SMC Networks SMC2552W-G2-17 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones SMC Networks SMC2552W-G2-17. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica SMC Networks SMC2552W-G2-17 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual SMC Networks SMC2552W-G2-17 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales SMC Networks SMC2552W-G2-17, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones SMC Networks SMC2552W-G2-17 debe contener:
- información acerca de las especificaciones técnicas del dispositivo SMC Networks SMC2552W-G2-17
- nombre de fabricante y año de fabricación del dispositivo SMC Networks SMC2552W-G2-17
- condiciones de uso, configuración y mantenimiento del dispositivo SMC Networks SMC2552W-G2-17
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de SMC Networks SMC2552W-G2-17 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de SMC Networks SMC2552W-G2-17 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico SMC Networks en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de SMC Networks SMC2552W-G2-17, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo SMC Networks SMC2552W-G2-17, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual SMC Networks SMC2552W-G2-17. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    [...]

  • Página 2

    38 T esla Irvine, CA 92618 Phone: (9 49) 679-8000 EliteConnec t ™ SM C2552W -G2 2.4G Hz Wire less Acce ss Poi nt The eas y way to mak e all yo ur network connections May 2006 Revisi on Num b er: R01 F4.3.2.2 B0 2[...]

  • Página 3

    Copyright Informati on furni shed by SMC Networks, I nc. (SMC) is believed to be accura te and re liable. However , no responsibility is assumed by SMC for its u se, nor for any infringements of p atents or other rights of third parties which may result from its use. No license is granted by implicati on or ot herwise und er any patent or patent r [...]

  • Página 4

    i C OMPLIA NCES Federal Communica tion Commission Interference St ateme nt This equipment has been tested and found to c omply with the limits for a Class B digital device, pursuant to Part 15 of th e FCC Rules. These limits are designed to provide reasonable pr otection against harmf ul interference in a residential installation. T his equipment g[...]

  • Página 5

    C OMP LIANCE S ii aux appareils numériques de Classe B prescr ites dans la norme sur le matérial brouilleur: “Appareils Numériques,” NMB-003 édictée par l’Industrie. Jap an VCCI Class B Australia /New Zealand AS/NZS 4771 EC Conformance Declaration Markin g by the above s y mbo l indicates c omplianc e with the Ess ential Requi rement s o[...]

  • Página 6

    C OMPL IA NCES iii • This de vice will automati cally limi t the allo wable channel s determine d by the c urrent cou ntry of operation . Incorrectly ent ering the country of oper ation may resu lt in i llega l opera tion and may cause h armful inter ference to other systems. The user is obl igated to ensure the device is operating according to t[...]

  • Página 7

    C OMP LIANCE S iv Declaration of Conformity in Language s of the European Community English Hereby, SMC, d eclares that this Radio LA N device is in compliance with the es sential requirements and other relevant provisions of Directive 1999/5/EC. Finnish Valmistaja SMC vakuuttaa tä ten että Radio LAN device tyypp inen laite on direktiivin 1999/5/[...]

  • Página 8

    C OMPL IA NCES v Safety Compliance Power Cor d Safety Please read the following safety information carefully before installing the access point: W ARNING: Installation and removal of the unit must be c arried out by qualified personnel only . • The unit must be connected to an earthed (grounded) outlet to comply with international safety standard[...]

  • Página 9

    C OMP LIANCE S vi Important! Before making connections, make sure you have the correct cord set. Check it (read the label on the cable) against the following: Powe r Cord S et U.S.A. and Canada The cord set must be UL-approved and CSA certified. The minimum specifications for the flexible cord are: - No. 18 AWG - not longer than 2 m eters, or 16 AW[...]

  • Página 10

    C OMPL IA NCES vii Veuillez l ire à fond l'informati on de la sécurité sui vante avant d'installe r le acce ss poin t: A VERTISS EMENT : L ’installation et la dépose de ce groupe doivent être confiés à un personnel qualifié. • Ne branchez pas votre appareil sur une prise secteur (alimentation électrique) lorsqu'il n&apos[...]

  • Página 11

    C OMP LIANCE S viii Bitte unbedin gt vor dem Einbauen de s Access Point die folg enden Sicherheitsa nweisungen durchle sen (Germany) : W ARNUNG: Die Installation und der Ausbau des Geräts darf nur durch Fachpersonal erfolgen. • Das Gerät sollte nicht an ei ne ungeerdete Wechselstromst eckdose angeschlossen werden. • Das Gerät muß an eine ge[...]

  • Página 12

    C OMPL IA NCES ix Stromkabe l . Dies muss von dem Land, in dem e s benutzt wird geprüft w erden: U.S.A und Kanada Der Cord muß das UL gepruft und war das CSA beglaubigt. Das Minimum spezifikation fur der Cord sind: - Nu. 18 AWG - nicht m ehr als 2 meter, oder 16 AWG . - Der ty p SV oder SJ - 3-Leiter Der Cord muß haben eine strombelastbarkeit au[...]

  • Página 13

    C OMP LIANCE S x[...]

  • Página 14

    xi Table of Contents Chapter 1: Introduction 1-1 Packag e Checklist 1-2 Hardware Description 1-2 Component Description 1-3 Feat ures and Be nefits 1-5 System Default s 1-6 Chap ter 2: Hard ware In stal l atio n 2-1 Chap ter 3: Ext erna l Ante nnas 3-1 Install ation Procedures 3-1 Chapter 4: Network Co nfiguration 4-1 Network Topologies 4-2 Ad Hoc W[...]

  • Página 15

    xii Contents VLAN 6-19 WDS Settings 6-21 AP Managem ent 6-27 Administ ration 6-28 System L og 6-32 SNMP 6-36 Configu ring SNMP and Tra p Message Param eters 6-37 Configu ring SNMPv3 Users 6-42 Configu ring SNMPv3 Trap Filters 6-44 Configu ring SNMPv3 Targ ets 6-46 Radi o Inte rfac e 6-48 Security 6-63 Status In formation 6-83 Acce ss Poi nt Statu s[...]

  • Página 16

    xiii Contents countr y 7-12 prompt 7-1 4 system nam e 7-14 username 7-15 password 7-1 5 ip ssh-serv er enable 7-16 ip ssh-server port 7-16 ip telnet-serv er enable 7-17 ip http port 7-17 ip http server 7-18 ip https po rt 7-18 ip https server 7-19 web-redirec t 7-20 APmgmtIP 7-21 APm gmtU I 7-22 show ap magement 7-22 show s ystem 7-23 show v ersion[...]

  • Página 17

    xiv Contents snmp-se rver host 7-43 snmp -serve r trap 7-44 snmp-se rver engine-id 7-4 6 snmp-se rver user 7-46 snmp-server targ ets 7-48 snmp -serve r filter 7-49 snmp-serve r filter-assig nments 7-50 show s nmp gr oups 7-50 show s nmp users 7-51 show s nmp group -assignments 7-51 show s nmp target 7-52 show snm p filter 7-52 show s nmp filte r-as[...]

  • Página 18

    xv Contents Filt ering Co mmands 7-73 filter loc al-bridge 7-73 filter ap-m anage 7-74 filter upli nk enable 7-7 4 filter upli nk 7-75 filter ethe rnet-type enab le 7-75 filter ethe rnet-type proto col 7-76 show fi lters 7-7 7 WDS Brid ge Commands 7-77 bridge rol e (WDS) 7-7 8 bridge-link parent 7-78 bridge-lin k child 7-79 bridge dy namic-entry ag[...]

  • Página 19

    xvi Contents beacon-in terval 7-10 1 dtim-perio d 7-102 fragmenta tion-length 7 -102 rts-thresho ld 7-103 super-g 7 -104 descripti on 7-104 ssid 7 -105 closed-s ystem 7-105 max -associ atio n 7-106 assoc-ti meout-interva l 7-106 auth-time out-value 7-10 7 shutdow n 7-107 show in terface wireles s 7-108 show s tation 7-10 9 Rogue AP Detection Com ma[...]

  • Página 20

    xvii Contents wmm 7-131 wmm-ac knowle dge-policy 7 -131 wmmp aram 7-1 32 Appendix A: T r ouble s hooting A-1 Appendix B: Ca bles and Pinouts B-1 Twis ted-Pair Ca ble Assignmen ts B-1 10/100BASE-TX Pi n Assignments B-1 Straight-Thro ugh Wiring B-2 Crossover Wiri ng B- 3 Cons ole Port Pin Assignments B-3 Wiring Ma p for Serial Cabl e B-4 Appendi x C:[...]

  • Página 21

    xviii Contents[...]

  • Página 22

    1-1 Chapter 1: Introd uction The 2.4 GHz Wir eless Acce ss Point is an IEEE 8 02.1 1 b/g access point that provides transparent , wireles s high-s peed da ta commu nications between the w ired LAN and fixed or mobi le device s equipped wi th an 802.1 1b, or 802 .1 1g wireless adapter . This solution of fers fast, reli able wireless connectiv ity wi[...]

  • Página 23

    Introduction 1-2 1 Package Checklist The 2.4 GH z Wirele ss Access Po int package includ es: • One 2.4 GHz W ireless Acce ss Point • O ne Cate gory 5 networ k cable • O ne RS-23 2 consol e cable • O ne AC power adapter and power cord • F our rubbe r feet • U ser Guide CD Inform y our dealer if the re are any incor rect, miss ing or dama[...]

  • Página 24

    Hardware Desc ription 1-3 1 Rear Panel Component Descript ion Antennas The access point includ es integrat ed diversity antennas fo r wireless comm unications . A diver sity antenna system us es two iden tical anten nas to recei ve and tran smit signals , helping to avoi d multipath fading effects. When rece iving, the access po int checks both ant[...]

  • Página 25

    Introduction 1-4 1 Security Slot The access point includ es a Kensingt on security s lot on the rear panel. Y ou can prevent una uthorize d removal of the access point by wrap ping the Kens ington sec urit y cable (not pr ovided) aro und an unm ovable o bject, i nser ting th e lock in to the slot, and turnin g the key . Console Port This port is us[...]

  • Página 26

    Features and Bene fits 1-5 1 Reset Button This button is used to r e set the access point o r res tore the fa ctory defaul t configur ation. If you hol d down the button for less t han 5 second s, the acces s point will perfor m a hardware reset. If you hold down the bu tton for 5 secon ds or more, any conf iguration c hanges yo u may hav e made ar[...]

  • Página 27

    Introduction 1-6 1 System Defaults The follow ing table lists some of the access point ’s basic system def aults. To reset the acce ss point defau lts, use the CLI command “reset confi guration” fro m the Exec lev el pr omp t. T able 1-1. System Defaults Feature P aramet er Default Identificat ion System Name SMC Admi nistr ation User N ame a[...]

  • Página 28

    System Defaults 1-7 1 MAC Auth entication MAC Disabled Authen tication Se ssion Timeout 0 minutes (disabled ) Local M AC System Defa ult Allowed Local M AC Permis sion Allowe d 802.1X A uthenticat ion Status Dis abled Broadc ast Key Re fresh 0 minutes (disabled ) Session Key Refr esh 0 minu tes (disab led) Reauth entication Refresh R ate 0 second s[...]

  • Página 29

    Introduction 1-8 1 System L ogging S yslog Disab led Loggi ng Host Disa bled Logging Console Disab led IP Addr ess / H ost Name 0.0.0.0 Loggi ng Level Infor mat i onal Loggi ng Faci lity T ype 16 System C lock SNTP S erver Stat us Enabled SNTP S erver 1 IP 13 7.92.140. 80 SNTP S erver 2 IP 19 2.43.244. 18 Date an d Time 00:00, Ja n 1, 1970 (when th[...]

  • Página 30

    System Defaults 1-9 1 Wireless I nterface 802.1 1 b/g (cont d.) Antenn a ID 0x0000 Antenn a Location Indoor Wireless S ecurity 802.1 1 b/g Authen tication Type Op en System Data En cryption Disabled WEP Key Length 128 bi ts WEP K ey Type Hexadeci mal WEP Trans mit Key N umber 1 WEP Key s n ull WP A Configur ation Mod e WE P Only (D isabled) WP A Ke[...]

  • Página 31

    Introduction 1-10 1[...]

  • Página 32

    2-1 Chapte r 2: Hard ware Install a tion 1. Select a Site – Cho ose a proper place fo r the access point . In general, the best location is at the c enter of y our wireles s covera ge area, wi thin line of sight of al l wir eless de vices. Tr y to plac e the acces s poin t i n a po sitio n that ca n best c over it s Basi c Servi ce Set (refer to [...]

  • Página 33

    Hard ware Ins tallat i on 2-2 2 3. Connect th e Pow e r C or d – C onnect the power adap ter to the acces s point, and the po wer cord to an AC po wer outlet. Othe rwise, the acc ess point can der ive it s operat ing po wer dire ctl y from the RJ-45 port when co nnected to a device that provide s IEEE 802.3af compliant Power over Ethernet (PoE ).[...]

  • Página 34

    3-1 Chapter 3: Exte rnal Ant en nas The SMC2 552W-G2 pr ovides a va riety of ex ternal an tenna option s for extend ing the radio rang e and shaping the coverge ar ea. Thes e antennas offer a nu mber of different mou nting locatio ns, includi ng indoor or outdo or , wall, ceil ing, or radio ma st. This chap ter shows you how to install an exte rnal[...]

  • Página 35

    External Antennas 3-2 3 • Omnidirectional Antenn as - Consid er these factors when selecting a location for these ante nnas: • Always moun t the antenna i n a vertical ori entation so that the radio coverag e pattern fills t he intended horizontal space. • For optimum coverage, mou nt the anten na at the cent er of the area with a line-of-s i[...]

  • Página 36

    Installati on Procedures 3-3 3 T o connect pigta il cables to the ac cess point , follow thes e steps: 1. Di sable the acces s point radio using the web brow ser interfac e, CLI, or SNM P . 2. Rem ove power to the acces s point. 3. Rem ove both of the access poi nt’s antennas by unscrewing them at their bas e. 4. For di versity ant ennas, conne c[...]

  • Página 37

    External Antennas 3-4 3 5. Rec onnect po wer to the acc ess point. Note: Before enabling the radio with an external antenna attached, be sure to first configure the acces s point’s antenna mode.[...]

  • Página 38

    4-1 Chapter 4: Netwo rk Con figuration Wireles s networks su pport a stand- alone config uration as w ell as an integra ted configur ation with 10/100 Mbps Etherne t LANs. The 2.4 GHz Wireles s Access Point also provi des repeat er and bridgin g services t hat can be conf igured indep endently on 2.4 GHz radio int erfaces. Acce ss point s can be de[...]

  • Página 39

    Network Configur ation 4-2 4 Network Topologies Ad Hoc Wirele ss LAN (no Access Point) An ad hoc w ireless LAN cons ists of a group of com puters, each equipped w ith a wireless adapter , connected via radio sign als as an inde pendent wir eless LAN . Comput ers in a specif ic ad hoc wire less LAN mus t therefore be configure d to the same ra dio c[...]

  • Página 40

    Network T opo logies 4-3 4 Infrastr ucture Wireless LAN The a ccess po int also provid es acces s to a wi red LAN fo r wir eless work stat ions. An integrated wired/wirel ess LAN is cal led an Infrastr ucture confi guration. A Basi c Service Set (BSS) consi sts of a group of wireless PC users, and an access point that is directly co nnected to the [...]

  • Página 41

    Network Configur ation 4-4 4 Infrastr ucture Wireless LAN for Roaming Wireless PCs The B asic Servi ce Set ( BSS) define s the commun ications d omain for each ac cess point and i t s associate d wireless clien ts. The BSS ID is a 48 -bit binary num ber based on the access po int’s wireless M AC address , and is set au tomatically an d transparen[...]

  • Página 42

    Network T opo logies 4-5 4 Infrastr ucture Wireless Bridge The IEEE 802 .1 1 s t andard defines a W Ireless Distribution Sy stem (WDS) for bridge connect ions betwee n BSS areas (acc ess poin t s ). The access point uses W DS to forwar d traffic on links betw een units. The access point suppo rts WDS bridge link s on th e 2.4 GHz (802.1 1b/g) band [...]

  • Página 43

    Network Configur ation 4-6 4 Infrastr ucture Wireless Repeater The access point can al so operate in a br idge “repeat er” mode to ex tend the ran ge of links to wir eless clien t s. The ac cess point uses WDS to for ward traffic betwe en the repeat er bridge an d the root bridge. The access poi nt supports up to six WDS repeat er links. In rep[...]

  • Página 44

    5-1 Chapter 5: Init ial Configuration The 2.4 GH z Wireless Ac cess Point offers a vari ety of manage ment option s, includin g a web-bas ed interface , a direct conn ection to the console port, T elne t, Secure Shell (SSH), or using SNMP s oft ware. The initia l conf igurati on ste ps ca n be made through the we b brows er i nte rface or CLI. The [...]

  • Página 45

    Initial C onfiguratio n 5-2 5 Note: When using Hy perTerminal with Micros oft ® Windows ® 2000, make sure t hat you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s V T100 emulation. See www.microsoft.com for information on Windows 2000 service pa[...]

  • Página 46

    Logging In 5-3 5 After configu ring the acce ss point’s IP param eters, you can acces s the mana gement interface f rom anywhe re within the at tached networ k. The comma nd line inter face can also be accessed using T elnet from any comput er attached to th e network. Setting the Country Code – Units sold in the Un ited S tates are configure d[...]

  • Página 47

    Initial C onfiguratio n 5-4 5 The hom e page displays the Ma in Menu .[...]

  • Página 48

    6-1 Chapter 6: System Co nfigur ation Before cont inuing wi th advance d configur ation, first co mplete the ini tial configu ration steps descr ibed in Chap ter 4 to set up an I P address for the acces s point. The access point can be m anaged b y any comput er using a web br owser (Int ernet Explorer 5. 0 or above, or N etscape Naviga tor 6.2 or [...]

  • Página 49

    System Configurati on 6-2 6 Advanced Configuration The Adv anced Config uration pages in clude the fol lowing optio ns. T able 6- 2. Menu Menu Desc ription Page System Configur es bas ic administ rative and client acc ess 6-3 Identificat ion S pecifies th e host nam e 6-3 TCP / IP S ettings Configures t he IP add ress, subn et mask, g ateway , and [...]

  • Página 50

    Advanced Configur ation 6-3 6 System Identification The syste m name for th e access poin t can be left at its default set ting. Howev er , modi fying t his p aramet er ca n help you to m ore easil y distin guish di ffer ent device s in your n etwork. System Name – An ali as for th e access po int, enab ling th e device t o be unique ly identifie[...]

  • Página 51

    System Configurati on 6-4 6 CLI Comma nds for Sy stem Iden tific ation – Ente r the gl obal co nfigur ation mod e, and use the sy st em nam e comman d to specif y a new system name. Then r eturn to the Exec mode , and use th e s how system command to display th e changes to t h e system identificati on settings . Enterprise AP#config Enterprise A[...]

  • Página 52

    Advanced Configur ation 6-5 6 TCP / IP Se ttings Configu ring the acc ess poi nt with an I P address expands yo ur ability to m anage the access po int. A number of access point features depend on IP addr essing to operat e. Note: You can use the web browser interface to access IP addressing only if the access point already has an IP address that i[...]

  • Página 53

    System Configurati on 6-6 6 • S ubnet Mas k: The mask tha t identifies t he host addr ess bits use d for routing to specific subnets . • D efault G ateway: Th e defau lt gatewa y is the I P addres s of the router for the acce ss point, w hich is u sed if the request ed desti nation addr ess is no t on the local sub net. If you have m anagem ent[...]

  • Página 54

    Advanced Configur ation 6-7 6 RADIUS Remote Authenticati on Dial-in User Service (RADIUS ) is an authen tication protoc ol that uses so ftware runni ng on a centra l server to cont rol access to RADIUS -aware devices on the networ k. An authenti cation serve r contains a databas e of user credent ials for each user that requires access to the netwo[...]

  • Página 55

    System Configurati on 6-8 6[...]

  • Página 56

    Advanced Configur ation 6-9 6 MAC A ddress Format – MAC a ddresse s can be spec ified in one of four fo rmats, using no d elimeter , with a sing le dash delimet er , with mul tiple dash de limeters , and with multip le c olon delimeters. VLAN ID Fo rmat – A VLAN ID (a num ber between 1 a nd 4094) ca n be assigned to each clien t after successfu[...]

  • Página 57

    System Configurati on 6-10 6 CLI Commands for RADIUS – From the global co nfigurati on mode, use the radius-server address com mand to sp ecify the address of the pr imary or secondar y RA DIUS ser vers. ( The follow ing exa mple co nfigures the set tings for the primary RADIUS server .) Configure th e other pa rameters for the RADIUS server . Th[...]

  • Página 58

    Advanced Configur ation 6-11 6 SSH Settings T e lnet is a remo te managem ent tool that c an be used to con figure the acc ess poin t from anyw here in the ne twork. Ho wever , T elnet is not secure f rom hostile at t acks. The Secure Shell (SSH) can ac t as a secure repla cement fo r T elnet. Th e SSH protocol uses generat ed public ke ys to encry[...]

  • Página 59

    System Configurati on 6-12 6 CLI Commands for SSH – T o enable the SSH serv er , use the ip ssh-serv er enabl e comm and from the CLI Ethernet inter face config uration mode . T o se t the SSH server U DP port, use the ip ssh-se rver port comman d. T o view the cu rrent set tings, use the sho w sys tem command fr om the CL I Exec mod e (not sho w[...]

  • Página 60

    Advanced Configur ation 6-13 6 MAC Authentication – Y ou can con figure a list of th e MAC addr esses for wirel ess clients that are au thorized to access the network. Thi s provide s a basic level of aut hentic ati on for wir eless cl ients att empting to gai n acces s to the ne twork . A database of au thorized M AC address es can be sto red lo[...]

  • Página 61

    System Configurati on 6-14 6 802.1X Su ppli ca nt – The ac cess poi nt can also oper ate in a 802.1X su pplicant mode . This enabl es the access p oint it self to b e authen ticate d with a RADI US serve r using a co nfigured MD5 user name and password. Th is prevents rogue acc ess points from ga ining acces s to the netwo rk. Note: Enabling Web [...]

  • Página 62

    Advanced Configur ation 6-15 6 CLI Commands for Local MAC Authentication – Use the ma c-authen tication serve r comm and from the global config uration mod e to enable loca l MAC authenti cation. Use th e mac-auth ent icat i on se ssion-tim eout command to set the authenti cation interv al, and web-r edirect comm and to ena ble web-bas ed authent[...]

  • Página 63

    System Configurati on 6-16 6 CLI Commands for RADIUS MAC Authentication – U se t he mac-authenti cation serve r comm and from the global config uration mod e to enable r emote MAC authenti cation. Set the timeout value for re-authentic ation using th e mac- aut h enticat i on sessi o n-time ou t comm and. Be sure to also config ure conne ction se[...]

  • Página 64

    Advanced Configur ation 6-17 6 Filter Control The access point can em ploy netwo rk traffic frame filt ering to control access to network resource s and in crease security . Y ou can pre vent com municat ions betwe en wireless clients and pre vent access point mana gement from wireless cl ients. Also, you can b lock specif ic Ethernet traf fic from[...]

  • Página 65

    System Configurati on 6-18 6 • M AC Address : Specifi es a MAC addr ess to filte r, in the form xx -xx-xx -xx-xx -xx. • P ermissio n: Adds or delet es a M AC addr ess fro m the f iltering t able. Ethernet T ype Fi lt er – Controls che cks on the E thernet type of all incomin g and outgoing Et hernet packe t s against the protocol filteri ng t[...]

  • Página 66

    Advanced Configur ation 6-19 6 VLAN The acc ess poi nt can employ VLAN taggi ng sup port to co ntrol a ccess to networ k resources and increase security . VLANs separa te traf fic passing betwe en the access po int, associ ated clients, and the w ired netw ork. There can be a VLAN assigne d to each asso ciated client, a de fault VLAN f or each V AP[...]

  • Página 67

    System Configurati on 6-20 6 When setting u p VLAN IDs fo r each user on the RADIUS server , be sure to u se the RADIUS attributes an d values as indicated in th e following table . VLAN IDs on the RADIUS server ca n be entered as hexadecim al digits or a string (see “radi us-server vl an-format ” on page 7-63 ). Note: The specific configuratio[...]

  • Página 68

    Advanced Configur ation 6-21 6 WDS Settings Each acces s point rad io interface can be configured to operate in a br idge or repeat er mode, which allows it to forw ard traffic direc tly to other acce ss point uni ts. T o set up bridge links betwe en access point units, you mu st configur e the wireless Distribu tion System (WDS) for warding table [...]

  • Página 69

    System Configurati on 6-22 6 • Br idge: Oper ates as a bridge to other acc ess points. The “Paren t” link to the root bridge mu st be confi gured. Up to five other ”Child ” links are ava ilable to other bridges. • Rep eater: Oper ates as a wir eless repea ter, extendin g the range fo r remote wireless clients and conn ecting them to the[...]

  • Página 70

    Advanced Configur ation 6-23 6 Sp anning T ree Pro tocol – STP uses a d istributed algor ithm to selec t a bridging device (S TP-compl iant switch , bridge or rou ter) that serves as the root of the spanning tre e network . It selects a root port on each bridg ing device (except for th e root d evice) w hich inc urs the lowest path cost when f or[...]

  • Página 71

    System Configurati on 6-24 6 designa ted ports. After de termining the lowes t cost spann ing tree , it enable s all root ports and de signated po rts, and disables al l other ports. Net work packets are the refore only f orwar ded betw een r oot po rts and de signa ted po rts, el iminat ing any possible networ k loops. Once a stable network top ol[...]

  • Página 72

    Advanced Configur ation 6-25 6 • Link P ath Cos t – This param eter is used b y the STP to determi ne the best path between devices . Therefore, lower values should be assigned to ports a ttached to faster m edia, and high er values ass igned to port s with slower m edia. (Path co st takes pr ecedence over port prio rity.) • Ran ge: 1-65535 ?[...]

  • Página 73

    System Configurati on 6-26 6 CLI Commands for STP Settings – I f the role of a radio i nterface is se t to Repeate r , Bridge or Roo t Bridge, STP can be enabled on t he access poi nt to maintain a valid network topology . T o globally ena ble STP , us e the bridge stp en able co mmand from the CLI configurati on mode. Th en configure t he other [...]

  • Página 74

    Advanced Configur ation 6-27 6 AP Management The Web, T e lnet, and SNMP m anageme nt interf aces are enabled and o pen to all IP address es by defa ult. T o p rovide more s ecurity for managemen t access to the access po int, specif ic interfaces can be disabl ed and manag ement rest ricted to a single IP ad dress or a lim ited range of IP address[...]

  • Página 75

    System Configurati on 6-28 6 CLI Comm ands for AP Man agement feat ures. Administration Chan g ing t h e Pass word Manage ment acces s to the web and CLI interf ace on the acce ss point is cont rolled throug h a single user na me and passwo rd. Y ou can al so gain addit ional acce ss security by using cont rol filters (see “Filter Contro l” on [...]

  • Página 76

    Advanced Configur ation 6-29 6 Upgrading Firm ware Y ou can up grade new ac cess poi nt software from a l ocal file on the manageme nt work stat ion, or from an FTP or T FTP serv er . New softwa re may be provi ded period ically from your distributo r . After upgrad ing new software, you must reb oot the acce ss point to implem ent the new code . U[...]

  • Página 77

    System Configurati on 6-30 6 Before up grading new s oftware, ver ify that t he acc ess point is con nected t o the net work and has bee n config ured wit h a compat ibl e IP ad dress and subn et mask. If you need t o download fr om an FTP or TFTP server , take the f ollowing add itional steps: • O btain the IP add ress of the FTP or TFTP se rver[...]

  • Página 78

    Advanced Configur ation 6-31 6 CLI Commands for Download ing Software from a TFTP Ser ve r – Use the cop y tf tp file command from the Exec mod e and then spec ify the file type , name, and IP address of the TFTP server . W hen the do wnload is c omplete , the dir comma nd can be used to check that the ne w file is prese nt in the acc ess point f[...]

  • Página 79

    System Configurati on 6-32 6 System Log The access point can be co nfigured to send event an d error messa ges to a System Log Ser ver . The syste m clock can a lso be s ynchroniz ed with a time s erver , so tha t all the message s sent to the Syslo g server are s t amped with t he cor rect time and date. Enabling Sy stem Logging The acce ss point [...]

  • Página 80

    Advanced Configur ation 6-33 6 Logging Level – Set s the mi nimum s everity level for ev ent lo ggin g. (Default: Info rmational) The syste m allows you t o limit the messa ges that ar e logged by spe cifying a mini mum sever it y leve l. The fol lowing t able l ist s the err or mes sage level s from the most se vere (Emerge ncy) to leas t severe[...]

  • Página 81

    System Configurati on 6-34 6 CLI Commands for System Log ging – T o enable logging on the ac cess poin t, use the logging on com mand from the global con figuration m ode. The logging lev el comm and sets the minim um level of mes sage to log. U se the logging co nso le comm and to e nable lo gging to the con sole. U se the logging host c ommand [...]

  • Página 82

    Advanced Configur ation 6-35 6 Note: The access point also allows you t o disable SNTP and set the system clock manually. Set Time Zone – S NTP us es Coor dinated Universal T im e (or UT C, form erly Greenw ich Mean Time, or GMT) based on the time at the Earth’s prime me ridian, zero degr ees longitude . T o disp lay a time corresp onding to yo[...]

  • Página 83

    System Configurati on 6-36 6 CLI Comm ands for the Sy stem Clock – The following exa mple sh ows how to manu ally s et t he sy stem ti me when SNT P ser ver suppor t is dis abled o n the ac cess point. SNMP Simp le Networ k Manage ment Pr otoco l ( SNMP) i s a communic ation pr otoco l designe d specifical ly for manag ing device s on a network. [...]

  • Página 84

    SNMP 6-37 6 Configuring SNMP and T rap Message Parameters The access point SNMP agent must be en abled to fun ction (for vers ions 1, 2c, and 3 clients). Mana gement acc ess usin g SNMP v1 and v2c also requires commu nity strings t o be configure d for authen tication. Trap notificati ons can be en abled and sent to up t o four manageme nt st ation[...]

  • Página 85

    System Configurati on 6-38 6 Commu ni ty N am e ( Rea d/Write) – Defi n es the SNMP community access s t ring t h at has read/ write access . Authorized managem ent stations are a ble to both retriev e and modif y MIB objects. (Max imum lengt h: 23 charac ters, case sen sitive; Default: priv ate) T rap Destination (1 to 4 ) – En ables recipien [...]

  • Página 86

    SNMP 6-39 6 T ra p C on figuratio n – Allows selection of speci fic SNMP notificat ion s to s end. The following i tems are av ailable: • sy sSystemUp - The access point is up and runn ing. • sy sSystemDo wn - The acces s point is abou t to shutdow n and reboo t. • sy sRadiusS erverCh anged - The a ccess point has change d from the prim ary[...]

  • Página 87

    System Configurati on 6-40 6 • do t11StationA uthenticat eFail - A client stati on has tried and fai led to authentic ate to the netwo rk. • Enable All Traps - Click th e butto n to enable a ll t h e availab le traps. • Disable All Traps - Click the but ton to d isable all t he avai lable t raps. CLI Commands for SNMP and T r ap Co nfiguratio[...]

  • Página 88

    SNMP 6-41 6 T o view the current SNMP sett ing s, us e the show snm p command. Enterprise AP#show snmp 7-54 SNMP Information ========================================= ===== Service State : Enable Community (ro) : ***** Community (rw) : ***** Location : WC-19 Contact : Paul EngineId :80:00:07:e5:80:00:00:2e:62:00 :00:00:18 EngineBoots:1 Trap Destina[...]

  • Página 89

    System Configurati on 6-42 6 Configuring SNMPv3 Users The access point allows up to 10 SNMP v3 users to be conf igured. Each us er must be defined by a uni que name, assigned to one of three pre-defin ed security gro ups, and config ured with spe cific authe ntication an d encryp tion settings. User – The SNMPv 3 user name. (3 2 characte rs maxim[...]

  • Página 90

    SNMP 6-43 6 CLI Commands for Configuring SNMPv3 Users – Us e the snmp - ser ve r engine- id comm and to define the SN MP v3 eng ine before ass igning use rs to groups. Use the snmp-s erver user co mmand to as sign users to one of the three gr oups and set the appropr iate authent ication and encryptio n types to be us ed. T o view the current SNM[...]

  • Página 91

    System Configurati on 6-44 6 Configuring SNMPv3 T rap Filters SNMP v3 users can be c onfigure d to rece ive no tification m essages from the access point. An SNM P T arget ID is cre ated that spec ifies the SNM P v3 user , IP address, and UDP po rt. A user-def ined notific ation filter can b e created so that specific notificat ions can be prev ent[...]

  • Página 92

    SNMP 6-45 6 Note: Only the Ne w Filter page allows the Filter ID to be configured. Filter ID – A us er-d efined name t hat id enti fies t he fil ter . (Ma ximum leng th: 32 charact ers) Subt ree OID – Sp ecifies MIB su btre e to be fil tered . Th e MIB subtr ee mu st be defined in the form “.1.3 .6.1” and alwa ys start with a “.”. Filte[...]

  • Página 93

    System Configurati on 6-46 6 Configuring SNMP v3 T arget s An SNMP v3 notification T arget ID is specified b y the SNMP v3 use r , IP address, and UDP po rt. A user-def ined filter ca n also be assign ed to specif ic targets to limit the notific ations receive d to specif ic MIB objects. (Not e that the filter must first be configur ed. see “Conf[...]

  • Página 94

    SNMP 6-47 6 Ta r g e t I D – A user-defined name that ident ifies a receiver of no tifications . The access po int suppor t s up to 10 targe t IDs. (Maxi mum length : 32 charact ers) IP Addr ess – S peci fies t he IP ad dress o f the r eceivin g manage ment st atio n. UDP Port – The UDP por t that is used on th e receiving m anagemen t statio[...]

  • Página 95

    System Configurati on 6-48 6 Radio Interface The IEEE 802.1 1b/g inter face include s configur ation options f or radio sign al charact eristics an d wireless security featu res. The IEEE 802.1 1g standard operates with in the 2.4 GHz ba nd at up to 54 M bps. Also note that becau se t he IEEE 802.1 1 g standard is an e xtension of the IEEE 802.1 1b[...]

  • Página 96

    Radio Interface 6-49 6 Radio C hannel – The radio cha nnel that the access point uses to com municate w ith wireless clients. Wh en multip le access points are deployed i n the sam e area, s et the channel on neighbor ing access po ints at least five cha nnels apart to avo id interfere nce with ea ch other. For example , in the Uni ted S tates yo[...]

  • Página 97

    System Configurati on 6-50 6 Maximum S tation Dat a Rate – The maximum data rate at which the a ccess point transm its unicast pack ets on the wireles s interface . The maximu m transmi ssion distance is affected by the data ra te. The lowe r the data rate, the longer the transmi ssion distance . (Default: 54 M bps) Maximum Associate d Clients ?[...]

  • Página 98

    Radio Interface 6-51 6 Super G – The Atheros pr oprietary Super G performanc e enhancem ents are suppo rted by the ac cess point. Th ese enhan cements inclu de bursting, compr ession, fast frames and dynamic turbo. M aximum th roughpu t ranges be tween 40 to 60 Mb ps for connections to Atheros- compatible clients . (Default: Dis abled) Radi o Mod[...]

  • Página 99

    System Configurati on 6-52 6 Fragme ntation Le ngth – Con fig ure s the mi nimum p acket s ize tha t ca n be fra gmented when pass ing thr ough th e acces s poi nt. Fr agmentat ion of t he PDUs (Packag e Data Unit ) can increa se the reliab ility of transm issions be cause it increa ses the proba bility of a succ essful trans mission d ue to smal[...]

  • Página 100

    Radio Interface 6-53 6 CLI Commands for Radi o Sett i n g s – Fr om the global co nfigurati on mode, enter the interfa ce wirele ss g command to access the 802.1 1g radio int erface. From the 802.1 1g inter face mode , you can acces s radio set tings that apply to all V AP interfaces . Use the turbo comm and to enabl e this fe ature be fore set t[...]

  • Página 101

    System Configurati on 6-54 6 Configuring VAP Ra dio Settings T o configure V AP radi o settings, sel ect the Radi o Settings page. Default VLAN ID – The VLAN ID as signed to wi reless clients as sociated to the V AP interface t hat are not assign ed to a spec ific VLAN by RAD IUS serve r configurati on. (Default : 1) Closed Sy st em – W hen ena[...]

  • Página 102

    Radio Interface 6-55 6 WP A2 PMKSA Life Time – WP A2 prov ides fast roa ming for authen ticated clien ts by retaining ke ys an d other s ecurity se ttings in a cach e for e ach V AP . In this w ay , when clients roam back into a V A P they had pr eviously bee n using, re-au thentica tion is not required . When a W P A2 clien t is first authent ic[...]

  • Página 103

    System Configurati on 6-56 6 Rogue AP – A “rogu e AP” is either an acc ess poin t that is not author ized to participate in th e wireless net work, or an access p oint that doe s not have t he correct security configur ation. Rogu e APs c an allow u nauthori zed acce ss to the network, o r fool client stations into mistaken ly assoc iating wi[...]

  • Página 104

    Radio Interface 6-57 6 rogue-ap scan c ommand. T o view th e database o f detect ed acce ss points, u se the show r ogue-ap comman d from the E xec level. Configuring Wi -Fi Multimedia Wireles s networks offer a n equal oppor tunity for all dev ices to trans mit data from any typ e of applica tion. Alth ough this is acceptable for most app lication[...]

  • Página 105

    System Configurati on 6-58 6 WMM Operat ion — WMM use s traffic priority bas ed on the four ACs; V oice, V i deo, Best Effort, and Back ground. The higher the AC priority , t he higher the pr obability that data is transm itted. When the access point forwards tra ffic, WMM adds da ta packets to four independ ent transmi t queues , one for each AC[...]

  • Página 106

    Radio Interface 6-59 6 Figure 6-1. WMM Backoff Wait Times For high-p riority traffic, the AIFSN an d CW value s are smaller . The smaller values equate to l ess backoff and wa it time, and th erefore mor e transmit opp ortunitie s. T o confi gur e WMM, select the R adio Set tin gs pa ge, and scr oll down t o the WMM configur ation setting s. AIFS R[...]

  • Página 107

    System Configurati on 6-60 6 WMM – Sets the WMM operational mode on the ac cess point . When enabl ed, the parameter s for each AC queu e will be empl oyed on the acc ess point an d QoS capabilities ar e advertis ed to WMM-e nabled clien ts. (Default: Sup port) • D isable: WMM is disabled. • S upport: WM M will be used for any assoc iated dev[...]

  • Página 108

    Radio Interface 6-61 6 CLI Commands for WMM – Enter inte rface wireless mo de and type wmm requ ired for clients that want to associa te with the ac cess point . The wmm-acknowledge-policy comma nd is use d to enable or disable a policy for e ach access ca tegory . The wmmpa rms c ommand defines detaile d WMM paramet e rs. T o view the current 80[...]

  • Página 109

    System Configurati on 6-62 6 Securit y The access point is con figured by def ault as an “ope n system, ” which broad casts a beacon si gnal includin g the config ured SSID. W ireless clien t s with an SSID setting of “a ny” can re ad the SSI D from t he beacon an d automat icall y set their SSI D to allow im mediate conn ection to the near[...]

  • Página 110

    Radio Interface 6-63 6 • Wi-F i Pr otecte d Acces s (WPA o r WPA2 )page 6- 73 Bot h WEP and WP A secu rity se ttings are conf igurab le sep arate ly f or e ach virt ual access po int (V AP) interfac e. MAC addre ss filtering, an d RADIUS se rver settin gs are global and apply to all V AP interfa ces. The sec urity me chanisms that m ay be employe[...]

  • Página 111

    System Configurati on 6-64 6 Note: You must enable data encryption through the web or CLI in order to enable all types of encryption (WEP, TKIP, or AES) in the access point. The ac cess poin t can simul tane ously sup port cli ents us ing vari ous dif fer ent secur ity mech anisms. The conf igurat ion f or th ese sec urity c ombina tions are outl i[...]

  • Página 112

    Radio Interface 6-65 6 802.1x W P A onl y Inte rface Deta il Settings : Authentica tion: WPA Encryption : Enable WP A Clie nts: Re quired Cipher Suite: TKI P 802.1x: Re quired Set 802.1x key refre sh and rea uthenticat ion rates Local only Y es WP A P re-Shared Key only Interfac e Detail S ettings: Authentica tion: WPA-PSK Encryption : Enable WP A [...]

  • Página 113

    System Configurati on 6-66 6 Note: If you choose to configure RADIUS MA C authentication together wit h 802.1X, the RADIUS MAC addres s authentication occurs prior to 802.1X aut hentication. Only when RADIUS MAC authentication succeeds is 802.1X authentication performed. When RADIUS MAC authentication fails, 802.1X authentication is not performed. [...]

  • Página 114

    Radio Interface 6-67 6 Before enab ling the radi o service for any V AP , first config ure the WEP , WP A, and 802.1X se curity setti ngs describ ed in the followi ng section s. After you have f inished configur ing the se curity setti ngs, return to the ma in Security page s hown b elow , start the required V A P interfaces by cl icking the Ena bl[...]

  • Página 115

    System Configurati on 6-68 6 Enable – Enable s radio comm unications on the V AP i nterface. (D efault: Disabled ) Note: You must first enable VAP interface 0 before you can enable ot her VAP interfaces. SSID – The na me of the bas ic servic e set prov ided by a V AP int erface. Cl ient s that want to conn e ct t o the network through the acces[...]

  • Página 116

    Radio Interface 6-69 6 • Al phanumer ic: Enter keys as 5 alphanum eric charact ers for 64 bit key s, 13 alphanu meric chara cters for 128 bi t keys, or 16 al phanumer ic character s for 152 bit keys . Key Numb er – Selects the ke y numbe r to use for en cryption for each V AP interface. If th e client s have all four keys co nfigur ed to the sa[...]

  • Página 117

    System Configurati on 6-70 6 Note: To use 802. 1X on wireless cl ients requi res a network card driver and 802.1X client software that supports the EAP authentication type t hat you want to use. Windows 2000 S P3 or later and Windows XP provide 802.1X client support. Windows XP also provides native W PA suppor t. Other systems require additional cl[...]

  • Página 118

    Radio Interface 6-71 6 Enterprise AP(config)#interface wireless g 7-88 Enter Wireless configuration commands, on e per line. Enterprise AP(if-wireless g)#key 1 128 as cii abcdeabcdeabc 7-117 Enterprise AP(if-wireless g)#vap 0 7-95 Enterprise AP(if-wireless g: VAP[0])#no 8 02.1X 7-65 Enterprise AP(if-wireless g: VAP[0])#auth entication shared 7-117 [...]

  • Página 119

    System Configurati on 6-72 6 ----------------Security----------------- ------------------------------- Closed System : Disable d Multicast cipher : WEP Unicast cipher : TKIP an d AES WPA clients : DISABLE D WPA Key Mgmt Mode : PRE SHA RED KEY WPA PSK Key Type : PASSPHR ASE WPA PSK Key : EMPTY PMKSA Lifetime : 720 min utes Encryption : DISABLE D Def[...]

  • Página 120

    Radio Interface 6-73 6 CLI Comm ands for WEP ov er 802.1X Security – Use th e vap comma nd to acces s each V AP interface to confi gure the sec urity setting s. First set 802.1X to required using the 80 2.1x comm and and set t he 802.1X key refresh r ates. Then, us e the aut hentica tion c omman d to select open sys tem authe ntication an d the e[...]

  • Página 121

    System Configurati on 6-74 6 WP A Pre-Shar ed Ke y Mode (WP A-PSK, WP A2-PSK): F or enterprise de ployment, WP A requires a R ADIUS authenticati on server to be co nfigured o n the wired network . However, for small office networ ks that may not have the reso urces to configur e and maintain a RA DIUS ser ver , WP A pro vides a simp le operati ng m[...]

  • Página 122

    Radio Interface 6-75 6 the cipher used for broadc ast frames i s always TKIP. W EP encryption i s not allowed. • Key Caching : WPA 2 provides f ast roaming for authenti cated client s by retainin g keys and other s ecurity in formation i n a cach e, so that if a client roams aw ay from an access point and t hen returns, re-authe ntication is n ot[...]

  • Página 123

    System Configurati on 6-76 6 T o configure WP A, cli ck Security und er Radio A or Rad io G . Se lect one of the V AP interfaces by clicking Mor e. Select one of th e WP A opt ions in the Authe ntication Setup table, and then config ure the paramet ers displaye d beneath the table. The WP A configur atio n par ameter s are de scribe d belo w: Encr [...]

  • Página 124

    Radio Interface 6-77 6 • W PA: Clients usin g WPA ove r 802.1X are acc epted for au thentication . • W PA-PSK: Clients using WPA with a Pre-shared Key are accepted for authenti cation. • W PA2: Clients us ing WPA2 ove r 802.1X are acce pted for authe ntication. • WPA2-PS K: Clients using WPA2 with a Pre-shared Key a re accepted for authenti[...]

  • Página 125

    System Configurati on 6-78 6 CLI Commands for WP A Using Pre-shar ed Key Security – Be su re to first disabl e 802.1X port authenticat ion using the 802.1X comman d from the config uration mode . Then, from the 802.1 1g inte rface config uration mod e, use the vap command to acc ess e ach V AP i nte rface t o confi gur e other s ecuri ty sett ing[...]

  • Página 126

    Radio Interface 6-79 6 CLI Commands for WP A Over 80 2.1X Se curity – First se t 802.1X to requ ired using the 802.1X comm and and set th e 802.1X key re fresh rates. The n 802.1 1g inte rface configur ation m ode, use the vap com mand to acces s each V AP interface to configur e other secur ity settings . From the V AP inter face configura tion [...]

  • Página 127

    System Configurati on 6-80 6 Open the Sec urity page, and c lick More for one of the V AP int erfaces. Y ou can en able 802.1X as optional ly supported or as require d to enhance t he secu rity of th e wirele ss networ k. (Defa ult : Disa ble) • D isable: The access po int does n ot support 80 2.1X authe ntication for any wirel ess client. A fter[...]

  • Página 128

    Radio Interface 6-81 6 • 802.1X Reauthentication Refre sh Rate: The time p e riod after which a co nnected client mus t be re-auth enticated. D uring the re- authenticati on process of verifying the clien t’s credential s on the RADI US server , the client rema ins conne cted the network . Only if re-aut hentica tion fails is net work acc ess b[...]

  • Página 129

    System Configurati on 6-82 6 Status Information The S tatus page includes information on the following i tems: Access Point St atus The AP St a tus window displays b asic system c onfigurati on settings, as well as the settings for the wireless interface. Menu Descri ption Page AP Statu s Displays configur ation settin gs for the basic sys tem and [...]

  • Página 130

    Status Information 6-83 6 AP S yste m Confi gurati on – The AP Syst em Config uratio n table dis plays th e basic system configurat ion setting s: • Sys tem Up Tim e: Length of tim e the manag ement agen t has been up. • MAC Ad dress: T he phys ical la yer addr ess fo r thi s devi ce. • Syste m Name: N ame assi gned to this sy stem. • Sys[...]

  • Página 131

    System Configurati on 6-84 6 CLI Comm ands for Displ aying System Settings – T o view the current ac cess point system settings, use the show syst em command from t h e Exec mo de. T o view the current ra dio interface settings, us e the show in terf ace wireless g 0 co mmand (see page 7-108 ). Enterprise AP#show system 7-23 System Information ==[...]

  • Página 132

    Status Information 6-85 6 St a tion S t atus The S tation S tatus w indow show s the wireless clients currently as sociated w ith the access po int. The S tation Configurat ion page display s basic conn ection infor mation for al l associa ted stations as described be low . Note th at this page is autom atically refreshe d every five seconds. • S[...]

  • Página 133

    System Configurati on 6-86 6 shared- key app roach uses Wired Equivalent Privacy (W EP) to ver ify client identity by distribu ting a share d key to statio ns before atte mpting auth enticatio n. • A ssociated: Shows if t he station ha s been suc cessfully a ssociate d with the a ccess point. Onc e authenti cation is com pleted, statio ns can ass[...]

  • Página 134

    Status Information 6-87 6 CLI Comm ands fo r Displaying Station S tatus – T o view status of clients curren tly associa ted with the ac cess point, us e the show station c ommand from th e Exec mode. Enterprise AP#show station 7-109 Station Table Information ========================================= ================== if-wireless G VAP [0] : 802.[...]

  • Página 135

    System Configurati on 6-88 6 Event Logs The E vent Logs window shows the log messages genera ted by t he acce ss point and stored in memo ry . The E vent Logs table disp lays the follow ing inform ation: • Lo g Time: The ti me the log mes sage was gen erated. • E vent Level: Th e logging leve l associated with this mess age. For a desc ription [...]

  • Página 136

    Status Information 6-89 6 CLI Commands for Displayi ng Ev en t Logs – T o view the access point log en tries, use the show event-lo g command f rom the Exec mode. T o clear all log entr ies from the acces s point, use t he logging clear comm and from th e Global Conf iguration mode. Enterprise AP#show event-log 7-33 Mar 09 11:57:55 Information: 8[...]

  • Página 137

    System Configurati on 6-90 6[...]

  • Página 138

    7-1 Chapter 7: Command Line Interf ace Using the Command Line Interface Acces sing the CLI When acc essing the managemen t interface for the over a dire ct connec tion to the console port, or via a T elnet con nection, the access poin t can be ma naged by entering command ke ywords an d parameters at the prompt . Using the ac cess point’s comm an[...]

  • Página 139

    Command Line In terface 7-2 7 If your cor porate netw ork is conne cted to anothe r network outside your office or to the Int ernet, you need to apply for a register ed IP ad dress. However, if you a re attached to an isolated net work, then yo u can use any IP address th at matches t he network segment to w hich you are a ttached. After you conf i[...]

  • Página 140

    Entering Comman ds 7-3 7 Command Com pletion If you termi nate input wi th a T ab key , th e CLI will print the remaini ng characte rs of a partial keyw ord up to the poi nt of ambiguity . In the “configure” example, ty ping con followed by a tab will res ult in pri n ting t h e command u p to “ configure .” Getting He lp on Command s Y ou [...]

  • Página 141

    Command Line In terface 7-4 7 Partial Keyword L ookup If you termi nate a partial keyw ord with a ques tion mark, alternatives that match th e initial lette rs are provide d. (Remem ber not to leav e a space betwe en the comman d and quest ion mark.) For example “ s? ” shows all the keyw ords starting wi th “s.” Negating the Effect of Comma[...]

  • Página 142

    Entering Comman ds 7-5 7 Exec Comm ands When yo u open a n ew cons ole session on an a ccess poin t, the syst em enter s Exec comm and mode. Only a limi ted num ber of the co mmand s are avai lable in th is mode. Y ou can ac cess all ot her commands only from the configur ation mode. T o ac cess Exec mod e, open a new console sess ion with the use [...]

  • Página 143

    Command Line In terface 7-6 7 Command Li ne Processing Comma nds are not ca se sensiti ve. Y ou can ab breviate commands and parameters as long as they contain enoug h letters to diff e rentiate th em from any ot her curre ntly availabl e comman ds or paramete rs. Y ou can use the T ab key to co mplete partial comm ands, or en ter a partial c omman[...]

  • Página 144

    General Commands 7-7 7 The access mode sho wn in the follow ing tables is indicat ed by these ab breviation s: Exec (Executive Mode ), GC (Globa l Config uration), IC-E (Interface-Eth ernet Conf igurat ion), IC-W (In terface-W ireless Con figuration) , and IC-W-V AP (Interfac e-Wireless V AP Con figuratio n). General Commands SNMP Configures commun[...]

  • Página 145

    Command Line In terface 7-8 7 configure This c ommand activates Global C onfigu ration mo de. Y ou must e nter this mode to modify mo st of the settings o n the a ccess po int. Y ou must also enter Global Configu ration mode prior to enabli ng the contex t modes for Int erface Conf iguration. See “Usin g the Comma nd Line Interfa ce” on page 1.[...]

  • Página 146

    General Commands 7-9 7 Example This examp le shows ho w to return to the Ex ec mode fro m the Interfac e Configu ration mode , and then quit the CLI session : ping This comm and sends ICMP echo request packets to an other node on the network . Syntax ping < host _name | ip_a ddress > • host_na me - Alias of th e host. • ip_addres s - IP a[...]

  • Página 147

    Command Line In terface 7-10 7 reset This comm and restarts the sy stem or rest ores the fac tory default se ttings. Syntax reset < bo ard | c onfiguration > • board - Rebo ots the system . • co nfi gur ation - Rese ts the configura tion se ttings to the fac tory def aults, and then r eboots the s ystem. Default Sett in g None Command Mod[...]

  • Página 148

    System Management C ommands 7-11 7 show lin e This comm and displ ays the conso le port’s configur ation setting s. Command Mode Exec Example The consol e port setting s are fixed at t he values sho wn below . System Management Co mmands Thes e comma nds ar e used t o conf igure the u ser name , pass word, s ystem l ogs , browser manageme nt opti[...]

  • Página 149

    Command Line In terface 7-12 7 country This comm and conf igures the acc ess point’s count ry code, whi ch identifies the coun try of oper atio n and set s the aut horize d radio ch annels. Syntax country < countr y_cod e > country_code - A two character code that identifies the cou ntry of operation. See the following table for a full list[...]

  • Página 150

    System Management C ommands 7-13 7 Default Sett in g US - for units so ld in the Un ited S tates 99 (no coun try set) - for uni t s sold in ot her countrie s Command Mode Exec Belarus BY Gree ce GR M alta M T Syria SY Belgium BE G uatemala GT Mexico MX T aiw an TW Hondura s HN Mona co MC Tha iland TH Belize BZ Hong Kong HK M orocco MA Trinidad &[...]

  • Página 151

    Command Line In terface 7-14 7 Command Usage • If y ou purcha sed an acc ess point out side of the U nited States , the count ry code mus t be set befo re radio functi ons are enabl ed. • The availabl e Country C ode sett ings can be d isplayed by using th e country ? comm and. Example prompt Thi s command custom izes the CL I prompt . Use t he[...]

  • Página 152

    System Management C ommands 7-15 7 Command Mode Global Co nfiguration Example username Thi s command confi gures t he us er name for ma nagem ent acc ess. Syntax usernam e < name > name - The name of the user . (Length: 3-16 characters, case sensitive) Default Sett in g admin Command Mode Global Co nfiguration Example passwo r d After initial[...]

  • Página 153

    Command Line In terface 7-16 7 ip ssh-se r ver enable This comm and enable s the Secure She ll server . Use the no form to di sable th e serv er . Syntax ip ssh- server e nable no ip ssh-s erver Default Sett in g Interface en abled Command Mode Interface C onfigurat ion (Ethernet ) Command Usage • The access poi nt supports Se cure Shel l version[...]

  • Página 154

    System Management C ommands 7-17 7 ip telnet-se rver enable This comm and enable s the T e lnet serve r . U se the no form to disable t he server . Syntax ip te lnet-s erver ena ble no i p t eln et-ser ver Default Sett in g Interface en abled Command Mode Interface C onfigurat ion (Ethernet ) Example ip http port This comm and specif ies the TCP po[...]

  • Página 155

    Command Line In terface 7-18 7 ip http serv er This c ommand allows t his devic e to b e mon itored or configured from a brows er . Us e the no form to d isabl e this function. Syntax ip http server no ip http server Default Sett in g Enabled Command Mode Global Co nfiguration Example Related Commands ip htt p port (7-18 ) ip https port Use this c [...]

  • Página 156

    System Management C ommands 7-19 7 Example ip https se rver Use this com mand to ena ble the secu re hypertext trans fer protocol (HTTPS) over the Secur e Socket Laye r (SSL), pro viding sec ure access (i .e., an encr ypted connect ion) to the acc ess point’s Web inter face. Use the no form to d isable this func tion . Syntax ip htt p s server no[...]

  • Página 157

    Command Line In terface 7-20 7 web-red irect Use this command to ena ble web-b ased authen tication of cl ients. Use the no form to disabl e this function . Syntax [ no ] we b-redirect Default Sett in g Disabled Command Mode Global Co nfiguration Command Usage • The w eb redirect feature is use d to support billing for a publ ic access wireless n[...]

  • Página 158

    System Management C ommands 7-21 7 APmgmtIP This comm and specif ies the clien t IP addresses that are allow ed manage ment access t o the access po int through va rious prot ocols. Cauti on: Secure Web (HT TPS) connections are not affected by the UI Management or IP Management set tings. Syntax APmgmtIP < multiple IP _address sub net_mask | sin[...]

  • Página 159

    Command Line In terface 7-22 7 APmgmtUI This comm and enabl es and disab les manage ment acce ss to the acce ss point through SN MP , T elnet and we b interfaces . Cauti on: Secure Web (HTT PS) connections are not affected by the UI Management or IP Management set tings. Syntax APmgmtUI < [ SNMP | Te l n e t | Web ] enabl e | disable > • SN[...]

  • Página 160

    System Management C ommands 7-23 7 show sy stem Thi s command dis plays basi c system conf igurat ion setti ngs. Default Sett in g None Command Mode Exec Example Enterprise AP#show system System Information System Information ========================================= ===================== Serial Number : System Up time : 0 days, 1 hours, 34 minutes[...]

  • Página 161

    Command Line In terface 7-24 7 show ve rsion This com mand disp lays the softw are vers ion for the sys tem. Command Mode Exec Example show co nfig This c ommand displays detailed c onfigurati on info rmation for the sy stem. Command Mode Exec Example Enterprise AP#show version Version Information ========================================= Software [...]

  • Página 162

    System Management C ommands 7-25 7 Hardware Version Information ========================================= == Hardware version R01A ========================================= == Ethernet Interface Information ======================================== IP Address : 192.168.0.151 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.0.1 Primary DNS : 210[...]

  • Página 163

    Command Line In terface 7-26 7 Logging Information ========================================= ============ Syslog State : Disabled Logging Console State : Disabled Logging Level : Informationa l Logging Facility Type : 16 Servers 1: 0.0.0.0 , UDP Port: 514, St ate: Disabled 2: 0.0.0.0 , UDP Port: 514, St ate: Disabled 3: 0.0.0.0 , UDP Port: 514, St [...]

  • Página 164

    System Management C ommands 7-27 7 dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot 11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSu[...]

  • Página 165

    Command Line In terface 7-28 7 show hard ware Thi s command di spla ys the har dwar e versio n of the syst em. Command Mode Exec Example System Logging Comman ds Thes e command s are us ed to confi gure syst em loggin g on the acc ess poi nt. SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLED WEB Redirect : DISABLED DHCP Relay : DISA[...]

  • Página 166

    System Logging C ommands 7-29 7 logging on This comm and contro ls logging of error messag es; i.e., sen ding debug or error message s to me mory . The no form disable s the loggin g process. Syntax [ no ] logging on Default Sett in g Disabled Command Mode Global Co nfiguration Command Usage The lo gging pro cess co ntrols er ror mes sages s aved t[...]

  • Página 167

    Command Line In terface 7-30 7 Example logging co nsole This comm and initia tes logging of error messag es to the cons ole. Use the no form to d isable loggi ng t o the co nsole. Syntax logging conso le no logging console Default Sett in g Disabled Command Mode Global Co nfiguration Example logging lev el This comm and sets the min imum sever ity [...]

  • Página 168

    System Logging C ommands 7-31 7 Command Usage Messag es sent includ e the select ed level down to Emergency l evel. Example logging fac ility-type This comm and sets the fa cility type for r emote loggi ng of syslog messages. Syntax logging facility-type < type> type - A number t hat indicates the facility used by t he syslog server to dispat[...]

  • Página 169

    Command Line In terface 7-32 7 Command Usage The comm and spec ifies the facility ty pe tag sent in syslog m essages . (See RFC 3164. ) This type has no effect on the kind of m essages reported by the acce ss point. Howeve r , it may be use d by the sysl og server to so rt mes sages or to store me ssages in the c orresp onding da tabase. Example lo[...]

  • Página 170

    Syst em Cl ock C omma nds 7-33 7 show ev ent-log This comm and displ ays log mess ages stored in the acces s point’s memory . Syntax show event-l og Command Mode Exec Example System Clock Command s Thes e comma nds are used to config ure SNTP and system c lock s ettings on the access po int. Enterprise AP#show event-log Mar 09 11:57:55 Informatio[...]

  • Página 171

    Command Line In terface 7-34 7 sntp-ser ver ip This comm and sets the IP addr ess of the se rvers to which SN TP time reques ts are issued. U se the this com mand with no argumen t s to clear all time serve rs from the current l ist. Syntax sntp -server ip < 1 | 2 > < ip> • 1 - Firs t time s e rver. • 2 - Second time server. • ip [...]

  • Página 172

    Syst em Cl ock C omma nds 7-35 7 Command Mode Global Co nfiguration Command Usage The time ac quired from time server s is used to recor d accurate da tes and times for log ev ents. Without SNTP , the acces s point only re cords the time starting fr om the factory d efault s et at the last b ootup (i.e ., 00:14: 00, Ja nuary 1, 19 70). Example Rela[...]

  • Página 173

    Command Line In terface 7-36 7 sntp-ser ver dayl ight-s avi ng This comm and sets the start an d end dates fo r daylight sa vings time. Use the no form to disa ble daylight savings tim e. Syntax sntp-server daylight-saving no sntp-serv er daylight-saving Default Sett in g Disabled Command Mode Global Co nfiguration Command Usage The comm and sets t[...]

  • Página 174

    Syst em Cl ock C omma nds 7-37 7 Command Usage This c ommand sets the loc al time zone r elative t o the C oordinated Univer sal T ime (UT C, for merly Greenw ich Mean Ti me or GMT), based on th e earth’ s prime m eridian, zero de grees lon gitude. T o d isplay a time correspon ding to your l ocal time , you m ust indicat e the nu mber o f hours [...]

  • Página 175

    Command Line In terface 7-38 7 DHCP Relay Commands Dynami c Host Configur ation Protoc ol (DHCP) can dy namical ly allocate an IP addr ess and ot her confi gurati on infor mation t o netw ork cli ent s that br oadcast a request. T o receive the broadcast reque s t, the DHCP server would normally have to be on the same subnet as the client. Ho wever[...]

  • Página 176

    DHC P Relay Co mmands 7-39 7 dhcp-re lay This c ommand configur es the p rimary and se condary D HCP server a ddresse s. Syntax dhcp-relay < primary | seconda ry > < ip_addre ss > • primary - The primary DHCP server. • secondar y - The secon dary DHC P server. • ip_addres s - IP addres s of the server. Default Sett in g Pri mary a[...]

  • Página 177

    Command Line In terface 7-40 7 SNMP Command s Controls a ccess to thi s access po int from mana gement stati ons using the Si mple Network M anagemen t Protocol (S NMP), as well as the hosts that will receive trap messag es. T able 7-9. S NMP Comman ds Comman d Funct ion Mo de Page snmp -serve r co mmunit y Sets up the c ommunit y acces s stri ng t[...]

  • Página 178

    SNMP Commands 7-41 7 snmp- server com munity This comm and define s the comm unity acce ss string for th e Simple Networ k Manage ment Protoc ol. Use the no form to remo ve the speci fied co mmunity string. Syntax snmp-s erver commu nity strin g [ ro | rw ] no snmp-s erver communi t y st ring • strin g - Commu nity string th at acts like a pass w[...]

  • Página 179

    Command Line In terface 7-42 7 Command Mode Global Co nfiguration Example Related Commands snmp -server l ocatio n (7-43) snmp- server loc ation This comm and sets the sys tem loca tion string. Us e the no form to remove the location string. Syntax snmp-s erver location < text > no snmp-s erver location text - St ri ng that describes the syst[...]

  • Página 180

    SNMP Commands 7-43 7 Command Mode Global Co nfiguration Command Usage • Thi s comman d enable s both authen tication failu re notificatio ns and link-up-do wn notifi cations. •T h e snmp-s erver h o st command specifi es the host devic e that will receive SNMP notificatio ns. Example Related Commands snmp- server ho st (7-44) snmp- server hos t[...]

  • Página 181

    Command Line In terface 7-44 7 Command Usage The snmp- ser ver hos t comman d is us ed in c onj unctio n wi th t he snmp-s erver enabl e server com mand to enab le SNMP not ifications . Example Related Commands snmp- server enable server (7-4 3) snmp- server tr ap This comm and enable s the access po int to send spec ific SNMP traps (i.e., notifica[...]

  • Página 182

    SNMP Commands 7-45 7 - dot1xAuthFa il - A 802.1X c lien t s tation has failed RA DIUS authenti cation. - dot1xSupp Authenticate d - A supplicant station has bee n success fully authenticated by the RADIUS server - localMa cAddrAu thSucces s - A client stati on has succ essfully authenti cated its MAC address wi th the local da tabase on th e access[...]

  • Página 183

    Command Line In terface 7-46 7 snmp- server eng ine-id This command is u sed for SNMP v3 . It is u sed to unique ly identi fy the access p oint among all access points in the network. U se the no f orm to d elete the engine I D. Syntax snmp-s erver engine-id < e ngine-id > no sn mp-serve r engine-id engine-id - Enter engine-id in hexadecimal [...]

  • Página 184

    SNMP Commands 7-47 7 • The SNM P engi ne ID is used to compu te the a uthentic ation/privac y dige sts from th e pass ph rase. You s hould theref ore config ure the eng ine ID wit h the snmp-s er ver eng ine-id c ommand be fore using this c onfigurati on comm and. • The access poi nt enables SN MP v3 users to be assigne d to three pre-defi ned [...]

  • Página 185

    Command Line In terface 7-48 7 Example snmp- server tar gets This c ommand configur es SNM P v3 no tification targets. Use the no form to del ete an SNMP v3 target . Syntax snmp-s erver target s < t a rget -id > < ip-add r > < sec-nam e > [ version { 3 }] [ udp-port { port-number }] [ notification-type { TRAP }] no snmp-s erver ta[...]

  • Página 186

    SNMP Commands 7-49 7 snmp- server filte r This comm and confi gures SNMP v 3 notificati on filters. Use the no form to delete an SNMP v3 filter or remove a subtree from a filter . Syntax snmp-s erver filter < f ilter-id > < include | exclud e > < subtre e > [ mask { mask }] no snmp-s erver filter < fi lter-id > [ subtree ] ?[...]

  • Página 187

    Command Line In terface 7-50 7 snmp- server filte r-assignments This comm and assign s SNMP v3 notification fil ters to targets. Use the no form to remove an SNMP v3 filte r assign ment. Syntax snmp-s erver filter-ass i gnmen t s < t arg et-id > < filte r-id > no snmp-s erver filt er-ass ign ment s < target -id > • targ et-id - [...]

  • Página 188

    SNMP Commands 7-51 7 Example show sn mp users This c ommand displays the SNM P v3 u sers a nd setting s. Syntax show s nmp user s Command Mode Exec Example show sn mp group-assignme nts This comm and displ ays the SNMP v3 user group ass ignments. Syntax show s nmp group-assign ments Command Mode Exec Enterprise AP#show snmp groups GroupName :RO Sec[...]

  • Página 189

    Command Line In terface 7-52 7 Example show sn mp target This command dis plays the SNMP v3 notif ication target setti n gs. Syntax show snmp t arget Command Mode Exec Example show sn mp filter Thi s command displa ys the S NMP v3 no tific ation f ilter settin gs. Syntax show s nmp filter [ filter -id ] • filter-id - A us er-defined name that ide[...]

  • Página 190

    SNMP Commands 7-53 7 show sn mp filter-assignme nts This comm and displ ays the SNMP v3 notificatio n filter assign ments. Syntax show snmp fi lter-a ssignmen ts Command Mode Exec Example Enterprise AP#show snmp filter-assignment s HostID Filt erID mytraps trap filter Enterprise AP#[...]

  • Página 191

    Command Line In terface 7-54 7 show sn mp This comm and displ ays the SNMP co nfigurati on settings. Command Mode Exec Example Enterprise AP#show snmp SNMP Information ========================================= ===== Service State : Disable Community (ro) : ******** Community (rw) : ******** Location : R&D 2 Contact : David EngineId :80:00:07:e5[...]

  • Página 192

    Flash/File Comman ds 7-55 7 Flash/File Commands These c omman ds are u sed to mana ge the s ystem c ode or configurat ion file s. bootfile This comm and specif ies the imag e used to start up th e system. Syntax bootfile < filename > filename - Name of the i mage file. Default Sett in g None Command Mode Exec Command Usage • The file name s[...]

  • Página 193

    Command Line In terface 7-56 7 copy This comm and copies a boot file, co de image, or co nfiguration f ile between th e access po int’s flash memor y and a FTP/TF TP server . W hen you save t he configur ation setting s to a file on a FTP/TFT P server , that file can later be downloa ded to the a ccess po int to rest ore system operation . The su[...]

  • Página 194

    Flash/File Comman ds 7-57 7 The follow ing example sh ows how t o download a co nfiguratio n file: delete This comm and delete s a file or image . Syntax delete < filena me > filename - Name of the configurati on file or image name. Default Sett in g None Command Mode Exec Cauti on: Beware of deleting app lication images from flash memory. At[...]

  • Página 195

    Command Line In terface 7-58 7 dir This command dis p lays a list of files in fl a sh memory . Command Mode Exec Command Usage File info rmation is shown below: Example The follow ing example sh ows how t o display all fil e informatio n: show boo tfile Thi s command displa ys the n ame of the current operat ion code file tha t boot ed th e system [...]

  • Página 196

    RADIUS Client 7-59 7 RADIUS Client Remote Authenticati on Dial-in User Service (RADIUS ) is a logon authe ntication protoc ol that uses softwar e running on a central serve r to contro l access for RADIUS -aware dev ices to the net work. An au thentication server contains a database of cr edentials, such as users na mes and pass words, for each wir[...]

  • Página 197

    Command Line In terface 7-60 7 Command Mode Global Co nfiguration Example radius- server port This command set s the RADIUS server network port. Syntax radius-server [ secondar y ] por t < port _num ber> • secondar y - S econdar y ser ver. • port_n umber - R ADIUS server UD P port u sed fo r authenti cation mes sages. (Range: 1 024-655 35[...]

  • Página 198

    RADIUS Client 7-61 7 radius- server retransmi t This c ommand sets the number o f retrie s. Syntax radius-server [ secondar y ] retransmi t num ber_of_ret ries • secondar y - S econdar y ser ver. • number _of_retries - Number o f times t he access poi n t will try to authenti cate logon access via th e RADIUS se rver. (Ran ge: 1 - 30) Default S[...]

  • Página 199

    Command Line In terface 7-62 7 radius- server port-accountin g This comm and sets the RAD IUS Accou nting server network port. Syntax radius-server [ secondar y ] port-accoun ting < port _number> • secondar y - Secondary s erver. If s econdary is not specified, then the access po int assum es you are conf iguring the primary RA DIUS serve r[...]

  • Página 200

    RADIUS Client 7-63 7 Example radius- server radius-mac-fo r mat This comm and sets the f ormat for sp ecifying M AC address es on the RAD IUS server. Syntax radius-server radius- m ac -format < mu lti- colon | multi -dash | no-delimiter | single-da sh > • multi-colon - Ente r MAC address e s in t h e form x x:xx: x x:xx: x x:xx. • multi-d[...]

  • Página 201

    Command Line In terface 7-64 7 show radi us This comm and displ ays the curr ent settings for the RADIUS server . Default Sett in g None Command Mode Exec Example Enterprise AP#show radius Radius Server Information ======================================== Status : Disabled IP : 0.0.0.0 Port : 1812 Key : ***** Retransmit : 3 Timeout : 5 Accounting P[...]

  • Página 202

    802.1X Authentication 7-65 7 802.1X Authentication The access point suppo rts IEEE 802.1X access con trol for wireless clients. This contro l feature prevents una uthorized a ccess t o the net work by requiring an 802.1X client ap plication to su bmit user cr edentials for au thentica tion. Client au thenticat ion is then verifi ed by a RADIUS serv[...]

  • Página 203

    Command Line In terface 7-66 7 Command Mode Global Co nfiguration Command Usage • When 802. 1X is di sa bled , the a ccess point does no t suppo rt 802. 1X authenti cation for an y station. Afte r successf ul 802.11 ass ociation, each client is a llowed to acc e ss the network. • W hen 802.1 X is supported, the access po int support s 802.1X au[...]

  • Página 204

    802.1X Authentication 7-67 7 comm and specifie s the interval after which un icast sess ion keys are changed. • D ynamic broa dcast key rotation allo ws the acce ss point to gene rate a random group key and pe riodically up date all ke y-manage ment capab le wir eless cl ients. Example 802.1x s ession-key-refresh -rate This comm and sets the inte[...]

  • Página 205

    Command Line In terface 7-68 7 Command Mode Global Co nfiguration Example 802.1x-s upplicant enable This comm and enable s the access po int to operat e as an 802.1X su pplicant for authenti cation. Use th e no form to di sable 802 .1X auth enti cation of th e access point. Syntax 802.1x-su pplicant enable no 802.1x -supplicant Default Disabled Com[...]

  • Página 206

    802.1X Authentication 7-69 7 Command Mode Global Co nfiguration Command Usage The access point currently on ly supports EAP-MD 5 CHAP for 802. 1X supplicant authe ntication. Example show au thentication This co mmand sh ows all 80 2.1X authe ntication settings, as well as the addre ss filter table. Command Mode Exec Example Enterprise AP(config)#80[...]

  • Página 207

    Command Line In terface 7-70 7 MAC Address Authenticati on Use these commands to define MAC authentica tion on the acce ss point. Fo r local MAC au thentication , first define th e default filteri ng policy usin g the address filter default c ommand. Then enter the MAC addre sses to be filtered, indica ting if they are allowed or denied. For RA DIU[...]

  • Página 208

    MAC Address Authentication 7-71 7 Related Commands address filter entry (7-7 2) 802. 1x-sup plican t user (7- 69) addres s filter en try This comm and enters a MAC addre ss in the filter table. Syntax address f ilter entry < ma c-addre ss> < allowed | denie d > • mac-a ddress - Physi cal ad dress o f clien t. (Ent er six pairs o f he [...]

  • Página 209

    Command Line In terface 7-72 7 Command Mode Global Co nfiguration Example Related Commands 802. 1x-sup plican t user (7- 69) mac- auth entica tio n serve r Thi s command sets address filte ring to be perf ormed w it h lo cal or remot e optio ns. Use t he no form to disa ble MAC ad dress authe ntication . Syntax mac-au thenticati on server [ local |[...]

  • Página 210

    Filtering C ommands 7-73 7 Default 0 (disable d) Command Mode Global Co nfiguration Example Filtering Commands The com mands described in this s ection ar e used to filter co mmunicat ions betwe en wireless clients, control acc ess to the m anagem ent interface f rom wireles s clients, and filter tra ffic using specif ic Ethernet pr otocol types . [...]

  • Página 211

    Command Line In terface 7-74 7 Global Co nfiguration Command Usage This comm and can di sable wirele ss-to-wirel ess comm unications between cli ent s via th e acces s point. Howe ver , it doe s not af fect commu nicati ons between wireless cl ients and the wired net work. Example filter ap -manage This comm and prev ents wireless clients fro m acc[...]

  • Página 212

    Filtering C ommands 7-75 7 filter uplink This comm and adds o r deletes MAC addresses from the uplink filtering table. Syntax filter uplink < add | delete > MAC address MAC address - S pecifies a MAC address in the form xx-xx- xx-xx-xx-xx. A maximum of eight addresses can b e added to the filtering table. Default Disabled Command Mode Global [...]

  • Página 213

    Command Line In terface 7-76 7 Example Related Commands filter e thernet-type proto col (7-77) filter et hernet-type proto col Thi s command set s a f ilter for a sp ecifi c Ether net type. Use the no form to dis able filtering for a s pecific Ethern et type. Syntax fil ter et hernet -type p rotocol < protocol > no filter ethernet-t ype proto[...]

  • Página 214

    WDS Bridge Comman ds 7-77 7 show filte rs This comm and shows the filter option s and protoc ol entries in the filter table. Command Mode Exec Example WDS Bridge Commands The com mands describ ed in th is secti on are us ed to set the opera tion mode for each access point interface and configure WIre less Distrib ution System (WDS) forwar ding tabl[...]

  • Página 215

    Command Line In terface 7-78 7 bridge role (WDS) This comm and selects the b ridge ope ration mode for the radio inter face. Syntax bridge role < ap | repeater | bridge | r oot-bridge > • ap - O perates only as an access po int for wirele ss clients . • rep eat er - Oper ates as a wireles s repeater , extending th e range for rem ote wire[...]

  • Página 216

    WDS Bridge Comman ds 7-79 7 Default Sett in g None Command Mode Interfa ce Configurat ion (Wireles s) Command Usage Every brid ge (except th e root bridge) in the wireless br idge networ k must specify t he MAC add ress of the parent bridge th at is linked to the root brid ge, or th e root bri dge it self . Example bridge-link child This comm and c[...]

  • Página 217

    Command Line In terface 7-80 7 bridge dynamic -entry age-time This comm and sets the time f or aging out dyn amic entri es in the WDS for warding table. Syntax bridge dynam ic-entry age-time < seconds > seconds - The time to age out an address entry . (Range: 10-10000 seconds). Default Sett in g 300 secon ds Command Mode Global Co nfiguration[...]

  • Página 218

    WDS Bridge Comman ds 7-81 7 show bridg e filter-entry This comm and displ ays current entr ies in the WDS fo rwarding table . Command Mode Exec Example show bridg e link Thi s command displa ys WDS br idge l ink and sp anning tree se tting s fo r speci fied int erfa ces . Syntax sh ow br idge l ink < et hernet | wireless < g > [ index ]>[...]

  • Página 219

    Command Line In terface 7-82 7 Example Enterprise AP#show bridge link wireless a Interface Wireless A WDS Information ==================================== AP Role: Bridge Parent: 00-12-34-56-78-9a Child: Child 2: 00-08-12-34-56-de Child 3: 00-00-00-00-00-00 Child 4: 00-00-00-00-00-00 Child 5: 00-00-00-00-00-00 Child 6: 00-00-00-00-00-00 STAs: No WD[...]

  • Página 220

    Spanning Tree Commands 7-83 7 Spanning Tree Command s The comm ands des cribed in this se ction are used to set the MA C address table aging time a nd spanning tre e parameters for bo th the Etherne t and wireless int erfa ces . bridge stp enable This comm and enable s the S panning T r ee Protocol. Us e the no form to di sable t he S panning Tree [...]

  • Página 221

    Command Line In terface 7-84 7 bridge stp forwarding-d elay Use t his co mmand to co nfigur e the span ning tre e bridge forw ard time gl oball y for t he wir eless br idge . Use the no form to re store the defa ult. Syntax bridge stp forwa r ding -delay < secon ds > no bridge stp forw arding-delay seconds - T ime in seconds. (Range: 4 - 30 s[...]

  • Página 222

    Spanning Tree Commands 7-85 7 Example bridge stp max-age Use this command to con figure the spann ing tree br idge maxim um age glob ally for the wirel ess brid ge. Use the no f o rm to restor e the default . Syntax bridge stp m ax-age < seco nds > no bridge stp max - age seconds - T ime in seconds. (Range: 6-40 seconds) The minimum value i s[...]

  • Página 223

    Command Line In terface 7-86 7 Command Mode Global Co nfiguration Command Usage Bridge prior ity is used in sele cting the root de vice, root por t, and designa ted port. The de vice with the hi ghest priorit y becomes t he STP root device . Howeve r , if all devices ha ve the sam e priority , th e device with the lo west MA C address will then bec[...]

  • Página 224

    Spanning Tree Commands 7-87 7 Default Sett in g 128 Command Mode Interface Config uration Command Usage • Thi s comman d defines the pr iority for the us e of a port in the Span ning Tree Protoco l. If the path cost for all ports on a wire less bridge ar e the same, th e por t wi th the high est pri orit y (that is, lowest val ue) wil l be confi [...]

  • Página 225

    Command Line In terface 7-88 7 Ethernet Interface Comm ands The comm ands des cribed in this se ction confi gure connect ion parameter s for the Ethernet p ort and wireless interface. interfac e ethernet This comm and enters Ethernet int erface configu ration mode. Default Sett in g None Command Mode Global Co nfiguration Example T o specif y the 1[...]

  • Página 226

    Ethernet Interfac e Commands 7-89 7 dns se rver Thi s command specif ies th e ad dre ss fo r the prim ary or s econdar y domai n name ser ver to b e used f or name -to-ad dress re soluti on. Syntax dns p rimary-serve r < s erve r-addre ss> dns seco ndary-ser ver < se rver-addr ess> • pri mary-se rve r - Primar y server used for name r[...]

  • Página 227

    Command Line In terface 7-90 7 Command Mode Interface C onfigurat ion (Ethernet ) Command Usage • DHCP is enabled by default. To manually configure a new IP address, you must fi rst disable th e DHCP cl ie nt with the no ip dhcp com mand. • Y ou must ass ign an IP addr ess to this device to gain man agement ac cess over the ne twork or to conne[...]

  • Página 228

    Ethernet Interfac e Commands 7-91 7 • When you use this command, the access point will begin broadc asting DHCP client request s. The current IP ad d ress (i. e ., default or manually configur ed address) will continue t o be effective until a DHCP rep ly is rec eived. Requ ests wi ll be b roadcas t peri odicall y by t his devi ce in an effo rt t[...]

  • Página 229

    Command Line In terface 7-92 7 shutdown This comm and disabl es the Etherne t interface. T o restart a disa bled interfac e, use the no form. Syntax sh ut down no shutdown Default Sett in g Interface en abled Command Mode Interface C onfigurat ion (Ethernet ) Command Usage This comm and allows you to disable the Et hernet port du e to abnorma l beh[...]

  • Página 230

    Wireless Interface Comman ds 7-93 7 Example Wireless Interface Com mands The comm ands des cribed in this se ction confi gure connect ion parameter s for the wir eless in terfac es. Enterprise AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.2.2 Subnet Mask : 255.255.255.0 Defau[...]

  • Página 231

    Command Line In terface 7-94 7 beacon-in terval Con figures the rate at wh ich beaco n signals are transmit ted from th e access point IC-W 7-10 2 dtim-perio d Configures the rate a t which sta tions in sl eep mode must wa ke up to r eceive bro adcast/mu lticast transmis sions IC-W 7-10 3 fragmenta tion- leng th Con figures the minimum packet siz e[...]

  • Página 232

    Wireless Interface Comman ds 7-95 7 interfac e wireless This comm and enters wireless inter face configu ration mode . Syntax inte rfac e wireless < g > • g - 802.11 g radio interfa ce. Default Sett in g None Command Mode Global Co nfiguration Example T o spe cif y th e 802.1 1g i nterf ace, enter the follow ing command: vap This command pr[...]

  • Página 233

    Command Line In terface 7-96 7 speed This comm and conf igures the ma ximum data ra te at which the ac cess point transmi ts unicast packets. Syntax speed < s peed> speed - Maximum access speed allowed for wireless client s. (Options for 802.1 1b/g: 1, 2, 5.5, 6, 9, 1 1, 12, 18, 24, 36, 48, 54 Mbps) Default Sett in g 54 Mb ps Command Mode Int[...]

  • Página 234

    Wireless Interface Comman ds 7-97 7 chan nel This c ommand configur es the r adio cha nnel thr ough wh ich the access point comm unicates wi th wireless c lients. Syntax channel < c hannel | aut o > • channel - Manually se ts the radio ch annel use d for commun ications w ith wireless clients. (Ran ge for 802.1 1b/g: 1 to 11 ) • auto - Au[...]

  • Página 235

    Command Line In terface 7-98 7 Default Sett in g ful l Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • The “min” key word indica tes minimum power. • The longer the tra nsmission distance, the higher the transmission power required . But to support the m aximum num ber of users in an area, you must keep t he power as low [...]

  • Página 236

    Wireless Interface Comman ds 7-99 7 Example preamble This comm and sets the lengt h of the signal pr eamble that is used at the start of a 802.1 1b/g data tran smission. Syntax preamb le [ long | s hort ] • lon g - Sets the pr eamble to lo ng (192 micro seconds) . • short - Sets the preamble to short (96 microseconds). Default Sett in g Short-o[...]

  • Página 237

    Command Line In terface 7-100 7 to the acces s point LEDs) . Select this m ethod when usi ng an option al external antenna tha t is connected to the right anten na connec tor . Default Sett in g Diversity Command Mode Interfa ce Configurat ion (Wireles s) Command Usage The anten na ID must be se lected in conj unction wit h the antenna control meth[...]

  • Página 238

    Wireless Interface Comman ds 7-101 7 Example antenna lo cation This comm and selects the a ntenna m ounting loca tion for the radi o interface . Syntax antenna l ocation < indoor | out door > • indoor - The an tenna is mount ed indoors. • outdoor - The an tenna is mo unted outd oors. Default Sett in g Indoor Command Mode Interfa ce Config[...]

  • Página 239

    Command Line In terface 7-102 7 The bea con si gnals allo w wireles s clients to maintain c ontact with the ac cess point. The y may also carr y power-ma nagement information. Example dtim-per iod Thi s command co nfigur es the ra te at whic h st ations in sl eep mode m ust wake up to rece ive broadca st/multica st transm issions. Syntax dt im - pe[...]

  • Página 240

    Wireless Interface Comman ds 7-103 7 Syntax fragmentation-lengt h < length> length - Minimum packet size for which fragmentation i s allowed. (Range: 256-2346 bytes) Default Sett in g 2346 Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • If t he packet siz e is smaller than the prese t Fragment size , the packet will not b[...]

  • Página 241

    Command Line In terface 7-104 7 to 2347, t he acces s point ne ver send s RTS sign als. If set to any oth er value, and the pa cket size equ als or exceeds the RTS thresh old, the RTS/ CTS (Request to Send / Clear to Send) mechanism will b e enable d . • The access poi nt sends RT S frames to a recei ving station t o negotiate th e sending of a d[...]

  • Página 242

    Wireless Interface Comman ds 7-105 7 Default Sett in g None Command Mode Interface C onfiguratio n (Wireless- V AP) Example ssid This c ommand configures the ser vice set identifier (SSID). Syntax ssid < str ing > string - The name of a basic service set sup ported by the access point. (Range: 1 - 32 characters) Default Sett in g 802.1 1g R a[...]

  • Página 243

    Command Line In terface 7-106 7 Command Usage When closed system is enabled, the access point will not incl u de its SSID in beacon m essages. Nor will it respo nd to probe req uests from clien t s that do not includ e a fixed SSID. Example max-asso ciation This comm and conf igures the ma ximum nu mber of clients that can be asso ciated with the a[...]

  • Página 244

    Wireless Interface Comman ds 7-107 7 Command Mode Interface C onfiguratio n (Wireless- V AP) Example auth-timeou t-value This comm and config ures the time i nterval with in which clients m ust complet e authenti cation to the V AP interface. Syntax auth-timeout-value < minutes> minutes - The numb er of minutes before re-aut hentication. (Ran[...]

  • Página 245

    Command Line In terface 7-108 7 Example show inte rface wirele ss This comm and disp lays the status for the wireless i nterface. Syntax show i nterface wi reless < a | g > vap- id • g - 802.11 g radio interfa ce. • vap-id - Th e number that id en tifie s the VAP interface. (Options : 0~7) Command Mode Exec Example Enterprise AP(if-wirele[...]

  • Página 246

    Rogue AP Detection C ommands 7-109 7 show sta tion Thi s command sho ws the wire less clie nts as soci ated wit h the ac cess poin t. Command Mode Exec Example Rogue AP Detection Comm ands A “rogue AP ” is either an acce ss point that is no t authorized to participate in the wireless network, or an access po int that does n ot have the cor rect[...]

  • Página 247

    Command Line In terface 7-110 7 rogue-a p enable This comm and enable s the period ic detection of nearby acces s points. Use the no form to disa ble period ic detection. Syntax [no] rogue -ap enable Default Sett in g Disabled Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • W hile the acc ess poin t scans a c hannel for rogue A[...]

  • Página 248

    Rogue AP Detection C ommands 7-111 7 Example rogue-a p authent icate This comm and forces the unit to authen ticate all acc ess points on the net work. Us e the no form to disabl e this function. Syntax [ no ] rogue-ap authent i c ate Default Sett in g Disabled Command Mode Interfa ce Configurat ion (Wireles s) Command Usage Enabling au thentica ti[...]

  • Página 249

    Command Line In terface 7-112 7 Default Sett in g 350 millisec onds Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • D uring a scan, cl ient acce ss may b e disrupt ed and new clie nts may not be able to asso ciate to the ac cess poin t. If clients exp erience sev ere disruption , red uce the scan du ration t ime. • A long sca[...]

  • Página 250

    Rogue AP Detection C ommands 7-113 7 rogue-a p scan This comm and starts an immed iate scan f or access poi nts on the radio int erface. Default Sett in g Disabled Command Mode Interfa ce Configurat ion (Wireles s) Command Usage While the access point scans a channel for rogue APs, wireless client s will not be able to connect to the a ccess po int[...]

  • Página 251

    Command Line In terface 7-114 7 Wireless Security Comm ands The comm ands des cribed in this se ction conf igure parameter s for wireles s security on th e 802.1 1g int erf ace. auth Thi s command define s the 80 2.1 1 a uthe nticat ion typ e allowe d by the V AP int erface . Syntax auth < open-system | shared-key | wp a | wp a-psk | wpa2 | wp a[...]

  • Página 252

    Wireless Security Commands 7-115 7 • wp a 2-p sk - Clients usi ng WPA2 wit h a Pre-shared Key are accep ted for authenti cation. • wpa-wpa2-mixed - Clie nts using W PA or WPA2 are ac cepted for authenti cation. • wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Pre-shared Key are acc epted for au thenticatio n • required - Cl ients ar [...]

  • Página 253

    Command Line In terface 7-116 7 associ ation request to the acces s point. For mixed- mode op eration, the cipher use d for broadca st frames is al ways TKIP. WE P encryption i s not allowed. • The “required” op tion places the VA P into TKIP onl y mode. The “sup ported” option plac es the VAP into TKIP+AES+ WEP mod e. The “require d”[...]

  • Página 254

    Wireless Security Commands 7-117 7 Example Related Commands key (7 -1 1 8) key This comm and sets the key s used for WE P encryption. Use the no for m to del ete a configur ed key . Syntax key < inde x > < size > < type > < value > no key in dex • index - Key in dex. (Range : 1-4) • size - Key si ze. (Options: 64, 128, o[...]

  • Página 255

    Command Line In terface 7-118 7 matc h those co nfig ured in t he cli ents. Example Related Commands key (7 -1 1 8) encrypt ion (7-1 17 ) transmi t-key (7- 1 19 ) transmit-ke y This command set s the index of the key to be used for e ncrypt in g dat a frames for broadca st or multicas t traffic transmit ted from the V AP to wir eless clients. Synta[...]

  • Página 256

    Wireless Security Commands 7-119 7 ciph er-su ite This comm and define s the cipher al gorithm use d to encrypt th e global key for broadca st and multica st traffic when usin g Wi-Fi Protec ted Access (W P A) security . Syntax multicast- cipher < ae s-ccmp | tkip | wep > • aes-ccm p - Use AES-C CMP encry ption for the unica st and multica [...]

  • Página 257

    Command Line In terface 7-120 7 • AES -CCMP (Ad vanced Enc ryption Standard C ounter-Mode /CBCMAC Protocol): W PA2 is backward compatible with WPA, including the same 802.1X and PSK m odes of operation and support for TKIP encryp tion. The main enh anceme nt is its us e of AE S Counter- Mode enc ryption w ith Cipher Block Cha ining Messag e Authe[...]

  • Página 258

    Wireless Security Commands 7-121 7 Example wpa-pr e-shared-key This comm and define s a Wi-Fi Protec ted Access (WP A/ WP A2) pres hared-key . Syntax wpa-pre-shared- key < hex | passphra se-key > < value> • hex - Specif ies hexadec imal digits as the key input f ormat. • passph rase-key - Spe cifies an AS CII pass-ph rase string as [...]

  • Página 259

    Command Line In terface 7-122 7 Command Mode Interface C onfiguratio n (Wireless- V AP) Command Usage • W PA2 provides fa st roaming for authen ticated client s by retaining keys and other se curity informa tion in a cac he, so that if a client roams aw ay from a n access po int and then returns reauthe ntication is not required. • When a WPA2 [...]

  • Página 260

    Link Integri ty Commands 7-123 7 know n to be a lready auth entica ted, so it pr oceeds directl y to ke y exchan ge and assoc iation. • To s upport p re-authent ication, both clients and ac cess poi nts in the netw ork must be WP A2 enabled . • P re-authent ication req uires all acce ss points in the ne twork to be on the same IP subnet. Exampl[...]

  • Página 261

    Command Line In terface 7-124 7 link-int egrity pin g-detect This comm and enable s link integrity detection . Use the no form to disable lin k inte grity de tectio n. Syntax [ no ] link-integrity ping-detect Default Sett in g Disabled Command Mode Global Co nfiguration Command Usage • When li nk int egrity is enabl ed, the I P addr ess of a ho s[...]

  • Página 262

    Link Integri ty Commands 7-125 7 link-integrity ping-interval This c ommand configures the tim e betw een eac h Ping se nt to t he link h ost. Syntax li nk-in tegrit y ping- inte rval < in terval > interv al - The time between Pings. ( Range: 5 - 60 seconds) Default Sett in g 30 seco nds Command Mode Global Co nfiguration Example link-integri[...]

  • Página 263

    Command Line In terface 7-126 7 Command Mode Global Co nfiguration Example show lin k-integrity This comm and displ ays the current link integrity configura tion. Command Mode Exec Example Enterprise AP(config)#link-integrity ethe rnet-detect Notification : Ethernet Link Detect SUCCE SS - RADIO(S) ENABLED Enterprise AP(config)# Enterprise AP#show l[...]

  • Página 264

    IAPP Commands 7-127 7 IAPP Commands The comm and desc ribed in this sec tion enables the protoco l signaling req uired to ensure t he successf ul handover of wireless cl ients roaming bet ween different 802.1 1f-co mpliant a ccess points. In o ther words, th e 802.1 1f protoc ol can ensu re success ful roamin g between ac cess poi nts in a multi-ve[...]

  • Página 265

    Command Line In terface 7-128 7 VLAN Commands The access point can ena ble the supp ort of VLAN-tagge d traffic passing betw een wireless clients and the wired network. Up t o 64 VLAN IDs ca n be mappe d to specific wi reless clients, allowing user s to remain w ithin the same VLAN as th ey move ar ound a campus site. When VLAN is enabled on t he a[...]

  • Página 266

    VLAN Commands 7-129 7 • Tr affic enterin g the Ethernet por t must be tagg ed with a VLAN ID that matches the access point’s n ative VLAN ID, or with a VLAN ta g that match es one of the wi reless client s currently as sociated with the acce ss point. Example Related Commands management -vlanid (7 -130) managem ent-vlanid This c ommand configur[...]

  • Página 267

    Command Line In terface 7-130 7 Default Sett in g 1 Command Mode Interface C onfiguratio n (Wireless- V AP) Command Usage • To i mplement th e default VLAN ID s etting for VAP interf ace, the access point mus t enable VLAN support using the vl an comman d. • W hen VLANs are enabled , the access point tags fram es received from wir eless cl ient[...]

  • Página 268

    WMM Commands 7-131 7 wmm This comm and sets the WM M operati onal mode on the access po int. Use the no form to disa ble WMM . Syntax [ no ] wmm < s upported | required > • supported - WMM will be u sed for a ny assoc iated de vice that s upports t his feature. Devices t hat do not suppor t this fea ture may st ill assoc iate with t he acce[...]

  • Página 269

    Command Line In terface 7-132 7 interpreta bility with other wired network QoS polici es. While the fo ur ACs are specifie d for specif ic types of traffic , WMM allows the priority levels t o be conf igured to m atch any ne twork-w ide QoS p olicy. WMM also spec ifies a pr otocol that a ccess poi nts can use to comm unicat e the config ured traf f[...]

  • Página 270

    WMM Commands 7-133 7 • admissi on_contro l - The ad mis sion con trol mo de for the ac cess cat egory . When en abled, cli ents ar e blocked fr om using th e acce ss categ ory . (Options: 0 t o disabl e, 1 to enable) Default Command Mode Interfa ce Configurat ion (Wireles s) Example AP Param eters WMM Par ameters AC 0 (Best Ef fort) AC 1 (Backgr [...]

  • Página 271

    Command Line In terface 7-134 7[...]

  • Página 272

    A-1 Appendix A: Tr oubleshooting Check the following items befor e you contact lo cal T echnical Su pport. 1. If wi reless clie nts cannot acce ss the networ k, check the following: • B e sure th e access point an d the wire less clien ts are con figured w ith the sam e Service Set ID (SSID). • If au thentica tion or encryp tion are ena bled, e[...]

  • Página 273

    T r oubleshooting A-2 A 3. If yo u cannot acce ss the on- board configu ration pr ogram via a ser ial port connect ion: • Be sur e you hav e set the t ermi nal emul ator pro gram to VT 100 com patibl e, 8 data bits , 1 stop bit, no parit y and 9600 bp s. • C heck that the n ull-modem serial cab le conform s to the pin-out co nnections provided [...]

  • Página 274

    B-1 Appe ndix B: C ables and Pinouts Twisted-Pair Cable Assignments For 10/100 BASE-TX connection s, a twisted -pair cable m ust have t wo pairs of wires. Each wire pair is identified by two different colors. For ex ample, one w ire might be green and the other , green with whit e stripes. Also , an RJ-45 co nnector m ust be attached to bo th ends [...]

  • Página 275

    Cables and Pino uts B-2 B Straight- Through Wiring Beca use the 10/100 Mbps po rt on t he acce ss p oint uses an MDI pi n co nfi gur ati on, you must use “straigh t-through” cable for ne twork connec tions to hu bs or switch es that only h ave MDI-X po rts. However, if the device to w hich you are connect ing supports au to-MDIX operation, yo u[...]

  • Página 276

    Console Port Pin Assignments B-3 B Crossover Wiring Beca use the 10/100 Mbps po rt on t he acce ss p oint uses an MDI pi n co nfi gur ati on, you must use “crosso ver” cable for network con nections t o PCs, server s or other end nodes that only hav e MDI ports. Howev er , if the dev ice to which you are connect ing suppor ts auto-MDIX ope rati[...]

  • Página 277

    Cables and Pino uts B-4 B Wiring Map for Serial Cable T abl e B-2 . Wiri ng Map for Se rial C able DB9 Male (AP Cons ole) DB9 Mal e (PC DTE ) Pin Func tion Pin Function 1 GND (ground) 5 GND (ground) 2 Unused 4U n u s e d 3 R XD (receiv e data) 3 TXD (transm it data) 4 TX D (transmi t data) 2 RXD ( receive da ta) 5 U nused 1 Unused 6 U nused 9 Unuse[...]

  • Página 278

    C-1 Appendix C: S pecific ations General Specif ications Maximu m Channels 802.1 1g: US & Canada : 13 (normal mode), 5 (turbo mode) Japa n : 4 (normal mo de), 1 (t urbo mode) ETSI: 1 1 chann els (normal mode), 4 (turb o mode) T a iwan: 8 (nor mal mode), 3 (t urbo mode) 802.1 1b/g : FCC/IC: 1-11 ETSI: 1-13 France: 10- 13 MKK: 1-14 Ta i w a n : 1[...]

  • Página 279

    Specifications C-2 C AC Power Adapter Input: 100 -240 AC, 50-6 0 Hz Output: 5.1 VDC, 3A Power cons umption: 13 .2 watts Unit Power Supply DC Input: 5 VDC, 2 A ma ximum PoE i nput: - 48 VDC , 0.2 A maxi mum Power cons umption: 9.6 W maximu m PoE (DC) Input voltage: 48 volts, 0.2 A, 12.9 6 watts Note: Power can also be provided to the access point th[...]

  • Página 280

    General Specificati ons C-3 C MPT RCR st d.33 (D33 1~13 Channel, T66 Channel 14) Safety cCSAus (CSA 22.2 N o. 60950-1 & UL60950-1 ) EN6095 0-1 (T Ü V/GS), IEC60950-1 (CB) St anda rds IEEE 802.3 10 BASE-T , IEEE 802.3u 100BASE-TX , IEEE 802.1 1b, g[...]

  • Página 281

    Specifications C-4 C Sensi tivity Transmit P o wer IEEE 802.1 1g Data Rate Sensitiv ity (dBm) 6 Mbps -88 9 Mbps -87 12 Mbps -86 17 Mbps -85 24 Mbps -81 36 Mbps -77 48 Mbps -72 54 Mbps -70 IEEE 802.1 1b Data Rate Sensitiv ity (dBm) 1 Mbps -93 2 Mbps -90 5.5 Mbps -90 11 M b p s - 8 7 IEEE 802 .1 1 g Maxi mum Outp ut Power (GHz - dB m) Data Rate 2 .41[...]

  • Página 282

    Transmit Power C-5 C IEEE 802 .1 1 b Maxi mum Outp ut Power (GHz - dB m) Data Rate 2 .412 2 .417~2.467 2.472 1 Mbps 15 16 15 2 Mbps 15 16 15 5.5 M bps 15 16 15 1 1 Mbps 15 16 15[...]

  • Página 283

    Specifications C-6 C Operating Range Important N otice Maximu m distances post ed below are actual teste d distance thres holds. Ho wever , there are m any variab les such as bar rier comp osition and cons tr uct ion and local envi ronmen tal i nterf erenc e that m ay impa ct your act ual dist ances and cause you to exper ience distance thresh olds[...]

  • Página 284

    Glossary-1 Glossary 10BASE-T IEEE 802. 3 specificat ion for 10 M bps Ethernet ov er two pairs of Category 3 or better U TP cable. 100BASE- TX IEEE 802. 3u specification for 100 Mbps Fas t Ethernet over tw o pairs of Category 5 or better UTP ca ble. Access Point An intern etworking device that seaml essly co nnects wired and wir eless net works. A c[...]

  • Página 285

    Glossary-2 Glossar y Broadcast Key Broadca st keys are sen t to stations usin g 802.1X dynam ic keying. Dynamic bro adcast key rotation is often used to allow the access po int to generat e a random gr oup key an d periodic ally update all key-manag ement capable w ireless cl ients. CSMA/CA Carrier Sense Mul tiple Access with Collision A voidance. [...]

  • Página 286

    Glos sary- 3 Glossar y IEEE 802 .11g A wireless s tandard that supp orts wireless co mmunic ations in the 2 .4 GHz band us ing using Ortho gonal Frequ ency Divis ion Multiple xing (OFDM) . The standard provides for data rates of 6, 9, 1 1, 12, 18 , 24, 36, 48, 54 M bps. IEEE 802 .1 1g is al so backwar d compatible w ith IEEE 802 .1 1b. IEEE 802 .1X[...]

  • Página 287

    Glossary-4 Glossar y RADIUS A logon authe ntication protocol that us es software run ning on a cent ral server to contr ol access t o the network . Roaming A wireless L AN mobile us er moves aroun d an ESS and maintains a continu ous connection to the infrastructure network. RTS Threshold T r ansmitte rs contending for the medi um may not be aw are[...]

  • Página 288

    Glos sary- 5 Glossar y Virtua l Access P oint (VAP) Virtual AP techno logy multiplies the number of Ac cess Points present within the RF footprint of a single physic al access dev ice. With Virtua l AP technology , W LAN users within th e device’s footp rint can asso ciate with w hat appear s to be different ac cess poin ts and the ir associa ted[...]

  • Página 289

    Glossary-6 Glossar y[...]

  • Página 290

    Index-1 Numerics 802.11g 7- 95 A AES 6-75 ante nnas, posit ionin g 2 -2 auth entic ati on 6-12 , 7-11 4 cipher s uite 6-78, 7-115 closed system 7-106 configu ring 6-12, 7-1 14 MAC ad dress 6-13, 7-70 , 7-71 type 6-63, 7-10 6 web r edir ect 6-14 , 7-20 B Basic Service Set See BSS beacon interval 6-51, 7-1 01 rate 6-51, 7-102 BOOTP 7-89, 7-90 BPDU 6-[...]

  • Página 291

    Index Index-2 filt er 6-17 , 7-70 address 6-12, 7-70 betwee n wireless clie nts 6-17, 7-7 3 local bridg e 6 -17, 7-73 local or re mote 6-1 2, 7-72 manage ment access 6-17, 7- 74 protocol types 6-18, 7-75 VLANs 6-54, 7-128 firmware displa ying version 6-30, 7-2 4 upgradin g 6-29, 6-30, 7-56 frag mentat ion 7- 103 G gatewa y addres s 5-2, 6-6, 7-1, 7[...]

  • Página 292

    Index Index-3 PoE 1-4 specif ications C-2 port prior ity STA 7-86 power con nection 2-2 Power over Ethernet See PoE powe r suppl y, spec ifica tion s C -2 PSK 6-75 R radio ch annel 802. 11a i nterf ace 7- 97 802.11g interface 6-49, 7-97 RADIUS 6-7, 6-74, 7-59 RADIUS, log on authentication 6-14, 7-59 Remote Au thentication Dial -in User Service See [...]

  • Página 293

    Index Index-4 V VLAN confi gura tion 6- 54, 7-1 28 native ID 6-54 W WEP 6-6 9 confi guri ng 6-69 shared k ey 6-70, 7-1 17 Wi-Fi Mul timedia See WMM Wi- Fi Prot ected A ccess See WPA Wired Equiv alent Protection See WEP WPA 6-74 pre-sha red ke y 6-78, 7-121 WPA, pre-sh ared ke y See PSK[...]

  • Página 294

    [...]

  • Página 295

    Model Number: SM C2552W-G2- 17 Pub. Nu mber: 150 00003050 0E E05200 6-DT -R01[...]

  • Página 296

    38 T esla Irvine, CA 92618 Phone: (949) 679-8000 TECHNIC AL SUPPORT F rom U .S.A. and Canada (2 4 hours a day , 7 days a w eek) (800) SMC -4- Y OU Phn: (94 9) 67 9-8000 F ax: (949) 6 79- 1481 ENGLISH T echnical Support inf ormation available at www .smc.com FRENCH Inf ormations Support T echnique sur www .smc.com DEUTSCH T echnischer Support und we[...]