3Com OfficeConnect WX1200 Release Note

Other manuals for OfficeConnect WX1200: User Manual, Command Reference Manual, Configuration Manual, Hardware Installation Manual, Reference manual, Command Reference Manual, Quick Start Manual, Quick Start Manual, Quick Start Manual, Reference Manual

Manual is about: Wireless LAN Mobility System Wireless LAN Switch and Controller

Page of 28

Download

Print this page

Bookmark us

Part No. 735-9502-0008, Revision C

Published November 2004

IRELESS

LAN S

WITCH

AND

ONTROLLER

MSS V

ERSION

3.0 R

ELEASE

OTES

Related Documentation

Please use these notes in conjunction with the following

documents:

■

Wireless LAN Switch and Controller Quick Start

Guide

■

Wireless LAN Switch and Controller Installation and

Basic Configuration Guide

■

Wireless LAN Switch and Controller Configuration

Guide

■

Wireless LAN Switch and Controller Command Refer-

ence

You can obtain the latest technical information for

these products, including a list of known problems and

solutions, from the 3Com Knowledgebase:

http://knowledgebase.3com.com

Software License Agreement

Before you use these products, please ensure that you

read the license agreement text. You can find the

license.txt file on the CD-ROM that accompanies your

product, or in the self-extracting exe that you have

downloaded from the 3Com Web site.

Points to Note when using the WX1200 and

WX4400

Follow these best-practice recommendations during

configuration and implementation to avoid or solve

issues you might experience.

System Configuration Best Practices

3Com strongly recommends that you use 3Com Wire-

less Switch Manager (3WXM) for archiving and version

control of network-wide wireless LAN switch configura-

tions. 3Com also recommends that you archive the

CLI-based configuration files of individual WX switches

by copying the configurations to a server.

Client and AAA Best Practices

Follow these best-practice recommendations during

configuration and implementation to avoid or solve

issues you might experience.

Get Clients and AAA Working First

The greatest majority of installation issues are related to

clients and AAA server (authentication, authorization,

and accounting) operation. 3Com recommends first

establishing a baseline of proper operation with a sam-

pling of wireless clients and the AAA server you plan to

1 2 3 4 5 6 7 Next › »

Summary of OfficeConnect WX1200

Page 1
Part no. 735-9502-0008, revision c published november 2004 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes related documentation please use these notes in conjunction with the following documents: ■ wireless lan switch and controller quick start guide ■ wireless lan switch and...
Page 2
2 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes use. Working out client and aaa configuration meth- ods first provides valuable information as you scale the deployment. The selection of client and aaa server software will depend heavily on the requirements of your deploy- me...
Page 3
Points to note when using the wx1200 and wx4400 3 specific eap protocols or specific radius servers, so we have only documented the differences in encryp- tion type. Entries that have both windows 2000 and windows xp listed together have the same results for both operating systems. A result of pass ...
Page 4
4 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes driver dependant behavior some clients prefer a beaconed clear ssid to their configured ssids. If you configure mss to beacon a clear ssid, some client adapters prefer this beaconed ssid over the ssids they are configured to us...
Page 5
Points to note when using the wx1200 and wx4400 5 ■ microsoft has extensive documentation on how to configure and use wireless 802.1x authentication in an active directory environment, published on their website. You can start with microsoft’s wi-fi center at: www.Microsoft.Com/windowsserver2003/tec...
Page 6
6 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes ■ microsoft has extensive documentation on how to configure and use wireless 802.1x authentication in an active directory environment, published on their website. Most of this documentation is geared towards windows xp, but bot...
Page 7
Points to note when using the wx1200 and wx4400 7 tion, you might need to install microsoft hotfix kb829116. You must contact microsoft technical support for this hotfix. It is not available from their website. Funk odyssey ■ the funk odyssey client is required when you require wpa support on window...
Page 8
8 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes configuring computer authentication on the client is simple, though it requires the use of the microsoft 802.1x client built-in to windows xp and windows 2000. Keep the following information in mind when configuring computer au...
Page 9
Points to note when using the wx1200 and wx4400 9 computer authentication also requires specific con- figuration considerations on the wx switch: ■ the username of a computer authentication con- nection will be in the form of host/fully-quali- fied-domain-name, for example host/bob-laptop.3com.Com o...
Page 10
10 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes authenticate with network services and logon to their local pc. ■ a pass result for 3com vsas indicates that the vsas were able to be added to the radius server manually. Future versions of steel belted radius and freeradius a...
Page 11
Points to note when using the wx1200 and wx4400 11 access are authorized to join the same vlan from dif- ferent ssids. This configuration might allow a hacker to more quickly discover keys by listening to both the encrypted traffic and unencrypted traffic for compari- sons. You can either use the ms...
Page 12
12 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes ■ access to 3wxm. To secure access, configure user accounts within 3wxm. ■ access to the 3wxm monitoring service. To secure access, configure user accounts within the moni- toring service. ■ do not use passwords that are easy ...
Page 13
Points to note when using the wx1200 and wx4400 13 ■ use an enable password that follows the password recommendations given above. ■ use a ca-signed certificate instead of a self-signed certificate on the wx switch. If a user’s client does not trust the certificate, the user might experience an addi...
Page 14
14 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes distributed map best practice when using stp a distributed map is a leaf device. You do not need to enable stp on the port that is directly connected to the map. If spanning tree protocol (stp) is enabled on the port that is d...
Page 15
Points to note when using the wx1200 and wx4400 15 face on the wx switch or disable igmp proxy reporting. To disable proxy reporting, use the com- mand set igmp proxy-report disable. Disabling proxy reporting can increase igmp over- head traffic to the multicast router. ■ enable the igmp querier onl...
Page 16
16 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes ■ set authentication last-resort ssid any local ■ set authentication last-resort wired local mss creates user last-resort-any but does not create the required last-resort authentication rules. If you do not use wired authentic...
Page 17
System parameter support 17 documented range for rf auto-tuning interval is incorrect. (18575) the mss version 3.0 manuals state that the range for seconds in the following command is 0 to 65535. Set radio-profile name auto-tune channel-inter- val seconds the valid range is actually 0 to 100000 seco...
Page 18
18 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes known problems system configuration issues configuration of a wx4400 port for wired authentication does not work properly. (18531) though possible to configure, it can result in a system reset. Generating an ssh key causes err...
Page 19
Known problems 19 to create the vlan, clear the mobility domain config- uration from the switch, create the vlan, then con- figure the mobility domain again. The set port poe port-list disable command might not disable poe. (17624) on rare occasions (one in about 20 times), the set port poe port-lis...
Page 20
20 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes domain can interfere with communication among the switches. (16910) if the mobility domain contains intermediary switches or routers that use a router redundancy protocol, wx switches that communicate through those intermedi- ...
Page 21
Known problems 21 time. This can occur if the dhcp server that responds to the dhcp request after the second reboot is not the same server that responded to the first request. This issue does not prevent the map from operating normally but can make managing the map more diffi- cult if the address th...
Page 22
22 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes to restore the intended configuration, restart the switch. Ssl connections to a wx switch from 3wxm or web manager can occasionally fail. (17772) if this issue occurs, mss generates log messages such as the following: httpd ja...
Page 23
Known problems 23 web manager—access using netscape or mozilla ssl can stop working. (15675) if you use netscape or mozilla to access web man- ager, the connection can stop working. Generally, this occurs only after many days of use. When this occurs, the wx generates tcp_ssl log messages. This issu...
Page 24
24 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes this issue is cosmetic only and does not invalidate the information in the other lines of the display. Snmp—the clientauthserverip element in the authorization success trap (clientauthorizationsuccesstraps) is not in dotted de...
Page 25
Known problems 25 cli allows set authentication dot1x command with invalid combination of pass-through and local options. (15562) the cli allows you to enter a command such as the following: set authentication dot1x ssid any * pass-through local the pass-through and local aaa methods are mutu- ally ...
Page 26
26 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes deleting a user group or mac user group does not delete membership from its members. (14833) if you type the clear usergroup or clear mac-user- group command to delete a user group or mac user group, the display aaa command sh...
Page 27
Known problems 27 web aaa client who fails authorization does not receive a failure message. (17901) if a user attempts to log in to the network on a web aaa login page served by the wx switch, but fails authorization, the user does not receive a message indicating that they have been denied access....
Page 28
28 w ireless lan s witch and c ontroller mss v ersion 3.0 r elease n otes this issue is cosmetic only and does not prevent mss from properly ingesting the certificate. Session issues the display session network wired command does not list wired authentication sessions. (17829) if you use the wired o...