, and click properties to display a configuration wizard that contains all the configurable parameters for...
Page 268
268 c hapter 7: c onfiguring w ireless p arameters caution: countermeasures affect wireless service on a radio. When a map radio is sending countermeasures, the radio is disabled for use by network traffic, until the radio finishes sending the countermeasures. Configured—causes radios to attack only...
Page 269
Viewing and configuring radio profiles 269 auto tune tab the auto tune tab lists settings for rf auto-tuning: tune channel—automatically configures and tunes the channel. This feature is enabled by default. Rf auto-tuning of channels on 802.11a radios uses only the bottom eight channels in the band ...
Page 270
270 c hapter 7: c onfiguring w ireless p arameters at the end of each power-backoff interval, radios that temporarily increased their power reduce it by 1 dbm. The power backoff continues in 1 dbm increments after each interval until the power returns to expected setting. You can specify from 0 to 6...
Page 271
Viewing and changing the auto-dap profile 271 voice configuration tab the voice configuration tab lists settings for voip services: qos mode—classification and marking of high priority traffic on the wx and map: wmm—classifies, marks, and forwards traffic for wi-fi multimedia (wmm) devices based on ...
Page 272
272 c hapter 7: c onfiguring w ireless p arameters changing auto-dap profile settings to change settings for a switch’s auto-dap profile: 1 to enable the auto-dap profile, select enabled. 2 to select the radio type, click the map radio type box and select the radio type from the list: 11a—802.11a 11...
Page 273
Viewing and changing the auto-dap profile 273 6 in the enable firmware update list, select yes to automatically upgrade map boot firmware. The upgrade version of the firmware is loaded from a wx when the map is booting. Select no to disable automatic firmware upgrading. Automatic firmware upgrading ...
Page 274
274 c hapter 7: c onfiguring w ireless p arameters converting auto daps into statically configured daps see “converting auto daps into statically configured aps” on page 69. Deleting auto daps see “deleting auto daps” on page 177. Viewing and configuring maps maps contain radios that provide network...
Page 275
Viewing and configuring maps 275 viewing the configured maps to view the configured maps: 1 select the configuration tool bar option. 2 in the organizer panel, click the plus sign next to the wx switch. 3 click the plus sign next to wireless. 4 select access points. The maps that are configured on t...
Page 276
276 c hapter 7: c onfiguring w ireless p arameters c click the plus sign next to wireless. D select access points. E in the task list panel, select distributed ap. 2 in the name box, type a name (1 to 16 alphanumeric characters, with no spaces or tabs). 3 in the dap number box, specify the connectio...
Page 277
Viewing and configuring maps 277 b in the radio profile list, select the profile to which the radio belongs. (for more information, see “viewing and configuring radio profiles” on page 265.) c in the channel number list, select the channel number for the radio. If rf auto-tuning for channel configur...
Page 278
278 c hapter 7: c onfiguring w ireless p arameters to configure a directly connected map 1 access the create direct-connect ap wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to wireless. D select acc...
Page 279
Viewing and configuring maps 279 c in the channel number list, select the channel number for the radio. If rf auto-tuning for channel configuration is enabled, setting this value has no effect. The channel number is controlled by rf auto-tuning. D in the transmit power box, specify the transmit powe...
Page 280
280 c hapter 7: c onfiguring w ireless p arameters c click the plus sign next to wireless. D select access points. 2 select the map you want to modify and click properties. 3 to select the radio type for a single-radio model, click the map radio type box and select the radio type from the list: 11a—...
Page 281
Viewing and configuring maps 281 8 to configure settings for a radio, click 802.11g radio or 802.11a radio. A to enable the radio, select enabled. B if the map model supports external antennas, select the external antenna model from the antenna type box. C to indicate the direction of the antenna’s ...
Page 282
282 c hapter 7: c onfiguring w ireless p arameters a to change the maximum power level rf auto-tuning can assign to the radio, select the power level from the max. Transmit power pull-down list. The default power level is default, which means rf auto-tuning can assign up to the maximum power level a...
Page 283
Viewing and changing radio settings 283 viewing and changing radio settings you can configure map radio settings when you configure the maps. You also can view or change radio settings after the maps are configured. Viewing radio settings to view radio settings: 1 select the configuration tool bar o...
Page 284
284 c hapter 7: c onfiguring w ireless p arameters viewing and changing rf detection settings this section contains procedures for configuring rf detection on an individual switch. For an overview of rf detection and for specific information about the configuration options, see “configuring wireless...
Page 285
Viewing and changing rf detection settings 285 4 select the vendor from the vendor drop-down list. 5 select the specific ouis you want to allow for the selected vendor. Go to step 9. If the vendor or oui is not listed, click cancel, then select permitted oui entry in the task list panel. Go to step ...
Page 286
286 c hapter 7: c onfiguring w ireless p arameters adding an entry to the rogue list to add an entry to the rogue list: 1 access the rf detection settings: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to w...
Page 287
Viewing and changing rf detection settings 287 a rogue is a device that is in the 3com network but does not belong there. An interfering device is not part of the 3com network but also is not a rogue. Mss classifies a device as an interfering device if no client connected to the device has been dete...
Page 288
288 c hapter 7: c onfiguring w ireless p arameters.
Page 289: Onfiguring
8 c onfiguring a uthentication , a uthorization , and a ccounting p arameters this chapter describes how to view and configure the following authentication, authorization, and accounting (aaa) parameters for wx switches: local database entries for aaa processing of administrator and network client a...
Page 290
290 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters you can create two types of users in the local database: named users — these users are authenticated by username and password and are assigned to specific vlans. Users include administrators and network users...
Page 291
Creating and managing users in the local user database 291 creating a named user to create a named user: 1 access the create named user wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx switch. C click the plus sign next to aaa. D select...
Page 292
292 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters 9 repeat step 5 through step 7 for each attribute value you want to change. 10 click finish. Creating a user group and assigning users to it to create a user group and assign users to it: 1 access the create ...
Page 293
Creating and managing users in the local user database 293 creating a mac user to create a mac user: 1 when creating mac address users, you configure authentication access the create mac user wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to th...
Page 294
294 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters creating a mac user group and assigning users to it to create a mac user group and assign users to it: 1 access the create mac user group wizard: a select the configuration tool bar option. B in the organizer...
Page 295
Creating and managing users in the local user database 295 authorization attributes authorization attributes can be assigned to users in the local database or on remote servers. The attributes, which include access control list (acl) filters, vlan membership, encryption type, session time-out period...
Page 296
296 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters filter-id (network access mode only) inbound or outbound acl to apply to the user. If configured in the wx switch’s local database, this attribute can be an access control list (acl) to filter outbound or inb...
Page 297
Creating and managing users in the local user database 297 service-type type of access the user is requesting. Access type, which can be one of the following: 2—framed; for network user access 6—administrative; for administrative access, with authorization to access the enabled (configuration) mode....
Page 298
298 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters start-date date and time at which the user becomes eligible to access the network. Mss does not authenticate the user unless the attempt to access the network occurs at or after the specified date and time, b...
Page 299
Creating and managing users in the local user database 299 time-of-day (network access mode only) day(s) and time(s) during which the user is permitted to log into the network. After authorization, the user’s session can last until either the time-of-day range or the session-timeout duration (if set...
Page 300
300 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters viewing and configuring radius settings remote authentication dial-in user service (radius) is a client-server security protocol that provides authentication, authorization, and accounting for network users a...
Page 301
Viewing and configuring radius settings 301 viewing radius settings, servers, and server groups to view radius settings, servers, and server groups: 1 select the configuration tool bar option. 2 in the organizer panel, click the plus sign next to the wx switch. 3 click the plus sign next to aaa. 4 s...
Page 302
302 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters 8 in the timeout box, specify how long (1 to 65,535 seconds) the wx switch must wait for a radius server to respond before retransmitting. The default is 5 seconds. 9 in the retry count box, specify how many ...
Page 303
Viewing and configuring radius settings 303 d select radius. E in the task list panel, select radius server group. 2 in the name box, type the name of the radius server group (1 to 32 alphanumeric characters, with no spaces or tabs). Do not use the same name for a radius server and a server group. 3...
Page 304
304 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters authorization password use of the wx switch’s system ip address as the source address for radius packets from the switch when you create a new radius server, the default settings apply to the new server. To c...
Page 305
Viewing and configuring global 802.1x settings 305 providing an authorization password is required only for users whose devices are authenticated by their mac addresses or for last-resort users, neither of which have a regular username or password. The default authorization password is 3com. Changin...
Page 306
306 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters 2 to enable 802.1x authentication for all wired authentication ports on the wx switch, select system authentication control. To disable 802.1x authentication for all wired authentication ports, clear system a...
Page 307
Viewing and configuring global 802.1x settings 307 9 to enable reauthentication of 802.1x clients, select reauthentication. To disable reauthentication, clear reauthentication. By default, reauthentication is enabled. 10 to specify the number of reauthentication requests the wx switch attempts befor...
Page 308
308 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters viewing and configuring 802.1x network access rules this section describes how to view and configure 802.1x rules for user network access. To configure other types of network access rules, see the following: ...
Page 309
Viewing and configuring 802.1x network access rules 309 2 specify whether the rule is for wireless access to an ssid or access through a wired authentication port: if the rule is for access to an ssid, do one of the following: to match on any ssid name, leave the value any in the ssid box. To match ...
Page 310
310 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters the eap-md5 option does not work with microsoft wired authentication clients. Peap—protected eap with microsoft challenge handshake authentication protocol version 2 (ms-chap-v2). Select this protocol for wir...
Page 311
Viewing and configuring 802.1x network access rules 311 if you specify a radius server group as the first method and a user is denied access by the radius server, no authentication and authorization are attempted with the other methods specified in the list. If you specify local as the first method ...
Page 312
312 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters viewing and configuring mac network access rules mac network access rules allow users onto the network by authenticating their mac addresses instead of their user names. During log on, if the username does no...
Page 313
Viewing and configuring mac network access rules 313 2 specify whether the rule is for wireless access to an ssid or access through a wired authentication port: if the rule is for access to an ssid, do one of the following: to match on any ssid name, leave the value any in the ssid box. To match onl...
Page 314
314 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters mss tries the methods in the order they appear in the current radius server groups list. To reorder the methods, select a method and click up or down. If you specify a radius server group as the first method ...
Page 315
Viewing and configuring webaaa network access rules 315 viewing and configuring webaaa network access rules web aaa allows network users to access the network by logging on a web page. When a user attempts to access a web page over the network, the wx switch intercepts the http or https request and ...
Page 316
316 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters creating a web aaa network access rule to create a web aaa network access rule: 1 access the create mac network access wizard: a select the configuration tool bar option. B in the organizer panel, click the p...
Page 317
Viewing and configuring webaaa network access rules 317 for eap with transport layer security (eap-tls) clients, the format is username@domain_name. For example, sydney@example.Com specifies the user sydney in the domain name example.Com. The *@marketing.Example.Com glob specifies all users in the m...
Page 318
318 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters 10 select the accounting method(s) in the available radius server groups list and click add. The options and processing are the same as those for authentication methods. (see step 6.) 11 click finish. Viewing...
Page 319
Viewing and configuring last-resort network access rules 319 2 specify whether the rule is for wireless access to an ssid or access through a wired authentication port: if the rule is for access to an ssid, do one of the following: to match on any ssid name, leave the value any in the ssid box. To m...
Page 320
320 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters 7 to enable this accounting rule for the ssid, select enabled. By default, accounting rules you configure in 3wxm are disabled, which means 3wxm does not add the rules to the switch’s configuration. 8 select ...
Page 321
Viewing and configuring wx administrator access rules 321 creating an access rule for console access to create an access rule for console access: 1 access the create console admin user wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to the wx sw...
Page 322
322 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters 7 to enable this accounting rule for the ssid, select enabled. By default, accounting rules you configure in 3wxm are disabled, which means 3wxm does not add the rules to the switch’s configuration. 8 select ...
Page 323
Viewing and configuring wx administrator access rules 323 mss tries the methods in the order they appear in the current radius server groups list. To reorder the methods, select a method and click up or down. If you specify a radius server group as the first method and a user is denied access by the...
Page 324
324 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters viewing and configuring aaa support for third-party ap users a wx switch can provide network access for users associated with a third-party ap that has authenticated the users with radius. You can connect a t...
Page 325
Viewing and configuring aaa support for third-party ap users 325 for the userglob, type a full or partial username to be matched during authentication (1 to 80 alphanumeric characters, with no spaces or tabs). The format of a user glob depends on the client type and eap method. For windows domain cl...
Page 326
326 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters configuring a radius proxy for a client to configure a radius proxy for a client: 1 access the create radius proxy client wizard: a select the configuration tool bar option. B in the organizer panel, click th...
Page 327
Viewing and changing location policy rules 327 viewing and changing location policy rules during the login process, the aaa authorization process is started immediately after clients are authenticated to use the wx switch. During authorization, mss assigns the user to a vlan and applies optional use...
Page 328
328 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters creating a location policy rule to create a location policy rule: 1 access the create location rule wizard: a select the configuration tool bar option. B in the organizer panel, click the plus sign next to th...
Page 329
Viewing and changing location policy rules 329 9 select the distributed maps for which the location policy is applied and click add. 10 click next. 11 in the action list, select one of the following: permit—allows access if the conditions in the location policy rule are matched. If you select permit...
Page 330
330 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters viewing and changing mobility profiles mobility profile™ attributes allow or deny access to the network for a specific user or group of users. When you create a mobility profile, you specify which map ports, ...
Page 331
Viewing and changing mobility profiles 331 4 in the ports drop-down list, select the ports to include in the mobility profile: all—include all map or wired authentication ports. Selected—include a selected list of ports. None—include no ports. If you select selected, select the individual ports in t...
Page 332
332 c hapter 8: c onfiguring a uthentication , a uthorization , and a ccounting p arameters.
Page 333: Onfiguring
9 c onfiguring wx s witches r emotely you can use 3wxm services running in your corporate network to configure wx switches in remote offices. The following remote configuration scenarios are supported: drop ship—3wxm services running in the corporate network can configure a wxr100 switch shipped dir...
Page 334
334 c hapter 9: c onfiguring wx s witches r emotely how remote wx configuration works drop ship (wxr100 only) 1 the wxr100 is shipped directly to the remote office where it will be deployed. 2 the network administrator at the corporate office preconfigures the switch in a 3wxm network plan. The swit...
Page 335
How remote wx configuration works 335 figure 9 shows the location of the fn switch and the led. Figure 9 fn switch on wxr100 5 because the fn switch was pressed while the switch was starting, the wxr100 configures the following items to enable itself to contact 3wxm services: ports 1 and 2 in the de...
Page 336
336 c hapter 9: c onfiguring wx s witches r emotely if the serial number does not match and the auto-config ip subnet matching option is disabled, 3wxm cannot give the switch a configuration. 3wxm generates a verification warning (on the network verification tab). The warning lists the switch’s seri...
Page 337
3wxm requirements 337 8 3wxm receives the configuration request, and looks in the currently open network plan for a switch configuration with the same model and serial number as the one in the configuration request. If the network plan contains a configuration with a matching model and serial number...
Page 338
338 c hapter 9: c onfiguring wx s witches r emotely staging a wx switch for configuration by 3wxm the auto-config option must be enabled on a wx switch in order for the switch to try to contact 3wxm services for configuration. The auto-config option is automatically enabled on an unconfigured wxr100...
Page 339
Staging a wx switch for configuration by 3wxm 339 3 enable the auto-config option: wx1200# set auto-config enable success: change accepted. 4 save the configuration changes: wx1200# save config success: configuration saved. 5 power off or restart the switch. Example 2: deployment site has no dhcp an...
Page 340
340 c hapter 9: c onfiguring wx s witches r emotely example 3: deployment site has dns but no dhcp the deployment site in this example does not have a dhcp server but does have a local dns server. The configuration is similar to example 1, but includes dns configuration information instead of an ip ...
Page 341
Staging a wx switch for configuration by 3wxm 341 example 4: deployment site has dhcp but local dns domain differs from corporate dns domain the deployment site in this example has a dhcp server, so the switch’s dhcp client is enabled. Static ip address and default gateway information are not requir...
Page 342
342 c hapter 9: c onfiguring wx s witches r emotely preconfiguring a switch in 3wxm if you know the switch’s serial number, use the following procedure to set up the switch’s configuration in 3wxm. 1 start 3wxm services. 2 start a 3wxm client and connect to 3wxm services. 3 select tools > 3wxm servi...
Page 343
Preconfiguring a switch in 3wxm 343 uploading a partially configured switch and completing its configuration with 3wxm even if you do not know the serial number of a wx switch, you still can configure the switch in 3wxm. When the switch contacts 3wxm for a configuration, 3wxm generates a warning mes...
Page 344
344 c hapter 9: c onfiguring wx s witches r emotely replacing a switch and reusing its configuration if a remote switch that is configured by 3wxm fails, you can install a new switch in its place and use 3wxm to configure the switch with the replaced switch’s configuration. This method of switch rep...
Page 345
Replacing a switch and reusing its configuration 345 if the switch is a wxr100, the person at the remote office also inserts a paperclip or similar object into the wxr100’s fn hole to press the fn switch. Normally, the fn led (the right led above port 1) remains solidly lit for 3 seconds after power...
Page 346
346 c hapter 9: c onfiguring wx s witches r emotely replacing a switch this task is performed by someone at the remote office and does not require a network administrator. 3com recommends that you read through the entire procedure before beginning. To replace a switch 1 remove the power cord from th...
Page 347: Anaging
10 m anaging wx s ystem i mages and c onfigurations this chapter describes the management of wx system files. It includes information about uploading a wx switch configuration into 3wxm, verifying configuration information, synchronizing local and network changes, deploying wx switches from a networ...
Page 348
348 c hapter 10: m anaging wx s ystem i mages and c onfigurations devices tab the devices tab allows you to manage configuration changes for wx switches in the network plan. To access the devices tab, do one of the following: select the devices tool bar option. In the alerts panel, click on local ch...
Page 349
Devices tab 349 task list options the task list panel in the devices tab has the following pages: change management device operations table 24 lists the tasks you can select on the devices tab. Table 24 devices tasks task option task group task description change management local changes review disp...
Page 350
350 c hapter 10: m anaging wx s ystem i mages and c onfigurations other upload wx add a wx switch to the network plan by copying its configuration from a live switch in the network. (see “adding a switch by uploading its configuration from the network” on page 165.) view operation log lists the task...
Page 351
Devices tab 351 device operations, cont. Actions reboot wx and aps reboot a wx switch and the maps it is managing. (see “rebooting wx switches or map access points” on page 358.) reboot aps reboot maps. (see “rebooting wx switches or map access points” on page 358.) manage device enable 3wxm managem...
Page 352
352 c hapter 10: m anaging wx s ystem i mages and c onfigurations toolbar options table 25 lists the options on the devices tab’s toolbar. Synchronizing local and network changes whenever configuration changes occur to a switch, 3wxm alerts you that changes have occurred. If a configuration change o...
Page 353
Synchronizing local and network changes 353 selecting review in local changes displays changes made in 3wxm. Selecting review in network changes displays changes that have occurred in the network. 5 to print the changes, click print. 6 click close to return to the managed devices tab. Accepting netw...
Page 354
354 c hapter 10: m anaging wx s ystem i mages and c onfigurations deploying switch configuration changes you can deploy changes immediately or schedule them to be deployed later. When you deploy changes to a wx, all of the changes are sent as a single transaction. If any parameter is unsuccessfully ...
Page 355
Synchronizing local and network changes 355 you can click close at any time after clicking deploy. The operation continues in the background. To review the status of the operation, use the operation log. (see “viewing the operation log” on page 360.) to schedule deployment of local changes 1 select ...
Page 356
356 c hapter 10: m anaging wx s ystem i mages and c onfigurations distributing system images you can use 3wxm to upgrade or downgrade the system image (mss software) on wx switches. System images include switch software and map software. Using the image repository use the image repository to add or ...
Page 357
Distributing system images 357 distributing system images you can distribute a system image to one or more wx switches in a network plan. To use a new system image, you must reboot the wx. For more information, see “rebooting wx switches or map access points” on page 358. 3com recommends that you us...
Page 358
358 c hapter 10: m anaging wx s ystem i mages and c onfigurations 7 edit the start date and time. (the date and time are based on the date and time on the machine where 3wxm services is installed.) 8 click finish. Rebooting wx switches or map access points you can use 3wxm to reboot wx switches and ...
Page 359
Enabling or disabling management of a switch by 3wxm 359 enabling or disabling management of a switch by 3wxm the devices tab lists managed switches and unmanaged switches separately. Managed switches can be deployed to the network and can be monitored by 3wxm services. Unmanaged switches can be con...
Page 360
360 c hapter 10: m anaging wx s ystem i mages and c onfigurations viewing the operation log the operation log displays information about the operations you perform using the devices options. To display the operation log 1 select the devices tool bar option. 2 at the bottom of the task list panel, se...
Page 361
Importing and exporting switch configuration files 361 importing and exporting switch configuration files you can import or export switch configuration files in extensible markup language (xml) format. The import option enables you to create a wx switch in the network plan by importing configuration...
Page 362
362 c hapter 10: m anaging wx s ystem i mages and c onfigurations 7 click import. The status of the import process appears in the status column. 8 click close to save the changes. 9 enable 3wxm to manage the switch. (see “modifying basic switch parameters” on page 172.) to export a configuration 1 s...
Page 363
Modifying configuration change polling options 363 modifying configuration change polling options by default, 3wxm client polls wx switches in the network every 15 minutes for network changes, and displays a popup message if changes are detected. The popup message is in addition to notification in t...
Page 364
364 c hapter 10: m anaging wx s ystem i mages and c onfigurations.
Page 365: Erifying
11 v erifying c onfiguration c hanges 3wxm uses a set of rules to verify wx switch configurations. Changes to a switch’s configuration in 3wxm or in the live network are automatically evaluated by comparing the changes to the rules. If the evaluation detects any error or warning conditions, the info...
Page 366
366 c hapter 11: v erifying c onfiguration c hanges details about the selected error or warning appear in the lower left section of the tab. The resolution section of the tab lists options for resolving the warning or error. Toolbar options table 27 lists the options on the event tab’s toolbar. Filt...
Page 367
Resolving an error or warning 367 to resolve an error or warning 1 select the error or warning message in the message column. 2 read the information in the error/warning details section. For some errors and warnings, this section contains information about how to resolve the error or warning. 3 if a...
Page 368
368 c hapter 11: v erifying c onfiguration c hanges to globally disable a warning or error 1 select an instance of the warning or error message. 2 in the resolutions section, click disable this rule for all instances. As soon as you click on this option, all instances of the message disappear from t...
Page 369
Resolving an error or warning 369 3com recommends that you do not deploy a network plan that contains configuration errors. Allowing configuration errors to be deployed to the network can affect network stability. 3 click close to place the changes into effect and close the dialog box. Disabling and...
Page 370
370 c hapter 11: v erifying c onfiguration c hanges 6 reenable the rule or instances: to reenable a rule all of whose instances are disabled, click on the checkbox in the enabled column. The disable all instances option is deselected. To reenable an individual instance of a rule, click on the checkb...
Page 371: Anaging
12 m anaging c ertificates a digital certificate is a form of electronic identification for computers. This chapter describes processing and managing certificates, and distributing pks #12 files. Overview a digital certificate is a form of electronic identification for computers. The 3com mobility s...
Page 372
372 c hapter 12: m anaging c ertificates processing certificates when 3wxm client connects to 3wxm services or to a wx switch that presents a certificate that is unknown to 3wxm client, the certificate check dialog box appears. The dialog shows information about the certificate and allows you to acc...
Page 373
Managing certificates 373 managing certificates after you have installed certificates, you can review a certificate or delete a certificate that is stored in the 3wxm certificate store. Reviewing certificate details after installing a certificate in 3wxm, you can see information such as the time fra...
Page 374
374 c hapter 12: m anaging c ertificates distributing certificates to wx switches you can use 3wxm to distribute certificates from pkcs #12 files to one or more wx switches. Although you can distribute one pkcs #12 file to many wx switches, as a best practice, you should install a unique certificate...
Page 375: Onfiguring
C onfiguring and a pplying p olicies a policy is a set of wx configuration parameters that you can define once in 3wxm and then apply to multiple wx switches. When you apply a policy to a set of wx switches, all parameter settings in the policy are applied to the switches and update the settings alr...
Page 376
376 c hapter 13: c onfiguring and a pplying p olicies viewing policies to view policies: 1 select the policies tool bar option. 2 to view the feature areas in the policy, click on the plus sign next to the policy name. Only the areas that are configured in the policy are listed. Click on the plus si...
Page 377
Configuring feature settings in a policy 377 configuring feature settings in a policy to configure feature settings in a policy: 1 if you have not already done so, use the procedure in “creating a policy” on page 376 to configure a policy and select the switches to which you want to apply the policy...
Page 378
378 c hapter 13: c onfiguring and a pplying p olicies table 28 feature categories for this feature area see... System features ip services “viewing and configuring ip services settings” on page 203 vlans, spanning trees and port groups “viewing and configuring vlans” on page 208 “changing stp port s...
Page 379: Sing
14 u sing the e vent l og 3wxm maintains a log of system events. The log contains messages generated by the following: wx switches in the network plan—messages generated by the wx switches in the network plan that are being monitored by the 3wxm service 3wxm services—messages generated by the 3wxm s...
Page 380
380 c hapter 14: u sing the e vent l og refreshing event data by default, the event data is refreshed whenever the 3wxm client generates a new message for itself, or receives a new message from the 3wxm services. To disable automatic refreshing of events, clear the auto-update checkbox and click app...
Page 381
Filtering event messages 381 filtering events by content when using the predefined filters, you can limit the events you see in event tab by specifying criteria such as ip address, date, or text in the log message. You can use advanced filters to further limit the events you see. To filter messages ...
Page 382
382 c hapter 14: u sing the e vent l og in the start box, click the arrow to use the calendar to specify the day, month, and year. Specify the end time. After—only events that occurred after a specified time in the start box, click the arrow to use the calendar to specify the day, month, and year. S...
Page 383
Filtering event messages 383 filtering events by severity you can limit the events you see in event tab based on event severity. 1 click on the severity tab. 2 select or clear the severity levels to display (the following descriptions are wx-based): emergency—the wx is unusable. Alert—action must be...
Page 384
384 c hapter 14: u sing the e vent l og creating and saving filters if you have specified additional criteria to filter the events, you can save the criteria as a stored custom filter. 1 in the stored filters group box, type a new filter name in the name box. 2 type a name for the filter (1 to 80 al...
Page 385: Enerating
15 g enerating r eports this chapter describes the reports you can generate with 3wxm: inventory mobility domain configuration wx configuration client summary client details client errors watch list client network usage rf summary radio details rogue summary site survey work order.
Page 386
386 c hapter 15: g enerating r eports overview the reports option of the 3wxm toolbar enables you to generate reports for network clients, rf usage, rogue devices, and 3com equipment. Configuration reports: inventory mobility domain configuration wx configuration client monitoring reports: client su...
Page 387
Generating an inventory report 387 generating an inventory report the inventory report lists the wx switches and map access points in a specific mobility domain or that do not belong to a mobility domain. To generate an inventory report 1 select the reports tool bar option. 2 in the report category ...
Page 388
388 c hapter 15: g enerating r eports generating a mobility domain configuration report the mobility domain configuration report lists information for all the wx switches in a mobility domain, including the vlans, radio and service profiles, and radius server groups and servers configured on the wx ...
Page 389
Generating a wx configuration report 389 generating a wx configuration report the wx configuration report lists configuration details for a wx switch. 1 select the reports toolbar option. 2 in the report category list, select configuration reports. 3 in the reports list, select wx configuration. 4 i...
Page 390
390 c hapter 15: g enerating r eports generating a client summary report the client summary report lists current client sessions. The data for this report comes from the 3wxm services. The enable client session collection option, located in the client monitor group box of the monitoring settings tab...
Page 391
Generating a client details report 391 5 select the instance for which you want the report. For example, if the scope is building, select the building. 6 to select or change the output directory for the report, click choose, navigate to the new directory, and click select. 7 to prevent 3wxm from rep...
Page 392
392 c hapter 15: g enerating r eports 4 click add to add a report filter. The filter configuration fields are activated. 5 click on the select field, and select one of the following from the drop-down list: user name ip address mac address 6 click on the value field. Erase the text in the field and ...
Page 393
Generating a client errors report 393 generating a client errors report the client errors report lists error statistics for current client sessions. The data for this report comes from 3wxm services. The enable rf trending option, located in the rf monitor group box, must be enabled. (see “changing ...
Page 394
394 c hapter 15: g enerating r eports generating a watch list client report the watch list client report lists session information and roaming history for clients on the watch list. The client must be on the client watch list. (see “managing the client watch list” on page 436.) 1 select the reports ...
Page 395
Generating a network usage report 395 session statistics ap statistics (see “using the client monitor view” on page 417 for information about the data columns in each section of the report.) generating a network usage report the network usage report lists network usage statistics. The data for this ...
Page 396
396 c hapter 15: g enerating r eports 8 to prevent 3wxm from replacing an existing report of the same type with this new report, click next to overwrite existing files to deselect this option. 9 click generate. 10 when the report is generated, click the report link to view it. The network usage repo...
Page 397
Generating a radio details report 397 7 to select or change the output directory for the report, click choose, navigate to the new directory, and click select. 8 to prevent 3wxm from replacing an existing report of the same type with this new report, click next to overwrite existing files to deselec...
Page 398
398 c hapter 15: g enerating r eports 8 click generate. 9 when the report is generated, click the report link to view it. (see “using the rf monitor view” on page 444 and “using the rf trends view” on page 449 for information about the data in each section of the report.) generating a rogue details ...
Page 399
Generating a rogue summary report 399 generating a rogue summary report the rogue summary report lists information about rogues. The data for this report comes from 3wxm services. The enable rogue detection option, located in the rogue detection group box of the monitoring settings tab, must be enab...
Page 400
400 c hapter 15: g enerating r eports 9 to prevent 3wxm from replacing an existing report of the same type with this new report, click next to overwrite existing files to deselect this option. 10 click generate. 11 when the report is generated, click the report link to view it. The report lists the ...
Page 401
Generating a work order 401 scroll down to view the mac address assignments for the los points. Use the instructions in the ekahau site survey initial setup section of the work order to set up the survey. When you import the floor map into the site survey tool, make sure you use the map name specifi...
Page 402
402 c hapter 15: g enerating r eports 7 to change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click select. 8 click generate. 9 when the report is generated, click view. A browser window containing the report opens. 10 optiona...
Page 403: Onitoring
16 m onitoring the n etwork this chapter describes how to use the 3wxm monitoring service. It includes information about monitoring service requirements, accessing monitored data, using the explore, status summary, client monitor, rf monitor, and rf trends windows, and accessing realtime performance...
Page 404
404 c hapter 16: m onitoring the n etwork the 3wxm services is configured to provide data for the explore and status summary windows by default. To provide data to the client and rf windows, you must enable the service to poll wx switches for client and rf data. You also can enable the service to re...
Page 405
Using the explore window 405 3 select an object in the organizer panel. Monitored data for the selected object is displayed. Using the explore window the explore view shows the status of 3com equipment within the scope of the object selected in the equipment or sites section of the organizer panel. ...
Page 406
406 c hapter 16: m onitoring the n etwork if you select a map access point, radio, wiring closet, or coverage area in the sites section of the organizer panel, the floor plan is displayed. The floor plan is displayed only if you add the floor to the site information in the network plan..
Page 407
Using the explore window 407 in either the link display or the floor display, the operational status of 3com equipment is indicated by the following colors: green — up yellow — up (but with minor service degradation) orange — up (but with major service degradation) red — down blue — unknown toolbar ...
Page 408
408 c hapter 16: m onitoring the n etwork table 34 lists the options on the toolbar in the floor display. Table 34 toolbar options in floor display of explore view icon description edit 3wxm preferences. Configure 3wxm services. Launch help. Zoom in. Zoom out. Refresh the information. Fit the view i...
Page 409
Using the explore window 409 threshold flags a red flag next to an object in the link view of the explore view indicates that a threshold for the object has been exceeded. The thresholds are defined by the 3wxm services. (see “changing 3wxm services preferences” on page 493.) for example, a red flag...
Page 410
410 c hapter 16: m onitoring the n etwork you can click on the object that has the red flag for more information. An asterisk indicates the statistic whose threshold was crossed. In the example below, the wx switch has a higher signal-to-noise ratio (snr) than specified for the threshold. Double-cli...
Page 411
Using the explore window 411 when a red flag appears in the explore view, the column for the statistic whose threshold was exceeded also turns red in the rf trends view..
Page 412
412 c hapter 16: m onitoring the n etwork displaying object details to drill down for more detailed information for an object in the explore view, double-click on the object. All monitor views, including the explore view itself, are updated to display information specifically about the selected obje...
Page 413
Using the explore window 413 the jagged appearance of the coverage area is normal and is caused by the rf obstacles around the radio. The rf obstacle information in the floor plan enables 3wxm to more accurately portray rf information for the network, including a radio’s coverage. If the coverage ar...
Page 414
414 c hapter 16: m onitoring the n etwork taking rf measurements in the floor plan display, you can take an rf measurement at any point on the floor plan. An rf measurement point indicates the rssi value for each 3com radio on the floor. To take an rf measurement 1 in the floor plan display of the e...
Page 415
Using the explore window 415 table 36 lists the rf measurement information that is displayed for the measurement point. Rf measurement point rssi measurements table 36 rf measurement information item value x (feet) distance in the x direction from the 0,0 coordinate (the upper left corner of the pan...
Page 416
416 c hapter 16: m onitoring the n etwork you can change the rssi options even after measurement data is displayed. The data is immediately updated. To take a new measurement, click on the new measurement point. The measurement data is immediately updated for the new measurement point. Using the sta...
Page 417
Using the client monitor view 417 using the client monitor view the client monitor view shows detailed information about client activity on the network. Client information is displayed in the following tabs: client activity — displays association and 802.1x information for the clients client session...
Page 418
418 c hapter 16: m onitoring the n etwork refreshing client data the data displayed in the client monitor view is refreshed at regular intervals (every 5 minutes by default). The data is refreshed based on the client monitor polling interval specified. (see “changing monitoring settings” on page 503...
Page 419
Using the client monitor view 419 the same counters appear when you select a site, building, or floor. Table 38 lists the data displayed on the client activity tab when a mobility domain is selected. The counters are incremented each time the 3wxm services receives a client activity trap generated b...
Page 420
420 c hapter 16: m onitoring the n etwork authentication failures number of times authentication for a client failed. Common causes of authentication failures include the following: user glob or mac address glob mismatch or unknown user invalid password radius server timeout authorization failures n...
Page 421
Using the client monitor view 421 data displayed when a switch, map, or radio is selected when a wx switch, map, or individual radio is selected in the organizer panel, the client monitor view’s client activity tab displays a row of information for each client activity trap generated by the selected...
Page 422
422 c hapter 16: m onitoring the n etwork table 39 lists the data displayed on the client activity tab when a wx switch, map, or individual radio is selected. The activity details section at the bottom of the view displays details for the selected row of information. The details differ depending on ...
Page 423
Using the client monitor view 423 table 40 activity details for association failure column description mac address mac address of the client. Failure cause cause of the association failure: already-exist cipher-mismatch cipher-rejected load-balance other switching-ssid wep-not-configured client loca...
Page 424
424 c hapter 16: m onitoring the n etwork client location mobility domain, wx switch, map access point, and radio that were dealing with the client. Session id id used by 3com equipment to track the session within the mobility domain. Auth server ip system ip address of the wx switch that was attemp...
Page 425
Using the client monitor view 425 authorization failure cause reason the authorization failure trap was generated: acl-mismatch crypto-type-mismatch end_date_mismatch location-policy mobility-profile-mismatch other ssid-mismatch start_date_mismatch timeofday-mismatch user-param vlan-tunnel-failure c...
Page 426
426 c hapter 16: m onitoring the n etwork auth protocol type 802.1x protocol used to authenticate the client: eap-tls md5 none pass-through peap client location mobility domain, wx switch, map, and radio that were dealing with the client. Session id id used by 3com equipment to track the session wit...
Page 427
Using the client monitor view 427 user access type authentication type that granted access: dot1x mac last-resort web table 44 activity details for client cleared column description user name username of the client. Mac address mac address of the client. Ssid ssid the client was associated with. Ses...
Page 428
428 c hapter 16: m onitoring the n etwork client ip address ip address of the client. Auth server ip system ip address of the wx switch that was attempting to authenticate the client. Note — the system ip address is listed even if the switch was using a radius server to authenticate the client. Ssid...
Page 429
Using the client monitor view 429 displaying client session information the client session tab displays session statistics. The data fields in the display depend on the scope: if a mobility domain is selected, a row of data is displayed for each wx switch in the mobility domain. If a wx switch, map,...
Page 430
430 c hapter 16: m onitoring the n etwork table 48 lists the data displayed on the client sessions tab when the scope is a mobility domain. Data displayed when a wx switch, map, or radio is selected when a wx switch, map, or individual radio is selected in the organizer panel, the client monitor vie...
Page 431
Using the client monitor view 431 displaying session details to display details for a user session, select the session in the client sessions list. Details for the session appear in the following tabs at the bottom of the window: session properties session statistics location history displaying sess...
Page 432
432 c hapter 16: m onitoring the n etwork table 50 session properties columns column description username username the client used to log on to the network. Mac address mac address of the client. Start time date and time when the session began. The date and time are based on the system date and time...
Page 433
Using the client monitor view 433 session state state of the user session: associated — user is authenticated using an 802.11 protocol and associated with a map. Authorizing — user is authenticated and is starting the aaa authorization process. Authorized — user is authorized. Active — user’s sessio...
Page 434
434 c hapter 16: m onitoring the n etwork displaying session statistics on the client sessions tab, select the session statistics tab at the bottom of the view. On the session statistics tab, you can select statistics for the map the client is associated with, or total statistics for the client’s en...
Page 435
Using the client monitor view 435 displaying session location history on the client sessions tab, select the location history tab at the bottom of the window. Each row represents a session with a 3com radio. When a client roams from one radio to another, the session on the radio the client is leavin...
Page 436
436 c hapter 16: m onitoring the n etwork sessions in the location history are sorted from newest to oldest, with the oldest session at the bottom of the list and the newest session at the top. Table 52 lists the information displayed on the tab. Managing the client watch list you can add clients to...
Page 437
Using the client monitor view 437 1 in the client monitor window, click on the window’s toolbar. The find clients dialog box appears. 2 select one of the following: find a specific user — to find a user using specific search attributes. Go to step 3. Find all users — to find all users. Go to step 4....
Page 438
438 c hapter 16: m onitoring the n etwork when specifying search criteria, you must provide an exact match. For a username, you can also specify the prefix of the username. For example, to find natasha@example.Com, you could specify the following: natasha@example.Com nat wildcards are not supported ...
Page 439
Using the client monitor view 439 7 to add a user to the watch list in the user management tab, select the add watch checkbox in the user row. Repeat for all users that you want to add to the watch list. 8 click finish. Displaying the client watch list to display the watch list, select the client wa...
Page 440
440 c hapter 16: m onitoring the n etwork details are displayed on the following tabs: session — displays the session properties, session statistics, and location history tabs. These are the same tabs displayed at the bottom of the client sessions tab. (for descriptions of the data they display, see...
Page 441
Using the client monitor view 441 when looking at graphed data, you can see the data in absolute or delta values. Delta (rate of change) values are calculated with the following equation: value at end of polling interval - value at beginning of polling interval time difference (in seconds) to change...
Page 442
442 c hapter 16: m onitoring the n etwork to improve the accuracy of the client location display, you can select up to six maps from the list. 3wxm uses the selected maps to calculate the location of the client. For best results, you should select the maps that have detected the client most recently...
Page 443
Using the client monitor view 443 5 the client is most likely in the vicinity of the area indicated by the red squares in the floor plan. The number in red on the legend (0.44 in this example) is the probability (44%) that the client is where the display indicates. 6 the list of maps that detected t...
Page 444
444 c hapter 16: m onitoring the n etwork using the rf monitor view the rf monitor view shows detailed rf information for each radio. Radio information is displayed in the following tabs: rf neighborhood — lists the other transmitting devices that the radio can hear. Ssid-bssid mapping — lists the m...
Page 445
Using the rf monitor view 445 displaying rf neighborhood information in the rf monitor view, select the rf neighborhood tab at the bottom of the window. The rf neighborhood tab lists the transmitters that can hear or are heard by the radio selected in the top section of the window. You can select th...
Page 446
446 c hapter 16: m onitoring the n etwork displaying the ssid-to-bssid mapping to display the ssids configured on a radio and their bssids, in the rf monitor window, select the ssid-bssid mapping tab at the bottom of the window. Bssid bssid detected by the radio. Note — this column displays a single...
Page 447
Using the rf monitor view 447 displaying the activity log the activity log displays rf auto-tuning and countermeasures activity for the radio. To display the activity log, in the rf monitor view, select the activity tab at the bottom of the window. Table 55 lists the information displayed on the tab...
Page 448
448 c hapter 16: m onitoring the n etwork displaying rf environment statistics to display rf environment statistics, in the rf monitor window, select the rf environment tab at the bottom of the window. Table 56 lists the information displayed on the tab. Table 56 rf monitor environment columns colum...
Page 449
Using the rf trends view 449 using the rf trends view the rf trends view shows current and past 802.11 statistics for radios. You can view statistics up to 30 days old, and display graphs of data trends. Table 57 lists the information displayed in the top section of the rf trends view. Pkt re-transm...
Page 450
450 c hapter 16: m onitoring the n etwork if the snr, associated clients, or receiver threshold column is red, this indicates that the threshold configured for this parameter has been exceeded. (see “changing monitoring settings” on page 503.) when looking at graphed data, you can see the data in ab...
Page 451
Accessing realtime performance statistics 451 to change how you view data values, select absolute to see absolute values or deltas to see rate-of-change values. Refreshing rf trend data the data displayed in the rf trends view is refreshed at regular intervals (every 5 minutes by default). The data ...
Page 452
452 c hapter 16: m onitoring the n etwork 2 select the scope to monitor from the list on the left side of the dialog box. 3 select the specific object(s) to monitor from the list on the right side of the dialog box. To select multiple contiguous objects, click shift while selecting. To select multip...
Page 453
Accessing realtime performance statistics 453 generally, the scope is an aggregate object, which means that it is made up of sub-objects. (the exception is when a scope is a set of ports.) when you see performance data for the aggregate object, you are seeing the sum of the data of the sub-objects. ...
Page 454
454 c hapter 16: m onitoring the n etwork for example, if the number of octets in is 11,101,288 at the beginning of the polling period, the number of octets in is 11,146,904 at the end of the polling period, and the time difference is 60 seconds, the delta value is 760.267. To change how you view da...
Page 455
Accessing realtime performance statistics 455 to reset counters in the current view for absolute values, you can reset the counters in the current view by clicking reset counters in view. Resetting counters applies to the current view only. The performance data continues to be collected. The view sh...
Page 456
456 c hapter 16: m onitoring the n etwork viewing data in percentages to see a set of objects in a particular category of data as percentages in a pie chart, click the percent tab. Data for the pie chart is captured when you click the tab and is based on the polling interval you selected. To see det...
Page 457
Accessing realtime performance statistics 457 exporting performance data you can export performance data (absolute values only) to a file in comma-delimited text (.Csv) format. To export data to a file 1 in the statistics tab, click export absolute. The export data dialog box appears..
Page 458
458 c hapter 16: m onitoring the n etwork 2 to specify a directory and name for the file, click choose. On linux systems, the default directory is the home directory of the user running 3wxm. 3wxm remembers the directory you select when you next access the export data dialog box. 3 to overwrite exis...
Page 459: Etecting
17 d etecting and c ombatting r ogue d evices this chapter discusses how to manage rogue devices that try to use your wireless network. Information includes an overview of detection features, enabling countermeasures, using the rogue detection tab, displaying a rogue’s geographical location, ignorin...
Page 460
460 c hapter 17: d etecting and c ombatting r ogue d evices rogue detection requirements rogue detection in 3wxm has the following requirements. The enable rogue detection option must be selected on the monitoring settings tab of the 3wxm services setup dialog. (see “changing monitoring settings” on...
Page 461
Rogue detection requirements 461 to use countermeasures, they must be enabled. You can enable them on an individual radio profile basis. (see “viewing and configuring radio profiles” on page 265.) mobility domain requirement rf detection requires the mobility domain to be completely up. If a mobilit...
Page 462
462 c hapter 17: d etecting and c ombatting r ogue d evices rogue detection lists rogue detection lists specify the third-party devices and ssids that mss allows on the network, and the devices mss classifies as rogues. You can configure the following rogue detection lists: permitted ssid list—a lis...
Page 463
Rogue detection lists 463 map radio detects wireless packet. No yes yes source mac in ssid in permitted ignore list? Device is not a threat. Ssid list? Yes oui in permitted vendor list? No source mac in attack list? No generate an alarm. Classify device as a rogue. No yes issue countermeasures (if e...
Page 464
464 c hapter 17: d etecting and c ombatting r ogue d evices using the rogue detection screen to display rogue information, select the rogue detection option in the main 3wxm tool bar. The rogue detection screen lists information about the rogue devices detected in the network. The rogue list section...
Page 465
Using the rogue detection screen 465 activity log — lists activity (appearance or disappearance) of the rogue selected in the rogue list. The entries in the activity log tab come from either of the following sources: notification data received from a switch 3wxm services, if they detect the appearan...
Page 466
466 c hapter 17: d etecting and c ombatting r ogue d evices filtering the rogue list by default, the rogue list contains all rogues detected during the most-recent polling interval, in all mobility domains in the network plan. You can change the filter criteria for which rogues are listed. To filter...
Page 467
Using the rogue detection screen 467 ad-hoc clients—wireless clients who are configured to communicate wirelessly outside of the network infrastructure. Ad-hoc clients are not necessarily malicious, but they do steal bandwidth from your infrastructure users. Ad-hoc clients are further categorized in...
Page 468
468 c hapter 17: d etecting and c ombatting r ogue d evices each rogue is listed only once, even if multiple entries for the rogue appear in the activity log tab. For example, if a rogue is detected during three polling intervals, separate entries for each polling interval appear in the activity log...
Page 469
Using the rogue detection screen 469 clients tab the clients tab lists details about the clients of rogue devices. To display client information for a rogue, select the rogue in the filtered list. Table 62 lists the information displayed on the clients tab. Table 61 listeners columns column descript...
Page 470
470 c hapter 17: d etecting and c ombatting r ogue d evices displaying a rogue’s geographical location if building and floor information for the site is modeled in the network plan, you can display the likely physical location of a rogue. 3wxm displays the floor plan for the floor where the rogue is...
Page 471
Displaying a rogue’s geographical location 471 2 select the client under the clients tab. 3 click on the toolbar. The device location screen appears, indicating the approximate location of the client. The client is most likely in the vicinity of the area indicated by the red squares in the floor pla...
Page 472
472 c hapter 17: d etecting and c ombatting r ogue d evices ignoring friendly third-party devices by default, when countermeasures are enabled, mss considers any third-party transmitter to be a rogue device and can send countermeasures to prevent clients from using that device. To prevent mss from s...
Page 473
Adding a device to the attack list 473 adding a device to the attack list an attack list is a switch’s list of ap mac addresses to attack whenever they are present on the network. 1 in the filtered list of rogues on the rogue detection screen, select the devices you want to attack. 2 click on the to...
Page 474
474 c hapter 17: d etecting and c ombatting r ogue d evices 3 enter the information for the ap and place the icon for the ap in its floor location, if applicable. (see “placing third-party access points” on page 132.) when you have finished, the ap appears under objects to place in rf planning. To d...
Page 475
Adding a rogue’s clients to the black list 475 adding a rogue’s clients to the black list the client black list is a switch’s list of mac addresses of wireless clients who are not allowed on the network. Mss prevents clients on the list from accessing the network through a wx switch. 1 in the filter...
Page 476
476 c hapter 17: d etecting and c ombatting r ogue d evices.
Page 477: Ptimizing
18 o ptimizing a n etwork p lan after you deploy a network plan to the 3com equipment in your live network, you can optimize the plan based on rf information from the network. The rf information can be from a site survey or from map radios. Site survey—rf measurements come from a site survey file ge...
Page 478
478 c hapter 18: o ptimizing a n etwork p lan 5 you can choose to import measurements from the network, a site survey file, or both: a if you want to use rf neighborhood information imported from a map in the network, click yes next to network. B if you want to import measurements from a site survey...
Page 479
Importing rf measurements 479 applying the rf measurements to the floor plan to apply the rf measurements to the floor plan: 1 under site survey in the task list panel, click optimize. A wizard appears, listing the progress of the request. The total number of rf measurements that did not intersect a...
Page 480
480 c hapter 18: o ptimizing a n etwork p lan the measurements reflect how well the measuring maps can hear one another, and do not directly measure how well clients can hear the maps. For example, if the maps are mounted on the ceiling, attenuation of their signals to one another might be less than...
Page 481
Locating and fixing coverage holes 481 6 on the toolbar, click the radio type for which you want to display coverage: you also can show coverage by right-clicking on the scope in the coverage areas section, then selecting show rf coverage. Coverage for the selected scope(s) is displayed. This exampl...
Page 482
482 c hapter 18: o ptimizing a n etwork p lan fixing a coverage hole after you import rf measurements, optimize, and display coverage, you can observe any wireless coverage holes in the network. To fix a coverage hole, use any of the following methods: lock the maps in place, and use the compute and...
Page 483: Hanging
A c hanging 3wxm p references this chapter discusses how to set 3com wireless lan switch manager (3wxm) client preferences. It describes how to reset preferences values and change options for network synchronization, user interface, persistence, tools, certificate management, rf planning, and 3wxm l...
Page 484
484 c hapter a: c hanging 3wxm p references changing network synchronization options by default, 3wxm checks for configuration changes, events, and status changes on wx switches. You can configure checking (also called polling) for configuration changes in the network made with the cli, web manager,...
Page 485
Changing persistence options 485 3 to enable a confirmation prompt after you close a wizard, select the warn checkbox. To disable the confirmation prompt, clear the warn checkbox. By default, if you close a wizard, a pop-up box appears, asking whether you want to close the wizard. (changes are lost ...
Page 486
486 c hapter a: c hanging 3wxm p references changing tools options you can change the telnet and web browser applications that start from the 3wxm tools menu. The default telnet application is microsoft telnet client. The default web browser is microsoft internet explorer. To change tools options: 1...
Page 487
Changing options for rf planning 487 to clear this option, clear always accept self-signed certificates. By default, this option is disabled. The 3wxm client accepts a certificate only if the certificate is signed by a certificate authority (ca). 4 click close to close the preferences dialog box, or...
Page 488
488 c hapter a: c hanging 3wxm p references for each scheme, you can change a color using any of the following methods: select a color from a predefined palette. Change the hue, saturation, and brightness (hsb) properties of a color. Change the red, blue, and green (rgb) properties of a color. To ch...
Page 489
Changing options for rf planning 489 in the preview box, you can see the swatches and text in the color you chose. The recent box shows the colors you have chosen so far. Click reset to choose the original predefined color and clear the recent box. 3 click ok to accept the color you last chose. The ...
Page 490
490 c hapter a: c hanging 3wxm p references 3 to change the saturation value, select the s option and do one of the following: in the s box, specify a value between 0 and 100 percent. Use the slider to specify the saturation value. 4 to change the brightness value, select the b option and do one of ...
Page 491
Changing 3wxm logging options 491 changing 3wxm logging options you can change the severity and type of 3wxm events that are logged. By default, the event logging level is set to critical, and all events are logged. These log settings apply to log messages generated by 3wxm. They do not apply to log...
Page 492
492 c hapter a: c hanging 3wxm p references.
Page 493: Hanging
B c hanging 3wxm s ervices p references this chapter discusses how to change 3wxm services preferences. Overview to set 3wxm services preferences, select tools > 3wxm services setup from the toolbar in the main 3wxm window. See the figure at the bottom of this page. This chapter describes how to cha...
Page 494
494 c hapter b: c hanging 3wxm s ervices p references the 3wxm services setup window contains a configuration area and a message area at the bottom. When you click save to implement changes you make on one of the window’s tabs, the monitoring service verifies the changes. If the changes are valid, t...
Page 495
Starting or stopping the 3wxm services 495 starting or stopping 3wxm services on windows systems you can start 3wxm services from within 3wxm or from windows services. 1 display the services window. Here is an example of the services window in windows xp. (the window might look differently on your s...
Page 496
496 c hapter b: c hanging 3wxm s ervices p references starting or stopping 3wxm services on linux systems you can start or stop the service by configuring the service as a daemon. After 3wxm services is started, you must enable the 3wxm client to access the service. (see “connecting to 3wxm services...
Page 497
Connecting to 3wxm services 497 connecting to 3wxm services if a firewall is enabled on the host where you install 3wxm services, 3wxm services will not be able to communicate with 3wxm client or with wx switches unless the firewall is configured to allow through traffic for the ssl and snmp ports (...
Page 498
498 c hapter b: c hanging 3wxm s ervices p references if the certificate check dialog is displayed, click accept. (for more certificate options, see the next section, “certificate check”.) if the finish button does not become available, read the last message in the message area of the page to determ...
Page 499
Verifying that the 3wxm client is receiving service data 499 to complete the connection 1 select one or both of the following options, within 60 seconds after the certificate check dialog is displayed: always accept self-signed certificates. — use this option to configure the 3wxm client to always a...
Page 500
500 c hapter b: c hanging 3wxm s ervices p references changing service settings the service settings control the connection parameters, key store information, and access control to 3wxm services. The port numbers used by 3wxm services must not be used by other applications on the machine where the 3...
Page 501
Changing wx connection settings 501 (for more information about this option, see “replacing a switch and reusing its configuration” on page 344.) 7 to change the name of the key store file that contains the encryption keys the 3wxm services uses for authentication with 3wxm, edit the name in the fil...
Page 502
502 c hapter b: c hanging 3wxm s ervices p references by default, 3wxm services accepts certificates from wx switches regardless of whether they are generated by a certificate authority (ca) or they are self-signed certificates. When you disable this option, the accept self-signed certificates optio...
Page 503
Changing monitoring settings 503 changing monitoring settings by default, status monitoring and monitoring of wx notifications is enabled. Status monitoring supplies data for the explore and status summary windows of the monitor tab. Snmp notifications (traps) generated by wx switches supply data fo...
Page 504
504 c hapter b: c hanging 3wxm s ervices p references to change monitoring settings to change monitoring settings, use the following procedure. 1 select tools > 3wxm services setup. The 3wxm services setup dialog box appears. 2 click the monitoring settings tab. 3 to change the number of minutes bet...
Page 505
Accessing the 3wxm services log 505 max receiver adjustment specifies the maximum amount a radio’s hearing sensitivity can increase without triggering a tca. You can specify from 0 to 20 decibels (db). The default is 6 db. When a tca is triggered, the alert is displayed as a red flag in the link vie...
Page 506
506 c hapter b: c hanging 3wxm s ervices p references managing network plans 3wxm services regularly backs up network plans, at configurable intervals. In addition to these regular backups, you can create a backup at any time. You can create a backup from within 3wxm or at a command line. From withi...
Page 507
Managing network plans 507 changing backup settings to change settings for automatic backups 1 access the backup/restore dialog. 2 to change how often 3wxm automatically backs up network plans, select hourly or daily from the backup interval drop-down list. If you select daily, specify the time to c...
Page 508
508 c hapter b: c hanging 3wxm s ervices p references 5 type the ip address of the host where the other instance of 3wxm services is installed. 3wxm services must be running on the host to which you want to transfer the backup. 6 if the port on which the other instance of 3wxm services listens for t...
Page 509: Btaining
C o btaining s upport for y our 3c om p roducts 3com offers product registration, case management, and repair services through esupport.3com.Com . You must have a user name and password to access these services, which are described in this appendix. Register your product to gain service benefits to ...
Page 510
510 a ppendix c: o btaining s upport for y our 3c om p roducts purchase extended warranty and professional services to enhance response times or extend your warranty benefits, you can purchase value-added services such as 24x7 telephone technical support, software upgrades, onsite assistance, or adv...
Page 511
Contact us 511 telephone technical support and repair to obtain telephone support as part of your warranty and other service benefits, you must first register your product at: http://esupport.3com.Com/ when you contact 3com for assistance, please have the following information ready: ■ product model...
Page 512
512 a ppendix c: o btaining s upport for y our 3c om p roducts pakistan call the u.S. Direct by dialing 00 800 01001, then dialing 800 763 6780 sri lanka call the u.S. Direct by dialing 02 430 430, then dialing 800 763 6780 vietnam call the u.S. Direct by dialing 1 201 0288, then dialing 800 763 678...
Page 513
Contact us 513 us and canada — telephone technical support and repair all locations: network jacks; wired or wireless network interface cards: all other 3com products: 1 847-262-0070 1 800 876 3266 country telephone number country telephone number.
Page 514
514 a ppendix c: o btaining s upport for y our 3c om p roducts.
Page 515: Ndex
I ndex numbers 3com knowledgebase tool 509 3com professional services 510 3com resources, directory 511 3wxm restricting access to 52 software requirements 23 uninstalling unix and linux systems 30 3wxm client installing 24, 26 3wxm monitoring service installing 26 3wxm service installing 24 802.1q ...
Page 516
516 i ndex diagnostics 200 directory of 3com resources 511 distributed map auto-ap profile 271 distributed maps mapping acls to 230 distributing system images 356 distributing wx software images 357 dns (domain name system) configuring 205 drawing cropping, paper space 86 e e-mail support 510 engine...
Page 517
I ndex 517 scheduling deployment 355 synchronizing 352 verifying 365 local configuration changes deploying 354 undoing 353 local user database 289 location policies configuring 327 location policy defined 327 location policy rules defined 327 log files installation 27 logging configuring 200 setting...
Page 518
518 i ndex port fast convergence 214 port groups definition 186 link redundancy 186 ports mapping acls to 230 network 178 wired authentication 181 power, optimal 149 preferences certificate management 486 logging 491 network synchronization 484 resetting all preferences 483 resetting tab values 483 ...
Page 519
I ndex 519 managing 347 system images distributing 356 system information, configuring 175 system logs managing 200 t table of 3com support contact numbers 510 tag type 211 technical support, asia and pacific rim 511 technical support, europe, middle east, and africa 512 telephone support 510 teleph...
Page 520
520 i ndex.