- DL manuals
- 3Com
- Wireless Access Point
- WL-463
- User Manual
3Com WL-463 User Manual
Summary of WL-463
Page 1
Http://www.3com.Com/ http://www.3com.Com/support/en_us/productreg/frontpg user guide wireless lan access points 8250/8750/8850 3crwe825075a 3crwe875075a 3crwe885075a (models wl-450, wl-463, wl-464) part no. Dua82507-5aaa01 published april 2005.
Page 2
3com corporation 350 campus drive marlborough, ma 01752-3064 copyright © 2005 3com corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written pe...
Page 3: Introduction
Contents 1 introduction product features 2 security 2 performance and reliability 3 dual g radio support 3 virtual access point (vap) support 3 wds bridging and spanning tree protocol (stp) support 4 manageability 5 wireless network standards 5 802.11g 5 802.11a 6 standard network configuration and ...
Page 4: System Configuration
Mounting on a wall 22 flat surface installation 24 selecting and connecting a different antenna model 25 power settings on the access point for external antennas 26 installing software utilities 27 3 system configuration using the 3com wireless device manager 29 launching a wireless device configura...
Page 5: Troubleshooting
Administration 48 wds/stp settings 49 configuration guidelines 50 radio bridge roles 50 bridge address entry 50 scanning for wds links 51 configuring spanning tree protocol settings 51 system log 52 status 53 radio interface 54 radio settings 54 virtual access point (vap) configuration 54 enabling v...
Page 7: Ntroduction
1 1 i ntroduction the 3com® wireless lan access points 8250, 8750, and 8850 offer a dual-mode architecture that supports 802.11g, 802.11a and 802.11b wireless users on a single device. This means you can mix and match radio bands to meet different coverage and bandwidth needs within the same area. D...
Page 8: Roduct
2 p roduct f eatures access point 8250—creates an enterprise-class wireless lan supporting up to 250 simultaneous users. The single wireless interface 802.11g 2.4 ghz, 54-mbps access point upgrades to 802.11g-802.11a dual mode with optional upgrade kit. The access point also supports two radios and ...
Page 9
3 p erformance and r eliability 3com wireless access point performance features ensure reliable and seamless connections for users wherever they roam: automatic channel selection automatically finds the least loaded channel for interference-free communication. Auto network connect and dynamic rate s...
Page 10
4 wds bridging and spanning tree protocol (stp) support a distribution system (ds) is a network (typically a wired network) that interconnects separate access points into a single lan. With wds, the interconnection no longer needs to be physically wired. Wds uses the wireless medium to interconnect ...
Page 11: Ireless
5 for added security, the ap 8250 supports aes encryption over the wds link. Additionally, spanning tree protocol (stp) support prevents loops from being formed on the network. For more information on these items, see the wireless lan access points user guide. For wds and stp configuration instructi...
Page 12: 802.11
6 implementing a complete wireless lan solution, including bridges, gateways, access points and clients; wi-fi certification guarantees compatibility among vendors providing access to hot spots in public spaces such as coffee shops or university cafeterias 802.11 a 802.11a operates at the 5 ghz band...
Page 13: Tandard
7 s tandard n etwork c onfiguration and p lanning the wireless solution supports a stand-alone wireless network configuration as well as an integrated configuration with 10/100 mbps ethernet lans. The wireless network cards, adapters, and access point can be configured as: ad hoc for departmental or...
Page 14: Lan
8 a wireless infrastructure can be used for access to a central database, or for connection between mobile workers, as shown in the following figure. I nfrastructure w ireless lan for r oaming w ireless pc s the basic service set (bss) is the communications domain for each access point. For wireless...
Page 15: Dvanced
9 a dvanced n etwork c onfiguration and p lanning virtual access point (vap) and wds bridging capabilities allow the access point to be integrated into many new network configurations. Some common configurations are explained briefly in this section: public/private access point service remote buildi...
Page 16
10 the 802.11g radio at the remote location can be configured with any security configuration desired, including open security or full wpa security with 802.1x client authentication and aes encryption. Required products to use this configuration, you need the following products: root-bridge 802.11a/...
Page 17: Ap8250
11 r emote b uilding w ireless a ccess with the ap8250 and 802.11 g u pgrade k it this installation scenario describes one layer of bridging with one root-bridge and one child bridge. This scenario is common, for example, in schools or universities where students or professionals in remote buildings...
Page 18
12 required products to use this configuration, you need the following products: root bridge ap8250 or ap7250 (3crwe825075a or 3crwe725075a) ultra low loss cable (3cwe580 or 3cwe581 or 3cwe582) 8 dbi omnidirectional antenna (3cwe491) each remote location (child bridge) ap8250 (3crwe825075a) 802.11g ...
Page 19: Erminology
13 t erminology access point—an internetworking device that seamlessly connects wired and wireless networks. Ad hoc—an ad hoc wireless lan is a group of computers, each with lan adapters, connected as an independent wireless lan. Backbone—the core infrastructure of a network. The portion of the netw...
Page 20
14 vap—virtual access point. An access point radio capable of operating as two separate access points. Vlan—virtual local area network. A lan consisting of groups of hosts that are on physically different segments but that communicate as though they were on the same segment. Wep—wired equivalent pri...
Page 21: Nstalling
15 2 i nstalling the a ccess p oint this equipment must be installed in compliance with local and national building codes, regulatory restrictions, and fcc rules. For the safety of people and equipment, this product must be installed by a professional technician/installer. I nstallation r equirement...
Page 22: Ower
16 to access and use the web configuration management system, you need a computer that is running internet explorer 5.0 or newer and one of the following operating systems: windows 98, windows me, windows nt 4.0 service pack 6, windows 2000, or windows xp. It is recommended that this computer become...
Page 23: Eciding
17 d eciding w here to p lace e quipment and p erforming a s ite s urvey the access point is ideally designed for vertical installation on a wall surface, but can also be flat-surface mounted in an elevated location where it will not be disturbed. Ceiling installation is not recommended. Whether you...
Page 24: Efore
18 configuring a wireless lan can be as easy as placing a 3com wireless access point in a central area and making the necessary connections to the ap and the clients. However, installing multiple access points may require more planning. Using the 3com site survey tool (located on the installation cd...
Page 25: Onnecting
19 c onnecting the s tandard a ntennas the access point 8250 and access point 8750 are supplied with standard detachable antennas. These should be attached before the access point is installed. If using an alternate antenna, see “selecting and connecting a different antenna model” on page 25. 1 care...
Page 26: Onnecting
20 c onnecting p ower it is advisable to connect the power and check the ethernet cables and leds before installing the unit in a hard-to-reach location. The access point complies with the ieee 802.3af power-over-ethernet standard. It receives power over a standard category 5 straight (8-wire) ether...
Page 27: Lan P
21 u sing the p ower s upply the power supply can be located at any point between the access point and the lan access port, wherever a convenient power outlet exists. If you supply your own ethernet cable for connecting power, be sure that it is standard category 5 straight-through (8-wire) cable th...
Page 28: Hecking
22 c hecking the led s when power is connected, the access point leds light. The illustration and the following table describe the leds and their functions. M ounting on a w all the access point comes equipped with all the necessary hardware for mounting on a wall, including a mounting plate. For a ...
Page 29
23 1 install the mounting plate as shown in the following illustration, on either a stud (or other hard wall surface), or onto drywall. Allow for a clearance of at least 25 cm (10 inches) between the ceiling and the top of the mounting plate. Make sure that the “a” side on the mounting plate is up. ...
Page 30: Lat
24 3 position the access point at an angle to the mounting plate bayonet connection and turn the unit clockwise until it snaps into place, as shown below. F lat s urface i nstallation the access point can also be placed on a flat surface such as a table, desktop or filing cabinet. Do not install the...
Page 31: Electing
25 s electing and c onnecting a d ifferent a ntenna m odel the standard detachable antennas supplied with the access point are suitable for a broad variety of environments. If you require a different type of antenna for the access point, several options are available by model number from the 3com we...
Page 32: Ower
26 3 connect one end of the optional antenna cable to the antenna and secure the antenna in place. 4 connect the free end of the antenna cable to the right-hand side connection on the access point, as shown in the illustration above. 5 make certain that the antennas and antenna masts are appropriate...
Page 33: Nstalling
27 i nstalling s oftware u tilities the installation cd includes documentation and software utilities to help you set up and administer the wireless components of your network. To view product documentation, select view the documentation from the cd startup menu and then select the item you wish to ...
Page 34
28.
Page 35: Ystem
29 3 s ystem c onfiguration the access point can be configured using a web browser that has java support (internet explorer). Using the web management interface, you can configure the access point and view statistics to monitor network activity. The 3com wireless infrastructure device manager helps ...
Page 36
30 the tree lists all wlan service areas on the network and expands to show the 3com wireless lan devices that are associated to each service area. Devices in a different subnet than your computer are identified with exclamation points (!). You can refresh this display by clicking refresh. You shoul...
Page 37: -Ip C
31 u sing the p re -ip c onfiguration w izard you can only configure devices that are on the same subnet as your computer. To configure a device on a different subnet, you must first assign it an ip address on the same subnet as your computer. After you launch the configuration, you can change setti...
Page 38: Asic
32 b asic s etup for a basic configuration, use the setup wizard as described below. At any time, you can click home to return to the home page of the configuration interface. If you want to configure more advanced features, click advanced setup in the home page. 1 in the home page, click setup wiza...
Page 39: Dvanced
33 a dvanced s etup the advanced setup pages allow you to configure features that are not available in the basic setup wizard. On the home page, click advanced setup to open the advanced setup menu. After making selections and entering data on each page, click apply to save the changes. The followin...
Page 40
34 w eb s ervers this option controls whether the web management interface is enabled. There are two protocols available for web server connection: http—sends data unencrypted over the network. Https—uses secure socket layer (ssl) technology to encrypt information between the access point and the we...
Page 41: Radius
35 disable—the access point does not monitor the wired network, and therefore, the radio interface does not shut down due to a broken ethernet link. This is the default setting. Enable—the access point monitors the ethernet link and shuts down radios if the link is broken. Host ping enable—when enab...
Page 42
36 the access point uses the secondary accounting server if a failure is detected in the primary accounting server. It continues to use the secondary accounting server until it fails, in which case it returns to sending data to the primary accounting server. In the radius authentication section, ent...
Page 43: Uthentication
37 a uthentication the authentication page allows you to configure the type of upper-layer authentication the access point uses for wireless clients. This authentication setup is applicable for both radio interfaces. Access is checked against the mac address authentication database stored on the acc...
Page 44
38 required — clients authenticate to a radius server via the access point. Clients are not allowed onto the wired lan until authentication is successful. If two radios are installed and wpa is being used, both radios’ security must be set to “wpa authentication over 802.1x” for the wpa key manageme...
Page 45
39 local mac authentication—client computers can be filtered using the unique mac addresses of their network cards. To build the mac authentication table, enter a mac address in the space provided, choose the permission, and click update. Mac addresses are listed in the mac authentication table in t...
Page 46: Ilter
40 f ilter c ontrol the filter control page allows you to control client communication within the wireless network. You may enable one or more types of supported filtering; however, some filter choices may supersede others. Configure the options as described below. When you are finished, click apply...
Page 47: Mac A
41 s ecurity f ilters these options allow you to block communication among wireless clients (client-to-client blocking) and prevent wireless clients from performing access point administration. Ethernet broadcast storm control—this option allows users to limit broadcast/multicast traffic coming from...
Page 48
42 for security reasons it is desirable to block client to client communications for wireless clients associated with an access point (ap). It is also desirable to block client to client communications between clients associated with different ap’s on the local sub net. For instance an airport may h...
Page 49: Snmp
43 snmp use the snmp page to display and enter a community string for the simple network management protocol (snmp). To communicate with the access point, the snmp agent must first be enabled and the network management station must submit a valid community string for authentication. You can set up t...
Page 50
44 trap destination 3—select enable to set up a third trap manager to receive these messages. Ip address—fill in the ip address box for the third trap manager that will receive these messages. Community name—fill in the community string box for the third trap manager that will receive these messages...
Page 51: Snmp U
45 snmp u sers security configuration is accomplished by managing groups and users. There are three default groups that correspond to three available security levels: default groups ro (read-only) group rw auth (read-write) group rwpriv (read-write) group default security levels noauthnopriv (no aut...
Page 52
46 users can be created and placed into a group. There are two parameters to configure: authentication and privacy. The selected authentication and privacy policy must match the group security level. For example, if an snmp user is configured for md5 authentication and its group does not allow authe...
Page 53: Snmp T
47 snmp t argets this table is used to select the management targets for receiving notifications, as well as the type of notifications that should be sent. Target id—the name that identifies the target. Ip address—the ip address of the target. Udp port—the udp port number of the target. Snmp user—th...
Page 54: Dministration
48 a dministration the administration page allows you to perform access point management tasks as described below. Change password—a password is required to configure the access point. Enter the user name and new password in the spaces provided and click apply. It is recommended that you change the ...
Page 55: Wds/stp S
49 to back up a configuration — type the ip address of the tftp server and a name for the backup file in the spaces provided. Click basic (to save a partial configuration) or complete (to save an entire configuration) and click backup configuration. To restore a configuration — type the ip address o...
Page 56
50 c onfiguration g uidelines before configuring the wds settings, review the following guidelines: only vap1 in each radio interface can be specified to set up the wds link. (there are two virtual access points (vaps) for each radio interface on the access point—vap1 and vap2. Vap1 is designated as...
Page 57: Wds L
51 bridge child—enter the mac address of the bridge child. The bridge child must have the current access point configured as the bridge parent. The mac address can be in either ff:ff:ff:ff:ff:ff , ff-ff-ff-ff-ff-ff , or ffffffffffff format. Leave this field blank or enter 00-00-00-00-00-00 if there ...
Page 58: Ystem
52 bridge hello time (1-10 sec.)—enter a value to determine how often the access point broadcasts the hello message. Bridge forwarding delay (4-30 sec.)—enter a value to determine how long the access point remains in listening and learning states before its ports enter the forwarding state. Link con...
Page 59: Tatus
53 to use the access point as an sntp server: select sntp server disable, specify time values in the spaces provided, select the time zone from the pull-down list. If you select enable daylight saving, the time adjusts automatically for standard and daylight savings time. When the sntp server settin...
Page 60: Adio
54 channel—displays the radio channel that the station is using. Bssid—the basic service set identifier of the station. This is the mac address of the broadcasting radio. Sta role—describes the role of a nearby 3com access point (model 7250, 8250, 8500, 8700, or 8750) if the access point is running ...
Page 61
55 to enable vap service: 1 open the radio settings page for the radio interface you want to configure. 2 click enabled next to vap1 to enable a single vap. 3 click enabled next to vap2 to enable a second vap. 4 configure the following information for each vap: ssid—enter the service set id (up to 3...
Page 62
56 c hanging r adio s ettings some radio settings are available only on the 802.11a radio, as noted in the descriptions below. To change radio settings on a vap, select a vap from the list to display its current configuration. When you are finished configuring items on this page, click apply. Countr...
Page 63
57 maximum transmit data rate—select the appropriate data rate from the drop-down list for the data transfer speed running on your network. (802.11b default: 11 mbps.) in order to reach all clients, this rate should be set lower (for example, 1 or 2 mbps on an 802.11b radio). To isolate clients that...
Page 64: Ecurity
58 the access points contending for the medium may not be aware of each other. The rts/cts mechanism can solve this hidden node problem. (default: 2346) preamble length (802.11g and 802.11b only)—ieee 802.11 frames begin with an alternating pattern of 1s and 0s called the preamble, which tells recei...
Page 65
59 the access point and the wireless devices must have the same encryption settings to communicate. You can choose to allow only clients using wpa encryption, or you can allow both wpa and wep clients. The following sections describe how to configure each type of encryption. When you are finished co...
Page 66
60 the 802.1x wireless setup on the authentication page should be set as follows: if only one radio is installed, and “wpa pre-shared key (psk)” is selected on the security page, then the 802.1x wireless setup can be either “disabled” or “supported” on the authentication page. If only one radio is i...
Page 67: Setup
61 128-bit—each key contains 26 hexadecimal digits or 13 alphanumeric characters. 152-bit—each key contains 32 hexadecimal digits or 16 alphanumeric characters. 3com passphrase—this encryption string is for use only with other 3com wireless lan devices. It is a case-sensitive string between 6 and 30...
Page 68: Setup
62 b encryptionis enabled c wpa configuration required “allow only wpa clients” is left unchecked. D cipher mode is set to wep. E wep configurationhas at least one valid wep key. F click on apply. 11 the access point is now configured for radius authentication. H ow to setup the access point for wpa...
Page 69: Setup
63 d cipher mode is set to aes/tkip/wep (wep cipher mode is intended only for support of legacy clients. If only wpa clients are on the network, choose aes or tkip for increased security). E wep configurationhas at least one valid wep key. F wpa key managementset to wpa authentication over 802.1x. G...
Page 70: Wpa C
64 h click on apply. 8 the access point is now configured for wpa pre-shared key. Wpa c onfiguration for w indows xp the following table shows how to configure the access point to support the various authentication and encryption options available for windows xp wireless zero configuration. The foll...
Page 71
65 wpa aes not available on 8200 tkip open system (for 8750) enable wpa configuration: required multicast cipher mode: aes wpa key management: wpa 802.1x wep open system enable wpa configuration: required multicast cipher mode: wep wpa key management: wpa 802.1x wpa-psk aes not available on 8200 ope...
Page 72
66.
Page 73: Roubleshooting
67 4 t roubleshooting if you have difficulty with the 3com wireless lan access point, first check the following items in the configuration: radio settings page: ensure that the ssid is the same on clients and the access point. Security page: ensure that encryption is the same on clients and the acce...
Page 74
68 no operation. Verify the access point configuration. Review access point firmware revisions and update firmware if necessary. Make sure that there are no duplicate ip addresses on the network. Unplug the access point and ping the assigned address to make sure that no other device responds to that...
Page 75
69 while you are configuring the access point, the configuration management system stops responding. To maintain wireless association, the service area and the security settings on the client and the access point must match exactly. Therefore, if you are associated with the access point that you are...
Page 76
70
Page 77
R egulatory c ompliance i nformation 3com wireless lan access point 8250 (model wl-450, incorporating wl-463 radio module) general the 3com wireless lan access point 8250 (3crwe825075a) must be installed and used in strict accordance with the manufacturer’s instructions as described in the user docu...
Page 78
Us manufacturer's fcc declaration of conformity 3com corporation 350 campus drive marlborough, ma 01752-3064, usa (508) 323-5000 date: 1 february 2005 declares that the product: brand name: 3com corporation model number: wl-450 equipment type: wireless lan access point complies with part 15 of the f...
Page 79
Eu compliance intended use: ieee 802.11b/g radio lan device note: to ensure product operation is in compliance with local regulations, select the country in which the product is installed. Refer to "setting the country code" in the chapter system configuration. This equipment may be operated in at b...
Page 80
German hiermit erklärt 3com corporation, dass sich dieser/diese/dieses managed accces point in Übereinstimmung mit den grundlegenden anforderungen und den anderen relevanten vorschriften der richtlinie 1999/5/eg befindet". (bmwi) hiermit erklärt 3com corporation die Übereinstimmung des gerätes rlan ...
Page 81
A copy of the signed declaration of conformity can be downloaded from the product support web page for the 3com wireless lan access point 8250 (3crwe825075a) at http://www.3com.Com. Also available at http://support.3com.Com/doc/ap8250_wl-463.Pdf eu - restrictions for use in the 2.4ghz band this devi...
Page 82
3com wireless lan access point 8750 (model wl-450, incorporating 802.11a radio module and wl-463 radio module) general the 3com wireless lan access point 8750 (3crwe875075a) must be installed and used in strict accordance with the manufacturer's instructions as described in the user documentation th...
Page 83
Us manufacturer's fcc declaration of conformity 3com corporation 350 campus drive marlborough, ma 01752-3064, usa (508) 323-5000 date: 1 february 2005 declares that the product: brand name: 3com corporation model number: wl-450 equipment type: wireless lan access point complies with part 15 of the f...
Page 84
Eu compliance intended use: ieee 802.11a/b/g radio lan device note: to ensure product operation is in compliance with local regulations, select the country in which the product is installed. Refer to "setting the country code" in the chapter system configuration. This equipment may be operated in at...
Page 85
German hiermit erklärt 3com corporation, dass sich dieser/diese/dieses managed accces point in Übereinstimmung mit den grundlegenden anforderungen und den anderen relevanten vorschriften der richtlinie 1999/5/eg befindet". (bmwi) hiermit erklärt 3com corporation die Übereinstimmung des gerätes rlan ...
Page 86
A copy of the signed declaration of conformity can be downloaded from the product support web page for the 3com wireless lan access point 8750 (3crwe875075a) at http://www.3com.Com. Also available at http://support.3com.Com/doc/ap8750_wl-450.Pdf eu - restrictions for use in the 2.4ghz band this devi...
Page 87
3com 802.11a/g bridge ap 8850 (model wl-450, incorporating wl-464 radio module and wl-463 radio module) general statements the 3com 802.11a/g bridge ap 8850 (3crwe885075a) must be installed and used in strict accordance with the manufacturer's instructions as described in the user documentation that...
Page 88
Us manufacturer's fcc declaration of conformity 3com corporation 350 campus drive marlborough, ma 01752-3064, usa (508) 323-5000 date: february 1, 2005 declares that the product: brand name: 3com corporation model number: wl-450 equipment type: wireless lan access point complies with part 15 of the ...
Page 89
Brazil rf compliance este equipamento opera em car·ter secund·rio, isto È, nao tem direito a proteÁao contra interferencia prejudicial, mesmo de estaÁoes do mesmo tipo, e nao causar interferencia a sistema operando em car·ter prim·rio..
Page 91: Ndex
I ndex numbers 3com 3cdaemon server tool 27 3com network supervisor 27 3com passphrase encryption 61 3com wireless infrastructure device manager 27, 29 802.11a, turbo mode 56 802.1x reauthentication refresh rate 38 802.1x setup 37 a access point installation 15 ip address, troubleshooting 68 resetti...
Page 92
Ethernet cable 15 ethernet type filter 42 event logs 53 f filter control 40 firmware upgrade 48 flat surface installation 24 fragment length 57 g gateway, default 33 glossary of wireless networking terms 9 i identification 33 ieee 802.3af power-over-ethernet 20 infrastructure configuration 7 install...
Page 93
Roaming 8 rts threshold 57 s safety information 16 secure web server connection 34 session key refresh rate 38 setting the time and date 52, 53 settings tcp/ip 33 settings, radio 56 setup wizard 32 setup, 802.1x 37 shared key 58 shared key encryption 60 simple network management protocol (snmp) 43 s...