3Com 3CRWEASYA73 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293

Ir para a página of

Bom manual de uso

As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto 3Com 3CRWEASYA73. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónico3Com 3CRWEASYA73 vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.

O que é a instrução?

A palavra vem do latim "Instructio" ou instruir. Portanto, no manual 3Com 3CRWEASYA73 você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.

Infelizmente, pequenos usuários tomam o tempo para ler o manual 3Com 3CRWEASYA73, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.

Então, o que deve conter o manual perfeito?

Primeiro, o manual 3Com 3CRWEASYA73 deve conte:
- dados técnicos do dispositivo 3Com 3CRWEASYA73
- nome do fabricante e ano de fabricação do dispositivo 3Com 3CRWEASYA73
- instruções de utilização, regulação e manutenção do dispositivo 3Com 3CRWEASYA73
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes

Por que você não ler manuais?

Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque 3Com 3CRWEASYA73 não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos 3Com 3CRWEASYA73 e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço 3Com na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas 3Com 3CRWEASYA73, como para a versão papel.

Por que ler manuais?

Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo 3Com 3CRWEASYA73, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.

Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual 3Com 3CRWEASYA73. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação

Índice do manual

  • Página 1

    www .3Com.c om User Gu ide 3Com Outdoor 11a Buildi ng to Building Bridg e and 11bg Ac cess Point 3CRWEASY A73 / WL- 575 Part Numbe r 10015232 Rev . AA Published August, 2006[...]

  • Página 2

    3Com Corporation 350 Camp us Drive Marlbor ough, MA 01752-30 64 Copyright © 2006 3Com Corp oration. A ll rights reserved. No pa rt of this docum entation may be reproduced in any form o r by any means or used to make any derivative work (such as translation, tra nsformation, or adaptation) w ithout written permission from 3Com Corpora tion. 3Com C[...]

  • Página 3

    iii Contents 1 Introduction Product Features 1-1 Radio C haracteri stics 1-2 APPROVED CHANNELS 1-2 Pack age C hec kli st 1-3 Ha rd w a re D es c r i pt i o n 1-4 Integra ted High- Gain Ante nna 1- 4 Exte rna l An tenn a Op tions 1-4 Eth ern et P ort 1-5 Power Inje ctor M odule 1-5 Grounding Po int 1-6 W ater Tight T est Point 1-6 W all - and P ole-[...]

  • Página 4

    iv Using t he Pole -Moun ting Brack et 3- 2 Using t he Wall-Mounting Bracke t 3-4 Connect Exter nal Antenn as 3-6 Connect Cables to the Unit 3-7 Connect the Po wer In jector 3-7 Check the LED Indicators 3-9 Align A nten nas 3-10 4 Initial Configuration Netw orks with a DHC P Se rver 4-1 Network s without a DHCP Se rver 4-1 Usin g the 3C om Ins tall[...]

  • Página 5

    v RSSI 5-35 Radio Int erface 5-37 802.11a I nterface 5-38 Config uring Radio S ettings 5-38 Config uring Commo n Radio S ettings 5-39 802.11b/g I nterfa ce 5-43 Config uring W i- Fi Mu ltimed ia 5-45 Secu ri ty 5-50 Wired Equi valent Priva cy (WEP) 5-53 Wi-Fi Prot ected Access (WP A) 5-57 6 Command Line Interface Usin g the Co mmand Lin e Inte rfac[...]

  • Página 6

    vi Straigh t-Through W i ring B-3 Crosso ve r W iri ng B-4 8-Pin DI N Conn ector Pin out B- 5 8-Pin DI N to RJ-4 5 Cable W iring B-6 Glossary Index[...]

  • Página 7

    vii T ERMINO LOGY Access Point —A n internet wor king device that seaml essly conne cts wir ed and wireles s networks. Ad Hoc —An ad hoc wir eless LAN is a group of compute rs, each with wir eless ada pters, conn ected as an independent wireles s LAN. Back bone —The core infrastructu re of a network. The portion of th e network th at transpor[...]

  • Página 8

    viii RT S Thresho ld —T ransmitte rs contending f or the medium may not be awar e of each other (the y ar e “hidden nodes”) . The RTS/CT S mecha nism can solve th is problem . If the packet size is smalle r than the pr eset RTS Thr eshold size, t he RTS/CTS mechanis m will not be enabl ed. VA P — Virtu al Access Point. An access poin t radi[...]

  • Página 9

    1-1 1 I NTR ODUCTIO N The 3Com Out door 11a Bui lding to Build ing Bridge and 11bg A ccess Point syst em provides point-to -poin t or p oint-to- mul tipoint bridge link s betw een remote Ether ne t LA Ns, a nd wi reless ac cess point serv ices fo r clie nts in the lo cal L AN a rea. It incl udes an integrat ed high-ga in antenna for the 802.11a rad[...]

  • Página 10

    1-2  Pr ovides access poi nt services for the 5 GHz and 2. 4 GHz radios using various external an t enna options  Maxim um data rate up to 108 Mb ps on the 802.11 a (5 GHz) radio  Outdoor weatherpro of design  IEEE 8 02.11a and 802.11b/ g complian t  Local net work connecti on via 10/100 Mbps Ethe r net port  Power ed thro ugh its[...]

  • Página 11

    1-3 P ACKAGE C HECKLIST The 3Com O utdoor 11a Bui lding to Build ing Bridge an d 11bg Access Poi nt package in cludes:  One 3Co m Outdoo r 11a Buildi ng to Building Br idge and 11bg Access Po int  Mounti ng bracket and har dware  One W eatherp roof Cat egory 5 network cabl e  One W eatherp roof C onsole to RS232 cabl e  PoE power inj[...]

  • Página 12

    1-4 H AR DWAR E D ES CRIP TION I NTEGRATED H IGH -G AIN A NTENNA The WL-5 75 bridge includ es an integra t ed high- gain (17 dBi ) flat -panel antenna for 5 GH z ope ration. W ith this antenna , in a direct li ne-of-si ght lin k usin g a point -to-point dep loyment, the rang e can be as lo ng as 15 km (9.3 miles) , with a 6 Mbps data rate . E XTERN[...]

  • Página 13

    1-5 Exte r nal an tennas conne ct to th e N-type R F connector s on th e wireles s bridg e using the optional RF coaxial cables . Using the exte rna l antenn as in a poin t-to-mul tipoin t depl oyment , the m aximu m range fo r brid ge li nks are:  802.11 b,g: 2.2 km  802.11 a: 3 km E THERNET P ORT The wir eless brid ge has one 10BAS E-T/100B[...]

  • Página 14

    1-6 networ k interco nnection device s such as a switch or r outer that provide MDI- X ports . However , when connecti ng the access poi nt to a workstatio n or other device t hat does not have MD I-X ports, you must use cro ssover twi sted-pair cable. The wir eless brid ge does not have a power switch. It is power ed on when its Ethernet port is c[...]

  • Página 15

    1-7 W ALL - AN D P OLE -M OUNTI N G B RACKET K IT The wir eless bri dge includes a br acket kit tha t can be used to mo unt the bridge t o a wall, pole, radio ma st, or part of a tower structure. S YSTEM C ONFIGURATION At e ach location where a unit is installed, it must be connected t o th e local networ k using the power injector modu le. The fol[...]

  • Página 16

    1-8 The wir eless brid ge modes connect two or more wir ed networks, f or example networ ks in dif fere nt building s with no wir ed connect ions. Y ou will n eed a 3Com Outdoor 11a Buildin g to Building Br idge and 11bg A ccess Point unit on both sides of the connection. The wir eless brid ge can connect up to six r emote networ ks. When us ing br[...]

  • Página 17

    1-9 The foll owing f igure shows a p oint-to-m ultipo int “in-li ne” co nfigurati on with one bridg e set to “Master” an d using a dir ectional panel an tenna. 19° Beam Angle[...]

  • Página 18

    1-10[...]

  • Página 19

    2-1 2 B RIDGE L INK P LANNING The 3Com O utdoor 11a Bui lding to Build ing Bridge an d 11bg Access Poi nt suppor ts fixed p oint-to -point o r poin t-to-mu ltipoin t wireless link s. A sing le lin k between two point s can be used to conn ect a remote sit e to la rger core ne twork. Multi ple bridge lin ks can provi de a way to connect widesp read [...]

  • Página 20

    2-2 D ATA R ATES Using t he 5.0 GHz integr ated antenna, t wo WL-575 bri dges can operate ove r a range of u p to 15 .4 k m ( 9.6 mi les) or provide a hi gh-sp eed c onn ectio n of 54 Mb ps (108 Mbps in turbo mode ). However , the maximum data rate for a link decr eases as the operat i ng range in creases. A 1 5.4 km link can only op erate up to 6 [...]

  • Página 21

    2-3 R ADIO P ATH P LAN N ING Alth ough the wir eless bridge us es IEEE 802.11 a radio technol ogy , which is capable of reduc ing the eff ect of multi path signals du e to obstructi ons, the wir eless brid ge link requi res a “radio line -of-sigh t” between the two ant ennas for optimum perform ance. The concept of radio line -of-sight inv olve[...]

  • Página 22

    2-4 • Be sur e ther e is enough clear ance from bu ildings and t hat no building constr uction may e ventually block the p ath. • Check the t opology of the la nd between the ante nnas using topo graphical maps, aer ial photos, or even sat ellite image da ta (softwar e packages ar e availa ble that may inclu de this info rmat ion for you r area[...]

  • Página 23

    2-5 Note tha t to av oid an y obstructi on al ong th e path, the he ight of the object mu st be adde d to the minimum cle arance req uired for a clear radio line -of-sight. Consid er the follow ing sim ple e xampl e, il lustrated in th e figu re below . A wir eless bridg e link is depl oyed to connect bui lding A to a buil ding B, which is locate d[...]

  • Página 24

    2-6 A NTENNA P OSITION AND O RIENTA TION Once the required anten na height has be en determ ined, other factors affecting the pr ecise pos ition of the wir eless bri dge must be conside red: • Be sur e ther e are no othe r radio antenn as within 2 m (6 ft) of the wir eless brid ge • Place the wi reless br idge away fr om power and tel ephone li[...]

  • Página 25

    2-7 R ADIO I NTER FEREN CE The avoida nce of radio inte rferen ce is an importan t part of wir eless link plann ing. Interf erence is caused by othe r radio tra nsmissions usi ng the same or an adjacent channel freque ncy . Y ou should first scan you r pr oposed site using a spectru m analyzer to determ ine if there are a ny strong radio signals us[...]

  • Página 26

    2-8 • Snow and Ice — Fall ing snow , like rain, has no si gnificant ef fect on th e radio signal. However , a build up of snow or ice on antennas may cause the link to fail. In t his case, the sno w or ice has to b e cleared from the an tenna s to restore opera tion of th e link. E THERNET C ABLIN G When a suitab le antenna locat ion has been d[...]

  • Página 27

    3-1 3 H AR DWAR E I NSTALLATION Befor e moun ting ant ennas to set up you r wirel ess bri dge links, be sur e you ha ve select ed approp riate locati ons for each ant enna. Foll ow the guidance an d inform ation in Chapter 2, “W i reless Link Plannin g.” Also, before mount ing units in their intend ed locati ons, you shoul d first perform init [...]

  • Página 28

    3-2 T ESTING B AS IC L INK O PERATION Set up the un its over a very short ran ge (15 to 25 feet ), either outd oors or indoo rs. Conn ect the u nits as i ndicate d in th is chapt er and be sure to perform a ll the bas ic configurati on tasks outl ined in Chapter 4, “Init ial Configur ation.” When you ar e satisf ied that the li nks are o perati[...]

  • Página 29

    3-3 2 Fit the edg es of the V -shaped part in t o the slots i n the rectang ular plate, and tight en the nuts. 3 Attach the adjust able recta ngular plate to the b r idge wit h supplied scr ews. Fit the edges of the V-sha ped part into the slots Attach the adjustable rectangular plate to the bridge[...]

  • Página 30

    3-4 4 Attach the bridge with brack et to the plate already fixed to the p ole. 5 Use the in cluded nuts t o secure the wir eles s bridge to the p ole bracket. No te that the wir eless bridg e tilt an gle may need to be adjust ed during the antenn a alignment pr ocess. Be sur e to take account of the anten na polarizati on directi on; all antennas i[...]

  • Página 31

    3-5 1 Always attach th e bracket to a wall wi th flat sid e flush a gainst th e wall (see followi ng figu re). 2 Position the brac ket in th e inten ded l ocation and mark th e positio n of the four mounting screw holes. 3 Drill four ho les in the w all that m atch the screws an d wall plu gs inclu ded in the bracke t kit, then secur e the bracket [...]

  • Página 32

    3-6 C ONNECT E XTER NAL A NTENNAS The bri dge’ s prima ry anten na is it’ s built-i n internal ante nna. For some applica tions when de ploying an WL-57 5 unit for a bridg e link or access point operati on, you may need to moun t external antenna s and connect them to the bridg e. T ypicall y , a bridge li nk requ ires a 5. 0 GHz antenna, an d [...]

  • Página 33

    3-7 C ONNECT C ABLES TO THE U NIT 1 Attach the Ether net cabl e to the Ethernet port on the wir eless bridg e. 2 For ext ra prot ection against rain or moist ure, a pply weatherpr oofing tap e (not includ ed) around the Ethernet con nector . 3 Be sur e to gr ound the unit with an app ropria te grou nding wire ( not included) by a ttaching it to the[...]

  • Página 34

    3-8 1 Conne ct the E ther net cable from the wireless br idge to the RJ-45 p ort labe led “Outp ut” on t he po wer injec tor . 2 Connec t a strai ght-through un shield ed twiste d-pair (UTP) cable f rom a local LAN swit ch to the RJ-45 port labeled “Input ” on the power inje ctor . Use Categ ory 5e or better UTP cab le for 10/100B ASE-TX co[...]

  • Página 35

    3-9 C HECK TH E LED I NDICA TORS The bri dge’ s 11a and 11b/ g LEDs operate in t wo display modes, whi ch are confi gurable thr ough the soft ware. T he default AP mod e indicates data traff ic rates. The RSSI m ode indicates t he rece ived signal p ower and is for use when aligni ng antenn as in a bridge li nk. When th e bridge is conn ected to [...]

  • Página 36

    3-10 A LIGN A NTENNAS After wireless b ridge units ha ve been moun ted, co nnected , and th eir radio s are operati ng, bridge link anten nas must be accurat ely aligned to ensur e optimum performa nce. Thi s align ment process i s particu larly im portan t for lo ng-rang e point -to-point links. In a po int-to- multipoin t confi guration the root [...]

  • Página 37

    3-11 When you m ove the an tenna durin g ali gnment, the rad io sign al from the remote antenn a can be s een to hav e a str ong c entral main lobe and smaller side lob es. The object of the align ment process is to set the antenna so th at it is r eceiving the strongest signal from the ce ntral ma in lobe . T o align the antenn as in the link, mon[...]

  • Página 38

    3-12 1 Pan the antenna hori zontally b ack and forth whi le checking t he LEDs. If u sing the pole -mount ing bra cket w ith the u nit, you must rotate the moun ting bracket around the po le. Other external antenn a brackets may r equire a dif ferent horizontal adjustment. 2 Find the poi nt where the sig nal is strongest ( all LEDs on) and secur e [...]

  • Página 39

    4-1 4 I NITI AL C ONFIGURATION The 3Com Out door 11a Buil ding to Buildi ng Bridge and 11 bg Access Point of fers a variet y of management opt ions, incl uding a web-based interfac e. The init ial configurat ion steps can be mad e through the web br owser inter face. The acce ss point r equests an IP addr ess via D HCP by defaul t. If no response i[...]

  • Página 40

    4-2 C HAPTER 4: I NITIAL C ONFIGURAT ION 1 Connect a comp uter dir ectly to the Access Point using the suppli ed standard Categor y 5 UTP Ethernet cable. 2 Enter the Acc ess Point’ s defa ult IP addr ess (169.2 54.2.1) int o the computer’ s web browser . If the Co nfig urati on Ma nage ment S yste m sta rts, th e Acc ess Point is usin g the fac[...]

  • Página 41

    4-3 Figure 1 W ireles s Interf ace Device M anager Click on the Pr operties button to se e the followi ng screen Figure 2 W ireles s Interf ace Device M anager - Propertie s[...]

  • Página 42

    4-4 C HAPTER 4: I NITIAL C ONFIGURAT ION Directly connect to th e de vice through it s Ether n et port or consol e port . Follow t he instructi ons below to logi n into the AP Conf iguration sc reen: 1 Load a we b browser a nd enter < http://1 69.25 4.2.1>. 2 The Logon scr een appears. T o log on to the Web interface : 1 User name , type admi[...]

  • Página 43

    4-5 Using the Setup Wizard Loggin g In – Enter the username “admin,” an d passwor d “passwor d,” then click L OG IN. For info rmat ion on conf iguri ng a use r nam e an d pass word, s ee pa ge 23 . Figure 3 Login Page NOTE: If you chan ged the d efault I P addres s via th e comm and line i nterface above , use that a ddress instead o f th[...]

  • Página 44

    4-6 C HAPTER 4: I NITIAL C ONFIGURAT ION The hom e page dis plays th e Main Menu. Figure 4 Home Page Launch ing the Setu p Wizar d – T o p erfo rm ini tial conf igurat ion, cli ck Se tup Wizard on th e home page, se lect the V AP you wish to co nfigur e, then click on the [Next] bu tton to start the process. Figure 5 Setup Wizar d - St art 1 Serv[...]

  • Página 45

    4-7 Using the Setup Wizard Figure 6 Setup Wizar d - St ep 1 2 Radio Channel – Y ou must ena ble radio commu nications for 802 .11a and 802.11 b/g, and set the op erating radi o channel. Figure 7 Setup Wizar d - St ep 2 NOTE: Availabl e channel setting s are limited by lo cal regu latio ns, whi ch deter mine the chann els th at are av ailab le. Th[...]

  • Página 46

    4-8 C HAPTER 4: I NITIAL C ONFIGURAT ION  802.11 a T urbo Mode – If you sel ect Enable, t he access poin t will ope rate in turb o mode with a data ra te of u p to 1 08 Mbps. Norm al mode sup port 13 channels, T urbo mod e supports onl y 5 chan nels. (D efau lt: D isabl ed) 802.11 a Radio Channel – Set the operatin g radio channel numb er . [...]

  • Página 47

    4-9 Using the Setup Wizard 4S e c u r i t y – Set the Authentica tion T ype to “O pen” to allow op en access withou t authentica tion, or “Shar ed” to r equir e authentic ation based on a shar ed key . Enab le encryption to encrypt da t a trans missions. T o configure other s ecu rity fea tures us e the Adva nced Setup me nu as desc ribed[...]

  • Página 48

    4-10 C HAPTER 4: I NITIAL C ONFIGURAT ION 5 Click Finish. 6 Click the OK butto n to com plete th e wizard. Figure 10 Setup Wizar d - Co mpleted NOTE: All wireles s devi ces mus t be co nfigured with th e same Ke y ID values to communi cate with the acces s point.[...]

  • Página 49

    5-1 5 S YSTEM C ONFI GURATION Befor e continui ng with advance d configurat ion, first co mplete the init ial configur ation steps descri bed in C hapte r 4 to set u p an IP address for th e access point. The access poi nt can be managed by any comput er using a web brows er (suc h as Internet Explor er 5.0 or abo ve). Enter the c onfigured IP addr[...]

  • Página 50

    5-2 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 11 Advanced Setup The inform ation in thi s chapte r is orga nized to reflect the structure of th e web scr eens for easy r eference. However , it is recommended that you configur e a user name a nd passwo rd as the first ste p unde r Admi nistratio n to control managemen t access to this device ( pa g[...]

  • Página 51

    5-3 Advan ced Se tup SNMP Configures SNMP set tings 5-19 Administration Configures user na me and passw ord for managem ent access; upgrades so ftw are fr om local file, F TP or TF TP server; res et s configuration settings to factory defaults; and resets the access point 5-23 WDS/STP S ettings Co nfigures WDS bridging and Spanning T ree Protocol f[...]

  • Página 52

    5-4 C HAPTER 5: S YSTEM C ONFIGURA TION S YSTEM I DE NTIFICATIO N The system na me for the access poin t can be l eft at its d efault settin g. However , modif ying thi s para met er can h elp yo u to more easi ly di stingu ish di fferent devi ces in yo ur netw ork. Figure 12 System Ide ntificat ion System Name – An ali as for t he access point, [...]

  • Página 53

    5-5 TCP / IP Settings TCP / IP S ETTINGS Configur ing the access point with an I P address expand s your abili ty to manage the acces s point. A nu mber of access poi nt featur es depend on IP ad dres sing to operate. By default, th e access point will be automa tically conf igured with IP setting s from a Dynamic H ost Config uration Pr otocol (DH[...]

  • Página 54

    5-6 C HAPTER 5: S YSTEM C ONFIGURA TION DHCP Cli ent (Enable) – Select this option to obtai n the IP settings fo r the access point fr om a DHCP (Dynami c Host Conf iguration Pro tocol) serve r . The IP ad dress, subnet mask, defaul t gateway , and D omain Name S erver (DN S) addr ess are dynamical ly assigned to the acces s point by the netw ork[...]

  • Página 55

    5-7 TCP / IP Settings Figure 14 Sm art Monitor By enabl ing Smart Monitor ( known as Link In tegrity i n the CLI) and se tting a target IP addr ess, the AP wil l periodicall y (set by the ping in terval) check to see i f the tar get addr ess res ponds to pings . If it fail s to res pond to a ping afte r the confi gured number of retr ies, it wil l [...]

  • Página 56

    5-8 C HAPTER 5: S YSTEM C ONFIGURA TION RADIUS Remote Authentica tion Dial-i n User Se rvice (RADI US) is an au thenticati on protocol that uses sof tware running on a central serve r to control access to RADIUS -aware devices on the network. An au thenticati on server contai ns a database of use r cr edentials for each user that requir es access t[...]

  • Página 57

    5-9 RADIUS Figure 15 RADIUS Authenticat ion Primary Radius Server Setup – Config ure the fo llowing setti ngs to use RADIU S authenticatio n on the access poin t.  IP Addr ess: Sp ecifies the IP add ress or ho st name of the RADI US server .  Port: Th e UDP port nu mber used by the RADIUS ser ver for authentica tion mess ages. (Range: 1024-[...]

  • Página 58

    5-10 C HAPTER 5: S YSTEM C ONFIGURA TION Secondary Rad ius Server Setup – Confi gure a sec ondary RADIU S server to pr ovide a backup in ca se the prim ary server fails. The acce ss point uses the secondary server if th e primary server fails or b eco mes inaccessible. Onc e the access point switches ov er to the secondary server , it pe riodical[...]

  • Página 59

    5-11 Authenti c ation The access poin t can also operate in a 802.1X supplic ant mode. This enables t he access point itself to be authent icated with a RADIU S server usin g a configured MD5 use r name and pas sword. This prev ents ro gue access points from gain ing access to the networ k. T ake note of the foll owing points be fore configur ing M[...]

  • Página 60

    5-12 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 16 Authe nticat ion MAC Authe ntication – Y ou can co nfigur e a list of t he MAC addre sses for wi reless clients t hat are authori zed to access the networ k. This provi des a basic level of authenticat ion for wirele ss clients attempting to ga in access to the netwo rk. A datab ase of auth oriz [...]

  • Página 61

    5-13 Authenti c ation Authe ntication s ection of thi s web page to set up the local dat abase, and confi gure all access points in the wireless net work service area wit h the same MAC a ddress dat abase.  Radius MA C : The MAC add ress of the associating stat ion is sent to a conf igured RADIUS server for a uthenticatio n. When using a R ADIUS[...]

  • Página 62

    5-14 C HAPTER 5: S YSTEM C ONFIGURA TION  Session Ke y Refresh Rate: The i nterval a t which the access point re freshes unicast session keys for associated clients. (Range: 0-1440 minutes; Default: 0 means disabled )  802.1X Reauthenti cation Refr esh Rate: Th e time period afte r which a connect ed client must be re-aut henticated . During [...]

  • Página 63

    5-15 Filter C ontrol F ILTER C ONTROL The access poin t can emplo y network t raffic fra me filtering to cont rol access to network r esour ces and increase security . Y ou can pr event communicat ions between wir eless clients and preven t access point man agement from wireless clients. Also, you can bl ock spec ific Ethe rnet tra ffic from b eing[...]

  • Página 64

    5-16 C HAPTER 5: S YSTEM C ONFIGURA TION  Pr event Intra V AP clie nt communicat ion: When enab led, cli ents associated with a spec ific V AP inte rface cannot establish wireless co mmunication s with each othe r . Clients can communicate wit h clients associ ated to other V AP interfaces.  Pr event Inter an d Intra V AP client communi catio[...]

  • Página 65

    5-17 Filter C ontrol VLAN The acces s point can emplo y VLAN tagging s upport to contr ol access t o network r e sources and incr ease security . VLAN s separate traffic passing between the access point , associated client s, and the wi red network. The re can be a VLAN assigned t o each associated client , a defaul t VLAN for each V AP (Virtual Ac[...]

  • Página 66

    5-18 C HAPTER 5: S YSTEM C ONFIGURA TION A VLAN ID ( 1-4094) can be ass igned to a client after successful IEEE 802.1X authen tication. The cl ient VLAN IDs must be configur ed on the RADI US server for each use r authorized to ac cess the network . If a client doe s not have a configur ed VLAN ID o n the RA DIUS server , the ac cess point a ssigns[...]

  • Página 67

    5-19 SNMP SNMP Simple N etwork Management Protoco l (SNMP) is a communi cation prot ocol desi gned spec ifical ly f or man aging de vice s on a netw ork . Equi pme nt co mmon ly manage d with SNMP includ es switches, r outers and host comp uters. SNMP is typica lly used to configur e these device s for pr oper operation in a network environment, a [...]

  • Página 68

    5-20 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 19 SNMP SNMP – Enables or di sables SNMP management acce ss and also enables the access point t o send SNMP traps ( notificat ions). (D efault: D isable) Location – A text string that describe s the system location . (Maxim um lengt h: 255 characters ) Conta ct – A text string that describe s th[...]

  • Página 69

    5-21 SNMP  Trap Des tinat ion Com mun ity N ame – The communi ty string sent w ith t he notifi cation operat ion. (Maxim um length: 23 char acters, case s ensitive; Default: pu blic ) Engine I D – Sets the engine ident ifier for the SNMPv 3 agent that r esides on the access point. This engi ne protec ts against message r eplay , delay , and [...]

  • Página 70

    5-22 C HAPTER 5: S YSTEM C ONFIGURA TION  dot1xMacAddrAuthSuccess - A client station has successfully authenticated its MAC addr ess with th e RADIUS ser ver.  dot1xM acAddrAuthF ail - A client s tation has fai led MAC addres s authentication with the R ADIUS serve r.  dot1xA uthNotIni tiated - A clie nt station did not i nitiate 80 2.1X a[...]

  • Página 71

    5-23 Administratio n Auth T ype – The authenti cation type used for the SNM P user; either MD5 or none. Wh en MD5 is selected, en ter a passwor d in the corre sponding Passphrase field. Priv T ype – The data encrypti on type use d for the S N MP us er; either DES or none. When DES is selected, enter a key i n t he corr esponding Pa ssphrase fie[...]

  • Página 72

    5-24 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 22 Adm inistration Username – The name of the user . The default name is “admi n.” (Length: 3-16 characters , case sensitive) New Password – The pass word fo r management acces s. (Length: 3-16 characte rs, case sensit ive) Confi rm New Password – Enter the password again for ve rification. [...]

  • Página 73

    5-25 Administratio n  T eln et S erver Sta tus: Ena ble s or d isabl es the T eln et se rver . (Def ault : En able d)  SSH Server Status : Enables o r disables t he SSH serv er . (De fault: En abled)  SSH Server Port : Sets the UDP port for the SSH ser ver . (Rang e: 1-65535; Defaul t: 22) U PGRADING F IRMW ARE Y ou can upgr ade new acce s[...]

  • Página 74

    5-26 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 24 Firmware Upgrade Before upgradin g new software, verify that the access p oint is con nected to th e networ k and has been c onfigur ed with a comp atible IP address a nd subnet mas k. If you need to download f rom an F TP or TF TP server , take the fo llowing addi tional steps:  Obtain the IP a[...]

  • Página 75

    5-27 Administratio n  If up grading from an FTP server, be sure that you have an account configure d on the server with a user name and password .  If VLAN s are configur ed on the access po int, determin e the VLAN ID wit h which the FTP or TFTP server is associated , and then config ure the management station, o r the net work po rt to whi [...]

  • Página 76

    5-28 C HAPTER 5: S YSTEM C ONFIGURA TION Restore Factory Settings – Click th e Restore b utton in t he use r interface to reset the conf iguration setti ngs for the ac cess point to the f actory defaul ts and re boot the system. Note that all use r configured info rmation wil l be lost. Y ou will have to r e-enter the defaul t user name (admin) t[...]

  • Página 77

    5-29 WDS and Spanning Tr ee Settings Figure 25 WDS and Spanning T ree Settings WDS Br idge – Up to six WD S bridge or r epeater lin ks (MAC addr esses) per radio interf ace can be specif ied for each uni t in the wirel ess bridge network. One unit only must be co nfig ured as the “root bri dge ” in th e wirele ss n etwor k. T he root bridg e [...]

  • Página 78

    5-30 C HAPTER 5: S YSTEM C ONFIGURA TION • Root Bridge: Operates as the root bridg e in the wirel ess bridge networ k. Up to six ”Chi ld” links are a vai lable to ot her b ridge s in the netwo rk. Mast er/Slave Mode – Selects b etween Master a nd Slave mo de. A singl e master enables up to five sla ve links, wher eas a slave will have only [...]

  • Página 79

    5-31 WDS and Spanning Tr ee Settings Figure 27 Spanning T ree Pr otocol Spannin g T ree Protoc ol – STP uses a distributed algor ithm to select a bridging device (STP-complian t switch, br idge or r outer) t hat serves as t he roo t of the spann ing tree ne twork. It selec ts a root por t on each bridgi ng device (except for the root device) whic[...]

  • Página 80

    5-32 C HAPTER 5: S YSTEM C ONFIGURA TION • Range: 0- 65535 • Defaul t: 32768  Brid ge Ma x Age – The maximum time (in seconds) a devi ce can wait without receivi ng a confi guration mess age before a ttempti ng to reconf igure. All device port s (except for designa ted port s) should receive c onfigura t ion me ssages at regular interval s[...]

  • Página 81

    5-33 System Log the Span ning Tree Protocol is detecting net work loops. Where mor e than one port is assig ned the h ighest prio rity, the port with lo west nume ric identifie r will be ena bled . • Defau lt: 128 • Range: 0- 240, in steps of 16 S YSTEM L OG The access p oint can be conf igured to send event and error messag es to a System Log [...]

  • Página 82

    5-34 C HAPTER 5: S YSTEM C ONFIGURA TION Logging Host – Enabl es the sendin g of log message s to a Sys log server host . Up to four Syslo g servers are supported on t he access point. (Def ault: Disable) Server Name / IP – Spe cifies a Syslog s erver name or IP ad dress. (De fault: 0.0. 0.0) SNTP S er ver – Enabl e s the sending of log messa[...]

  • Página 83

    5-35 RSSI The access po int acts as an SNTP clie nt, periodical ly sending time synchr onizati on requests to spe cific ti me servers. Y o u can configure u p to two time s erver IP addr esses. The access point wil l attempt to poll each server in the co nfigured sequence. SNTP S er ver – Confi gures the acc ess point t o operate as an SNTP clie [...]

  • Página 84

    5-36 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 29 RSSI RSSI:  Auto Refr esh – E nab les or di sa bles the ref res hing of R SSI info rma tion .  RSSI Val ue – The displa yed RSSI value for a selected por t.  Port Nu mber – Selects a spe cific WDS port for which to di splay the RSSI ou t put value. Po rts 1-6 are avai lable for a Mas[...]

  • Página 85

    5-37 Radio In te rface LED Statu s:  Mode – Sel ect s AP m ode or Bri dge m ode.  Bridge Port – A llows the user to select the bridg e port for the LE D display. (Def ault:1; Range : 1~6) Ther e are curr ently no equi valent CLI command s for the RSSI contr ols. R ADIO I NTERFACE The IEEE 802 .11a and 802. 11g interfac es include con f ig[...]

  • Página 86

    5-38 C HAPTER 5: S YSTEM C ONFIGURA TION 802.11 A I NTERFACE The IEEE 8 02.11a inter face operates withi n the 5 GHz band, at up to 54 Mbps in normal mode or up to 1 08 Mbps in T urbo mode. First configur e the radi o settings that ap pl y to the indi vidual V APs (Vi rtual Access Point) and t he common radio settin gs that a pply to the overall sy[...]

  • Página 87

    5-39 Radio In te rface Closed System – When enabled , the V AP interface does not i nclude its SSID in beacon me ssages. Nor does it respond to probe r equests fr om clients that do no t includ e a fixed S SID. (Defau lt: Disable) Maximum Associa tions – This comman d configures t he maximum number of clients t hat can be associated with th e a[...]

  • Página 88

    5-40 C HAPTER 5: S YSTEM C ONFIGURA TION Description – Adds a comment or des cription t o the wirel ess interfa ce. (Range: 1-80 char acters ) T urbo Mode – The normal 8 02.11a wir eless op eration mode provi des connecti ons up to 54 Mbps. T urbo Mode i s an enhance d mode (not r egulated in IEEE 802.1 1a) that pr ovides a high er data rate of[...]

  • Página 89

    5-41 Radio In te rface Radi o Channel – The radi o channel that the acce ss point uses to communica te w ith wirel ess clients. When multiple access po ints ar e deployed in the sam e area, set t he channel on neigh boring access points a t least fo ur chan nels apa rt to avo id interference with each other . For e xample, in the United States y [...]

  • Página 90

    5-42 C HAPTER 5: S YSTEM C ONFIGURA TION Maximum T ransmit Data Ra te – The ma ximum data rate at which the access poin t transmits u nicast packets on the wireless interfa ce. The maximum transm ission distance i s affected by th e data ra te. The lower t he data rate, the longer the tran smission dist ance. (Opti ons: 54, 48, 36, 24 Mbps; Defau[...]

  • Página 91

    5-43 Radio In te rface nego tiate the sen ding of a data frame. A fter r eceiving an RTS fram e, the station sends a C TS (cle ar to se nd) fra me to notify the sendin g statio n that it can start sendi ng data. If the RTS threshold i s set to 0, the access point always sends RTS signals. If set to 2347, t he access point nev er sends RTS signal s.[...]

  • Página 92

    5-44 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 32 Radio Settings B/G Client Acce ss M ode – Selects the operat ing mode for the 802 .11g wirel ess inter face. (De f aul t: 802.11b+g )  802.11 b+g: Both 802. 11b and 802.11g clients can commu nicate with the access point (up to 54 Mbps ).  802.11 b only: Both 802. 11b and 802.11g cl ients ca[...]

  • Página 93

    5-45 Radio In te rface Super Mo de – The Ath eros pr o prietary S uper G pe rformance enhan cements ar e supported by the access po int. These enhance ments include burs ting, compr ession, fa st frames and dynami c turbo. Maximum thr oughput range s betwee n 40 to 60 Mb ps for conn ection s to A theros- comp atible clie nts. (Defaul t: Disabl ed[...]

  • Página 94

    5-46 C HAPTER 5: S YSTEM C ONFIGURA TION The access poin t implements QoS usi ng the W i-Fi Multimed ia (WMM) standar d. Using WMM , the access poi nt is able to pri oritize traf fic and opt imize perfor mance when multiple app lications compete f or wireless net work bandwi dth at the same ti me. WMM employs t echniques that ar e a subset of t he [...]

  • Página 95

    5-47 Radio In te rface resolution me chanism first selects data wi th the highes t priori ty to be gra nted a transmit o pportu nity . Then t he sam e colli sion resolutio n me chanism is us ed exter nally to d etermin e which device ha s access to the wireless medi um. For each A C queue, t he collision res olution mechan ism is dependen t on two [...]

  • Página 96

    5-48 C HAPTER 5: S YSTEM C ONFIGURA TION Figure 34 WMM Conf iguration WMM – Sets the WMM operati onal mode on the access po int. When enabl ed, the parame ters for each AC queu e will be employed on the access point an d QoS capabil ities are adverti sed to WMM-enabled cli ents. (Default : Support)  Disa ble: WMM is disabl ed.  Support: W M[...]

  • Página 97

    5-49 Radio In te rface init ial wait time is a rando m value between zer o and the CWMin value. Specif y the CW Min value in th e range 0-15 m icroseconds. Note tha t the CW Min valu e must be e qual or less th an the CWMax value. logCWM ax (Maximum Cont ention Window) – The maximum upper li mit of the rando m bac koff wait tim e befo re wireless[...]

  • Página 98

    5-50 C HAPTER 5: S YSTEM C ONFIGURA TION S ECURITY The access poi nt is configur ed by default as an “open syst em,” which bro adcasts a beacon sign al including the con figure d SSID. W irel ess clients with an SSID setti ng of “any” can r ead the SSID fr om the beacon and auto matically set t heir SSID to all ow immediate connec tion to t[...]

  • Página 99

    5-51 Security The acces s point can sim ultaneously suppor t clients usin g various dif fer ent security mec hanisms. The config uration for these secur ity combination s ar e outlin ed in th e follow ing tab le. Note that MA C ad dress authentica tion can b e confi gured inde pendently to work with all security me chanisms and is in dicated separ [...]

  • Página 100

    5-52 C HAPTER 5: S YSTEM C ONFIGURA TION Dynamic WE P (802.1x) only Authentication: Open System Encryption: Enable 802.1x: Requir e d Set 802.1x key refresh and r e auth entication rates Local, RADIUS , or Dis abled Ye s c 802.1x WP A only Authentication: WP A Encryption: Enable WP A Configuration: Required Cipher Suite: TKIP 802.1x: Requir e d Set[...]

  • Página 101

    5-53 Security W IRED E QUI VALENT P RIVACY (W EP) WEP pr ovides a basic le vel of security , preven ting unauthori zed access to the network, an d encryptin g data tra nsmitted b etween wireless clients a nd the acce ss point. WE P uses static shar ed keys (fixed-le ngth hexadecimal or alphanumeric strings) t hat are manu ally distrib uted t o all [...]

  • Página 102

    5-54 C HAPTER 5: S YSTEM C ONFIGURA TION Note that al l clients shar e the same keys, which ar e used for user aut hentication and data encrypti on. Up to four keys can be speci fied. These four keys ar e used for all V AP in terfaces on t he same ra dio. T o set up WEP shar ed keys, clic k Radio Setti ngs under 802. 11a or 802.1 1b/g, then select [...]

  • Página 103

    5-55 Security Encryption – Ena ble or disa ble the access point to use data encrypt ion (WEP , TKIP , or AES). If this option is selected when using sta tic WEP keys, you must confi gure at least o ne key on the acces s point a nd all client s. (Def ault: Di sabled) Ciphe r Mo des – Selects an encrypti on method for the gl obal key used for mul[...]

  • Página 104

    5-56 C HAPTER 5: S YSTEM C ONFIGURA TION  Hexadecimal : Enter keys as 10 hexadecim al di gits (0-9 an d A-F) for 64 bit k eys, 26 hex adecimal digit s for 128 bit keys, or 32 hex adecimal digit s for 152 bit keys (802.1 1a ra dio only). This is th e defau lt set ting.  Alphanumer ic: Enter keys as 5 alph anumeric characters for 64 bit keys, 1[...]

  • Página 105

    5-57 Security  Key Ty pe – Select the p referred met hod of ente r ing W EP encryption ke ys on the access poi nt and enter up to f our keys: • Hexadecim al: Ente r keys as 10 hexadeci mal digits ( 0-9 and A-F) for 64 bit keys, 26 hex adec imal digits for 128 bit k eys, or 32 h exad ecimal digi ts for 1 52 bit keys (802.11a rad io only). Thi[...]

  • Página 106

    5-58 C HAPTER 5: S YSTEM C ONFIGURA TION T empora l Key I ntegrit y Protocol (TKIP): WP A specifies TKIP as the data encrypti on method to r eplace WEP . TKIP avoid s the probl ems of WEP static keys by dynamic ally changing data encryption keys. Bas ically , TKIP starts with a master (tempor al) key for each user sessi on and then mathemati cally [...]

  • Página 107

    5-59 Security for WP A2. However , the comp utational in tensive ope rations of AES-CCMP r equires hardwar e suppor t on client devices. Ther efore to implement WP A2 in the ne twork, wir eless cl ients must be upgraded to WP A2-compl iant har dware.  WP A 2 Mi xed-Mode : WP A2 defines a t ransitional mode of operati on for networks m oving from[...]

  • Página 108

    5-60 C HAPTER 5: S YSTEM C ONFIGURA TION Status Information The Status pa ge includes informa tion on the follow ing items: Access Point St at us The AP Statu s window display s basic system co nfiguration set tings, as well as the settings fo r the wireless i nterface. Figure 38 AP Status AP System Confi guration – T he AP System Configuration t[...]

  • Página 109

    5-61 Security  HTTP Server : Shows if management acce ss via HTTP i s enabled .  HTTP Serv er Port: Shows the TCP port use d by the HTTP interface .  Version: Sho ws the software version nu mber.  802.1X : Shows if IEEE 80 2.1X access contro l for wireless clients is enab led. AP Wirel ess Configur ation – The AP Wir eless Config urat[...]

  • Página 110

    5-62 C HAPTER 5: S YSTEM C ONFIGURA TION syste m” and “s hare d key .” Ope n-sy stem authentication accep ts any clien t attempting to conn ect to th e access po int w ithout veri fying its identi ty. The shared- key appro ach uses W ired Equival ent Privacy (WEP) t o verify client identity b y distribu ting a share d key to stations befor e [...]

  • Página 111

    5-63 Security  Access po int was set to “Ope n Authenti cation”, but a client sent an authenticat ion reques t frame with a “Shared ke y.”  Access point wa s set to “S hared Key A uthentica tion,” but a client se nt an authenticat ion frame for “O pen System. ”  WEP keys do not match: When the ac cess point uses “S hared [...]

  • Página 112

    5-64 C HAPTER 5: S YSTEM C ONFIGURA TION[...]

  • Página 113

    6-1 6 C OMMAND L INE I NTERFACE U SING TH E C OMMAND L INE I NTE R FACE A CCESSING THE CLI When accessin g the managem ent in terface fo r the over a direct conne ction to the con sole port, or via a T elnet conne ction, the acces s point can b e managed by entering comman d keywords an d para meters a t the prompt . Usin g the a ccess point’ s c[...]

  • Página 114

    6-2 C HAPTER 6: C OMMAND L INE I NTERFACE T elnet Connection T elnet ope rate s over the I P tran sport protoco l. In this environm ent, your managemen t station and any ne twork device you want to manage over the networ k must have a valid I P address . V alid IP ad dress es consi st of four number s, 0 to 255, separated by per iods. Each add ress[...]

  • Página 115

    6-3 Using th e Command Line Interface E NTERING C OMMANDS This s ectio n des cribes how to ent er CLI comm ands . Keywor ds and Arguments A CLI command i s a series of keywords an d arguments. Keywor ds identify a command, and argu ments specify co nfiguration pa rameters. For examp le, in the command “show interfaces et her net,” show and inte[...]

  • Página 116

    6-4 C HAPTER 6: C OMMAND L INE I NTERFACE Showing Commands If you ente r a “?” at the command pr ompt, the system wi ll display the fir st level of ke ywords for the c urre nt configur ation mode (Exec, Global Co nfiguration, or Interf ace). Y ou can also dis play a list of vali d keyword s for a spe cific command. For examp le, the command “[...]

  • Página 117

    6-5 Using th e Command Line Interface Negating the Effect of Commands For many con figuration comm ands you can enter th e prefix key word “ no ” to cancel t he effect of a command or r eset the config uration to the d efault value. For exa mple, the logging command will log system messages to a host server . T o disa ble loggi ng, s pec ify t [...]

  • Página 118

    6-6 C HAPTER 6: C OMMAND L INE I NTERFACE Configuration Commands Configu ration comma nds are used to modi fy access point s ettings. Thes e commands modify the runnin g configurat ion and are s aved in memory . The confi guration comm ands are orga nized into four di ffer ent modes: • Globa l Configurat ion (GC) - T hese commands modif y the sys[...]

  • Página 119

    6-7 Using th e Command Line Interface Ta b l e 8 Keystroke Commands C OMMAND G RO U P S The syst em commands can be br oken down into the funct ional group s shown below . Ta b l e 9 Command Groups Keystr oke Function Ctrl -A Shifts cursor to start of comma nd line. Ctrl -B Shifts cursor to the left one cha racter . Ctrl -C T erminates a task and d[...]

  • Página 120

    6-8 C HAPTER 6: C OMMAND L INE I NTERFACE The acces s mode sho wn in the following t ables is indicat ed by these abbr eviations: Exec ( Executive Mode) , GC (Global Conf igura tion ), IC-E (Interface -Ether net Co nfigura tion), IC-W (Inter face-Wireles s Configurat ion), and IC-W-V AP (Inte rfac e-W ireless V AP C on figur ation ). General Comman[...]

  • Página 121

    6-9 Using th e Command Line Interface Default Settin g None Comm and Mode Exec Exam ple Relate d Comm ands end (6- 9) end This co mmand returns to the pr evious config uration mode. Default Settin g None Comm and Mode Globa l Configura tion, Inter face Config uration Exam ple This example shows h ow to retu r n to the Configurat ion mode fr om the [...]

  • Página 122

    6-10 C HAPTER 6: C OMMAND L INE I NTERFACE exit This co mmand returns t o the Exec mode or exit s the configura tion pro gram. Default Settin g None Comm and Mode Any Exam ple This ex ample sho ws how to retur n to the Exec m ode from th e Interfa ce Conf igurati on mo de, and th en qu it th e CLI sessi on: ping This command sends ICMP e cho requ e[...]

  • Página 123

    6-11 Using th e Command Line Interface - Desti nation unreachab le - The gate way for this destin ation indicate s that the destin ation is unreach able. - Network or host unreachabl e - The gateway f ound no corres ponding entry in the rout e table. • Press <Esc> to stop pinging. Exam ple re s et This comm and restarts t he system o r rest[...]

  • Página 124

    6-12 C HAPTER 6: C OMMAND L INE I NTERFACE show history This command shows the cont ents of the command history bu ffer . Default Settin g None Comm and Mode Exec Comman d Usage • The hi story buffer s ize is fixed at 10 comm ands. • Use the u p or do wn arrow k eys to scroll th rough the comm ands in t he histor y buffer. Exam ple In thi s exa[...]

  • Página 125

    6-13 Using th e Command Line Interface System Management Co mmands These command s are used to conf igure the use r name, passwor d, system log s, br owser manage ment options, cl ock setting s, and a varie ty of other sys tem inform ation. Ta b l e 11 System Management Commands country This comm and configu res the access point’ s co untry code [...]

  • Página 126

    6-14 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax country < country_code > countr y_code - A two cha racter code that id entifies the country of operation. See the followin g table for a full list o f codes. Ta b l e 12 Country Codes Country Code Count ry Code Country Code Cou ntry Code Alba nia AL Dominican Republic DO Kuwait KW Rom ani a R[...]

  • Página 127

    6-15 Using th e Command Line Interface Default Settin g US - for un its sold in the Unite d States 99 (no co untry set) - for units so ld in o ther cou ntries Comm and Mode Exec Comman d Usage • If you purchased an acce ss point outsi de of the United States, the count ry code must be set befor e radio func tions are enab led. • The avai lable [...]

  • Página 128

    6-16 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g Outdoor 11a Buildi ng to Building Comm and Mode Globa l Configura tion Exam ple system name This command specifies or modifies the system name for this device . Use the no form to restore the de fault system nam e. Syn tax system name < name > no system name name - The na me of th is[...]

  • Página 129

    6-17 Using th e Command Line Interface Default Settin g admin Comm and Mode Globa l Configura tion Exam ple passwor d After initia lly logging onto the s ystem, you shoul d set the passwo rd. Remembe r to r ecord it in a safe pla ce. Use the no form to reset the de fault passwo rd. Syn tax pass word < pas sword > no pas sword passw ord - Pass[...]

  • Página 130

    6-18 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Interface Confi guration (Ether net) Comman d Usage • The acce ss point suppor ts Secure Shell ver sion 2.0 only. • After boot u p, the SSH server ne eds abou t two minute s to generate host encrypti on keys. The SSH server is disabled while the keys ar e being genera ted. T he show syste[...]

  • Página 131

    6-19 Using th e Command Line Interface Comm and Mode Interface Confi guration (Ether net) Exam ple ip http p ort This comman d specifie s the TCP port number used by the web browser interface. Use the no fo rm to use the d efault p ort. Syn tax ip http po rt < port- number > no ip http port port-num ber - T he TCP port to be used by the brows[...]

  • Página 132

    6-20 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Globa l Configura tion Exam ple Relate d Comm ands ip http port (6- 19) ip https po rt Use this command to speci fy the UDP port number use d for HTTPS/SSL connection to t he access po int’ s Web interfa ce. Use the no form to restore the default po rt. Syn tax ip https po rt < port_ num[...]

  • Página 133

    6-21 Using th e Command Line Interface Exam ple ip https server Use this command to enable the secure hypertext transfer protoco l (HTTPS) over the Se cure So cket La yer (S SL), providing secure ac cess (i .e., an en crypte d conne ction) to the access point’ s Web interfa ce. Use t he no form to disable this function . Syn tax [ no ] ip https s[...]

  • Página 134

    6-22 C HAPTER 6: C OMMAND L INE I NTERFACE w eb -re d i re ct Use this command to en able we b-based au thenti cation o f client s. Use th e no form to d isable this fun ction. Syn tax [ no ] web- redirect Default Settin g Disabled Comm and Mode Globa l Configura tion Comman d Usage • The web redirect feature i s use d to sup port bi lling for a [...]

  • Página 135

    6-23 Using th e Command Line Interface APmgmtIP This command specifies the client IP addr esses that are allowed management access to the access poin t throu gh various pr otocols . Syn tax APmgmtIP < mul tiple IP_addr ess subnet_ mask | single IP_address | any > • multiple - Adds IP add resses within a specif iable range to the SN MP, web [...]

  • Página 136

    6-24 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple This exampl e restricts manag ement access to the indicat ed addresses. APmgmtUI This co mmand enables and di sables manageme nt access to the access point thr ough SNMP , T elnet and web i nterfaces. Syn tax APmgmtUI < [ SNMP | Te l n e t | Web ] enable | disable > • SNMP - Spe cifi es SN[...]

  • Página 137

    6-25 Using th e Command Line Interface show apmanage ment This co mmand shows the AP manag ement configurat ion, includi ng the IP addr esses of management s tations allowed to access the access point, as well as the i nterface protocol s which ar e open to managemen t access. Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show apman[...]

  • Página 138

    6-26 C HAPTER 6: C OMMAND L INE I NTERFACE show system This command displays basic system confi g uration settings . Default Settin g None Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show system System Information ========================================================== Serial Number : A123456789 System Up time : 0 days, 4 hours[...]

  • Página 139

    6-27 Using th e Command Line Interface show version This command displays th e s oftwar e version for the system . Comm and Mode Exec Exam ple show config This co mmand displays detailed configurat ion informat ion for the sys tem. Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show version Version Information =======================[...]

  • Página 140

    6-28 C HAPTER 6: C OMMAND L INE I NTERFACE Protocol Filter Information =========================================================== Local Bridge :DISABLED AP Management :ENABLED Ethernet Type Filter :DISABLED Enabled Protocol Filters ----------------------------------------------------------- No protocol filters are enabled =========================[...]

  • Página 141

    6-29 Using th e Command Line Interface ----------------Security----------------------------------- Closed System : DISABLED Multicast cipher : WEP Unicast cipher : TKIP and AES WPA clients : REQUIRED WPA Key Mgmt Mode : PRE SHARED KEY WPA PSK Key Type : ALPHANUMERIC Encryption : DISABLED Default Transmit Key : 1 Static Keys : Key 1: EMPTY Key 2: EM[...]

  • Página 142

    6-30 C HAPTER 6: C OMMAND L INE I NTERFACE Radius Secondary Server Information ======================================== IP : 0.0.0.0 Port : 1812 Key : ***** Retransmit : 3 Timeout : 5 Radius MAC format : no-delimiter Radius VLAN format : HEX ======================================== SNMP Information ============================================== Ser[...]

  • Página 143

    6-31 Using th e Command Line Interface SNTP Information =========================================================== Service State : Disabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.18 Current Time : 00 : 14, Jan 1st, 1970 Time Zone : -5 (BOGOTA, EASTERN, INDIANA) Daylight Saving : Disabled ================================[...]

  • Página 144

    6-32 C HAPTER 6: C OMMAND L INE I NTERFACE show har dware This co mmand displays the har dware v ersion of the s ystem. Comm and Mode Exec Exam ple System Logging Comma nds These command s are used to conf igure system l ogging on the access poi nt. Ta b l e 13 System Loggign Commands SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLE[...]

  • Página 145

    6-33 Using th e Command Line Interface logging on This co mmand contr ols logging of error messages; i.e., sendi ng debug or err or messages to memor y . The no fo rm disa bles the logging p roces s. Syn tax [ no ] loggi ng on Default Settin g Disabled Comm and Mode Globa l Configura tion Comman d Usage The logg ing pr ocess contro ls err or messag[...]

  • Página 146

    6-34 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g None Comm and Mode Globa l Configura tion Exam ple logging con sole This command init iates log ging of er ror m essages to the conso le. Use t he no form to di sable logg ing to the cons ole. Syn tax [ no ] loggi ng console Default Settin g Disabled Comm and Mode Globa l Configura tion Ex[...]

  • Página 147

    6-35 Using th e Command Line Interface Comman d Usage Messages sent include the selected level down to Emergency level. Exam ple logging facili ty-type This comm and sets the facili ty type for remote loggi ng of syslog message s. Syn tax logging facility -type < type > type - A nu mber that in dicates the fa cility used b y the syslog se rve[...]

  • Página 148

    6-36 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple logging cle ar This command clears all log messages stor ed in the access point’ s memory . Syn tax logging cle ar Comm and Mode Globa l Configura tion Exam ple show loggin g This co mmand displays th e logging config uration. Syn tax show loggin g Comm and Mode Exec Exam ple Outdoor 11a Buildin[...]

  • Página 149

    6-37 Using th e Command Line Interface show e vent-log This command displays log messages stor ed in the access point’ s memory . Syn tax show ev ent -log Comm and Mode Exec Exam ple System Clock Command s These command s ar e used to configur e SNTP and system clock sett ings on the access poi nt. Ta b l e 14 System Clock Commands Outdoo r 11a B[...]

  • Página 150

    6-38 C HAPTER 6: C OMMAND L INE I NTERFACE sntp-se rver ip This comman d sets the IP address of the servers to which SNTP time requests ar e issued. Use the this comma nd with n o argum ents to clear all time serve rs from the current list. Syn tax sntp-se rver ip < 1 | 2 > < ip> • 1 - First ti me server. • 2 - Second time server. ?[...]

  • Página 151

    6-39 Using th e Command Line Interface Default Settin g Enabled Comm and Mode Globa l Configura tion Comman d Usage The time acqu ired fr om time servers is used to recor d accurate dates and times for l og events. W ithout SNTP , the access point onl y records the time starting from th e factor y defau lt set at t he last bootup (i.e., 00:14 :00, [...]

  • Página 152

    6-40 C HAPTER 6: C OMMAND L INE I NTERFACE Relate d Comm ands sntp-server en able (6-38 ) sntp-se rver dayli g ht-s aving This comma nd sets the start a nd end dates f or daylight savings ti me. Use t he no form to d isable d aylight savings t ime. Syn tax [ no ] sntp -server day light-sa ving Default Settin g Disabled Comm and Mode Globa l Configu[...]

  • Página 153

    6-41 Using th e Command Line Interface Comm and Mode Globa l Configura tion Comman d Usage This comm and sets the lo cal tim e zone relative to the Co ordinated Universa l Time (UTC, formerl y Greenwic h Mean T ime or GMT) , based on the earth ’ s prime me ridian, zer o degr ees longi tude. T o display a ti me corres ponding to your lo cal time, [...]

  • Página 154

    6-42 C HAPTER 6: C OMMAND L INE I NTERFACE DHCP Relay Commands Dynamic H ost Configur ation Pr otocol (DHC P) can dynamical ly allocate an IP addr ess and other configurat ion informatio n to network cli ents that br oadcast a r equest. T o r eceive the br oadcast request , the DHCP server would no rmally have to be on the sam e subnet as the cli e[...]

  • Página 155

    6-43 Using th e Command Line Interface Exam ple dhcp-rel ay This command configur es the primar y and secondary DHCP server addresses. Syn tax dhcp-rel ay < prima ry | secondary > < ip_address > • primary - The primary DHCP server. • secondary - The secondary DHCP server. • ip_addr ess - IP address of the server. Default Settin g [...]

  • Página 156

    6-44 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Exec Exam ple SNMP Commands Contr ols access t o this access point from manag ement stations using the Simple Network Ma nagement Pr otocol (SNMP), as well as the hosts that will r eceive tr ap messages. Ta b l e 16 SNMP Commands Outdoor 11a Building to Building #show dhcp-relay DHCP Relay : [...]

  • Página 157

    6-45 Using th e Command Line Interface show snmp filter Displays the SNMP v3 notific a tion filters Exe c 6- 58 show snmp filter -assignments D isplays the SNMP v3 notification filter assignments Exe c 6- 59 show snmp Displays the status of SNMP communic ations Exec 6-60 Command Function Mode Page[...]

  • Página 158

    6-46 C HAPTER 6: C OMMAND L INE I NTERFACE snmp- server comm unity This comm and de fines the commun ity access string for the S imple N etwor k Manage ment Pr otocol. U se the no for m to r e move the specifi ed community string. Syn tax snmp- server commun ity string [ ro | rw ] no snmp -server c ommunity string • string - Comm unity strin g th[...]

  • Página 159

    6-47 Using th e Command Line Interface Default Settin g None Comm and Mode Globa l Configura tion Exam ple Relate d Comm ands snmp-serve r location (6-47 ) snmp- server locat ion This command sets the system locati on string. Use the no form to remove the loca tion stri ng. Syn tax snmp- server locati on < text > no snmp -server lo cation tex[...]

  • Página 160

    6-48 C HAPTER 6: C OMMAND L INE I NTERFACE snmp-s erver enable server This comman d enables SNMP managemen t access and also enab les this device to send SNMP traps (i.e ., notificati ons). U se the no form to disable SNMP service and trap messages. Syn tax snmp-s erver enable se rver no snmp-ser ver enable server Default Settin g Enabled Comm and [...]

  • Página 161

    6-49 Using th e Command Line Interface • host_name - Nam e of th e ho st. (Ra nge: 1 -63 chara cters) • communi ty-string - Passw ord-like commu nity stri ng sent with th e notifi cation operat ion. Althou gh you can set thi s stri ng using the snmp-s erver host comma nd by itsel f, we recom mend that y ou define this strin g using t he snmp-se[...]

  • Página 162

    6-50 C HAPTER 6: C OMMAND L INE I NTERFACE re-associated with the access point. - dot1 1StationReq uestFail - A clie nt station has f ailed associ ation, re-association, or authenticatio n. - dot1xAu thFa il - A 802.1X cli ent stati on has failed RA DIUS authent ication. - dot1xAu thNotIn itiated - A client station did no t initiate 8 02.1X authent[...]

  • Página 163

    6-51 Using th e Command Line Interface Default Settin g All traps en abled Comm and Mode Globa l Configura tion Comman d Usage This co mmand is used in conj unction with the snmp-ser ver host and snmp-s erver enable se rver commands to enable SNMP notificat ions. Exam ple snmp- server engi ne-id This command is used for SN MP v3. It is used to uniq[...]

  • Página 164

    6-52 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple snmp-s erver user This command confi gures the SNMP v3 users that ar e allowed to manage the access point. Use the no form to de lete an SNMP v3 user . Syn tax snmp-s erver user < user -name> user -nam e - A use r -defined string for the SN MP user . (32 characte rs maximu m) Default Settin [...]

  • Página 165

    6-53 Using th e Command Line Interface • The comm and prompts f or the following informatio n to configur e an SNMP v3 user: - user-nam e - A user-de fined stri ng for t he SNMP user. ( 32 chara cters maximum) - grou p-na me - The name of the SNMP grou p to which the use r is assigned ( 32 characters ma ximum). There are three pre-def ined groups[...]

  • Página 166

    6-54 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax snmp-s erver targets < target- id > < ip-add r > < sec-name > [ version { 3 }] [ udp-p ort { port-numbe r }] [ notificatio n-type { TRAP }] no snmp -server targets < target-id > • target-id - A user -defined name th at iden tifies a receiver o f SNMP notif ications. (M axi[...]

  • Página 167

    6-55 Using th e Command Line Interface Syn tax snmp-s erver filter < filter -id > < includ e | exclude > < subtree > [ mask { mask }] no snmp -server filter < filter -id > [ subtree ] • filter-id - A use r-defin ed nam e that id entifies an SNM P v3 no tificatio n filter . (Maximum le ngth: 32 charact ers) • includ e - D[...]

  • Página 168

    6-56 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple snmp-s erver filt er -assignme nts This command ass igns SNMP v3 notif ication filte rs to targets. Use the no form to r emove an SNMP v3 filter assignment. Syn tax snmp-s erver filter -assignme nts < target-id > < fi lter -id > no snmp -server filter -assignm ents < target-id > [...]

  • Página 169

    6-57 Using th e Command Line Interface Syn tax show snmp gr oups Comm and Mode Exec Exam ple show snmp us ers This command displa ys the SNMP v3 users and s ettings . Syn tax show snmp us ers Comm and Mode Exec Exam ple show snmp gr oup-as signmen ts This co mmand displays th e SNMP v3 user gr oup assignmen ts. Outdoor 11a Building to Building#show[...]

  • Página 170

    6-58 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax show snmp gr oup- assignmen ts Comm and Mode Exec Exam ple show snmp target This command displa ys the SNMP v3 noti fication tar get settings. Syn tax show snmp target Comm and Mode Exec Exam ple show snm p filter This command displa ys the SNMP v3 noti fication fi lter settings. Syn tax show s n m[...]

  • Página 171

    6-59 Using th e Command Line Interface Comm and Mode Exec Exam ple show s n mp fil ter -assignments This command displa ys the SNMP v3 noti fication fi lter assignmen t s. Syn tax sho w sn mp fi lt er -a ssi gnm e nts Comm and Mode Exec Exam ple Outdoor 11a Building to Building#show snmp filter Filter: trapfilter Type: include Subtree: iso.3.6.1.2.[...]

  • Página 172

    6-60 C HAPTER 6: C OMMAND L INE I NTERFACE show s nmp This co mmand displays the SNMP conf iguratio n settings. Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show snmp SNMP Information ============================================== Service State : Enable Community (ro) : ***** Community (rw) : ***** Location : WC-19 Contact : Paul E[...]

  • Página 173

    6-61 Using th e Command Line Interface Flash/File Commands These command s are used to mana ge the system code or configu ration files. Ta b l e 17 Flash/File Commands bootfile This command specifies the image used to star t up the system. Syn tax bootfile < filen ame > filename - Na me o f the imag e file . Default Settin g None Comm and Mod[...]

  • Página 174

    6-62 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple copy This co mmand copies a boot file , code image, or conf iguratio n file between th e access point ’ s flash memory and a F TP/TF TP server . When you save the configu ration setting s to a fi le on a F TP/TF TP server , th at file can la ter be download ed to the access point to r estore sys[...]

  • Página 175

    6-63 Using th e Command Line Interface Exam ple The fo llow ing exam ple s hows how to up loa d the c onf igurati on se tting s to a fil e on the TF TP server: The fo llow ing exam ple s hows how to do wnlo ad a c onf igurat ion fi le: delete This command deletes a fi le or image. Syn tax delete < file name > filename - Name of the config ura[...]

  • Página 176

    6-64 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple This example shows how to d elete th e test.cfg configurat ion file from flash memory . Relate d Comm ands bootfil e (6-6 1) dir (6-6 4) dir This command displays a list of files in flash memory . Comm and Mode Exec Comman d Usage File in formatio n is shown below: Exam ple The followi ng example [...]

  • Página 177

    6-65 Using th e Command Line Interface show bootfil e This command displa ys the name of the curr ent operation co de file that booted the system. Syn tax sho w sn mp fi lt er -a ssi gnm e nts Comm and Mode Exec Exam ple RADIUS Client Remote Authenti cation D ial-in User Service (RADIU S) is a logon authen tication protocol that uses software runni[...]

  • Página 178

    6-66 C HAPTER 6: C OMMAND L INE I NTERFACE radiu s-serv er ad dress This command specifies the primary and secondary RADIUS servers. Syn tax radi us-ser ver [ secondary ] address < host_i p_address | host_n ame > • secondary - Secondary server. • host_ip_ad dress - IP address of server. • host_name - Host name of serv er. (Range: 1- 20 [...]

  • Página 179

    6-67 Using th e Command Line Interface Exam ple radi us-ser ver key This co mmand sets the RADIUS en cryption key . Syn tax radi us-ser ver [ secondary ] key < key_string> • secondary - Secondary server. • key_string - Encryptio n key used to authenticate logo n access for client. Do not us e blank spaces in the string. (Maximum lengt h: [...]

  • Página 180

    6-68 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g 3 Comm and Mode Globa l Configura tion Exam ple radi us-ser ver timeo ut This comm and sets the in terval bet ween tran smitting a uthentica tion reque sts to the RADIU S server . Syn tax radi us-ser ver [ secondary ] timeout number_ of_seconds • secondary - Secondary server. • number [...]

  • Página 181

    6-69 Using th e Command Line Interface Default Settin g 0 (disa bled) Comm and Mode Globa l Configura tion Comman d Usage • When the RADI US Accounti ng serve r UDP por t is speci fied, a RADIUS accounting session i s automa tically sta rted for e ach use r that i s successfully authenticate d to t he access point. Exam ple radius-server timeou t[...]

  • Página 182

    6-70 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax radi us-ser ver radi us-mac- format < mu lti-c olon | multi-dash | no-d elimite r | si n gle-dash > • multi-c olon - Enter MAC addresses in the form xx:xx:xx:xx:xx:xx. • multi- dash - Enter MAC a ddresses in the form xx-xx-xx-xx-xx-xx. • no-d elimite r - Enter MAC addresses in the form [...]

  • Página 183

    6-71 Using th e Command Line Interface Default Settin g None Comm and Mode Exec Exam ple 802.1X Authentication The access point supports IEEE 802.1X access control for wire l ess clients. This contr ol featur e preven ts unauthori zed access to the network by r equiring an 802.1X client applica tion to submi t user cred entials for aut henticati on[...]

  • Página 184

    6-72 C HAPTER 6: C OMMAND L INE I NTERFACE Ta b l e 19 802.1X Authentica tion 802.1x This co mmand configur es 802.1X as optionally s upported or as r equir ed for wireless clients. Use th e no f orm to d isable 8 02.1X s upport. Syn tax 802.1x < supporte d | re qu i re d > no 802. 1x • support ed - Au thenticate s client s that ini tiate t[...]

  • Página 185

    6-73 Using th e Command Line Interface stati ons initiati ng 802.1X, only those statio ns successfull y authenticat ed are al low ed to acce ss t he ne twor k. For thos e st atio ns no t ini tiati ng 802.1X , access to the net work is allowed after succes sful 802.1 1 association.[...]

  • Página 186

    6-74 C HAPTER 6: C OMMAND L INE I NTERFACE • When 80 2.1X is requ ired, the access point enforce s 802.1X auth entication for al l 802.11 associat ed stations. If 802.1X auth entication is not initia ted by the s tation, the access poi nt will init iate authen tication . Only those stations succe ssfully authe nticated with 802.1X are allo wed to[...]

  • Página 187

    6-75 Using th e Command Line Interface Exam ple 802.1x session- key-re fresh-r ate This comma nd sets th e interval a t which u nicast sessio n keys are refreshed for associa ted stations us ing dynamic keyi ng. Syn tax 802.1x session-k ey-refresh-rate < rate> rate - The inte rval at which the a ccess point refreshes a session key . (Rang e: [...]

  • Página 188

    6-76 C HAPTER 6: C OMMAND L INE I NTERFACE Default 0 (D isabled) Comm and Mode Globa l Configura tion Exam ple 802.1x -suppli cant ena ble This co mmand enables the access poi nt to operate as an 80 2.1X supplic ant for authen tication. Use th e no form to di sable 802.1X a uthenticati on of th e access point. Syn tax 802.1x -suppli cant enabl e no[...]

  • Página 189

    6-77 Using th e Command Line Interface Syn tax 802.1x -suppli cant user < username> <pa ssword> no 802. 1x-suppl icant user • userna me - The access p oint name used for authenticati on to t he networ k. (Range: 1-32 alphanumeri c characters ) • password - The MD5 pass word use d for a ccess poin t authen tication . (Range: 1-32 alp[...]

  • Página 190

    6-78 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Exec Exam ple MAC Address Authenticat ion Use these comm ands to define M AC authen tication on the access point. For local MAC auth enticati on, first d efine the defa ult filte ring pol icy using the ad dress filter defaul t command. Then en ter the MAC addr esses to be filter ed, indi cati[...]

  • Página 191

    6-79 Using th e Command Line Interface address filter default This co mmand sets fi ltering to allow or d eny listed M A C add resses. Syn tax address filte r defa ult < allo wed | denie d > • allo wed - Onl y MAC addresses entered as “ denied” in t he address filter ing table are denied. • denied - Only MAC addres ses entered as “a[...]

  • Página 192

    6-80 C HAPTER 6: C OMMAND L INE I NTERFACE Default None Comm and Mode Globa l Configura tion Comm and Mode • The a ccess poi nt supp orts up to 1024 M AC a ddres ses. • An entry in t he address table m ay be allowed or denied access de pending on the g lobal se tting co nfigured for the addre ss entry defa ult command. Exam ple Relate d Comm an[...]

  • Página 193

    6-81 Using th e Command Line Interface address filter delete This command deletes a MAC add ress fr om the filter table . Syn tax address fi lter dele te < mac-address> mac-addre ss - P hysi cal ad dress of clie nt. (E nter six pair s of he xadec imal digits sep arated by hyph ens.) Default None Comm and Mode Globa l Configura tion Exam ple R[...]

  • Página 194

    6-82 C HAPTER 6: C OMMAND L INE I NTERFACE Default Disabled Comm and Mode Globa l Configura tion Exam ple Relate d Comm ands addr ess filter entr y (6-79) radius- serve r addres s (6-66) 802.1x- supplicant user (6-76) mac-authenticati o n session-timeo ut This command sets the inter val at which associated clients will be re-authenticate d with the[...]

  • Página 195

    6-83 Using th e Command Line Interface Ta b l e 21 Filtering Commands filter loc al-bridg e This co mmand disables comm unication betw een wireless clients. Use t he no form to disa ble th is f ilteri ng. Syn tax filter local-b ridg e < all-V AP | intra -V AP > no fil ter local-b ridge all-V A P - When enab led, client s cannot esta blish wir[...]

  • Página 196

    6-84 C HAPTER 6: C OMMAND L INE I NTERFACE Default Disabled Comm and Mode Globa l Configura tion Comman d Usage This c omma nd c an di sabl e wireles s-to- wirele ss com muni catio ns be tween clients via the acce ss point. However , it does not af fect communications between wi reless cl ients and the wir ed netw ork. Exam ple Outdoor 11a Building[...]

  • Página 197

    6-85 Using th e Command Line Interface filter ap -man age This co mmand preven ts wireles s clients fr om accessing t he management in terface on the access poin t. Use the no form to disabl e this filteri ng. Syn tax [ no ] filt er ap-manage Default Enabled Comm and Mode Globa l Configura tion Exam ple filter u plink e nab le This command enable s[...]

  • Página 198

    6-86 C HAPTER 6: C OMMAND L INE I NTERFACE Default Disabled Comm and Mode Globa l Configura tion Exam ple fil ter ethernet-typ e enable This co mmand checks the Et her net type on all inc oming and outg oing Ethernet packets ag ainst the pro tocol filter ing table. Use the no form to di sable thi s feat ure. Syn tax [ no ] filt er ethernet-type e n[...]

  • Página 199

    6-87 Using th e Command Line Interface fil ter ethernet-t ype prot ocol This comman d sets a filter for a specific E t hernet type. U se the no form to disable filter ing for a specifi c Ethernet t ype. Syn tax fil t er eth er net-typ e protoco l < protocol> no fi lter ethernet- type pr otocol < protocol > protoco l - A n Ether ne t pro[...]

  • Página 200

    6-88 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple WDS Bridge Commands The commands de scribed in this section ar e used to set the operation mode for each access poi nt interface and conf igure WI reless Distribut ion System (WDS) forwarding table settings . Ta b l e 22 WDS Bridge Commands Outdoor 11a Building to Building #show filters Protocol F[...]

  • Página 201

    6-89 Using th e Command Line Interface bridge m ode This command select s between Maste r and Slave mo de. Syn tax bridge m ode < master | slave > • master - Operates as a master ena bling up to five slave links. • slave - Oper ates as a s lave with on ly one link to the maste r . Default Settin g Master Comm and Mode Interface Confi gura[...]

  • Página 202

    6-90 C HAPTER 6: C OMMAND L INE I NTERFACE When th e access poi nt is op eratin g in th is mod e, traff ic is not forwar ded to the Et herne t port fro m the ra dio in terface. • Up to f our WDS bridge links (MAC addres ses) per ra dio interfa ce can be specified for each un it in the wir eless bridge network. One unit only mu st be confi gured a[...]

  • Página 203

    6-91 Using th e Command Line Interface brid ge-lin k paren t This co mmand configur es the MAC addr ess of th e parent bri dge node. Syn tax brid ge-lin k pare nt < mac-address > mac-ad dress - The wi reless MAC a ddress of the parent bri dge un it. (12 hexadecimal d igits in the form “xx-xx-xx -xx-xx-xx”). Default Settin g None Comm and [...]

  • Página 204

    6-92 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g None Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage • In r oot bridge mode , up to six child bridge l inks can be speci fied using li nk inde x numbers 1 to 6. • In br idge mode, up to fiv e child links can be specified using li nk index numbers 2 to 6. Inde x numbe[...]

  • Página 205

    6-93 Using th e Command Line Interface Default Settin g 300 seco nds Comm and Mode Globa l Configura tion Comman d Usage If the MAC ad dress of an entry i n the addr ess table is not seen on the associated interface for long er tha n the ag ing time, the entry is discarded. Exam ple Outdoor 11a Building to Building(config)#bridge dynamic-entry age-[...]

  • Página 206

    6-94 C HAPTER 6: C OMMAND L INE I NTERFACE show bridge aging- time This co mmand displays the current WDS forwarding table ag ing tim e setti ng.[...]

  • Página 207

    6-95 Using th e Command Line Interface Comm and Mode Exec Exam ple show bridge filter -entry This comm and di splays current en tries in the WDS forwarding tab le. Comm and Mode Exec Outdoor 11a Building to Building#show bridge aging-time Aging time: 300 Outdoor 11a Building to Building#[...]

  • Página 208

    6-96 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple Outdoor 11a Building to Building#show bridge filter-entry max entry numbers =512 current entry nums =13 **************************************************************** *********************** Bridge MAC Addr Table *********** **************************************************************** | MAC [...]

  • Página 209

    6-97 Using th e Command Line Interface show brid ge link This co mmand displays WDS brid ge link and spanni ng tree settings fo r speci f ied interfaces. Syn tax show brid ge link < ethernet | wir eless < a | g > [ index ]> • ethe rne t - Specifies the Eth ernet in terface. • wirel ess - Spec ifies a wi reless interfa ce. - a - The [...]

  • Página 210

    6-98 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Exec Exam ple Outdoor 11a Building to Building#show bridge link wireless a Interface Wireless A WDS Information ==================================== AP Role: Bridge Parent: 00-12-34-56-78-9a Child: Child 2: 00-08-12-34-56-de Child 3: 00-00-00-00-00-00 Child 4: 00-00-00-00-00-00 Child 5: 00-00[...]

  • Página 211

    6-99 Using th e Command Line Interface Spanning Tree Command s The commands de scribed in this section ar e used to set the MAC addr ess table aging tim e and span ning tree para meters for both th e Ether net a nd wireless interfaces. Ta b l e 23 Bridge Commands brid ge stp enab le This command enable s the Spanning T r ee Protoco l. Use the no fo[...]

  • Página 212

    6-100 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax [ no ] bridge s tp en able Default Settin g Enabled Comm and Mode Globa l Configura tion Exam ple This exampl e globally enab les the Spanning T r ee Protoco l. brid ge stp forw ardi ng-dela y Use thi s command to confi gure the spa nning tr ee bridge fo rward tim e globally for the wireless b rid[...]

  • Página 213

    6-101 Using th e Command Line Interface changes be fore it starts to forwa rd frames. In additio n, each por t needs time to listen for conflicting information t hat would make it r eturn to the disca rding state ; otherwise , temporary data loops might r esul t. Exam ple brid ge stp hell o-time Use thi s command to confi gure the spa nning tr ee b[...]

  • Página 214

    6-102 C HAPTER 6: C OMMAND L INE I NTERFACE Syn tax brid ge stp max- age < seco nds > no bridg e stp m ax-age seconds - Time in seconds. (Range: 6-40 seconds) The m inimu m val ue is th e hi gher of 6 or [2 x (he llo-time + 1)]. The m aximum v alue i s the l ower of 40 or [2 x (forward-time - 1) ]. Default Settin g 20 se cond s Comm and Mode [...]

  • Página 215

    6-103 Using th e Command Line Interface Default Settin g 32768 Comm and Mode Globa l Configura tion Comman d Usage Bridg e priority is used in sel ecting the r oot devic e, root po rt, and design ated port. T he device with the hi ghest p riority be comes the STP root device . However , if all d evices have th e same prio rity , the device with the[...]

  • Página 216

    6-104 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple bridge-link port-prio rity Use this comma nd to co nfigure th e prio rity for the spe cifie d po rt. Syn tax bridge-link port-prio rity < index > < priority> • index - Specifies the bridge link nu mber on the wir eless bridge . (Range: 1-6 re quired on wirel ess interfa ce only) •[...]

  • Página 217

    6-105 Using th e Command Line Interface Syn tax show brid ge stp Comm and Mode Exec Exam ple Ethernet Interface Comm ands The com mands described in thi s sectio n con figure conne ction pa rame ters for th e Ether net port and wireless interface . Ta b l e 24 Eh terne t Interfa ce Comma nds Outdoor 11a Building to Building# show bridge stp Bridge [...]

  • Página 218

    6-106 C HAPTER 6: C OMMAND L INE I NTERFACE interface ethern et This co mmand enters Ethernet in terface conf iguration mode . Default Settin g None Comm and Mode Globa l Configura tion Exam ple T o specif y the 10/10 0Base-TX n etwork i nterface , enter th e foll owing co mmand : dns server This command speci fies the a ddress for th e primary o r[...]

  • Página 219

    6-107 Using th e Command Line Interface Relate d Comm ands show inte rface ethernet (6-110) ip address This command sets the IP address for the access po int. Use the no form to restor e the defa ult IP a ddress. Syn tax ip ad dress < ip-add ress > < netmask > < gat eway > no ip address • ip-addre ss - IP address • netmas k - [...]

  • Página 220

    6-108 C HAPTER 6: C OMMAND L INE I NTERFACE ip dhc p This co mmand enables the access poi nt to obtain an IP addr ess from a DH CP server . Use the no form to restore the defa ult IP address. Syn tax [ no ] ip dhcp Default Settin g Enabled Comm and Mode Interface Confi guration (Ether net) Comman d Usage • You mu st assign an IP addr ess to this [...]

  • Página 221

    6-109 Using th e Command Line Interface speed -dupl ex This co mmand configur es the speed and duplex mode of a given interf ace when autone gotiation is di sabled. Use t he no form t o restore the default. Syn tax speed -dupl ex < au to | 10MH | 10MF | 100 MF | 100MH > • auto - autonegotia te speed and dupl ex mode • 10M H - F orces 10 M[...]

  • Página 222

    6-110 C HAPTER 6: C OMMAND L INE I NTERFACE Comman d Usage This comman d allows you to disabl e the Ethernet port due t o abnormal behav ior (e.g., excessive col lisions), and r eenable it aft er the prob lem has been r esolved. Y ou may also want to disabl e the Ethernet port for secu rity r easons. Exam ple The followi ng example disables the Eth[...]

  • Página 223

    6-111 Using th e Command Line Interface Wireless Interface Com mands The com mands described in thi s sectio n con figure conne ction pa rame ters for th e wireless interfaces. Ta b l e 25 W ireles s Interface Commands Command F unction Mode Pag e interface w ireless Enters wir e less interface configuration mode GC 6-112 vap P rovides access to th[...]

  • Página 224

    6-112 C HAPTER 6: C OMMAND L INE I NTERFACE interface wireless This comman d enters wireless interface con figurati on mode. Syn tax interface wi reless < a | g > • a - 80 2.11a ra dio in terface. • g - 80 2.11g ra dio inte rface. Default Settin g None Comm and Mode Globa l Configura tion Exam ple T o specif y the 80 2.11a i nterface, en [...]

  • Página 225

    6-113 Using th e Command Line Interface vap This command pro vides access to the V AP (Virt ual Access Point) inte r face confi guration mode. Syn tax vap < vap-id > vap-id - The numbe r that identi fies the V AP in terface. (Option s: 0-3) Default Settin g None Comm and Mode Interface Confi guratio n (W ireless) Exam ple speed This command c[...]

  • Página 226

    6-114 C HAPTER 6: C OMMAND L INE I NTERFACE (e.g., settin g the speed to 54 Mb ps limits the eff ective maximum spe ed to 108 Mbps ). Exam ple turbo This co mmand sets the access po int to an enhanced propriet ary modulati on mode (not regulat ed in IEEE 802.11a ) that pr ovides a high er data rate of up to 108 Mbps . Syn tax turbo < static | dy[...]

  • Página 227

    6-115 Using th e Command Line Interface rate. H oweve r, this reduce s the n umber of cha nnel s supp orted (e.g., 5 channel s for the Unit ed States). Exam ple multicast-data -rate This command confi gures the max imum data rate at whic h t he access poin t tran smits multica st and management packets (exclu ding beacon packe ts) on the wireless i[...]

  • Página 228

    6-116 C HAPTER 6: C OMMAND L INE I NTERFACE channel This co mmand configur es the radio ch annel thr ough which the acc ess point communicates with wir e less clients. Syn tax channel < channel | auto > • channel - Manually sets t he radio chan nel used for comm unications w ith wirele ss clients . (Range for 802.11a: 3 6, 40, 44, 48 , 52, [...]

  • Página 229

    6-117 Using th e Command Line Interface transmit-power This command adjust s the power o f the radi o signals transmitte d from t he access point. Syn tax transmit-power < signal-stren gth> signal-strength - Signal strength tran smitted from the access po int. (Options : full, ha lf, quarte r , eighth, m in) Default Settin g full Comm and Mod[...]

  • Página 230

    6-118 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g b+g mode Comm and Mode Inter face Configur ation (Wireles s - 802.11g) Comman d Usage • For Japa n, on ly 13 cha nnels are ava ila ble wh en set to g or b+g modes. When set to b mode, 14 ch annels are avail able. • Bot h the 802.11g and 80 2.11b standa rds operat e withi n the 2.4 GHz[...]

  • Página 231

    6-119 Using th e Command Line Interface Exam ple antenna control This command select s the use of two dive rsity antenna s or a single anten na for the radio in terface . Syn tax antenna control < di versity | left | right > • divers ity - The radio uses both ant ennas in a diversity system . Select this method when the Antenn a ID is set t[...]

  • Página 232

    6-120 C HAPTER 6: C OMMAND L INE I NTERFACE antenna id This comma nd spec ifies the antenna typ e conne cted to the access poin t r epresen ted by a four -digit he xadecimal ID num ber , eithe r the integra ted diversity antenn as (the "Defaul t Anten na") or an optio nal external antenna. Syn tax antenna id < antenna-id > • anten[...]

  • Página 233

    6-121 Using th e Command Line Interface Default Settin g Indoor Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage • When an ex ternal antenna is selected, the ant enna contro l must be set to “rig ht.” • Selecting t he correct locatio n ensures th at the a ccess poin t only use s radio channels that are perm itted in the co[...]

  • Página 234

    6-122 C HAPTER 6: C OMMAND L INE I NTERFACE dtim-pe riod This command configu res th e rate at whic h stations in sleep mode must wake up to receive broadcast/multi cast tran smissions. Syn tax dtim-pe riod < in ter val> inter val - Interval b etween the bea con frames that transm it broadcast or multicast traffic. (Ran ge: 1-25 5 beac on fra[...]

  • Página 235

    6-123 Using th e Command Line Interface fragmenta tion-leng th This comm and c onfig ures the mini mum pack et si ze t hat ca n be fragm ented when passing through the access point. Syn tax fragmenta tion-leng th < lengt h> length - Minimum packet size for which fragm entation is allowed. (Range : 256 -2346 b ytes) Default Settin g 2346 Comm [...]

  • Página 236

    6-124 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g 2347 Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage • If the threshold is set to 0, the access po int always sends RTS sig nals. If set to 2347, the access point never sen d s RTS signals. I f set to any other value, and the pa cket size equals or exce eds the RTS th[...]

  • Página 237

    6-125 Using th e Command Line Interface Exam ple super -g This command enables Ather os prop r ietary Su per G performance enhan cements. Use the no fo rm to disable t his functi on. Syn tax [ no ] super - g Default Settin g Disabled Comm and Mode Inter face Configur ation (Wireles s - 802.11g) Comman d Usage These enhan cements include bu rsting, [...]

  • Página 238

    6-126 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple ssid This command confi gures the servi ce set identifier (SSID). Syn tax ssid < stri ng > string - The name of a ba sic service set sup ported by the access poin t. (Range: 1 - 32 chara cters) Default Settin g 802.11 a Radio: V AP_TEST_11A (0 t o 3) 802.11 g Radio: V AP_TEST_11G (0 t o 3) [...]

  • Página 239

    6-127 Using th e Command Line Interface Comm and Mode Interface Configurat ion (Wireless-V AP) Comman d Usage When close d system is enabled, the access p oint will not includ e its SSID in beacon mes sages. Nor will it r espond to pr obe r equests fr om clients that do not in clude a fixed SSID . Exam ple max-as sociation This command config ures [...]

  • Página 240

    6-128 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g 30 Comm and Mode Interface Configurat ion (Wireless-V AP) Exam ple auth- timeo ut-va lue This co mmand configur es the tim e inte rval within which cli ents must comple te authenticat ion to the V A P interface. Syn tax auth- timeo ut-va lue < minutes> minut es - The nu mber o f min[...]

  • Página 241

    6-129 Using th e Command Line Interface Comm and Mode Interface Configurat ion (Wireless-V AP) Comman d Usage Y ou m ust first enab le V AP interface 0 before you can e nable V AP interfa ces 1, 2, 3, 4, 5, 6, or 7. Exam ple show interface wireless This comman d displays the status for th e wireless interface. Syn tax show interface wireless < a[...]

  • Página 242

    6-130 C HAPTER 6: C OMMAND L INE I NTERFACE Comm and Mode Exec Exam ple Outdoor 11a Building to Building #show interface wireless g 0 Wireless Interface Information ========================================================================= ----------------Identification------------------------------------------- Description : Enterprise 802.11g Acce[...]

  • Página 243

    6-131 Using th e Command Line Interface ----------------Security------------------------------------------------- Closed System : Disabled Multicast cipher : WEP Unicast cipher : TKIP and AES WPA clients : DISABLED WPA Key Mgmt Mode : PRE SHARED KEY WPA PSK Key Type : PASSPHRASE WPA PSK Key : EMPTY PMKSA Lifetime : 720 minutes Encryption : ENABLED [...]

  • Página 244

    6-132 C HAPTER 6: C OMMAND L INE I NTERFACE WMM AP Parameters AC0(Best Effort) : logCwMin: 4 logCwMax: 6 AIFSN: 3 Admission Control: No TXOP Limit: 0.000 ms AC1(Background) : logCwMin: 4 logCwMax: 10 AIFSN: 7 Admission Control: No TXOP Limit: 0.000 ms AC2(Video) : logCwMin: 3 logCwMax: 4 AIFSN: 1 Admission Control: No TXOP Limit: 3.008 ms AC3(Voice[...]

  • Página 245

    6-133 Using th e Command Line Interface show statio n This command shows the wireless clients associa t ed with the access point. Comm and Mode Exec Exam ple Rogue AP Detection Comm ands A “r ogue AP ” is eithe r an access po int that is not aut horized to participat e in the wir eless networ k, or an access point that does not hav e the corr e[...]

  • Página 246

    6-134 C HAPTER 6: C OMMAND L INE I NTERFACE The acc ess point can be c onfigur ed to periodi cally scan al l radio cha nnels and fin d other access points within ra nge. A databa se of nearby acces s points is mainta ined where any r ogue APs can be identif ied. Ta b l e 26 Rogue AP Commands rogue-ap en able This command enables the per iodic detec[...]

  • Página 247

    6-135 Using th e Command Line Interface The r ogue AP dat abase can be viewed us ing the show rogue- ap command. • The access point sends Syslog messages for each detected access point during a ro gue A P sc an. Exam ple rogue-ap au thent icate This comm and forces th e unit to authe nticate a ll access po ints on th e networ k. Use the no fo rm [...]

  • Página 248

    6-136 C HAPTER 6: C OMMAND L INE I NTERFACE access point s are allo wed or are r ogues. If you en able authenti cation, you shoul d also config ure a RADI US server for this acc ess point (s ee “RADIUS” on pa ge 8 ). Exam ple rogue-ap durati on This comman d sets the scan duration for de tecting access points. Syn tax rogue-ap durati on <mil[...]

  • Página 249

    6-137 Using th e Command Line Interface Syn tax rogue-ap interval <m inute s> minut es - The int erval bet ween consecuti ve scans. (R ange: 30-1008 0 minut es) Default Settin g 720 minu tes Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage This comman d sets the inter val at which scans o ccur . Fr equent scanni ng will more[...]

  • Página 250

    6-138 C HAPTER 6: C OMMAND L INE I NTERFACE Default Settin g Disabled Comm and Mode Interface Confi guratio n (W ireless) Comman d Usage While the access point scans a channel for rogue APs, wir eless cl ients will not be ab le to connect to the acc ess point. Ther efor e, avoid fr equent scanning or scans of a long d uration unless ther e is a r e[...]

  • Página 251

    6-139 Using th e Command Line Interface show rogue-ap This comm and di splays the current rogue AP d atabase . Comm and Mode Exec Exam ple Wireless Security Com mands The comma nds describ ed in this se ction conf igure param eters for wireless secur ity on the 802 .11a and 802. 11g interfac es. Ta b l e 27 W irel ess Security Commands Outdoor 11a [...]

  • Página 252

    6-140 C HAPTER 6: C OMMAND L INE I NTERFACE auth This comma nd con figures authentica tion fo r the V AP inte rface. Syn tax auth < open -syst em | shar ed-key | wp a | wpa-psk | wpa2 | wpa2-p sk | wpa-wp a2-mixed | wp a-wpa2-psk- mixed | > <r equir ed | suppor ted> • open -syste m - Accepts th e client withou t verif ying its iden ti[...]

  • Página 253

    6-141 Using th e Command Line Interface • To use WEP share d-key authentica tion, set the auth entication type to “shared -key” and define at least one static WEP key with the ke y command. Encryption is automa tically enabled by the co mmand. • To use WEP en cryption only (n o authen tication ), set th e authe ntication type to “ open-sy[...]

  • Página 254

    6-142 C HAPTER 6: C OMMAND L INE I NTERFACE WEP). To pl ace the VAP in to AES only mode , use “requi red” and the n select the “cipher-ccm p” op tion for the cipher-suit e comma nd. Exam ple Relate d Comm ands encrypti on (6-142) key (6- 143) encr ypti on This command enables data encryp tion for wireless communi cations. Use the no form to[...]

  • Página 255

    6-143 Using th e Command Line Interface Exam ple Relate d Comm ands key (6- 143) key This co mmand sets the keys used fo r WEP encryp tion. Use the no form to dele te a config ured key . Syn tax key < in dex > < size > < type > < val ue > no key i ndex • index - Key index. (Range: 1-4) • size - Key size. (Opti ons: 64, 1[...]

  • Página 256

    6-144 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple Relate d Comm ands key (6- 143) encrypti on (6-142) transmit-k ey (6-14 4) transmit-key This comma nd sets the ind ex of the key to b e used for en crypting dat a frames for broadcast or m ulticast traffic transm itted from the VAP to wireless clients. Syn tax transmit-key < in dex> index -[...]

  • Página 257

    6-145 Using th e Command Line Interface • In a mixed-mode e nvironment wit h clients us ing static a nd dynamic keys, select t ransmit key index 2, 3, or 4. The access point uses transmit key index 1 fo r the generat ion of dynamic keys . Exam ple cipher -suit e This comm and de fines th e cipher algorith m used to encrypt the glob al key for bro[...]

  • Página 258

    6-146 C HAPTER 6: C OMMAND L INE I NTERFACE and a re-k eying mechanism. Select TKIP i f there ar e clients in the n etwork that are not WPA2 comp liant. • TKIP def ends against attack s on WEP in which t he unencrypted initial ization v ector in encrypte d packets is used to calculate the WEP key. TKIP chang es the en cryption key on each pa cket[...]

  • Página 259

    6-147 Using th e Command Line Interface The MIC ca lculation is perform ed in the access poi nt for each tr ansmitted packet and this can imp act throughpu t and perfor mance. The access poin t suppor ts a choi ce of hard ware or so ftware for M IC ca lcula tion. The perfor mance of the access poin t can be improved by se lecting the bes t method f[...]

  • Página 260

    6-148 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple Relate d Comm ands auth (6-1 40) pmksa-l ifetime This comm and sets the time for ag ing ou t cached W P A2 P airwise Master Ke y Security Asso ciation (PMKSA) inform ation for fast roamin g. Syn tax pmksa-l ifetime < minutes> minut es - The time for agin g out PM KSA informa tion. (Rang e: [...]

  • Página 261

    6-149 Using th e Command Line Interface Exam ple pre-authenticatio n This command enable s WP A2 pr e-authenti cation for fast secur e roa ming. Syn tax pr e-authenticati on < enable | dis able > • enab le - Enables pre-auth entication for th e VAP interface. • disab le - D isables pre-auth entication f or the VAP inter face. Default Sett[...]

  • Página 262

    6-150 C HAPTER 6: C OMMAND L INE I NTERFACE Link Integrity Commands The acce ss point pr ovides a link integr ity featur e that c an be us ed to ensur e that wir eless clients are con nected to reso urces on the wir ed network. The access point does thi s by peri odically se nding Pin g messages to a hos t device in the wir ed Ethernet network. If [...]

  • Página 263

    6-151 Using th e Command Line Interface host d oes not r espond or is u nreachabl e) exceeds the limit set by t he link-inte grity pi ng-fai l-retry command, t he link is determi ned as lost. Exam ple link-inte grity ping-ho st This co mmand configur es the link host name or IP add ress. Us e the no form to remove the h ost setti ng. Syn tax link-i[...]

  • Página 264

    6-152 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple link-inte grity pi ng-fai l-retry This co mmand configur es the number of consecutive fai led Ping counts bef ore the link is dete rmined as lost. Syn tax link-inte grity pi ng-fai l-retry < coun ts > counts - The number of fai led Ping count s befor e the l i nk is det ermined as lost. (Ra[...]

  • Página 265

    6-153 Using th e Command Line Interface Syn tax [ no ] link-inte grity et her net -dete ct Default Settin g Disabled Comm and Mode Globa l Configura tion Exam ple show lin k-integri ty This com man d displ ays the curren t link inte grity co nfig urati on. Comm and Mode Exec Exam ple IAPP Command s The comman d described in this s ection enables th[...]

  • Página 266

    6-154 C HAPTER 6: C OMMAND L INE I NTERFACE iapp This comm and ena bles the pro tocol sig nalin g required to han d ov er wireles s client s roamin g between dif fer ent 802.11f-co mpliant acces s points. Use the no form to di sable 802.11f signaling. Syn tax [ no ] iapp Default Enabled Comm and Mode Globa l Configura tion Comman d Usage The curr e[...]

  • Página 267

    6-155 Using th e Command Line Interface The VLAN comman ds supported by the access po int are li sted below . Ta b l e 29 VLAN Commands NOTE: When VLANs ar e enabled, the access poin t’ s Ethernet por t drops all received tr affic that d oes no t include a VLAN ta g. T o main tain n etwork connectivi ty to t he access point and wi r eless clie nt[...]

  • Página 268

    6-156 C HAPTER 6: C OMMAND L INE I NTERFACE vlan This command enable s VLANs for all traf fic. Use the no form to di sable VLAN s. Syn tax [ no ] vlan ena ble Default Disabled Comm and Mode Globa l Configura tion Comma nd Des cription • When VLANs are en abled, the access point ta gs frames received from wirele ss client s with th e VLAN ID c onf[...]

  • Página 269

    6-157 Using th e Command Line Interface Default Settin g 1 Comm and Mode Globa l Configura tion Comman d Usage The managem ent VLAN is for man aging the access point . For example, the access point all ows traffic that is tagged with th e specified VLAN to manage the access po int via re mote management, SS H, SNMP , T elnet, et c. Exam ple Relate [...]

  • Página 270

    6-158 C HAPTER 6: C OMMAND L INE I NTERFACE • If the VLAN ID has not been config ured for a clie nt on the RADI US server, then the frames are tag ged with the d efault V LAN ID of th e VAP interface . Exam ple WMM Commands The access poin t implements QoS usi ng the W i-Fi Multimed ia (WMM) standar d. Using WMM , the access poi nt is able to pri[...]

  • Página 271

    6-159 Using th e Command Line Interface Default suppo rted Comm and Mode Interface Confi guratio n (W ireless) Exam ple wmm-a cknow ledg e-po licy This comman d allows the acknowl edgement wait time to b e enabled or disa bled for each A ccess Catego ry (AC). Syn tax wmm-a cknow ledg e-po licy < ac_number > < ack | noac k > • ac_num b[...]

  • Página 272

    6-160 C HAPTER 6: C OMMAND L INE I NTERFACE Exam ple wmmpar am This co mmand configur es detail ed WMM parameter s that apply to th e access point (AP ) or the wireless clients (BS S). Syn tax wmmpar am < AP | BSS > < ac_nu mber > < LogCwMin > < LogCwMax > < AIF S > < TxOpLimit > < admission_control > • A[...]

  • Página 273

    6-161 Using th e Command Line Interface Default Comm and Mode Interface Confi guratio n (W ireless) Exam ple AP Param eters WMM Par ameters AC0 ( Best Effort) AC1 (Background) AC2 (Video) AC3 (V oice) L o g C w M i n 4432 LogCwMax 10 10 4 3 A I F S 3722 TXOP Limi t 0 0 94 47 Admission Control Disabled Dis abled Disabled Disable d BSS Parameter s WM[...]

  • Página 274

    6-162 C HAPTER 6: C OMMAND L INE I NTERFACE[...]

  • Página 275

    A-1 A T R OUBLESHOOTING Check the following i tems befor e you con tact local T echnical Suppo rt. 1 If wi reless bridge uni ts do not associate with each o ther , check th e following:  Check the p ower injector LED fo r each b ridge un it to be su re that power is bein g supplied.  Be sure that ante nnas in the link are properly al igne d. [...]

  • Página 276

    A-2  If a uthentication is being performed throu gh IEEE 80 2.1X, be su re t he wir eless users ha ve installed an d prope rly configur ed 802.1 X client softwar e.  If MAC addr ess filterin g is enabled, be sur e the client’ s addr ess is included in the l ocal filter ing database or on the RADIUS serv er database .  If th e wirele ss c[...]

  • Página 277

    A-3  Reset the bridge’ s har dware us ing the consol e interface, w eb in terface, or through a power r e set.[...]

  • Página 278

    A-4[...]

  • Página 279

    B-1 B C ABLES AND P INOUTS T WISTED -P AIR C ABLE A SSIGNMEN TS For 10/100 BASE-TX connect ions, a twisted- pair cable must have two pa irs of wir es. Each wire pair is iden tified by two dif fer ent colors. For exa mple, one wir e might b e green and the other , gr een with whi te stripes. A lso, an RJ-45 connect or mus t be atta ched to bo th end[...]

  • Página 280

    B-2 10/10 0B ASE-TX P IN A SSIGNMENTS Use uns hielde d twiste d-pair (UT P) or shi elded twisted- pair (ST P) cabl e for RJ-45 connec tions : 100-oh m Categ ory 3 or better cable for 10 Mbps c onnecti ons, or 100-o hm Category 5 or better cable for 10 0 Mbps connectio ns. Also be sur e that the lengt h of any twisted-pair connection does not exceed[...]

  • Página 281

    B-3 S TRAIGHT -T HR OUGH W IRING Becaus e the 10/10 0 Mbps Input por t on the power injec tor uses an MDI pi n confi guration, you mus t use “straigh t-thr ough” cable for net work connecti ons to hubs or switches that only h ave MDI-X ports. However , if the device to which you ar e connecting suppo rts automatic MDI/MD I-X operation, you can [...]

  • Página 282

    B-4 C R O SSOVER W IRING Becaus e the 10/10 0 Mbps port on the po wer injector uses an MD I pin confi guration, you must use “cr ossover” cabl e for network conne ctions to PCs, servers or o ther en d node s that onl y have M DI ports. Ho wever , if the d evice to whic h you a re conn ectin g supp orts a utom atic M DI/M DI-X op era tion, you c[...]

  • Página 283

    B-5 8-P IN DIN C ON NECTOR P INOUT The Ethernet cab le from t he power injector co nnects to an 8-pi n DIN connect or on the wir eles s brid ge. This conn ector is descr ibed in the foll owing figur e and table. 8-Pin DI N Ethe rnet Po rt Pin out Pin Sign al Nam e 1 T ransm it Data plus ( TD+) 2 T ransm it Data minus (TD-) 3 Receive Data plu s (RD+[...]

  • Página 284

    B-6 8-P IN DIN TO RJ-45 C ABLE W IRING T o construct an ex tended Ethernet cab le to connect fr om the power inject or’ s RJ-4 5 Output port to t he wireles s bridge’ s 8-pin D IN conn ector , fo llow the wiring diagr am below . Us e C ategory 5 or better UTP or STP c able, maximum len gth 100 m (328 ft), a nd be su re to conne ct all fo ur wir[...]

  • Página 285

    Glossary-1 G LOSSARY 10BASE-T IEEE 802. 3 sp eci f icat i on for 10 M bps Et he rnet over tw o pairs of Cat eg ory 3 or bet ter UT P cable . 100BASE- TX IEEE 802.3u spe cificat ion for 100 Mbps Fast Ether net over two pairs of Categ ory 5 or better UTP cable. Access Point An inter netwo rking device that seamle ssly connec ts wired and wirel ess ne[...]

  • Página 286

    Glossary-2 Broadcast Key Broadca st key s are se nt to station s us ing 802. 1X dy namic key ing. Dyna mic bro ad cas t key rotation is often us ed t o al low th e ac cess po i nt to ge ne rate a ran do m group ke y and per i od ically update all key -mana geme nt capable w i r el es s cl i ents. CSMA/CA Carrier Sense Mul tiple Access with Collisio[...]

  • Página 287

    Glossary-3 IEEE 802.11 b A wireless s tandard th at supp or ts wirel e ss comm unicat i ons in the 2.4 G Hz ba nd usi ng Di r ect Sequence S pre ad Spectrum (DSS S). The standar d pr ov ides for data rat es of 1, 2, 5.5, and 1 1 Mbps. IEEE 802.11 g A wireless s tandard that supp orts wirele ss c ommun ications in the 2.4 G H z ba nd using us ing Or[...]

  • Página 288

    Glossary-4 RADIUS A logon auth entica tion proto col that us es software ru nning on a c entral ser ver to co ntrol acce ss to the netw ork . Roaming A wireles s LAN m obile us er mov es aroun d an E SS and maintains a continu ous conn ection to the infrastr u cture network. RTS Threshold T rans mitter s cont ending f or th e mediu m may n ot be aw[...]

  • Página 289

    Glossary-5 network ser vi ce s. Al l the s erv i ces are del i ve re d usi ng a single rad io cha nne l, enabli ng Virtual AP technolo gy to op tim i ze t he use o f limited WLAN ra dio sp ectrum . Virtua l LA N (VLAN) A Virtual LAN is a collection of networ k node s that shar e the sam e collision doma in regardles s of their phys ical loca tion o[...]

  • Página 290

    Glossary-6[...]

  • Página 291

    Index-7 I NDEX Numbers 802.11g 6-11 2 A AES 5-58 authentication 5-10 cipher suite 6- 141 closed sy stem 6-127 conf igur ing 5-1 0 MAC ad dres s 5-12, 6-79 type 4- 9, 5-50, 6-127 web r edire ct 5-1 4, 6-22 B beac on interval 5-42, 6- 121 rate 5-42, 6-122 BOO TP 6-107, 6-1 08 BPDU 5-31 C cable assign ments B-1 crossover B-4 straight-thr ough B-3 chan[...]

  • Página 292

    Index-8 H hard ware ve rs ion , di spla yi ng 6-2 7 HTTP , secure server 6-21 HTTPS 6-2 1 I IAPP 6-153 IEEE 80 2.11a 1-2, 5-37, 6-112 configuring inte rface 5-38, 6-1 12 maximum data rate 6- 115 radio chan nel 6-1 16 IEEE 80 2.11b 5-37 IEEE 80 2.11f 6-1 53 IEEE 80 2.11g 5-37 configuring inte rface 5-43, 6-1 12 maximum data rate 6- 115 radio chan ne[...]

  • Página 293

    Index-9 configuring 4-6 SSL 6-21 ST A interface setting s 6-103 to ?? path cost 6-1 03 port priority 6-104 startup files, setti ng 6-6 1 station s tatus 5-61, 6-133 status displa y ing devi ce status 5-60, 6-26 displa ying station status 5-61, 6-133 straight-thr ough cable B-3 system c lock, setting 5-3 5, 6- 39 system l og enabl ing 5-3 3, 6-33 se[...]