SMC Networks SMC2552W-G2-17 manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 296 pages
- 2.77 mb
Aller à la page of
Les manuels d’utilisation similaires
-
Network Router
SMC Networks SMC2586W-G
96 pages 5.01 mb -
Network Router
SMC Networks SMCWBR14S-N4
127 pages 2.22 mb -
Network Router
SMC Networks SMC2582W-B
2 pages 0.06 mb -
Network Router
SMC Networks SMC7004ABR V.2
109 pages 2.7 mb -
Network Router
SMC Networks SMCBR21VPN
2 pages 0.4 mb -
Network Router
SMC Networks SMC7004VWBR
124 pages 5.41 mb -
Network Router
SMC Networks Console
7 pages 0.03 mb -
Network Router
SMC Networks Barricade SMCBR14UP
77 pages 4.28 mb
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation SMC Networks SMC2552W-G2-17. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel SMC Networks SMC2552W-G2-17 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation SMC Networks SMC2552W-G2-17 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation SMC Networks SMC2552W-G2-17 devrait contenir:
- informations sur les caractéristiques techniques du dispositif SMC Networks SMC2552W-G2-17
- nom du fabricant et année de fabrication SMC Networks SMC2552W-G2-17
- instructions d'utilisation, de réglage et d’entretien de l'équipement SMC Networks SMC2552W-G2-17
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage SMC Networks SMC2552W-G2-17 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles SMC Networks SMC2552W-G2-17 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service SMC Networks en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées SMC Networks SMC2552W-G2-17, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif SMC Networks SMC2552W-G2-17, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation SMC Networks SMC2552W-G2-17. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
[...]
-
Page 2
38 T esla Irvine, CA 92618 Phone: (9 49) 679-8000 EliteConnec t ™ SM C2552W -G2 2.4G Hz Wire less Acce ss Poi nt The eas y way to mak e all yo ur network connections May 2006 Revisi on Num b er: R01 F4.3.2.2 B0 2[...]
-
Page 3
Copyright Informati on furni shed by SMC Networks, I nc. (SMC) is believed to be accura te and re liable. However , no responsibility is assumed by SMC for its u se, nor for any infringements of p atents or other rights of third parties which may result from its use. No license is granted by implicati on or ot herwise und er any patent or patent r [...]
-
Page 4
i C OMPLIA NCES Federal Communica tion Commission Interference St ateme nt This equipment has been tested and found to c omply with the limits for a Class B digital device, pursuant to Part 15 of th e FCC Rules. These limits are designed to provide reasonable pr otection against harmf ul interference in a residential installation. T his equipment g[...]
-
Page 5
C OMP LIANCE S ii aux appareils numériques de Classe B prescr ites dans la norme sur le matérial brouilleur: “Appareils Numériques,” NMB-003 édictée par l’Industrie. Jap an VCCI Class B Australia /New Zealand AS/NZS 4771 EC Conformance Declaration Markin g by the above s y mbo l indicates c omplianc e with the Ess ential Requi rement s o[...]
-
Page 6
C OMPL IA NCES iii • This de vice will automati cally limi t the allo wable channel s determine d by the c urrent cou ntry of operation . Incorrectly ent ering the country of oper ation may resu lt in i llega l opera tion and may cause h armful inter ference to other systems. The user is obl igated to ensure the device is operating according to t[...]
-
Page 7
C OMP LIANCE S iv Declaration of Conformity in Language s of the European Community English Hereby, SMC, d eclares that this Radio LA N device is in compliance with the es sential requirements and other relevant provisions of Directive 1999/5/EC. Finnish Valmistaja SMC vakuuttaa tä ten että Radio LAN device tyypp inen laite on direktiivin 1999/5/[...]
-
Page 8
C OMPL IA NCES v Safety Compliance Power Cor d Safety Please read the following safety information carefully before installing the access point: W ARNING: Installation and removal of the unit must be c arried out by qualified personnel only . • The unit must be connected to an earthed (grounded) outlet to comply with international safety standard[...]
-
Page 9
C OMP LIANCE S vi Important! Before making connections, make sure you have the correct cord set. Check it (read the label on the cable) against the following: Powe r Cord S et U.S.A. and Canada The cord set must be UL-approved and CSA certified. The minimum specifications for the flexible cord are: - No. 18 AWG - not longer than 2 m eters, or 16 AW[...]
-
Page 10
C OMPL IA NCES vii Veuillez l ire à fond l'informati on de la sécurité sui vante avant d'installe r le acce ss poin t: A VERTISS EMENT : L ’installation et la dépose de ce groupe doivent être confiés à un personnel qualifié. • Ne branchez pas votre appareil sur une prise secteur (alimentation électrique) lorsqu'il n&apos[...]
-
Page 11
C OMP LIANCE S viii Bitte unbedin gt vor dem Einbauen de s Access Point die folg enden Sicherheitsa nweisungen durchle sen (Germany) : W ARNUNG: Die Installation und der Ausbau des Geräts darf nur durch Fachpersonal erfolgen. • Das Gerät sollte nicht an ei ne ungeerdete Wechselstromst eckdose angeschlossen werden. • Das Gerät muß an eine ge[...]
-
Page 12
C OMPL IA NCES ix Stromkabe l . Dies muss von dem Land, in dem e s benutzt wird geprüft w erden: U.S.A und Kanada Der Cord muß das UL gepruft und war das CSA beglaubigt. Das Minimum spezifikation fur der Cord sind: - Nu. 18 AWG - nicht m ehr als 2 meter, oder 16 AWG . - Der ty p SV oder SJ - 3-Leiter Der Cord muß haben eine strombelastbarkeit au[...]
-
Page 13
C OMP LIANCE S x[...]
-
Page 14
xi Table of Contents Chapter 1: Introduction 1-1 Packag e Checklist 1-2 Hardware Description 1-2 Component Description 1-3 Feat ures and Be nefits 1-5 System Default s 1-6 Chap ter 2: Hard ware In stal l atio n 2-1 Chap ter 3: Ext erna l Ante nnas 3-1 Install ation Procedures 3-1 Chapter 4: Network Co nfiguration 4-1 Network Topologies 4-2 Ad Hoc W[...]
-
Page 15
xii Contents VLAN 6-19 WDS Settings 6-21 AP Managem ent 6-27 Administ ration 6-28 System L og 6-32 SNMP 6-36 Configu ring SNMP and Tra p Message Param eters 6-37 Configu ring SNMPv3 Users 6-42 Configu ring SNMPv3 Trap Filters 6-44 Configu ring SNMPv3 Targ ets 6-46 Radi o Inte rfac e 6-48 Security 6-63 Status In formation 6-83 Acce ss Poi nt Statu s[...]
-
Page 16
xiii Contents countr y 7-12 prompt 7-1 4 system nam e 7-14 username 7-15 password 7-1 5 ip ssh-serv er enable 7-16 ip ssh-server port 7-16 ip telnet-serv er enable 7-17 ip http port 7-17 ip http server 7-18 ip https po rt 7-18 ip https server 7-19 web-redirec t 7-20 APmgmtIP 7-21 APm gmtU I 7-22 show ap magement 7-22 show s ystem 7-23 show v ersion[...]
-
Page 17
xiv Contents snmp-se rver host 7-43 snmp -serve r trap 7-44 snmp-se rver engine-id 7-4 6 snmp-se rver user 7-46 snmp-server targ ets 7-48 snmp -serve r filter 7-49 snmp-serve r filter-assig nments 7-50 show s nmp gr oups 7-50 show s nmp users 7-51 show s nmp group -assignments 7-51 show s nmp target 7-52 show snm p filter 7-52 show s nmp filte r-as[...]
-
Page 18
xv Contents Filt ering Co mmands 7-73 filter loc al-bridge 7-73 filter ap-m anage 7-74 filter upli nk enable 7-7 4 filter upli nk 7-75 filter ethe rnet-type enab le 7-75 filter ethe rnet-type proto col 7-76 show fi lters 7-7 7 WDS Brid ge Commands 7-77 bridge rol e (WDS) 7-7 8 bridge-link parent 7-78 bridge-lin k child 7-79 bridge dy namic-entry ag[...]
-
Page 19
xvi Contents beacon-in terval 7-10 1 dtim-perio d 7-102 fragmenta tion-length 7 -102 rts-thresho ld 7-103 super-g 7 -104 descripti on 7-104 ssid 7 -105 closed-s ystem 7-105 max -associ atio n 7-106 assoc-ti meout-interva l 7-106 auth-time out-value 7-10 7 shutdow n 7-107 show in terface wireles s 7-108 show s tation 7-10 9 Rogue AP Detection Com ma[...]
-
Page 20
xvii Contents wmm 7-131 wmm-ac knowle dge-policy 7 -131 wmmp aram 7-1 32 Appendix A: T r ouble s hooting A-1 Appendix B: Ca bles and Pinouts B-1 Twis ted-Pair Ca ble Assignmen ts B-1 10/100BASE-TX Pi n Assignments B-1 Straight-Thro ugh Wiring B-2 Crossover Wiri ng B- 3 Cons ole Port Pin Assignments B-3 Wiring Ma p for Serial Cabl e B-4 Appendi x C:[...]
-
Page 21
xviii Contents[...]
-
Page 22
1-1 Chapter 1: Introd uction The 2.4 GHz Wir eless Acce ss Point is an IEEE 8 02.1 1 b/g access point that provides transparent , wireles s high-s peed da ta commu nications between the w ired LAN and fixed or mobi le device s equipped wi th an 802.1 1b, or 802 .1 1g wireless adapter . This solution of fers fast, reli able wireless connectiv ity wi[...]
-
Page 23
Introduction 1-2 1 Package Checklist The 2.4 GH z Wirele ss Access Po int package includ es: • One 2.4 GHz W ireless Acce ss Point • O ne Cate gory 5 networ k cable • O ne RS-23 2 consol e cable • O ne AC power adapter and power cord • F our rubbe r feet • U ser Guide CD Inform y our dealer if the re are any incor rect, miss ing or dama[...]
-
Page 24
Hardware Desc ription 1-3 1 Rear Panel Component Descript ion Antennas The access point includ es integrat ed diversity antennas fo r wireless comm unications . A diver sity antenna system us es two iden tical anten nas to recei ve and tran smit signals , helping to avoi d multipath fading effects. When rece iving, the access po int checks both ant[...]
-
Page 25
Introduction 1-4 1 Security Slot The access point includ es a Kensingt on security s lot on the rear panel. Y ou can prevent una uthorize d removal of the access point by wrap ping the Kens ington sec urit y cable (not pr ovided) aro und an unm ovable o bject, i nser ting th e lock in to the slot, and turnin g the key . Console Port This port is us[...]
-
Page 26
Features and Bene fits 1-5 1 Reset Button This button is used to r e set the access point o r res tore the fa ctory defaul t configur ation. If you hol d down the button for less t han 5 second s, the acces s point will perfor m a hardware reset. If you hold down the bu tton for 5 secon ds or more, any conf iguration c hanges yo u may hav e made ar[...]
-
Page 27
Introduction 1-6 1 System Defaults The follow ing table lists some of the access point ’s basic system def aults. To reset the acce ss point defau lts, use the CLI command “reset confi guration” fro m the Exec lev el pr omp t. T able 1-1. System Defaults Feature P aramet er Default Identificat ion System Name SMC Admi nistr ation User N ame a[...]
-
Page 28
System Defaults 1-7 1 MAC Auth entication MAC Disabled Authen tication Se ssion Timeout 0 minutes (disabled ) Local M AC System Defa ult Allowed Local M AC Permis sion Allowe d 802.1X A uthenticat ion Status Dis abled Broadc ast Key Re fresh 0 minutes (disabled ) Session Key Refr esh 0 minu tes (disab led) Reauth entication Refresh R ate 0 second s[...]
-
Page 29
Introduction 1-8 1 System L ogging S yslog Disab led Loggi ng Host Disa bled Logging Console Disab led IP Addr ess / H ost Name 0.0.0.0 Loggi ng Level Infor mat i onal Loggi ng Faci lity T ype 16 System C lock SNTP S erver Stat us Enabled SNTP S erver 1 IP 13 7.92.140. 80 SNTP S erver 2 IP 19 2.43.244. 18 Date an d Time 00:00, Ja n 1, 1970 (when th[...]
-
Page 30
System Defaults 1-9 1 Wireless I nterface 802.1 1 b/g (cont d.) Antenn a ID 0x0000 Antenn a Location Indoor Wireless S ecurity 802.1 1 b/g Authen tication Type Op en System Data En cryption Disabled WEP Key Length 128 bi ts WEP K ey Type Hexadeci mal WEP Trans mit Key N umber 1 WEP Key s n ull WP A Configur ation Mod e WE P Only (D isabled) WP A Ke[...]
-
Page 31
Introduction 1-10 1[...]
-
Page 32
2-1 Chapte r 2: Hard ware Install a tion 1. Select a Site – Cho ose a proper place fo r the access point . In general, the best location is at the c enter of y our wireles s covera ge area, wi thin line of sight of al l wir eless de vices. Tr y to plac e the acces s poin t i n a po sitio n that ca n best c over it s Basi c Servi ce Set (refer to [...]
-
Page 33
Hard ware Ins tallat i on 2-2 2 3. Connect th e Pow e r C or d – C onnect the power adap ter to the acces s point, and the po wer cord to an AC po wer outlet. Othe rwise, the acc ess point can der ive it s operat ing po wer dire ctl y from the RJ-45 port when co nnected to a device that provide s IEEE 802.3af compliant Power over Ethernet (PoE ).[...]
-
Page 34
3-1 Chapter 3: Exte rnal Ant en nas The SMC2 552W-G2 pr ovides a va riety of ex ternal an tenna option s for extend ing the radio rang e and shaping the coverge ar ea. Thes e antennas offer a nu mber of different mou nting locatio ns, includi ng indoor or outdo or , wall, ceil ing, or radio ma st. This chap ter shows you how to install an exte rnal[...]
-
Page 35
External Antennas 3-2 3 • Omnidirectional Antenn as - Consid er these factors when selecting a location for these ante nnas: • Always moun t the antenna i n a vertical ori entation so that the radio coverag e pattern fills t he intended horizontal space. • For optimum coverage, mou nt the anten na at the cent er of the area with a line-of-s i[...]
-
Page 36
Installati on Procedures 3-3 3 T o connect pigta il cables to the ac cess point , follow thes e steps: 1. Di sable the acces s point radio using the web brow ser interfac e, CLI, or SNM P . 2. Rem ove power to the acces s point. 3. Rem ove both of the access poi nt’s antennas by unscrewing them at their bas e. 4. For di versity ant ennas, conne c[...]
-
Page 37
External Antennas 3-4 3 5. Rec onnect po wer to the acc ess point. Note: Before enabling the radio with an external antenna attached, be sure to first configure the acces s point’s antenna mode.[...]
-
Page 38
4-1 Chapter 4: Netwo rk Con figuration Wireles s networks su pport a stand- alone config uration as w ell as an integra ted configur ation with 10/100 Mbps Etherne t LANs. The 2.4 GHz Wireles s Access Point also provi des repeat er and bridgin g services t hat can be conf igured indep endently on 2.4 GHz radio int erfaces. Acce ss point s can be de[...]
-
Page 39
Network Configur ation 4-2 4 Network Topologies Ad Hoc Wirele ss LAN (no Access Point) An ad hoc w ireless LAN cons ists of a group of com puters, each equipped w ith a wireless adapter , connected via radio sign als as an inde pendent wir eless LAN . Comput ers in a specif ic ad hoc wire less LAN mus t therefore be configure d to the same ra dio c[...]
-
Page 40
Network T opo logies 4-3 4 Infrastr ucture Wireless LAN The a ccess po int also provid es acces s to a wi red LAN fo r wir eless work stat ions. An integrated wired/wirel ess LAN is cal led an Infrastr ucture confi guration. A Basi c Service Set (BSS) consi sts of a group of wireless PC users, and an access point that is directly co nnected to the [...]
-
Page 41
Network Configur ation 4-4 4 Infrastr ucture Wireless LAN for Roaming Wireless PCs The B asic Servi ce Set ( BSS) define s the commun ications d omain for each ac cess point and i t s associate d wireless clien ts. The BSS ID is a 48 -bit binary num ber based on the access po int’s wireless M AC address , and is set au tomatically an d transparen[...]
-
Page 42
Network T opo logies 4-5 4 Infrastr ucture Wireless Bridge The IEEE 802 .1 1 s t andard defines a W Ireless Distribution Sy stem (WDS) for bridge connect ions betwee n BSS areas (acc ess poin t s ). The access point uses W DS to forwar d traffic on links betw een units. The access point suppo rts WDS bridge link s on th e 2.4 GHz (802.1 1b/g) band [...]
-
Page 43
Network Configur ation 4-6 4 Infrastr ucture Wireless Repeater The access point can al so operate in a br idge “repeat er” mode to ex tend the ran ge of links to wir eless clien t s. The ac cess point uses WDS to for ward traffic betwe en the repeat er bridge an d the root bridge. The access poi nt supports up to six WDS repeat er links. In rep[...]
-
Page 44
5-1 Chapter 5: Init ial Configuration The 2.4 GH z Wireless Ac cess Point offers a vari ety of manage ment option s, includin g a web-bas ed interface , a direct conn ection to the console port, T elne t, Secure Shell (SSH), or using SNMP s oft ware. The initia l conf igurati on ste ps ca n be made through the we b brows er i nte rface or CLI. The [...]
-
Page 45
Initial C onfiguratio n 5-2 5 Note: When using Hy perTerminal with Micros oft ® Windows ® 2000, make sure t hat you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s V T100 emulation. See www.microsoft.com for information on Windows 2000 service pa[...]
-
Page 46
Logging In 5-3 5 After configu ring the acce ss point’s IP param eters, you can acces s the mana gement interface f rom anywhe re within the at tached networ k. The comma nd line inter face can also be accessed using T elnet from any comput er attached to th e network. Setting the Country Code – Units sold in the Un ited S tates are configure d[...]
-
Page 47
Initial C onfiguratio n 5-4 5 The hom e page displays the Ma in Menu .[...]
-
Page 48
6-1 Chapter 6: System Co nfigur ation Before cont inuing wi th advance d configur ation, first co mplete the ini tial configu ration steps descr ibed in Chap ter 4 to set up an I P address for the acces s point. The access point can be m anaged b y any comput er using a web br owser (Int ernet Explorer 5. 0 or above, or N etscape Naviga tor 6.2 or [...]
-
Page 49
System Configurati on 6-2 6 Advanced Configuration The Adv anced Config uration pages in clude the fol lowing optio ns. T able 6- 2. Menu Menu Desc ription Page System Configur es bas ic administ rative and client acc ess 6-3 Identificat ion S pecifies th e host nam e 6-3 TCP / IP S ettings Configures t he IP add ress, subn et mask, g ateway , and [...]
-
Page 50
Advanced Configur ation 6-3 6 System Identification The syste m name for th e access poin t can be left at its default set ting. Howev er , modi fying t his p aramet er ca n help you to m ore easil y distin guish di ffer ent device s in your n etwork. System Name – An ali as for th e access po int, enab ling th e device t o be unique ly identifie[...]
-
Page 51
System Configurati on 6-4 6 CLI Comma nds for Sy stem Iden tific ation – Ente r the gl obal co nfigur ation mod e, and use the sy st em nam e comman d to specif y a new system name. Then r eturn to the Exec mode , and use th e s how system command to display th e changes to t h e system identificati on settings . Enterprise AP#config Enterprise A[...]
-
Page 52
Advanced Configur ation 6-5 6 TCP / IP Se ttings Configu ring the acc ess poi nt with an I P address expands yo ur ability to m anage the access po int. A number of access point features depend on IP addr essing to operat e. Note: You can use the web browser interface to access IP addressing only if the access point already has an IP address that i[...]
-
Page 53
System Configurati on 6-6 6 • S ubnet Mas k: The mask tha t identifies t he host addr ess bits use d for routing to specific subnets . • D efault G ateway: Th e defau lt gatewa y is the I P addres s of the router for the acce ss point, w hich is u sed if the request ed desti nation addr ess is no t on the local sub net. If you have m anagem ent[...]
-
Page 54
Advanced Configur ation 6-7 6 RADIUS Remote Authenticati on Dial-in User Service (RADIUS ) is an authen tication protoc ol that uses so ftware runni ng on a centra l server to cont rol access to RADIUS -aware devices on the networ k. An authenti cation serve r contains a databas e of user credent ials for each user that requires access to the netwo[...]
-
Page 55
System Configurati on 6-8 6[...]
-
Page 56
Advanced Configur ation 6-9 6 MAC A ddress Format – MAC a ddresse s can be spec ified in one of four fo rmats, using no d elimeter , with a sing le dash delimet er , with mul tiple dash de limeters , and with multip le c olon delimeters. VLAN ID Fo rmat – A VLAN ID (a num ber between 1 a nd 4094) ca n be assigned to each clien t after successfu[...]
-
Page 57
System Configurati on 6-10 6 CLI Commands for RADIUS – From the global co nfigurati on mode, use the radius-server address com mand to sp ecify the address of the pr imary or secondar y RA DIUS ser vers. ( The follow ing exa mple co nfigures the set tings for the primary RADIUS server .) Configure th e other pa rameters for the RADIUS server . Th[...]
-
Page 58
Advanced Configur ation 6-11 6 SSH Settings T e lnet is a remo te managem ent tool that c an be used to con figure the acc ess poin t from anyw here in the ne twork. Ho wever , T elnet is not secure f rom hostile at t acks. The Secure Shell (SSH) can ac t as a secure repla cement fo r T elnet. Th e SSH protocol uses generat ed public ke ys to encry[...]
-
Page 59
System Configurati on 6-12 6 CLI Commands for SSH – T o enable the SSH serv er , use the ip ssh-serv er enabl e comm and from the CLI Ethernet inter face config uration mode . T o se t the SSH server U DP port, use the ip ssh-se rver port comman d. T o view the cu rrent set tings, use the sho w sys tem command fr om the CL I Exec mod e (not sho w[...]
-
Page 60
Advanced Configur ation 6-13 6 MAC Authentication – Y ou can con figure a list of th e MAC addr esses for wirel ess clients that are au thorized to access the network. Thi s provide s a basic level of aut hentic ati on for wir eless cl ients att empting to gai n acces s to the ne twork . A database of au thorized M AC address es can be sto red lo[...]
-
Page 61
System Configurati on 6-14 6 802.1X Su ppli ca nt – The ac cess poi nt can also oper ate in a 802.1X su pplicant mode . This enabl es the access p oint it self to b e authen ticate d with a RADI US serve r using a co nfigured MD5 user name and password. Th is prevents rogue acc ess points from ga ining acces s to the netwo rk. Note: Enabling Web [...]
-
Page 62
Advanced Configur ation 6-15 6 CLI Commands for Local MAC Authentication – Use the ma c-authen tication serve r comm and from the global config uration mod e to enable loca l MAC authenti cation. Use th e mac-auth ent icat i on se ssion-tim eout command to set the authenti cation interv al, and web-r edirect comm and to ena ble web-bas ed authent[...]
-
Page 63
System Configurati on 6-16 6 CLI Commands for RADIUS MAC Authentication – U se t he mac-authenti cation serve r comm and from the global config uration mod e to enable r emote MAC authenti cation. Set the timeout value for re-authentic ation using th e mac- aut h enticat i on sessi o n-time ou t comm and. Be sure to also config ure conne ction se[...]
-
Page 64
Advanced Configur ation 6-17 6 Filter Control The access point can em ploy netwo rk traffic frame filt ering to control access to network resource s and in crease security . Y ou can pre vent com municat ions betwe en wireless clients and pre vent access point mana gement from wireless cl ients. Also, you can b lock specif ic Ethernet traf fic from[...]
-
Page 65
System Configurati on 6-18 6 • M AC Address : Specifi es a MAC addr ess to filte r, in the form xx -xx-xx -xx-xx -xx. • P ermissio n: Adds or delet es a M AC addr ess fro m the f iltering t able. Ethernet T ype Fi lt er – Controls che cks on the E thernet type of all incomin g and outgoing Et hernet packe t s against the protocol filteri ng t[...]
-
Page 66
Advanced Configur ation 6-19 6 VLAN The acc ess poi nt can employ VLAN taggi ng sup port to co ntrol a ccess to networ k resources and increase security . VLANs separa te traf fic passing betwe en the access po int, associ ated clients, and the w ired netw ork. There can be a VLAN assigne d to each asso ciated client, a de fault VLAN f or each V AP[...]
-
Page 67
System Configurati on 6-20 6 When setting u p VLAN IDs fo r each user on the RADIUS server , be sure to u se the RADIUS attributes an d values as indicated in th e following table . VLAN IDs on the RADIUS server ca n be entered as hexadecim al digits or a string (see “radi us-server vl an-format ” on page 7-63 ). Note: The specific configuratio[...]
-
Page 68
Advanced Configur ation 6-21 6 WDS Settings Each acces s point rad io interface can be configured to operate in a br idge or repeat er mode, which allows it to forw ard traffic direc tly to other acce ss point uni ts. T o set up bridge links betwe en access point units, you mu st configur e the wireless Distribu tion System (WDS) for warding table [...]
-
Page 69
System Configurati on 6-22 6 • Br idge: Oper ates as a bridge to other acc ess points. The “Paren t” link to the root bridge mu st be confi gured. Up to five other ”Child ” links are ava ilable to other bridges. • Rep eater: Oper ates as a wir eless repea ter, extendin g the range fo r remote wireless clients and conn ecting them to the[...]
-
Page 70
Advanced Configur ation 6-23 6 Sp anning T ree Pro tocol – STP uses a d istributed algor ithm to selec t a bridging device (S TP-compl iant switch , bridge or rou ter) that serves as the root of the spanning tre e network . It selects a root port on each bridg ing device (except for th e root d evice) w hich inc urs the lowest path cost when f or[...]
-
Page 71
System Configurati on 6-24 6 designa ted ports. After de termining the lowes t cost spann ing tree , it enable s all root ports and de signated po rts, and disables al l other ports. Net work packets are the refore only f orwar ded betw een r oot po rts and de signa ted po rts, el iminat ing any possible networ k loops. Once a stable network top ol[...]
-
Page 72
Advanced Configur ation 6-25 6 • Link P ath Cos t – This param eter is used b y the STP to determi ne the best path between devices . Therefore, lower values should be assigned to ports a ttached to faster m edia, and high er values ass igned to port s with slower m edia. (Path co st takes pr ecedence over port prio rity.) • Ran ge: 1-65535 ?[...]
-
Page 73
System Configurati on 6-26 6 CLI Commands for STP Settings – I f the role of a radio i nterface is se t to Repeate r , Bridge or Roo t Bridge, STP can be enabled on t he access poi nt to maintain a valid network topology . T o globally ena ble STP , us e the bridge stp en able co mmand from the CLI configurati on mode. Th en configure t he other [...]
-
Page 74
Advanced Configur ation 6-27 6 AP Management The Web, T e lnet, and SNMP m anageme nt interf aces are enabled and o pen to all IP address es by defa ult. T o p rovide more s ecurity for managemen t access to the access po int, specif ic interfaces can be disabl ed and manag ement rest ricted to a single IP ad dress or a lim ited range of IP address[...]
-
Page 75
System Configurati on 6-28 6 CLI Comm ands for AP Man agement feat ures. Administration Chan g ing t h e Pass word Manage ment acces s to the web and CLI interf ace on the acce ss point is cont rolled throug h a single user na me and passwo rd. Y ou can al so gain addit ional acce ss security by using cont rol filters (see “Filter Contro l” on [...]
-
Page 76
Advanced Configur ation 6-29 6 Upgrading Firm ware Y ou can up grade new ac cess poi nt software from a l ocal file on the manageme nt work stat ion, or from an FTP or T FTP serv er . New softwa re may be provi ded period ically from your distributo r . After upgrad ing new software, you must reb oot the acce ss point to implem ent the new code . U[...]
-
Page 77
System Configurati on 6-30 6 Before up grading new s oftware, ver ify that t he acc ess point is con nected t o the net work and has bee n config ured wit h a compat ibl e IP ad dress and subn et mask. If you need t o download fr om an FTP or TFTP server , take the f ollowing add itional steps: • O btain the IP add ress of the FTP or TFTP se rver[...]
-
Page 78
Advanced Configur ation 6-31 6 CLI Commands for Download ing Software from a TFTP Ser ve r – Use the cop y tf tp file command from the Exec mod e and then spec ify the file type , name, and IP address of the TFTP server . W hen the do wnload is c omplete , the dir comma nd can be used to check that the ne w file is prese nt in the acc ess point f[...]
-
Page 79
System Configurati on 6-32 6 System Log The access point can be co nfigured to send event an d error messa ges to a System Log Ser ver . The syste m clock can a lso be s ynchroniz ed with a time s erver , so tha t all the message s sent to the Syslo g server are s t amped with t he cor rect time and date. Enabling Sy stem Logging The acce ss point [...]
-
Page 80
Advanced Configur ation 6-33 6 Logging Level – Set s the mi nimum s everity level for ev ent lo ggin g. (Default: Info rmational) The syste m allows you t o limit the messa ges that ar e logged by spe cifying a mini mum sever it y leve l. The fol lowing t able l ist s the err or mes sage level s from the most se vere (Emerge ncy) to leas t severe[...]
-
Page 81
System Configurati on 6-34 6 CLI Commands for System Log ging – T o enable logging on the ac cess poin t, use the logging on com mand from the global con figuration m ode. The logging lev el comm and sets the minim um level of mes sage to log. U se the logging co nso le comm and to e nable lo gging to the con sole. U se the logging host c ommand [...]
-
Page 82
Advanced Configur ation 6-35 6 Note: The access point also allows you t o disable SNTP and set the system clock manually. Set Time Zone – S NTP us es Coor dinated Universal T im e (or UT C, form erly Greenw ich Mean Time, or GMT) based on the time at the Earth’s prime me ridian, zero degr ees longitude . T o disp lay a time corresp onding to yo[...]
-
Page 83
System Configurati on 6-36 6 CLI Comm ands for the Sy stem Clock – The following exa mple sh ows how to manu ally s et t he sy stem ti me when SNT P ser ver suppor t is dis abled o n the ac cess point. SNMP Simp le Networ k Manage ment Pr otoco l ( SNMP) i s a communic ation pr otoco l designe d specifical ly for manag ing device s on a network. [...]
-
Page 84
SNMP 6-37 6 Configuring SNMP and T rap Message Parameters The access point SNMP agent must be en abled to fun ction (for vers ions 1, 2c, and 3 clients). Mana gement acc ess usin g SNMP v1 and v2c also requires commu nity strings t o be configure d for authen tication. Trap notificati ons can be en abled and sent to up t o four manageme nt st ation[...]
-
Page 85
System Configurati on 6-38 6 Commu ni ty N am e ( Rea d/Write) – Defi n es the SNMP community access s t ring t h at has read/ write access . Authorized managem ent stations are a ble to both retriev e and modif y MIB objects. (Max imum lengt h: 23 charac ters, case sen sitive; Default: priv ate) T rap Destination (1 to 4 ) – En ables recipien [...]
-
Page 86
SNMP 6-39 6 T ra p C on figuratio n – Allows selection of speci fic SNMP notificat ion s to s end. The following i tems are av ailable: • sy sSystemUp - The access point is up and runn ing. • sy sSystemDo wn - The acces s point is abou t to shutdow n and reboo t. • sy sRadiusS erverCh anged - The a ccess point has change d from the prim ary[...]
-
Page 87
System Configurati on 6-40 6 • do t11StationA uthenticat eFail - A client stati on has tried and fai led to authentic ate to the netwo rk. • Enable All Traps - Click th e butto n to enable a ll t h e availab le traps. • Disable All Traps - Click the but ton to d isable all t he avai lable t raps. CLI Commands for SNMP and T r ap Co nfiguratio[...]
-
Page 88
SNMP 6-41 6 T o view the current SNMP sett ing s, us e the show snm p command. Enterprise AP#show snmp 7-54 SNMP Information ========================================= ===== Service State : Enable Community (ro) : ***** Community (rw) : ***** Location : WC-19 Contact : Paul EngineId :80:00:07:e5:80:00:00:2e:62:00 :00:00:18 EngineBoots:1 Trap Destina[...]
-
Page 89
System Configurati on 6-42 6 Configuring SNMPv3 Users The access point allows up to 10 SNMP v3 users to be conf igured. Each us er must be defined by a uni que name, assigned to one of three pre-defin ed security gro ups, and config ured with spe cific authe ntication an d encryp tion settings. User – The SNMPv 3 user name. (3 2 characte rs maxim[...]
-
Page 90
SNMP 6-43 6 CLI Commands for Configuring SNMPv3 Users – Us e the snmp - ser ve r engine- id comm and to define the SN MP v3 eng ine before ass igning use rs to groups. Use the snmp-s erver user co mmand to as sign users to one of the three gr oups and set the appropr iate authent ication and encryptio n types to be us ed. T o view the current SNM[...]
-
Page 91
System Configurati on 6-44 6 Configuring SNMPv3 T rap Filters SNMP v3 users can be c onfigure d to rece ive no tification m essages from the access point. An SNM P T arget ID is cre ated that spec ifies the SNM P v3 user , IP address, and UDP po rt. A user-def ined notific ation filter can b e created so that specific notificat ions can be prev ent[...]
-
Page 92
SNMP 6-45 6 Note: Only the Ne w Filter page allows the Filter ID to be configured. Filter ID – A us er-d efined name t hat id enti fies t he fil ter . (Ma ximum leng th: 32 charact ers) Subt ree OID – Sp ecifies MIB su btre e to be fil tered . Th e MIB subtr ee mu st be defined in the form “.1.3 .6.1” and alwa ys start with a “.”. Filte[...]
-
Page 93
System Configurati on 6-46 6 Configuring SNMP v3 T arget s An SNMP v3 notification T arget ID is specified b y the SNMP v3 use r , IP address, and UDP po rt. A user-def ined filter ca n also be assign ed to specif ic targets to limit the notific ations receive d to specif ic MIB objects. (Not e that the filter must first be configur ed. see “Conf[...]
-
Page 94
SNMP 6-47 6 Ta r g e t I D – A user-defined name that ident ifies a receiver of no tifications . The access po int suppor t s up to 10 targe t IDs. (Maxi mum length : 32 charact ers) IP Addr ess – S peci fies t he IP ad dress o f the r eceivin g manage ment st atio n. UDP Port – The UDP por t that is used on th e receiving m anagemen t statio[...]
-
Page 95
System Configurati on 6-48 6 Radio Interface The IEEE 802.1 1b/g inter face include s configur ation options f or radio sign al charact eristics an d wireless security featu res. The IEEE 802.1 1g standard operates with in the 2.4 GHz ba nd at up to 54 M bps. Also note that becau se t he IEEE 802.1 1 g standard is an e xtension of the IEEE 802.1 1b[...]
-
Page 96
Radio Interface 6-49 6 Radio C hannel – The radio cha nnel that the access point uses to com municate w ith wireless clients. Wh en multip le access points are deployed i n the sam e area, s et the channel on neighbor ing access po ints at least five cha nnels apart to avo id interfere nce with ea ch other. For example , in the Uni ted S tates yo[...]
-
Page 97
System Configurati on 6-50 6 Maximum S tation Dat a Rate – The maximum data rate at which the a ccess point transm its unicast pack ets on the wireles s interface . The maximu m transmi ssion distance is affected by the data ra te. The lowe r the data rate, the longer the transmi ssion distance . (Default: 54 M bps) Maximum Associate d Clients ?[...]
-
Page 98
Radio Interface 6-51 6 Super G – The Atheros pr oprietary Super G performanc e enhancem ents are suppo rted by the ac cess point. Th ese enhan cements inclu de bursting, compr ession, fast frames and dynamic turbo. M aximum th roughpu t ranges be tween 40 to 60 Mb ps for connections to Atheros- compatible clients . (Default: Dis abled) Radi o Mod[...]
-
Page 99
System Configurati on 6-52 6 Fragme ntation Le ngth – Con fig ure s the mi nimum p acket s ize tha t ca n be fra gmented when pass ing thr ough th e acces s poi nt. Fr agmentat ion of t he PDUs (Packag e Data Unit ) can increa se the reliab ility of transm issions be cause it increa ses the proba bility of a succ essful trans mission d ue to smal[...]
-
Page 100
Radio Interface 6-53 6 CLI Commands for Radi o Sett i n g s – Fr om the global co nfigurati on mode, enter the interfa ce wirele ss g command to access the 802.1 1g radio int erface. From the 802.1 1g inter face mode , you can acces s radio set tings that apply to all V AP interfaces . Use the turbo comm and to enabl e this fe ature be fore set t[...]
-
Page 101
System Configurati on 6-54 6 Configuring VAP Ra dio Settings T o configure V AP radi o settings, sel ect the Radi o Settings page. Default VLAN ID – The VLAN ID as signed to wi reless clients as sociated to the V AP interface t hat are not assign ed to a spec ific VLAN by RAD IUS serve r configurati on. (Default : 1) Closed Sy st em – W hen ena[...]
-
Page 102
Radio Interface 6-55 6 WP A2 PMKSA Life Time – WP A2 prov ides fast roa ming for authen ticated clien ts by retaining ke ys an d other s ecurity se ttings in a cach e for e ach V AP . In this w ay , when clients roam back into a V A P they had pr eviously bee n using, re-au thentica tion is not required . When a W P A2 clien t is first authent ic[...]
-
Page 103
System Configurati on 6-56 6 Rogue AP – A “rogu e AP” is either an acc ess poin t that is not author ized to participate in th e wireless net work, or an access p oint that doe s not have t he correct security configur ation. Rogu e APs c an allow u nauthori zed acce ss to the network, o r fool client stations into mistaken ly assoc iating wi[...]
-
Page 104
Radio Interface 6-57 6 rogue-ap scan c ommand. T o view th e database o f detect ed acce ss points, u se the show r ogue-ap comman d from the E xec level. Configuring Wi -Fi Multimedia Wireles s networks offer a n equal oppor tunity for all dev ices to trans mit data from any typ e of applica tion. Alth ough this is acceptable for most app lication[...]
-
Page 105
System Configurati on 6-58 6 WMM Operat ion — WMM use s traffic priority bas ed on the four ACs; V oice, V i deo, Best Effort, and Back ground. The higher the AC priority , t he higher the pr obability that data is transm itted. When the access point forwards tra ffic, WMM adds da ta packets to four independ ent transmi t queues , one for each AC[...]
-
Page 106
Radio Interface 6-59 6 Figure 6-1. WMM Backoff Wait Times For high-p riority traffic, the AIFSN an d CW value s are smaller . The smaller values equate to l ess backoff and wa it time, and th erefore mor e transmit opp ortunitie s. T o confi gur e WMM, select the R adio Set tin gs pa ge, and scr oll down t o the WMM configur ation setting s. AIFS R[...]
-
Page 107
System Configurati on 6-60 6 WMM – Sets the WMM operational mode on the ac cess point . When enabl ed, the parameter s for each AC queu e will be empl oyed on the acc ess point an d QoS capabilities ar e advertis ed to WMM-e nabled clien ts. (Default: Sup port) • D isable: WMM is disabled. • S upport: WM M will be used for any assoc iated dev[...]
-
Page 108
Radio Interface 6-61 6 CLI Commands for WMM – Enter inte rface wireless mo de and type wmm requ ired for clients that want to associa te with the ac cess point . The wmm-acknowledge-policy comma nd is use d to enable or disable a policy for e ach access ca tegory . The wmmpa rms c ommand defines detaile d WMM paramet e rs. T o view the current 80[...]
-
Page 109
System Configurati on 6-62 6 Securit y The access point is con figured by def ault as an “ope n system, ” which broad casts a beacon si gnal includin g the config ured SSID. W ireless clien t s with an SSID setting of “a ny” can re ad the SSI D from t he beacon an d automat icall y set their SSI D to allow im mediate conn ection to the near[...]
-
Page 110
Radio Interface 6-63 6 • Wi-F i Pr otecte d Acces s (WPA o r WPA2 )page 6- 73 Bot h WEP and WP A secu rity se ttings are conf igurab le sep arate ly f or e ach virt ual access po int (V AP) interfac e. MAC addre ss filtering, an d RADIUS se rver settin gs are global and apply to all V AP interfa ces. The sec urity me chanisms that m ay be employe[...]
-
Page 111
System Configurati on 6-64 6 Note: You must enable data encryption through the web or CLI in order to enable all types of encryption (WEP, TKIP, or AES) in the access point. The ac cess poin t can simul tane ously sup port cli ents us ing vari ous dif fer ent secur ity mech anisms. The conf igurat ion f or th ese sec urity c ombina tions are outl i[...]
-
Page 112
Radio Interface 6-65 6 802.1x W P A onl y Inte rface Deta il Settings : Authentica tion: WPA Encryption : Enable WP A Clie nts: Re quired Cipher Suite: TKI P 802.1x: Re quired Set 802.1x key refre sh and rea uthenticat ion rates Local only Y es WP A P re-Shared Key only Interfac e Detail S ettings: Authentica tion: WPA-PSK Encryption : Enable WP A [...]
-
Page 113
System Configurati on 6-66 6 Note: If you choose to configure RADIUS MA C authentication together wit h 802.1X, the RADIUS MAC addres s authentication occurs prior to 802.1X aut hentication. Only when RADIUS MAC authentication succeeds is 802.1X authentication performed. When RADIUS MAC authentication fails, 802.1X authentication is not performed. [...]
-
Page 114
Radio Interface 6-67 6 Before enab ling the radi o service for any V AP , first config ure the WEP , WP A, and 802.1X se curity setti ngs describ ed in the followi ng section s. After you have f inished configur ing the se curity setti ngs, return to the ma in Security page s hown b elow , start the required V A P interfaces by cl icking the Ena bl[...]
-
Page 115
System Configurati on 6-68 6 Enable – Enable s radio comm unications on the V AP i nterface. (D efault: Disabled ) Note: You must first enable VAP interface 0 before you can enable ot her VAP interfaces. SSID – The na me of the bas ic servic e set prov ided by a V AP int erface. Cl ient s that want to conn e ct t o the network through the acces[...]
-
Page 116
Radio Interface 6-69 6 • Al phanumer ic: Enter keys as 5 alphanum eric charact ers for 64 bit key s, 13 alphanu meric chara cters for 128 bi t keys, or 16 al phanumer ic character s for 152 bit keys . Key Numb er – Selects the ke y numbe r to use for en cryption for each V AP interface. If th e client s have all four keys co nfigur ed to the sa[...]
-
Page 117
System Configurati on 6-70 6 Note: To use 802. 1X on wireless cl ients requi res a network card driver and 802.1X client software that supports the EAP authentication type t hat you want to use. Windows 2000 S P3 or later and Windows XP provide 802.1X client support. Windows XP also provides native W PA suppor t. Other systems require additional cl[...]
-
Page 118
Radio Interface 6-71 6 Enterprise AP(config)#interface wireless g 7-88 Enter Wireless configuration commands, on e per line. Enterprise AP(if-wireless g)#key 1 128 as cii abcdeabcdeabc 7-117 Enterprise AP(if-wireless g)#vap 0 7-95 Enterprise AP(if-wireless g: VAP[0])#no 8 02.1X 7-65 Enterprise AP(if-wireless g: VAP[0])#auth entication shared 7-117 [...]
-
Page 119
System Configurati on 6-72 6 ----------------Security----------------- ------------------------------- Closed System : Disable d Multicast cipher : WEP Unicast cipher : TKIP an d AES WPA clients : DISABLE D WPA Key Mgmt Mode : PRE SHA RED KEY WPA PSK Key Type : PASSPHR ASE WPA PSK Key : EMPTY PMKSA Lifetime : 720 min utes Encryption : DISABLE D Def[...]
-
Page 120
Radio Interface 6-73 6 CLI Comm ands for WEP ov er 802.1X Security – Use th e vap comma nd to acces s each V AP interface to confi gure the sec urity setting s. First set 802.1X to required using the 80 2.1x comm and and set t he 802.1X key refresh r ates. Then, us e the aut hentica tion c omman d to select open sys tem authe ntication an d the e[...]
-
Page 121
System Configurati on 6-74 6 WP A Pre-Shar ed Ke y Mode (WP A-PSK, WP A2-PSK): F or enterprise de ployment, WP A requires a R ADIUS authenticati on server to be co nfigured o n the wired network . However, for small office networ ks that may not have the reso urces to configur e and maintain a RA DIUS ser ver , WP A pro vides a simp le operati ng m[...]
-
Page 122
Radio Interface 6-75 6 the cipher used for broadc ast frames i s always TKIP. W EP encryption i s not allowed. • Key Caching : WPA 2 provides f ast roaming for authenti cated client s by retainin g keys and other s ecurity in formation i n a cach e, so that if a client roams aw ay from an access point and t hen returns, re-authe ntication is n ot[...]
-
Page 123
System Configurati on 6-76 6 T o configure WP A, cli ck Security und er Radio A or Rad io G . Se lect one of the V AP interfaces by clicking Mor e. Select one of th e WP A opt ions in the Authe ntication Setup table, and then config ure the paramet ers displaye d beneath the table. The WP A configur atio n par ameter s are de scribe d belo w: Encr [...]
-
Page 124
Radio Interface 6-77 6 • W PA: Clients usin g WPA ove r 802.1X are acc epted for au thentication . • W PA-PSK: Clients using WPA with a Pre-shared Key are accepted for authenti cation. • W PA2: Clients us ing WPA2 ove r 802.1X are acce pted for authe ntication. • WPA2-PS K: Clients using WPA2 with a Pre-shared Key a re accepted for authenti[...]
-
Page 125
System Configurati on 6-78 6 CLI Commands for WP A Using Pre-shar ed Key Security – Be su re to first disabl e 802.1X port authenticat ion using the 802.1X comman d from the config uration mode . Then, from the 802.1 1g inte rface config uration mod e, use the vap command to acc ess e ach V AP i nte rface t o confi gur e other s ecuri ty sett ing[...]
-
Page 126
Radio Interface 6-79 6 CLI Commands for WP A Over 80 2.1X Se curity – First se t 802.1X to requ ired using the 802.1X comm and and set th e 802.1X key re fresh rates. The n 802.1 1g inte rface configur ation m ode, use the vap com mand to acces s each V AP interface to configur e other secur ity settings . From the V AP inter face configura tion [...]
-
Page 127
System Configurati on 6-80 6 Open the Sec urity page, and c lick More for one of the V AP int erfaces. Y ou can en able 802.1X as optional ly supported or as require d to enhance t he secu rity of th e wirele ss networ k. (Defa ult : Disa ble) • D isable: The access po int does n ot support 80 2.1X authe ntication for any wirel ess client. A fter[...]
-
Page 128
Radio Interface 6-81 6 • 802.1X Reauthentication Refre sh Rate: The time p e riod after which a co nnected client mus t be re-auth enticated. D uring the re- authenticati on process of verifying the clien t’s credential s on the RADI US server , the client rema ins conne cted the network . Only if re-aut hentica tion fails is net work acc ess b[...]
-
Page 129
System Configurati on 6-82 6 Status Information The S tatus page includes information on the following i tems: Access Point St atus The AP St a tus window displays b asic system c onfigurati on settings, as well as the settings for the wireless interface. Menu Descri ption Page AP Statu s Displays configur ation settin gs for the basic sys tem and [...]
-
Page 130
Status Information 6-83 6 AP S yste m Confi gurati on – The AP Syst em Config uratio n table dis plays th e basic system configurat ion setting s: • Sys tem Up Tim e: Length of tim e the manag ement agen t has been up. • MAC Ad dress: T he phys ical la yer addr ess fo r thi s devi ce. • Syste m Name: N ame assi gned to this sy stem. • Sys[...]
-
Page 131
System Configurati on 6-84 6 CLI Comm ands for Displ aying System Settings – T o view the current ac cess point system settings, use the show syst em command from t h e Exec mo de. T o view the current ra dio interface settings, us e the show in terf ace wireless g 0 co mmand (see page 7-108 ). Enterprise AP#show system 7-23 System Information ==[...]
-
Page 132
Status Information 6-85 6 St a tion S t atus The S tation S tatus w indow show s the wireless clients currently as sociated w ith the access po int. The S tation Configurat ion page display s basic conn ection infor mation for al l associa ted stations as described be low . Note th at this page is autom atically refreshe d every five seconds. • S[...]
-
Page 133
System Configurati on 6-86 6 shared- key app roach uses Wired Equivalent Privacy (W EP) to ver ify client identity by distribu ting a share d key to statio ns before atte mpting auth enticatio n. • A ssociated: Shows if t he station ha s been suc cessfully a ssociate d with the a ccess point. Onc e authenti cation is com pleted, statio ns can ass[...]
-
Page 134
Status Information 6-87 6 CLI Comm ands fo r Displaying Station S tatus – T o view status of clients curren tly associa ted with the ac cess point, us e the show station c ommand from th e Exec mode. Enterprise AP#show station 7-109 Station Table Information ========================================= ================== if-wireless G VAP [0] : 802.[...]
-
Page 135
System Configurati on 6-88 6 Event Logs The E vent Logs window shows the log messages genera ted by t he acce ss point and stored in memo ry . The E vent Logs table disp lays the follow ing inform ation: • Lo g Time: The ti me the log mes sage was gen erated. • E vent Level: Th e logging leve l associated with this mess age. For a desc ription [...]
-
Page 136
Status Information 6-89 6 CLI Commands for Displayi ng Ev en t Logs – T o view the access point log en tries, use the show event-lo g command f rom the Exec mode. T o clear all log entr ies from the acces s point, use t he logging clear comm and from th e Global Conf iguration mode. Enterprise AP#show event-log 7-33 Mar 09 11:57:55 Information: 8[...]
-
Page 137
System Configurati on 6-90 6[...]
-
Page 138
7-1 Chapter 7: Command Line Interf ace Using the Command Line Interface Acces sing the CLI When acc essing the managemen t interface for the over a dire ct connec tion to the console port, or via a T elnet con nection, the access poin t can be ma naged by entering command ke ywords an d parameters at the prompt . Using the ac cess point’s comm an[...]
-
Page 139
Command Line In terface 7-2 7 If your cor porate netw ork is conne cted to anothe r network outside your office or to the Int ernet, you need to apply for a register ed IP ad dress. However, if you a re attached to an isolated net work, then yo u can use any IP address th at matches t he network segment to w hich you are a ttached. After you conf i[...]
-
Page 140
Entering Comman ds 7-3 7 Command Com pletion If you termi nate input wi th a T ab key , th e CLI will print the remaini ng characte rs of a partial keyw ord up to the poi nt of ambiguity . In the “configure” example, ty ping con followed by a tab will res ult in pri n ting t h e command u p to “ configure .” Getting He lp on Command s Y ou [...]
-
Page 141
Command Line In terface 7-4 7 Partial Keyword L ookup If you termi nate a partial keyw ord with a ques tion mark, alternatives that match th e initial lette rs are provide d. (Remem ber not to leav e a space betwe en the comman d and quest ion mark.) For example “ s? ” shows all the keyw ords starting wi th “s.” Negating the Effect of Comma[...]
-
Page 142
Entering Comman ds 7-5 7 Exec Comm ands When yo u open a n ew cons ole session on an a ccess poin t, the syst em enter s Exec comm and mode. Only a limi ted num ber of the co mmand s are avai lable in th is mode. Y ou can ac cess all ot her commands only from the configur ation mode. T o ac cess Exec mod e, open a new console sess ion with the use [...]
-
Page 143
Command Line In terface 7-6 7 Command Li ne Processing Comma nds are not ca se sensiti ve. Y ou can ab breviate commands and parameters as long as they contain enoug h letters to diff e rentiate th em from any ot her curre ntly availabl e comman ds or paramete rs. Y ou can use the T ab key to co mplete partial comm ands, or en ter a partial c omman[...]
-
Page 144
General Commands 7-7 7 The access mode sho wn in the follow ing tables is indicat ed by these ab breviation s: Exec (Executive Mode ), GC (Globa l Config uration), IC-E (Interface-Eth ernet Conf igurat ion), IC-W (In terface-W ireless Con figuration) , and IC-W-V AP (Interfac e-Wireless V AP Con figuratio n). General Commands SNMP Configures commun[...]
-
Page 145
Command Line In terface 7-8 7 configure This c ommand activates Global C onfigu ration mo de. Y ou must e nter this mode to modify mo st of the settings o n the a ccess po int. Y ou must also enter Global Configu ration mode prior to enabli ng the contex t modes for Int erface Conf iguration. See “Usin g the Comma nd Line Interfa ce” on page 1.[...]
-
Page 146
General Commands 7-9 7 Example This examp le shows ho w to return to the Ex ec mode fro m the Interfac e Configu ration mode , and then quit the CLI session : ping This comm and sends ICMP echo request packets to an other node on the network . Syntax ping < host _name | ip_a ddress > • host_na me - Alias of th e host. • ip_addres s - IP a[...]
-
Page 147
Command Line In terface 7-10 7 reset This comm and restarts the sy stem or rest ores the fac tory default se ttings. Syntax reset < bo ard | c onfiguration > • board - Rebo ots the system . • co nfi gur ation - Rese ts the configura tion se ttings to the fac tory def aults, and then r eboots the s ystem. Default Sett in g None Command Mod[...]
-
Page 148
System Management C ommands 7-11 7 show lin e This comm and displ ays the conso le port’s configur ation setting s. Command Mode Exec Example The consol e port setting s are fixed at t he values sho wn below . System Management Co mmands Thes e comma nds ar e used t o conf igure the u ser name , pass word, s ystem l ogs , browser manageme nt opti[...]
-
Page 149
Command Line In terface 7-12 7 country This comm and conf igures the acc ess point’s count ry code, whi ch identifies the coun try of oper atio n and set s the aut horize d radio ch annels. Syntax country < countr y_cod e > country_code - A two character code that identifies the cou ntry of operation. See the following table for a full list[...]
-
Page 150
System Management C ommands 7-13 7 Default Sett in g US - for units so ld in the Un ited S tates 99 (no coun try set) - for uni t s sold in ot her countrie s Command Mode Exec Belarus BY Gree ce GR M alta M T Syria SY Belgium BE G uatemala GT Mexico MX T aiw an TW Hondura s HN Mona co MC Tha iland TH Belize BZ Hong Kong HK M orocco MA Trinidad &[...]
-
Page 151
Command Line In terface 7-14 7 Command Usage • If y ou purcha sed an acc ess point out side of the U nited States , the count ry code mus t be set befo re radio functi ons are enabl ed. • The availabl e Country C ode sett ings can be d isplayed by using th e country ? comm and. Example prompt Thi s command custom izes the CL I prompt . Use t he[...]
-
Page 152
System Management C ommands 7-15 7 Command Mode Global Co nfiguration Example username Thi s command confi gures t he us er name for ma nagem ent acc ess. Syntax usernam e < name > name - The name of the user . (Length: 3-16 characters, case sensitive) Default Sett in g admin Command Mode Global Co nfiguration Example passwo r d After initial[...]
-
Page 153
Command Line In terface 7-16 7 ip ssh-se r ver enable This comm and enable s the Secure She ll server . Use the no form to di sable th e serv er . Syntax ip ssh- server e nable no ip ssh-s erver Default Sett in g Interface en abled Command Mode Interface C onfigurat ion (Ethernet ) Command Usage • The access poi nt supports Se cure Shel l version[...]
-
Page 154
System Management C ommands 7-17 7 ip telnet-se rver enable This comm and enable s the T e lnet serve r . U se the no form to disable t he server . Syntax ip te lnet-s erver ena ble no i p t eln et-ser ver Default Sett in g Interface en abled Command Mode Interface C onfigurat ion (Ethernet ) Example ip http port This comm and specif ies the TCP po[...]
-
Page 155
Command Line In terface 7-18 7 ip http serv er This c ommand allows t his devic e to b e mon itored or configured from a brows er . Us e the no form to d isabl e this function. Syntax ip http server no ip http server Default Sett in g Enabled Command Mode Global Co nfiguration Example Related Commands ip htt p port (7-18 ) ip https port Use this c [...]
-
Page 156
System Management C ommands 7-19 7 Example ip https se rver Use this com mand to ena ble the secu re hypertext trans fer protocol (HTTPS) over the Secur e Socket Laye r (SSL), pro viding sec ure access (i .e., an encr ypted connect ion) to the acc ess point’s Web inter face. Use the no form to d isable this func tion . Syntax ip htt p s server no[...]
-
Page 157
Command Line In terface 7-20 7 web-red irect Use this command to ena ble web-b ased authen tication of cl ients. Use the no form to disabl e this function . Syntax [ no ] we b-redirect Default Sett in g Disabled Command Mode Global Co nfiguration Command Usage • The w eb redirect feature is use d to support billing for a publ ic access wireless n[...]
-
Page 158
System Management C ommands 7-21 7 APmgmtIP This comm and specif ies the clien t IP addresses that are allow ed manage ment access t o the access po int through va rious prot ocols. Cauti on: Secure Web (HT TPS) connections are not affected by the UI Management or IP Management set tings. Syntax APmgmtIP < multiple IP _address sub net_mask | sin[...]
-
Page 159
Command Line In terface 7-22 7 APmgmtUI This comm and enabl es and disab les manage ment acce ss to the acce ss point through SN MP , T elnet and we b interfaces . Cauti on: Secure Web (HTT PS) connections are not affected by the UI Management or IP Management set tings. Syntax APmgmtUI < [ SNMP | Te l n e t | Web ] enabl e | disable > • SN[...]
-
Page 160
System Management C ommands 7-23 7 show sy stem Thi s command dis plays basi c system conf igurat ion setti ngs. Default Sett in g None Command Mode Exec Example Enterprise AP#show system System Information System Information ========================================= ===================== Serial Number : System Up time : 0 days, 1 hours, 34 minutes[...]
-
Page 161
Command Line In terface 7-24 7 show ve rsion This com mand disp lays the softw are vers ion for the sys tem. Command Mode Exec Example show co nfig This c ommand displays detailed c onfigurati on info rmation for the sy stem. Command Mode Exec Example Enterprise AP#show version Version Information ========================================= Software [...]
-
Page 162
System Management C ommands 7-25 7 Hardware Version Information ========================================= == Hardware version R01A ========================================= == Ethernet Interface Information ======================================== IP Address : 192.168.0.151 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.0.1 Primary DNS : 210[...]
-
Page 163
Command Line In terface 7-26 7 Logging Information ========================================= ============ Syslog State : Disabled Logging Console State : Disabled Logging Level : Informationa l Logging Facility Type : 16 Servers 1: 0.0.0.0 , UDP Port: 514, St ate: Disabled 2: 0.0.0.0 , UDP Port: 514, St ate: Disabled 3: 0.0.0.0 , UDP Port: 514, St [...]
-
Page 164
System Management C ommands 7-27 7 dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot 11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSu[...]
-
Page 165
Command Line In terface 7-28 7 show hard ware Thi s command di spla ys the har dwar e versio n of the syst em. Command Mode Exec Example System Logging Comman ds Thes e command s are us ed to confi gure syst em loggin g on the acc ess poi nt. SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLED WEB Redirect : DISABLED DHCP Relay : DISA[...]
-
Page 166
System Logging C ommands 7-29 7 logging on This comm and contro ls logging of error messag es; i.e., sen ding debug or error message s to me mory . The no form disable s the loggin g process. Syntax [ no ] logging on Default Sett in g Disabled Command Mode Global Co nfiguration Command Usage The lo gging pro cess co ntrols er ror mes sages s aved t[...]
-
Page 167
Command Line In terface 7-30 7 Example logging co nsole This comm and initia tes logging of error messag es to the cons ole. Use the no form to d isable loggi ng t o the co nsole. Syntax logging conso le no logging console Default Sett in g Disabled Command Mode Global Co nfiguration Example logging lev el This comm and sets the min imum sever ity [...]
-
Page 168
System Logging C ommands 7-31 7 Command Usage Messag es sent includ e the select ed level down to Emergency l evel. Example logging fac ility-type This comm and sets the fa cility type for r emote loggi ng of syslog messages. Syntax logging facility-type < type> type - A number t hat indicates the facility used by t he syslog server to dispat[...]
-
Page 169
Command Line In terface 7-32 7 Command Usage The comm and spec ifies the facility ty pe tag sent in syslog m essages . (See RFC 3164. ) This type has no effect on the kind of m essages reported by the acce ss point. Howeve r , it may be use d by the sysl og server to so rt mes sages or to store me ssages in the c orresp onding da tabase. Example lo[...]
-
Page 170
Syst em Cl ock C omma nds 7-33 7 show ev ent-log This comm and displ ays log mess ages stored in the acces s point’s memory . Syntax show event-l og Command Mode Exec Example System Clock Command s Thes e comma nds are used to config ure SNTP and system c lock s ettings on the access po int. Enterprise AP#show event-log Mar 09 11:57:55 Informatio[...]
-
Page 171
Command Line In terface 7-34 7 sntp-ser ver ip This comm and sets the IP addr ess of the se rvers to which SN TP time reques ts are issued. U se the this com mand with no argumen t s to clear all time serve rs from the current l ist. Syntax sntp -server ip < 1 | 2 > < ip> • 1 - Firs t time s e rver. • 2 - Second time server. • ip [...]
-
Page 172
Syst em Cl ock C omma nds 7-35 7 Command Mode Global Co nfiguration Command Usage The time ac quired from time server s is used to recor d accurate da tes and times for log ev ents. Without SNTP , the acces s point only re cords the time starting fr om the factory d efault s et at the last b ootup (i.e ., 00:14: 00, Ja nuary 1, 19 70). Example Rela[...]
-
Page 173
Command Line In terface 7-36 7 sntp-ser ver dayl ight-s avi ng This comm and sets the start an d end dates fo r daylight sa vings time. Use the no form to disa ble daylight savings tim e. Syntax sntp-server daylight-saving no sntp-serv er daylight-saving Default Sett in g Disabled Command Mode Global Co nfiguration Command Usage The comm and sets t[...]
-
Page 174
Syst em Cl ock C omma nds 7-37 7 Command Usage This c ommand sets the loc al time zone r elative t o the C oordinated Univer sal T ime (UT C, for merly Greenw ich Mean Ti me or GMT), based on th e earth’ s prime m eridian, zero de grees lon gitude. T o d isplay a time correspon ding to your l ocal time , you m ust indicat e the nu mber o f hours [...]
-
Page 175
Command Line In terface 7-38 7 DHCP Relay Commands Dynami c Host Configur ation Protoc ol (DHCP) can dy namical ly allocate an IP addr ess and ot her confi gurati on infor mation t o netw ork cli ent s that br oadcast a request. T o receive the broadcast reque s t, the DHCP server would normally have to be on the same subnet as the client. Ho wever[...]
-
Page 176
DHC P Relay Co mmands 7-39 7 dhcp-re lay This c ommand configur es the p rimary and se condary D HCP server a ddresse s. Syntax dhcp-relay < primary | seconda ry > < ip_addre ss > • primary - The primary DHCP server. • secondar y - The secon dary DHC P server. • ip_addres s - IP addres s of the server. Default Sett in g Pri mary a[...]
-
Page 177
Command Line In terface 7-40 7 SNMP Command s Controls a ccess to thi s access po int from mana gement stati ons using the Si mple Network M anagemen t Protocol (S NMP), as well as the hosts that will receive trap messag es. T able 7-9. S NMP Comman ds Comman d Funct ion Mo de Page snmp -serve r co mmunit y Sets up the c ommunit y acces s stri ng t[...]
-
Page 178
SNMP Commands 7-41 7 snmp- server com munity This comm and define s the comm unity acce ss string for th e Simple Networ k Manage ment Protoc ol. Use the no form to remo ve the speci fied co mmunity string. Syntax snmp-s erver commu nity strin g [ ro | rw ] no snmp-s erver communi t y st ring • strin g - Commu nity string th at acts like a pass w[...]
-
Page 179
Command Line In terface 7-42 7 Command Mode Global Co nfiguration Example Related Commands snmp -server l ocatio n (7-43) snmp- server loc ation This comm and sets the sys tem loca tion string. Us e the no form to remove the location string. Syntax snmp-s erver location < text > no snmp-s erver location text - St ri ng that describes the syst[...]
-
Page 180
SNMP Commands 7-43 7 Command Mode Global Co nfiguration Command Usage • Thi s comman d enable s both authen tication failu re notificatio ns and link-up-do wn notifi cations. •T h e snmp-s erver h o st command specifi es the host devic e that will receive SNMP notificatio ns. Example Related Commands snmp- server ho st (7-44) snmp- server hos t[...]
-
Page 181
Command Line In terface 7-44 7 Command Usage The snmp- ser ver hos t comman d is us ed in c onj unctio n wi th t he snmp-s erver enabl e server com mand to enab le SNMP not ifications . Example Related Commands snmp- server enable server (7-4 3) snmp- server tr ap This comm and enable s the access po int to send spec ific SNMP traps (i.e., notifica[...]
-
Page 182
SNMP Commands 7-45 7 - dot1xAuthFa il - A 802.1X c lien t s tation has failed RA DIUS authenti cation. - dot1xSupp Authenticate d - A supplicant station has bee n success fully authenticated by the RADIUS server - localMa cAddrAu thSucces s - A client stati on has succ essfully authenti cated its MAC address wi th the local da tabase on th e access[...]
-
Page 183
Command Line In terface 7-46 7 snmp- server eng ine-id This command is u sed for SNMP v3 . It is u sed to unique ly identi fy the access p oint among all access points in the network. U se the no f orm to d elete the engine I D. Syntax snmp-s erver engine-id < e ngine-id > no sn mp-serve r engine-id engine-id - Enter engine-id in hexadecimal [...]
-
Page 184
SNMP Commands 7-47 7 • The SNM P engi ne ID is used to compu te the a uthentic ation/privac y dige sts from th e pass ph rase. You s hould theref ore config ure the eng ine ID wit h the snmp-s er ver eng ine-id c ommand be fore using this c onfigurati on comm and. • The access poi nt enables SN MP v3 users to be assigne d to three pre-defi ned [...]
-
Page 185
Command Line In terface 7-48 7 Example snmp- server tar gets This c ommand configur es SNM P v3 no tification targets. Use the no form to del ete an SNMP v3 target . Syntax snmp-s erver target s < t a rget -id > < ip-add r > < sec-nam e > [ version { 3 }] [ udp-port { port-number }] [ notification-type { TRAP }] no snmp-s erver ta[...]
-
Page 186
SNMP Commands 7-49 7 snmp- server filte r This comm and confi gures SNMP v 3 notificati on filters. Use the no form to delete an SNMP v3 filter or remove a subtree from a filter . Syntax snmp-s erver filter < f ilter-id > < include | exclud e > < subtre e > [ mask { mask }] no snmp-s erver filter < fi lter-id > [ subtree ] ?[...]
-
Page 187
Command Line In terface 7-50 7 snmp- server filte r-assignments This comm and assign s SNMP v3 notification fil ters to targets. Use the no form to remove an SNMP v3 filte r assign ment. Syntax snmp-s erver filter-ass i gnmen t s < t arg et-id > < filte r-id > no snmp-s erver filt er-ass ign ment s < target -id > • targ et-id - [...]
-
Page 188
SNMP Commands 7-51 7 Example show sn mp users This c ommand displays the SNM P v3 u sers a nd setting s. Syntax show s nmp user s Command Mode Exec Example show sn mp group-assignme nts This comm and displ ays the SNMP v3 user group ass ignments. Syntax show s nmp group-assign ments Command Mode Exec Enterprise AP#show snmp groups GroupName :RO Sec[...]
-
Page 189
Command Line In terface 7-52 7 Example show sn mp target This command dis plays the SNMP v3 notif ication target setti n gs. Syntax show snmp t arget Command Mode Exec Example show sn mp filter Thi s command displa ys the S NMP v3 no tific ation f ilter settin gs. Syntax show s nmp filter [ filter -id ] • filter-id - A us er-defined name that ide[...]
-
Page 190
SNMP Commands 7-53 7 show sn mp filter-assignme nts This comm and displ ays the SNMP v3 notificatio n filter assign ments. Syntax show snmp fi lter-a ssignmen ts Command Mode Exec Example Enterprise AP#show snmp filter-assignment s HostID Filt erID mytraps trap filter Enterprise AP#[...]
-
Page 191
Command Line In terface 7-54 7 show sn mp This comm and displ ays the SNMP co nfigurati on settings. Command Mode Exec Example Enterprise AP#show snmp SNMP Information ========================================= ===== Service State : Disable Community (ro) : ******** Community (rw) : ******** Location : R&D 2 Contact : David EngineId :80:00:07:e5[...]
-
Page 192
Flash/File Comman ds 7-55 7 Flash/File Commands These c omman ds are u sed to mana ge the s ystem c ode or configurat ion file s. bootfile This comm and specif ies the imag e used to start up th e system. Syntax bootfile < filename > filename - Name of the i mage file. Default Sett in g None Command Mode Exec Command Usage • The file name s[...]
-
Page 193
Command Line In terface 7-56 7 copy This comm and copies a boot file, co de image, or co nfiguration f ile between th e access po int’s flash memor y and a FTP/TF TP server . W hen you save t he configur ation setting s to a file on a FTP/TFT P server , that file can later be downloa ded to the a ccess po int to rest ore system operation . The su[...]
-
Page 194
Flash/File Comman ds 7-57 7 The follow ing example sh ows how t o download a co nfiguratio n file: delete This comm and delete s a file or image . Syntax delete < filena me > filename - Name of the configurati on file or image name. Default Sett in g None Command Mode Exec Cauti on: Beware of deleting app lication images from flash memory. At[...]
-
Page 195
Command Line In terface 7-58 7 dir This command dis p lays a list of files in fl a sh memory . Command Mode Exec Command Usage File info rmation is shown below: Example The follow ing example sh ows how t o display all fil e informatio n: show boo tfile Thi s command displa ys the n ame of the current operat ion code file tha t boot ed th e system [...]
-
Page 196
RADIUS Client 7-59 7 RADIUS Client Remote Authenticati on Dial-in User Service (RADIUS ) is a logon authe ntication protoc ol that uses softwar e running on a central serve r to contro l access for RADIUS -aware dev ices to the net work. An au thentication server contains a database of cr edentials, such as users na mes and pass words, for each wir[...]
-
Page 197
Command Line In terface 7-60 7 Command Mode Global Co nfiguration Example radius- server port This command set s the RADIUS server network port. Syntax radius-server [ secondar y ] por t < port _num ber> • secondar y - S econdar y ser ver. • port_n umber - R ADIUS server UD P port u sed fo r authenti cation mes sages. (Range: 1 024-655 35[...]
-
Page 198
RADIUS Client 7-61 7 radius- server retransmi t This c ommand sets the number o f retrie s. Syntax radius-server [ secondar y ] retransmi t num ber_of_ret ries • secondar y - S econdar y ser ver. • number _of_retries - Number o f times t he access poi n t will try to authenti cate logon access via th e RADIUS se rver. (Ran ge: 1 - 30) Default S[...]
-
Page 199
Command Line In terface 7-62 7 radius- server port-accountin g This comm and sets the RAD IUS Accou nting server network port. Syntax radius-server [ secondar y ] port-accoun ting < port _number> • secondar y - Secondary s erver. If s econdary is not specified, then the access po int assum es you are conf iguring the primary RA DIUS serve r[...]
-
Page 200
RADIUS Client 7-63 7 Example radius- server radius-mac-fo r mat This comm and sets the f ormat for sp ecifying M AC address es on the RAD IUS server. Syntax radius-server radius- m ac -format < mu lti- colon | multi -dash | no-delimiter | single-da sh > • multi-colon - Ente r MAC address e s in t h e form x x:xx: x x:xx: x x:xx. • multi-d[...]
-
Page 201
Command Line In terface 7-64 7 show radi us This comm and displ ays the curr ent settings for the RADIUS server . Default Sett in g None Command Mode Exec Example Enterprise AP#show radius Radius Server Information ======================================== Status : Disabled IP : 0.0.0.0 Port : 1812 Key : ***** Retransmit : 3 Timeout : 5 Accounting P[...]
-
Page 202
802.1X Authentication 7-65 7 802.1X Authentication The access point suppo rts IEEE 802.1X access con trol for wireless clients. This contro l feature prevents una uthorized a ccess t o the net work by requiring an 802.1X client ap plication to su bmit user cr edentials for au thentica tion. Client au thenticat ion is then verifi ed by a RADIUS serv[...]
-
Page 203
Command Line In terface 7-66 7 Command Mode Global Co nfiguration Command Usage • When 802. 1X is di sa bled , the a ccess point does no t suppo rt 802. 1X authenti cation for an y station. Afte r successf ul 802.11 ass ociation, each client is a llowed to acc e ss the network. • W hen 802.1 X is supported, the access po int support s 802.1X au[...]
-
Page 204
802.1X Authentication 7-67 7 comm and specifie s the interval after which un icast sess ion keys are changed. • D ynamic broa dcast key rotation allo ws the acce ss point to gene rate a random group key and pe riodically up date all ke y-manage ment capab le wir eless cl ients. Example 802.1x s ession-key-refresh -rate This comm and sets the inte[...]
-
Page 205
Command Line In terface 7-68 7 Command Mode Global Co nfiguration Example 802.1x-s upplicant enable This comm and enable s the access po int to operat e as an 802.1X su pplicant for authenti cation. Use th e no form to di sable 802 .1X auth enti cation of th e access point. Syntax 802.1x-su pplicant enable no 802.1x -supplicant Default Disabled Com[...]
-
Page 206
802.1X Authentication 7-69 7 Command Mode Global Co nfiguration Command Usage The access point currently on ly supports EAP-MD 5 CHAP for 802. 1X supplicant authe ntication. Example show au thentication This co mmand sh ows all 80 2.1X authe ntication settings, as well as the addre ss filter table. Command Mode Exec Example Enterprise AP(config)#80[...]
-
Page 207
Command Line In terface 7-70 7 MAC Address Authenticati on Use these commands to define MAC authentica tion on the acce ss point. Fo r local MAC au thentication , first define th e default filteri ng policy usin g the address filter default c ommand. Then enter the MAC addre sses to be filtered, indica ting if they are allowed or denied. For RA DIU[...]
-
Page 208
MAC Address Authentication 7-71 7 Related Commands address filter entry (7-7 2) 802. 1x-sup plican t user (7- 69) addres s filter en try This comm and enters a MAC addre ss in the filter table. Syntax address f ilter entry < ma c-addre ss> < allowed | denie d > • mac-a ddress - Physi cal ad dress o f clien t. (Ent er six pairs o f he [...]
-
Page 209
Command Line In terface 7-72 7 Command Mode Global Co nfiguration Example Related Commands 802. 1x-sup plican t user (7- 69) mac- auth entica tio n serve r Thi s command sets address filte ring to be perf ormed w it h lo cal or remot e optio ns. Use t he no form to disa ble MAC ad dress authe ntication . Syntax mac-au thenticati on server [ local |[...]
-
Page 210
Filtering C ommands 7-73 7 Default 0 (disable d) Command Mode Global Co nfiguration Example Filtering Commands The com mands described in this s ection ar e used to filter co mmunicat ions betwe en wireless clients, control acc ess to the m anagem ent interface f rom wireles s clients, and filter tra ffic using specif ic Ethernet pr otocol types . [...]
-
Page 211
Command Line In terface 7-74 7 Global Co nfiguration Command Usage This comm and can di sable wirele ss-to-wirel ess comm unications between cli ent s via th e acces s point. Howe ver , it doe s not af fect commu nicati ons between wireless cl ients and the wired net work. Example filter ap -manage This comm and prev ents wireless clients fro m acc[...]
-
Page 212
Filtering C ommands 7-75 7 filter uplink This comm and adds o r deletes MAC addresses from the uplink filtering table. Syntax filter uplink < add | delete > MAC address MAC address - S pecifies a MAC address in the form xx-xx- xx-xx-xx-xx. A maximum of eight addresses can b e added to the filtering table. Default Disabled Command Mode Global [...]
-
Page 213
Command Line In terface 7-76 7 Example Related Commands filter e thernet-type proto col (7-77) filter et hernet-type proto col Thi s command set s a f ilter for a sp ecifi c Ether net type. Use the no form to dis able filtering for a s pecific Ethern et type. Syntax fil ter et hernet -type p rotocol < protocol > no filter ethernet-t ype proto[...]
-
Page 214
WDS Bridge Comman ds 7-77 7 show filte rs This comm and shows the filter option s and protoc ol entries in the filter table. Command Mode Exec Example WDS Bridge Commands The com mands describ ed in th is secti on are us ed to set the opera tion mode for each access point interface and configure WIre less Distrib ution System (WDS) forwar ding tabl[...]
-
Page 215
Command Line In terface 7-78 7 bridge role (WDS) This comm and selects the b ridge ope ration mode for the radio inter face. Syntax bridge role < ap | repeater | bridge | r oot-bridge > • ap - O perates only as an access po int for wirele ss clients . • rep eat er - Oper ates as a wireles s repeater , extending th e range for rem ote wire[...]
-
Page 216
WDS Bridge Comman ds 7-79 7 Default Sett in g None Command Mode Interfa ce Configurat ion (Wireles s) Command Usage Every brid ge (except th e root bridge) in the wireless br idge networ k must specify t he MAC add ress of the parent bridge th at is linked to the root brid ge, or th e root bri dge it self . Example bridge-link child This comm and c[...]
-
Page 217
Command Line In terface 7-80 7 bridge dynamic -entry age-time This comm and sets the time f or aging out dyn amic entri es in the WDS for warding table. Syntax bridge dynam ic-entry age-time < seconds > seconds - The time to age out an address entry . (Range: 10-10000 seconds). Default Sett in g 300 secon ds Command Mode Global Co nfiguration[...]
-
Page 218
WDS Bridge Comman ds 7-81 7 show bridg e filter-entry This comm and displ ays current entr ies in the WDS fo rwarding table . Command Mode Exec Example show bridg e link Thi s command displa ys WDS br idge l ink and sp anning tree se tting s fo r speci fied int erfa ces . Syntax sh ow br idge l ink < et hernet | wireless < g > [ index ]>[...]
-
Page 219
Command Line In terface 7-82 7 Example Enterprise AP#show bridge link wireless a Interface Wireless A WDS Information ==================================== AP Role: Bridge Parent: 00-12-34-56-78-9a Child: Child 2: 00-08-12-34-56-de Child 3: 00-00-00-00-00-00 Child 4: 00-00-00-00-00-00 Child 5: 00-00-00-00-00-00 Child 6: 00-00-00-00-00-00 STAs: No WD[...]
-
Page 220
Spanning Tree Commands 7-83 7 Spanning Tree Command s The comm ands des cribed in this se ction are used to set the MA C address table aging time a nd spanning tre e parameters for bo th the Etherne t and wireless int erfa ces . bridge stp enable This comm and enable s the S panning T r ee Protocol. Us e the no form to di sable t he S panning Tree [...]
-
Page 221
Command Line In terface 7-84 7 bridge stp forwarding-d elay Use t his co mmand to co nfigur e the span ning tre e bridge forw ard time gl oball y for t he wir eless br idge . Use the no form to re store the defa ult. Syntax bridge stp forwa r ding -delay < secon ds > no bridge stp forw arding-delay seconds - T ime in seconds. (Range: 4 - 30 s[...]
-
Page 222
Spanning Tree Commands 7-85 7 Example bridge stp max-age Use this command to con figure the spann ing tree br idge maxim um age glob ally for the wirel ess brid ge. Use the no f o rm to restor e the default . Syntax bridge stp m ax-age < seco nds > no bridge stp max - age seconds - T ime in seconds. (Range: 6-40 seconds) The minimum value i s[...]
-
Page 223
Command Line In terface 7-86 7 Command Mode Global Co nfiguration Command Usage Bridge prior ity is used in sele cting the root de vice, root por t, and designa ted port. The de vice with the hi ghest priorit y becomes t he STP root device . Howeve r , if all devices ha ve the sam e priority , th e device with the lo west MA C address will then bec[...]
-
Page 224
Spanning Tree Commands 7-87 7 Default Sett in g 128 Command Mode Interface Config uration Command Usage • Thi s comman d defines the pr iority for the us e of a port in the Span ning Tree Protoco l. If the path cost for all ports on a wire less bridge ar e the same, th e por t wi th the high est pri orit y (that is, lowest val ue) wil l be confi [...]
-
Page 225
Command Line In terface 7-88 7 Ethernet Interface Comm ands The comm ands des cribed in this se ction confi gure connect ion parameter s for the Ethernet p ort and wireless interface. interfac e ethernet This comm and enters Ethernet int erface configu ration mode. Default Sett in g None Command Mode Global Co nfiguration Example T o specif y the 1[...]
-
Page 226
Ethernet Interfac e Commands 7-89 7 dns se rver Thi s command specif ies th e ad dre ss fo r the prim ary or s econdar y domai n name ser ver to b e used f or name -to-ad dress re soluti on. Syntax dns p rimary-serve r < s erve r-addre ss> dns seco ndary-ser ver < se rver-addr ess> • pri mary-se rve r - Primar y server used for name r[...]
-
Page 227
Command Line In terface 7-90 7 Command Mode Interface C onfigurat ion (Ethernet ) Command Usage • DHCP is enabled by default. To manually configure a new IP address, you must fi rst disable th e DHCP cl ie nt with the no ip dhcp com mand. • Y ou must ass ign an IP addr ess to this device to gain man agement ac cess over the ne twork or to conne[...]
-
Page 228
Ethernet Interfac e Commands 7-91 7 • When you use this command, the access point will begin broadc asting DHCP client request s. The current IP ad d ress (i. e ., default or manually configur ed address) will continue t o be effective until a DHCP rep ly is rec eived. Requ ests wi ll be b roadcas t peri odicall y by t his devi ce in an effo rt t[...]
-
Page 229
Command Line In terface 7-92 7 shutdown This comm and disabl es the Etherne t interface. T o restart a disa bled interfac e, use the no form. Syntax sh ut down no shutdown Default Sett in g Interface en abled Command Mode Interface C onfigurat ion (Ethernet ) Command Usage This comm and allows you to disable the Et hernet port du e to abnorma l beh[...]
-
Page 230
Wireless Interface Comman ds 7-93 7 Example Wireless Interface Com mands The comm ands des cribed in this se ction confi gure connect ion parameter s for the wir eless in terfac es. Enterprise AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.2.2 Subnet Mask : 255.255.255.0 Defau[...]
-
Page 231
Command Line In terface 7-94 7 beacon-in terval Con figures the rate at wh ich beaco n signals are transmit ted from th e access point IC-W 7-10 2 dtim-perio d Configures the rate a t which sta tions in sl eep mode must wa ke up to r eceive bro adcast/mu lticast transmis sions IC-W 7-10 3 fragmenta tion- leng th Con figures the minimum packet siz e[...]
-
Page 232
Wireless Interface Comman ds 7-95 7 interfac e wireless This comm and enters wireless inter face configu ration mode . Syntax inte rfac e wireless < g > • g - 802.11 g radio interfa ce. Default Sett in g None Command Mode Global Co nfiguration Example T o spe cif y th e 802.1 1g i nterf ace, enter the follow ing command: vap This command pr[...]
-
Page 233
Command Line In terface 7-96 7 speed This comm and conf igures the ma ximum data ra te at which the ac cess point transmi ts unicast packets. Syntax speed < s peed> speed - Maximum access speed allowed for wireless client s. (Options for 802.1 1b/g: 1, 2, 5.5, 6, 9, 1 1, 12, 18, 24, 36, 48, 54 Mbps) Default Sett in g 54 Mb ps Command Mode Int[...]
-
Page 234
Wireless Interface Comman ds 7-97 7 chan nel This c ommand configur es the r adio cha nnel thr ough wh ich the access point comm unicates wi th wireless c lients. Syntax channel < c hannel | aut o > • channel - Manually se ts the radio ch annel use d for commun ications w ith wireless clients. (Ran ge for 802.1 1b/g: 1 to 11 ) • auto - Au[...]
-
Page 235
Command Line In terface 7-98 7 Default Sett in g ful l Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • The “min” key word indica tes minimum power. • The longer the tra nsmission distance, the higher the transmission power required . But to support the m aximum num ber of users in an area, you must keep t he power as low [...]
-
Page 236
Wireless Interface Comman ds 7-99 7 Example preamble This comm and sets the lengt h of the signal pr eamble that is used at the start of a 802.1 1b/g data tran smission. Syntax preamb le [ long | s hort ] • lon g - Sets the pr eamble to lo ng (192 micro seconds) . • short - Sets the preamble to short (96 microseconds). Default Sett in g Short-o[...]
-
Page 237
Command Line In terface 7-100 7 to the acces s point LEDs) . Select this m ethod when usi ng an option al external antenna tha t is connected to the right anten na connec tor . Default Sett in g Diversity Command Mode Interfa ce Configurat ion (Wireles s) Command Usage The anten na ID must be se lected in conj unction wit h the antenna control meth[...]
-
Page 238
Wireless Interface Comman ds 7-101 7 Example antenna lo cation This comm and selects the a ntenna m ounting loca tion for the radi o interface . Syntax antenna l ocation < indoor | out door > • indoor - The an tenna is mount ed indoors. • outdoor - The an tenna is mo unted outd oors. Default Sett in g Indoor Command Mode Interfa ce Config[...]
-
Page 239
Command Line In terface 7-102 7 The bea con si gnals allo w wireles s clients to maintain c ontact with the ac cess point. The y may also carr y power-ma nagement information. Example dtim-per iod Thi s command co nfigur es the ra te at whic h st ations in sl eep mode m ust wake up to rece ive broadca st/multica st transm issions. Syntax dt im - pe[...]
-
Page 240
Wireless Interface Comman ds 7-103 7 Syntax fragmentation-lengt h < length> length - Minimum packet size for which fragmentation i s allowed. (Range: 256-2346 bytes) Default Sett in g 2346 Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • If t he packet siz e is smaller than the prese t Fragment size , the packet will not b[...]
-
Page 241
Command Line In terface 7-104 7 to 2347, t he acces s point ne ver send s RTS sign als. If set to any oth er value, and the pa cket size equ als or exceeds the RTS thresh old, the RTS/ CTS (Request to Send / Clear to Send) mechanism will b e enable d . • The access poi nt sends RT S frames to a recei ving station t o negotiate th e sending of a d[...]
-
Page 242
Wireless Interface Comman ds 7-105 7 Default Sett in g None Command Mode Interface C onfiguratio n (Wireless- V AP) Example ssid This c ommand configures the ser vice set identifier (SSID). Syntax ssid < str ing > string - The name of a basic service set sup ported by the access point. (Range: 1 - 32 characters) Default Sett in g 802.1 1g R a[...]
-
Page 243
Command Line In terface 7-106 7 Command Usage When closed system is enabled, the access point will not incl u de its SSID in beacon m essages. Nor will it respo nd to probe req uests from clien t s that do not includ e a fixed SSID. Example max-asso ciation This comm and conf igures the ma ximum nu mber of clients that can be asso ciated with the a[...]
-
Page 244
Wireless Interface Comman ds 7-107 7 Command Mode Interface C onfiguratio n (Wireless- V AP) Example auth-timeou t-value This comm and config ures the time i nterval with in which clients m ust complet e authenti cation to the V AP interface. Syntax auth-timeout-value < minutes> minutes - The numb er of minutes before re-aut hentication. (Ran[...]
-
Page 245
Command Line In terface 7-108 7 Example show inte rface wirele ss This comm and disp lays the status for the wireless i nterface. Syntax show i nterface wi reless < a | g > vap- id • g - 802.11 g radio interfa ce. • vap-id - Th e number that id en tifie s the VAP interface. (Options : 0~7) Command Mode Exec Example Enterprise AP(if-wirele[...]
-
Page 246
Rogue AP Detection C ommands 7-109 7 show sta tion Thi s command sho ws the wire less clie nts as soci ated wit h the ac cess poin t. Command Mode Exec Example Rogue AP Detection Comm ands A “rogue AP ” is either an acce ss point that is no t authorized to participate in the wireless network, or an access po int that does n ot have the cor rect[...]
-
Page 247
Command Line In terface 7-110 7 rogue-a p enable This comm and enable s the period ic detection of nearby acces s points. Use the no form to disa ble period ic detection. Syntax [no] rogue -ap enable Default Sett in g Disabled Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • W hile the acc ess poin t scans a c hannel for rogue A[...]
-
Page 248
Rogue AP Detection C ommands 7-111 7 Example rogue-a p authent icate This comm and forces the unit to authen ticate all acc ess points on the net work. Us e the no form to disabl e this function. Syntax [ no ] rogue-ap authent i c ate Default Sett in g Disabled Command Mode Interfa ce Configurat ion (Wireles s) Command Usage Enabling au thentica ti[...]
-
Page 249
Command Line In terface 7-112 7 Default Sett in g 350 millisec onds Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • D uring a scan, cl ient acce ss may b e disrupt ed and new clie nts may not be able to asso ciate to the ac cess poin t. If clients exp erience sev ere disruption , red uce the scan du ration t ime. • A long sca[...]
-
Page 250
Rogue AP Detection C ommands 7-113 7 rogue-a p scan This comm and starts an immed iate scan f or access poi nts on the radio int erface. Default Sett in g Disabled Command Mode Interfa ce Configurat ion (Wireles s) Command Usage While the access point scans a channel for rogue APs, wireless client s will not be able to connect to the a ccess po int[...]
-
Page 251
Command Line In terface 7-114 7 Wireless Security Comm ands The comm ands des cribed in this se ction conf igure parameter s for wireles s security on th e 802.1 1g int erf ace. auth Thi s command define s the 80 2.1 1 a uthe nticat ion typ e allowe d by the V AP int erface . Syntax auth < open-system | shared-key | wp a | wp a-psk | wpa2 | wp a[...]
-
Page 252
Wireless Security Commands 7-115 7 • wp a 2-p sk - Clients usi ng WPA2 wit h a Pre-shared Key are accep ted for authenti cation. • wpa-wpa2-mixed - Clie nts using W PA or WPA2 are ac cepted for authenti cation. • wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Pre-shared Key are acc epted for au thenticatio n • required - Cl ients ar [...]
-
Page 253
Command Line In terface 7-116 7 associ ation request to the acces s point. For mixed- mode op eration, the cipher use d for broadca st frames is al ways TKIP. WE P encryption i s not allowed. • The “required” op tion places the VA P into TKIP onl y mode. The “sup ported” option plac es the VAP into TKIP+AES+ WEP mod e. The “require d”[...]
-
Page 254
Wireless Security Commands 7-117 7 Example Related Commands key (7 -1 1 8) key This comm and sets the key s used for WE P encryption. Use the no for m to del ete a configur ed key . Syntax key < inde x > < size > < type > < value > no key in dex • index - Key in dex. (Range : 1-4) • size - Key si ze. (Options: 64, 128, o[...]
-
Page 255
Command Line In terface 7-118 7 matc h those co nfig ured in t he cli ents. Example Related Commands key (7 -1 1 8) encrypt ion (7-1 17 ) transmi t-key (7- 1 19 ) transmit-ke y This command set s the index of the key to be used for e ncrypt in g dat a frames for broadca st or multicas t traffic transmit ted from the V AP to wir eless clients. Synta[...]
-
Page 256
Wireless Security Commands 7-119 7 ciph er-su ite This comm and define s the cipher al gorithm use d to encrypt th e global key for broadca st and multica st traffic when usin g Wi-Fi Protec ted Access (W P A) security . Syntax multicast- cipher < ae s-ccmp | tkip | wep > • aes-ccm p - Use AES-C CMP encry ption for the unica st and multica [...]
-
Page 257
Command Line In terface 7-120 7 • AES -CCMP (Ad vanced Enc ryption Standard C ounter-Mode /CBCMAC Protocol): W PA2 is backward compatible with WPA, including the same 802.1X and PSK m odes of operation and support for TKIP encryp tion. The main enh anceme nt is its us e of AE S Counter- Mode enc ryption w ith Cipher Block Cha ining Messag e Authe[...]
-
Page 258
Wireless Security Commands 7-121 7 Example wpa-pr e-shared-key This comm and define s a Wi-Fi Protec ted Access (WP A/ WP A2) pres hared-key . Syntax wpa-pre-shared- key < hex | passphra se-key > < value> • hex - Specif ies hexadec imal digits as the key input f ormat. • passph rase-key - Spe cifies an AS CII pass-ph rase string as [...]
-
Page 259
Command Line In terface 7-122 7 Command Mode Interface C onfiguratio n (Wireless- V AP) Command Usage • W PA2 provides fa st roaming for authen ticated client s by retaining keys and other se curity informa tion in a cac he, so that if a client roams aw ay from a n access po int and then returns reauthe ntication is not required. • When a WPA2 [...]
-
Page 260
Link Integri ty Commands 7-123 7 know n to be a lready auth entica ted, so it pr oceeds directl y to ke y exchan ge and assoc iation. • To s upport p re-authent ication, both clients and ac cess poi nts in the netw ork must be WP A2 enabled . • P re-authent ication req uires all acce ss points in the ne twork to be on the same IP subnet. Exampl[...]
-
Page 261
Command Line In terface 7-124 7 link-int egrity pin g-detect This comm and enable s link integrity detection . Use the no form to disable lin k inte grity de tectio n. Syntax [ no ] link-integrity ping-detect Default Sett in g Disabled Command Mode Global Co nfiguration Command Usage • When li nk int egrity is enabl ed, the I P addr ess of a ho s[...]
-
Page 262
Link Integri ty Commands 7-125 7 link-integrity ping-interval This c ommand configures the tim e betw een eac h Ping se nt to t he link h ost. Syntax li nk-in tegrit y ping- inte rval < in terval > interv al - The time between Pings. ( Range: 5 - 60 seconds) Default Sett in g 30 seco nds Command Mode Global Co nfiguration Example link-integri[...]
-
Page 263
Command Line In terface 7-126 7 Command Mode Global Co nfiguration Example show lin k-integrity This comm and displ ays the current link integrity configura tion. Command Mode Exec Example Enterprise AP(config)#link-integrity ethe rnet-detect Notification : Ethernet Link Detect SUCCE SS - RADIO(S) ENABLED Enterprise AP(config)# Enterprise AP#show l[...]
-
Page 264
IAPP Commands 7-127 7 IAPP Commands The comm and desc ribed in this sec tion enables the protoco l signaling req uired to ensure t he successf ul handover of wireless cl ients roaming bet ween different 802.1 1f-co mpliant a ccess points. In o ther words, th e 802.1 1f protoc ol can ensu re success ful roamin g between ac cess poi nts in a multi-ve[...]
-
Page 265
Command Line In terface 7-128 7 VLAN Commands The access point can ena ble the supp ort of VLAN-tagge d traffic passing betw een wireless clients and the wired network. Up t o 64 VLAN IDs ca n be mappe d to specific wi reless clients, allowing user s to remain w ithin the same VLAN as th ey move ar ound a campus site. When VLAN is enabled on t he a[...]
-
Page 266
VLAN Commands 7-129 7 • Tr affic enterin g the Ethernet por t must be tagg ed with a VLAN ID that matches the access point’s n ative VLAN ID, or with a VLAN ta g that match es one of the wi reless client s currently as sociated with the acce ss point. Example Related Commands management -vlanid (7 -130) managem ent-vlanid This c ommand configur[...]
-
Page 267
Command Line In terface 7-130 7 Default Sett in g 1 Command Mode Interface C onfiguratio n (Wireless- V AP) Command Usage • To i mplement th e default VLAN ID s etting for VAP interf ace, the access point mus t enable VLAN support using the vl an comman d. • W hen VLANs are enabled , the access point tags fram es received from wir eless cl ient[...]
-
Page 268
WMM Commands 7-131 7 wmm This comm and sets the WM M operati onal mode on the access po int. Use the no form to disa ble WMM . Syntax [ no ] wmm < s upported | required > • supported - WMM will be u sed for a ny assoc iated de vice that s upports t his feature. Devices t hat do not suppor t this fea ture may st ill assoc iate with t he acce[...]
-
Page 269
Command Line In terface 7-132 7 interpreta bility with other wired network QoS polici es. While the fo ur ACs are specifie d for specif ic types of traffic , WMM allows the priority levels t o be conf igured to m atch any ne twork-w ide QoS p olicy. WMM also spec ifies a pr otocol that a ccess poi nts can use to comm unicat e the config ured traf f[...]
-
Page 270
WMM Commands 7-133 7 • admissi on_contro l - The ad mis sion con trol mo de for the ac cess cat egory . When en abled, cli ents ar e blocked fr om using th e acce ss categ ory . (Options: 0 t o disabl e, 1 to enable) Default Command Mode Interfa ce Configurat ion (Wireles s) Example AP Param eters WMM Par ameters AC 0 (Best Ef fort) AC 1 (Backgr [...]
-
Page 271
Command Line In terface 7-134 7[...]
-
Page 272
A-1 Appendix A: Tr oubleshooting Check the following items befor e you contact lo cal T echnical Su pport. 1. If wi reless clie nts cannot acce ss the networ k, check the following: • B e sure th e access point an d the wire less clien ts are con figured w ith the sam e Service Set ID (SSID). • If au thentica tion or encryp tion are ena bled, e[...]
-
Page 273
T r oubleshooting A-2 A 3. If yo u cannot acce ss the on- board configu ration pr ogram via a ser ial port connect ion: • Be sur e you hav e set the t ermi nal emul ator pro gram to VT 100 com patibl e, 8 data bits , 1 stop bit, no parit y and 9600 bp s. • C heck that the n ull-modem serial cab le conform s to the pin-out co nnections provided [...]
-
Page 274
B-1 Appe ndix B: C ables and Pinouts Twisted-Pair Cable Assignments For 10/100 BASE-TX connection s, a twisted -pair cable m ust have t wo pairs of wires. Each wire pair is identified by two different colors. For ex ample, one w ire might be green and the other , green with whit e stripes. Also , an RJ-45 co nnector m ust be attached to bo th ends [...]
-
Page 275
Cables and Pino uts B-2 B Straight- Through Wiring Beca use the 10/100 Mbps po rt on t he acce ss p oint uses an MDI pi n co nfi gur ati on, you must use “straigh t-through” cable for ne twork connec tions to hu bs or switch es that only h ave MDI-X po rts. However, if the device to w hich you are connect ing supports au to-MDIX operation, yo u[...]
-
Page 276
Console Port Pin Assignments B-3 B Crossover Wiring Beca use the 10/100 Mbps po rt on t he acce ss p oint uses an MDI pi n co nfi gur ati on, you must use “crosso ver” cable for network con nections t o PCs, server s or other end nodes that only hav e MDI ports. Howev er , if the dev ice to which you are connect ing suppor ts auto-MDIX ope rati[...]
-
Page 277
Cables and Pino uts B-4 B Wiring Map for Serial Cable T abl e B-2 . Wiri ng Map for Se rial C able DB9 Male (AP Cons ole) DB9 Mal e (PC DTE ) Pin Func tion Pin Function 1 GND (ground) 5 GND (ground) 2 Unused 4U n u s e d 3 R XD (receiv e data) 3 TXD (transm it data) 4 TX D (transmi t data) 2 RXD ( receive da ta) 5 U nused 1 Unused 6 U nused 9 Unuse[...]
-
Page 278
C-1 Appendix C: S pecific ations General Specif ications Maximu m Channels 802.1 1g: US & Canada : 13 (normal mode), 5 (turbo mode) Japa n : 4 (normal mo de), 1 (t urbo mode) ETSI: 1 1 chann els (normal mode), 4 (turb o mode) T a iwan: 8 (nor mal mode), 3 (t urbo mode) 802.1 1b/g : FCC/IC: 1-11 ETSI: 1-13 France: 10- 13 MKK: 1-14 Ta i w a n : 1[...]
-
Page 279
Specifications C-2 C AC Power Adapter Input: 100 -240 AC, 50-6 0 Hz Output: 5.1 VDC, 3A Power cons umption: 13 .2 watts Unit Power Supply DC Input: 5 VDC, 2 A ma ximum PoE i nput: - 48 VDC , 0.2 A maxi mum Power cons umption: 9.6 W maximu m PoE (DC) Input voltage: 48 volts, 0.2 A, 12.9 6 watts Note: Power can also be provided to the access point th[...]
-
Page 280
General Specificati ons C-3 C MPT RCR st d.33 (D33 1~13 Channel, T66 Channel 14) Safety cCSAus (CSA 22.2 N o. 60950-1 & UL60950-1 ) EN6095 0-1 (T Ü V/GS), IEC60950-1 (CB) St anda rds IEEE 802.3 10 BASE-T , IEEE 802.3u 100BASE-TX , IEEE 802.1 1b, g[...]
-
Page 281
Specifications C-4 C Sensi tivity Transmit P o wer IEEE 802.1 1g Data Rate Sensitiv ity (dBm) 6 Mbps -88 9 Mbps -87 12 Mbps -86 17 Mbps -85 24 Mbps -81 36 Mbps -77 48 Mbps -72 54 Mbps -70 IEEE 802.1 1b Data Rate Sensitiv ity (dBm) 1 Mbps -93 2 Mbps -90 5.5 Mbps -90 11 M b p s - 8 7 IEEE 802 .1 1 g Maxi mum Outp ut Power (GHz - dB m) Data Rate 2 .41[...]
-
Page 282
Transmit Power C-5 C IEEE 802 .1 1 b Maxi mum Outp ut Power (GHz - dB m) Data Rate 2 .412 2 .417~2.467 2.472 1 Mbps 15 16 15 2 Mbps 15 16 15 5.5 M bps 15 16 15 1 1 Mbps 15 16 15[...]
-
Page 283
Specifications C-6 C Operating Range Important N otice Maximu m distances post ed below are actual teste d distance thres holds. Ho wever , there are m any variab les such as bar rier comp osition and cons tr uct ion and local envi ronmen tal i nterf erenc e that m ay impa ct your act ual dist ances and cause you to exper ience distance thresh olds[...]
-
Page 284
Glossary-1 Glossary 10BASE-T IEEE 802. 3 specificat ion for 10 M bps Ethernet ov er two pairs of Category 3 or better U TP cable. 100BASE- TX IEEE 802. 3u specification for 100 Mbps Fas t Ethernet over tw o pairs of Category 5 or better UTP ca ble. Access Point An intern etworking device that seaml essly co nnects wired and wir eless net works. A c[...]
-
Page 285
Glossary-2 Glossar y Broadcast Key Broadca st keys are sen t to stations usin g 802.1X dynam ic keying. Dynamic bro adcast key rotation is often used to allow the access po int to generat e a random gr oup key an d periodic ally update all key-manag ement capable w ireless cl ients. CSMA/CA Carrier Sense Mul tiple Access with Collision A voidance. [...]
-
Page 286
Glos sary- 3 Glossar y IEEE 802 .11g A wireless s tandard that supp orts wireless co mmunic ations in the 2 .4 GHz band us ing using Ortho gonal Frequ ency Divis ion Multiple xing (OFDM) . The standard provides for data rates of 6, 9, 1 1, 12, 18 , 24, 36, 48, 54 M bps. IEEE 802 .1 1g is al so backwar d compatible w ith IEEE 802 .1 1b. IEEE 802 .1X[...]
-
Page 287
Glossary-4 Glossar y RADIUS A logon authe ntication protocol that us es software run ning on a cent ral server to contr ol access t o the network . Roaming A wireless L AN mobile us er moves aroun d an ESS and maintains a continu ous connection to the infrastructure network. RTS Threshold T r ansmitte rs contending for the medi um may not be aw are[...]
-
Page 288
Glos sary- 5 Glossar y Virtua l Access P oint (VAP) Virtual AP techno logy multiplies the number of Ac cess Points present within the RF footprint of a single physic al access dev ice. With Virtua l AP technology , W LAN users within th e device’s footp rint can asso ciate with w hat appear s to be different ac cess poin ts and the ir associa ted[...]
-
Page 289
Glossary-6 Glossar y[...]
-
Page 290
Index-1 Numerics 802.11g 7- 95 A AES 6-75 ante nnas, posit ionin g 2 -2 auth entic ati on 6-12 , 7-11 4 cipher s uite 6-78, 7-115 closed system 7-106 configu ring 6-12, 7-1 14 MAC ad dress 6-13, 7-70 , 7-71 type 6-63, 7-10 6 web r edir ect 6-14 , 7-20 B Basic Service Set See BSS beacon interval 6-51, 7-1 01 rate 6-51, 7-102 BOOTP 7-89, 7-90 BPDU 6-[...]
-
Page 291
Index Index-2 filt er 6-17 , 7-70 address 6-12, 7-70 betwee n wireless clie nts 6-17, 7-7 3 local bridg e 6 -17, 7-73 local or re mote 6-1 2, 7-72 manage ment access 6-17, 7- 74 protocol types 6-18, 7-75 VLANs 6-54, 7-128 firmware displa ying version 6-30, 7-2 4 upgradin g 6-29, 6-30, 7-56 frag mentat ion 7- 103 G gatewa y addres s 5-2, 6-6, 7-1, 7[...]
-
Page 292
Index Index-3 PoE 1-4 specif ications C-2 port prior ity STA 7-86 power con nection 2-2 Power over Ethernet See PoE powe r suppl y, spec ifica tion s C -2 PSK 6-75 R radio ch annel 802. 11a i nterf ace 7- 97 802.11g interface 6-49, 7-97 RADIUS 6-7, 6-74, 7-59 RADIUS, log on authentication 6-14, 7-59 Remote Au thentication Dial -in User Service See [...]
-
Page 293
Index Index-4 V VLAN confi gura tion 6- 54, 7-1 28 native ID 6-54 W WEP 6-6 9 confi guri ng 6-69 shared k ey 6-70, 7-1 17 Wi-Fi Mul timedia See WMM Wi- Fi Prot ected A ccess See WPA Wired Equiv alent Protection See WEP WPA 6-74 pre-sha red ke y 6-78, 7-121 WPA, pre-sh ared ke y See PSK[...]
-
Page 294
[...]
-
Page 295
Model Number: SM C2552W-G2- 17 Pub. Nu mber: 150 00003050 0E E05200 6-DT -R01[...]
-
Page 296
38 T esla Irvine, CA 92618 Phone: (949) 679-8000 TECHNIC AL SUPPORT F rom U .S.A. and Canada (2 4 hours a day , 7 days a w eek) (800) SMC -4- Y OU Phn: (94 9) 67 9-8000 F ax: (949) 6 79- 1481 ENGLISH T echnical Support inf ormation available at www .smc.com FRENCH Inf ormations Support T echnique sur www .smc.com DEUTSCH T echnischer Support und we[...]