USER GUIDE SMCE21011 EliteConnectTM SMCE21011 802.
EliteConnectTM SMCE21011 User Guide 20 Mason Irvine, CA 92618 Phone: (949) 679-8000 April 2009 Pub.
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright © 2009 by SMC Networks, Inc.
LIMITED WARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term.
LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS.
– 6 –
COMPLIANCES FEDERAL COMMUNICATION COMMISSION INTERFERENCE STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
ABOUT THIS GUIDE IMPORTANT NOTE: FCC RADIATION EXPOSURE STATEMENT This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator & your body. IC STATEMENT : This Class B digital apparatus complies with Canadian ICES-003.
ABOUT THIS GUIDE AUSTRALIA/NEW ZEALAND AS/NZS 4771 ACN 066 352010 JAPAN VCCI CLASS B TAIWAN NCC 根據交通部低功率管理辦法規定: 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更 頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應 立即停用,並改善至無干擾時方得繼續使用。前項合法通信,指依電信法規定作業之無線電通 信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 EC CONFORMANCE DECLARATION Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC).
ABOUT THIS GUIDE ◆ In Italy the end-user must apply for a license from the national spectrum authority to operate this device outdoors. ◆ In Belgium outdoor operation is only permitted using the 2.46 - 2.4835 GHz band: Channel 13. ◆ In France outdoor operation is only permitted using the 2.4 - 2.454 GHz band: Channels 1 - 7.
ABOUT THIS GUIDE ◆ In Italy the end-user must apply for a license from the national spectrum authority to operate this device outdoors. ◆ In Belgium outdoor operation is only permitted using the 2.46 2.4835 GHz band: Channel 13. ◆ In France outdoor operation is only permitted using the 2.4 - 2.454 GHz band: Channels 1 - 7.
ABOUT THIS GUIDE Swedish Svenska Danish Dansk German Deutsch Härmed intygar SMC att denna Radio LAN device står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG.
ABOUT THIS GUIDE PURPOSE This guide gives specific information on how to install the 11n wireless access point and its physical and performance related characteristics. It also gives information on how to operate and use the management functions of the access point.
CONTENTS SECTION I LIMITED WARRANTY 4 COMPLIANCES 7 ABOUT THIS GUIDE 13 CONTENTS 14 FIGURES 19 TABLES 21 INDEX OF CLI COMMANDS 23 GETTING STARTED 1 INTRODUCTION 26 27 Key Hardware Features 27 Description of Capabilities 27 Package Contents 28 Hardware Description 29 Antennas 30 External Antenna Connector 30 LED Indicators 32 Console Port 33 Ethernet Port 33 Power Connector 33 Reset Button 34 2 NETWORK TOPOLOGIES 35 Interference Issues 35 Infrastructure Wireless LA
CONTENTS 3 INSTALLING THE ACCESS POINT Location Selection 39 Mounting on a Horizontal Surface 40 Mounting on a Wall 41 Connecting and Powering On 42 4 INITIAL CONFIGURATION SECTION II 39 43 Connecting to the Login Page 43 Home Page and Main Menu 44 Common Web Page Buttons 45 Quick Start 46 Step 1 46 Step 2 47 Step 3 49 Main Menu Items 50 WEB CONFIGURATION 51 5 SYSTEM SETTINGS 52 Administration Settings 52 IP Address 54 Radius Settings 55 Primary and Secondary RADIUS Se
CONTENTS SNMP Basic Settings 68 SNMP Trap Settings 70 View Access Control Model 71 SNMPv3 Users 73 SNMPv3 Targets 74 SNMPv3 Notification Filters 74 7 ADVANCED SETTINGS 76 Local Bridge Filter 76 Link Layer Discovery Protocol 77 Access Control Lists 78 Source Address Settings 78 Destination Address Settings 79 Ethernet Type 80 8 WIRELESS SETTINGS 82 Spanning Tree Protocol (STP) 82 Bridge 83 Ethernet Interface 84 Wireless Interface 85 Authentication 85 Local Authenticatio
CONTENTS SECTION III AP System Configuration 109 AP Wireless Configuration 111 Station Status 112 System Logs 112 COMMAND LINE INTERFACE 114 11 USING THE COMMAND LINE INTERFACE 116 Console Connection 116 Telnet Connection 117 Entering Commands 118 Keywords and Arguments 118 Minimum Abbreviation 118 Command Completion 118 Getting Help on Commands 118 Showing Commands 118 Negating the Effect of Commands 119 Using Command History 119 Understanding Command Modes 119 Exec Comm
CONTENTS SECTION IV 21 MAC ADDRESS AUTHENTICATION COMMANDS 177 22 FILTERING COMMANDS 181 23 SPANNING TREE COMMANDS 186 24 WDS BRIDGE COMMANDS 193 25 ETHERNET INTERFACE COMMANDS 195 26 WIRELESS INTERFACE COMMANDS 201 27 WIRELESS SECURITY COMMANDS 218 28 LINK LAYER DISCOVERY COMMANDS 228 29 VLAN COMMANDS 232 30 WMM COMMANDS 235 APPENDICES 240 A TROUBLESHOOTING 241 Diagnosing LED Indicators 241 Before Contacting Technical Support 241 B HARDWARE SPECIFICATIONS 244 C CABLES AND PI
FIGURES Figure 1: Top Panel 29 Figure 2: Rear Panel 29 Figure 3: Ports 30 Figure 4: External Antenna Connector 31 Figure 5: Screw-off External Antenna Connector - Close Up 31 Figure 6: LEDs 32 Figure 7: Infrastructure Wireless LAN 36 Figure 8: Infrastructure Wireless LAN for Roaming Wireless PCs 37 Figure 9: Bridging Mode 38 Figure 10: Attach Feet 40 Figure 11: Wall Mounting 41 Figure 12: Login Page 43 Figure 13: Home Page 44 Figure 14: Set Configuration Changes 45 Figure 15: He
FIGURES Figure 32: SNMP VACM 71 Figure 33: Configuring SNMPv3 Users 73 Figure 34: SNMPv3 Targets 74 Figure 35: SNMP Notification Filter 75 Figure 36: Local Bridge Filter 76 Figure 37: LLDP Settings 77 Figure 38: Source ACLs 79 Figure 39: Destination ACLs 79 Figure 40: Ethernet Type Filter 81 Figure 41: Spanning Tree Protocol 83 Figure 42: Local Authentication 86 Figure 43: RADIUS Authentication 87 Figure 44: Interface Mode 88 Figure 45: Radio Settings 90 Figure 46: VAP Settings
TABLES Table 1: Key Hardware Features 27 Table 2: LED Behavior 32 Table 3: RADIUS Attributes 62 Table 4: Logging Levels 64 Table 5: WMM Access Categories 99 Table 6: Command Modes 120 Table 7: Keystroke Commands 121 Table 8: General Commands 122 Table 9: System Management Commands 127 Table 10: Country Codes 128 Table 11: System Management Commands 143 Table 12: Logging Levels 145 Table 13: System Clock Commands 148 Table 14: DHCP Relay Commands 152 Table 15: SNMP Commands 154
TABLES Table 32: 10/100BASE-TX MDI and MDI-X Port Pinouts 248 Table 33: 1000BASE-T MDI and MDI-X Port Pinouts 250 Table 34: 10/100BASE-TX MDI and MDI-X Port Pinouts 251 – 22 –
INDEX OF CLI COMMANDS 802.1x enable 175 802.
INDEX OF CLI COMMANDS show bridge br-conf 190 show bridge forward address 192 show bridge port-conf 190 show bridge status 192 show bridge stp 190 show config 138 show dhcp-relay 153 show dual-image 169 show event-log 147 show filters 185 show hardware 142 show history 125 show interface ethernet 200 show interface wireless 215 show line 126 show lldp 230 show logging 146 show radius 174 show snmp target 164 show snmp users 164 show snmp vacm group / show snmp vacm view 165 show sntp 151 show station 217 s
INDEX OF CLI COMMANDS – 25 –
SECTION I GETTING STARTED This section provides an overview of the access point, and introduces some basic concepts about wireless networking. It also describes the basic settings required to access the management interface.
1 INTRODUCTION The EliteConnectTM SMCE21011 is an IEEE 802.11n access point (AP) that meets draft 2.0 standards. It is fully interoperable with older 802.11a/b/g standards, providing a transparent, wireless high speed data communication between the wired LAN and fixed or mobile devices. The unit includes three detachable dual-band 2.4/5 GHz antennas with the option to attach higher specification external antennas that boost network coverage.
CHAPTER 1 | Introduction Package Contents In addition, the access point offers full network management capabilities through an easy to configure web interface, a command line interface for initial configuration and troubleshooting, and support for Simple Network Management tools. The SMCE21011 utilises MIMO technology and Spatial Multiplexing to achieve the highest possible data rate and throughput on the 802.11n frequency. The unit’s PoE RJ-45 port provides a 1 Gbps full-duplex link to a wired LAN.
CHAPTER 1 | Introduction Hardware Description HARDWARE DESCRIPTION Figure 1: Top Panel Antennas LED Indicators Figure 2: Rear Panel Reset Button DC Power Port RJ-45 PoE Port – 29 –
CHAPTER 1 | Introduction Hardware Description Figure 3: Ports DC Power Port RJ-45 PoE Port RJ-45 Console Port ANTENNAS The access point includes three integrated external MIMO (multiple-input and multiple-output) antennas. MIMO uses multiple antennas for transmitting and receiving radio signals to improve data throughput and link range. Each antenna transmits the outgoing signal as a toroidal sphere (doughnut shaped), with the coverage extending most in a direction perpendicular to the antenna.
CHAPTER 1 | Introduction Hardware Description Figure 4: External Antenna Connector Figure 5: Screw-off External Antenna Connector - Close Up – 31 –
CHAPTER 1 | Introduction Hardware Description LED INDICATORS The access point includes four status LED indicators, as described in the following figure and table. Figure 6: LEDs 802.11 b/g/n Indicator 802.11 a/n Indicator Ethernet Link/Activity Power Table 2: LED Behavior LED Status Description LAN (802.11a/n 5 GHz) Off The 802.11a/n radio is disabled. Blue There is an 802.11n link. Green There is an 802.11a link. Flashing Indicates activity. Off The 802.11b/g/n radio is disabled.
CHAPTER 1 | Introduction Hardware Description Table 2: LED Behavior (Continued) LED Status Description POWER Off Indicates that there is no power or the power source has been disconnected. Flashing Green Indicates that the system is rebooting or has started a reset. Green Indicates that power is being supplied and the system is functioning normally. Red Indicates that there has been a system malfunction.
CHAPTER 1 | Introduction Hardware Description NOTE: The access point supports both endspan and midspan PoE. If the access point is connected to a PoE source device and also connected to a local power source through the AC power adapter, AC power will be disabled. RESET BUTTON This button is used to reset the access point or restore the factory default configuration. If you hold down the button for less than 5 seconds, the access point will perform a hardware reset.
2 NETWORK TOPOLOGIES Wireless networks support a standalone configuration as well as an integrated configuration with 10/100/1000 Mbps Ethernet LANs. The SMCE21011 also provides bridging services that can be configured independently on either the 5 GHz or 2.4 GHz radio interfaces.
CHAPTER 2 | Network Topologies Infrastructure Wireless LAN for Roaming Wireless PCs The infrastructure configuration extends the accessibility of wireless PCs to the wired LAN. A wireless infrastructure can be used for access to a central database, or for connection between mobile workers, as shown in the following figure.
CHAPTER 2 | Network Topologies Infrastructure Wireless Bridge coverage area is created, wireless users within this ESS can roam freely. All wireless network cards and adapters and wireless access points within a specific ESS must be configured with the same SSID.
CHAPTER 2 | Network Topologies Infrastructure Wireless Bridge Figure 9: Bridging Mode WDS Links Between Access Points Network Core VAP 2 WDS AP Mode VAP 0 WDS AP Mode VAP 1 WDS AP Mode VAP 0 WDS STA Mode VAP 2 WDS STA Mode VAP 0 WDS STA Mode VAP 1 WDS AP Mode VAP 1 WDS AP Mode VAP 0 WDS STA Mode VAP 1 WDS STA Mode – 38 –
3 INSTALLING THE ACCESS POINT This chapter describes how to install the access point. LOCATION SELECTION Choose a proper place for the access point. In general, the best location is at the center of your wireless coverage area, within line of sight of all wireless devices. Try to place the access point in a position that can best cover its service area. For optimum performance, consider these guidelines: ◆ Mount the access point as high as possible above any obstructions in the coverage area.
CHAPTER 3 | Installing the access point Mounting on a Horizontal Surface MOUNTING ON A HORIZONTAL SURFACE To keep the access point from sliding on the surface, attach the four rubber feet provided in the accessory kit to the marked circles on the bottom of the access point.
CHAPTER 3 | Installing the access point Mounting on a Wall MOUNTING ON A WALL To mount on a wall follow the instructions below. Figure 11: Wall Mounting Mounting Slots The access point should be mounted only to a wall or wood surface that is at least 1/2-inch plywood or its equivalent. To mount the access point on a wall, always use its wall-mounting bracket. The access point must be mounted with the RJ-45 cable connector oriented upwards to ensure proper operation. 1.
CHAPTER 3 | Installing the access point Connecting and Powering On CONNECTING AND POWERING ON Connect the power adapter to the access point, and the power cord to an AC power outlet. Otherwise, the access point can derive its operating power directly from the RJ-45 port when connected to a device that provides IEEE 802.3af compliant Power over Ethernet (PoE). CAUTION: Use ONLY the power adapter supplied with this access point. Otherwise, the product may be damaged.
4 INITIAL CONFIGURATION The SMCE21011 offers a user-friendly web-based management interface for the configuration of all the unit’s features. Any PC directly attached to the unit can access the management interface using a web browser, such as Internet Explorer (version 6.0 or above). CONNECTING TO THE LOGIN PAGE It is recommended to make initial configuration changes by connecting a PC directly to the SMCE21011’s LAN port. The SMCE21011 has a default IP address of 192.168.1.1 and a subnet mask of 255.
CHAPTER 4 | Initial Configuration Home Page and Main Menu HOME PAGE AND MAIN MENU After logging in to the web interface, the Home page displays. The Home page shows some basic settings for the AP, including Country Code and the management access password. Figure 13: Home Page The web interface Main Menu menu provides access to all the configuration settings available for the access point.
CHAPTER 4 | Initial Configuration Common Web Page Buttons CAUTION: You must set the country code to the country of operation. Setting the country code restricts operation of the access point to the radio channels and transmit power levels permitted for wireless networks in the specified country. COMMON WEB PAGE BUTTONS The list below describes the common buttons found on most web management pages: ◆ Set – Applies the new parameters and saves them to temporary RAM memory.
CHAPTER 4 | Initial Configuration Quick Start ◆ Logout – Ends the web management session. ◆ Save Config – Saves the current configuration so that it is retained after a restart. QUICK START The Quick Start menu is designed to help you configure the basic settings required to get the access point up and running. Click ‘System’, followed by ‘Quick Start’. STEP 1 The first page of the Quick Start configures the system identification, access password, and the Country Code.
CHAPTER 4 | Initial Configuration Quick Start CHANGE PASSWORD ◆ Username — The name of the user, non-configurable. (Default: accton) ◆ Old Password — If the unit has been configured with a password already, enter that password, otherwise enter a null string. ◆ New Password — The password for management access. (Length: 3-16 characters, case sensitive) ◆ Confirm New Password — Enter the password again for verification.
CHAPTER 4 | Initial Configuration Quick Start The following items are displayed on this page: DHCP ◆ DHCP Status — Enables/disables DHCP on the access point. (Default: disabled) ◆ IP Address — Specifies an IP address for management of the access point. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. (Default: 192.168.1.1.) ◆ Subnet Mask — Indicates the local subnet mask. Select the desired mask from the drop down menu. (Default: 255.255.255.
CHAPTER 4 | Initial Configuration Quick Start STEP 3 The Step 3 page of the Quick Start configures radio interface settings. Figure 18: Quick Start - Step 3 The following items are displayed on this page: INTERFACE SETTING ◆ WiFi Mode — Selects mode of operation of the radio chip from 802.11n/g compliant or 802.11n/a compliant. (Default: 11n/g) BASIC SETTING ◆ SSID — Sets the service set identifyer for the primary VAP.
CHAPTER 4 | Initial Configuration Main Menu Items AUTHENTICATION ◆ 802.1x — Enables 802.1x authentication. (Default: Enabled) ◆ 802.1x Reauthentication Refresh Rate — Sets the reauthentication refresh rate for 802.1x authentication. (Default: 3600 seconds; Range: 1-65535 seconds; 0=disabled) ◆ RADIUS — If configuring a RADIUS server refer to the section “RADIUS Client Commands” on page 170. MAIN MENU ITEMS To configure settings, click the relevant Main Menu item.
SECTION II WEB CONFIGURATION This section provides details on configuring the access point using the web browser interface.
5 SYSTEM SETTINGS This chapter describes basic system settings on the access point. It includes the following sections: ◆ “Administration Settings” on page 52 ◆ “IP Address” on page 54 ◆ “Radius Settings” on page 55 ◆ “System Time” on page 58 ◆ “SpectraLink Voice Priority” on page 60 ◆ “VLAN Configuration” on page 60 ◆ “System Logs” on page 62 ◆ “Quick Start Wizard” on page 64 ADMINISTRATION SETTINGS The access point can be managed by any computer using a web browser (Internet Explorer 5.
CHAPTER 5 | System Settings Administration Settings Figure 19: Administration The following items are displayed on this page: ◆ System Name — An alias for the access point, enabling the device to be uniquely identified on the network. (Default: SMC; Range: 1-32 characters) ◆ Username — The name of the user. The default name is “admin.” (Length: 3-16 characters, case sensitive) ◆ Old Password — Type your old password. ◆ New Password — The password for management access.
CHAPTER 5 | System Settings IP Address IP ADDRESS Configuring the access point with an IP address expands your ability to manage the access point. A number of access point features depend on IP addressing to operate. You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reachable through your network.
CHAPTER 5 | System Settings Radius Settings ◆ DHCP Status — Enables/disables DHCP on the access point. ◆ IP Address — Specifies an IP address for management of the access point. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. (Default: 192.168.1.1.) ◆ Subnet Mask — Indicates the local subnet mask. Select the desired mask from the drop down menu. (Default: 255.255.255.
CHAPTER 5 | System Settings Radius Settings PRIMARY AND A primary RADIUS server must be specified for the access point to SECONDARY RADIUS implement IEEE 802.1X network access control and Wi-Fi Protected Access SERVER SETUP (WPA) wireless security. A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible.
CHAPTER 5 | System Settings Radius Settings Figure 23: RADIUS Settings The following items are displayed on the RADIUS Settings page: ◆ RADIUS Status — Enables/disables the primary RADIUS server. ◆ IP Address — Specifies the IP address or host name of the RADIUS server. ◆ Port (1024-65535) — The UDP port number used by the RADIUS server for authentication messages.
CHAPTER 5 | System Settings System Time RADIUS ACCOUNTING The following items are displayed on the RADIUS Settings page: ◆ Account Status — Enables/disables RADIUS accounting. ◆ IP Address — Specifies the IP address or host name of the RADIUS accounting server. ◆ Port (1024-65535) — The UDP port number used by the RADIUS accounting server for authentication messages.
CHAPTER 5 | System Settings System Time Figure 24: SNTP Settings The following items are displayed on this page: SNTP SERVER Configures the access point to operate as an SNTP client. When enabled, at SETTINGS least one time server IP address must be specified. ◆ SNTP Status — Enables/disables SNTP. (Default: enabled) ◆ Primary Server — The IP address of an SNTP or NTP time server that the access point attempts to poll for a time update.
CHAPTER 5 | System Settings SpectraLink Voice Priority DAYLIGHT SAVING The access point provides a way to automatically adjust the system clock SETTINGS for Daylight Savings Time changes. To use this feature you must define the month and date to begin and to end the change from standard time. During this period the system clock is set back by one hour. ◆ Daylight Saving Status — Enalbes/disables daylight savings time.
CHAPTER 5 | System Settings VLAN Configuration ◆ The management VLAN is for managing the access point through remote management tools, such as the web interface, SSH, SNMP, or Telnet. The access point only accepts management traffic that is tagged with the specified management VLAN ID. ◆ All wireless clients associated to the access point are assigned to a VLAN. If IEEE 802.
CHAPTER 5 | System Settings System Logs Table 3: RADIUS Attributes Number RADIUS Attribute Value 64 Tunnel-Type VLAN (13) 65 Tunnel-Medium-Type 802 81 Tunnel-Private-Group-ID VLANID (1 to 4094 as hexadecimal or string) VLAN IDs on the RADIUS server can be entered as hexadecimal digits or a string The specific configuration of RADIUS server software is beyond the scope of this guide. Refer to the documentation provided with the RADIUS server software.
CHAPTER 5 | System Settings System Logs Figure 27: System Log Settings The following items are displayed on this page: ◆ syslog status — Enables/disables the logging of error messages. (Default: enabled) ◆ Server 1~4 — Enables the sending of log messages to a Syslog server host. Up to four Syslog servers are supported on the access point. (Default: disabled) ◆ IP — The IP address or name of a Syslog server. (Server 1 Default: 10.7.16.98; Server 2 Default: 10.7.13.48; Server 3 Default: 10.7.123.
CHAPTER 5 | System Settings Quick Start Wizard severe (Debug). The message levels that are logged include the specified minimum level up to the Emergency level. Table 4: Logging Levels Error Level Description Emergency System unusable Alerts Immediate action needed Critical Critical conditions (e.g., memory allocation, or free memory error - resource exhausted) Error Error conditions (e.g., invalid input, default used) Warning Warning conditions (e.g.
6 MANAGEMENT SETTINGS This chapter describes management access settings on the access point. It includes the following sections: ◆ “Remote Management Settings” on page 65 ◆ “Access Limitation” on page 67 ◆ “Simple Network Management Protocol” on page 68 REMOTE MANAGEMENT SETTINGS The Web, Telnet, and SNMP management interfaces are enabled and open to all IP addresses by default.
CHAPTER 6 | Management Settings Remote Management Settings ◆ The client and server generate session keys for encrypting and decrypting data. ◆ The client and server establish a secure encrypted connection. ◆ A padlock icon should appear in the status bar for Internet Explorer 5.x. Figure 28: Remote Management The following items are displayed on Admin Interface page: ◆ Telnet Access — Enables/disables management access from Telnet interfaces.
CHAPTER 6 | Management Settings Access Limitation ◆ HTTP Port — Specifies the HTTP port for IP connectivity. (Default: 80; Range 1024-65535) ◆ HTTPS Server — Enables/disables management access from a HTTPS server. (Default: enabled) ◆ HTTPS Port — Specifies the HTTPS port for secure IP connectivity. (Default: 443; Range 1024-65535) ◆ SNMP Access — Enables/disables management access from SNMP interfaces.
CHAPTER 6 | Management Settings Simple Network Management Protocol ◆ IP Address — Specifies the IP address. ◆ Subnet Mask — Specifies the subnet mask in the form 255.255.255.x RESTRICT MANAGEMENT ◆ Enable/Disable — Enables/disables management of the device by a wireless client. (Default: disabled) SIMPLE NETWORK MANAGEMENT PROTOCOL Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network.
CHAPTER 6 | Management Settings Simple Network Management Protocol Figure 30: SNMP Basic Settings The following items are displayed on this page: ◆ SNMP — Enables or disables SNMP management access and also enables the access point to send SNMP traps (notifications). (Default: Disable) ◆ System Location — A text string that describes the system location. (Maximum length: 255 characters) ◆ System Contact — A text string that describes the system contact.
CHAPTER 6 | Management Settings Simple Network Management Protocol SNMP TRAP SETTINGS Traps indicating status changes are issued by the AP to specified trap managers. You must specify trap managers so that key events are reported by the AP to your management station (using network management platforms). Figure 31: SNMP Trap Settings The following items are displayed on this page: ◆ Trap Destination — Specifies the recipient of SNMP notifications. Enter the IP address or the host name.
CHAPTER 6 | Management Settings Simple Network Management Protocol affect. Clicking ‘OK’ returns to the home page. Changes will not be saved upon a reboot unless the running configuration file is saved. VIEW ACCESS To configure SNMPv3 management access to the AP, follow these steps: CONTROL MODEL 1. Specify read and write access views for the AP MIB tree. 2. Configure SNMP user groups with the required security model (that is, SNMP v1, v2c, or v3) and security level (authentication and privacy). 3.
CHAPTER 6 | Management Settings Simple Network Management Protocol ◆ Mask (option) – A hexadecimal value with each bit masking the corresponding ID in the MIB subtree. A “1” in the mask indicates an exact match and a “0” indicates a “wild card.” For example, a mask value of 0xFFBF provides a bit mask “1111 1111 1011 1111.” If applied to the subtree “1.3.6.1.2.1.2.2.1.1.23,” the zero corresponds to the 10th subtree ID. When there are more subtree IDs than bits in the mask, the mask is padded with ones.
CHAPTER 6 | Management Settings Simple Network Management Protocol SNMPV3 USERS The access point allows up to 10 SNMP v3 users to be configured. Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group. The SNMPv3 group restricts users to a specific read, write, or notify view. Figure 33: Configuring SNMPv3 Users The following items are displayed on this page: ◆ User Name — The SNMPv3 user name.
CHAPTER 6 | Management Settings Simple Network Management Protocol SNMPV3 TARGETS An SNMP v3 notification Target ID is specified by the SNMP v3 user, IP address, and UDP port. A user-defined filter can also be assigned to specific targets to limit the notifications received to specific MIB objects. (Note that the filter must first be configured. See “SNMPv3 Notification Filters” on page 74.) To configure a new notification receiver target, define the parameters and select a filter, if required.
CHAPTER 6 | Management Settings Simple Network Management Protocol Figure 35: SNMP Notification Filter The following items are displayed on this page: ◆ Filter ID — A user-defined name that identifies the filter. (Maximum length: 32 characters) ◆ Subtree — Specifies MIB subtree to be filtered. The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”. ◆ Type — Indicates if the filter is to “include” or “exclude” the MIB subtree objects from the filter.
7 ADVANCED SETTINGS This chapter describes advanced settings on the access point. It includes the following sections: ◆ “Local Bridge Filter” on page 76 ◆ “Link Layer Discovery Protocol” on page 77 ◆ “Access Control Lists” on page 78 LOCAL BRIDGE FILTER The access point can employ network traffic frame filtering to control access to network resources and increase security. You can prevent communications between wireless clients and prevent access point management from wireless clients.
CHAPTER 7 | Advanced Settings Link Layer Discovery Protocol ◆ Prevent Intra VAP client communication — When enabled, clients associated with a specific VAP interface cannot establish wireless communications with each other. Clients can communicate with clients associated to other VAP interfaces.
CHAPTER 7 | Advanced Settings Access Control Lists ◆ Message Transmission Hold Time — Configures the time-to-live (TTL) value sent in LLDP advertisements as shown in the formula below. (Range: 2-10; Default: 4) The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner. TTL in seconds is based on the following rule: (Transmission Interval * Hold time) ? 65536.
CHAPTER 7 | Advanced Settings Access Control Lists Figure 38: Source ACLs The following items are displayed on this page: ◆ SA Status — Enables network traffic with specific source MAC addresses to be filtered (dropped) from the access point. ◆ MAC Address — Specifies a source MAC address to filter, in the form xx.xx.xx.xx.xx.xx, or xx-xx-xx-xx-xx-xx. ◆ Action — Selecting “Add” adds a new MAC address to the filter list, selecting delete removes the specified MAC address.
CHAPTER 7 | Advanced Settings Access Control Lists The following items are displayed on this page: ◆ DA Status — Enables/disables the destination address to be filtered. ◆ MAC Address — Specifies a destination MAC address to filter, in the form xx.xx.xx.xx.xx.xx. ◆ Action — Selecting “Add” adds a new MAC address to the filter list, selecting delete deletes the specified MAC address. ◆ Number — Specifies the number associated with the MAC address, up to a maximum of eight.
CHAPTER 7 | Advanced Settings Access Control Lists Figure 40: Ethernet Type Filter The following items are displayed on this page: ◆ Disabled — Access point does not filter Ethernet protocol types. ◆ Enabled — Access point filters Ethernet protocol types based on the configuration of protocol types in the filter table. If the status of a protocol is set to “ON,” the protocol is filtered from the access point. ◆ Local Management — Describes the Ethernet filter type.
8 WIRELESS SETTINGS This chapter describes wireless settings on the access point. It includes the following sections: ◆ “Spanning Tree Protocol (STP)” on page 82 ◆ “Authentication” on page 85 ◆ “Radio Settings” on page 89 ◆ “Virtual Access Points (VAPs)” on page 93 ◆ “QoS” on page 99 SPANNING TREE PROTOCOL (STP) The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
CHAPTER 8 | Wireless Settings Spanning Tree Protocol (STP) Figure 41: Spanning Tree Protocol BRIDGE Sets STP bridge link parameters. The following items are displayed on the STP page: ◆ Spanning Tree Protcol — Enables/disables STP on the wireless bridge. (Default: Enabled) ◆ Priority — Used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STP root device.
CHAPTER 8 | Wireless Settings Spanning Tree Protocol (STP) numeric values indicate higher priority.) (Default:32768; Range: 0-65535) ◆ ◆ ◆ Max Age — The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals.
CHAPTER 8 | Wireless Settings Authentication WIRELESS INTERFACE Sets STP settings for the radio interface. ◆ Index — Describes the VAP in question. ◆ Link Path Cost — This parameter is used by the STP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.
CHAPTER 8 | Wireless Settings Authentication Figure 42: Local Authentication The following items are displayed on Authentication page: MAC Authentication — Selects between, disabled, Local MAC authentication and RADIUS authentication. ◆ Local MAC — The MAC address of the associating station is compared against the local database stored on the access point. The Local MAC Authentication section enables the local database to be set up.
CHAPTER 8 | Wireless Settings Authentication ■ ■ Add/Delete: Adds or deletes the specified MAC address and permission setting into or from the local database. Permission: Select Allow to permit access or Deny to block access. If Delete is selected, the specified MAC address entry is removed from the database. ◆ MAC Authentication Table — Displays current entries in the local MAC database. ◆ make MAC authentication take effect — Applies the specified settings.
CHAPTER 8 | Wireless Settings Interface Mode ◆ make MAC authentication take effect — Applies the specified settings. INTERFACE MODE The access point can operate in two modes, IEEE 802.11a/n only, or 802.11g/n only. Also note that 802.11g is backward compatible with 802.11b. Also note that 802.11g is backward compatible with 802.11b, operating in the 2.4 GHz band. The 802.11a/n mode operates in the 5 GHz band.
CHAPTER 8 | Wireless Settings Radio Settings RADIO SETTINGS The IEEE 802.11n interfaces include configuration options for radio signal characteristics and wireless security features. The access point can operate in two modes, mixed 802.11g/n, or mixed 802.11a/n only. Also note that 802.11g is backward compatible with 802.11b, and 802.11n is backward compatible with both 802.11b/g and 802.11a at slower data transmit rates.
CHAPTER 8 | Wireless Settings Radio Settings Figure 45: Radio Settings The following items are displayed on this page: ◆ High Throughput Mode — The access point provides a channel bandwidth of 20 MHz by default giving an 802.11g connection speed of 54 Mbps and a 802.11n connection speed of up to 108 Mbps, and ensures backward compliance for slower 802.11b devices. Setting the HT Channel Bandwidth to 40 MHz (sometimes referred to as Turbo Mode) increases connection speed for 802.11g and 802.
CHAPTER 8 | Wireless Settings Radio Settings using channels 1, 6, 11. Note that wireless clients automatically set the channel to the same as that used by the access point to which it is linked. (The supported channels are dependent on the country code setting.) ◆ Auto Channel Select — Selecting Auto Select enables the access point to automatically select an unoccupied radio channel. ◆ Transmit Power — Adjusts the power of the radio signals transmitted from the access point.
CHAPTER 8 | Wireless Settings Radio Settings broadcast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) VIRTUAL ACCESS POINTS (VAPS) The access point supports up to eight virtual access point (VAP) interfaces numbered 0 to 7. Each VAP functions as a separate access point, and can be configured with its own Service Set Identification (SSID) and security settings. However, most radio signal parameters apply to all eight VAP interfaces. The VAPs function similar to a VLAN, with each VAP mapped to its own VLAN ID.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) ◆ Edit Setting — CLicking “Edit” opens the dialogue box for configuring the selected VAP. VAP BASIC SETTINGS Sets the basic operating mode and other settings for the VAP. Each VAP can operate in one of three modes; normal AP mode, WDS-AP bridge root mode, or WDS-STA bridge station mode. The default mode is AP for the VAP to support normal access point services. Note that the Basic Settings are the same for both AP and WDS-AP modes.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) ◆ Authentication Timeout Interval — The time within which the client should finish authentication before authentication times out. (Range: 5-60 minutes; Default: 60 minutes) ◆ Default VLAN ID — The VLAN ID assigned to wireless clients associated to the VAP interface that are not assigned to a specific VLAN by RADIUS server configuration. (Default: 1) ◆ DHCP Relay Server — The IP address of the DHCP relay server.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) Figure 49: Configuring VAPs - Common Settings The following items are common to all three modes: ◆ Association Mode — Defines the mode with which the access point will associate with other clients. ■ Open System: The VAP is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) ■ ■ ◆ WPA-WPA2 Mixed: Clients using WPA or WPA2 are accepted for authentication. WPA-WPA2-PSK-mixed: Clients using WPA or WPA2 with a Preshared Key are accepted for authentication. Encryption Method — Selects an encryption method for the global key used for multicast and broadcast traffic, which is supported by all wireless clients. ■ WEP: WEP is used as the multicast encryption cipher.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy (WEP) on the access point to prevent unauthorized access to the network. If you choose to use WEP shared keys instead of an open system, be sure to define at least one static WEP key for user authentication and data encryption. Also, be sure that the WEP shared keys are the same for each client in the wireless network.
CHAPTER 8 | Wireless Settings QoS NOTE: Key index and type must match that configured on the clients. In a mixed-mode environment with clients using static WEP keys and WPA, select WEP transmit key index 2, 3, or 4. The access point uses transmit key index 1 for the generation of dynamic keys. QOS Wireless networks offer an equal opportunity for all devices to transmit data from any type of application.
CHAPTER 8 | Wireless Settings QoS WMM Operation — WMM uses traffic priority based on the four ACs; Voice, Video, Best Effort, and Background. The higher the AC priority, the higher the probability that data is transmitted. When the access point forwards traffic, WMM adds data packets to four independent transmit queues, one for each AC, depending on the 802.1D priority tag of the packet. Data packets without a priority tag are always added to the Best Effort AC queue.
CHAPTER 8 | Wireless Settings QoS Figure 52: QoS The following items are displayed on this page: ◆ WMM — Sets the WMM operational mode on the access point. When enabled, the parameters for each AC queue will be employed on the access point and QoS capabilities are advertised to WMM-enabled clients. (Default: Support) ■ ■ ◆ Disable: WMM is disabled. Required: WMM must be supported on any device trying to associated with the access point.
CHAPTER 8 | Wireless Settings QoS ◆ WMM BSS Parameters — These parameters apply to the wireless clients. ◆ WMM AP Parameters — These parameters apply to the access point. ■ ■ ◆ logCWMin (Minimum Contention Window): The initial upper limit of the random backoff wait time before wireless medium access can be attempted. The initial wait time is a random value between zero and the CWMin value. Specify the CWMin value in the range 0-15 microseconds.
9 MAINTENANCE SETTINGS Maintenance settings includes the following sections: ◆ “Upgrading Firmware” on page 103 ◆ “Running Configuration” on page 106 ◆ “Resetting the Access Point” on page 107 UPGRADING FIRMWARE You can upgrade new access point software from a local file on the management workstation, or from an FTP or TFTP server. New software may be provided periodically from your distributor. After upgrading new software, you must reboot the access point to implement the new code.
CHAPTER 9 | Maintenance Settings Upgrading Firmware Figure 53: Firmware The following items are displayed on this page: ◆ Firmware Version — Displays what version of software is being used as a runtime image - “Active”, and what version is a backup image “Backup”. You may specify up to two images. ◆ Next Boot Image — Specifies what version of firmware will be used as a runtime image upon bootup. ◆ Set Next Boot — Applies the runtime image setting.
CHAPTER 9 | Maintenance Settings Upgrading Firmware the maximum length for file names is 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) ◆ Remote — Downloads an operation code image file from a specified remote FTP or TFTP server. After filling in the following fields, click Start Upgrade to proceed. ■ ◆ New Firmware File: Specifies the name of the code file on the server. The new firmware file name should not contain slashes (\ or /), the leading letter of
CHAPTER 9 | Maintenance Settings Running Configuration RUNNING CONFIGURATION A copy of a previous running configuration may be uploaded to the access point as a saved file from a remote location, or the current configuration saved and stored for restoration purposes at a later point. A configuration file may be saved or downloaded to/from a specified remote FTP or TFTP server.
CHAPTER 9 | Maintenance Settings Resetting the Access Point maximum length for file names on the FTP/TFTP server is 255 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) ◆ IP Address — IP address or host name of FTP or TFTP server. ◆ Username — The user ID used for login on an FTP server. ◆ Password — The password used for login on an FTP server. ◆ Start Import/Export — Initiates the selected backup or restore.
CHAPTER 9 | Maintenance Settings Resetting the Access Point – 108 –
10 STATUS INFORMATION The Information menu displays information on the current system configuration, the wireless interface, the station status and system logs. Status Information includes the following sections: ◆ “AP Status” on page 109 ◆ “Station Status” on page 112 ◆ “System Logs” on page 112 AP STATUS The AP Status window displays basic system configuration settings, as well as the settings for the wireless interface.
CHAPTER 10 | Status Information AP Status Figure 56: AP System Configuration The following items are displayed on this page: ◆ Serial Number — The serial number of the physical access point. ◆ System Up Time — Length of time the management agent has been up. ◆ Ethernet MAC Address — The physical layer address for the Ethernet port. ◆ Radio 0 MAC Address — The physical layer address for the VAP 0 interface. ◆ System Name — Name assigned to this system.
CHAPTER 10 | Status Information AP Status ◆ HTTPS Server Status — Shows if management access via HTTPS is enabled. ◆ HTTPS Port — Shows the TCP port used by the HTTPS interface. ◆ Software Version — Shows the software version number. ◆ Bootrom Version — Show the bootrom version number. ◆ Hardware Version — Shows the hardware version number. AP WIRELESS The AP Wireless Configuration displays the VAP interface settings.
CHAPTER 10 | Status Information Station Status STATION STATUS The Station Status window shows the wireless clients currently associated with the access point. Figure 58: Station Status The following items are displayed on this page: ◆ Station Address — The MAC address of the wireless client. ◆ VLAN ID — Displays the VLAN to which the wireless client has been assigned. SYSTEM LOGS The Event Logs window shows the log messages generated by the access point and stored in memory.
CHAPTER 10 | Status Information System Logs – 113 –
SECTION III COMMAND LINE INTERFACE This section provides a detailed description of the Command Line Interface, along with examples for all of the commands.
SECTION | Command Line Interface ◆ “Link Layer Discovery Commands” on page 228 ◆ “IAPP Commands” on page 251 ◆ “VLAN Commands” on page 232 ◆ “WMM Commands” on page 235 – 115 –
11 USING THE COMMAND LINE INTERFACE When accessing the management interface for the over a direct connection to the console port, or via a Telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. Using the access point’s command-line interface (CLI) is very similar to entering commands on a UNIX system. CONSOLE CONNECTION To access the access point through the console port, perform these steps: At the console prompt, enter the user name and password.
CHAPTER 11 | Using the Command Line Interface Telnet Connection TELNET CONNECTION Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host portion.
CHAPTER 11 | Using the Command Line Interface Entering Commands ENTERING COMMANDS This section describes how to enter CLI commands. KEYWORDS AND A CLI command is a series of keywords and arguments. Keywords identify ARGUMENTS a command, and arguments specify configuration parameters. For example, in the command “show interfaces ethernet,” show and interfaces are keywords, and ethernet is an argument that specifies the interface type.
CHAPTER 11 | Using the Command Line Interface Entering Commands filters interface line lldp logging radius snmp sntp station svp system version wds AP: show Show filters. Show interface information. TTY line information. Show lldp parameters. Show the logging buffers. Show radius server. Show snmp configuration. Show sntp configuration. Show 802.11 station table. Show SVP. Show system information. Show system version. Show WDS service.
CHAPTER 11 | Using the Command Line Interface Entering Commands list of the commands available for the current mode. The command classes and associated modes are displayed in the following table: Table 6: Command Modes Class Mode Exec Privileged Configuration Global Interface-ethernet Interface-wireless Interface-wireless-vap EXEC COMMANDS When you open a new console session on an access point, the system enters Exec command mode. Only a limited number of the commands are available in this mode.
CHAPTER 11 | Using the Command Line Interface Entering Commands To enter Interface mode, you must enter the “interface ethernet” while in Global Configuration mode. The system prompt will change to “AP(if-ethernet)#,” or “AP(if-wireless)” indicating that you have access privileges to the associated commands. You can use the end command to return to the Exec mode. AP(config)#interface ethernet AP(if-ethernet)# COMMAND LINE Commands are not case sensitive.
12 GENERAL COMMANDS This chapter details general commands that apply to the CLI. Table 8: General Commands Command Function Mode Page configure Activates global configuration mode Exec 122 end Returns to previous configuration mode GC, IC 123 exit Returns to the previous configuration mode, or exits the CLI any 123 cli-session-timeout Enables, disbles or sets a timeout for the CLI or Telnet session.
CHAPTER 12 | General Commands end This command returns to the previous configuration mode. DEFAULT SETTING None COMMAND MODE Global Configuration, Interface Configuration EXAMPLE This example shows how to return to the Configuration mode from the Interface Configuration mode: AP(if-ethernet)#end AP(config)# exit This command returns to the Exec mode or exits the configuration program.
CHAPTER 12 | General Commands COMMAND MODE Exec EXAMPLE The following example disables the CLI/Telnet timeout. AP(config)# cli-session-timeout disable AP(config)# ping This command sends ICMP echo request packets to another node on the network. SYNTAX ping host_name - Alias of the host. ip_address - IP address of the host. DEFAULT SETTING None COMMAND MODE Exec COMMAND USAGE ◆ Use the ping command to see if another site on the network can be reached.
CHAPTER 12 | General Commands reset This command restarts the system or restores the factory default settings. SYNTAX reset board - Reboots the system. configuration - Resets the configuration settings to the factory defaults, and then reboots the system. DEFAULT SETTING None COMMAND MODE Exec COMMAND USAGE When the system is restarted, it will always run the Power-On Self-Test.
CHAPTER 12 | General Commands show line This command displays the console port’s configuration settings. COMMAND MODE Exec EXAMPLE The console port settings are fixed at the values shown below.
13 SYSTEM MANAGEMENT COMMANDS SYSTEM MANAGEMENT COMMANDS These commands are used to configure the user name, password, system logs, browser management options, clock settings, and a variety of other system information.
CHAPTER 13 | System Management Commands System Management Commands Table 9: System Management Commands (Continued) Command Function Mode Page show config Displays detailed configuration information for the system Exec 138 show hardware Displays the access point’s hardware version Exec 142 country This command configures the access point’s country code, which identifies the country of operation and sets the authorized radio channels.
CHAPTER 13 | System Management Commands System Management Commands Table 10: Country Codes (Continued) Country Code Country Code Country Code Country Code Croatia HR Jordan JO Poland PL Venezuela VE Cyprus CY Kazakhstan KZ Portugal PT Vietnam VN Czech Republic CZ North Korea KP Puerto Rico PR Zimbabwe ZW Denmark DK Korea Republic KR Slovenia SI Elsalvador SV Luxembourg LU South Africa ZA DEFAULT SETTING US - for units sold in the United States 99 (no country set)
CHAPTER 13 | System Management Commands System Management Commands DEFAULT SETTING Enterprise AP COMMAND MODE Global Configuration EXAMPLE AP(config)#prompt RD2 RD2(config)# system name This command specifies or modifies the system name for this device. Use the no form to restore the default system name. SYNTAX system name no system name name - The name of this host.
CHAPTER 13 | System Management Commands System Management Commands DEFAULT SETTING admin COMMAND MODE Global Configuration EXAMPLE AP(config)#username bob AP(config)# password After initially logging onto the system, you should set the password. Remember to record it in a safe place. Use the no form to reset the default password. SYNTAX password no password password - Password for management access.
CHAPTER 13 | System Management Commands System Management Commands ◆ After boot up, the SSH server needs about two minutes to generate host encryption keys. The SSH server is disabled while the keys are being generated. The show system command displays the status of the SSH server. EXAMPLE AP(if-ethernet)#ip ssh-server enable AP(if-ethernet)# ip ssh-server port This command sets the Secure Shell server port. Use the no form to disable the server.
CHAPTER 13 | System Management Commands System Management Commands ip http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. SYNTAX ip http port no ip http port port-number - The TCP port to be used by the browser interface.
CHAPTER 13 | System Management Commands System Management Commands ip https port Use this command to specify the UDP port number used for HTTPS/SSL connection to the access point’s Web interface. Use the no form to restore the default port. SYNTAX ip https port no ip https port port_number – The UDP port used for HTTPS/SSL. (Range: 80, 1024-65535) DEFAULT SETTING 443 COMMAND MODE Global Configuration COMMAND USAGE ◆ You cannot configure the HTTP and HTTPS servers to use the same port.
CHAPTER 13 | System Management Commands System Management Commands COMMAND USAGE ◆ Both HTTP and HTTPS service can be enabled independently. ◆ If you enable HTTPS, you must indicate this in the URL: https://device:port_number] ◆ When you start HTTPS, the connection is established in this way: ◆ The client authenticates the server using the server’s digital certificate. ◆ The client and server negotiate a set of security protocols to use for the connection.
CHAPTER 13 | System Management Commands System Management Commands COMMAND MODE Global Configuration COMMAND USAGE ◆ If anyone tries to access a management interface on the access point from an invalid address, the unit will reject the connection, enter an event message in the system log, and send a trap message to the trap manager. ◆ IP address can be configured for SNMP, web and Telnet access respectively.
CHAPTER 13 | System Management Commands System Management Commands DEFAULT SETTING All enabled COMMAND MODE Global Configuration EXAMPLE This example restricts management access to the indicated addresses. AP(config)#apmgmtui SNMP enable AP(config)# show This command shows the AP management configuration, including the IP apmanagement addresses of management stations allowed to access the access point, as well as the interface protocols which are open to management access.
CHAPTER 13 | System Management Commands System Management Commands System Country Code : US - UNITED STATES MAC Address : 00-30-F1-F0-9A-9C IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 0.0.0.0 VLAN State : DISABLED Management VLAN ID(AP): 1 IAPP State : ENABLED DHCP Client : ENABLED HTTP Server : ENABLED HTTP Server Port : 80 HTTPS Server : ENABLED HTTPS Server Port : 443 Slot Status : Dual band(a/g) Boot Rom Version : v3.0.3 Software Version : v4.3.1.
CHAPTER 13 | System Management Commands System Management Commands 802.1x supplicant user 802.1x supplicant password Address Filtering : EMPTY : EMPTY : ALLOWED System Default : ALLOW addresses not found in filter table. Filter Table ----------------------------------------------------------No Filter Entries. Bootfile Information =================================== Bootfile : ec-img.
CHAPTER 13 | System Management Commands System Management Commands Default Transmit Key : 1 Static Keys : Key 1: EMPTY Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Key Length : Key 1: ZERO Key 2: ZERO Key 3: ZERO Key 4: ZERO Authentication Type : OPEN Rogue AP Detection : Disabled Rogue AP Scan Interval : 720 minutes Rogue AP Scan Duration : 350 milliseconds =========================================================== Console Line Information =========================================================== databits :
CHAPTER 13 | System Management Commands System Management Commands Trap Destinations: 1: 0.0.0.0, Community: *****, State: Disabled 2: 0.0.0.0, Community: *****, State: Disabled 3: 0.0.0.0, Community: *****, State: Disabled 4: 0.0.0.
CHAPTER 13 | System Management Commands System Management Commands HTTPS Server Port : 443 Slot Status : Dual band(a/g) Boot Rom Version : v3.0.7 Software Version : v4.3.2.2 SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLED WEB Redirect : DISABLED DHCP Relay : DISABLED ============================================================== Version Information ========================================= Version: v4.3.2.
14 SYSTEM LOGGING COMMANDS These commands are used to configure system logging on the access point.
CHAPTER 14 | System Logging Commands logging host This command specifies syslog servers host that will receive logging messages. Use the no form to remove syslog server host. SYNTAX logging host <1 | 2 | 3 | 4> [udp_port] no logging host <1 | 2 | 3 | 4> 1 - First syslog server. 2 - Second syslog server. 3 - Third syslog server. 4 - Fourth syslog server. host_name - The name of a syslog server. (Range: 1-20 characters) host_ip_address - The IP address of a syslog server.
CHAPTER 14 | System Logging Commands logging level This command sets the minimum severity level for event logging. SYNTAX logging level DEFAULT SETTING Informational COMMAND MODE Global Configuration COMMAND USAGE Messages sent include the selected level down to Emergency level. Table 12: Logging Levels Level Argument Description Emergency System unusable Alert Immediate action needed Critical Critical conditions (e.
CHAPTER 14 | System Logging Commands COMMAND USAGE The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the access point. However, it may be used by the syslog server to sort messages or to store messages in the corresponding database. EXAMPLE AP(config)#logging facility 19 AP(config)# logging clear This command clears all log messages stored in the access point’s memory.
CHAPTER 14 | System Logging Commands show event-log This command displays log messages stored in the access point’s memory. SYNTAX show event-log COMMAND MODE Exec EXAMPLE AP#show event-log Mar 09 11:57:55 Information: Mar 09 11:57:55 Information: Mar 09 11:57:34 Information: Mar 09 11:57:18 Information: Mar 09 11:56:35 Information: Mar 09 11:55:52 Information: Mar 09 11:55:52 Information: Mar 09 11:55:52 Information: Mar 09 11:55:40 Information: Mar 09 11:55:40 Information: Press next. previous.
15 SYSTEM CLOCK COMMANDS These commands are used to configure SNTP and system clock settings on the access point.
CHAPTER 15 | System Clock Commands EXAMPLE AP(config)#sntp-server ip 10.1.0.19 AP# RELATED COMMANDS sntp-server enable (149) show sntp (151) sntp-server enable This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests.
CHAPTER 15 | System Clock Commands AP#sntp-server date-time Enter Year<1970-2100>: 2003 Enter Month<1-12>: 6 Enter Day<1-31>: 19 Enter Hour<0-23>: 17 Enter Min<0-59>: 37 AP# RELATED COMMANDS sntp-server enable (149) sntp-server This command sets the start and end dates for daylight savings time. Use daylight-saving the no form to disable daylight savings time.
CHAPTER 15 | System Clock Commands DEFAULT SETTING -5 (BOGOTA, EASTERN, INDIANA) COMMAND MODE Global Configuration COMMAND USAGE This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean Time or GMT), based on the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
16 DHCP RELAY COMMANDS Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients that broadcast a request. To receive the broadcast request, the DHCP server would normally have to be on the same subnet as the client. However, when the access point’s DHCP relay agent is enabled, received client requests can be forwarded directly by the access point to a known DHCP server on another subnet.
CHAPTER 16 | DHCP Relay Commands EXAMPLE AP(config)#dhcp-relay enable AP(config)# dhcp-relay This command configures the primary and secondary DHCP server addresses. SYNTAX dhcp-relay primary - The primary DHCP server. secondary - The secondary DHCP server. ip_address - IP address of the server. DEFAULT SETTING Primary and secondary: 0.0.0.0 COMMAND MODE Global Configuration EXAMPLE AP(config)#dhcp-relay primary 192.168.1.
17 SNMP COMMANDS Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages.
CHAPTER 17 | SNMP Commands DEFAULT SETTING ◆ public - Read-only access. Authorized management stations are only able to retrieve MIB objects. ◆ private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects. COMMAND MODE Global Configuration COMMAND USAGE If you enter a community string without the ro or rw option, the default is read only. EXAMPLE AP(config)#snmp-server community alpha rw AP(config)# snmp-server This command sets the system contact string.
CHAPTER 17 | SNMP Commands SYNTAX snmp-server location no snmp-server location text - String that describes the system location. (Maximum length: 255 characters) DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE AP(config)#snmp-server location WC-19 AP(config)# RELATED COMMANDS snmp-server contact (155) snmp-server enable This command enables SNMP management access and also enables this server device to send SNMP traps (i.e., notifications).
CHAPTER 17 | SNMP Commands RELATED COMMANDS snmp-server host (157) snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host. SYNTAX snmp-server host no snmp-server host host_ip_address - IP of the host (the targeted recipient). community-string - Password-like community string sent with the notification operation.
CHAPTER 17 | SNMP Commands trap - One of the following SNMP trap messages: dot11InterfaceAGFail - The 802.11a or 802.11g interface has failed. dot11InterfaceBFail - The 802.11b interface has failed. dot11StationAssociation - A client station has successfully associated with the access point. dot11StationAuthentication - A client station has been successfully authenticated. dot11StationReAssociation - A client station has successfully re-associated with the access point.
CHAPTER 17 | SNMP Commands sysSystemDown - The access point is about to shutdown and reboot. sysSystemUp - The access point is up and running. DEFAULT SETTING All traps enabled COMMAND MODE Global Configuration COMMAND USAGE This command is used in conjunction with the snmp-server host and snmp-server enable server commands to enable SNMP notifications. EXAMPLE AP(config)#no snmp-server trap dot11StationAssociation AP(config)# snmp-server vacm This command configures SNMP v3 vacm views.
CHAPTER 17 | SNMP Commands ◆ Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects. Note that the filter entries are applied in the sequence that they are defined. ◆ The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”. ◆ The mask is a hexadecimal value with each bit masking the corresponding ID in the MIB subtree. A “1” in the mask indicates an exact match and a “0” indicates a “wild card.
CHAPTER 17 | SNMP Commands COMMAND MODE Global Configuration COMMAND USAGE ◆ The access point allows up to 10 notification filters to be created. Each filter can be defined by up to 20 MIB subtree ID entries. ◆ Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects. Note that the filter entries are applied in the sequence that they are defined. ◆ The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”.
CHAPTER 17 | SNMP Commands COMMAND MODE Global Configuration COMMAND USAGE ◆ Up to 10 SNMPv3 users can be configured on the access point. ◆ The SNMP engine ID is used to compute the authentication/privacy digests from the pass phrase. You should therefore configure the engine ID with the snmp-server engine-id command before using this configuration command. ◆ Users must be assigned to groups that have the same security levels.
CHAPTER 17 | SNMP Commands COMMAND MODE Global Configuration COMMAND USAGE ◆ The access point supports up to 10 SNMP v3 target IDs. ◆ The SNMP v3 user name that is specified in the target must first be configured using the snmp-server user command. EXAMPLE AP(config)#snmp-server targets mytraps 192.168.1.33 chris AP(config)# snmp-server filter This command configures SNMP v3 notification filters. Use the no form to delete an SNMP v3 filter or remove a subtree from a filter.
CHAPTER 17 | SNMP Commands EXAMPLE AP(config)#snmp-server filter trapfilter include .1 AP(config)#snmp-server filter trapfilter exclude .1.3.6.1.2.1.2.2.1.1.23 show snmp users This command displays the SNMP v3 users and settings.
CHAPTER 17 | SNMP Commands show snmp vacm This command displays the SNMP v3 notification filter settings. group / show snmp vacm view SYNTAX show snmp filter [filter-id] filter-id - A user-defined name that identifies an SNMP v3 notification filter. (Maximum length: 32 characters) COMMAND MODE Exec EXAMPLE AP#show snmp filter Filter: trapfilter Type: include Subtree: iso.3.6.1.2.1.2.2.1 Type: exclude Subtree: iso.3.6.1.2.1.2.2.1.1.
CHAPTER 17 | SNMP Commands iappStationRoamedFrom Enabled iappStationRoamedTo Enabled localMacAddrAuthFail Enabled localMacAddrAuthSuccess Enabled pppLogonFail Enabled sntpServerFail Enabled configFileVersionChanged Enabled radiusServerChanged Enabled systemDown Enabled systemUp Enabled ============================================= AP# – 166 –
18 FLASH/FILE COMMANDS These commands are used to manage the system code or configuration files.
CHAPTER 18 | Flash/File Commands copy This command copies a boot file, code image, or configuration file between the access point’s flash memory and a FTP/TFTP server. When you save the configuration settings to a file on a FTP/TFTP server, that file can later be downloaded to the access point to restore system operation. The success of the file transfer depends on the accessibility of the FTP/TFTP server and the quality of the network connection.
CHAPTER 18 | Flash/File Commands AP#copy config tftp TFTP Source file name:syscfg TFTP Server IP:192.168.1.19 AP# The following example shows how to download a configuration file: AP#copy tftp file 1. Application image 2. Config file 3. Boot block image Select the type of download<1,2,3>: TFTP Source file name:syscfg TFTP Server IP:192.168.1.19 AP# [1]:2 show dual-image This command displays the name of the current operation code file that booted the system and the file saved as a secondary image.
19 RADIUS CLIENT COMMANDS Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access for RADIUS-aware devices to the network. An authentication server contains a database of credentials, such as users names and passwords, for each wireless client that requires access to the access point. Table 17: RADIUS Client Commands Command Function Mode Page radius-server enable Enables the RADIUS server.
CHAPTER 19 | RADIUS Client Commands If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command specifies the primary and secondary RADIUS server address address. SYNTAX radius-server {primary | secondary} address
address - IP address of server. DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE AP(config)#radius-server address 192.168.1.25 AP(config)# radius-server port This command sets the RADIUS server network port.CHAPTER 19 | RADIUS Client Commands key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters) DEFAULT SETTING DEFAULT COMMAND MODE Global Configuration EXAMPLE AP(config)#radius-server primary key green AP(config)# radius-server This command sets the RADIUS Accounting server network IP address.
CHAPTER 19 | RADIUS Client Commands DEFAULT SETTING 0 (disabled) COMMAND MODE Global Configuration COMMAND USAGE ◆ When the RADIUS Accounting server UDP port is specified, a RADIUS accounting session is automatically started for each user that is successfully authenticated to the access point. EXAMPLE AP(config)#radius-server accounting port 1024 AP(config)# radius-server This command sets the RADIUS Accounting key.
CHAPTER 19 | RADIUS Client Commands COMMAND MODE Global Configuration COMMAND USAGE ◆ The access point sends periodic accounting updates after every interim period until the user logs off and a “stop” message is sent. EXAMPLE AP(config)#radius-server timeout-interim 500 AP(config)# show radius This command displays the current settings for the RADIUS server. DEFAULT SETTING None COMMAND MODE Exec EXAMPLE AP#show radius Radius Accounting Information ============================================== IP : 10.7.
20 802.1X AUTHENTICATION COMMANDS The access point supports IEEE 802.1X access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. Client authentication is then verified by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to the network. The 802.
CHAPTER 20 | 802.1X Authentication Commands EXAMPLE AP(config)#802.1x enable AP(config)# 802.1x session- This command sets the time period after which a connected client must be timeout re-authenticated. Use the no form to disable 802.1X re-authentication. SYNTAX 802.1x session-timeout seconds - The number of seconds. (Range: 0-65535) DEFAULT 0 (Disabled) COMMAND MODE Global Configuration EXAMPLE AP(config)#802.1x session-timeout 300 AP(config)# show authentication This command shows all 802.
21 MAC ADDRESS AUTHENTICATION COMMANDS Use these commands to define MAC authentication on the access point. For local MAC authentication, first define the default filtering policy using the address filter default command. Then enter the MAC addresses to be filtered, indicating if they are allowed or denied. For RADIUS MAC authentication, the MAC addresses and filtering policy must be configured on the RADIUS server.
CHAPTER 21 | MAC Address Authentication Commands RELATED COMMANDS address filter entry (178) address filter entry This command enters a MAC address in the filter table. SYNTAX address filter entry mac-address - Physical address of client. (Enter six pairs of hexadecimal digits separated by hyphens; e.g., 00-90-D1-12-AB89.) allowed - Entry is allowed access. denied - Entry is denied access.
CHAPTER 21 | MAC Address Authentication Commands COMMAND MODE Global Configuration EXAMPLE AP(config)#address filter delete 00-70-50-cc-99-1b AP(config)# mac-authentication This command sets address filtering to be performed with local or remote server options. Use the no form to disable MAC address authentication. SYNTAX mac-authentication server [local | remote] local - Authenticate the MAC address of wireless clients with the local authentication database during 802.11 association.
CHAPTER 21 | MAC Address Authentication Commands EXAMPLE AP(config)#mac-authentication session-timeout 1 AP(config)# – 180 –
22 FILTERING COMMANDS The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types.
CHAPTER 22 | Filtering Commands COMMAND USAGE This command can disable wireless-to-wireless communications between clients via the access point. However, it does not affect communications between wireless clients and the wired network. EXAMPLE AP(config)#filter local-bridge AP(config)# filter ap-manage This command prevents wireless clients from accessing the management interface on the access point. Use the no form to disable this filtering.
CHAPTER 22 | Filtering Commands filter acl-source- This command enables filtering of source MAC addresses from the Ethernet address mac- port. address SYNTAX [no] filter acl-source-address {add | delete} address MAC address - Specifies a MAC address in the form xx-xx-xx-xx-xxxx. A maximum of eight addresses can be added to the filtering table.
CHAPTER 22 | Filtering Commands DEFAULT Disabled COMMAND MODE Global Configuration EXAMPLE AP(config)#filter acl-source-address add xx:xx:xx:xx:xx:xx AP(config)# filter ethernet-type This command checks the Ethernet type on all incoming and outgoing enabled Ethernet packets against the protocol filtering table. Use the no form to disable this feature.
CHAPTER 22 | Filtering Commands DEC XNS, DEC-MOP-Dump-Load, DEC-MOP, DEC-LAT, Ethertalk, Appletalk-ARP, Novell-IPX(old), Novell-IPX(new), EAPOL, TelxonTXP, Aironet-DDP, Enet-Config-Test, IP, IPv6, NetBEUI, PPPoE_Discovery, PPPoE_PPP_Session) DEFAULT None COMMAND MODE Global Configuration COMMAND USAGE Use the filter ethernet-type enable command to enable filtering for Ethernet types specified in the filtering table, or the no filter ethernettype enable command to disable all filtering based on the filteri
23 SPANNING TREE COMMANDS The commands described in this section are used to set the MAC address table aging time and spanning tree parameters for both the Ethernet and wireless interfaces.
CHAPTER 23 | Spanning Tree Commands AP(config)bridge stp service AP(config) bridge stp br-conf Use this command to configure the spanning tree bridge forward time forwarding-delay globally for the wireless bridge. Use the no form to restore the default. SYNTAX bridge stp br-conf forwarding-delay no bridge stp br-conf forwarding-delay seconds - Time in seconds. (Range: 4 - 30 seconds) The minimum value is the higher of 4 or [(max-age / 2) + 1].
CHAPTER 23 | Spanning Tree Commands COMMAND MODE Global Configuration COMMAND USAGE This command sets the time interval (in seconds) at which the root device transmits a configuration message. EXAMPLE AP(config)#bridge stp br-conf hello-time 5 AP(config)# bridge stp br-conf Use this command to configure the spanning tree bridge maximum age max-age globally for the wireless bridge. Use the no form to restore the default.
CHAPTER 23 | Spanning Tree Commands SYNTAX bridge stp br-conf priority no bridge stp br-conf priority priority - Priority of the bridge. (Range: 0 - 65535) DEFAULT SETTING 32768 COMMAND MODE Global Configuration COMMAND USAGE Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STP root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
CHAPTER 23 | Spanning Tree Commands show bridge stp This command displays aging time and spanning tree settings for the Ethernet and wireless interfaces. SYNTAX show bridge stp COMMAND MODE Exec EXAMPLE AP#show bridge stp Bridge STP Information ================================== Bridge MAC : 00:12:CF:A2:54:30 Status : Disabled priority : 32768 Hello Time : 2 seconds Maximum Age : 20 seconds Forward Delay : 15 seconds ================================== AP# show bridge br-conf No idea.
CHAPTER 23 | Spanning Tree Commands COMMAND MODE Exec EXAMPLE AP#show bridge port-conf interface all ETH0 configuration ======================================== Link Port Priority : 32 Link Path Cost : 4 ======================================== ATH0 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH1 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 =================
CHAPTER 23 | Spanning Tree Commands show bridge status This command displays aging time and spanning tree settings for the Ethernet and wireless interfaces. SYNTAX show bridge status COMMAND MODE Exec EXAMPLE AP# show bridge status all br0 status ===================================================== Bridge ID : 8000.0012cfa25430 Designated Root ID : 8000.
24 WDS BRIDGE COMMANDS The commands described in this section are used to set the operation mode for each access point interface and configure Wireless Distribution System (WDS) forwarding table settings.
CHAPTER 24 | WDS Bridge Commands COMMAND MODE Interface Configuration (Wireless) VAP COMMAND USAGE Every bridge (except the root bridge) in the wireless bridge network must specify the MAC address of the parent bridge that is linked to the root bridge, or the root bridge itself. EXAMPLE AP(if-wireless 0 [VAP 0])#wds sta ap red AP(if-wireless 0 [VAP 0])# show wds wireless This command displays the current WDS forwarding table aging time setting.
25 ETHERNET INTERFACE COMMANDS The commands described in this section configure connection parameters for the Ethernet port and wireless interface.
CHAPTER 25 | Ethernet Interface Commands dns server This command specifies the address for the primary or secondary domain name server to be used for name-to-address resolution. SYNTAX dns primary-server dns secondary-server primary-server - Primary server used for name resolution. secondary-server - Secondary server used for name resolution. server-address - IP address of domain-name server.
CHAPTER 25 | Ethernet Interface Commands COMMAND MODE Interface Configuration (Ethernet) COMMAND USAGE ◆ DHCP is enabled by default. To manually configure a new IP address, you must first disable the DHCP client with the no ip dhcp command. ◆ You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets.
CHAPTER 25 | Ethernet Interface Commands EXAMPLE AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. AP(if-ethernet)#ip dhcp AP(if-ethernet)# RELATED COMMANDS ip address (196) shutdown This command disables the Ethernet interface. To restart a disabled interface, use the no form.
CHAPTER 25 | Ethernet Interface Commands DEFAULT SETTING 19 COMMAND MODE Interface Configuration COMMAND USAGE ◆ This command is used by the Spanning Tree Protocol to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. ◆ Path cost takes precedence over port priority.
CHAPTER 25 | Ethernet Interface Commands RELATED COMMANDS bridge-link path-cost (198) show interface This command displays the status for the Ethernet interface. ethernet SYNTAX show interface [ethernet] DEFAULT SETTING Ethernet interface COMMAND MODE Exec EXAMPLE AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.2.2 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.253 Primary DNS : 192.168.1.55 Secondary DNS : 10.1.0.
26 WIRELESS INTERFACE COMMANDS The commands described in this section configure connection parameters for the wireless interfaces.
CHAPTER 26 | Wireless Interface Commands Table 24: Wireless Interface Commands Command Function Mode Page shutdown Disables the wireless interface IC-WVAP 214 show interface wireless Shows the status for the wireless interface Exec 215 show station Shows the wireless clients associated with the access point Exec 217 interface wireless This command enters wireless interface configuration mode. SYNTAX interface wireless a - 802.11a radio interface. g - 802.11g radio interface.
CHAPTER 26 | Wireless Interface Commands vap This command provides access to the VAP (Virtual Access Point) interface configuration mode. SYNTAX vap vap-id - The number that identifies the VAP interface. (Options: 0-7) DEFAULT SETTING None COMMAND MODE Interface Configuration (Wireless) EXAMPLE AP(if-wireless g)#vap 0 AP(if-wireless g: VAP[0])# a-mpdu Sets the Aggregate MAC Protocol Data Unit(A-MPDU). SYNTAX a-mpdu length - 1024-65535 seconds.
CHAPTER 26 | Wireless Interface Commands COMMAND MODE Interface Configuration (Wireless) EXAMPLE AP(if-wireless 0)#a-msdu enable AP(if-wireless 0)# channel This command configures the radio channel through which the access point communicates with wireless clients. SYNTAX channel channel - Manually sets the radio channel used for communications with wireless clients. (Range for 802.
CHAPTER 26 | Wireless Interface Commands transmit-power This command adjusts the power of the radio signals transmitted from the access point. SYNTAX transmit-power signal-strength - Signal strength transmitted from the access point. (Options: full, half, quarter, eighth, min) DEFAULT SETTING full COMMAND MODE Interface Configuration (Wireless) COMMAND USAGE ◆ The “min” keyword indicates minimum power. ◆ The longer the transmission distance, the higher the transmission power required.
CHAPTER 26 | Wireless Interface Commands ◆ Both the 802.11g and 802.11b standards operate within the 2.4 GHz band. If you are operating in g mode, any 802.11b devices in the service area will contribute to the radio frequency noise and affect network performance.
CHAPTER 26 | Wireless Interface Commands device ath0 entered promiscuous mode br0: port 2(ath0) entering learning state br0: topology change detected, propagating br0: port 2(ath0) entering forwarding state Add port ath0 to bridge br0 successfully ath_vdrv: Version 0.1 All Rights Reserved AP(if-wireless 0)# make-rf-setting- Makes the RF setting effective.
CHAPTER 26 | Wireless Interface Commands ath_vdrv: Version 0.
CHAPTER 26 | Wireless Interface Commands ◆ Set the preamble to long to ensure the access point can support all 802.11b and 802.11g clients.
CHAPTER 26 | Wireless Interface Commands beacon-interval This command configures the rate at which beacon signals are transmitted from the access point. SYNTAX beacon-interval interval - The rate for transmitting beacon signals. (Range: 20-1000 milliseconds) DEFAULT SETTING 100 COMMAND MODE Interface Configuration (Wireless) COMMAND USAGE The beacon signals allow wireless clients to maintain contact with the access point. They may also carry power-management information.
CHAPTER 26 | Wireless Interface Commands ◆ Using smaller DTIM intervals delivers broadcast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames.
CHAPTER 26 | Wireless Interface Commands description This command adds a description to a the wireless interface. Use the no form to remove the description. SYNTAX description no description string - Comment or a description for this interface. (Range: 1-80 characters) DEFAULT SETTING None COMMAND MODE Interface Configuration (Wireless-VAP) EXAMPLE AP(if-wireless g: VAP[0])#description RD-AP#3 AP(if-wireless g: VAP[0])# ssid This command configures the service set identifier (SSID).
CHAPTER 26 | Wireless Interface Commands closed-system This command prohibits access to clients without a pre-configured SSID. Use the no form to disable this feature. SYNTAX closed-system no closed-system DEFAULT SETTING Disabled COMMAND MODE Interface Configuration (Wireless-VAP) COMMAND USAGE When closed system is enabled, the access point will not include its SSID in beacon messages. Nor will it respond to probe requests from clients that do not include a fixed SSID.
CHAPTER 26 | Wireless Interface Commands assoc-timeout- This command configures the idle time interval (when no frames are sent) interval after which the client is disassociated from the VAP interface. SYNTAX assoc-timeout-interval minutes - The number of minutes of inactivity before disassociation.
CHAPTER 26 | Wireless Interface Commands DEFAULT SETTING Interface enabled COMMAND MODE Interface Configuration (Wireless-VAP) COMMAND USAGE You must first enable VAP interface 0 before you can enable VAP interfaces 1, 2, 3, 4, 5, 6, or 7. EXAMPLE AP(if-wireless g: VAP[0])#shutdown AP(if-wireless g)# show interface This command displays the status for the wireless interface. wireless SYNTAX show interface wireless vap-id a - 802.11a radio interface. g - 802.11g radio interface.
CHAPTER 26 | Wireless Interface Commands MIC Mode : Software Super G : Disabled VLAN ID : 1 ----------------Security------------------------------------------------Closed System : Disabled Multicast cipher : WEP Unicast cipher : TKIP and AES WPA clients : DISABLED WPA Key Mgmt Mode : PRE SHARED KEY WPA PSK Key Type : PASSPHRASE WPA PSK Key : EMPTY PMKSA Lifetime : 720 minutes Encryption : ENABLED Default Transmit Key : 1 Common Static Keys : Key 1: EMPTY Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Pre-Authentic
CHAPTER 26 | Wireless Interface Commands show station This command shows the wireless clients associated with the access point. COMMAND MODE Exec EXAMPLE AP#show station Station Table Information ======================================================== if-wireless A VAP [0] : 802.11a Channel : 60 No 802.11a Channel Stations. . . . if-wireless G VAP [0] : 802.11g Channel : 1 802.
27 WIRELESS SECURITY COMMANDS The commands described in this section configure parameters for wireless security on the 802.11a and 802.11g interfaces. Table 25: Wireless Security Commands Command Function Mode Page auth Defines the 802.
CHAPTER 27 | Wireless Security Commands wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for authentication. wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Preshared Key are accepted for authentication DEFAULT SETTING open-system COMMAND MODE Interface Configuration (Wireless-VAP) COMMAND USAGE ◆ The auth command automatically configures settings for each authentication type, including encryption, 802.1X, and cipher suite. The command auth open-system disables encryption and 802.1X.
CHAPTER 27 | Wireless Security Commands encryption cipher suite is set to TKIP, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for each client. The access point advertises it’s supported encryption ciphers in beacon frames and probe responses. WPA and WPA2 clients select the cipher they support and return the choice in the association request to the access point. For mixed-mode operation, the cipher used for broadcast frames is always TKIP. WEP encryption is not allowed.
CHAPTER 27 | Wireless Security Commands EXAMPLE AP(if-wireless g: VAP[0])#encryption AP(if-wireless g)# RELATED COMMANDS key (221) key This command sets the keys used for WEP encryption. Use the no form to delete a configured key. SYNTAX key <1-4> no key 1-4 - Key index. (Range: 1-4) static - Indicates a static key. dynamic - Indicates a dynamic key. value - The key string. For 64-bit keys, use 5 alphanumeric characters or 10 hexadecimal digits.
CHAPTER 27 | Wireless Security Commands AP(if-wireless 0)#key 3 64 hex 12345123451234512345123456 AP(if-wireless 0)# RELATED COMMANDS key (221) encryption (220) transmit-key (222) transmit-key This command sets the index of the key to be used for encrypting data frames for broadcast or multicast traffic transmitted from the VAP to wireless clients. SYNTAX transmit-key index - Key index.
CHAPTER 27 | Wireless Security Commands SYNTAX multicast-cipher aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher. tkip - Use TKIP encryption for the multicast cipher. TKIP or AESCCMP can be used for the unicast cipher depending on the capability of the client. DEFAULT SETTING None COMMAND MODE Interface Configuration (Wireless-VAP) COMMAND USAGE ◆ WPA enables the access point to support different unicast encryption keys for each client.
CHAPTER 27 | Wireless Security Commands wpa-pre-shared-key This command defines a Wi-Fi Protected Access (WPA/WPA2) Pre-sharedkey. SYNTAX wpa-pre-shared-key hex - Specifies hexadecimal digits as the key input format. passphrase-key - Specifies an ASCII pass-phrase string as the key input format. value - The key string. For ASCII input, specify a string between 8 and 63 characters. For HEX input, specify exactly 64 digits.
CHAPTER 27 | Wireless Security Commands COMMAND USAGE ◆ WPA2 provides fast roaming for authenticated clients by retaining keys and other security information in a cache, so that if a client roams away from an access point and then returns reauthentication is not required. ◆ When a WPA2 client is first authenticated, it receives a Pairwise Master Key (PMK) that is used to generate other keys for unicast data encryption.
CHAPTER 27 | Wireless Security Commands ath_vdrv: driver unloaded ARGS: 1 ath_hal: 0.9.17.1 (AR5416, DEBUG, REGOPS_FUNC, WRITE_EEPROM, 11D) wlan: 0.8.4.2 (Atheros/multi-bss) ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Right s Reserved ath_dfs: Version 2.0.0 Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserve d ath_ahb: 0.9.4.5 (Atheros/multi-bss)(LSDK7.1.3.
CHAPTER 27 | Wireless Security Commands BR0 NO WIRELESS EXTENSIONS. WIFI0 NO WIRELESS EXTENSIONS. LO NO WIRELESS EXTENSIONS. ETH0 NO WIRELESS EXTENSIONS. BR0 NO WIRELESS EXTENSIONS. WIFI0 NO WIRELESS EXTENSIONS. LO NO WIRELESS EXTENSIONS. ETH0 NO WIRELESS EXTENSIONS. BR0 NO WIRELESS EXTENSIONS. WIFI0 NO WIRELESS EXTENSIONS.
28 LINK LAYER DISCOVERY COMMANDS LLDP allows devices in the local broadcast domain to share information about themselves. LLDP-capable devices periodically transmit information in messages called Type Length Value (TLV) fields to neighbor devices. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
CHAPTER 28 | Link Layer Discovery Commands lldp-transmit hold- This command configures the length of time the access point will sustain its muliplier LLDP signal on the network. (Default: 4 seconds; Range: 2-10 seconds) SYNTAX lldp transmit hold-multiplier no link-integrity ping-host seconds - Time in seconds.
CHAPTER 28 | Link Layer Discovery Commands DEFAULT SETTING 2 seconds COMMAND MODE Global Configuration EXAMPLE AP(config)#lldp transmit re-init-delay 10 AP(config)# lldp transmit delay- The length of time before which the access point will advertise its presence to-local-change on the network with an LLDP header. SYNTAX lldp transmit delay-to-local-change seconds - Time in seconds.
CHAPTER 28 | Link Layer Discovery Commands – 231 –
29 VLAN COMMANDS The access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network. Up to 64 VLAN IDs can be mapped to specific wireless clients, allowing users to remain within the same VLAN as they move around a campus site. When VLAN is enabled on the access point, a VLAN ID (a number between 1 and 4094) can be assigned to each client after successful authentication using IEEE 802.1X and a central RADIUS server.
CHAPTER 29 | VLAN Commands COMMAND DESCRIPTION ◆ When VLANs are enabled, the access point tags frames received from wireless clients with the VLAN ID configured for each client on the RADIUS server. If the VLAN ID has not been configured for a client on the RADIUS server, then the frames are tagged with the access point’s native VLAN ID.
CHAPTER 29 | VLAN Commands vlan-id This command configures the default VLAN ID for the VAP interface. SYNTAX vlan-id vlan-id - Native VLAN ID. (Range: 1-4094) DEFAULT SETTING 1 COMMAND MODE Interface Configuration (Wireless-VAP) COMMAND USAGE ◆ To implement the default VLAN ID setting for VAP interface, the access point must enable VLAN support using the vlan command.
30 WMM COMMANDS The access point implements QoS using the Wi-Fi Multimedia (WMM) standard. Using WMM, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. WMM employs techniques that are a subset of the developing IEEE 802.11e QoS standard and it enables the access point to inter-operate with both WMM- enabled clients and other devices that may lack any WMM functionality.
CHAPTER 30 | WMM Commands wmm-acknowledge- This command allows the acknowledgement wait time to be enabled or policy disabled for each Access Category (AC). SYNTAX wmm-acknowledge-policy ac_number - Access categories. (Range: 0-3) ack - Require the sender to wait for an acknowledgement from the receiver. noack - Does not require the sender to wait for an acknowledgement from the receiver.
CHAPTER 30 | WMM Commands ac_number - Access categories (ACs) – voice, video, best effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802.1D priority tags as shown in Table 6-1. (Range: 0-3) LogCwMin - Minimum log value of the contention window. This is the initial upper limit of the random backoff wait time before wireless medium access can be attempted. The initial wait time is a random value between zero and the LogCwMin value.
CHAPTER 30 | WMM Commands TABLE AD-1 WMM Parameters AC0 (Best Effort) AC1 (Background) AC2 (Video) AC3 (Voice) TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled COMMAND MODE Interface Configuration (Wireless) EXAMPLE AP(if-wireless a)#wmmparams ap 0 4 6 3 1 1 AP(if-wireless a)# – 238 –
CHAPTER 30 | WMM Commands – 239 –
SECTION IV APPENDICES This section provides additional information and includes these items: ◆ “Hardware Specifications” on page 244 ◆ “Troubleshooting” on page 241 ◆ “Glossary” on page 252 ◆ “Index” on page 256 – 240 –
A TROUBLESHOOTING DIAGNOSING LED INDICATORS Table 31: LED Indicators Symptom Action POWER/ DIAG/FAIL LEDs are off ◆ The AC power adapter may be disconnected. Check connections between the SMCE21011, the power adapter, and the wall outlet. ◆ The PoE cable may be disconnected. Check connections between the SMCE21011 and the PoE power source. ◆ Verify that the SMCE21011 and attached device are powered on. ◆ Be sure the cable is plugged into both the EAP8518A and corresponding device.
APPENDIX A | Troubleshooting Before Contacting Technical Support ■ ■ If MAC address filtering is enabled, be sure the client’s address is included in the local filtering database or on the RADIUS server database. If the wireless clients are roaming between access points, make sure that all the access points and wireless devices in the Extended Service Set (ESS) are configured to the same SSID, and authentication method. 2.
APPENDIX A | Troubleshooting Before Contacting Technical Support ■ ■ Reset the access point’s hardware using the console interface, web interface, or through a power reset. Reset the access point to its default configuration by pressing the reset button on the back panel for 5 seconds or more. Then use the default user name “admin” and a null password to access the management interface.
B HARDWARE SPECIFICATIONS WIRELESS TRANSMIT 802.11b/g/n: POWER (MAXIMUM) 802.11b: 21 dBm (typical) 802.11g: 16 dBm 802.11n HT20 (20MHz, MCS): 20.5 dBm 802.11n HT40 (40MHz, MCS): 21 dBm 802.11a/n: 802.11a: 16 dBm 802.11n HT20 (20MHz, MCS): 18 dBm 802.11n HT40 (40 MHz, MCS): 16 dBm WIRELESS RECEIVE 802.11b/g/n: SENSITIVITY (MAXIMUM) 802.11b: -92 dBm 802.11g: -89 dBm 802.11n HT20 (20MHz, MCS): -87 dBm 802.11n HT40 (40MHz, MCS): -88 dBm 802.11a/n: 802.11a: -88 dBm 802.11n HT20 (20MHz, MCS): -87 dBm 802.
APPENDIX B | Hardware Specifications DATA RATE 802.11b: 1, 2, 5.5, 11 Mbps per channel 802.11g: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel 802.11n: 27, 54, 81, 108, 162, 216, 243, 270, 300 Mbps per channel (40MHz) 802.11a: Normal Mode: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel Turbo Mode: 12, 18, 24, 36, 48, 54, 96, 108 Mbps per channel OPERATING CHANNELS 802.11g/n: 11 channels in base mode (US, Canada) 13 channels (ETSI, Japan) 802.
APPENDIX B | Hardware Specifications HUMIDITY 15% to 95% (non-condensing) COMPLIANCES FCC Part 15B Class B EN 55022B EN 55024 EN 61000-3-2 EN 61000-3-3 RADIO SIGNAL FCC Part 15C 15.247, 15.207 (2.4 GHz) CERTIFICATION EN 300 328 EN 301 489-1 EN 301 489-17 IC RSS-210 STANDARDS IEEE 802.11b/g IEEE 802.11n draft v2.0 IEEE 802.3-2005 PHYSICAL SIZE 18.8 x 15 x 2.2 cm (7.40 x 5.90 x 0.
C CABLES AND PINOUTS TWISTED-PAIR CABLE ASSIGNMENTS For 10/100BASE-TX connections, a twisted-pair cable must have two pairs of wires. For 1000BASE-T connections the twisted-pair cable must have four pairs of wires. Each wire pair is identified by two different colors. For example, one wire might be green and the other, green with white stripes. Also, an RJ-45 connector must be attached to both ends of the cable. NOTE: Each wire pair must be attached to the RJ-45 connectors in a specific orientation.
APPENDIX C | Cables and Pinouts 10/100BASE-TX Pin Assignments 10/100BASE-TX PIN ASSIGNMENTS Use unshielded twisted-pair (UTP) or shielded twisted-pair (STP) cable for RJ-45 connections: 100-ohm Category 3 or better cable for 10 Mbps connections. Also be sure that the length of any twisted-pair connection does not exceed 100 meters (328 feet).
APPENDIX C | Cables and Pinouts Crossover Wiring Figure 61: Straight Through Wiring EIA/TIA 568B RJ-45 Wiring Standard 10/100BASE-TX Straight-through Cable White/Orange Stripe Orange End A White/Green Stripe 1 2 3 4 5 6 7 8 Blue White/Blue Stripe Green White/Brown Stripe 1 2 3 4 5 6 7 8 End B Brown CROSSOVER WIRING If the twisted-pair cable is to join two ports and either both ports are labeled with an “X” (MDI-X) or neither port is labeled with an “X” (MDI), a crossover must be implemented in the
APPENDIX C | Cables and Pinouts 1000BASE-T Pin Assignments 1000BASE-T PIN ASSIGNMENTS All 1000BASE-T ports support automatic MDI/MDI-X operation, so you can use straight-through cables for all network connections to PCs or servers, switches or hubs. The table below shows the 1000BASE-T MDI and MDI-X port pinouts. These ports require that all four pairs of wires be connected. Note that for 1000BASE-T operation, all four pairs of wires are used for both transmit and receive.
APPENDIX C | Cables and Pinouts Console Port Pin Assignments 2. Reduce the number of connectors used in the link. 3. Reconnect some of the connectors in the link. CONSOLE PORT PIN ASSIGNMENTS The RJ-45 console port on the front panel of the access point is used to connect to the access point for out-of-band console configuration to a DB-9 connector on a PC. The command-line configuration program can be accessed from a terminal, or a PC running a terminal emulation program.
GLOSSARY 10BASE-T IEEE 802.3-2005 specification for 10 Mbps Ethernet over two pairs of Category 3 or better UTP cable. 100BASE-TX IEEE 802.3-2005 specification for 100 Mbps Fast Ethernet over two pairs of Category 5 or better UTP cable. 1000BASE-T IEEE 802.3ab specification for 1000 Mbps Gigabit Ethernet over four pairs of Category 5 or better UTP cable. ACCESS POINT An internetworking device that seamlessly connects wired and wireless networks.
GLOSSARY DYNAMIC HOST Provides a framework for passing configuration information to hosts on a CONFIGURATION TCP/IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding PROTOCOL (DHCP) the capability of automatic allocation of reusable network addresses and additional configuration options. ENCRYPTION Data passing between the access point and clients can use encryption to protect from interception and evesdropping.
GLOSSARY MAC ADDRESS The physical layer address used to uniquely identify network nodes. NETWORK TIME NTP provides the mechanisms to synchronize time across the network. The PROTOCOL (NTP) time servers operate in a hierarchical-master-slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. OPEN SYSTEM A security option which broadcasts a beacon signal including the access point’s configured SSID.
GLOSSARY TEMPORAL KEY A data encryption method designed as a replacement for WEP. TKIP avoids INTEGRITY PROTOCOL the problems of WEP static keys by dynamically changing data encryption (TKIP) keys. TRIVIAL FILE TRANSFER A TCP/IP protocol commonly used for software downloads. PROTOCOL (TFTP) VIRTUAL ACCESS POINT Virtual AP technology multiplies the number of Access Points present within (VAP) the RF footprint of a single physical access device. With Virtual AP technology, WLAN users within the device.
INDEX NUMERICS 802.
INDEX L LED indicators 32 location selection 39 log messages 144 server 144 M MAC address, authentication 177, 178 mounting on a horizontal surface 40 mounting on a wall 41 N network configuration 35 O open system 213 P package contents 28 password configuring 131 management 131 port priority STA 199 position antennas 42 power connector 33 software displaying version 138 downloading 168 SSID 212 SSL 134 STA interface settings 198–?? path cost 198 port priority 199 startup files, setting 167 station
TECHNICAL SUPPORT From U.S.A. and Canada (24 hours a day, 7 days a week) Phn: 800-SMC-4-YOU / 949-679-8000 Fax: 949-502-3400 ENGLISH Technical Support information available at www.smc.com FRENCH Informations Support Technique sur www.smc.com DEUTSCH Technischer Support und weitere Information unter www.smc.com SPANISH En www.smc.com Ud. podrá encontrar la información relativa a servicios de soporte técnico DUTCH Technische ondersteuningsinformatie beschikbaar op www.smc.
