3Com 3CRWEASYA73 Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 293 Seiten
- 3.71 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
-
Network Router
3Com 10014303
63 Seiten 1.27 mb -
Network Router
3Com WX1200 3CRWX120695A
66 Seiten 1.36 mb -
Network Router
3Com External ISDN Modem
6 Seiten 0.13 mb -
Network Router
3Com 5000
72 Seiten 0.69 mb -
Network Router
3Com WL-560
70 Seiten 1.33 mb -
Network Router
3Com VG Series
5 Seiten 0.47 mb -
Network Router
3Com H3C VG 10-11
31 Seiten 2.45 mb -
Network Router
3Com 3CRWE53172
2 Seiten 0.97 mb
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung 3Com 3CRWEASYA73 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von 3Com 3CRWEASYA73, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung 3Com 3CRWEASYA73 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung 3Com 3CRWEASYA73. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung 3Com 3CRWEASYA73 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts 3Com 3CRWEASYA73
- Den Namen des Produzenten und das Produktionsjahr des Geräts 3Com 3CRWEASYA73
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts 3Com 3CRWEASYA73
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von 3Com 3CRWEASYA73 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von 3Com 3CRWEASYA73 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service 3Com finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von 3Com 3CRWEASYA73 zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts 3Com 3CRWEASYA73, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von 3Com 3CRWEASYA73 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
www .3Com.c om User Gu ide 3Com Outdoor 11a Buildi ng to Building Bridg e and 11bg Ac cess Point 3CRWEASY A73 / WL- 575 Part Numbe r 10015232 Rev . AA Published August, 2006[...]
-
Seite 2
3Com Corporation 350 Camp us Drive Marlbor ough, MA 01752-30 64 Copyright © 2006 3Com Corp oration. A ll rights reserved. No pa rt of this docum entation may be reproduced in any form o r by any means or used to make any derivative work (such as translation, tra nsformation, or adaptation) w ithout written permission from 3Com Corpora tion. 3Com C[...]
-
Seite 3
iii Contents 1 Introduction Product Features 1-1 Radio C haracteri stics 1-2 APPROVED CHANNELS 1-2 Pack age C hec kli st 1-3 Ha rd w a re D es c r i pt i o n 1-4 Integra ted High- Gain Ante nna 1- 4 Exte rna l An tenn a Op tions 1-4 Eth ern et P ort 1-5 Power Inje ctor M odule 1-5 Grounding Po int 1-6 W ater Tight T est Point 1-6 W all - and P ole-[...]
-
Seite 4
iv Using t he Pole -Moun ting Brack et 3- 2 Using t he Wall-Mounting Bracke t 3-4 Connect Exter nal Antenn as 3-6 Connect Cables to the Unit 3-7 Connect the Po wer In jector 3-7 Check the LED Indicators 3-9 Align A nten nas 3-10 4 Initial Configuration Netw orks with a DHC P Se rver 4-1 Network s without a DHCP Se rver 4-1 Usin g the 3C om Ins tall[...]
-
Seite 5
v RSSI 5-35 Radio Int erface 5-37 802.11a I nterface 5-38 Config uring Radio S ettings 5-38 Config uring Commo n Radio S ettings 5-39 802.11b/g I nterfa ce 5-43 Config uring W i- Fi Mu ltimed ia 5-45 Secu ri ty 5-50 Wired Equi valent Priva cy (WEP) 5-53 Wi-Fi Prot ected Access (WP A) 5-57 6 Command Line Interface Usin g the Co mmand Lin e Inte rfac[...]
-
Seite 6
vi Straigh t-Through W i ring B-3 Crosso ve r W iri ng B-4 8-Pin DI N Conn ector Pin out B- 5 8-Pin DI N to RJ-4 5 Cable W iring B-6 Glossary Index[...]
-
Seite 7
vii T ERMINO LOGY Access Point —A n internet wor king device that seaml essly conne cts wir ed and wireles s networks. Ad Hoc —An ad hoc wir eless LAN is a group of compute rs, each with wir eless ada pters, conn ected as an independent wireles s LAN. Back bone —The core infrastructu re of a network. The portion of th e network th at transpor[...]
-
Seite 8
viii RT S Thresho ld —T ransmitte rs contending f or the medium may not be awar e of each other (the y ar e “hidden nodes”) . The RTS/CT S mecha nism can solve th is problem . If the packet size is smalle r than the pr eset RTS Thr eshold size, t he RTS/CTS mechanis m will not be enabl ed. VA P — Virtu al Access Point. An access poin t radi[...]
-
Seite 9
1-1 1 I NTR ODUCTIO N The 3Com Out door 11a Bui lding to Build ing Bridge and 11bg A ccess Point syst em provides point-to -poin t or p oint-to- mul tipoint bridge link s betw een remote Ether ne t LA Ns, a nd wi reless ac cess point serv ices fo r clie nts in the lo cal L AN a rea. It incl udes an integrat ed high-ga in antenna for the 802.11a rad[...]
-
Seite 10
1-2 Pr ovides access poi nt services for the 5 GHz and 2. 4 GHz radios using various external an t enna options Maxim um data rate up to 108 Mb ps on the 802.11 a (5 GHz) radio Outdoor weatherpro of design IEEE 8 02.11a and 802.11b/ g complian t Local net work connecti on via 10/100 Mbps Ethe r net port Power ed thro ugh its[...]
-
Seite 11
1-3 P ACKAGE C HECKLIST The 3Com O utdoor 11a Bui lding to Build ing Bridge an d 11bg Access Poi nt package in cludes: One 3Co m Outdoo r 11a Buildi ng to Building Br idge and 11bg Access Po int Mounti ng bracket and har dware One W eatherp roof Cat egory 5 network cabl e One W eatherp roof C onsole to RS232 cabl e PoE power inj[...]
-
Seite 12
1-4 H AR DWAR E D ES CRIP TION I NTEGRATED H IGH -G AIN A NTENNA The WL-5 75 bridge includ es an integra t ed high- gain (17 dBi ) flat -panel antenna for 5 GH z ope ration. W ith this antenna , in a direct li ne-of-si ght lin k usin g a point -to-point dep loyment, the rang e can be as lo ng as 15 km (9.3 miles) , with a 6 Mbps data rate . E XTERN[...]
-
Seite 13
1-5 Exte r nal an tennas conne ct to th e N-type R F connector s on th e wireles s bridg e using the optional RF coaxial cables . Using the exte rna l antenn as in a poin t-to-mul tipoin t depl oyment , the m aximu m range fo r brid ge li nks are: 802.11 b,g: 2.2 km 802.11 a: 3 km E THERNET P ORT The wir eless brid ge has one 10BAS E-T/100B[...]
-
Seite 14
1-6 networ k interco nnection device s such as a switch or r outer that provide MDI- X ports . However , when connecti ng the access poi nt to a workstatio n or other device t hat does not have MD I-X ports, you must use cro ssover twi sted-pair cable. The wir eless brid ge does not have a power switch. It is power ed on when its Ethernet port is c[...]
-
Seite 15
1-7 W ALL - AN D P OLE -M OUNTI N G B RACKET K IT The wir eless bri dge includes a br acket kit tha t can be used to mo unt the bridge t o a wall, pole, radio ma st, or part of a tower structure. S YSTEM C ONFIGURATION At e ach location where a unit is installed, it must be connected t o th e local networ k using the power injector modu le. The fol[...]
-
Seite 16
1-8 The wir eless brid ge modes connect two or more wir ed networks, f or example networ ks in dif fere nt building s with no wir ed connect ions. Y ou will n eed a 3Com Outdoor 11a Buildin g to Building Br idge and 11bg A ccess Point unit on both sides of the connection. The wir eless brid ge can connect up to six r emote networ ks. When us ing br[...]
-
Seite 17
1-9 The foll owing f igure shows a p oint-to-m ultipo int “in-li ne” co nfigurati on with one bridg e set to “Master” an d using a dir ectional panel an tenna. 19° Beam Angle[...]
-
Seite 18
1-10[...]
-
Seite 19
2-1 2 B RIDGE L INK P LANNING The 3Com O utdoor 11a Bui lding to Build ing Bridge an d 11bg Access Poi nt suppor ts fixed p oint-to -point o r poin t-to-mu ltipoin t wireless link s. A sing le lin k between two point s can be used to conn ect a remote sit e to la rger core ne twork. Multi ple bridge lin ks can provi de a way to connect widesp read [...]
-
Seite 20
2-2 D ATA R ATES Using t he 5.0 GHz integr ated antenna, t wo WL-575 bri dges can operate ove r a range of u p to 15 .4 k m ( 9.6 mi les) or provide a hi gh-sp eed c onn ectio n of 54 Mb ps (108 Mbps in turbo mode ). However , the maximum data rate for a link decr eases as the operat i ng range in creases. A 1 5.4 km link can only op erate up to 6 [...]
-
Seite 21
2-3 R ADIO P ATH P LAN N ING Alth ough the wir eless bridge us es IEEE 802.11 a radio technol ogy , which is capable of reduc ing the eff ect of multi path signals du e to obstructi ons, the wir eless brid ge link requi res a “radio line -of-sigh t” between the two ant ennas for optimum perform ance. The concept of radio line -of-sight inv olve[...]
-
Seite 22
2-4 • Be sur e ther e is enough clear ance from bu ildings and t hat no building constr uction may e ventually block the p ath. • Check the t opology of the la nd between the ante nnas using topo graphical maps, aer ial photos, or even sat ellite image da ta (softwar e packages ar e availa ble that may inclu de this info rmat ion for you r area[...]
-
Seite 23
2-5 Note tha t to av oid an y obstructi on al ong th e path, the he ight of the object mu st be adde d to the minimum cle arance req uired for a clear radio line -of-sight. Consid er the follow ing sim ple e xampl e, il lustrated in th e figu re below . A wir eless bridg e link is depl oyed to connect bui lding A to a buil ding B, which is locate d[...]
-
Seite 24
2-6 A NTENNA P OSITION AND O RIENTA TION Once the required anten na height has be en determ ined, other factors affecting the pr ecise pos ition of the wir eless bri dge must be conside red: • Be sur e ther e are no othe r radio antenn as within 2 m (6 ft) of the wir eless brid ge • Place the wi reless br idge away fr om power and tel ephone li[...]
-
Seite 25
2-7 R ADIO I NTER FEREN CE The avoida nce of radio inte rferen ce is an importan t part of wir eless link plann ing. Interf erence is caused by othe r radio tra nsmissions usi ng the same or an adjacent channel freque ncy . Y ou should first scan you r pr oposed site using a spectru m analyzer to determ ine if there are a ny strong radio signals us[...]
-
Seite 26
2-8 • Snow and Ice — Fall ing snow , like rain, has no si gnificant ef fect on th e radio signal. However , a build up of snow or ice on antennas may cause the link to fail. In t his case, the sno w or ice has to b e cleared from the an tenna s to restore opera tion of th e link. E THERNET C ABLIN G When a suitab le antenna locat ion has been d[...]
-
Seite 27
3-1 3 H AR DWAR E I NSTALLATION Befor e moun ting ant ennas to set up you r wirel ess bri dge links, be sur e you ha ve select ed approp riate locati ons for each ant enna. Foll ow the guidance an d inform ation in Chapter 2, “W i reless Link Plannin g.” Also, before mount ing units in their intend ed locati ons, you shoul d first perform init [...]
-
Seite 28
3-2 T ESTING B AS IC L INK O PERATION Set up the un its over a very short ran ge (15 to 25 feet ), either outd oors or indoo rs. Conn ect the u nits as i ndicate d in th is chapt er and be sure to perform a ll the bas ic configurati on tasks outl ined in Chapter 4, “Init ial Configur ation.” When you ar e satisf ied that the li nks are o perati[...]
-
Seite 29
3-3 2 Fit the edg es of the V -shaped part in t o the slots i n the rectang ular plate, and tight en the nuts. 3 Attach the adjust able recta ngular plate to the b r idge wit h supplied scr ews. Fit the edges of the V-sha ped part into the slots Attach the adjustable rectangular plate to the bridge[...]
-
Seite 30
3-4 4 Attach the bridge with brack et to the plate already fixed to the p ole. 5 Use the in cluded nuts t o secure the wir eles s bridge to the p ole bracket. No te that the wir eless bridg e tilt an gle may need to be adjust ed during the antenn a alignment pr ocess. Be sur e to take account of the anten na polarizati on directi on; all antennas i[...]
-
Seite 31
3-5 1 Always attach th e bracket to a wall wi th flat sid e flush a gainst th e wall (see followi ng figu re). 2 Position the brac ket in th e inten ded l ocation and mark th e positio n of the four mounting screw holes. 3 Drill four ho les in the w all that m atch the screws an d wall plu gs inclu ded in the bracke t kit, then secur e the bracket [...]
-
Seite 32
3-6 C ONNECT E XTER NAL A NTENNAS The bri dge’ s prima ry anten na is it’ s built-i n internal ante nna. For some applica tions when de ploying an WL-57 5 unit for a bridg e link or access point operati on, you may need to moun t external antenna s and connect them to the bridg e. T ypicall y , a bridge li nk requ ires a 5. 0 GHz antenna, an d [...]
-
Seite 33
3-7 C ONNECT C ABLES TO THE U NIT 1 Attach the Ether net cabl e to the Ethernet port on the wir eless bridg e. 2 For ext ra prot ection against rain or moist ure, a pply weatherpr oofing tap e (not includ ed) around the Ethernet con nector . 3 Be sur e to gr ound the unit with an app ropria te grou nding wire ( not included) by a ttaching it to the[...]
-
Seite 34
3-8 1 Conne ct the E ther net cable from the wireless br idge to the RJ-45 p ort labe led “Outp ut” on t he po wer injec tor . 2 Connec t a strai ght-through un shield ed twiste d-pair (UTP) cable f rom a local LAN swit ch to the RJ-45 port labeled “Input ” on the power inje ctor . Use Categ ory 5e or better UTP cab le for 10/100B ASE-TX co[...]
-
Seite 35
3-9 C HECK TH E LED I NDICA TORS The bri dge’ s 11a and 11b/ g LEDs operate in t wo display modes, whi ch are confi gurable thr ough the soft ware. T he default AP mod e indicates data traff ic rates. The RSSI m ode indicates t he rece ived signal p ower and is for use when aligni ng antenn as in a bridge li nk. When th e bridge is conn ected to [...]
-
Seite 36
3-10 A LIGN A NTENNAS After wireless b ridge units ha ve been moun ted, co nnected , and th eir radio s are operati ng, bridge link anten nas must be accurat ely aligned to ensur e optimum performa nce. Thi s align ment process i s particu larly im portan t for lo ng-rang e point -to-point links. In a po int-to- multipoin t confi guration the root [...]
-
Seite 37
3-11 When you m ove the an tenna durin g ali gnment, the rad io sign al from the remote antenn a can be s een to hav e a str ong c entral main lobe and smaller side lob es. The object of the align ment process is to set the antenna so th at it is r eceiving the strongest signal from the ce ntral ma in lobe . T o align the antenn as in the link, mon[...]
-
Seite 38
3-12 1 Pan the antenna hori zontally b ack and forth whi le checking t he LEDs. If u sing the pole -mount ing bra cket w ith the u nit, you must rotate the moun ting bracket around the po le. Other external antenn a brackets may r equire a dif ferent horizontal adjustment. 2 Find the poi nt where the sig nal is strongest ( all LEDs on) and secur e [...]
-
Seite 39
4-1 4 I NITI AL C ONFIGURATION The 3Com Out door 11a Buil ding to Buildi ng Bridge and 11 bg Access Point of fers a variet y of management opt ions, incl uding a web-based interfac e. The init ial configurat ion steps can be mad e through the web br owser inter face. The acce ss point r equests an IP addr ess via D HCP by defaul t. If no response i[...]
-
Seite 40
4-2 C HAPTER 4: I NITIAL C ONFIGURAT ION 1 Connect a comp uter dir ectly to the Access Point using the suppli ed standard Categor y 5 UTP Ethernet cable. 2 Enter the Acc ess Point’ s defa ult IP addr ess (169.2 54.2.1) int o the computer’ s web browser . If the Co nfig urati on Ma nage ment S yste m sta rts, th e Acc ess Point is usin g the fac[...]
-
Seite 41
4-3 Figure 1 W ireles s Interf ace Device M anager Click on the Pr operties button to se e the followi ng screen Figure 2 W ireles s Interf ace Device M anager - Propertie s[...]
-
Seite 42
4-4 C HAPTER 4: I NITIAL C ONFIGURAT ION Directly connect to th e de vice through it s Ether n et port or consol e port . Follow t he instructi ons below to logi n into the AP Conf iguration sc reen: 1 Load a we b browser a nd enter < http://1 69.25 4.2.1>. 2 The Logon scr een appears. T o log on to the Web interface : 1 User name , type admi[...]
-
Seite 43
4-5 Using the Setup Wizard Loggin g In – Enter the username “admin,” an d passwor d “passwor d,” then click L OG IN. For info rmat ion on conf iguri ng a use r nam e an d pass word, s ee pa ge 23 . Figure 3 Login Page NOTE: If you chan ged the d efault I P addres s via th e comm and line i nterface above , use that a ddress instead o f th[...]
-
Seite 44
4-6 C HAPTER 4: I NITIAL C ONFIGURAT ION The hom e page dis plays th e Main Menu. Figure 4 Home Page Launch ing the Setu p Wizar d – T o p erfo rm ini tial conf igurat ion, cli ck Se tup Wizard on th e home page, se lect the V AP you wish to co nfigur e, then click on the [Next] bu tton to start the process. Figure 5 Setup Wizar d - St art 1 Serv[...]
-
Seite 45
4-7 Using the Setup Wizard Figure 6 Setup Wizar d - St ep 1 2 Radio Channel – Y ou must ena ble radio commu nications for 802 .11a and 802.11 b/g, and set the op erating radi o channel. Figure 7 Setup Wizar d - St ep 2 NOTE: Availabl e channel setting s are limited by lo cal regu latio ns, whi ch deter mine the chann els th at are av ailab le. Th[...]
-
Seite 46
4-8 C HAPTER 4: I NITIAL C ONFIGURAT ION 802.11 a T urbo Mode – If you sel ect Enable, t he access poin t will ope rate in turb o mode with a data ra te of u p to 1 08 Mbps. Norm al mode sup port 13 channels, T urbo mod e supports onl y 5 chan nels. (D efau lt: D isabl ed) 802.11 a Radio Channel – Set the operatin g radio channel numb er . [...]
-
Seite 47
4-9 Using the Setup Wizard 4S e c u r i t y – Set the Authentica tion T ype to “O pen” to allow op en access withou t authentica tion, or “Shar ed” to r equir e authentic ation based on a shar ed key . Enab le encryption to encrypt da t a trans missions. T o configure other s ecu rity fea tures us e the Adva nced Setup me nu as desc ribed[...]
-
Seite 48
4-10 C HAPTER 4: I NITIAL C ONFIGURAT ION 5 Click Finish. 6 Click the OK butto n to com plete th e wizard. Figure 10 Setup Wizar d - Co mpleted NOTE: All wireles s devi ces mus t be co nfigured with th e same Ke y ID values to communi cate with the acces s point.[...]
-
Seite 49
5-1 5 S YSTEM C ONFI GURATION Befor e continui ng with advance d configurat ion, first co mplete the init ial configur ation steps descri bed in C hapte r 4 to set u p an IP address for th e access point. The access poi nt can be managed by any comput er using a web brows er (suc h as Internet Explor er 5.0 or abo ve). Enter the c onfigured IP addr[...]
-
Seite 50
5-2 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 11 Advanced Setup The inform ation in thi s chapte r is orga nized to reflect the structure of th e web scr eens for easy r eference. However , it is recommended that you configur e a user name a nd passwo rd as the first ste p unde r Admi nistratio n to control managemen t access to this device ( pa g[...]
-
Seite 51
5-3 Advan ced Se tup SNMP Configures SNMP set tings 5-19 Administration Configures user na me and passw ord for managem ent access; upgrades so ftw are fr om local file, F TP or TF TP server; res et s configuration settings to factory defaults; and resets the access point 5-23 WDS/STP S ettings Co nfigures WDS bridging and Spanning T ree Protocol f[...]
-
Seite 52
5-4 C HAPTER 5: S YSTEM C ONFIGURA TION S YSTEM I DE NTIFICATIO N The system na me for the access poin t can be l eft at its d efault settin g. However , modif ying thi s para met er can h elp yo u to more easi ly di stingu ish di fferent devi ces in yo ur netw ork. Figure 12 System Ide ntificat ion System Name – An ali as for t he access point, [...]
-
Seite 53
5-5 TCP / IP Settings TCP / IP S ETTINGS Configur ing the access point with an I P address expand s your abili ty to manage the acces s point. A nu mber of access poi nt featur es depend on IP ad dres sing to operate. By default, th e access point will be automa tically conf igured with IP setting s from a Dynamic H ost Config uration Pr otocol (DH[...]
-
Seite 54
5-6 C HAPTER 5: S YSTEM C ONFIGURA TION DHCP Cli ent (Enable) – Select this option to obtai n the IP settings fo r the access point fr om a DHCP (Dynami c Host Conf iguration Pro tocol) serve r . The IP ad dress, subnet mask, defaul t gateway , and D omain Name S erver (DN S) addr ess are dynamical ly assigned to the acces s point by the netw ork[...]
-
Seite 55
5-7 TCP / IP Settings Figure 14 Sm art Monitor By enabl ing Smart Monitor ( known as Link In tegrity i n the CLI) and se tting a target IP addr ess, the AP wil l periodicall y (set by the ping in terval) check to see i f the tar get addr ess res ponds to pings . If it fail s to res pond to a ping afte r the confi gured number of retr ies, it wil l [...]
-
Seite 56
5-8 C HAPTER 5: S YSTEM C ONFIGURA TION RADIUS Remote Authentica tion Dial-i n User Se rvice (RADI US) is an au thenticati on protocol that uses sof tware running on a central serve r to control access to RADIUS -aware devices on the network. An au thenticati on server contai ns a database of use r cr edentials for each user that requir es access t[...]
-
Seite 57
5-9 RADIUS Figure 15 RADIUS Authenticat ion Primary Radius Server Setup – Config ure the fo llowing setti ngs to use RADIU S authenticatio n on the access poin t. IP Addr ess: Sp ecifies the IP add ress or ho st name of the RADI US server . Port: Th e UDP port nu mber used by the RADIUS ser ver for authentica tion mess ages. (Range: 1024-[...]
-
Seite 58
5-10 C HAPTER 5: S YSTEM C ONFIGURA TION Secondary Rad ius Server Setup – Confi gure a sec ondary RADIU S server to pr ovide a backup in ca se the prim ary server fails. The acce ss point uses the secondary server if th e primary server fails or b eco mes inaccessible. Onc e the access point switches ov er to the secondary server , it pe riodical[...]
-
Seite 59
5-11 Authenti c ation The access poin t can also operate in a 802.1X supplic ant mode. This enables t he access point itself to be authent icated with a RADIU S server usin g a configured MD5 use r name and pas sword. This prev ents ro gue access points from gain ing access to the networ k. T ake note of the foll owing points be fore configur ing M[...]
-
Seite 60
5-12 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 16 Authe nticat ion MAC Authe ntication – Y ou can co nfigur e a list of t he MAC addre sses for wi reless clients t hat are authori zed to access the networ k. This provi des a basic level of authenticat ion for wirele ss clients attempting to ga in access to the netwo rk. A datab ase of auth oriz [...]
-
Seite 61
5-13 Authenti c ation Authe ntication s ection of thi s web page to set up the local dat abase, and confi gure all access points in the wireless net work service area wit h the same MAC a ddress dat abase. Radius MA C : The MAC add ress of the associating stat ion is sent to a conf igured RADIUS server for a uthenticatio n. When using a R ADIUS[...]
-
Seite 62
5-14 C HAPTER 5: S YSTEM C ONFIGURA TION Session Ke y Refresh Rate: The i nterval a t which the access point re freshes unicast session keys for associated clients. (Range: 0-1440 minutes; Default: 0 means disabled ) 802.1X Reauthenti cation Refr esh Rate: Th e time period afte r which a connect ed client must be re-aut henticated . During [...]
-
Seite 63
5-15 Filter C ontrol F ILTER C ONTROL The access poin t can emplo y network t raffic fra me filtering to cont rol access to network r esour ces and increase security . Y ou can pr event communicat ions between wir eless clients and preven t access point man agement from wireless clients. Also, you can bl ock spec ific Ethe rnet tra ffic from b eing[...]
-
Seite 64
5-16 C HAPTER 5: S YSTEM C ONFIGURA TION Pr event Intra V AP clie nt communicat ion: When enab led, cli ents associated with a spec ific V AP inte rface cannot establish wireless co mmunication s with each othe r . Clients can communicate wit h clients associ ated to other V AP interfaces. Pr event Inter an d Intra V AP client communi catio[...]
-
Seite 65
5-17 Filter C ontrol VLAN The acces s point can emplo y VLAN tagging s upport to contr ol access t o network r e sources and incr ease security . VLAN s separate traffic passing between the access point , associated client s, and the wi red network. The re can be a VLAN assigned t o each associated client , a defaul t VLAN for each V AP (Virtual Ac[...]
-
Seite 66
5-18 C HAPTER 5: S YSTEM C ONFIGURA TION A VLAN ID ( 1-4094) can be ass igned to a client after successful IEEE 802.1X authen tication. The cl ient VLAN IDs must be configur ed on the RADI US server for each use r authorized to ac cess the network . If a client doe s not have a configur ed VLAN ID o n the RA DIUS server , the ac cess point a ssigns[...]
-
Seite 67
5-19 SNMP SNMP Simple N etwork Management Protoco l (SNMP) is a communi cation prot ocol desi gned spec ifical ly f or man aging de vice s on a netw ork . Equi pme nt co mmon ly manage d with SNMP includ es switches, r outers and host comp uters. SNMP is typica lly used to configur e these device s for pr oper operation in a network environment, a [...]
-
Seite 68
5-20 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 19 SNMP SNMP – Enables or di sables SNMP management acce ss and also enables the access point t o send SNMP traps ( notificat ions). (D efault: D isable) Location – A text string that describe s the system location . (Maxim um lengt h: 255 characters ) Conta ct – A text string that describe s th[...]
-
Seite 69
5-21 SNMP Trap Des tinat ion Com mun ity N ame – The communi ty string sent w ith t he notifi cation operat ion. (Maxim um length: 23 char acters, case s ensitive; Default: pu blic ) Engine I D – Sets the engine ident ifier for the SNMPv 3 agent that r esides on the access point. This engi ne protec ts against message r eplay , delay , and [...]
-
Seite 70
5-22 C HAPTER 5: S YSTEM C ONFIGURA TION dot1xMacAddrAuthSuccess - A client station has successfully authenticated its MAC addr ess with th e RADIUS ser ver. dot1xM acAddrAuthF ail - A client s tation has fai led MAC addres s authentication with the R ADIUS serve r. dot1xA uthNotIni tiated - A clie nt station did not i nitiate 80 2.1X a[...]
-
Seite 71
5-23 Administratio n Auth T ype – The authenti cation type used for the SNM P user; either MD5 or none. Wh en MD5 is selected, en ter a passwor d in the corre sponding Passphrase field. Priv T ype – The data encrypti on type use d for the S N MP us er; either DES or none. When DES is selected, enter a key i n t he corr esponding Pa ssphrase fie[...]
-
Seite 72
5-24 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 22 Adm inistration Username – The name of the user . The default name is “admi n.” (Length: 3-16 characters , case sensitive) New Password – The pass word fo r management acces s. (Length: 3-16 characte rs, case sensit ive) Confi rm New Password – Enter the password again for ve rification. [...]
-
Seite 73
5-25 Administratio n T eln et S erver Sta tus: Ena ble s or d isabl es the T eln et se rver . (Def ault : En able d) SSH Server Status : Enables o r disables t he SSH serv er . (De fault: En abled) SSH Server Port : Sets the UDP port for the SSH ser ver . (Rang e: 1-65535; Defaul t: 22) U PGRADING F IRMW ARE Y ou can upgr ade new acce s[...]
-
Seite 74
5-26 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 24 Firmware Upgrade Before upgradin g new software, verify that the access p oint is con nected to th e networ k and has been c onfigur ed with a comp atible IP address a nd subnet mas k. If you need to download f rom an F TP or TF TP server , take the fo llowing addi tional steps: Obtain the IP a[...]
-
Seite 75
5-27 Administratio n If up grading from an FTP server, be sure that you have an account configure d on the server with a user name and password . If VLAN s are configur ed on the access po int, determin e the VLAN ID wit h which the FTP or TFTP server is associated , and then config ure the management station, o r the net work po rt to whi [...]
-
Seite 76
5-28 C HAPTER 5: S YSTEM C ONFIGURA TION Restore Factory Settings – Click th e Restore b utton in t he use r interface to reset the conf iguration setti ngs for the ac cess point to the f actory defaul ts and re boot the system. Note that all use r configured info rmation wil l be lost. Y ou will have to r e-enter the defaul t user name (admin) t[...]
-
Seite 77
5-29 WDS and Spanning Tr ee Settings Figure 25 WDS and Spanning T ree Settings WDS Br idge – Up to six WD S bridge or r epeater lin ks (MAC addr esses) per radio interf ace can be specif ied for each uni t in the wirel ess bridge network. One unit only must be co nfig ured as the “root bri dge ” in th e wirele ss n etwor k. T he root bridg e [...]
-
Seite 78
5-30 C HAPTER 5: S YSTEM C ONFIGURA TION • Root Bridge: Operates as the root bridg e in the wirel ess bridge networ k. Up to six ”Chi ld” links are a vai lable to ot her b ridge s in the netwo rk. Mast er/Slave Mode – Selects b etween Master a nd Slave mo de. A singl e master enables up to five sla ve links, wher eas a slave will have only [...]
-
Seite 79
5-31 WDS and Spanning Tr ee Settings Figure 27 Spanning T ree Pr otocol Spannin g T ree Protoc ol – STP uses a distributed algor ithm to select a bridging device (STP-complian t switch, br idge or r outer) t hat serves as t he roo t of the spann ing tree ne twork. It selec ts a root por t on each bridgi ng device (except for the root device) whic[...]
-
Seite 80
5-32 C HAPTER 5: S YSTEM C ONFIGURA TION • Range: 0- 65535 • Defaul t: 32768 Brid ge Ma x Age – The maximum time (in seconds) a devi ce can wait without receivi ng a confi guration mess age before a ttempti ng to reconf igure. All device port s (except for designa ted port s) should receive c onfigura t ion me ssages at regular interval s[...]
-
Seite 81
5-33 System Log the Span ning Tree Protocol is detecting net work loops. Where mor e than one port is assig ned the h ighest prio rity, the port with lo west nume ric identifie r will be ena bled . • Defau lt: 128 • Range: 0- 240, in steps of 16 S YSTEM L OG The access p oint can be conf igured to send event and error messag es to a System Log [...]
-
Seite 82
5-34 C HAPTER 5: S YSTEM C ONFIGURA TION Logging Host – Enabl es the sendin g of log message s to a Sys log server host . Up to four Syslo g servers are supported on t he access point. (Def ault: Disable) Server Name / IP – Spe cifies a Syslog s erver name or IP ad dress. (De fault: 0.0. 0.0) SNTP S er ver – Enabl e s the sending of log messa[...]
-
Seite 83
5-35 RSSI The access po int acts as an SNTP clie nt, periodical ly sending time synchr onizati on requests to spe cific ti me servers. Y o u can configure u p to two time s erver IP addr esses. The access point wil l attempt to poll each server in the co nfigured sequence. SNTP S er ver – Confi gures the acc ess point t o operate as an SNTP clie [...]
-
Seite 84
5-36 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 29 RSSI RSSI: Auto Refr esh – E nab les or di sa bles the ref res hing of R SSI info rma tion . RSSI Val ue – The displa yed RSSI value for a selected por t. Port Nu mber – Selects a spe cific WDS port for which to di splay the RSSI ou t put value. Po rts 1-6 are avai lable for a Mas[...]
-
Seite 85
5-37 Radio In te rface LED Statu s: Mode – Sel ect s AP m ode or Bri dge m ode. Bridge Port – A llows the user to select the bridg e port for the LE D display. (Def ault:1; Range : 1~6) Ther e are curr ently no equi valent CLI command s for the RSSI contr ols. R ADIO I NTERFACE The IEEE 802 .11a and 802. 11g interfac es include con f ig[...]
-
Seite 86
5-38 C HAPTER 5: S YSTEM C ONFIGURA TION 802.11 A I NTERFACE The IEEE 8 02.11a inter face operates withi n the 5 GHz band, at up to 54 Mbps in normal mode or up to 1 08 Mbps in T urbo mode. First configur e the radi o settings that ap pl y to the indi vidual V APs (Vi rtual Access Point) and t he common radio settin gs that a pply to the overall sy[...]
-
Seite 87
5-39 Radio In te rface Closed System – When enabled , the V AP interface does not i nclude its SSID in beacon me ssages. Nor does it respond to probe r equests fr om clients that do no t includ e a fixed S SID. (Defau lt: Disable) Maximum Associa tions – This comman d configures t he maximum number of clients t hat can be associated with th e a[...]
-
Seite 88
5-40 C HAPTER 5: S YSTEM C ONFIGURA TION Description – Adds a comment or des cription t o the wirel ess interfa ce. (Range: 1-80 char acters ) T urbo Mode – The normal 8 02.11a wir eless op eration mode provi des connecti ons up to 54 Mbps. T urbo Mode i s an enhance d mode (not r egulated in IEEE 802.1 1a) that pr ovides a high er data rate of[...]
-
Seite 89
5-41 Radio In te rface Radi o Channel – The radi o channel that the acce ss point uses to communica te w ith wirel ess clients. When multiple access po ints ar e deployed in the sam e area, set t he channel on neigh boring access points a t least fo ur chan nels apa rt to avo id interference with each other . For e xample, in the United States y [...]
-
Seite 90
5-42 C HAPTER 5: S YSTEM C ONFIGURA TION Maximum T ransmit Data Ra te – The ma ximum data rate at which the access poin t transmits u nicast packets on the wireless interfa ce. The maximum transm ission distance i s affected by th e data ra te. The lower t he data rate, the longer the tran smission dist ance. (Opti ons: 54, 48, 36, 24 Mbps; Defau[...]
-
Seite 91
5-43 Radio In te rface nego tiate the sen ding of a data frame. A fter r eceiving an RTS fram e, the station sends a C TS (cle ar to se nd) fra me to notify the sendin g statio n that it can start sendi ng data. If the RTS threshold i s set to 0, the access point always sends RTS signals. If set to 2347, t he access point nev er sends RTS signal s.[...]
-
Seite 92
5-44 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 32 Radio Settings B/G Client Acce ss M ode – Selects the operat ing mode for the 802 .11g wirel ess inter face. (De f aul t: 802.11b+g ) 802.11 b+g: Both 802. 11b and 802.11g clients can commu nicate with the access point (up to 54 Mbps ). 802.11 b only: Both 802. 11b and 802.11g cl ients ca[...]
-
Seite 93
5-45 Radio In te rface Super Mo de – The Ath eros pr o prietary S uper G pe rformance enhan cements ar e supported by the access po int. These enhance ments include burs ting, compr ession, fa st frames and dynami c turbo. Maximum thr oughput range s betwee n 40 to 60 Mb ps for conn ection s to A theros- comp atible clie nts. (Defaul t: Disabl ed[...]
-
Seite 94
5-46 C HAPTER 5: S YSTEM C ONFIGURA TION The access poin t implements QoS usi ng the W i-Fi Multimed ia (WMM) standar d. Using WMM , the access poi nt is able to pri oritize traf fic and opt imize perfor mance when multiple app lications compete f or wireless net work bandwi dth at the same ti me. WMM employs t echniques that ar e a subset of t he [...]
-
Seite 95
5-47 Radio In te rface resolution me chanism first selects data wi th the highes t priori ty to be gra nted a transmit o pportu nity . Then t he sam e colli sion resolutio n me chanism is us ed exter nally to d etermin e which device ha s access to the wireless medi um. For each A C queue, t he collision res olution mechan ism is dependen t on two [...]
-
Seite 96
5-48 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 34 WMM Conf iguration WMM – Sets the WMM operati onal mode on the access po int. When enabl ed, the parame ters for each AC queu e will be employed on the access point an d QoS capabil ities are adverti sed to WMM-enabled cli ents. (Default : Support) Disa ble: WMM is disabl ed. Support: W M[...]
-
Seite 97
5-49 Radio In te rface init ial wait time is a rando m value between zer o and the CWMin value. Specif y the CW Min value in th e range 0-15 m icroseconds. Note tha t the CW Min valu e must be e qual or less th an the CWMax value. logCWM ax (Maximum Cont ention Window) – The maximum upper li mit of the rando m bac koff wait tim e befo re wireless[...]
-
Seite 98
5-50 C HAPTER 5: S YSTEM C ONFIGURA TION S ECURITY The access poi nt is configur ed by default as an “open syst em,” which bro adcasts a beacon sign al including the con figure d SSID. W irel ess clients with an SSID setti ng of “any” can r ead the SSID fr om the beacon and auto matically set t heir SSID to all ow immediate connec tion to t[...]
-
Seite 99
5-51 Security The acces s point can sim ultaneously suppor t clients usin g various dif fer ent security mec hanisms. The config uration for these secur ity combination s ar e outlin ed in th e follow ing tab le. Note that MA C ad dress authentica tion can b e confi gured inde pendently to work with all security me chanisms and is in dicated separ [...]
-
Seite 100
5-52 C HAPTER 5: S YSTEM C ONFIGURA TION Dynamic WE P (802.1x) only Authentication: Open System Encryption: Enable 802.1x: Requir e d Set 802.1x key refresh and r e auth entication rates Local, RADIUS , or Dis abled Ye s c 802.1x WP A only Authentication: WP A Encryption: Enable WP A Configuration: Required Cipher Suite: TKIP 802.1x: Requir e d Set[...]
-
Seite 101
5-53 Security W IRED E QUI VALENT P RIVACY (W EP) WEP pr ovides a basic le vel of security , preven ting unauthori zed access to the network, an d encryptin g data tra nsmitted b etween wireless clients a nd the acce ss point. WE P uses static shar ed keys (fixed-le ngth hexadecimal or alphanumeric strings) t hat are manu ally distrib uted t o all [...]
-
Seite 102
5-54 C HAPTER 5: S YSTEM C ONFIGURA TION Note that al l clients shar e the same keys, which ar e used for user aut hentication and data encrypti on. Up to four keys can be speci fied. These four keys ar e used for all V AP in terfaces on t he same ra dio. T o set up WEP shar ed keys, clic k Radio Setti ngs under 802. 11a or 802.1 1b/g, then select [...]
-
Seite 103
5-55 Security Encryption – Ena ble or disa ble the access point to use data encrypt ion (WEP , TKIP , or AES). If this option is selected when using sta tic WEP keys, you must confi gure at least o ne key on the acces s point a nd all client s. (Def ault: Di sabled) Ciphe r Mo des – Selects an encrypti on method for the gl obal key used for mul[...]
-
Seite 104
5-56 C HAPTER 5: S YSTEM C ONFIGURA TION Hexadecimal : Enter keys as 10 hexadecim al di gits (0-9 an d A-F) for 64 bit k eys, 26 hex adecimal digit s for 128 bit keys, or 32 hex adecimal digit s for 152 bit keys (802.1 1a ra dio only). This is th e defau lt set ting. Alphanumer ic: Enter keys as 5 alph anumeric characters for 64 bit keys, 1[...]
-
Seite 105
5-57 Security Key Ty pe – Select the p referred met hod of ente r ing W EP encryption ke ys on the access poi nt and enter up to f our keys: • Hexadecim al: Ente r keys as 10 hexadeci mal digits ( 0-9 and A-F) for 64 bit keys, 26 hex adec imal digits for 128 bit k eys, or 32 h exad ecimal digi ts for 1 52 bit keys (802.11a rad io only). Thi[...]
-
Seite 106
5-58 C HAPTER 5: S YSTEM C ONFIGURA TION T empora l Key I ntegrit y Protocol (TKIP): WP A specifies TKIP as the data encrypti on method to r eplace WEP . TKIP avoid s the probl ems of WEP static keys by dynamic ally changing data encryption keys. Bas ically , TKIP starts with a master (tempor al) key for each user sessi on and then mathemati cally [...]
-
Seite 107
5-59 Security for WP A2. However , the comp utational in tensive ope rations of AES-CCMP r equires hardwar e suppor t on client devices. Ther efore to implement WP A2 in the ne twork, wir eless cl ients must be upgraded to WP A2-compl iant har dware. WP A 2 Mi xed-Mode : WP A2 defines a t ransitional mode of operati on for networks m oving from[...]
-
Seite 108
5-60 C HAPTER 5: S YSTEM C ONFIGURA TION Status Information The Status pa ge includes informa tion on the follow ing items: Access Point St at us The AP Statu s window display s basic system co nfiguration set tings, as well as the settings fo r the wireless i nterface. Figure 38 AP Status AP System Confi guration – T he AP System Configuration t[...]
-
Seite 109
5-61 Security HTTP Server : Shows if management acce ss via HTTP i s enabled . HTTP Serv er Port: Shows the TCP port use d by the HTTP interface . Version: Sho ws the software version nu mber. 802.1X : Shows if IEEE 80 2.1X access contro l for wireless clients is enab led. AP Wirel ess Configur ation – The AP Wir eless Config urat[...]
-
Seite 110
5-62 C HAPTER 5: S YSTEM C ONFIGURA TION syste m” and “s hare d key .” Ope n-sy stem authentication accep ts any clien t attempting to conn ect to th e access po int w ithout veri fying its identi ty. The shared- key appro ach uses W ired Equival ent Privacy (WEP) t o verify client identity b y distribu ting a share d key to stations befor e [...]
-
Seite 111
5-63 Security Access po int was set to “Ope n Authenti cation”, but a client sent an authenticat ion reques t frame with a “Shared ke y.” Access point wa s set to “S hared Key A uthentica tion,” but a client se nt an authenticat ion frame for “O pen System. ” WEP keys do not match: When the ac cess point uses “S hared [...]
-
Seite 112
5-64 C HAPTER 5: S YSTEM C ONFIGURA TION[...]
-
Seite 113
6-1 6 C OMMAND L INE I NTERFACE U SING TH E C OMMAND L INE I NTE R FACE A CCESSING THE CLI When accessin g the managem ent in terface fo r the over a direct conne ction to the con sole port, or via a T elnet conne ction, the acces s point can b e managed by entering comman d keywords an d para meters a t the prompt . Usin g the a ccess point’ s c[...]
-
Seite 114
6-2 C HAPTER 6: C OMMAND L INE I NTERFACE T elnet Connection T elnet ope rate s over the I P tran sport protoco l. In this environm ent, your managemen t station and any ne twork device you want to manage over the networ k must have a valid I P address . V alid IP ad dress es consi st of four number s, 0 to 255, separated by per iods. Each add ress[...]
-
Seite 115
6-3 Using th e Command Line Interface E NTERING C OMMANDS This s ectio n des cribes how to ent er CLI comm ands . Keywor ds and Arguments A CLI command i s a series of keywords an d arguments. Keywor ds identify a command, and argu ments specify co nfiguration pa rameters. For examp le, in the command “show interfaces et her net,” show and inte[...]
-
Seite 116
6-4 C HAPTER 6: C OMMAND L INE I NTERFACE Showing Commands If you ente r a “?” at the command pr ompt, the system wi ll display the fir st level of ke ywords for the c urre nt configur ation mode (Exec, Global Co nfiguration, or Interf ace). Y ou can also dis play a list of vali d keyword s for a spe cific command. For examp le, the command “[...]
-
Seite 117
6-5 Using th e Command Line Interface Negating the Effect of Commands For many con figuration comm ands you can enter th e prefix key word “ no ” to cancel t he effect of a command or r eset the config uration to the d efault value. For exa mple, the logging command will log system messages to a host server . T o disa ble loggi ng, s pec ify t [...]
-
Seite 118
6-6 C HAPTER 6: C OMMAND L INE I NTERFACE Configuration Commands Configu ration comma nds are used to modi fy access point s ettings. Thes e commands modify the runnin g configurat ion and are s aved in memory . The confi guration comm ands are orga nized into four di ffer ent modes: • Globa l Configurat ion (GC) - T hese commands modif y the sys[...]
-
Seite 119
6-7 Using th e Command Line Interface Ta b l e 8 Keystroke Commands C OMMAND G RO U P S The syst em commands can be br oken down into the funct ional group s shown below . Ta b l e 9 Command Groups Keystr oke Function Ctrl -A Shifts cursor to start of comma nd line. Ctrl -B Shifts cursor to the left one cha racter . Ctrl -C T erminates a task and d[...]
-
Seite 120
6-8 C HAPTER 6: C OMMAND L INE I NTERFACE The acces s mode sho wn in the following t ables is indicat ed by these abbr eviations: Exec ( Executive Mode) , GC (Global Conf igura tion ), IC-E (Interface -Ether net Co nfigura tion), IC-W (Inter face-Wireles s Configurat ion), and IC-W-V AP (Inte rfac e-W ireless V AP C on figur ation ). General Comman[...]
-
Seite 121
6-9 Using th e Command Line Interface Default Settin g None Comm and Mode Exec Exam ple Relate d Comm ands end (6- 9) end This co mmand returns to the pr evious config uration mode. Default Settin g None Comm and Mode Globa l Configura tion, Inter face Config uration Exam ple This example shows h ow to retu r n to the Configurat ion mode fr om the [...]
-
Seite 122
6-10 C HAPTER 6: C OMMAND L INE I NTERFACE exit This co mmand returns t o the Exec mode or exit s the configura tion pro gram. Default Settin g None Comm and Mode Any Exam ple This ex ample sho ws how to retur n to the Exec m ode from th e Interfa ce Conf igurati on mo de, and th en qu it th e CLI sessi on: ping This command sends ICMP e cho requ e[...]
-
Seite 123
6-11 Using th e Command Line Interface - Desti nation unreachab le - The gate way for this destin ation indicate s that the destin ation is unreach able. - Network or host unreachabl e - The gateway f ound no corres ponding entry in the rout e table. • Press <Esc> to stop pinging. Exam ple re s et This comm and restarts t he system o r rest[...]
-
Seite 124
6-12 C HAPTER 6: C OMMAND L INE I NTERFACE show history This command shows the cont ents of the command history bu ffer . Default Settin g None Comm and Mode Exec Comman d Usage • The hi story buffer s ize is fixed at 10 comm ands. • Use the u p or do wn arrow k eys to scroll th rough the comm ands in t he histor y buffer. Exam ple In thi s exa[...]
-
Seite 125
6-13 Using th e Command Line Interface System Management Co mmands These command s are used to conf igure the use r name, passwor d, system log s, br owser manage ment options, cl ock setting s, and a varie ty of other sys tem inform ation. Ta b l e 11 System Management Commands country This comm and configu res the access point’ s co untry code [...]
-
Seite 126
6-14 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax country < country_code > countr y_code - A two cha racter code that id entifies the country of operation. See the followin g table for a full list o f codes. Ta b l e 12 Country Codes Country Code Count ry Code Country Code Cou ntry Code Alba nia AL Dominican Republic DO Kuwait KW Rom ani a R[...]
-
Seite 127
6-15 Using th e Command Line Interface Default Settin g US - for un its sold in the Unite d States 99 (no co untry set) - for units so ld in o ther cou ntries Comm and Mode Exec Comman d Usage • If you purchased an acce ss point outsi de of the United States, the count ry code must be set befor e radio func tions are enab led. • The avai lable [...]
-
Seite 128
6-16 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g Outdoor 11a Buildi ng to Building Comm and Mode Globa l Configura tion Exam ple system name This command specifies or modifies the system name for this device . Use the no form to restore the de fault system nam e. Syn tax system name < name > no system name name - The na me of th is[...]
-
Seite 129
6-17 Using th e Command Line Interface Default Settin g admin Comm and Mode Globa l Configura tion Exam ple passwor d After initia lly logging onto the s ystem, you shoul d set the passwo rd. Remembe r to r ecord it in a safe pla ce. Use the no form to reset the de fault passwo rd. Syn tax pass word < pas sword > no pas sword passw ord - Pass[...]
-
Seite 130
6-18 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Interface Confi guration (Ether net) Comman d Usage • The acce ss point suppor ts Secure Shell ver sion 2.0 only. • After boot u p, the SSH server ne eds abou t two minute s to generate host encrypti on keys. The SSH server is disabled while the keys ar e being genera ted. T he show syste[...]
-
Seite 131
6-19 Using th e Command Line Interface Comm and Mode Interface Confi guration (Ether net) Exam ple ip http p ort This comman d specifie s the TCP port number used by the web browser interface. Use the no fo rm to use the d efault p ort. Syn tax ip http po rt < port- number > no ip http port port-num ber - T he TCP port to be used by the brows[...]
-
Seite 132
6-20 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Globa l Configura tion Exam ple Relate d Comm ands ip http port (6- 19) ip https po rt Use this command to speci fy the UDP port number use d for HTTPS/SSL connection to t he access po int’ s Web interfa ce. Use the no form to restore the default po rt. Syn tax ip https po rt < port_ num[...]
-
Seite 133
6-21 Using th e Command Line Interface Exam ple ip https server Use this command to enable the secure hypertext transfer protoco l (HTTPS) over the Se cure So cket La yer (S SL), providing secure ac cess (i .e., an en crypte d conne ction) to the access point’ s Web interfa ce. Use t he no form to disable this function . Syn tax [ no ] ip https s[...]
-
Seite 134
6-22 C HAPTER 6: C OMMAND L INE I NTERFACE w eb -re d i re ct Use this command to en able we b-based au thenti cation o f client s. Use th e no form to d isable this fun ction. Syn tax [ no ] web- redirect Default Settin g Disabled Comm and Mode Globa l Configura tion Comman d Usage • The web redirect feature i s use d to sup port bi lling for a [...]
-
Seite 135
6-23 Using th e Command Line Interface APmgmtIP This command specifies the client IP addr esses that are allowed management access to the access poin t throu gh various pr otocols . Syn tax APmgmtIP < mul tiple IP_addr ess subnet_ mask | single IP_address | any > • multiple - Adds IP add resses within a specif iable range to the SN MP, web [...]
-
Seite 136
6-24 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple This exampl e restricts manag ement access to the indicat ed addresses. APmgmtUI This co mmand enables and di sables manageme nt access to the access point thr ough SNMP , T elnet and web i nterfaces. Syn tax APmgmtUI < [ SNMP | Te l n e t | Web ] enable | disable > • SNMP - Spe cifi es SN[...]
-
Seite 137
6-25 Using th e Command Line Interface show apmanage ment This co mmand shows the AP manag ement configurat ion, includi ng the IP addr esses of management s tations allowed to access the access point, as well as the i nterface protocol s which ar e open to managemen t access. Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show apman[...]
-
Seite 138
6-26 C HAPTER 6: C OMMAND L INE I NTERFACE show system This command displays basic system confi g uration settings . Default Settin g None Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show system System Information ========================================================== Serial Number : A123456789 System Up time : 0 days, 4 hours[...]
-
Seite 139
6-27 Using th e Command Line Interface show version This command displays th e s oftwar e version for the system . Comm and Mode Exec Exam ple show config This co mmand displays detailed configurat ion informat ion for the sys tem. Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show version Version Information =======================[...]
-
Seite 140
6-28 C HAPTER 6: C OMMAND L INE I NTERFACE Protocol Filter Information =========================================================== Local Bridge :DISABLED AP Management :ENABLED Ethernet Type Filter :DISABLED Enabled Protocol Filters ----------------------------------------------------------- No protocol filters are enabled =========================[...]
-
Seite 141
6-29 Using th e Command Line Interface ----------------Security----------------------------------- Closed System : DISABLED Multicast cipher : WEP Unicast cipher : TKIP and AES WPA clients : REQUIRED WPA Key Mgmt Mode : PRE SHARED KEY WPA PSK Key Type : ALPHANUMERIC Encryption : DISABLED Default Transmit Key : 1 Static Keys : Key 1: EMPTY Key 2: EM[...]
-
Seite 142
6-30 C HAPTER 6: C OMMAND L INE I NTERFACE Radius Secondary Server Information ======================================== IP : 0.0.0.0 Port : 1812 Key : ***** Retransmit : 3 Timeout : 5 Radius MAC format : no-delimiter Radius VLAN format : HEX ======================================== SNMP Information ============================================== Ser[...]
-
Seite 143
6-31 Using th e Command Line Interface SNTP Information =========================================================== Service State : Disabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.18 Current Time : 00 : 14, Jan 1st, 1970 Time Zone : -5 (BOGOTA, EASTERN, INDIANA) Daylight Saving : Disabled ================================[...]
-
Seite 144
6-32 C HAPTER 6: C OMMAND L INE I NTERFACE show har dware This co mmand displays the har dware v ersion of the s ystem. Comm and Mode Exec Exam ple System Logging Comma nds These command s are used to conf igure system l ogging on the access poi nt. Ta b l e 13 System Loggign Commands SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLE[...]
-
Seite 145
6-33 Using th e Command Line Interface logging on This co mmand contr ols logging of error messages; i.e., sendi ng debug or err or messages to memor y . The no fo rm disa bles the logging p roces s. Syn tax [ no ] loggi ng on Default Settin g Disabled Comm and Mode Globa l Configura tion Comman d Usage The logg ing pr ocess contro ls err or messag[...]
-
Seite 146
6-34 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g None Comm and Mode Globa l Configura tion Exam ple logging con sole This command init iates log ging of er ror m essages to the conso le. Use t he no form to di sable logg ing to the cons ole. Syn tax [ no ] loggi ng console Default Settin g Disabled Comm and Mode Globa l Configura tion Ex[...]
-
Seite 147
6-35 Using th e Command Line Interface Comman d Usage Messages sent include the selected level down to Emergency level. Exam ple logging facili ty-type This comm and sets the facili ty type for remote loggi ng of syslog message s. Syn tax logging facility -type < type > type - A nu mber that in dicates the fa cility used b y the syslog se rve[...]
-
Seite 148
6-36 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple logging cle ar This command clears all log messages stor ed in the access point’ s memory . Syn tax logging cle ar Comm and Mode Globa l Configura tion Exam ple show loggin g This co mmand displays th e logging config uration. Syn tax show loggin g Comm and Mode Exec Exam ple Outdoor 11a Buildin[...]
-
Seite 149
6-37 Using th e Command Line Interface show e vent-log This command displays log messages stor ed in the access point’ s memory . Syn tax show ev ent -log Comm and Mode Exec Exam ple System Clock Command s These command s ar e used to configur e SNTP and system clock sett ings on the access poi nt. Ta b l e 14 System Clock Commands Outdoo r 11a B[...]
-
Seite 150
6-38 C HAPTER 6: C OMMAND L INE I NTERFACE sntp-se rver ip This comman d sets the IP address of the servers to which SNTP time requests ar e issued. Use the this comma nd with n o argum ents to clear all time serve rs from the current list. Syn tax sntp-se rver ip < 1 | 2 > < ip> • 1 - First ti me server. • 2 - Second time server. ?[...]
-
Seite 151
6-39 Using th e Command Line Interface Default Settin g Enabled Comm and Mode Globa l Configura tion Comman d Usage The time acqu ired fr om time servers is used to recor d accurate dates and times for l og events. W ithout SNTP , the access point onl y records the time starting from th e factor y defau lt set at t he last bootup (i.e., 00:14 :00, [...]
-
Seite 152
6-40 C HAPTER 6: C OMMAND L INE I NTERFACE Relate d Comm ands sntp-server en able (6-38 ) sntp-se rver dayli g ht-s aving This comma nd sets the start a nd end dates f or daylight savings ti me. Use t he no form to d isable d aylight savings t ime. Syn tax [ no ] sntp -server day light-sa ving Default Settin g Disabled Comm and Mode Globa l Configu[...]
-
Seite 153
6-41 Using th e Command Line Interface Comm and Mode Globa l Configura tion Comman d Usage This comm and sets the lo cal tim e zone relative to the Co ordinated Universa l Time (UTC, formerl y Greenwic h Mean T ime or GMT) , based on the earth ’ s prime me ridian, zer o degr ees longi tude. T o display a ti me corres ponding to your lo cal time, [...]
-
Seite 154
6-42 C HAPTER 6: C OMMAND L INE I NTERFACE DHCP Relay Commands Dynamic H ost Configur ation Pr otocol (DHC P) can dynamical ly allocate an IP addr ess and other configurat ion informatio n to network cli ents that br oadcast a r equest. T o r eceive the br oadcast request , the DHCP server would no rmally have to be on the sam e subnet as the cli e[...]
-
Seite 155
6-43 Using th e Command Line Interface Exam ple dhcp-rel ay This command configur es the primar y and secondary DHCP server addresses. Syn tax dhcp-rel ay < prima ry | secondary > < ip_address > • primary - The primary DHCP server. • secondary - The secondary DHCP server. • ip_addr ess - IP address of the server. Default Settin g [...]
-
Seite 156
6-44 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Exec Exam ple SNMP Commands Contr ols access t o this access point from manag ement stations using the Simple Network Ma nagement Pr otocol (SNMP), as well as the hosts that will r eceive tr ap messages. Ta b l e 16 SNMP Commands Outdoor 11a Building to Building #show dhcp-relay DHCP Relay : [...]
-
Seite 157
6-45 Using th e Command Line Interface show snmp filter Displays the SNMP v3 notific a tion filters Exe c 6- 58 show snmp filter -assignments D isplays the SNMP v3 notification filter assignments Exe c 6- 59 show snmp Displays the status of SNMP communic ations Exec 6-60 Command Function Mode Page[...]
-
Seite 158
6-46 C HAPTER 6: C OMMAND L INE I NTERFACE snmp- server comm unity This comm and de fines the commun ity access string for the S imple N etwor k Manage ment Pr otocol. U se the no for m to r e move the specifi ed community string. Syn tax snmp- server commun ity string [ ro | rw ] no snmp -server c ommunity string • string - Comm unity strin g th[...]
-
Seite 159
6-47 Using th e Command Line Interface Default Settin g None Comm and Mode Globa l Configura tion Exam ple Relate d Comm ands snmp-serve r location (6-47 ) snmp- server locat ion This command sets the system locati on string. Use the no form to remove the loca tion stri ng. Syn tax snmp- server locati on < text > no snmp -server lo cation tex[...]
-
Seite 160
6-48 C HAPTER 6: C OMMAND L INE I NTERFACE snmp-s erver enable server This comman d enables SNMP managemen t access and also enab les this device to send SNMP traps (i.e ., notificati ons). U se the no form to disable SNMP service and trap messages. Syn tax snmp-s erver enable se rver no snmp-ser ver enable server Default Settin g Enabled Comm and [...]
-
Seite 161
6-49 Using th e Command Line Interface • host_name - Nam e of th e ho st. (Ra nge: 1 -63 chara cters) • communi ty-string - Passw ord-like commu nity stri ng sent with th e notifi cation operat ion. Althou gh you can set thi s stri ng using the snmp-s erver host comma nd by itsel f, we recom mend that y ou define this strin g using t he snmp-se[...]
-
Seite 162
6-50 C HAPTER 6: C OMMAND L INE I NTERFACE re-associated with the access point. - dot1 1StationReq uestFail - A clie nt station has f ailed associ ation, re-association, or authenticatio n. - dot1xAu thFa il - A 802.1X cli ent stati on has failed RA DIUS authent ication. - dot1xAu thNotIn itiated - A client station did no t initiate 8 02.1X authent[...]
-
Seite 163
6-51 Using th e Command Line Interface Default Settin g All traps en abled Comm and Mode Globa l Configura tion Comman d Usage This co mmand is used in conj unction with the snmp-ser ver host and snmp-s erver enable se rver commands to enable SNMP notificat ions. Exam ple snmp- server engi ne-id This command is used for SN MP v3. It is used to uniq[...]
-
Seite 164
6-52 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple snmp-s erver user This command confi gures the SNMP v3 users that ar e allowed to manage the access point. Use the no form to de lete an SNMP v3 user . Syn tax snmp-s erver user < user -name> user -nam e - A use r -defined string for the SN MP user . (32 characte rs maximu m) Default Settin [...]
-
Seite 165
6-53 Using th e Command Line Interface • The comm and prompts f or the following informatio n to configur e an SNMP v3 user: - user-nam e - A user-de fined stri ng for t he SNMP user. ( 32 chara cters maximum) - grou p-na me - The name of the SNMP grou p to which the use r is assigned ( 32 characters ma ximum). There are three pre-def ined groups[...]
-
Seite 166
6-54 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax snmp-s erver targets < target- id > < ip-add r > < sec-name > [ version { 3 }] [ udp-p ort { port-numbe r }] [ notificatio n-type { TRAP }] no snmp -server targets < target-id > • target-id - A user -defined name th at iden tifies a receiver o f SNMP notif ications. (M axi[...]
-
Seite 167
6-55 Using th e Command Line Interface Syn tax snmp-s erver filter < filter -id > < includ e | exclude > < subtree > [ mask { mask }] no snmp -server filter < filter -id > [ subtree ] • filter-id - A use r-defin ed nam e that id entifies an SNM P v3 no tificatio n filter . (Maximum le ngth: 32 charact ers) • includ e - D[...]
-
Seite 168
6-56 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple snmp-s erver filt er -assignme nts This command ass igns SNMP v3 notif ication filte rs to targets. Use the no form to r emove an SNMP v3 filter assignment. Syn tax snmp-s erver filter -assignme nts < target-id > < fi lter -id > no snmp -server filter -assignm ents < target-id > [...]
-
Seite 169
6-57 Using th e Command Line Interface Syn tax show snmp gr oups Comm and Mode Exec Exam ple show snmp us ers This command displa ys the SNMP v3 users and s ettings . Syn tax show snmp us ers Comm and Mode Exec Exam ple show snmp gr oup-as signmen ts This co mmand displays th e SNMP v3 user gr oup assignmen ts. Outdoor 11a Building to Building#show[...]
-
Seite 170
6-58 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax show snmp gr oup- assignmen ts Comm and Mode Exec Exam ple show snmp target This command displa ys the SNMP v3 noti fication tar get settings. Syn tax show snmp target Comm and Mode Exec Exam ple show snm p filter This command displa ys the SNMP v3 noti fication fi lter settings. Syn tax show s n m[...]
-
Seite 171
6-59 Using th e Command Line Interface Comm and Mode Exec Exam ple show s n mp fil ter -assignments This command displa ys the SNMP v3 noti fication fi lter assignmen t s. Syn tax sho w sn mp fi lt er -a ssi gnm e nts Comm and Mode Exec Exam ple Outdoor 11a Building to Building#show snmp filter Filter: trapfilter Type: include Subtree: iso.3.6.1.2.[...]
-
Seite 172
6-60 C HAPTER 6: C OMMAND L INE I NTERFACE show s nmp This co mmand displays the SNMP conf iguratio n settings. Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show snmp SNMP Information ============================================== Service State : Enable Community (ro) : ***** Community (rw) : ***** Location : WC-19 Contact : Paul E[...]
-
Seite 173
6-61 Using th e Command Line Interface Flash/File Commands These command s are used to mana ge the system code or configu ration files. Ta b l e 17 Flash/File Commands bootfile This command specifies the image used to star t up the system. Syn tax bootfile < filen ame > filename - Na me o f the imag e file . Default Settin g None Comm and Mod[...]
-
Seite 174
6-62 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple copy This co mmand copies a boot file , code image, or conf iguratio n file between th e access point ’ s flash memory and a F TP/TF TP server . When you save the configu ration setting s to a fi le on a F TP/TF TP server , th at file can la ter be download ed to the access point to r estore sys[...]
-
Seite 175
6-63 Using th e Command Line Interface Exam ple The fo llow ing exam ple s hows how to up loa d the c onf igurati on se tting s to a fil e on the TF TP server: The fo llow ing exam ple s hows how to do wnlo ad a c onf igurat ion fi le: delete This command deletes a fi le or image. Syn tax delete < file name > filename - Name of the config ura[...]
-
Seite 176
6-64 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple This example shows how to d elete th e test.cfg configurat ion file from flash memory . Relate d Comm ands bootfil e (6-6 1) dir (6-6 4) dir This command displays a list of files in flash memory . Comm and Mode Exec Comman d Usage File in formatio n is shown below: Exam ple The followi ng example [...]
-
Seite 177
6-65 Using th e Command Line Interface show bootfil e This command displa ys the name of the curr ent operation co de file that booted the system. Syn tax sho w sn mp fi lt er -a ssi gnm e nts Comm and Mode Exec Exam ple RADIUS Client Remote Authenti cation D ial-in User Service (RADIU S) is a logon authen tication protocol that uses software runni[...]
-
Seite 178
6-66 C HAPTER 6: C OMMAND L INE I NTERFACE radiu s-serv er ad dress This command specifies the primary and secondary RADIUS servers. Syn tax radi us-ser ver [ secondary ] address < host_i p_address | host_n ame > • secondary - Secondary server. • host_ip_ad dress - IP address of server. • host_name - Host name of serv er. (Range: 1- 20 [...]
-
Seite 179
6-67 Using th e Command Line Interface Exam ple radi us-ser ver key This co mmand sets the RADIUS en cryption key . Syn tax radi us-ser ver [ secondary ] key < key_string> • secondary - Secondary server. • key_string - Encryptio n key used to authenticate logo n access for client. Do not us e blank spaces in the string. (Maximum lengt h: [...]
-
Seite 180
6-68 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g 3 Comm and Mode Globa l Configura tion Exam ple radi us-ser ver timeo ut This comm and sets the in terval bet ween tran smitting a uthentica tion reque sts to the RADIU S server . Syn tax radi us-ser ver [ secondary ] timeout number_ of_seconds • secondary - Secondary server. • number [...]
-
Seite 181
6-69 Using th e Command Line Interface Default Settin g 0 (disa bled) Comm and Mode Globa l Configura tion Comman d Usage • When the RADI US Accounti ng serve r UDP por t is speci fied, a RADIUS accounting session i s automa tically sta rted for e ach use r that i s successfully authenticate d to t he access point. Exam ple radius-server timeou t[...]
-
Seite 182
6-70 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax radi us-ser ver radi us-mac- format < mu lti-c olon | multi-dash | no-d elimite r | si n gle-dash > • multi-c olon - Enter MAC addresses in the form xx:xx:xx:xx:xx:xx. • multi- dash - Enter MAC a ddresses in the form xx-xx-xx-xx-xx-xx. • no-d elimite r - Enter MAC addresses in the form [...]
-
Seite 183
6-71 Using th e Command Line Interface Default Settin g None Comm and Mode Exec Exam ple 802.1X Authentication The access point supports IEEE 802.1X access control for wire l ess clients. This contr ol featur e preven ts unauthori zed access to the network by r equiring an 802.1X client applica tion to submi t user cred entials for aut henticati on[...]
-
Seite 184
6-72 C HAPTER 6: C OMMAND L INE I NTERFACE Ta b l e 19 802.1X Authentica tion 802.1x This co mmand configur es 802.1X as optionally s upported or as r equir ed for wireless clients. Use th e no f orm to d isable 8 02.1X s upport. Syn tax 802.1x < supporte d | re qu i re d > no 802. 1x • support ed - Au thenticate s client s that ini tiate t[...]
-
Seite 185
6-73 Using th e Command Line Interface stati ons initiati ng 802.1X, only those statio ns successfull y authenticat ed are al low ed to acce ss t he ne twor k. For thos e st atio ns no t ini tiati ng 802.1X , access to the net work is allowed after succes sful 802.1 1 association.[...]
-
Seite 186
6-74 C HAPTER 6: C OMMAND L INE I NTERFACE • When 80 2.1X is requ ired, the access point enforce s 802.1X auth entication for al l 802.11 associat ed stations. If 802.1X auth entication is not initia ted by the s tation, the access poi nt will init iate authen tication . Only those stations succe ssfully authe nticated with 802.1X are allo wed to[...]
-
Seite 187
6-75 Using th e Command Line Interface Exam ple 802.1x session- key-re fresh-r ate This comma nd sets th e interval a t which u nicast sessio n keys are refreshed for associa ted stations us ing dynamic keyi ng. Syn tax 802.1x session-k ey-refresh-rate < rate> rate - The inte rval at which the a ccess point refreshes a session key . (Rang e: [...]
-
Seite 188
6-76 C HAPTER 6: C OMMAND L INE I NTERFACE Default 0 (D isabled) Comm and Mode Globa l Configura tion Exam ple 802.1x -suppli cant ena ble This co mmand enables the access poi nt to operate as an 80 2.1X supplic ant for authen tication. Use th e no form to di sable 802.1X a uthenticati on of th e access point. Syn tax 802.1x -suppli cant enabl e no[...]
-
Seite 189
6-77 Using th e Command Line Interface Syn tax 802.1x -suppli cant user < username> <pa ssword> no 802. 1x-suppl icant user • userna me - The access p oint name used for authenticati on to t he networ k. (Range: 1-32 alphanumeri c characters ) • password - The MD5 pass word use d for a ccess poin t authen tication . (Range: 1-32 alp[...]
-
Seite 190
6-78 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Exec Exam ple MAC Address Authenticat ion Use these comm ands to define M AC authen tication on the access point. For local MAC auth enticati on, first d efine the defa ult filte ring pol icy using the ad dress filter defaul t command. Then en ter the MAC addr esses to be filter ed, indi cati[...]
-
Seite 191
6-79 Using th e Command Line Interface address filter default This co mmand sets fi ltering to allow or d eny listed M A C add resses. Syn tax address filte r defa ult < allo wed | denie d > • allo wed - Onl y MAC addresses entered as “ denied” in t he address filter ing table are denied. • denied - Only MAC addres ses entered as “a[...]
-
Seite 192
6-80 C HAPTER 6: C OMMAND L INE I NTERFACE Default None Comm and Mode Globa l Configura tion Comm and Mode • The a ccess poi nt supp orts up to 1024 M AC a ddres ses. • An entry in t he address table m ay be allowed or denied access de pending on the g lobal se tting co nfigured for the addre ss entry defa ult command. Exam ple Relate d Comm an[...]
-
Seite 193
6-81 Using th e Command Line Interface address filter delete This command deletes a MAC add ress fr om the filter table . Syn tax address fi lter dele te < mac-address> mac-addre ss - P hysi cal ad dress of clie nt. (E nter six pair s of he xadec imal digits sep arated by hyph ens.) Default None Comm and Mode Globa l Configura tion Exam ple R[...]
-
Seite 194
6-82 C HAPTER 6: C OMMAND L INE I NTERFACE Default Disabled Comm and Mode Globa l Configura tion Exam ple Relate d Comm ands addr ess filter entr y (6-79) radius- serve r addres s (6-66) 802.1x- supplicant user (6-76) mac-authenticati o n session-timeo ut This command sets the inter val at which associated clients will be re-authenticate d with the[...]
-
Seite 195
6-83 Using th e Command Line Interface Ta b l e 21 Filtering Commands filter loc al-bridg e This co mmand disables comm unication betw een wireless clients. Use t he no form to disa ble th is f ilteri ng. Syn tax filter local-b ridg e < all-V AP | intra -V AP > no fil ter local-b ridge all-V A P - When enab led, client s cannot esta blish wir[...]
-
Seite 196
6-84 C HAPTER 6: C OMMAND L INE I NTERFACE Default Disabled Comm and Mode Globa l Configura tion Comman d Usage This c omma nd c an di sabl e wireles s-to- wirele ss com muni catio ns be tween clients via the acce ss point. However , it does not af fect communications between wi reless cl ients and the wir ed netw ork. Exam ple Outdoor 11a Building[...]
-
Seite 197
6-85 Using th e Command Line Interface filter ap -man age This co mmand preven ts wireles s clients fr om accessing t he management in terface on the access poin t. Use the no form to disabl e this filteri ng. Syn tax [ no ] filt er ap-manage Default Enabled Comm and Mode Globa l Configura tion Exam ple filter u plink e nab le This command enable s[...]
-
Seite 198
6-86 C HAPTER 6: C OMMAND L INE I NTERFACE Default Disabled Comm and Mode Globa l Configura tion Exam ple fil ter ethernet-typ e enable This co mmand checks the Et her net type on all inc oming and outg oing Ethernet packets ag ainst the pro tocol filter ing table. Use the no form to di sable thi s feat ure. Syn tax [ no ] filt er ethernet-type e n[...]
-
Seite 199
6-87 Using th e Command Line Interface fil ter ethernet-t ype prot ocol This comman d sets a filter for a specific E t hernet type. U se the no form to disable filter ing for a specifi c Ethernet t ype. Syn tax fil t er eth er net-typ e protoco l < protocol> no fi lter ethernet- type pr otocol < protocol > protoco l - A n Ether ne t pro[...]
-
Seite 200
6-88 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple WDS Bridge Commands The commands de scribed in this section ar e used to set the operation mode for each access poi nt interface and conf igure WI reless Distribut ion System (WDS) forwarding table settings . Ta b l e 22 WDS Bridge Commands Outdoor 11a Building to Building #show filters Protocol F[...]
-
Seite 201
6-89 Using th e Command Line Interface bridge m ode This command select s between Maste r and Slave mo de. Syn tax bridge m ode < master | slave > • master - Operates as a master ena bling up to five slave links. • slave - Oper ates as a s lave with on ly one link to the maste r . Default Settin g Master Comm and Mode Interface Confi gura[...]
-
Seite 202
6-90 C HAPTER 6: C OMMAND L INE I NTERFACE When th e access poi nt is op eratin g in th is mod e, traff ic is not forwar ded to the Et herne t port fro m the ra dio in terface. • Up to f our WDS bridge links (MAC addres ses) per ra dio interfa ce can be specified for each un it in the wir eless bridge network. One unit only mu st be confi gured a[...]
-
Seite 203
6-91 Using th e Command Line Interface brid ge-lin k paren t This co mmand configur es the MAC addr ess of th e parent bri dge node. Syn tax brid ge-lin k pare nt < mac-address > mac-ad dress - The wi reless MAC a ddress of the parent bri dge un it. (12 hexadecimal d igits in the form “xx-xx-xx -xx-xx-xx”). Default Settin g None Comm and [...]
-
Seite 204
6-92 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g None Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage • In r oot bridge mode , up to six child bridge l inks can be speci fied using li nk inde x numbers 1 to 6. • In br idge mode, up to fiv e child links can be specified using li nk index numbers 2 to 6. Inde x numbe[...]
-
Seite 205
6-93 Using th e Command Line Interface Default Settin g 300 seco nds Comm and Mode Globa l Configura tion Comman d Usage If the MAC ad dress of an entry i n the addr ess table is not seen on the associated interface for long er tha n the ag ing time, the entry is discarded. Exam ple Outdoor 11a Building to Building(config)#bridge dynamic-entry age-[...]
-
Seite 206
6-94 C HAPTER 6: C OMMAND L INE I NTERFACE show bridge aging- time This co mmand displays the current WDS forwarding table ag ing tim e setti ng.[...]
-
Seite 207
6-95 Using th e Command Line Interface Comm and Mode Exec Exam ple show bridge filter -entry This comm and di splays current en tries in the WDS forwarding tab le. Comm and Mode Exec Outdoor 11a Building to Building#show bridge aging-time Aging time: 300 Outdoor 11a Building to Building#[...]
-
Seite 208
6-96 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple Outdoor 11a Building to Building#show bridge filter-entry max entry numbers =512 current entry nums =13 **************************************************************** *********************** Bridge MAC Addr Table *********** **************************************************************** | MAC [...]
-
Seite 209
6-97 Using th e Command Line Interface show brid ge link This co mmand displays WDS brid ge link and spanni ng tree settings fo r speci f ied interfaces. Syn tax show brid ge link < ethernet | wir eless < a | g > [ index ]> • ethe rne t - Specifies the Eth ernet in terface. • wirel ess - Spec ifies a wi reless interfa ce. - a - The [...]
-
Seite 210
6-98 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Exec Exam ple Outdoor 11a Building to Building#show bridge link wireless a Interface Wireless A WDS Information ==================================== AP Role: Bridge Parent: 00-12-34-56-78-9a Child: Child 2: 00-08-12-34-56-de Child 3: 00-00-00-00-00-00 Child 4: 00-00-00-00-00-00 Child 5: 00-00[...]
-
Seite 211
6-99 Using th e Command Line Interface Spanning Tree Command s The commands de scribed in this section ar e used to set the MAC addr ess table aging tim e and span ning tree para meters for both th e Ether net a nd wireless interfaces. Ta b l e 23 Bridge Commands brid ge stp enab le This command enable s the Spanning T r ee Protoco l. Use the no fo[...]
-
Seite 212
6-100 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax [ no ] bridge s tp en able Default Settin g Enabled Comm and Mode Globa l Configura tion Exam ple This exampl e globally enab les the Spanning T r ee Protoco l. brid ge stp forw ardi ng-dela y Use thi s command to confi gure the spa nning tr ee bridge fo rward tim e globally for the wireless b rid[...]
-
Seite 213
6-101 Using th e Command Line Interface changes be fore it starts to forwa rd frames. In additio n, each por t needs time to listen for conflicting information t hat would make it r eturn to the disca rding state ; otherwise , temporary data loops might r esul t. Exam ple brid ge stp hell o-time Use thi s command to confi gure the spa nning tr ee b[...]
-
Seite 214
6-102 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax brid ge stp max- age < seco nds > no bridg e stp m ax-age seconds - Time in seconds. (Range: 6-40 seconds) The m inimu m val ue is th e hi gher of 6 or [2 x (he llo-time + 1)]. The m aximum v alue i s the l ower of 40 or [2 x (forward-time - 1) ]. Default Settin g 20 se cond s Comm and Mode [...]
-
Seite 215
6-103 Using th e Command Line Interface Default Settin g 32768 Comm and Mode Globa l Configura tion Comman d Usage Bridg e priority is used in sel ecting the r oot devic e, root po rt, and design ated port. T he device with the hi ghest p riority be comes the STP root device . However , if all d evices have th e same prio rity , the device with the[...]
-
Seite 216
6-104 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple bridge-link port-prio rity Use this comma nd to co nfigure th e prio rity for the spe cifie d po rt. Syn tax bridge-link port-prio rity < index > < priority> • index - Specifies the bridge link nu mber on the wir eless bridge . (Range: 1-6 re quired on wirel ess interfa ce only) •[...]
-
Seite 217
6-105 Using th e Command Line Interface Syn tax show brid ge stp Comm and Mode Exec Exam ple Ethernet Interface Comm ands The com mands described in thi s sectio n con figure conne ction pa rame ters for th e Ether net port and wireless interface . Ta b l e 24 Eh terne t Interfa ce Comma nds Outdoor 11a Building to Building# show bridge stp Bridge [...]
-
Seite 218
6-106 C HAPTER 6: C OMMAND L INE I NTERFACE interface ethern et This co mmand enters Ethernet in terface conf iguration mode . Default Settin g None Comm and Mode Globa l Configura tion Exam ple T o specif y the 10/10 0Base-TX n etwork i nterface , enter th e foll owing co mmand : dns server This command speci fies the a ddress for th e primary o r[...]
-
Seite 219
6-107 Using th e Command Line Interface Relate d Comm ands show inte rface ethernet (6-110) ip address This command sets the IP address for the access po int. Use the no form to restor e the defa ult IP a ddress. Syn tax ip ad dress < ip-add ress > < netmask > < gat eway > no ip address • ip-addre ss - IP address • netmas k - [...]
-
Seite 220
6-108 C HAPTER 6: C OMMAND L INE I NTERFACE ip dhc p This co mmand enables the access poi nt to obtain an IP addr ess from a DH CP server . Use the no form to restore the defa ult IP address. Syn tax [ no ] ip dhcp Default Settin g Enabled Comm and Mode Interface Confi guration (Ether net) Comman d Usage • You mu st assign an IP addr ess to this [...]
-
Seite 221
6-109 Using th e Command Line Interface speed -dupl ex This co mmand configur es the speed and duplex mode of a given interf ace when autone gotiation is di sabled. Use t he no form t o restore the default. Syn tax speed -dupl ex < au to | 10MH | 10MF | 100 MF | 100MH > • auto - autonegotia te speed and dupl ex mode • 10M H - F orces 10 M[...]
-
Seite 222
6-110 C HAPTER 6: C OMMAND L INE I NTERFACE Comman d Usage This comman d allows you to disabl e the Ethernet port due t o abnormal behav ior (e.g., excessive col lisions), and r eenable it aft er the prob lem has been r esolved. Y ou may also want to disabl e the Ethernet port for secu rity r easons. Exam ple The followi ng example disables the Eth[...]
-
Seite 223
6-111 Using th e Command Line Interface Wireless Interface Com mands The com mands described in thi s sectio n con figure conne ction pa rame ters for th e wireless interfaces. Ta b l e 25 W ireles s Interface Commands Command F unction Mode Pag e interface w ireless Enters wir e less interface configuration mode GC 6-112 vap P rovides access to th[...]
-
Seite 224
6-112 C HAPTER 6: C OMMAND L INE I NTERFACE interface wireless This comman d enters wireless interface con figurati on mode. Syn tax interface wi reless < a | g > • a - 80 2.11a ra dio in terface. • g - 80 2.11g ra dio inte rface. Default Settin g None Comm and Mode Globa l Configura tion Exam ple T o specif y the 80 2.11a i nterface, en [...]
-
Seite 225
6-113 Using th e Command Line Interface vap This command pro vides access to the V AP (Virt ual Access Point) inte r face confi guration mode. Syn tax vap < vap-id > vap-id - The numbe r that identi fies the V AP in terface. (Option s: 0-3) Default Settin g None Comm and Mode Interface Confi guratio n (W ireless) Exam ple speed This command c[...]
-
Seite 226
6-114 C HAPTER 6: C OMMAND L INE I NTERFACE (e.g., settin g the speed to 54 Mb ps limits the eff ective maximum spe ed to 108 Mbps ). Exam ple turbo This co mmand sets the access po int to an enhanced propriet ary modulati on mode (not regulat ed in IEEE 802.11a ) that pr ovides a high er data rate of up to 108 Mbps . Syn tax turbo < static | dy[...]
-
Seite 227
6-115 Using th e Command Line Interface rate. H oweve r, this reduce s the n umber of cha nnel s supp orted (e.g., 5 channel s for the Unit ed States). Exam ple multicast-data -rate This command confi gures the max imum data rate at whic h t he access poin t tran smits multica st and management packets (exclu ding beacon packe ts) on the wireless i[...]
-
Seite 228
6-116 C HAPTER 6: C OMMAND L INE I NTERFACE channel This co mmand configur es the radio ch annel thr ough which the acc ess point communicates with wir e less clients. Syn tax channel < channel | auto > • channel - Manually sets t he radio chan nel used for comm unications w ith wirele ss clients . (Range for 802.11a: 3 6, 40, 44, 48 , 52, [...]
-
Seite 229
6-117 Using th e Command Line Interface transmit-power This command adjust s the power o f the radi o signals transmitte d from t he access point. Syn tax transmit-power < signal-stren gth> signal-strength - Signal strength tran smitted from the access po int. (Options : full, ha lf, quarte r , eighth, m in) Default Settin g full Comm and Mod[...]
-
Seite 230
6-118 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g b+g mode Comm and Mode Inter face Configur ation (Wireles s - 802.11g) Comman d Usage • For Japa n, on ly 13 cha nnels are ava ila ble wh en set to g or b+g modes. When set to b mode, 14 ch annels are avail able. • Bot h the 802.11g and 80 2.11b standa rds operat e withi n the 2.4 GHz[...]
-
Seite 231
6-119 Using th e Command Line Interface Exam ple antenna control This command select s the use of two dive rsity antenna s or a single anten na for the radio in terface . Syn tax antenna control < di versity | left | right > • divers ity - The radio uses both ant ennas in a diversity system . Select this method when the Antenn a ID is set t[...]
-
Seite 232
6-120 C HAPTER 6: C OMMAND L INE I NTERFACE antenna id This comma nd spec ifies the antenna typ e conne cted to the access poin t r epresen ted by a four -digit he xadecimal ID num ber , eithe r the integra ted diversity antenn as (the "Defaul t Anten na") or an optio nal external antenna. Syn tax antenna id < antenna-id > • anten[...]
-
Seite 233
6-121 Using th e Command Line Interface Default Settin g Indoor Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage • When an ex ternal antenna is selected, the ant enna contro l must be set to “rig ht.” • Selecting t he correct locatio n ensures th at the a ccess poin t only use s radio channels that are perm itted in the co[...]
-
Seite 234
6-122 C HAPTER 6: C OMMAND L INE I NTERFACE dtim-pe riod This command configu res th e rate at whic h stations in sleep mode must wake up to receive broadcast/multi cast tran smissions. Syn tax dtim-pe riod < in ter val> inter val - Interval b etween the bea con frames that transm it broadcast or multicast traffic. (Ran ge: 1-25 5 beac on fra[...]
-
Seite 235
6-123 Using th e Command Line Interface fragmenta tion-leng th This comm and c onfig ures the mini mum pack et si ze t hat ca n be fragm ented when passing through the access point. Syn tax fragmenta tion-leng th < lengt h> length - Minimum packet size for which fragm entation is allowed. (Range : 256 -2346 b ytes) Default Settin g 2346 Comm [...]
-
Seite 236
6-124 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g 2347 Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage • If the threshold is set to 0, the access po int always sends RTS sig nals. If set to 2347, the access point never sen d s RTS signals. I f set to any other value, and the pa cket size equals or exce eds the RTS th[...]
-
Seite 237
6-125 Using th e Command Line Interface Exam ple super -g This command enables Ather os prop r ietary Su per G performance enhan cements. Use the no fo rm to disable t his functi on. Syn tax [ no ] super - g Default Settin g Disabled Comm and Mode Inter face Configur ation (Wireles s - 802.11g) Comman d Usage These enhan cements include bu rsting, [...]
-
Seite 238
6-126 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple ssid This command confi gures the servi ce set identifier (SSID). Syn tax ssid < stri ng > string - The name of a ba sic service set sup ported by the access poin t. (Range: 1 - 32 chara cters) Default Settin g 802.11 a Radio: V AP_TEST_11A (0 t o 3) 802.11 g Radio: V AP_TEST_11G (0 t o 3) [...]
-
Seite 239
6-127 Using th e Command Line Interface Comm and Mode Interface Configurat ion (Wireless-V AP) Comman d Usage When close d system is enabled, the access p oint will not includ e its SSID in beacon mes sages. Nor will it r espond to pr obe r equests fr om clients that do not in clude a fixed SSID . Exam ple max-as sociation This command config ures [...]
-
Seite 240
6-128 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g 30 Comm and Mode Interface Configurat ion (Wireless-V AP) Exam ple auth- timeo ut-va lue This co mmand configur es the tim e inte rval within which cli ents must comple te authenticat ion to the V A P interface. Syn tax auth- timeo ut-va lue < minutes> minut es - The nu mber o f min[...]
-
Seite 241
6-129 Using th e Command Line Interface Comm and Mode Interface Configurat ion (Wireless-V AP) Comman d Usage Y ou m ust first enab le V AP interface 0 before you can e nable V AP interfa ces 1, 2, 3, 4, 5, 6, or 7. Exam ple show interface wireless This comman d displays the status for th e wireless interface. Syn tax show interface wireless < a[...]
-
Seite 242
6-130 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show interface wireless g 0 Wireless Interface Information ========================================================================= ----------------Identification------------------------------------------- Description : Enterprise 802.11g Acce[...]
-
Seite 243
6-131 Using th e Command Line Interface ----------------Security------------------------------------------------- Closed System : Disabled Multicast cipher : WEP Unicast cipher : TKIP and AES WPA clients : DISABLED WPA Key Mgmt Mode : PRE SHARED KEY WPA PSK Key Type : PASSPHRASE WPA PSK Key : EMPTY PMKSA Lifetime : 720 minutes Encryption : ENABLED [...]
-
Seite 244
6-132 C HAPTER 6: C OMMAND L INE I NTERFACE WMM AP Parameters AC0(Best Effort) : logCwMin: 4 logCwMax: 6 AIFSN: 3 Admission Control: No TXOP Limit: 0.000 ms AC1(Background) : logCwMin: 4 logCwMax: 10 AIFSN: 7 Admission Control: No TXOP Limit: 0.000 ms AC2(Video) : logCwMin: 3 logCwMax: 4 AIFSN: 1 Admission Control: No TXOP Limit: 3.008 ms AC3(Voice[...]
-
Seite 245
6-133 Using th e Command Line Interface show statio n This command shows the wireless clients associa t ed with the access point. Comm and Mode Exec Exam ple Rogue AP Detection Comm ands A “r ogue AP ” is eithe r an access po int that is not aut horized to participat e in the wir eless networ k, or an access point that does not hav e the corr e[...]
-
Seite 246
6-134 C HAPTER 6: C OMMAND L INE I NTERFACE The acc ess point can be c onfigur ed to periodi cally scan al l radio cha nnels and fin d other access points within ra nge. A databa se of nearby acces s points is mainta ined where any r ogue APs can be identif ied. Ta b l e 26 Rogue AP Commands rogue-ap en able This command enables the per iodic detec[...]
-
Seite 247
6-135 Using th e Command Line Interface The r ogue AP dat abase can be viewed us ing the show rogue- ap command. • The access point sends Syslog messages for each detected access point during a ro gue A P sc an. Exam ple rogue-ap au thent icate This comm and forces th e unit to authe nticate a ll access po ints on th e networ k. Use the no fo rm [...]
-
Seite 248
6-136 C HAPTER 6: C OMMAND L INE I NTERFACE access point s are allo wed or are r ogues. If you en able authenti cation, you shoul d also config ure a RADI US server for this acc ess point (s ee “RADIUS” on pa ge 8 ). Exam ple rogue-ap durati on This comman d sets the scan duration for de tecting access points. Syn tax rogue-ap durati on <mil[...]
-
Seite 249
6-137 Using th e Command Line Interface Syn tax rogue-ap interval <m inute s> minut es - The int erval bet ween consecuti ve scans. (R ange: 30-1008 0 minut es) Default Settin g 720 minu tes Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage This comman d sets the inter val at which scans o ccur . Fr equent scanni ng will more[...]
-
Seite 250
6-138 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g Disabled Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage While the access point scans a channel for rogue APs, wir eless cl ients will not be ab le to connect to the acc ess point. Ther efor e, avoid fr equent scanning or scans of a long d uration unless ther e is a r e[...]
-
Seite 251
6-139 Using th e Command Line Interface show rogue-ap This comm and di splays the current rogue AP d atabase . Comm and Mode Exec Exam ple Wireless Security Com mands The comma nds describ ed in this se ction conf igure param eters for wireless secur ity on the 802 .11a and 802. 11g interfac es. Ta b l e 27 W irel ess Security Commands Outdoor 11a [...]
-
Seite 252
6-140 C HAPTER 6: C OMMAND L INE I NTERFACE auth This comma nd con figures authentica tion fo r the V AP inte rface. Syn tax auth < open -syst em | shar ed-key | wp a | wpa-psk | wpa2 | wpa2-p sk | wpa-wp a2-mixed | wp a-wpa2-psk- mixed | > <r equir ed | suppor ted> • open -syste m - Accepts th e client withou t verif ying its iden ti[...]
-
Seite 253
6-141 Using th e Command Line Interface • To use WEP share d-key authentica tion, set the auth entication type to “shared -key” and define at least one static WEP key with the ke y command. Encryption is automa tically enabled by the co mmand. • To use WEP en cryption only (n o authen tication ), set th e authe ntication type to “ open-sy[...]
-
Seite 254
6-142 C HAPTER 6: C OMMAND L INE I NTERFACE WEP). To pl ace the VAP in to AES only mode , use “requi red” and the n select the “cipher-ccm p” op tion for the cipher-suit e comma nd. Exam ple Relate d Comm ands encrypti on (6-142) key (6- 143) encr ypti on This command enables data encryp tion for wireless communi cations. Use the no form to[...]
-
Seite 255
6-143 Using th e Command Line Interface Exam ple Relate d Comm ands key (6- 143) key This co mmand sets the keys used fo r WEP encryp tion. Use the no form to dele te a config ured key . Syn tax key < in dex > < size > < type > < val ue > no key i ndex • index - Key index. (Range: 1-4) • size - Key size. (Opti ons: 64, 1[...]
-
Seite 256
6-144 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple Relate d Comm ands key (6- 143) encrypti on (6-142) transmit-k ey (6-14 4) transmit-key This comma nd sets the ind ex of the key to b e used for en crypting dat a frames for broadcast or m ulticast traffic transm itted from the VAP to wireless clients. Syn tax transmit-key < in dex> index -[...]
-
Seite 257
6-145 Using th e Command Line Interface • In a mixed-mode e nvironment wit h clients us ing static a nd dynamic keys, select t ransmit key index 2, 3, or 4. The access point uses transmit key index 1 fo r the generat ion of dynamic keys . Exam ple cipher -suit e This comm and de fines th e cipher algorith m used to encrypt the glob al key for bro[...]
-
Seite 258
6-146 C HAPTER 6: C OMMAND L INE I NTERFACE and a re-k eying mechanism. Select TKIP i f there ar e clients in the n etwork that are not WPA2 comp liant. • TKIP def ends against attack s on WEP in which t he unencrypted initial ization v ector in encrypte d packets is used to calculate the WEP key. TKIP chang es the en cryption key on each pa cket[...]
-
Seite 259
6-147 Using th e Command Line Interface The MIC ca lculation is perform ed in the access poi nt for each tr ansmitted packet and this can imp act throughpu t and perfor mance. The access poin t suppor ts a choi ce of hard ware or so ftware for M IC ca lcula tion. The perfor mance of the access poin t can be improved by se lecting the bes t method f[...]
-
Seite 260
6-148 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple Relate d Comm ands auth (6-1 40) pmksa-l ifetime This comm and sets the time for ag ing ou t cached W P A2 P airwise Master Ke y Security Asso ciation (PMKSA) inform ation for fast roamin g. Syn tax pmksa-l ifetime < minutes> minut es - The time for agin g out PM KSA informa tion. (Rang e: [...]
-
Seite 261
6-149 Using th e Command Line Interface Exam ple pre-authenticatio n This command enable s WP A2 pr e-authenti cation for fast secur e roa ming. Syn tax pr e-authenticati on < enable | dis able > • enab le - Enables pre-auth entication for th e VAP interface. • disab le - D isables pre-auth entication f or the VAP inter face. Default Sett[...]
-
Seite 262
6-150 C HAPTER 6: C OMMAND L INE I NTERFACE Link Integrity Commands The acce ss point pr ovides a link integr ity featur e that c an be us ed to ensur e that wir eless clients are con nected to reso urces on the wir ed network. The access point does thi s by peri odically se nding Pin g messages to a hos t device in the wir ed Ethernet network. If [...]
-
Seite 263
6-151 Using th e Command Line Interface host d oes not r espond or is u nreachabl e) exceeds the limit set by t he link-inte grity pi ng-fai l-retry command, t he link is determi ned as lost. Exam ple link-inte grity ping-ho st This co mmand configur es the link host name or IP add ress. Us e the no form to remove the h ost setti ng. Syn tax link-i[...]
-
Seite 264
6-152 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple link-inte grity pi ng-fai l-retry This co mmand configur es the number of consecutive fai led Ping counts bef ore the link is dete rmined as lost. Syn tax link-inte grity pi ng-fai l-retry < coun ts > counts - The number of fai led Ping count s befor e the l i nk is det ermined as lost. (Ra[...]
-
Seite 265
6-153 Using th e Command Line Interface Syn tax [ no ] link-inte grity et her net -dete ct Default Settin g Disabled Comm and Mode Globa l Configura tion Exam ple show lin k-integri ty This com man d displ ays the curren t link inte grity co nfig urati on. Comm and Mode Exec Exam ple IAPP Command s The comman d described in this s ection enables th[...]
-
Seite 266
6-154 C HAPTER 6: C OMMAND L INE I NTERFACE iapp This comm and ena bles the pro tocol sig nalin g required to han d ov er wireles s client s roamin g between dif fer ent 802.11f-co mpliant acces s points. Use the no form to di sable 802.11f signaling. Syn tax [ no ] iapp Default Enabled Comm and Mode Globa l Configura tion Comman d Usage The curr e[...]
-
Seite 267
6-155 Using th e Command Line Interface The VLAN comman ds supported by the access po int are li sted below . Ta b l e 29 VLAN Commands NOTE: When VLANs ar e enabled, the access poin t’ s Ethernet por t drops all received tr affic that d oes no t include a VLAN ta g. T o main tain n etwork connectivi ty to t he access point and wi r eless clie nt[...]
-
Seite 268
6-156 C HAPTER 6: C OMMAND L INE I NTERFACE vlan This command enable s VLANs for all traf fic. Use the no form to di sable VLAN s. Syn tax [ no ] vlan ena ble Default Disabled Comm and Mode Globa l Configura tion Comma nd Des cription • When VLANs are en abled, the access point ta gs frames received from wirele ss client s with th e VLAN ID c onf[...]
-
Seite 269
6-157 Using th e Command Line Interface Default Settin g 1 Comm and Mode Globa l Configura tion Comman d Usage The managem ent VLAN is for man aging the access point . For example, the access point all ows traffic that is tagged with th e specified VLAN to manage the access po int via re mote management, SS H, SNMP , T elnet, et c. Exam ple Relate [...]
-
Seite 270
6-158 C HAPTER 6: C OMMAND L INE I NTERFACE • If the VLAN ID has not been config ured for a clie nt on the RADI US server, then the frames are tag ged with the d efault V LAN ID of th e VAP interface . Exam ple WMM Commands The access poin t implements QoS usi ng the W i-Fi Multimed ia (WMM) standar d. Using WMM , the access poi nt is able to pri[...]
-
Seite 271
6-159 Using th e Command Line Interface Default suppo rted Comm and Mode Interface Confi guratio n (W ireless) Exam ple wmm-a cknow ledg e-po licy This comman d allows the acknowl edgement wait time to b e enabled or disa bled for each A ccess Catego ry (AC). Syn tax wmm-a cknow ledg e-po licy < ac_number > < ack | noac k > • ac_num b[...]
-
Seite 272
6-160 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple wmmpar am This co mmand configur es detail ed WMM parameter s that apply to th e access point (AP ) or the wireless clients (BS S). Syn tax wmmpar am < AP | BSS > < ac_nu mber > < LogCwMin > < LogCwMax > < AIF S > < TxOpLimit > < admission_control > • A[...]
-
Seite 273
6-161 Using th e Command Line Interface Default Comm and Mode Interface Confi guratio n (W ireless) Exam ple AP Param eters WMM Par ameters AC0 ( Best Effort) AC1 (Background) AC2 (Video) AC3 (V oice) L o g C w M i n 4432 LogCwMax 10 10 4 3 A I F S 3722 TXOP Limi t 0 0 94 47 Admission Control Disabled Dis abled Disabled Disable d BSS Parameter s WM[...]
-
Seite 274
6-162 C HAPTER 6: C OMMAND L INE I NTERFACE[...]
-
Seite 275
A-1 A T R OUBLESHOOTING Check the following i tems befor e you con tact local T echnical Suppo rt. 1 If wi reless bridge uni ts do not associate with each o ther , check th e following: Check the p ower injector LED fo r each b ridge un it to be su re that power is bein g supplied. Be sure that ante nnas in the link are properly al igne d. [...]
-
Seite 276
A-2 If a uthentication is being performed throu gh IEEE 80 2.1X, be su re t he wir eless users ha ve installed an d prope rly configur ed 802.1 X client softwar e. If MAC addr ess filterin g is enabled, be sur e the client’ s addr ess is included in the l ocal filter ing database or on the RADIUS serv er database . If th e wirele ss c[...]
-
Seite 277
A-3 Reset the bridge’ s har dware us ing the consol e interface, w eb in terface, or through a power r e set.[...]
-
Seite 278
A-4[...]
-
Seite 279
B-1 B C ABLES AND P INOUTS T WISTED -P AIR C ABLE A SSIGNMEN TS For 10/100 BASE-TX connect ions, a twisted- pair cable must have two pa irs of wir es. Each wire pair is iden tified by two dif fer ent colors. For exa mple, one wir e might b e green and the other , gr een with whi te stripes. A lso, an RJ-45 connect or mus t be atta ched to bo th end[...]
-
Seite 280
B-2 10/10 0B ASE-TX P IN A SSIGNMENTS Use uns hielde d twiste d-pair (UT P) or shi elded twisted- pair (ST P) cabl e for RJ-45 connec tions : 100-oh m Categ ory 3 or better cable for 10 Mbps c onnecti ons, or 100-o hm Category 5 or better cable for 10 0 Mbps connectio ns. Also be sur e that the lengt h of any twisted-pair connection does not exceed[...]
-
Seite 281
B-3 S TRAIGHT -T HR OUGH W IRING Becaus e the 10/10 0 Mbps Input por t on the power injec tor uses an MDI pi n confi guration, you mus t use “straigh t-thr ough” cable for net work connecti ons to hubs or switches that only h ave MDI-X ports. However , if the device to which you ar e connecting suppo rts automatic MDI/MD I-X operation, you can [...]
-
Seite 282
B-4 C R O SSOVER W IRING Becaus e the 10/10 0 Mbps port on the po wer injector uses an MD I pin confi guration, you must use “cr ossover” cabl e for network conne ctions to PCs, servers or o ther en d node s that onl y have M DI ports. Ho wever , if the d evice to whic h you a re conn ectin g supp orts a utom atic M DI/M DI-X op era tion, you c[...]
-
Seite 283
B-5 8-P IN DIN C ON NECTOR P INOUT The Ethernet cab le from t he power injector co nnects to an 8-pi n DIN connect or on the wir eles s brid ge. This conn ector is descr ibed in the foll owing figur e and table. 8-Pin DI N Ethe rnet Po rt Pin out Pin Sign al Nam e 1 T ransm it Data plus ( TD+) 2 T ransm it Data minus (TD-) 3 Receive Data plu s (RD+[...]
-
Seite 284
B-6 8-P IN DIN TO RJ-45 C ABLE W IRING T o construct an ex tended Ethernet cab le to connect fr om the power inject or’ s RJ-4 5 Output port to t he wireles s bridge’ s 8-pin D IN conn ector , fo llow the wiring diagr am below . Us e C ategory 5 or better UTP or STP c able, maximum len gth 100 m (328 ft), a nd be su re to conne ct all fo ur wir[...]
-
Seite 285
Glossary-1 G LOSSARY 10BASE-T IEEE 802. 3 sp eci f icat i on for 10 M bps Et he rnet over tw o pairs of Cat eg ory 3 or bet ter UT P cable . 100BASE- TX IEEE 802.3u spe cificat ion for 100 Mbps Fast Ether net over two pairs of Categ ory 5 or better UTP cable. Access Point An inter netwo rking device that seamle ssly connec ts wired and wirel ess ne[...]
-
Seite 286
Glossary-2 Broadcast Key Broadca st key s are se nt to station s us ing 802. 1X dy namic key ing. Dyna mic bro ad cas t key rotation is often us ed t o al low th e ac cess po i nt to ge ne rate a ran do m group ke y and per i od ically update all key -mana geme nt capable w i r el es s cl i ents. CSMA/CA Carrier Sense Mul tiple Access with Collisio[...]
-
Seite 287
Glossary-3 IEEE 802.11 b A wireless s tandard th at supp or ts wirel e ss comm unicat i ons in the 2.4 G Hz ba nd usi ng Di r ect Sequence S pre ad Spectrum (DSS S). The standar d pr ov ides for data rat es of 1, 2, 5.5, and 1 1 Mbps. IEEE 802.11 g A wireless s tandard that supp orts wirele ss c ommun ications in the 2.4 G H z ba nd using us ing Or[...]
-
Seite 288
Glossary-4 RADIUS A logon auth entica tion proto col that us es software ru nning on a c entral ser ver to co ntrol acce ss to the netw ork . Roaming A wireles s LAN m obile us er mov es aroun d an E SS and maintains a continu ous conn ection to the infrastr u cture network. RTS Threshold T rans mitter s cont ending f or th e mediu m may n ot be aw[...]
-
Seite 289
Glossary-5 network ser vi ce s. Al l the s erv i ces are del i ve re d usi ng a single rad io cha nne l, enabli ng Virtual AP technolo gy to op tim i ze t he use o f limited WLAN ra dio sp ectrum . Virtua l LA N (VLAN) A Virtual LAN is a collection of networ k node s that shar e the sam e collision doma in regardles s of their phys ical loca tion o[...]
-
Seite 290
Glossary-6[...]
-
Seite 291
Index-7 I NDEX Numbers 802.11g 6-11 2 A AES 5-58 authentication 5-10 cipher suite 6- 141 closed sy stem 6-127 conf igur ing 5-1 0 MAC ad dres s 5-12, 6-79 type 4- 9, 5-50, 6-127 web r edire ct 5-1 4, 6-22 B beac on interval 5-42, 6- 121 rate 5-42, 6-122 BOO TP 6-107, 6-1 08 BPDU 5-31 C cable assign ments B-1 crossover B-4 straight-thr ough B-3 chan[...]
-
Seite 292
Index-8 H hard ware ve rs ion , di spla yi ng 6-2 7 HTTP , secure server 6-21 HTTPS 6-2 1 I IAPP 6-153 IEEE 80 2.11a 1-2, 5-37, 6-112 configuring inte rface 5-38, 6-1 12 maximum data rate 6- 115 radio chan nel 6-1 16 IEEE 80 2.11b 5-37 IEEE 80 2.11f 6-1 53 IEEE 80 2.11g 5-37 configuring inte rface 5-43, 6-1 12 maximum data rate 6- 115 radio chan ne[...]
-
Seite 293
Index-9 configuring 4-6 SSL 6-21 ST A interface setting s 6-103 to ?? path cost 6-1 03 port priority 6-104 startup files, setti ng 6-6 1 station s tatus 5-61, 6-133 status displa y ing devi ce status 5-60, 6-26 displa ying station status 5-61, 6-133 straight-thr ough cable B-3 system c lock, setting 5-3 5, 6- 39 system l og enabl ing 5-3 3, 6-33 se[...]