AP-4, AP-5, and AP-6
Copyrights • Avaya is a registered trademark of Avaya Inc. • Microsoft Windows is a registered trademark of the Microsoft Corporation. • All trademarks mentioned herein belong to their respective owners. Publication Information Copyright © 2004 Avaya, Inc. All rights reserved. Part Number: 66221/B Document Number: 555-301-708, Release 2.4.
Regulatory Information See the Regulatory Flyer that came with your AP-3 unit or go to the CDROM to view the information. Warranty Avaya Inc. provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya’s standard warranty language as well as information regarding support for this product, while under warranty, is available through the following Web site: www.avaya.
How to Get Help For additional support telephone numbers, go to the Avaya support Web site: http://www.avaya.com/support. If you are: • Within the United States, click the Escalation Management link. Then click the appropriate link for the type of support you need. • Outside the United States, click the Escalation Management link. Then click the International Services link that includes telephone numbers for the international Centers of Excellence.
AP-4/5/6 User’s Guide Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 In This Chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Introduction to Wireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Site Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Download Updates from a TFTP Server using the Web Interface 2-46 Download Updates from a TFTP Server using the CLI Interface 2-47 Additional Hardware Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-47 Mounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-48 Installing the AP in a Plenum. . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-54 Kensington Security Slot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Wireless Distribution System (WDS) . . . . . . . . . . . . . . . . . . . . . . 4-59 Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65 IP Access Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67 Services. . . . . . . . . . .
Rogue Access Point Detection (RAD) . . . . . . . . . . . . . . . . . . . . RADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MAC Access Control by Means of RADIUS Authentication . . . RADIUS Authentication with 802.1x . . . . . . . . . . . . . . . . . . . . . RADIUS Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-149 4-155 4-156 4-161 4-164 5 Monitor Information . . . . . . . . . . . . . . . . . . . . . . . . . . .
Upload File by Using TFTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Upload File by Using HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Help Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Important Terminology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-4 Navigation and Special Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-6 CLI Error Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-7 Bootloader CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-8 CLI Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-11 Command Conventions . . . . .
DHCP Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DHCP Server Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Address Pool Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syntax Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS Client for RADIUS Name Resolution . . . . . . . . . . . . . . . . .
IP Access Table Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syntax Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Configuration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syntax Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Link Integrity Commands . . . . . . . . . . . . . . . . . . . . . . . .
SNMP Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-84 SNMP Trap Host Table Parameters . . . . . . . . . . . . . . . . . . . . . . A-86 Syntax Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-87 Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-88 Spanning Tree Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-88 Spanning Tree Priority and Path Cost Table . . . . . . . . . . .
Syntax Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802.11b Wireless Interface Commands . . . . . . . . . . . . . . . . . . . . . . 802.11b Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Syntax Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802.11b/g Wireless Interface Commands . . . . . . . . . . . . . . . . . . . . 802.11b/g Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Environmental Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . Radio Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802.11a Channel Frequencies . . . . . . . . . . . . . . . . . . . . . . . . . . 802.11b Channel Frequencies . . . . . . . . . . . . . . . . . . . . . . . . . . 802.11g Channel Frequencies . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Communication Range . . . . . . . . . . . . . . . . . . . . . . . . .
12 Avaya Wireless AP-4/5/6 User’s Guide
Introduction 1 In This Chapter The following topics are covered in this section: • Document Conventions • Introduction to Wireless Networking • IEEE 802.11 Specifications • Management and Monitoring Capabilities Document Conventions • The term, AP, refers to an Access Point. • The term, 802.11, is used to describe features that apply to the 802.11a, 802.11b, and 802.11g wireless standards. • A Single-radio AP is an Access Point that supports one IEEE radio standard.
Introduction to Wireless Networking • An 802.11b/g AP is an Access Point that supports the IEEE 802.11g standard. • An 802.11a/g AP is an Access Point that supports the IEEE 802.11a/g standards. • Blue text indicates a link to a topic or Web address. If you are viewing this documentation on your computer, click the blue text to jump to the linked item. NOTE: A Note indicates important information that helps you make better use of your computer.
Introduction to Wireless Networking Site Survey To determine the best location for an Access Point, Avaya recommends conducting a Site Survey before placing the device in its final location. For information about how to conduct a Site Survey, contact your local reseller. Before an Access Point can be configured for your specific networking requirements, it must first be initialized. See Getting Started for details. Figure 1-1.
Introduction to Wireless Networking Once initialized, the network administrator can configure each unit according to the network’s requirements. The AP functions as a wireless network access point to data networks. An AP network provides: • Seamless client roaming • Easy installation and operation • Over-the-air encryption of data • High speed network links To be fully operational, the AP-3 needs at least one wireless card installed.
Introduction to Wireless Networking Network Names • All Access Points must have the same Network Name to support client roaming. • All workstations with an 802.11 client adapter installed must use either a Network Name of “any” or the same Network Name as the Access Points that they will roam between. If an AP has Closed System enabled, a client must have the same Network Name as the Access Point to communicate (see Interfaces).
IEEE 802.11 Specifications Data Rates An 802.11a or 802.11b/g AP operates at faster data rates than the 802.11b AP. 802.11a and 802.11g products operate at speeds of up to 54 Mbits/sec; 802.11b products operate at speeds of up to 11 Mbits/sec. Channels • All Access Points in the same vicinity should use a unique, independent Channel. By default, the AP automatically scans for available Channels during boot-up but you can also set the Channel manually (see Interfaces for details).
IEEE 802.11 Specifications 802.11b In 1999, the IEEE modified the 802.11 standard to support direct sequence devices that can operate at speeds of up to 11 Mbits/sec. The IEEE ratified this standard as 802.11b. 802.11b devices are backwards compatible with 2.4 GHz 802.11 direct sequence devices (that operate at 1 or 2 Mbits/sec). Available Frequency Channels vary by regulatory domain and/or country. See 802.11b Channel Frequencies for details. 802.11a Also in 1999, the IEEE modified the 802.
Management and Monitoring Capabilities Management and Monitoring Capabilities There are three management and monitoring interfaces available to the network administrator to configure and manage an AP on the network: • HTTP/HTTPS Interface • Command Line Interface • SNMP Management HTTP/HTTPS Interface The HTTP Interface (also known as the Web browser Interface) provides easy access to configuration settings and network statistics from any computer on the network.
Management and Monitoring Capabilities The AP comes pre-installed with all required SSL files: default certificate, private key and SSL Certificate Passphrase installed. Command Line Interface The Command Line Interface (CLI) is a text-based configuration utility that supports a set of keyboard commands and parameters to configure and manage an AP. Users enter Command Statements, composed of CLI Commands and their associated parameters.
Management and Monitoring Capabilities See The Command Line Interface for more information on the CLI and for a list of CLI commands and parameters. SNMP Management You can also manage and configure an AP using the Simple Network Management Protocol (SNMP). NOTE: This requires an SNMP manager program, like HP Openview or Castlerock’s SNMPc.
Management and Monitoring Capabilities The Enterprise MIB defines the read and read-write objects that can be viewed or configured using SNMP. These objects correspond to most of the settings and statistics that are available with the other management interfaces. Refer to the Enterprise MIB for more information; the MIB can be opened with any text editor, such as Microsoft Word, Notepad, or WordPad.
Management and Monitoring Capabilities • Message stream modification: SNMP is designed to operate over a connectionless transport protocol. There is a threat that SNMP messages could be reordered, delayed, or replayed (duplicated) to effect unauthorized management operations. For example, a message to reboot a device could be copied and replayed later.
Getting Started 2 In This Chapter • Prerequisites • Product Package • System Requirements • Hardware Installation • Initialization • Download the Latest Software • Additional Hardware Features Prerequisites Before installing an AP, you need to gather certain network information. The following section identifies the information you need. NOTE: Passwords must be configured with at least 6 characters in length.
Prerequisites Information Description Network Name (SSID of the wireless cards) Assign the Access Point a Primary Network Name before wireless users can communicate with it. The clients also need the same Network Name. This is not the same as the System Name, which applies only to the Access Point. The network administrator typically provides the Network Name.
Prerequisites Information Description SNMPv3 Authentication Password If Secure Management is enabled, each Access Point requires a password for sending authenticated SNMPv3 messages. The default password is “public”. SNMPv3 Privacy Password If Secure Management is enabled, each Access Point requires a password when sending encrypted SNMPv3 data. The default password is “public”. SNMP Read-Write Password Each Access Point requires a password to allow get and set requests from an SNMP manager.
Prerequisites Information Description Authentication Server Shared Secret This is a password shared between the Access Point and the RADIUS authentication server (so both passwords must be the same), and is typically provided by the network administrator. Authentication Server Authentication Port This is a port number (default is 1812) and is typically provided by the network administrator.
Product Package Product Package Each Single-radio AP comes with the following: • One metal base for ceiling or desktop mounting (includes two screws) • Mounting hardware — Four 3.
System Requirements MiniPCI Upgrade Kits Single-radio APs can be fitted with different radio types. MiniPCI upgrade kits are available for 802.11a /b/g and 802.11b/g wireless cards. Each kit is composed of a single miniPCI board with an integral antenna attached. The type of radio is indicated on the label on the antenna and instructions on how to open your AP to replace the radio are provided with the kit.
Hardware Installation • A computer that is connected to the same IP network as the AP and has one of the following Web browsers installed: — Microsoft Internet Explorer 6 with Service Pack 1 or later and patch Q323308 — Netscape 6.1 or later (The computer is required to configure the AP using the Web or HTTP interface.) Hardware Installation Follow these steps to install a Single-radio AP: 1. Unpack the Access Point and accessories from the shipping box. 2.
Hardware Installation Figure 2-1.
Hardware Installation 3. Press down on the cable-cover lock located in the front-center of the unit to release the cable cover. Figure 2-2.
Hardware Installation 4. Remove the cable cover from the unit. Figure 2-3.
Hardware Installation 5. Remove the front cover (the side with the LED indicators) from the unit. Figure 2-4.
Hardware Installation 6. Remove the back cover from the unit. Figure 2-5.
Hardware Installation 7. Connect one end of an Ethernet cable to the Access Point’s Ethernet port. The other end of the cable should not be connected to another device until after the installation is complete. — Use a straight-through Ethernet cable if you intend to connect the Access Point to a hub, switch, patch panel, or Power over Ethernet power injector. — Use a cross-over Ethernet cable if you intend to connect the Access Point to a single computer. 8.
Hardware Installation Figure 2-6. Attach Ethernet Cable and Power Cable Power Cable Ethernet Cable NOTE: Once attached, the power cable locks into place. To disconnect the power cable, slide back the black plastic fitting and gently pull the cable from the connector.
Hardware Installation 9. Connect the free end of the Ethernet cable to a hub, switch, patch panel, Power over Ethernet power injector, or an Ethernet port on a computer. 10. If using AC power, connect the power cord to a power source (such as a wall outlet) to turn on the unit. 11. Configure and test the unit. See Initialization for details. 12. Download the latest software to the unit, if necessary. See Download the Latest Software for details. 13. Place the unit in the final installation location.
Hardware Installation Figure 2-7. Assembled Unit 15. If desired, you can attach a Kensington lock to secure the cable cover into place. This will protect the unit from unauthorized tampering. See Kensington Security Slot for details.
Initialization Initialization Avaya provides two tools to simplify the initialization and configuration of an AP: • ScanTool • Setup Wizard ScanTool is included on the Installation CD; the Setup Wizard launches automatically the first time you access the HTTP interface. NOTE: These initialization instructions describe how to configure an AP over an Ethernet connection using ScanTool and the HTTP interface.
Initialization ScanTool ScanTool is a software utility that is included on the installation CD-ROM. ScanTool allows you to find the IP address of an Access Point by referencing the MAC address in a Scan List, or to assign an IP address if one has not been assigned.
Initialization ScanTool Instructions Follow these steps to install ScanTool, initialize the Access Point, and perform initial configuration: 1. Locate the unit’s Ethernet MAC address and write it down for future reference. The MAC address is printed on the product label. Each unit has a unique MAC address, which is assigned at the factory. 2. Confirm that the AP is connected to the same LAN subnet as the computer that you will use to configure the AP. 3. Power up, reboot, or reset the AP.
Initialization NOTE: The Avaya Wireless Installation program supports the following operating systems: — Windows 98SE — Windows 2000 — Windows NT — Windows ME — Windows XP 6. After the software has been installed, double-click the ScanTool icon on the Windows desktop to launch the program (if the program is not already running). — Result: ScanTool scans the subnet and displays all detected Access Points. The ScanTool’s Scan List screen appears, as shown in the following example.
Initialization Figure 2-8. Scan List 7. Locate the MAC address of the AP you want to initialize within the Scan List. NOTE: If your Access Point does not show up in the Scan List, click the Rescan button to update the display. If the unit still does not appear in the list, see Troubleshooting for suggestions. Note that after rebooting an Access Point, it may take up to five minutes for the unit to appear in the Scan List.
Initialization 8. Do one of the following: — If the AP has been assigned an IP address by a DHCP server on the network, write down the IP address and click Cancel to close ScanTool. Go to Setup Wizard for information on how to access the HTTP interface using this IP address. — If the AP has not been assigned an IP address (in other words, the unit is using its default IP address, 169.254.128.
Initialization Step Action 1. Highlight the entry for the AP you want to configure. 2. Click the Change button. Result: The Change screen appears.
Initialization Step Action 3. Set IP Address Type to Static. 4. Enter a static IP Address for the AP in the field provided. You must assign the unit a unique address that is valid on your IP subnet. Contact your network administrator if you need assistance selecting an IP address for the unit. 5. Enter your network’s Subnet Mask in the field provided. 6. Enter your network’s Gateway IP Address in the field provided. 7.
Initialization Step 8. Action Click OK to save your changes. Result: The Access Point will reboot automatically and any changes you made will take effect. 9. When prompted, click OK a second time to return to the Scan List screen. 10. Click Cancel to close the ScanTool. 11. Proceed to Setup Wizard for information on how to access the HTTP interface.
Initialization Setup Wizard The first time you connect to an AP’s HTTP interface, the Setup Wizard launches automatically. The Setup Wizard provides step-by-step instructions for how to configure the Access Point’s basic operating parameter, such as Network Name, IP parameters, system parameters, and management passwords. Setup Wizard Instructions Follow these steps to access the Access Point’s HTTP interface and launch the Setup Wizard: 1. Open a Web browser on a network computer.
Initialization e. Click OK twice to save your changes and return to Internet Explorer. 3. Enter the Access Point’s IP address in the browser’s Address field and press Enter. This is either the — dynamic IP address assigned by a network DHCP server or — the static IP address you manually configured. See ScanTool for information on how to determine the unit’s IP address and manually configure a new IP address, if necessary. — Result: The Enter Network Password screen appears. 4.
Initialization Figure 2-9.
Initialization Figure 2-10. Setup Wizard 5. Click Setup Wizard to begin. If you want to configure the AP without using the Setup Wizard, click Exit and see Advanced Configuration. The Setup Wizard supports the following navigation options: — Save & Next Button: Each Setup Wizard screen has a Save & Next button. Click this button to submit any changes you made to the unit’s parameters and continue to the next page.
Initialization — Navigation Panel: The Setup Wizard provides a navigation panel on the left-hand side of the screen. Click the link that corresponds to the parameters you want to configure to be taken to that particular configuration screen. Note that clicking a link in the navigation panel will not submit any changes you made to the unit’s configuration on the current page. — Exit: The navigation panel also includes an Exit option. Click this link to close the Setup Wizard at any time.
Initialization 8. Assign the AP new passwords to prevent unauthorized access and click Save & Next. Each management interface has its own password: — SNMP Read Password — SNMP Read-Write Password — SNMPv3 Authentication Password — SNMPv3 Privacy Password — CLI Password — HTTP (Web) Password By default, each of these passwords is set to “public”. See Passwords for more information.
Initialization 9. Configure the basic wireless interface settings and click Save & Next. — The following options are available for an 802.11a AP: Option Description Primary Network Name (SSID) Enter a Network Name (between 2 and 31 characters long) for the wireless network. You must configure each wireless client to use this name as well. Additional Network Names (SSIDs) The AP supports up to 16 SSIDs and VLANs per wireless interface (radio).
Initialization Option Auto Channel Select Description By default, the AP scans the area for other Access Points and selects the best available communication channel, either a free channel (if available) or the channel with the least amount of interference. Remove the check mark to disable this option. Note that you cannot disable Auto Channel Select for 802.11a products in Europe (see Dynamic Frequency Selection (DFS) for details).
Initialization Option Description Frequency Channel When Auto Channel Select is enabled, this field is read-only and displays the Access Point’s current operating channel. When Auto Channel Select is disabled, you can specify the Access Point’s channel. If you decide to manually set the unit’s channel, ensure that nearby devices do not use the same frequency. Available Channels vary based on regulatory domain. See 802.11a Channel Frequencies. Note that you cannot manually set the channel for 802.
Initialization Option Description WEP Encryption Place a check mark in the box provided to enable WEP encryption. See WEP Encryption for more information. Set Encryption Key 1 If you enabled Encryption, configure an Encryption Key. This key is used to encrypt and decrypt data between the AP and its wireless clients.
Initialization — The following options are available for an 802.11b AP: Option Description Primary Network Name (SSID) Enter a Network Name (between 2 and 31 characters long) for the wireless network. You must configure each wireless client to use this name as well. Additional Network Names (SSIDs) The AP supports up to 16 SSIDs and VLANs per wireless interface (radio).
Initialization Option Description Frequency Channel When Auto Channel Select is enabled, this field is read-only and displays the Access Point’s current operating channel. When Auto Channel Select is disabled, you can specify the Access Point’s operating channel. If you decide to manually set the unit’s channel, ensure that nearby devices do not use the same frequency (unless you are setting up a WDS). Available Channels vary based on regulatory domain. See 802.11b Channel Frequencies.
Initialization Option Multicast Rate Description Sets the rate at which Multicast messages are sent. This value is related to the Distance Between APs parameter (described previously). The table below displays the possible Multicast Rates based on the Distance between APs. See Multicast Rate for more information. Distance between APs Multicast Rate Large 1 and 2 Mbits/sec Medium 1, 2, and 5.5 Mbits/sec Small 1, 2, 5.5 and 11 Mbits/sec Minicell 1, 2, 5.5 and 11 Mbits/sec Microcell 1, 2, 5.
Initialization Option Description WEP Encryption Place a check mark in the box provided to enable WEP encryption. See WEP Encryption for more information. Set Encryption Key 1 If you enabled Encryption, configure an Encryption Key. This key is used to encrypt and decrypt data between the AP and its wireless clients.
Initialization — The following options are available for an 802.11b/g AP: Option Operational Mode Description An 802.11b/g wireless interface can be configured to operate in the following modes: • 802.11b mode only • 802.11g mode only • 802.11g-wifi mode • 802.11b/g mode (default) Primary Network Name (SSID) Enter a Network Name (between 2 and 31 characters long) for the wireless network. You must configure each wireless client to use this name as well.
Initialization Option Description Auto Channel Select By default, the AP scans the area for other Access Points and selects the best available communication channel, either a free channel (if available) or the channel with the least amount of interference. Remove the check mark to disable this option. Frequency Channel When Auto Channel Select is enabled, this field is read-only and displays the Access Point’s current operating channel.
Initialization Option Transmit Rate Description Select a specific transmit rate for the AP. The values available depend on the Operational Mode. Auto Fallback is the default setting; it allows the AP to select the best transmit rate based on the cell size. • For 802.11b only -- Auto Fallback, 1, 2, 5.5, 11 Mbits/sec • For 802.11g only -- Auto Fallback, 6, 9, 12, 18, 24, 36, 48, 54 Mbits/sec • For 802.11b/g and 802.11g-wifi-- Auto Fallback, 1, 2, 5.
Initialization Option Set Encryption Key 1 Description If you enabled Encryption, configure an Encryption Key. This key is used to encrypt and decrypt data between the AP and its wireless clients. Enter the number of characters that correspond to the desired key size, as described below: • Enter 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters (see ASCII Character Chart) to use 64-bit encryption. • Enter 26 hexadecimal characters or 13 ASCII characters to use 128-bit encryption.
Initialization Option Set Encryption Key 1 (continued) Description NOTE: Additional advanced settings are available in the Wireless Interface Configuration screen. See Wireless (802.11a), Wireless (802.11b), or Wireless (802.11b/g) for details. See Security for more information on security features. 5 of 5 10. Review the configuration summary. If you want to make any additional changes, use the navigation panel on the left-hand side of the screen to return to an earlier screen.
Download the Latest Software Download the Latest Software Avaya periodically releases updated software for the AP on its Web site at http://www.avaya.com/support. Avaya recommends that you check the Web site for the latest updates after you have installed and initialized the unit.
Download the Latest Software After the TFTP server is installed: • Check to see that TFTP is configured to point to the directory containing the AP Image. • Make sure you have the proper TFTP server IP address, the proper AP Image file name, and that the TFTP server is operational. • Make sure the TFTP server is configured to both Transmit and Receive files, with no automatic shutdown or time-out. Download Updates from a TFTP Server using the Web Interface 1. Download the latest software from http://www.
Additional Hardware Features Download Updates from a TFTP Server using the CLI Interface 1. Download the latest software from http://www.avaya.com/support. 2. Copy the latest software updates to your TFTP server. 3. Open the CLI interface via Telnet or a serial connection. 4. Enter the CLI password when prompted. 5. Enter the command: download img — Result: The download will begin. Be patient while the image is downloaded to the Access Point. 6.
Additional Hardware Features Mounting Options There are three mounting options for the AP, described below. Desktop Mount This is the standard installation for the AP. See Hardware Installation for instructions. Wall Mount Follow these steps to mount the AP on a wall: 1. Identify the location where you intend to mount the unit. NOTE: For best results, mount the unit vertically. In other words, the antenna should be pointing up or down but not sideways. 2.
Additional Hardware Features 6. Remove the front cover from the unit. See Remove the Front Cover for an illustration. 7. Remove the back cover from the unit. See Remove the Back Cover for an illustration. 8. Place the back cover on the mounting location and mark the center of the three mounting holes. 9. Remove the cover from the wall and drill a hole at each of the locations you marked above. Each hole should be wide enough to hold a mounting plug (which is 6 mm x 35 mm). 10. Insert a plug into each hole.
Additional Hardware Features Figure 2-11. Attach the Back Cover to the Wall 13. Attach Ethernet and power cables to the AP unit, if necessary.
Additional Hardware Features 14. Snap the unit into the back cover. In the following example, the unit is mounted upside down and its antenna is facing down. Figure 2-12.
Additional Hardware Features 15. Replace the front cover. 16. Replace the cable cover. 17. Turn on the AP. Ceiling Mount Follow these steps to mount the AP to a ceiling: 1. Unplug the Access Point’s power supply, if necessary. 2. Use a Phillips screwdriver to attach the metal base to the underside of the AP, if necessary. SeeAttach the Metal Base for an illustration. 3. Feed a mounting screw through each of the four rubber feet. The AP comes with four 3.5 mm x 40 mm pan-head screws. 4.
Additional Hardware Features 10. Insert the screws into the wall plugs. Use a screwdriver to tighten the screws and attach the Access Point’s metal base to the ceiling. Figure 2-13.
Additional Hardware Features Installing the AP in a Plenum In an office building, plenum is the space between the structural ceiling and the tile ceiling that is provided to help air circulate. Many companies also use the plenum to house communication equipment and cables.
Additional Hardware Features The Kensington Security Slot is shown in the illustrations below (the figure on the left shows the slot with the cable cover attached; the figure on the right shows the slot with the cable cover removed). See http://www.kensington.com for information on Kensington security solutions. Figure 2-14.
Additional Hardware Features Power over Ethernet An Power over Ethernet-enabled AP is equipped with an 802.3af-compliant Power over Ethernet module. Power over Ethernet (PoE) delivers both data and power to the access point over a single Ethernet cable. If you choose to use Power over Ethernet, there is no difference in operation; the only difference is in the power source. • The Power over Ethernet (PoE) integrated module receives ~48 VDC over a standard Category 5 Ethernet cable.
Additional Hardware Features LED Indicators The AP has four LED indicators.
Additional Hardware Features Power Ethernet Link Ethernet Activity Wireless Activity Indication Solid Red Green Off Off If the AP is configured to get an IP address from a DHCP server, it may take up to two minutes to obtain the address. The Power LED will be red and if there is an Ethernet link the Ethernet Link LED will be green during the time the AP is trying to obtain an address. Once an address is obtained, the Power LED will turn green.
Additional Hardware Features Power Ethernet Link Ethernet Activity Wireless Activity Indication n/a n/a n/a Red Wireless radio is not working properly n/a n/a Amber Amber Indicated interface in administrative down state 3 of 3 Avaya Wireless AP-4/5/6 User’s Guide 2-59
Additional Hardware Features Figure 2-15.
Related Topics Related Topics The Setup Wizard helps you configure the basic AP settings required to get the unit up and running. The AP supports many other configuration and management options. The remainder of this user guide describes these options in detail. • See Advanced Configuration for information on configuration options that are available within the Access Point’s HTTP interface. • See Monitor Information for information on the statistics displayed within the Access Point’s HTTP interface.
Related Topics 2-62 Avaya Wireless AP-4/5/6 User’s Guide
Status Information 3 In This Chapter • Logging into the HTTP Interface • System Status Logging into the HTTP Interface Once the AP has a valid IP Address and an Ethernet connection, you may use your web browser to monitor the system status. Follow these steps to monitor an AP’s operating statistics using the HTTP interface: 1. Open a Web browser on a network computer. NOTE: The HTTP interface supports the following Web browser: — Microsoft Internet Explorer 6 with Service Pack 1 or later — Netscape 6.
Logging into the HTTP Interface — Select Tools > Internet Options.... — Click the Connections tab. — Click LAN Settings.... — If necessary, remove the check mark from the Use a proxy server box. — Click OK twice to save your changes and return to Internet Explorer. 3. Enter the Access Point’s IP address in the browser’s Address field and press Enter. — Result: The Enter Network Password screen appears. 4. Enter the HTTP password in the Password field and click OK. Leave the User Name field blank.
System Status Figure 3-1. Enter Network Password Screen System Status System Status is the first screen to appear each time you connect to the HTTP interface. You can also return to this screen by clicking the Status button.
System Status Figure 3-2.
System Status Each section of the System Status screen provides the following information: — System Status: This area provides system level information, including the unit’s IP address and contact information. See System for information on these settings. — System Alarms: System traps (if any) appear in this area. Each trap identifies a specific severity level: Critical, Major, Minor, and Informational. See Alarms for a list of possible alarms.
System Status 3-6 Avaya Wireless AP-4/5/6 User’s Guide
Advanced Configuration 4 In This Chapter • Configuring the AP Using the HTTP/HTTPS Interface • System: Configure specific system information such as system name and contact information. • Network: Configure IP settings, DNS client, DHCP server, and Link Integrity. • Interfaces: Configure the Access Point’s interfaces: Wireless and Ethernet. Also describes configuring a Wireless Distribution System (WDS).
Configuring the AP Using the HTTP/HTTPS Interface Detection (RAD) and define the Scan Interval. Configure up to 16 VLAN and SSID pairs per wireless interface, and define the security mode for each pair. • RADIUS: Configure RADIUS features such as RADIUS Access Control and Accounting. Configuring the AP Using the HTTP/HTTPS Interface Follow these steps to configure an Access Point’s operating settings using the HTTP/HTTPS interface: 1. Open a Web browser on a network computer.
Configuring the AP Using the HTTP/HTTPS Interface — If necessary, remove the check mark from the Use a proxy server box. — Click OK twice to save your changes and return to Internet Explorer. 3. Enter the Access Point’s IP address in the browser’s Address field and press Enter. — Result: The Enter Network Password screen appears. 4. Enter the HTTP password in the Password field and click OK. Leave the User Name field blank. (By default, the HTTP password is “public”).
Configuring the AP Using the HTTP/HTTPS Interface 5. Click the Configure button located on the left-hand side of the screen. Figure 4-2. Configure Main Screen 6. Click the tab that corresponds to the parameter you want to configure. For example, click Network to configure the Access Point’s TCP/IP settings. The parameters contained in each of the configuration categories are described later in this chapter. 7. Configure the Access Point’s parameters as necessary.
System 8. Reboot the Access Point for all of the changes to take effect. System You can configure and view the following parameters within the System Configuration screen: Parameters Description Name The name assigned to the AP. Refer to Dynamic DNS Support and Access Point System Naming Convention for rules on naming the AP. Location The location where the AP is installed. Contact Name The name of the person responsible for the AP.
System Parameters Description Ethernet MAC Address This is a read-only field that displays the unique MAC (Media Access Control) address for the Access Point’s Ethernet interface. The MAC address is assigned at the factory. Descriptor This is a read-only field that reports the Access Point’s name, serial number, current image software version, and current bootloader software version. Up Time This is a read-only field that displays how long the Access Point has been running since its last reboot.
System Access Points provide DDNS support by adding the host name (option 12) in DHCP Client messages, which is used by the DHCP server to dynamically update the DNS server. Access Point System Naming Convention The Access Point's system name is used as its host name. In order to prevent Access Points with default configurations from registering similar host names in DNS, the default system name of the Access Point is uniquely generated.
System The system name must be compliant with the encoding rules for host name as per DNS RFC 1123. The DNS host name encoding rules are: • Characters have to alphanumeric or hyphen. • The name cannot start or end with a hyphen. • The name cannot start with a digit. • The number of characters has to be 63 or less. (Currently the system name length is limited to 32 bytes). Image upgrades could cause the system to boot with an older system name format that is not DNS compliant.
Network Network The Network category contains three sub-categories. • IP Configuration • DHCP Server • Link Integrity IP Configuration You can configure and view the following parameters within the IP Configuration screen: NOTE: You must reboot the Access Point in order for any changes to the Basic IP or DNS Client parameters take effect.
Network Basic IP Parameters Parameter Description IP Address Assignment Type Set this parameter to Dynamic to configure the Access Point as a Dynamic Host Configuration Protocol (DHCP) client; the Access Point will obtain IP settings from a network DHCP server automatically during boot-up. If you do not have a DHCP server or if you want to manually configure the Access Point’s IP settings, set this parameter to Static. IP Address The Access Point’s IP address.
Network Parameter Description Subnet Mask The Access Point’s subnet mask. When IP Address Assignment Type is set to Dynamic, this field is read-only and reports the unit’s current subnet mask. The subnet mask will default to 255.255.0.0 if the unit cannot obtain one from a DHCP server. Gateway IP Address The IP address of the Access Point’s gateway. When IP Address Assignment Type is set to Dynamic, this field is read-only and reports the IP address of the unit’s gateway.
Network Parameter Description Enable DNS Client Place a check mark in the box provided to enable DNS client functionality. Note that this option must be enabled before you can configure the other DNS Client parameters. DNS Primary Server IP Address The IP address of the network’s primary DNS server. DNS Secondary Server IP Address The IP address of a second DNS server on the network. The Access Point will attempt to contact the secondary server if the primary server is unavailable.
Network DHCP Server If your network does not have a DHCP Server, you can configure the AP as a DHCP server to assign dynamic IP addresses to Ethernet nodes and wireless clients. ! CAUTION: Make sure there are no other DHCP servers on the network and do not enable the DHCP server without checking with your network administrator first, as it could bring down the whole network. Also, the AP must be configured with a static IP address before enabling this feature.
Network Figure 4-3.
Network You can configure and view the following parameters within the DHCP Server Configuration screen: Parameter Enable DHCP Server Description Place a check mark in the box provided to enable DHCP Server functionality. NOTE: You cannot enable the DHCP Server functionality unless there is at least one IP Pool Table Entry configured. Subnet Mask This field is read-only and reports the Access Point’s current subnet mask.
Network Parameter Number of IP Pool Table Entries Description This is a read-only field that reports the number of IP address pools currently configured.
Network Parameter IP Pool Table Entry Description This entry specifies a range of IP addresses that the AP can assign to its wireless clients. Click Add to create a new entry. Click Edit to change an existing entry. Each entry contains the following field: • Start IP Address • End IP Address • Default Lease Time (optional): The default time value for clients to retain the assigned IP address. DHCP automatically renews IP Addresses without client notification.
Network Parameter IP Pool Table Entry (continued) Description Status: IP Pools are enabled upon entry in the table. You can also disable or delete entries by changing this field’s value. NOTE: You must reboot the Access Point before changes to any of these DHCP server parameters take effect 4 of 4 Link Integrity The Link Integrity feature checks the link between the AP and the nodes on the Ethernet backbone. These nodes are listed by IP address in the Link Integrity IP Address Table.
Network You can configure and view the following parameters within the Link Integrity Configuration screen: Parameter Description Enable Link Integrity Place a check mark in the box provided to enable Link Integrity. Poll Interval (milliseconds) The interval between link integrity checks. Range is 500 - 15000 ms in increments of 500 ms; default is 500 ms. Poll Retransmissions The number of times a poll should be retransmitted before the link is considered down. Range is 0 to 255; default is 5.
Network Figure 4-4.
Interfaces Interfaces From the Interfaces tab, you configure the Access Point’s operational mode, power control settings, wireless interface settings and Ethernet settings. You may also configure a Wireless Distribution System for AP-to-AP communications. For the wireless interface configuration, refer to the wireless parameters below that correspond to your radio type. • Operational Mode • Wireless (802.11a) • Wireless (802.11b) • Wireless (802.11b/g) • Wireless (802.
Interfaces Operational Mode You can configure and view the following parameters within the Operational Mode screen. • Operational Mode: the mode of communication between the wireless clients and the Access Point: — 802.11b only — 802.11g only — 802.11bg — 802.11a (default) — 802.11g-wifi TX Power Control The TX Power Control feature lets you configure the transmit power level of the card in the AP at one of four levels: • 100% of the maximum transmit power level of the card • 50% • 25% • 12.
Interfaces Configuring TX Power Control 1. Click Configure > Interfaces > Operational Mode. 2. Select Enable Transmit Power Control. 3. Select the transmit power level for interface A from the Wireless-A: Transmit Power Level drop-down menu. 4. Click OK. Figure 4-5.
Interfaces Wireless (802.11a) You can configure and view the following parameters within the Wireless Interface Configuration screen for an 802.11a AP: NOTE: You must reboot the Access Point before any changes to these parameters take effect. Parameter Description Physical Interface Type For an 802.11a AP, this field reports: “802.11a (OFDM 5 GHz).” OFDM stands for Orthogonal Frequency Division Multiplexing; this is the name for the radio technology used by 802.11a devices.
Interfaces Parameter Regulatory Domain Description Reports the regulatory domain for which the AP is certified. Not all features or channels are available in all countries. The available regulatory domains include: • FCC - U.S./Canada, Mexico, and Australia • ETSI - Europe and the United Kingdom • MKK: Japan • SG: Singapore • ASIA: China and South Korea • TW: Taiwan and Hong Kong Network Name (SSID) Enter a Network Name (between 2 and 31 characters long) for the wireless network.
Interfaces Parameter Auto Channel Select Description The AP scans the area for other Access Points and selects a free or relatively unused communication channel. This helps prevent interference problems and increases network performance. By default this feature is enabled. See 802.11a Channel Frequencies for a list of Channels. NOTE: You cannot disable Auto Channel Select for 802.11a products in Europe (see Dynamic Frequency Selection (DFS) for details).
Interfaces Parameter Description Transmit Rate Use the drop-down menu to select a specific transmit rate for the AP. Choose between 6, 9, 12, 18, 24, 36, 48, 54 Mbits/s, and Auto Fallback. Auto Fallback is the default setting; it allows the AP unit to select the best transmit rate based on the cell size. DTIM Period The Deferred Traffic Indicator Map (DTIM) is used with clients that have power management enabled.
Interfaces Parameter Description RTS/CTS Medium Reservation This parameter affects message flow control and should not be changed under normal circumstances. Range is 0 to 2347. When set to a value between 0 and 2347, the Access Point uses the RTS/CTS mechanism for packets that are the specified size or greater. When set to 2347 (the default setting), RTS/CTS is disabled. See RTS/CTS Medium Reservation for more information.
Interfaces DFS only applies to 802.11a APs used in Europe (i.e., units whose regulatory domain is set to ETSI). The European Telecommunications Standard Institute (ETSI) requires that 802.11a devices use DFS to prevent interference with radar systems and other devices that already occupy the 5 GHz band. If you are using an 802.11a AP in Europe, keep in mind the following: • DFS is not a configurable parameter. It is always enabled and cannot be disabled.
Interfaces When RTS/CTS occurs, the following occurs. 1. The sending radio first transmits a Request to Send (RTS) packet to confirm that the medium is clear. 2. When the receiving radio successfully receives the RTS packet, it transmits back a Clear to Send (CTS) packet to the sending radio. 3. When the sending radio receives the CTS packet, it sends the data packet to the receiving radio.
Interfaces Wireless (802.11b) You can configure and view the following parameters within the Wireless Interface Configuration screen for an 802.11b AP: NOTE: You must reboot the Access Point before any changes to these parameters take effect. Parameter Description Physical Interface Type For 802.11b AP, this field reports: “802.11b (DSSS 2.4 GHz).” DSSS stands for Direct Sequence Spread Spectrum; this is the name for the radio technology used by 802.11b devices.
Interfaces Parameter Regulatory Domain Description Reports the regulatory domain for which the AP is certified. Not all features or channels are available in all countries. The available regulatory domains include: • FCC - U.S./Canada, Mexico, and Australia • ETSI - Most of Europe, including the United Kingdom, Ireland, Singapore, and Hong Kong • MKK: Japan • IL - Israel Network Name (SSID) Enter a Network Name (between 2 and 31 characters long) for the wireless network.
Interfaces Parameter Description Auto Channel Select The AP scans the area for other Access Points and selects a free or relatively unused communication channel. This helps prevent interference problems and increases network performance. By default this feature is enabled; see 802.11b Channel Frequencies for a list of Channels. However, if you are setting up a Wireless Distribution System (WDS), it must be disabled. See Wireless Distribution System (WDS) for more information.
Interfaces Parameter Distance Between APs Description Set to Large, Medium, Small, Microcell, or Minicell depending on the site survey for your system. By default, this parameter is set to Large. The distance value is related to the Multicast Rate (described next). In general, a larger distance between APs means that your clients operate a slower data rates (on average). See Distance Between APs for more information.
Interfaces Parameter Multicast Rate Description Sets the rate at which Multicast messages are sent. This value is related to the Distance Between APs parameter (described previously). The table below displays the possible Multicast Rates based on the Distance between APs setting. By default, this parameter is set to 2 Mbits/sec. See Multicast Rate for more information. Distance between APs Multicast Rate Large 1 and 2 Mbits/sec Medium 1, 2, and 5.5 Mbits/sec Small 1, 2, 5.
Interfaces Parameter Description DTIM Period The Deferred Traffic Indicator Map (DTIM) is used with clients that have power management enabled. DTIM should be left at 1, the default value, if any clients have power management enabled. This parameter supports a range between 1 and 255. RTS/CTS Medium Reservation This parameter affects message flow control and should not be changed under normal circumstances. Range is 0 to 2347.
Interfaces Parameter Description Interference Robustness Enable this option if other electrical devices in the 2.4 GHz frequency band (such as a microwave oven or a cordless phone) may be interfering with the wireless signal. The AP will automatically fragment large packets into multiple smaller packets when interference is detected to increase the likelihood that the messages will be received in the presence of interference.
Interfaces Parameter Load Balancing Description Enable this option so clients can evaluate which Access Point to associate with, based on current AP loads. This feature is enabled by default; it helps distribute the wireless load between APs. This feature is not available if you are using an Avaya 802.11a/b Card or a non-Avaya Wireless client with the AP.
Interfaces Parameter Medium Density Distribution Description When enabled, the Access Point automatically notifies wireless clients of its Distance Between APs, Interference Robustness, and RTS/CTS Medium Reservation settings. This feature is enabled by default and allows clients to automatically adopt the values used by its current Access Point (even if these values differ from the client’s default values or from the values supported by other Access Points).
Interfaces Distance Between APs Distance Between APs defines how far apart (physically) your AP devices are located, which in turn determines the size of your cell. Cells of different sizes have different capacities and, therefore, suit different applications. For instance, a typical office has many stations that require high bandwidth for complex, high-speed data processing. In contrast, a typical warehouse has a few forklifts requiring low bandwidth for simple transactions.
Interfaces Coverage The number of Access Points in a set area determines the network coverage for that area. A large number of Access Points covering a small area is a high-density cell. A few Access Points, or even a single unit, covering the same small area would result in a low-density cell, even though in both cases the actual area did not change — only the number of Access Points covering the area changed.
Interfaces Figure 4-6. Low Density vs. Ultra High Density Network The Distance Between Cells parameter supports five values: Large, Medium, Small, Minicell, and Microcell. ! CAUTION: The distance between APs should not be approximated. It is calculated by means of a manual Site Survey, in which an AP is set up and clients are tested throughout the area to determine signal strength and coverage, and local limits such as physical interference are investigated.
Interfaces Multicast Rate The multicast rate determines the rate at which broadcast and multicast packets are transmitted by the Access Point to the wireless network. Stations that are closer to the Access Point can receive multicast packets at a faster data rate than stations that are farther away from the AP. You should set the Multicast Rate based on the size of the Access Point’s cell.
Interfaces Figure 4-7. 1 Mbits/s and 11 Mbits/s Multicast Rates 11 Mbits/s 1 Mbit/s NOTE: There is an inter-dependent relationship between the Distance between APs and the Multicast Rate. In general, larger systems operate at a lower average transmit rate.
Interfaces Multicast Rate and Distance Between APs is presented in the following table: Large Medium Small Minicell Microcell 1.0 Mbit/s yes yes yes yes yes 2.0 Mbits/s yes yes yes yes yes 5.5 Mbits/s yes yes yes yes 11 Mbits/s yes yes yes The Distance Between APs must be set before the Multicast Rate, because when you select the Distance Between APs, the appropriate range of Multicast values automatically populates the drop-down menu.This feature is not available if you are using an Avaya 802.
Interfaces Parameter Operational Mode Description An 802.11b/g wireless interface can be configured to operate in the following modes: • 802.11b mode only: The radio uses the 802.11b standard only. • 802.11g mode only: The radio is optimized to communicate with 802.11g devices. This setting will provide the best results if this radio interface will only communicate with 802.11g devices. • 802.11b/g mode: This is the default mode. Use this mode if you want to support a mix of 802.11b and 802.11g devices.
Interfaces Parameter Physical Interface Type Description Depending on the Operational Mode, this field reports: • For 802.11b mode only: “802.11b (CCK/DSSS 2.4 GHz)” • For 802.11g and 802.11g-wifi modes: “802.11g (OFDM/DSSS 2.4 GHz)” • For 802.11b/g mode: “802.11b/g (ERP-CCK/DSSS/OFDM 2.4 GHz)” OFDM stands for Orthogonal Frequency Division Multiplexing; this is the name for the radio technology used by 802.11a devices.
Interfaces Parameter Regulatory Domain Description Reports the regulatory domain for which the AP is certified. Not all features or channels are available in all countries. The available regulatory domains include: • FCC - U.S./Canada, Mexico, and Australia • ETSI - Europe, including the United Kingdom • MKK - Japan • IL - Israel Network Name (SSID) Enter a Network Name (between 2 and 31 characters long) for the wireless network. You must configure each wireless client to use this name as well.
Interfaces Parameter Description Frequency Channel When Auto Channel Select is enabled, this field is read-only and displays the Access Point’s current operating channel. When Auto Channel Select is disabled, you can specify the Access Point’s operating channel. If you decide to manually set the unit’s channel, ensure that nearby devices do not use the same frequency (unless you are setting up a WDS). Available Channels vary based on regulatory domain. See 802.11g Channel Frequencies.
Interfaces Parameter Description DTIM Period The Deferred Traffic Indicator Map (DTIM) is used with clients that have power management enabled. DTIM should be left at 1, the default value, if any clients have power management enabled. This parameter supports a range between 1 and 255. RTS/CTS Medium Reservation This parameter affects message flow control and should not be changed under normal circumstances. Range is 0 to 2347.
Interfaces Wireless (802.11a/g) You can configure and view the following parameters within the Wireless Interface Configuration screen for an 802.11a/g AP: NOTE: You must reboot the Access Point before any changes to these parameters take effect.
Interfaces Parameter Operational Mode Description An 802.11a/g wireless interface can be configured to operate in the following modes: • 802.11b mode only: The radio uses the 802.11b standard only. • 802.11g mode only: The radio is optimized to communicate with 802.11g devices. This setting will provide the best results if this radio interface will only communicate with 802.11g devices. • 802.11a mode only: The radio uses the 802.11a standard only. • 802.11b/g mode: This is the default mode.
Interfaces Parameter Physical Interface Type Description Depending on the Operational Mode, this field reports: • For 802.11b mode only: “802.11b (CCK/DSSS 2.4 GHz)” • For 802.11g and 802.11g-wifi modes: “802.11g (OFDM/DSSS 2.4 GHz)” • For 802.11b/g mode: “802.11b/g (ERP-CCK/DSSS/OFDM 2.4 GHz)” • For 802.11a mode only, this field reports: “802.11a (OFDM 5 GHz).” OFDM stands for Orthogonal Frequency Division Multiplexing; this is the name for the radio technology used by 802.11a devices.
Interfaces Parameter Regulatory Domain Description Reports the regulatory domain for which the AP is certified. Not all features or channels are available in all countries. The available regulatory domains include: • FCC - U.S./Canada, Mexico, and Australia • ETSI - Europe and the United Kingdom • MKK: Japan • SG: Singapore • ASIA: China and South Korea • TW: Taiwan and Hong Kong Network Name (SSID) Enter a Network Name (between 2 and 31 characters long) for the wireless network.
Interfaces Parameter Auto Channel Select Description The AP scans the area for other Access Points and selects a free or relatively unused communication channel. This helps prevent interference problems and increases network performance. By default this feature is enabled. See 802.11a Channel Frequencies and 802.11g Channel Frequencies for a list of Channels. NOTE: You cannot disable Auto Channel Select for 802.11a products in Europe (see Dynamic Frequency Selection (DFS) for details).
Interfaces Parameter Frequency Channel Description • When Auto Channel Select is enabled, this field is read-only and displays the Access Point’s current operating Channel. • When Auto Channel Select is disabled, you can specify the Access Point’s channel. If you decide to manually set the unit’s Channel, ensure that nearby devices do not use the same frequency. Available Channels vary based on regulatory domain. See 802.11a Channel Frequencies and 802.11g Channel Frequencies.
Interfaces Parameter Transmit Rate Description Select a specific transmit rate for the AP. The values available depend on the Operational Mode. Auto Fallback is the default setting; it allows the AP to select the best transmit rate based on the cell size. Use the drop-down menu to select a specific transmit rate for the AP. • For 802.11b only -- Auto Fallback, 1, 2, 5.5, 11 Mbits/sec • For 802.11g only -- Auto Fallback, 6, 9, 12, 18, 24, 36, 48, 54 Mbits/sec • For 802.11b/g and 802.
Interfaces Parameter Description DTIM Period The Deferred Traffic Indicator Map (DTIM) is used with clients that have power management enabled. DTIM should be left at 1, the default value, if any clients have power management enabled. This parameter supports a range between 1 and 255. RTS/CTS Medium Reservation This parameter affects message flow control and should not be changed under normal circumstances. Range is 0 to 2347.
Interfaces Wireless Distribution System (WDS) A Wireless Distribution System (WDS) creates a link between two 802.11a, 802.11b, or 802.11b/g APs over their radio interfaces. This link relays traffic from one AP that does not have Ethernet connectivity to a second AP that has Ethernet connectivity. WDS allows you to configure up to six (6) point-to-point links between Access Points. In the WDS Example below, AP 1 and AP 2 communicate over a WDS link (represented by the blue line).
Interfaces Figure 4-8.
Interfaces Bridging WDS Each WDS link is mapped to a logical WDS port on the AP. WDS ports behave like Ethernet ports rather than like standard wireless interfaces: on a BSS port, an Access Point learns by association and from frames; on a WDS or Ethernet port, an Access Point learns from frames only. When setting up a WDS, keep in mind the following: • The WDS link shares the communication bandwidth with the clients.
Interfaces • If your network does not support spanning tree, be careful to avoid creating network loops between APs. For example, creating a WDS link between two Access Points connected to the same Ethernet network will create a network loop (if spanning tree is disabled). For more information, refer to the Spanning Tree section. WDS Setup Procedure NOTE: You must disable Auto Channel Select to create a WDS.
Interfaces 8. Click OK. 9. Reboot the AP. Figure 4-9. WDS Configuration NOTE: To set up a Wireless Distribution System (WDS) with 802.1x, set each Access Point’s 802.1x Security Mode to Mixed and assign each unit in the WDS the same Encryption Key 1. See Security.
Management Ethernet Select the desired speed and transmission mode from the drop-down menu. Half-duplex means that only one side can transmit at a time and full-duplex allows both sides to transmit. When set to auto-duplex, the AP negotiates with its switch or hub to automatically select the highest throughput option supported by both sides.
Management Passwords You can configure the following passwords: Type Description SNMP Read Password For read access to the AP using SNMP. Enter a password in both the Password field and the Confirm field. The default password is “public”. SNMP Read/Write Password For read and write access to the AP using SNMP. Enter a password in both the Password field and the Confirm field. The default password is “public”. This password must be at least 6 characters in length.
Management Type Description SNMPv3 Privacy Password For sending encrypted SNMPv3 data. Enter a password in both the Password field and the Confirm field. The default password is “public”. Password length is recommended to be at least 8 characters. Secure Management (Services tab) must be enabled to configure SNMPv3. Telnet (CLI) Password For the CLI interface (via serial or Telnet). Enter a password in both the Password field and the Confirm field. The default password is “public”.
Management IP Access Table The Management IP Access table limits in-band management access to the IP addresses or range of IP addresses specified in the table. This feature applies to all management options (SNMP, HTTP, and CLI) except for CLI management over the serial port. To configure this table, click Add and set the following parameters: • IP Address: Enter the IP Address for the management station.
Management Services You can configure the following management services: • Secure Management • SNMP Settings • HTTP Access • HTTPS Access (Secure Socket Layer) • Telnet Configuration Settings • Serial Configuration Settings • Automatic Configuration NOTE: You must reboot the Access Point if you change the HTTP Port or Telnet Port.
Management Secure Management Secure Management allows the use of encrypted and authenticated communication protocols such as SNMPv3, and Secure Socket Link (SSL), to manage the Access Point. Setting Enable Secure Management Description Enables the further configuration of HTTPS Access, and SNMPv3. After enabling Secure Management, you can choose to configure HTTPS (SSL) access on the Services tab, and configure SNMPv3 passwords on the Passwords tab.
Management HTTP Access Setting Description HTTP Interface Bitmap Configure the interface or interfaces (Ethernet, Wireless, All Interfaces) from which you will manage the AP via the Web interface. For example, to allow Web configuration via the Ethernet network only, set HTTP Interface Bitmask to Ethernet. You can also select Disabled to prevent a user from accessing the AP from the Web interface. HTTP Port Configure the HTTP port from which you will manage the AP via the Web interface.
Management Figure 4-10. Management Services Configuration Screen HTTPS Access (Secure Socket Layer) You can access the AP in a secure fashion using Secure Socket Layer (SSL) over port 443. The AP supports SSLv3 with a 128-bit encryption certificate maintained by the AP for secure communications between the AP and the HTTP client. All communications are encrypted using the server and the client-side certificate.
Management NOTE: SSL requires Internet Explorer version 6, 128 bit encryption, Service Pack 1, and patch Q323308. The AP comes pre-installed with all required SSL files: default certificate and private key installed. Configuring Secure Socket Layer (SSL) After enabling SSL, the only configurable parameter is the SSL passphrase.
Management Accessing the AP through the HTTPS interface The user should use a SSL intelligent browser to access the AP through the HTTPS interface. After configuring SSL, access the AP using https:// followed by the AP’s management IP address. Telnet Configuration Settings Setting Description Telnet Interface Bitmask Select the interface (Ethernet, Wireless, All Interfaces) from which you can manage the AP via telnet. This parameter can also be used to Disable telnet management.
Management Setting Description Login Idle Timeout (seconds) Enter the number of seconds the system will wait for a login attempt. The AP terminates the session when it times out. The range is 1 to 300 seconds; the default is 30 seconds. Session Idle Timeout (seconds) Enter the number of seconds the system will wait during a session while there is no activity. The AP will terminate the session on timeout. The range is 1 to 36000 seconds; the default is 900 seconds.
Management Serial Configuration Settings The serial port interface on the AP is enabled at all times. See Setting IP Address using Serial Port for information on how to access the CLI interface via the serial port. You can configure and view following parameters: Setting Description Baud Rate Select the serial port speed (bits per second). Choose between 2400, 4800, 9600, 19200, 38400, or 57600; the default Baud Rate is 9600.
Management Setting Description Serial Parity This is a read-only field and displays the number of parity bits used in serial communication (no parity bits by default). Serial Stop Bits This is a read-only field that displays the number of stop bits used in serial communication (1 stop bit by default). NOTE: The serial port bit configuration is commonly referred to as 8N1.
Management configured for static IP, these parameters are instead configured in the AP interface. After setting up automatic configuration you must reboot the AP. When the AP reboots it receives the new configuration information and must reboot one additional time. If Syslog is configured, a Syslog message will appear indicating the success or failure of the Automatic Configuration.
Management 6. Reboot the AP. When the AP reboots it receives the new configuration information and must reboot one additional time. If a Syslog server was configured, the following messages can be observed on the Syslog server: — AutoConfig for Static IP — TFTP server address and configuration filename — AutoConfig Successful Figure 4-11.
Management Set up Automatic Configuration for Dynamic IP Perform the following procedure to enable and set up Automatic Configuration when you have a dynamic IP address for the TFTP server via DHCP. The Configuration filename and the TFTP server IP address are contained in the DHCP response when the AP gets its IP address dynamically from the DHCP server.
Management Figure 4-12. DHCP Options: Setting the Boot Server Host Name 4. Add the Boot Server host name and Boot Filename parameters to the Active Options list. 5. Set the value of the Boot Server host name parameter to the host name or IP Address of the TFTP server. For example: 11.0.0.7.
Management Figure 4-13. DHCP Options: Setting the Boot Server Host Name 6. Set the value of the Bootfile Name parameter to the Configuration filename. For example: AP-Config 7. If using Syslog, set the Log server IP address (option 7, Log Servers).
Filtering 8. Reboot the AP. When the AP reboots it receives the new configuration information and must reboot one additional time. If a Syslog server was configured, the following messages can be observed on the Syslog server: — AutoConfig for Dynamic IP — TFTP server address and configuration filename — AutoConfig Successful Filtering The Access Point’s Packet Filtering features help control the amount of traffic exchanged between the wired and wireless networks.
Filtering Follow these steps to configure the Ethernet Protocol Filter: 1. Select the interface or interfaces that will implement the filter from the Ethernet Protocol Filtering drop-down menu. — Ethernet: Packets are examined at the Ethernet interface — Wireless: Packets are examined at the Wireless interface — All Interfaces: Packets are examined at both interfaces — Disabled: The filter is not used 2. Select the Filter Operation Type.
Filtering 3. Configure the Ethernet Protocol Filter Table. This table is pre-populated with existing Ethernet Protocol Filters, however, you may enter additional filters by specifying the appropriate parameters. — To add an entry, click Add, and then specify the Protocol Number and a Protocol Name. • Protocol Number: Enter the protocol number. See http://www.iana.org/assignments/ethernet-numbers for a list of protocol numbers. • Protocol Name: Enter related information, typically the protocol name.
Filtering For example, you can set up a Static MAC filter to prevent wireless clients from communicating with a specific server on the Ethernet network. You can also use this filter to block unnecessary multicast packets from being forwarded to the wireless network. NOTE: The Static MAC Filter is an advanced feature. You may find it easier to control wireless traffic via other filtering options, such as Ethernet Protocol Filtering.
Filtering Taken together, a MAC Address/Mask pair specifies an address or a range of MAC addresses that the AP will look for when examining packets. The AP uses Boolean logic to perform an “AND” operation between the MAC Address and the Mask at the bit level. However, for most users, you do not need to think in terms of bits. It should be sufficient to create a filter using only the hexadecimal digits 0 and F in the Mask (where 0 is any value and F is the value specified in the MAC address).
Filtering When creating a filter, you can configure the Wired parameters only, the Wireless parameters only, or both sets of parameters. Which parameters to configure depends upon the traffic that you want block: To block all traffic... Configure... from a specific wired MAC address from being forwarded to the wireless network only the Wired MAC Address and Wired Mask (leave the Wireless MAC Address and Wireless Mask set to all zeros).
Filtering Creating an Entry To create an entry, click Add and enter the appropriate MAC addresses and Masks to setup a filter. The entry is enabled automatically when saved. To edit an entry, click Edit. To disable or remove an entry, click Edit and change the Status field from Enable to Disable or Delete. Figure 4-14.
Filtering Static MAC Filter Examples Consider a network that contains a wired server and three wireless clients.
Filtering Prevent Multiple Wireless Devices From Communicating With a Single Wired Device Configure the following settings to prevent Wireless Clients 1 and 2 from communicating with the Wired Server.
Filtering Prevent All Wireless Devices From Communicating With a Single Wired Device Configure the following settings to prevent all three Wireless Clients from communicating with Wired Server 1. • Wired MAC Address: 00:40:F4:1C:DB:6A • Wired Mask: FF:FF:FF:FF:FF:FF • Wireless MAC Address: 00:00:00:00:00:00 • Wireless Mask: 00:00:00:00:00:00 Result: The Access Point blocks all traffic between Wired Server 1 and all wireless clients.
Filtering Prevent Messages Destined for a Specific Multicast Group from Being Forwarded to the Wireless LAN If there are devices on your Ethernet network that use multicast packets to communicate and these packets are not required by your wireless clients, you can set up a Static MAC filter to preserve wireless bandwidth.
Filtering Advanced You can configure the following advanced filtering options: • Enable Proxy ARP: Place a check mark in the box provided to allow the Access Point to respond to Address Resolution Protocol (ARP) requests for wireless clients. When enabled, the AP answers ARP requests for wireless stations without actually forwarding them to the wireless network. If disabled, the Access Point will bridge ARP requests for wireless clients to the wireless LAN.
Filtering The AP can filter these protocols in the wireless-to-Ethernet direction, the Ethernet-to-wireless direction, or in both directions. Click Edit and use the Status field to Enable or Disable the filter. TCP/UDP Port Port-based filtering enables you to control wireless user access to network services by selectively blocking TCP/UDP protocols through the AP.
Filtering Adding TCP/UDP Port Filters 1. Place a check mark in the box labeled Enable TCP/UDP Port Filtering. 2. Click Add under the TCP/UDP Port Filter Table heading. 3. In the TCP/UDP Port Filter Table, enter the Protocol Names to filter. 4. Set the destination Port Number (a value between 1 and 65535) to filter. See the IANA Web site at http://www.iana.org/assignments/port-numbers for a list of assigned port numbers and their descriptions. 5.
Alarms Editing TCP/UDP Port Filters 1. Click Edit under the TCP/UDP Port Filter Table heading. 2. Make any changes to the Protocol Name or Port Number for a specific entry, if necessary. 3. In the row that defines the port, set the Status to Enable, Disable, or Delete, as appropriate. 4. Select OK. Alarms This category has three sub-categories.
Alarms Groups There are seven alarm groups that can be enabled or disabled via the Web interface. Place a check mark in the box provided to enable a specific group. Remove the check mark from the box to disable the alarms. Alarm Severity Levels vary. • Configuration Alarm Trap Name oriTrapDNSIPNotConfigured Description This traps is generated when the DNS IP Address has not been configured.
Alarms • Security Alarms Trap Name oriTrapAuthenticationFailure Description This trap is generated when a client authentication failure occurs. The authentication failures can range from: - MAC Access Control Table - RADIUS MAC Authentication - 802.1x Authentication specifying the EAP-Type Severity Level: Major oriTrapUnauthorizedManager Detected This trap is generated when an unauthorized manager has attempted to view and/or modify parameters.
Alarms • Wireless Alarms Trap Name oriTrapWLCNotPresent Description When you start the AP, this trap is generated when a wireless interface/card is not present in the AP. Severity Level: Informational oriTrapWLCFailure This trap is generated when a general failure occurs with the wireless interface/card. Severity Level: Critical oriTrapWLCRemoval This trap is generated when the wireless interface/card has been removed from the device.
Alarms Trap Name oriTrapWLCVoltageDiscrepancy Description The dual-radio AP supports 3.3 V and 5 V wireless cards. This trap is generated when a wireless interface/card using a different voltage is inserted in the AP. Severity Level: Critical oriTrapWLCIncompatibleVendor This trap is generated when an incompatible wireless vendor card is inserted or present in the AP.
Alarms • Operational Alarms Trap Name oriTrapWatchDogTimerExpired Description This trap is generated when the software watch dog timer expires. This indicates that a problem has occurred with one or more software modules and the AP will reboot automatically. Trap Severity Level: Critical oriTrapRADIUSServerNot Responding This trap is generated when no response is received from the RADIUS server(s) for authentication requests sent from the RADIUS client in the AP.
Alarms Trap Name oriTrapTaskSuspended Description This trap is generated when a software task in the AP is suspended. Trap Severity Level: Critical oriTrapBootPFailed In bootloader mode, this trap is generated when the AP does not receive a response from the BootP server. The result is that the Access Point reverts to its static IP configuration and you will need to set reset configuration options.
Alarms • FLASH Memory Alarms Trap Name oriTrapFlashMemoryEmpty Description This trap is generated when an error occurs while downloading a file to the AP and no data is present in the flash memory. Severity Level: Informational oriTrapFlashMemoryCorrupted This trap is generated when an error occurs while downloading a file to the AP and the data in the flash memory is invalid or corrupted.
Alarms • TFTP Alarms Trap Name Description This trap is generated when a failure occurs during a TFTP upload or download operation. oriTrapTFTPFailedOperation Severity Level: Major This trap is generated when a TFTP upload or download operation is started. oriTrapTFTPOperationInitiated Severity Level: Informational oriTrapTFTPOperationCompleted This trap is generated when a TFTP operation is complete (upload or download).
Alarms Trap Name oriTrapInvalidImage Description This trap is generated when an invalid image is loaded in the Access Point. Trap Severity Level: Major oriTrapImageTooLarge This trap is generated when the image loaded in the AP exceeds the size limitation of the flash memory. Trap Severity Level: Major oriTrapIncompatibleImage This trap is generated when an incompatible image is loaded in the AP.
Alarms In addition, the AP supports these standard traps, which are always enabled: • RFC 1215-Trap Trap Name coldStart Description The AP has been turned on or rebooted. Trap Severity Level: Informational linkUp The AP's Ethernet interface link is up (working). Trap Severity Level: Informational linkDown The AP's Ethernet interface link is down (not working).
Alarms • Bridge MIB (RFC 1493) Alarms Trap Name newRoot Description This trap indicates that the AP has become the new root in the Spanning Tree network. Trap Severity Level: Informational topologyChange This trap is sent by the AP when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. This trap is not sent if a newRoot trap is sent for the same transition.
Alarms Critical alarms will often result in severe disruption in network activity or an automatic reboot of the AP Major alarms are usually activated due to a breach in the security of the system. Clients cannot be authenticated or an attempt at unauthorized access into the AP has been detected. Informational alarms are there to provide the network administrator with some general information about the activities the AP is performing.
Alarms Edit or Delete an Entry To edit or delete an entry, click Edit. Edit the information, or select Enable, Disable, or Delete from the Status drop-down menu. Syslog The Syslog messaging system enables the AP to transmit event messages to a central server for monitoring and troubleshooting. The AP can send messages to one Syslog server (it cannot send messages to more than one Syslog server).
Alarms Figure 4-15.
Alarms Setting Syslog Event Notifications Syslog Events are logged according to the level of detail specified by the administrator. Logging only urgent system messages will create a far smaller, more easily read log then a log of every event the system encounters.
Alarms Configuring Syslog Event Notifications You can configure the following Syslog settings from the HTTP interface: • Enable Syslog: Place a check mark in the box provided to enable system logging. • Syslog Port Number: This field is read-only and displays the port number (514) assigned for system logging. • Syslog Lowest Priority Logged: The AP will send event messages to the Syslog server that correspond to the selected priority and above.
Bridge Bridge The AP is a bridge between your wired and wireless networking devices. As a bridge, the functions performed by the AP include: • MAC address learning • Forward and filtering decision making • Spanning Tree protocol used for loop avoidance Once the AP is connected to your network, it learns which devices are connected to it and records their MAC addresses in the Learn Table. The table can hold up to 10,000 entries.
Bridge Spanning Tree A Spanning Tree is used to avoid redundant communication loops in networks with multiple bridging devices. Bridges do not have any inherent mechanism to avoid loops, because having redundant systems is a necessity in certain networks. However, redundant systems can cause Broadcast Storms, multiple frame copies, and MAC address table instability problems. Complex network structures can create multiple loops within a network.
Bridge The Storm Threshold parameters allow you to specify a set of thresholds for each port of the AP, identifying separate values for the number of broadcast messages/second and Multicast messages/second. When the number of frames for a port or identified station exceeds the maximum value per second, the AP will ignore all subsequent messages issued by the particular network device, or ignore all messages of that type. • Address Threshold: Enter the maximum allowed number of packets per second.
Bridge Although this feature is generally enabled in public access environments, Enterprise LAN administrators use it to conserve wireless bandwidth by limiting communication between wireless clients. For example, this feature prevents peer-to-peer file sharing or gaming over the wireless network. • To block Intra BSS traffic, set Intra BSS Traffic Operation to Block. • To allow Intra BSS traffic, set Intra BSS Traffic Operation to Passthru.
Bridge Configuring Interfaces for Packet Forwarding Configure your AP to forward packets by specifying interface port(s) to which packets are redirected and a destination MAC address. 1. Within the Packet Forwarding Configuration screen, check the box labeled Enable Packet Forwarding. 2. Specify a destination Packet Forwarding MAC Address. The AP will redirect all unicast, multicast, and broadcast packets received from wireless clients to the address you specify. 3.
Security Security The AP provides several security features to protect your network from unauthorized access. • Authentication and Encryption Modes • MAC Access • Rogue Access Point Detection (RAD) Authentication and Encryption Modes The AP supports the following Security features: Type Description WEP Encryption The original encryption technique specified by the IEEE 802.11 standard. 802.1x Authentication An IEEE standard for client authentication.
Security WEP Encryption The IEEE 802.11 standards specify an optional encryption feature, known as Wired Equivalent Privacy or WEP, that is designed to provide a wireless LAN with a security level equal to what is found on a wired Ethernet network. WEP encrypts the data portion of each packet exchanged on an 802.11 network using an Encryption Key (also known as a WEP Key). When Encryption is enabled, two 802.
Security • An 802.11a or 802.11b/g AP supports 64-bit, 128-bit, and 152-bit encryption: — For 64-bit encryption, an encryption key is 10 hexadecimal characters (0-9 and A-F) or 5 ASCII characters (see ASCII Character Chart). — For 128-bit encryption, an encryption key is 26 hexadecimal characters or 13 ASCII characters. — For 152-bit encryption, an encryption key is 32 hexadecimal characters or 16 ASCII characters.
Security Popular EAP types include: Type Description EAP-Message Digest 5 (MD5) Username/Password-based authentication; does not support automatic key distribution EAP-Transport Layer Security (TLS) Certificate-based authentication (a certificate is required on the server and each client); supports automatic key distribution EAP-Tunneled Transport Layer Security (TTLS) Certificate-based authentication (a certificate is required on the server; a client’s username/password is tunneled to the server ov
Security Different servers support different EAP types and each EAP type provides different features. Refer to the documentation that came with your RADIUS server to determine which EAP types it supports. NOTE: The AP supports the following EAP types when Authentication Mode is set to 802.1x or WPA: EAP-TLS, PEAP, and EAP-TTLS.
Security Prior to successful authentication, an unauthenticated client PC cannot send any data traffic through the AP device to other systems on the LAN. The AP inhibits all data traffic from a particular client PC until the client PC is authenticated. Regardless of its authentication status, a client PC can always exchange 802.1x messages in the clear with the AP (the client begins encrypting data after it has been authenticated). Figure 4-16.
Security Upon receiving a reply EAP packet from the RADIUS, the message is typically forwarded to the client, after translating it back to the EAPOL format. Negotiations take place between the client and the RADIUS server. After the client has been successfully authenticated, the client receives an Encryption Key from the AP (if the EAP type supports automatic key distribution). The client uses this key to encrypt data after it has been authenticated. For 802.11a and 802.
Security WPA is a replacement for Wired Equivalent Privacy (WEP), the encryption technique specified by the original 802.11 standard. WEP has several vulnerabilities that have been widely publicized. WPA addresses these weaknesses and provides a stronger security system to protect wireless networks. WPA provides the following new security measures not available with WEP: • Improved packet encryption using the Temporal Key Integrity Protocol (TKIP) and the Michael Message Integrity Check (MIC).
Security • Client/server mutual authentication — 802.1x — Pre-shared key (for networks that do not have an 802.1x solution implemented) NOTE: For more information on WPA, see the Wi-Fi Alliance Web site at http://www.wi-fi.org. The AP supports two WPA authentication modes: • WPA: The AP uses 802.1x to authenticate clients. You should only use an EAP that supports mutual authentication and session key generation, such as EAP-TLS, EAP-TTLS, and PEAP. See 802.1x Authentication for details.
Security Configuring Security Settings You can configure each SSID/VLAN to operate in one of the following Security modes: Security Mode Description No Security This is the default setting for an AP. Enable WEP Encryption The AP and clients use the same static WEP keys to encrypt data. Enable 802.1x Security The AP uses the 802.1x standard to communicate with a RADIUS server and authenticate clients.
Security Security Mode Description Enable WPA Mode The AP uses 802.1x to communicate with a RADIUS server and authenticate clients. The AP generates and distributes dynamic, per user encryption keys (based on the Temporal Key Integrity Protocol (TKIP)) to each client following successful authentication. WPA mode provides message integrity checking to guard against replay type attacks. This mode is not available for all radio types.
Security Interface's Configure > SSID/VLAN/Security Mode/Wireless A/B screen and describes how each of these options correspond to the six Security Modes listed above: Authentication Mode Authentication Setting Method Employed None None 802.1x Mixed WPA WPA-PSK Encryption Method Employed None or manually configured Static WEP settings 802.1x Dynamic WEP Keying 802.1x or None Dynamic WEP Keying (depends on a client's or Static WEP configuration) (depends on client's configuration) 802.
SSID, VLAN, and Security Modes Authentication Protocol Hierarchy There is a hierarchy of authentication protocols defined for the AP. The hierarchy is as follows, from Highest to lowest: • 802.1x authentication • MAC Access Control via RADIUS Authentication • MAC Access Control through individual APs' MAC Access Control Lists If both 802.1x and MAC authentication are enabled, the 802.1x results will take effect. This is required in order to propagate the WEP keys to the clients in such cases.
SSID, VLAN, and Security Modes A Network Name (SSID) identifies a wireless network. Clients associate with Access Points that share its SSID. During installation, the Setup Wizard prompts you to configure one Network Name for each wireless interface. After initial setup, the AP can be configured to support up to 16 SSIDs per wireless interface to segment wireless networks based on VLAN membership. Refer to Configure Multiple SSID/VLAN/Security Mode Entries for configuration details.
SSID, VLAN, and Security Modes be configured, and network resources such as a VLAN-aware switch, a RADIUS server, and possibly a DHCP server should be available.
SSID, VLAN, and Security Modes 1. VLAN-enabled access point 2. VLAN-aware switch (IEEE 802.1Q uplink) 3. AP management via wired host (SNMP, Web interface or CLI) 4. DHCP Server 5. RADIUS Server 6. VLAN 1 7.
SSID, VLAN, and Security Modes Figure 4-17.
SSID, VLAN, and Security Modes VLAN Workgroups and Traffic Management Access Points that are not VLAN-capable typically transmit broadcast and multicast traffic to all wireless Network Interface Cards (NICs). This process wastes wireless bandwidth and degrades throughput performance. In comparison, VLAN-capable AP is designed to efficiently manage delivery of broadcast, multicast, and unicast traffic to wireless clients. The AP assigns clients to a VLAN based on a Network Name (SSID).
SSID, VLAN, and Security Modes one VLAN could be used for an EMPLOYEE workgroup and the other, for a GUEST workgroup. In this scenario, the AP would assign every packet it accepted to a VLAN. Each packet would then be identified as EMPLOYEE or GUEST, depending on which wireless NIC received it. The AP would insert VLAN headers or “tags” with identifiers into the packets transmitted on the wired backbone to a network switch.
Configure Multiple SSID/VLAN/Security Mode Entries NOTE: The ability to configure up to 16 VLAN/SSID pairs and configure a security mode per SSID is available only for the AP-6, and APs that have an 802.11a/b/g or 802.11b/g Upgrade Kit installed. The four primary scenarios for using VLAN workgroups are as follows: 1. VLAN disabled: Your network does not use VLANs, but you can configure the AP to use multiple SSIDs. 2. VLAN enabled, all VLAN Workgroups use the same VLAN ID Tag 3.
Configure Multiple SSID/VLAN/Security Mode Entries 2. Place a check mark in the Enable VLAN Protocol box to enable VLAN support. If VLAN is disabled, all table entries on the SSID/VLAN/Security page will be disabled. 3. Click the tab for Wireless A or Wireless B (if applicable). 4. Place a check in the Enable Security Per SSID check box.
Configure Multiple SSID/VLAN/Security Mode Entries Figure 4-18. SSID, VLAN, and Security Table - Wireless A NOTE: The ability to configure up to 16 VLAN/SSID pairs and configure a security mode per SSID is available only for the AP-6, and APs that have an 802.11a/b/g or 802.11b/g Upgrade Kit installed.
Configure Multiple SSID/VLAN/Security Mode Entries 5. Add one or more new SSID/VLAN/security mode entries. Each wireless interface supports up to 16 entries. Follow these steps: a. Click Add to create a new SSID/VLAN/security mode entry. Figure 4-19.
Configure Multiple SSID/VLAN/Security Mode Entries b. Enter a Network Name (SSID), between 2 and 31 characters, in the field provided. This parameter is mandatory. c. Enter a VLAN ID in the field provided. This parameter is mandatory. — You must specify a unique VLAN ID for each SSID on the interface. As defined by the 802.1Q standard, a VLAN ID is a number between 1 and 4094. A value of -1 means that an entry is untagged.
Configure Multiple SSID/VLAN/Security Mode Entries NOTE: If you have two or more SSIDs per interface with a security mode of None, be aware that security being applied in the VLAN is not being applied in the wireless network. NOTE: Some parameters on other pages must be configured for each security mode to function. RADIUS server(s) must be configured to support authentication of WPA, 802.1x or WEP clients. Encryption keys must be configured for WEP clients if mixed mode is selected.
Configure Multiple SSID/VLAN/Security Mode Entries Enable 802.1x Security Follow these steps to enable 802.1x on an SSID/VLAN pair: 1. Set Security Mode to 802.1x. 2. Select an Encryption Key Length. — An 802.11b AP supports 64-bit and 128-bit encryption. — An 802.11a or 802.11b/g AP supports 64-bit and 128-bit encryption. 3. Enter a Re-keying Interval. The Re-keying Interval determines how often a client’s encryption key is changed and can be set to any value between 60 - 65535 seconds.
Configure Multiple SSID/VLAN/Security Mode Entries 2. Enter a Re-keying Interval. The Re-keying Interval determines how often a client’s encryption key is changed and can be set to any value between 60 - 65535 seconds. Rekeying frustrates hacking attempts without taxing system resources. Setting a fairly frequent rekey value (900 seconds=15 minutes) effectively protects against intrusion without disrupting network activities. 3. Place a check mark in the box labeled Enable Encryption (WEP). 4.
Configure Multiple SSID/VLAN/Security Mode Entries Enable WPA-PSK Mode Follow these steps to enable WPA-PSK on an SSID/VLAN pair: 1. Set Security Mode to WPA-PSK. 2. Configure the Pre-Shared Key. 3. Enter a phrase in the PSK Pass Phrase field. The AP will automatically generate a Pre-Shared Key based on the phrase you enter. You must also configure your clients to use this same key.
Configure Multiple SSID/VLAN/Security Mode Entries Typical VLAN Management Configurations Control Access to the AP Management access to the AP can easily be secured by making management stations or hosts and the AP itself members of a common VLAN. Simply configure a non-zero management VLAN ID and enable VLAN to restrict management of the AP to members of the same VLAN.
Configure Multiple SSID/VLAN/Security Mode Entries ! CAUTION: Once a VLAN Management ID is configured and is equivalent to one of the VLAN User IDs on the AP, all members of that User VLAN will have management access to the AP. Be careful to restrict VLAN membership to those with legitimate access to the AP. 1. Click Configure > VLAN. 2. Set the VLAN Management ID to use the same VLAN ID as one of the configured SSID/VLAN pairs. See Typical User VLAN Configurations for details. 3.
Configure Multiple SSID/VLAN/Security Mode Entries • Enable MAC Access Control: Check this box to enable the Control Table. • Operation Type: Choose between Passthru and Block. This determines how the stations identified in the MAC Access Control Table are filtered. — If set to Passthru, only the addresses listed in the Control Table will pass through the bridge. — If set to Block, the bridge will block traffic to or from the addresses listed in the Control Table.
Configure Multiple SSID/VLAN/Security Mode Entries Figure 4-20. MAC Access Configuration Screen Rogue Access Point Detection (RAD) The Rogue AP Detection (RAD) feature provides an additional security level for wireless LAN deployments. Rogue AP detection provides a mechanism for detecting Rogue Access Points by utilizing the coverage of the trusted Access Point deployment.
Configure Multiple SSID/VLAN/Security Mode Entries The Rogue AP Scan employs background scanning using low-level 802.11 scanning functions for effective wireless detection of Access Points in its coverage area with minimal impact on the normal operation of the Access Point. This RAD feature can be enabled on an Access Point via its HTTP, CLI, or SNMP Interfaces. The scan repetition duration is configurable.
Configure Multiple SSID/VLAN/Security Mode Entries RAD Configuration Requirements The RAD feature can be configured/monitored via the HTTP, CLI, or SNMP management interfaces. The following management options are provided: • The RAD feature can be enabled or disabled. • The repetition interval of RAD can be configured. • SNMP Traps are sent after completion of a RAD scan cycle and also whenever a new Access Point is detected.
Configure Multiple SSID/VLAN/Security Mode Entries Figure 4-21. Example Rogue AP Detection Deployment An example network deployment is shown. The Trusted AP has Rogue Access Detection enabled and the trap host is configured to be the management station. The Trusted AP on detecting the Rogue AP will send a trap to the management station with the Channel and BSSID of the Rogue Access Point.
Configure Multiple SSID/VLAN/Security Mode Entries Configuring RAD Perform this procedure to enable RAD and define the Scan Interval. The RAD screen also displays the time of the last scan and the number of new access points detected in the last scan. 1. Enable the Security Alarm Group. Select the Security Alarm Group link from the RAD screen. Configure a Trap Host to receive the list of access points detected during the scan. 2. Click Configure > Security > RAD. 3.
Configure Multiple SSID/VLAN/Security Mode Entries Figure 4-22.
RADIUS RADIUS The AP communicates with a network’s RADIUS server to provide the following features: • MAC Access Control by Means of RADIUS Authentication • RADIUS Authentication with 802.1x • RADIUS Accounting The network administrator can configure multiple RADIUS Authentication Servers for different Authentication types. The current available authentication types are EAP/802.1x authentication and MAC-based authentication.
RADIUS NOTE: You must have configured the settings for at least one Authentication server before configuring the settings for an Accounting server. The back-up servers are optional, but when configured, the AP will communicate with the back-up server if the primary server is off-line. After the AP has switched to the backup server, it will periodically check the status of the primary RADIUS server every five (5) minutes.
RADIUS NOTE: Contact your RADIUS server manufacturer if you have problems configuring the server or have problems using RADIUS authentication. Follow these steps to enable RADIUS MAC Access Control: 1. Within the RADIUS Auth screen, place a check mark in the box labeled Enable RADIUS MAC Access Control. 2. Place a check mark in the box labeled Enable Primary RADIUS Authentication Server. 3.
RADIUS 5. Select a MAC Address Format Type. This should correspond to the format in which the clients’ 12-digit MAC addresses are listed within the RADIUS server. Available options include: — Dash delimited: dash between each pair of digits: xx-yy-zz-aa-bb-cc — Colon delimited: colon between each pair of digits: xx:yy:zz:aa:bb:cc) — Single dash delimited: dash between the sixth and seventh digits: xxyyzz-aabbcc — No delimiters: No characters or spaces between pairs of hexadecimal digits: xxyyzzaabbcc 6.
RADIUS 11. Enter the maximum number of times an authentication request may be retransmitted in the Maximum Retransmissions field. Range is 0-4; default is 3. 12. If you are configuring a back-up server, repeat Steps 6 through 11 for the back-up server. 13. Click OK to save your changes. 14. Reboot the AP for these changes to take effect.
RADIUS Figure 4-23.
RADIUS RADIUS Authentication with 802.1x You must configure a primary EAP/802.1x Authentication server to use 802.1x security. A back-up server is optional. NOTE: Problems with RADIUS Server configuration or RADIUS Authentication should be referred to the RADIUS Server developer. Follow these steps to enable a RADIUS Authentication server for 802.1x security: 1. Click the RADIUS tab. 2. Click the EAP/802.1x sub-tab. 3. Place a check mark in the box labeled Enable Primary EAP/802.1x Authentication Server.
RADIUS 8. Enter the Shared Secret in the Shared Secret and Confirm Shared Secret field. This is a password shared by the RADIUS server and the AP. The same password must also be configured on the RADIUS server. 9. Enter the maximum time, in seconds, that the AP should wait for the RADIUS server to respond to a request in the Response Time field. Range is 1-10 seconds; default is 3 seconds. 10.
RADIUS Figure 4-24. RADIUS EAP/802.
RADIUS RADIUS Accounting Using an external RADIUS server, the AP can track and record the length of client sessions on the access point by sending RADIUS accounting messages per RFC2866. When a wireless client is successfully authenticated, RADIUS accounting is initiated by sending an “Accounting Start” request to the RADIUS server. When the wireless client session ends, an “Accounting Stop” request is sent to the RADIUS server.
RADIUS Configuring RADIUS Accounting Follow these steps to enable RADIUS accounting on the AP: NOTE: For RADIUS accounting to work, you must first enable RADIUS authentication as follows: 1. In the RADIUS Auth screen, place a check mark in the box labeled Enable RADIUS MAC Access Control. 2. Place a check mark in the box labeled Enable Primary RADIUS Authentication Server. 3. If you want to configure a back-up RADIUS server, place a check mark in the box labeled Enable Back-up RADIUS Authentication Server.
RADIUS — Single dash delimited: dash between the sixth and seventh digits: xxyyzz-aabbcc — No delimiters: No characters or spaces between pairs of hexadecimal digits: xxyyzzaabbcc 6. Select a Server Addressing Format type (IP Address or Name). If you want to identify RADIUS servers by name, you must configure the AP as a DNS Client. See DNS Client for details. 7. Enter the server’s IP address or name in the field provided. 8. Enter the port number which the AP and the server will use to communicate.
RADIUS Now that Radius authentication is enabled and configured, configure Radius Accounting as follows: 14. Within the RADIUS Accounting Configuration screen, place a check mark in the Enable RADIUS Accounting box to turn on this feature. 15. Place a check mark in the box labeled Enable Primary RADIUS Accounting Server. 16. If you want to configure a back-up RADIUS server, place a check mark in the box labeled Enable Back-up RADIUS Accounting Server. 17.
RADIUS 22. Enter the maximum time, in seconds, that the AP should wait for the RADIUS server to respond to a request in the Response Time field. Range is 1-10 seconds; default is 3 seconds. 23. Enter the maximum number of times an authentication request may be retransmitted in the Maximum Retransmissions field. Range is 1-4; default is 3. 24. If you are configuring a back-up server, repeat Steps 5 through 10 for the back-up server. 25. Enable RADIUS accounting and click OK to save your changes. 26.
RADIUS Figure 4-25.
RADIUS 4-170 Avaya Wireless AP-4/5/6 User’s Guide
Monitor Information 5 In This Chapter • Logging into the HTTP Interface • Version: Provides version information for the Access Point’s system components. • ICMP: Displays statistics for Internet Control Message Protocol packets sent and received by the AP. • IP/ARP Table: Displays the AP’s IP Address Resolution table. • Learn Table: Displays the list of nodes that the AP has learned are on the network. • IAPP: Provides statistics for the Inter-Access Point Protocol messages sent and received by the AP.
Logging into the HTTP Interface Logging into the HTTP Interface Once the AP has a valid IP Address and an Ethernet connection, you may use your web browser to monitor network statistics. The Command Line Interface (CLI) also provides a method for viewing network statistics using Telnet or a serial connection. This section covers only use of the HTTP interface. For more information about viewing network statistics with the CLI, refer to The Command Line Interface.
Logging into the HTTP Interface 2. If necessary, disable the Internet proxy settings. For Internet Explorer users, follow these steps: — Select Tools > Internet Options.... — Click the Connections tab. — Click LAN Settings.... — If necessary, remove the check mark from the Use a proxy server box. — Click OK twice to save your changes and return to Internet Explorer. 3. Enter the Access Point’s IP address in the browser’s Address field and press Enter. — Result: The AP Enter Network Password screen appears.
Logging into the HTTP Interface 4. Enter the HTTP password in the Password field and click OK. Leave the User Name field blank. (By default, the HTTP password is “public”). — Result: The System Status screen appears. Figure 5-1. Enter Network Password Screen 5. Click the Monitor button located on the left-hand side of the screen.
Logging into the HTTP Interface Figure 5-2. Monitor Main Screen 6. Click the tab that corresponds to the statistics you want to review. For example, click Learn Table to see the list of nodes that the AP has discovered on the network. 7. If applicable, click the Refresh button to update the statistics.
Version Version From the HTTP interface, click the Monitor button and select the Version tab. The list displayed provides you with information that may be pertinent when calling Technical Support. With this information, your Technical Support representative can verify compatibility issues and make sure the latest software are loaded. This screen displays the following information for each Access Point component: • Serial Number: The component’s serial number, if applicable.
Version Figure 5-3.
ICMP ICMP This tab provides statistical information for both received and transmitted messages directed to the AP. Not all ICMP traffic on the network is counted in the ICMP (Internet Control Message Protocol) statistics. Figure 5-4.
IP/ARP Table IP/ARP Table This tab provides information based on the Address Resolution Protocol (ARP), which relates MAC Address and IP Addresses. Figure 5-5.
Learn Table Learn Table This tab displays information relating to network bridging. It reports the MAC address for each node that the device has learned is on the network and the interface on which the node was detected. There can be up 10,000 entries in the Learn Table. Figure 5-6.
IAPP IAPP This tab displays statistics relating to client handovers and communications between Avaya Wireless Access Points. Figure 5-7.
RADIUS RADIUS This tab provides RADIUS authentication, EAP/802.1x authentication, and accounting information for both the Primary and Backup RADIUS servers. NOTE: RADIUS authentication and accounting must be enabled for this information to be valid.
Interfaces Figure 5-8. RADIUS Monitoring Screen Interfaces This tab displays statistics for the Ethernet and wireless interfaces. The Operational Status can be up, down, or testing.
Interfaces Figure 5-9.
Link Test Link Test This tab displays information on the quality of the wireless link to clients and other APs in the Wireless Distribution System. During a Link Test, the Access Point and the selected device exchange a series of packets to test the strength of the connection. The devices start by exchanging packets at the 11 Mbits/sec rate but fall back to the slower rates if necessary. NOTE: This feature is not available for an 802.11b/g AP.
Link Test Figure 5-10. Remote Link Test Screen 3. Select a Station from the list by clicking the circle to the left of the Station’s entry. 4. Click Link Test to start the test. Result: A new Link Test window opens and displays the following information for the Access Point (referred to as the Initiator Station) and the wireless client (referred to as the Remote Station): — Station Name: The Access Point’s System Name or the client’s Windows Networking name.
Link Test — SNR (dB): The Signal to Noise ratio for the received signal. The displayed value is the running average since the start of the test and is reported in decibels (dB). Higher numbers correspond to a stronger link. The bar graph also displays the relative strength of the link (a green bar indicates a strong link, a yellow bar indicates a fair link, and a red bar indicates a weak link). — Signal (dBm): The strength of the received signal in dBm (decibels referenced to 1 milliwatt).
Link Test — 11 Mbps (pkts): The number of packets received at the 11 Mbits/sec transmit rate since the start of the Link Test. In general, most packets will be received at the 11 Mbits/sec rate if the devices have a strong link. — 5.5 Mbps (pkts): The number of packets received at the 5.5 Mbits/sec transmit rate since the start of the Link Test. — 2 Mbps (pkts): The number of packets received at the 2 Mbits/sec transmit rate since the start of the Link Test.
Link Test Figure 5-11. SNR Report Screen 5. Click Close to end the Link Test.
Station Statistics Station Statistics This tab displays information on wireless clients attached to the AP and on Wireless Distribution System links. Enabling and Viewing Station Statistics To enable the monitoring of Stations Statistics, perform the following procedure: 1. Click on the Monitor tab on the left on the web page. 2. Click on the Station Statistics tab on the Monitor screen. 3.
Station Statistics Figure 5-12.
Station Statistics Description of Station Statistics The following stations statistics are displayed: • MAC Address: The MAC address of the wireless client for which the statistics are gathered. For WDS links, this is the partner MAC address of the link. • IP Address: The IP address of the associated wireless station for which the Statistics are gathered. (0.0.0.0 for WDS links) • Interface to which the Station is connected: The interface number on which the client is connected with the AP.
Station Statistics The following stations statistics are not displayed in the Graphical User Interface, but can be viewed from a MIB browser: • Octets Received: The number of octets received from the associated wireless station (or WDS link partner) by the AP. • Unicast Frames Received: The number of Unicast frames received from the associated wireless station (or WDS link partner) by the AP. • Non-Unicast Frames Received: The number of Non-Unicast frames received (i.e.
Station Statistics 5-24 Avaya Wireless AP-4/5/6 User’s Guide
Commands 6 In This Chapter • Logging into the HTTP Interface • Introduction to File Transfer via TFTP or HTTP: Describes the available file transfer methods. • Update AP by Using TFTP: Download files from a TFTP server to the AP. • Update AP by Using HTTP: Download files to the AP from HTTP. • Upload File by Using TFTP: Upload configuration files from the AP to a TFTP server. • Upload File by Using HTTP: Upload configuration files from the AP by using HTTP.
Logging into the HTTP Interface Logging into the HTTP Interface Once the AP has a valid IP Address and an Ethernet connection, you may use your web browser to issue commands. The Command Line Interface (CLI) also provides a method for issuing commands using Telnet or a serial connection. This section covers only use of the HTTP Interface. For more information about issuing commands with the CLI, refer to The Command Line Interface.
Logging into the HTTP Interface 2. If necessary, disable the Internet proxy settings. For Internet Explorer users, follow these steps: — Select Tools > Internet Options.... — Click the Connections tab. — Click LAN Settings.... — If necessary, remove the check mark from the Use a proxy server box. — Click OK twice to save your changes and return to Internet Explorer. 3. Enter the Access Point’s IP address in the browser’s Address field and press Enter. — Result: The Enter Network Password screen appears.
Logging into the HTTP Interface 4. Enter the HTTP password in the Password field and click OK. Leave the User Name field blank. (By default, the HTTP password is “public”). — Result: The System Status screen appears. Figure 6-1. Enter Network Password Screen 5. Click the Commands button located on the left-hand side of the screen.
Introduction to File Transfer via TFTP or HTTP Figure 6-2. Commands Main Screen 6. Click the tab that corresponds to the command you want to issue. For example, click Reboot to restart the unit. Introduction to File Transfer via TFTP or HTTP There are two methods of transferring files to or from the AP, TFTP or HTTP (or HTTPS if enabled).
Introduction to File Transfer via TFTP or HTTP The following procedures describe uploading Configuration files from the AP: • Upload File by Using TFTP • Upload File by Using HTTP TFTP File Transfer Guidelines A TFTP server must be running and configured to point to the directory containing the file. If you do not have a TFTP server installed on your system, install the TFTP server from the Avaya Wireless CD.
Introduction to File Transfer via TFTP or HTTP Image Error Checking during File Transfer The Access Point performs checks to verify that an image downloaded through HTTP or TFTP is valid. The following checks are performed on the downloaded image: • Zero Image size • Large image size • Non VxWorks image • AP image • Digital signature verification If any of the above checks fail on the downloaded image, the Access Point deletes the downloaded image and retains the old image.
Update AP by Using TFTP Update AP by Using TFTP Use the Update AP via TFTP tab to download Configuration, AP Image, Bootloader files, and Certificate and Private Key files to the AP. A TFTP server must be running and configured to point to the directory containing the file. If you do not have a TFTP server installed on your system, install the TFTP server from the Avaya Wireless CD. You can either install the TFTP server from the CD Wizard or run OEM-TFTP-Server.
Update AP by Using TFTP Figure 6-3. Update AP via TFTP Command Screen 2. In the Server IP Address field, enter the TFTP server IP Address. To locate the IP address assigned to the TFTP server, double-click the TFTP server icon on your desktop. NOTE: This is the IP address that will be used to point the Access Point to the AP Image file. 3. In the File Name field, enter the name of the file to be downloaded (including the file extension).
Update AP by Using TFTP Copy the updated AP Image file to the TFTP server’s root folder. The default AP Image is located at C:/Program Files/Avaya_ Wireless/AP600/. 4. In the File Type field, select the proper file type. Choices include: — Config for configuration information, such as System Name, Contact Name, and so on. — Image for the AP Image (executable program). — BspBl for the Bootloader software. — Certificate: the digital certificate for authentication in SSL communications.
Update AP by Using HTTP Update AP by Using HTTP Use the Update AP via HTTP tab to download Configuration, AP Image, Bootloader files, and Certificate and Private Key files to the AP. 1. Once on the Update AP screen, click on the via HTTP tab. The Update AP via HTTP tab shows version information and allows you to enter HTTP information as described below. Figure 6-4.
Update AP by Using HTTP 2. Select the File Type that needs to be updated from the drop-down box. Choices include: — Config for configuration information, such as System Name, Contact Name, and so on. — Image for the AP Image (executable program). — Bsp/Bl for the Bootloader software. — Certificate: the digital certificate for authentication in SSL communications. — Private Key: the private key for encryption in SSL communications. 3.
Update AP by Using HTTP 5. Click OK to continue with the operation or Cancel to abort the operation. NOTE: An HTTP file transfer using SSL may take extra time. If the operation completes successfully the following screen appears. Figure 6-6. Update AP Successful If the operation did not complete successfully the following screen appears, and the reason for the failure is displayed.
Upload File by Using TFTP Figure 6-7. Update AP Unsuccessful Upload File by Using TFTP Use the Retrieve File via TFTP tab to upload Configuration files from the AP to a TFTP server. The TFTP server must be running and configured to point to the directory to which you want to copy the uploaded file. We suggest you assign the file a meaningful name, which may include version or location information.
Upload File by Using TFTP 1. Once on the Retrieve File screen, click on the via TFTP tab. The Retrieve AP via TFTP tab shows version information and allows you to enter TFTP information as described below. Figure 6-8. Retrieve File via TFTP Command Screen 2. In the Server IP Address field, enter the TFTP server IP Address. To locate the IP address assigned to the TFTP server, double-click the TFTP server icon on your desktop. 3. In the File Name field, enter the name of the file to be uploaded. 4.
Upload File by Using HTTP NOTE: For information on how to download the file from the TFTP server to the AP, see Update AP by Using TFTP. Upload File by Using HTTP Use the Retrieve File via HTTP tab to upload the configuration file from the AP. 1. Once on the Retrieve File screen, click the via HTTP tab. The Retrieve File via HTTP tab shows version information. Figure 6-9.
Upload File by Using HTTP 2. Click on the Retrieve Config File button to initiate this operation. The AP displays a confirmation message that asks if you want to proceed with retrieving the configuration file. Figure 6-10. Retrieve File Confirmation Message 3. Click OK to continue with the operation or Cancel to abort the operation. The File Download dialog box is displayed.
Upload File by Using HTTP Figure 6-11. File Download Dialog Box 4. On clicking the Save button the following Save As window displays, where the you are prompted to choose the filename and location where the Configuration file is to be downloaded.
Reboot Figure 6-12. Retrieve File Save As Dialog 5. Select an appropriate filename and location and click OK. Reboot Use the Reboot tab to save configuration changes (if any) and reset the AP. Entering a value of 0 (zero) seconds causes an immediate reboot. Note that Reset, described below, does not save configuration changes.
Reboot ! CAUTION: Rebooting the AP will cause all users who are currently connected to lose their connection to the network until the AP has completed the restart process and resumed operation. Figure 6-13.
Reset Reset Use the Reset tab to restore the AP to factory default conditions. The AP may also be reset from the RESET button located on the side of the unit. Since this will reset the Access Point’s current IP address, a new IP address must be assigned. Refer to Recovery Procedures for more information. ! CAUTION: Resetting the AP to its factory default configuration will permanently overwrite all changes that have made to the unit. The AP will reboot automatically after this command has been issued.
Help Link Help Link To open Help, click the Help button on any display screen. During initialization, the AP on-line help files are downloaded to the default location: C:/Program Files/Avaya_ Wireless/AP/HTML/index.htm. NOTE: Use the forward slash character (/) rather than the back slash character (\) when configuring the Help Link location. NOTE: Add the AP’s management IP address to the Internet Explorer list of Trusted Sites.
Help Link Figure 6-15.
Help Link 6-24 Avaya Wireless AP-4/5/6 User’s Guide
Troubleshooting 7 In This Chapter • Troubleshooting Concepts • Symptoms and Solutions • Recovery Procedures • Related Applications NOTE: This section helps you locate problems related to the AP device setup. For details about RADIUS, TFTP, serial communication programs (such as HyperTerminal), Telnet applications, or web browsers, please refer to the documentation that came with the application for assistance.
Troubleshooting Concepts Troubleshooting Concepts The following list identifies important troubleshooting concepts and topics. The most common initialization and installation problems relate to IP addressing. For example, you must have valid IP addresses for both the AP and the management computer to access the unit’s HTTP interface. • IP Address management is fundamental. • Factory default units are set for “Dynamic” (DHCP) IP Address assignment. The default IP address for the AP is 169.254.128.
Symptoms and Solutions • The AP Supports a Command Line Interface (CLI). If you are having trouble locating your AP on the network, connect to the unit directly using the serial interface and refer to The Command Line Interface for CLI command syntax and parameter names. Symptoms and Solutions Connectivity Issues Connectivity issues include any problem that prevents you from powering up or connecting to the AP. AP Unit Will Not Boot - No LED Activity 1. Make sure your power source is operating. 2.
Symptoms and Solutions 3. Make sure your PC terminal program (such as HyperTerminal) is active and configured to the following values: — Com Port: (COM1, COM2, etc. depending on your computer); — Baud rate: 9600; Data bits: 8; Stop bits: 1; Flow Control: None; Parity: None; — Line Feeds with Carriage Returns (In HyperTerminal select: File -> Properties -> Settings -> ASCII Setup -> Send Line Ends with Line Feeds) Ethernet Link Does Not Work 1. Double-check the physical network connections.
Symptoms and Solutions Basic Software Setup and Configuration Problems Lost AP, Telnet, or SNMP Password 1. Perform the Reset to Factory Default Procedure in this guide. This procedure resets system and network parameters, but does not affect the AP Image. The default AP HTTP password is “public”, and the default Telnet password is also “public”. Client Computer Cannot Connect 1. Client computers should have the same Network Name and security settings as the AP. 2.
Symptoms and Solutions AP Has Incorrect IP Address 1. Default IP Address Assignment mode is dynamic (DHCP). If you do not have a DHCP server on your network, the default IP Address is 169.254.128.132. If you have more than one unintialized AP connected to the network, they will all have the same default IP address and you will not be able to communicate with them (due to an IP address conflict).
Symptoms and Solutions 6. Perform the Reset to Factory Default Procedure in this guide. This will reset the unit to “DHCP” mode. If there is a DHCP Server on the network, the DHCP Server will assign an IP Address to the AP. HTTP (browser) or Telnet Interface Does Not Work 1. Make sure you are using a compatible browser: — Microsoft Internet Explorer 6 with Service Pack 1 or later — Netscape 6.1 or later 2. Make sure you have the proper IP address.
Symptoms and Solutions HTML Help Files Do Not Appear 1. Verify that the HTML Help files are installed in the default directory: C:\Program Files\Avaya_Wireless\AP\HTML\ 2. If the Help files are not located in this folder, contact your network administrator to find out where the Help files are located on your server. 3. Perform the following steps to verify the location or to enter the pathname for the Help files: a. Click the Commands button in the HTTP interface. b.
Symptoms and Solutions TFTP Server Does Not Work 1. Make sure the TFTP Server has been started. 2. Verify the IP address of the TFTP Server. The server may be local or remote, so long as it has a valid IP address. 3. Configure the TFTP Server to “point” to the folder containing the file to be downloaded (or to the folder in which the file is to be uploaded). 4. Verify that you have entered the proper AP Image file name (including the file extension) and directory path. 5.
Symptoms and Solutions Client PC Card Does Not Work 1. Make sure you are using the latest PC Card driver software. 2. Download and install the latest Avaya Wireless client software from http://www.avaya.com/support. Intermittent Loss of Connection 1. Make sure you are within range of an active AP. 2. You can check the signal strength using the signal strength gauge on your client software. If you have an 802.11b AP, you can also use the Remote Link Test available in the Access Point’s HTTP interface.
Symptoms and Solutions 3. From the client computer, use the “ping” network command to test the connection with the AP. If the AP responds, but you still cannot connect to the Internet, there may be a physical network configuration problem (contact your network support staff). 4. If using Power over Ethernet, make sure you are not using a crossover Ethernet cable between the AP and the hub.
Symptoms and Solutions VLAN Workgroups The correct VLAN assignment can be verified by pinging the AP to ensure connectivity, by pinging the switch to ensure VLAN properties, and by pinging hosts past the switch to confirm the switch is functional. Ultimately, traffic can be “sniffed” on the Ethernet or WDS interfaces (if configured) using third-party packages. Most problems can be avoided by ensuring that 802.1Q compliant VLAN tags containing the proper VLAN ID have been inserted in the bridged frames.
Symptoms and Solutions Power over Ethernet (PoE) The AP Does Not Work 1. Verify that you are using a standard UTP Category 5 cable. 2. Try a different port on the same PoE hub (remember to move the input port accordingly) – if it works, there is probably a faulty port or bad RJ-45 port connection. 3. If possible, try to connect the AP to a different PoE hub. 4. Try using a different Ethernet cable – if it works, there is probably a faulty connection over the long cable, or a bad RJ-45 connection. 5.
Recovery Procedures 4. Try to connect a different device to the same port on the PoE hub – if it works and a link is established, there is probably a faulty data link in the AP. 5. Try to re-connect the AP to a different output port (remember to move the input port accordingly) – if it works, there is probably a faulty output or input port in the PoE hub or a bad RJ-45 connection. “Overload” Indications 1. Verify that you are not using a cross-over cable between the PoE output port and the AP. 2.
Recovery Procedures If the password is lost or forgotten, you will need to reset the AP to default values. The Reset to Factory Default Procedure resets configuration settings, but does not change the current AP Image. If the AP has a corrupted software image, follow the Forced Reload Procedure to erase the current AP Image and download a new image. Reset to Factory Default Procedure Use this procedure to reset the network configuration values, including the Access Point’s IP address and subnet mask.
Recovery Procedures Figure 7-1.
Recovery Procedures Forced Reload Procedure Use this procedure to erase the current AP Image and download a new AP Image. In some cases, specifically when a missing or corrupted AP Image prevents successful booting, you may need to use ScanTool or the Bootloader CLI to download a new executable AP Image. NOTE: This does not delete the AP’s configuration (in other words, the Forced Reload Procedure does not reset to device to factory defaults).
Recovery Procedures ! CAUTION: By completing Step 2, the firmware in the AP will be erased. You will need an Ethernet connection, a TFTP server, and a serial cable (if using the Bootloader CLI) to reload firmware. 2. Press and hold the RELOAD button for about 20 seconds until the POWER LED turns amber. Result: The AP deletes the current AP Image. 3.
Recovery Procedures Preparing to Download the AP Image Before starting, you need to know the Access Point’s IP address, subnet mask, the TFTP Server IP Address, and the AP Image file name. Make sure the TFTP server is running and configured to point to the folder containing the image to be downloaded. Download Procedure Follow these steps to use ScanTool to download a software image to an Access Point with a missing image: 1. Download the latest software from http://www.avaya.com/support. 2.
Recovery Procedures 7. Enter the network’s Subnet Mask in the field provided. 8. Enter the network’s Gateway IP Address, if necessary. You may need to contact your network administrator to get this address. You should only need to enter the default gateway address if the Access Point and the TFTP server are separated by a router. 9. Enter the IP address of your TFTP server in the field provided. 10. Enter the Image File Name (including the file extension). Enter the full directory path and file name.
Recovery Procedures Download a New Image Using the Bootloader CLI To download the AP Image, you will need an Ethernet connection to the computer on which the TFTP server resides. This can be any computer on the LAN or connected to the AP with a cross-over Ethernet cable. You must also connect the AP to a computer with a standard serial cable and use a terminal client, such as HyperTerminal. From the terminal, enter CLI Commands to set the IP address and download an AP Image.
Recovery Procedures 4. Open your terminal emulation program (like HyperTerminal) and set the following connection properties: — Com Port: — Baud rate: 9600 — Data Bits: 8 — Stop bits: 1 — Flow Control: None — Parity: None 5. Under File -> Properties -> Settings -> ASCII Setup, enable the Send line ends with line feeds option. Result: HyperTerminal sends a line return at the end of each line of code. 6. Press the RESET button on the AP.
Recovery Procedures 7.
Recovery Procedures Setting IP Address using Serial Port Use the following procedure to set an IP address over the serial port using the CLI. The network administrator typically provides the AP IP address. Hardware and Software Requirements • Standard straight-through serial data (RS-232) cable with a one male DB-9 connector and one female DB-9 connector. The AP comes with a female 9-pin serial port. • ASCII Terminal software, such as HyperTerminal. Attaching the Serial Port Cable 1.
Recovery Procedures Initializing the IP Address using CLI After installing the serial port cable, you may use the CLI to communicate with the AP. CLI supports most generic terminal emulation programs, such as HyperTerminal (which is included with the Windows operating systems). In addition, many web sites offer shareware or commercial terminal programs you can download. Once the IP address has been assigned, you can use the HTTP interface or the CLI over Telnet to complete configuration.
Recovery Procedures 3. Press the RESET button on the AP (see RELOAD and RESET Buttons to identify the location of the RESET button). Result: The terminal display shows Power On Self Tests (POST) activity, and then displays a CLI prompt, similar to the example below. This process may take up to 90 seconds. [Device-Name]> Please enter password: 4. Enter the CLI password (default is public). Result: The terminal displays a welcome message and then the CLI Prompt: [Device-Name]> 5. Enter show ip.
Recovery Procedures network, you should not need to manually configure the Access Point’s IP address; the Access Point will obtain an IP address from the network’s DHCP server during boot-up. Result: After each entry the CLI reminds you to reboot; however wait to reboot until all commands have been entered.
Related Applications Related Applications RADIUS Authentication Server If you enabled RADIUS Authentication on the AP, make sure that your network’s RADIUS servers are operational. Otherwise, clients will not be able to log in. There are several reasons the authentication server services might be unavailable, here are two typical things to check: • Make sure you have the proper RADIUS authentication server information setup configured in the AP.
Related Applications have a valid TFTP IP address. Note that you do not need a TFTP server running unless you want to transfer files to or from the AP. After the TFTP server is installed: • Check to see that TFTP is configured to point to the directory containing the AP Image. • Make sure you have the proper TFTP server IP Address, the proper AP Image file name, and that the TFTP server is connected. • Make sure the TFTP server is configured to both send and receive, with no time-out.
Related Applications 7-30 Avaya Wireless AP-4/5/6 User’s Guide
The Command Line Interface A In This Appendix This section describes the AP’s Command Line (CLI) Interface. CLI commands can be used to initialize, configure, and manage the Access Point. CLI commands may be entered in real time through a keyboard or submitted with CLI scripts. After entering commands, press the Enter key to execute the command. The CLI is available through both the Serial Port interface and over the Ethernet interface using Telnet.
In This Appendix This appendix contains the following sections: • General Notes • Link Integrity Commands • Bootloader CLI • MAC Access Control Commands • CLI Conventions • Monitoring Parameters • CLI Help • Packet Forwarding Commands • Accessing the AP CLI • RAD Commands • CLI Commands • RADIUS Commands • Parameter Tables • Secure Management Commands • Auto Configuration Commands • Serial Port Commands • DHCP Server Commands • SNMP Commands • DNS Client Commands • Spanning Tree Commands
General Notes • 802.11b Wireless Interface Commands • Wireless Interface SSID/VLAN/Security Commands • 802.11b/g Wireless Interface Commands • VLAN/SSID Pair Commands General Notes Prerequisite Skills and Knowledge To use this document effectively, you should have a working knowledge of Local Area Networking (LAN) concepts, network access infrastructures, and client-server relationships.
General Notes • Screen names are displayed in bold italics. For example, the System Status screen. Important Terminology Term Description Configuration Files Database files containing the current Access Point configuration. Configuration items include the IP Address and other network-specific values. Config files may be downloaded to the Access Point or uploaded for backup or troubleshooting. Download vs. Upload Downloads transfer files to the Access Point.
General Notes Term Description Image File The Access Point software executed from RAM. To update an Access Point you typically download a new Image File. This file is often referred to as the “AP Image”. Parameter A fundamental network value that can be displayed and may be changeable. For example, the Access Point must have a unique IP Address and the Wireless interface must be assigned an SSID. Change parameters with the CLI set Command, and view them with the CLI show Command.
General Notes Navigation and Special Keys This CLI supports the following navigation and special key functions to move the cursor along the prompt line.
General Notes CLI Error Messages The following table describes the error messages associated with improper inputs or expected CLI behavior. Error Message Description Syntax Error Invalid syntax entered at the command prompt. Invalid Command A non-existent command has been entered at the command prompt. Invalid Parameter Name An invalid parameter name has been entered at the command prompt. Invalid Parameter Value An invalid parameter value has been entered at the command prompt.
Bootloader CLI Error Message Description Incorrect Password An incorrect password has been entered in the CLI login prompt. Download Unsuccessful The download operation has failed due to incorrect TFTP server IP Address or file name. Upload Unsuccessful The upload operation has failed due to incorrect TFTP server IP Address or file name. 2 of 2 Bootloader CLI Administrators use the CLI to control Access Point operation and monitor network statistics.
Bootloader CLI The Bootloader CLI provides you with the ability to configure the initial setup parameters as well as download a software image to the device.
Bootloader CLI The following lists display the results of using the help command in the Bootloader CLI: Figure A-1.
CLI Conventions The following lists display the results of using the show command in the Bootloader CLI: Figure A-2. Results of “show” bootloader CLI command CLI Conventions This section contains the following topics: • Command Conventions • Entering Text Strings Command Conventions Each table element (or parameter) must be specified, as in the example below. [Device-Name]> set mgmtipaccesstbl 0 ipaddr 10.0.0.10 ipmask 255.255.0.
CLI Conventions Below are the rules for creating, modifying, enabling and disabling, and deleting table entries. • Creation — The table name is required. — The table index is required. For table entry or instance creation, the index is always zero (0). — The order in which the table arguments or objects are entered is not important. — Parameters that are not required can be omitted, in which case they will be assigned the default value. • Modification — The table name is required.
CLI Conventions • Enabling/Disabling — The table name is required. — The table index is required. For table enabling/disabling the index should be the index of the entry to be enabled/disabled. — The entry’s new state (either “enable” or “disable”) is required. • Deletion — The table name is required. — The table index is required. For table deletion the index should be the index of the entry to be deleted. — The word “delete” is required.
CLI Help The scenarios supported by this CLI are: “My Desk in the office” ‘My Desk in the office’ “My ‘Desk’ in the office” ‘My “Desk” in the office’ “Daniel’s Desk in the office” ‘Daniel”s Desk in the office’ Double Quotes Single Quotes Single Quotes within Double Quotes Double Quotes within Single Quotes One Single Quote within Double Quotes One Double Quote within Single Quotes The string delimiter does not have to be used for every string object.
CLI Help The following table lists each operation and provides a basic example. Detailed examples and display results for each operation follow the table. Operation Basic Example Display the command list (see Example 1. Displaying the command list) [Device-Name]>? Display commands that start with specified letters (see Example 2. Displaying specific commands) [Device-Name]>s? Display parameters for set and show commands (see Example 3.
CLI Help Figure A-3. Result of “?” CLI command Example 2. Displaying specific commands To show all commands that start with specified letters, enter one or more letters, then ? with no space between letters and ?. [Device-Name]>s? Figure A-4. Result of “s?” CLI command Example 3. Displaying parameters for set and show commands Example 3a allows you to see every possible parameter for the set (or show) commands. Notice from example 3a that the list is very long.
CLI Help Example 3a. Displaying every parameter that can be changed [Device-Name]> set ? Figure A-5. Result of “set ?” CLI command . . . .
CLI Help Example 3b. Displaying parameters based on letter sequence This example shows entries for parameters that start with the letter “i”. The more letters you enter, the fewer the results returned. Notice that there is no space between the letters and the question mark. [Device-Name]> show ipa? Figure A-6. Result of “show ipa?” CLI command [Device-Name]> show iparp? Figure A-7. Result of “show iparp?” CLI command Example 4.
CLI Help After entering one parameter, you may add another ? to the new CLI line to see the next parameter prompt, and so on until you have entered all of the required parameters. The following example shows how this is used for the download Command. The last part of the example shows the completed download command ready for execution. [Device-Name]> download ? [Device-Name]> download 192.168.0.101 ? [Device-Name]> download 192.168.0.
CLI Help Figure A-8.
Accessing the AP CLI Accessing the AP CLI You can use HyperTerminal or Telnet to access the AP CLI: • Using HyperTerminal to Log in to the AP • Using Telnet to Log in to the AP Using HyperTerminal to Log in to the AP 1. Open your terminal emulation program (like HyperTerminal) and set the following connection properties: — Com Port:
Accessing the AP CLI 2. Under File -> Properties -> Settings -> ASCII Setup, enable the Send line ends with line feeds option. Result: HyperTerminal sends a line return at the end of each line of code. 3. Enter the CLI password (default is public). NOTE: Avaya recommends changing all default passwords immediately. See the following sections for information on how to change the default passwords: — CLI password, see passwd.
Accessing the AP CLI NOTE: If you have not previously configured the Access Point’s IP address and do not have a DHCP server on the network, the Access Point will default to an IP address of 169.254.128.132. 2. Go to the DOS command prompt on your computer. 3. Type telnet . 4. Enter the CLI password (default is public). NOTE: Avaya recommends changing all default passwords immediately.
CLI Commands CLI Commands • done: Terminates the CLI session • download: Uses TFTP server to download image, configuration, or bootloader upgrade files to Access Point • exit: Terminates the CLI session • help: Displays general CLI help information or command help information, such as command usage and syntax • history: Remembers commands to help avoid re-entering complex statements • passwd: Sets the Access Point’s CLI password • quit: Terminates the CLI session • reboot: Reboots the Access Point in the s
CLI Commands done Ends a CLI session. [Device-Name]> done The exit and quit commands perform the same action. download Downloads the specified file from a TFTP server to the Access Point. Executing download in combination with the asterisk character (*) will make use of the previously set TFTP parameters. Executing download without parameters will display command help and usage information.
CLI Commands Action Displays help and usage information Executes the download command using previously set (stored) TFTP parameters Syntax [Device-Name]> download [Device-Name]> download * 2 of 2 Example: [Device-Name]> download 192.168.1.100 APImage2 img exit Ends a CLI session: [Device-Name]> exit The done and quit commands perform the same action. help Displays instructions on using control-key sequences for navigating a command line and displays command information and examples.
CLI Commands Syntax: Action Syntax Use help as the only argument. See the following example.
CLI Commands Example: Figure A-9.
CLI Commands history Shows contents of Command History Buffer. The Command History Buffer stores command statements entered in the current session. To avoid re-entering long command statements, use the keyboard Up Arrow (Ctrl-P) and Down Arrow (Ctrl-N) keys to recall previous statements from the Command History Buffer. When the desired statement is displayed, press the Enter key to execute, or you may edit the statement before executing it. [Device-Name]> history passwd Changes the CLI Password.
CLI Commands quit Ends a CLI session: [Device-Name]> quit The done and exit commands perform the same action. reboot Reboots the Access Point after specified number of seconds. Specify a value of 0 (zero) for immediate reboot.
CLI Commands search Lists the parameters supported by the specified table. This list corresponds to the table information displayed in the HTTP interface. In the following example, the CLI returns the list of parameters that make up an entry in the IP Access Table. Example: [Device-Name]> search mgmtipaccesstbl Figure A-10.
CLI Commands set Configures the value of the specified parameter. To see a definition and syntax example, type only set and then press the Enter key. To see a list of available parameters, enter a space, then a question mark (?) after set (example: set?). As shown in the following examples, parameters may be set individually or all parameters for a given table can be set with a single statement. Syntax [Device-Name]> set [Device-Name]> set ...CLI Commands The following message is displayed every time you configure an object that requires the device to be rebooted. [Device-Name]> set ipaddr 135.114.73.10 The following elements require reboot ipaddr In addition to the above informational message, the CLI also provides a message as a result of the exit, quit, or done command if changes have been made to objects that require reboot.
CLI Commands Set the Access Point IP Address Parameter Syntax: [Device-Name]> set Example: [Device-Name]> set ipaddr 10.0.0.12 Result: IP Address will be changed when you reboot the Access Point. The CLI reminds you when rebooting is required for a change to take effect. To reboot immediately, enter reboot 0 (zero) at the CLI prompt. Create a table entry or row Use 0 (zero) as the table index when you create an entry.
CLI Commands Modify a table entry or row Use the index to be modified and the table elements you would like to modify. For example, suppose the IP Access Table has one entry and you wanted to modify the IP address: [Device-Name]> set mgmtipaccesstbl 1 ipaddr 10.0.0.11 You can also modify several elements in the table entry. Enter the index number and specific table elements you would like to modify. (Hint: Use the search command to see the elements that belong to the table.
CLI Commands NOTE: You may need to enable a disabled table entry before you can change the entry’s elements. show Displays the value of the specified parameter, or displays all parameter values of a specified group (parameter table). Groups contain Parameters and Tables. Tables contain parameters for a series of similar entities. To see a definition and syntax example, type only show and then press the Enter key.
CLI Commands Show Group Parameters To view all elements of a group or table: Syntax: [Device-Name]> show Example: [Device-Name]> show network Result: The CLI displays network group parameters. Note show network and show ip return the same data. Figure A-11.
CLI Commands Show Individual and Table Parameters To view a single parameter: Syntax: [Device-Name]> show Example: [Device-Name]> show ipaddr Result: Figure A-12. Displays the Access Point IP address. Result of “show ipaddr” CLI Command To view all parameters in a table: A-38 Syntax: [Device-Name]> show Example: [Device-Name]> show mgmtipaccesstbl Result: Displays the IP Access Table and its entries.CLI Commands upload Uploads a text-based configuration file from the AP to the TFTP Server. Executing upload with the asterisk character (*) will make use of the previously set/stored TFTP parameters. Executing upload without parameters will display command help and usage information.
Parameter Tables Parameter Tables Objects contain groups that contain both parameters and parameter tables. Use the parameter tables in the following sections to configure the Access Point.
Auto Configuration Commands Auto Configuration Commands The Auto Configuration feature automatically configures an AP by downloading a specific configuration file from a TFTP server during the boot up process. Perform the following commands to enable and set up automatic configuration: NOTE: The configuration filename and TFTP server IP address are configured only when the AP is configured for Static IP. If the AP is configured for Dynamic IP, these parameters are not used and obtained from DHCP.
Auto Configuration Commands Auto Configuration Parameters These parameters relate to the Auto Configuration feature which allows an AP to be automatically configured by downloading a specific configuration file from a TFTP server during the boot up process.
DHCP Server Commands DHCP Server Commands ! CAUTION: Before enabling DHCP server on the AP, confirm that the IP address pools you have configured are valid addresses on the network and do not overlap the addresses assigned by any other DHCP server on the network. Enabling this feature with incorrect address pools will cause problems on your network.
DHCP Server Commands NOTE: You must have at least one entry in the DHCP Server IP Address Pool Table before you can set the DHCP Server Status (dhcpstatus) to Enable.
DHCP Server Commands NOTE: Set either End IP Address or Width (but not both) when creating an IP address pool.
DNS Client Commands DNS Client Commands DNS Client for RADIUS Name Resolution Name DNS Client DNS Client status Type Group Integer Primary DNS Server IP Address Secondary DNS Server IP Address Default Domain Name Values N/A enable Access CLI Parameter R dns RW dnsstatus IpAddress disable (default) User Defined RW dnspridnsipaddr IpAddress User Defined RW dnssecdnsipaddr Integer32 User Defined (up to 254 characters) RW dnsdomainname Syntax Examples [Device-Name]> set dnsstatus enable [Devic
DNS Client Commands [Device-Name]> show dns Figure A-13.
Ethernet Interface Commands Ethernet Interface Commands Ethernet Interface Parameters Name Ethernet Interface Speed Type Group Integer Values N/A 10halfduplex Access CLI Parameter R ethernet RW etherspeed 10fullduplex 10autoduplex 100halfduplex 100fullduplex autohalfduplex MAC Address PhyAddress autoautoduplex (default) N/A R ethermacaddr Syntax Examples [Device-Name]> set etherspeed (See Table A-1.
Ethernet Interface Commands Table A-1 Ethernet Speed and Transmission Mode Ethernet Speed and Transmission Mode Value 10 Mbits/sec - half duplex 10halfduplex 10 Mbits/sec - full duplex 10fullduplex 10 Mbits/sec - auto duplex 10autoduplex 100 Mbits/sec - half duplex 100halfduplex 100 Mbits/sec - full duplex 100fullduplex Auto Speed - half duplex autohalfduplex Auto Speed - auto duplex autoautoduplex (default) Avaya Wireless AP-4/5/6 User’s Guide A-49
Filtering Commands Filtering Commands Ethernet Protocol Filtering Parameters Name Type Ethernet Filtering Group Filtering Interface Interface Bitmask Bitmask Values Access CLI Parameter N/A R etherflt 0 or 2 - no interfaces RW etherfltifbitmask (disable) 1 or 3 - Ethernet 4 or 6 - Wireless 5 or 7 - all interfaces (default is 7) passthru Operation Type RW etherfltoptype block Ethernet Protocol Filtering Table Parameters Identify the different filters by using the table index.
Filtering Commands Name Protocol Name (optional) Status (optional) Type DisplayString Integer Values enable (1) Access CLI Parameter RW protoname RW status disable (2) delete (3) 2 of 2 NOTE: The filter Operation Type (passthru or block) applies only to the protocol filters that are enabled in this table. NOTE: The AP requires a reboot for changes to the Ethernet Protocol Filtering Table to take effect.
Filtering Commands Name Static MAC Address Mask on Wired Network Static MAC Address on Wireless Network Static MAC Address Mask on Wireless Network Comment (optional) Status (optional) Type PhysAddress Values User Defined PhysAddress User Defined RW wirelessmacaddr PhysAddress User Defined RW wirelessmask DisplayString max 255 characters enable (default) RW cmt RW status Integer Access CLI Parameter RW wiredmask disable delete 2 of 2 Proxy ARP Parameters Name Proxy ARP Status Type Group
Filtering Commands IP ARP Filtering Parameters Name IP ARP Filtering Status IP Address Subnet Mask Type Group Integer IpAddress IpAddress Values N/A enable disable (default) User Defined User Defined Access CLI Parameter R iparp RW iparpfltstatus RW RW iparpfltipaddr iparpfltsubmask Broadcast Filtering Table Name Type Broadcast Filtering Table Table Index Integer Protocol Name Direction DisplayString Integer Values N/A Access CLI Parameter R broadcastflttbl 1-5 N/A index N/A ethertowireless R
Filtering Commands TCP/UDP Port Filtering The following parameters are used to enable/disable the Port filter feature. Name Port Filtering Port Filter Status Type Group Integer Values N/A enable (default) Access CLI Parameter R portflt RW portfltstatus disable TCP/UDP Port Filtering Table The following parameters are used to configure TCP/UDP Port filters.
Filtering Commands Name Port Type Type Octet String Values tcp Access CLI Parameter RW porttype udp Port Number Octet String tcp/udp User Defined RW portnum RW protoname (there are also 4 pre-defined protocols: Protocol Name DisplayString Index 1: NetBios Name Service – 137, Index 2: NetBios Datagram Service – 138, Index 3: NetBios Session Service – 139, Index 4: SNMP Service – 161) User Defined (there are also 4 pre-defined protocols, see Port Number above) 2 of 3 Avaya Wireless AP-4/5/6 Us
Filtering Commands Name Interface Bitmask Type Integer32 Values Access CLI Parameter RW ifbitmask 0 or 2 - no interfaces (disable) 1 or 3 - Ethernet 4 or 6 - Wireless Status (optional) Integer 5 or 7 - all interfaces (default is 7) enable (default for new entries) RW status disable (default for pre-defined entries) delete 3 of 3 A-56 Avaya Wireless AP-4/5/6 User’s Guide
HTTP and HTTPS Commands HTTP and HTTPS Commands HTTP (Web browser) Parameters ! CAUTION: Avaya strongly urges you to change the default passwords to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you can always perform the Reset to Factory Default Procedure.
HTTP and HTTPS Commands NOTE: The default path for the Help files is C:/Program Files/Avaya_ Wireless/AP/HTML/index.htm. (Use the forward slash character (/) rather than the back slash character (\) when configuring the Help Link location.) The AP Help information is available in English, French, German, Italian, Spanish, and Japanese.
HTTP and HTTPS Commands Set TCP Port [Device-Name]> set httpport Configure Secure Socket Layer (HTTPS) Enabling SSL and configuring a passphrase allows encrypted Secure Socket Layer communications to the AP through the HTTPS interface. [Device-Name]> set sslstatus You must change the SSL passphrase when uploading a new certificate/private key pair, which will have a corresponding passphrase.
IAPP Commands IAPP Commands NOTE: These parameters configure the Inter Access Point Protocol (IAPP) for roaming. Leave these settings at their default value unless a technical representative asks you to change them.
Intra BSS Commands Name Type Max. Handover Integer Retransmissions Send Announce Integer Request on Startup Values 1 - 4 (default 4) enable (default) disable Access CLI Parameter RW iapphandretx RW iappannreqstart 2 of 2 Intra BSS Commands Intra BSS Parameters The following parameters control the Intra Basic Service Set (BSS) traffic feature, which prevents wireless clients that are associated with the same AP from communicating with each other.
Inventory Management Commands Inventory Management Commands Inventory Management Parameters Name Type System Inventory Subgroup Management Component Table Subgroup Component Interface Subgroup Table Values N/A N/A N/A Access CLI Parameter R sysinvmgmt R R sysinvmgmtcmptbl sysinvmgmtcmpiftbl NOTE: The inventory management commands display advanced information about the AP’s installed components. You may be asked to report this information to a representative if you contact customer support.
IP Access Table Commands arguments. Due to the nature of the information, the only argument that can be omitted is the “comment” argument.
IP Commands IP Commands IP Configuration Parameters Name Type Network Group IP Configuration Group Values N/A N/A IP Address IP Mask Default Router IP Address Default TTL IpAddress IpAddress IpAddress User Defined User Defined User Defined Integer Address Type Integer User Defined (seconds) 64 (default) static Access CLI Parameter R network R ip (Note: The network and ip parameters display the same information) RW ipaddr RW ipmask RW ipgw RW ipttl RW ipaddrtype dynamic (default) NOTE: The IP
Link Integrity Commands NOTE: The IP Subnet Mask of the AP must match your network’s Subnet Mask.
Link Integrity Commands Name Link Integrity Poll Interval Type Integer Link Integrity Poll Retransmissions Integer Values 500 - 15000 ms (in increments of 500ms) 500 ms (default) 0 - 255 Access CLI Parameter RW linkintpollint RW linkintpollretx 5 (default) 2 of 2 IP Target Table Parameters Name Link Integrity IP Target Table Table Index Target IP Address Comment (optional) Status (optional) Type Table Integer IpAddress DisplayString Integer Values N/A Access CLI Parameter R linkinttbl 1-5 User
Link Integrity Commands Syntax Examples [Device-Name]> show linkinttbl (this shows the current links) [Device-Name]> set linkinttbl <1-5 (depending on what table row you wish to address)> ipaddr [Device-Name]> set linkintpollint [Device-Name]> set linkintpollretx [Device-Name]> set linkintstatus enable [Device-Name]> show linkinttbl (confirm new s
MAC Access Control Commands MAC Access Control Commands MAC Access Control Parameters Name MAC Address Control Status Operation Type Type Group Values N/A Integer Integer Access CLI Parameter R macacl enable disable (default) passthru (default) block RW macaclstatus RW macacloptype MAC Access Control Table Parameters Name MAC Address Control Table Table Index MAC Address Type Table N/A PhysAddress Values N/A Access CLI Parameter R macacltbl N/A User Defined R RW index macaddr 1 of 2 A-68
MAC Access Control Commands Name Comment (optional) Type DisplayString Status (optional) Integer Values User Defined max 254 characters enable (default) Access CLI Parameter RW cmt RW status disable delete 2 of 2 Syntax Examples Setup MAC (Address) Access Control [Device-Name]> set macaclstatus enable [Device-Name]> set macacloptype [Device-Name]> reboot 0 Add an Entry to the MAC Access Control Table [Device-Name]> set macacltbl macaddr status enable [Device
Monitoring Parameters NOTE: For larger networks that include multiple Access Points, you may prefer to maintain this list on a centralized location using the RADIUS parameters (see RADIUS Commands). Monitoring Parameters Using the show command with the following table parameters will display operating statistics for the AP (these are the same statistics that are described in Monitor Information for the HTTP Web interface). • staticmp: Displays the ICMP Statistics.
Packet Forwarding Commands Packet Forwarding Commands Packet Forwarding Parameters The following parameters control the Packet Forwarding feature, which redirects wireless traffic to a specific MAC address: Name Type Packet Forwarding Group MAC Address Packet Forwarding MacAddress MAC Address Packet Forwarding Integer Status Packet Forwarding Interface Port Integer Values N/A Access CLI R pktfwd User Defined RW pktfwdmacaddr enable RW pktfwdstatus disable (default) 0 (any) (default) RW pktfwdif
RAD Commands NOTE: The Wireless Distribution System (WDS) feature is not available for 802.11a or 802.11b/g APs at this time. RAD Commands The Rogue AP Detection (RAD) feature enables an additional security level for wireless LAN deployments. The RAD feature provides a mechanism for detecting Rogue Access Points by utilizing the coverage of the trusted Access Point deployment. The Rogue AP Scan employs background scanning using low-level 802.
RAD Commands Rogue Access Point Detection (RAD) Parameters Name Type Values Access CLI Parameter Rogue Access Point Detection (RAD) Group N/A R rad Status Integer enable RW radstatus RW radscanint disable (default) Scan Interval Integer 15-1440 (minutes) Syntax Examples [Device-Name]> set radstatus enable [Device-Name]> set radscanint <15-1440> [Device-Name]> show rad Figure A-14.
RADIUS Commands RADIUS Commands Avaya Wireless devices that use RADIUS authentication or accounting support a primary and backup RADIUS server for MAC-based authentication and a primary and backup RADIUS server for EAP/802.1x authentication. The configuration parameters and statistics are the same for both primary and backup servers.
RADIUS Commands Name MAC Address Format Type Integer Values dashdelimited (default) Access CLI Parameter RW radmacaddrformat colondelimited singledashdelimited RADIUS Accounting Status Accounting Inactivity Timer Integer no delimiter enable disable (default) Integer32 0 – 2147483647 minutes; default is 5 min. RW radaccstatus RW radaccinactivetmr 2 of 2 RADIUS Authentication Parameters NOTE: Use a server name only if you have enabled the DNS Client functionality. See DNS Client Commands.
RADIUS Commands Name Type Backup EAP/802.
RADIUS Commands RADIUS Accounting Parameters NOTE: Use a server name only if you have enabled the DNS Client functionality. See DNS Client Commands.
RADIUS Commands Name Response Time (sec) Type Integer Values 1 – 4 seconds Integer 3 sec (default) 1 – 10 Maximum Retransmissions (optional) Access CLI Parameter RW responsetm RW maxretx 3 (default) 2 of 2 Syntax Examples Configure RADIUS Authentication server [Device-Name]> set radiustbl status enable seraddrfmt ipaddr port ssecret responsetm <1 to 10 seconds> maxretx <0 to 4 times> [Device-Name]> show radiustbl A-
RADIUS Commands Figure A-15.
RADIUS Commands Enable RADIUS MAC Access Control [Device-Name]> set radmacaccctrl enable [Device-Name]> reboot 0 Set MAC Address Format Type [Device-Name]> set radmacaddrformat Set Authorization Lifetime (for MAC-based authentication or EAP/802.
RADIUS Commands Figure A-16.
Secure Management Commands Figure A-17.
Serial Port Commands Serial Port Commands Serial Port Parameters Name Serial Baud Rate Type Group Integer Values N/A 2400, 4800, Access CLI Parameter R serial RW serbaudrate 9600 (default), Data Bits Parity Stop Bits Flow Control Integer Integer Integer Value 19200, 38400, 57600 8 none 1 none (default) R R R RW serdatabits serparity serstopbits serflowctrl xonxoff NOTE: To avoid unexpected performance issues, leave Flow Control at the default setting (none) unless you are sure what this setting
SNMP Commands Syntax Examples [Device-Name]> set serbaudrate <2400, 4800, 9600, 19200, 38400, 57600> [Device-Name]> set serflowctrl [Device-Name]> show serial Figure A-18. Result of “show serial” CLI Command SNMP Commands SNMP Parameters ! CAUTION: Avaya strongly urges you to change the default passwords to restrict access to your network devices to authorized personnel. If you lose or forget your password settings, you can always perform the Reset to Factory Default Procedure.
SNMP Commands Name SNMP SNMP Management Interface Bitmask Type Group Interface Bitmask Values Access CLI Parameter N/A R snmp RW snmpifbitmask 0 or 2 - no interfaces (disable) 1 or 3 - Ethernet 4 or 6 - Wireless DisplayString 5 or 7 - all interfaces (default is 7) User Defined W snmprpasswd Read/Write Password DisplayString public (default) max 63 characters User Defined W snmprwpasswd SNMPv3 Authentication Password DisplayString public (default) max 63 characters User Defined W snmpv3authpa
SNMP Commands SNMP Trap Host Table Parameters When creating table entries, you specify the argument name followed by an argument value. The CLI applies default values to the omitted arguments. Due to the nature of the information, the only argument that can be omitted is the “comment” argument. NOTE: Up to 10 entries can be added to the SNMP Trap Host Table.
SNMP Commands Syntax Examples Change SNMP Passwords [Device-Name]> set snmprpasswd (SNMP read password) [Device-Name]> set snmprwpasswd (SNMP read/write) [Device-Name]> set snmpv3authpasswd (SNMPv3 authentication password) [Device-Name]> set snmpv3privpasswd (SNMPv3 privacy password) Configure Management Interfaces [Device-Name]> set snmpifbitmask <(see Table A-3)> Choose from the following values: Table A-3 Interface Bitmask Values Interface
Spanning Tree Commands Spanning Tree Commands Spanning Tree Parameters Name Spanning Tree Spanning Tree Status Type Group Integer Bridge Priority Integer Maximum Age Integer Hello Time Integer Forward Delay Integer A-88 Values N/A enable (default) disable 0 – 65535 32768 (default) 600 – 4000 (in 0.01 sec intervals; i.e., 6 to 40 seconds) 2000 (default) 100 – 1000 (in 0.01 sec intervals; i.e., 1 to 10 seconds) 200 (default) 400 – 3000 (in 0.01 sec intervals; i.e.
Spanning Tree Commands Spanning Tree Priority and Path Cost Table Name Spanning Tree Table Table Index (Port) Priority Type Table N/A Integer Path Cost Integer State Integer Values N/A 1 – 15 0 – 255 128 (default) 1 – 65535 100 (default) disable Access CLI Parameter R stpbl R RW index priority RW pathcost R state RW status blocking listening learning forwarding Status Integer broken enable disable Avaya Wireless AP-4/5/6 User’s Guide A-89
SpectraLink VoIP Commands SpectraLink VoIP Commands SpectraLink VoIP Parameters (802.11b and bg Modes Only) These parameters enable or disable the SpectraLink Voice over IP feature. The Spectralink Legacy Support parameter should be enabled if the AP is operating in 802.11bg mode and legacy 802.11 Spectralink telephones are used. This parameter will set the basic rates of the AP to be 1 and 2 Mbps in 802.
Storm Threshold Commands Storm Threshold Commands Storm Threshold Parameters Name Storm Threshold Broadcast Threshold Type Group Integer Multicast Threshold Integer Values N/A 0 – 255 packets/sec (default is 0) 0 – 255 packets/sec (default is 0) Access CLI Parameter N/A stmthres RW stmbrdthres Values N/A Access CLI Parameter R stmthrestbl RW stmmultithres Storm Threshold Table Name Storm Threshold Table Table Index Type Table Integer 1 = Ethernet R index 3 = Wireless 1 of 2 Avaya Wireless AP
Syslog Commands Name Broadcast Threshold Type Integer Multicast Threshold Integer Values 0 – 255 packets/sec (default is 0) 0 – 255 packets/sec (default is 0) Access CLI Parameter RW bcast RW mcast 2 of 2 Syslog Commands Syslog Parameters The following parameters configure the Syslog settings.
Syslog Commands Name Syslog Lowest Priority Logged Type Integer Values 1–7 Access CLI Parameter RW syslogpritolog 1 = LOG_ALERT 2 = LOG_CRIT 3 = LOG_ERR 4 = LOG_ WARNING 5 = LOG_NOTICE 6 = LOG_INFO (default) Heartbeat Status Heartbeat Interval (seconds) Integer Integer 7 = LOG_DEBUG enable (1) disable (2) (default) 1 – 604800 seconds; 900 sec. (default) RW sysloghbstatus RW sysloghbinterval 2 of 2 NOTE: The Heartbeat parameters are advanced settings not available via the HTTP interface.
Syslog Commands Syslog Host Table Parameters The table described below configures the Syslog hosts that will receive message from the AP. You can configure up to ten Syslog hosts.
System Information Commands System Information Commands System Parameters Name System Name Location Contact Name Contact E-mail Contact Phone FLASH Backup Interval Flash Update System OID Descriptor Type Values Access CLI Parameter Group N/A R system Display String User Defined RW sysname Display String User Defined RW sysloc Display String User Defined RW sysctname Display String User Defined RW sysctemail RW sysctphone Display String User Defined Maximum 254 characters Integer 0 - 65535 seconds RW sysf
System Information Commands Name Up Time Type Integer Values dd:hh:mm:ss Access CLI Parameter R sysuptime dd – days hh – hours mm – minutes Emergency Restore to defaults ss – seconds Resets all parameters to default factory values RW sysresettodefaults Note: You must enter the following command twice to reset to defaults: set sysresettodefaults 1 2 of 2 Syntax Examples [Device-Name]> set sysname sysloc [Device-Name]> set sysctname
Telnet Commands Figure A-19.
Telnet Commands Name Telnet Port Type Integer Values User Defined Access CLI Parameter RW telport Telnet Login Inactivity Time-out Integer 23 (default) 1 – 300 seconds RW tellogintout Telnet Session Idle Time-out Integer 30 sec (default) 1 - 900 seconds RW telsessiontout 900 sec (default) Syntax Examples Configure Management Interfaces [Device-Name]> set telifbitmask <(see Table A-4)> Choose from the following values: Table A-4 Interface Bitmask Values Interface Bitmask Description 0 or
TFTP Commands Set TCP Port [Device-Name]> set telport Set Telnet Session Timeouts [Device-Name]> set tellogintout
TFTP Commands Name Type TFTP Group TFTP Server IP IpAddress Address TFTP File DisplayString Name TFTP File Type Integer Values N/A User Defined Access CLI Parameter R tftp RW tftpipaddr User Defined RW tftpfilename img RW tftpfiletype config bootloader Syntax Examples Download an AP Configuration File from a TFTP Server First start your TFTP program. It must be running and configured to transmit and receive.
TFTP Commands After following the complete process (above) once, you can download a file of the same name (as long as all the other parameters are the same), with the following command: [Device-Name]> download * Backup your AP Configuration File to a TFTP Server First start your TFTP program. It must be running and configured to transmit and receive. [Device-Name]> upload
WDS Commands WDS Commands Wireless Distribution System (WDS) Parameters Name WDS Table Port Index Status Partner MAC Address Type Table Integer Integer PhysAddress Values Access CLI Parameter N/A R wdstbl 3.1 - 3.6 (Wireless) R portindex enable, disable RW status User Defined RW partnermacaddr Wireless Distribution System (WDS) Security Table Parameters The WDS Security Table manages WDS related security objects.
802.11a Wireless Interface Commands 802.11a Wireless Interface Commands The wireless interface group parameter is wif. For Single-radio APs, the wireless interface uses table index 3. See Interfaces for information on these parameters. 802.
802.11a Wireless Interface Commands Access CLI Parameter Name Type Values Supported Frequency Octet String Depends on R suppchannels Channels Regulatory Domain Load Balancing Integer enable (default) RW ldbalance Operating Frequency Channel Integer disable Varies by regulatory domain and country. See RW channel 802.
802.11a Wireless Interface Commands Syntax Examples Network Name (SSID) [Device-Name]> set wif netname [Device-Name]> show wif Figure A-20.
802.11a Wireless Interface Commands Operational Mode [Device-Name]> set wif mode Mode Operational Mode 1 dot11b-only 2 dot11g-only 3 dot11bg 4 dot11a-only 5 dot11g-wifi TX Power Control The TX Power Control feature lets the user configure the transmit power level of the card in the AP at one of four levels: • 100% of the maximum transmit power level of the card • 50% • 25% • 12.
802.11b Wireless Interface Commands Perform the following commands to enable TX Power Control and set the transmit power level: [Device-Name]> set txpowercontrol enable [Device-Name]> set wif currenttxpowerlevel Allowed values are: 1 (100%), 2 (50%), 3 (25%), 4 (12.5%) Autochannel Select (ACS) ACS is enabled by default. Reboot after disabling or enabling ACS.
802.11b Wireless Interface Commands 802.
802.11b Wireless Interface Commands Name Distance between APs Type Integer Values large (default) Access CLI Parameter RW distaps medium small minicell Interference Robustness Integer Operating Frequency Channel Integer Multicast Rate Integer microcell enable (default) disable 1 - 14; available channels vary by regulatory domain/country; see 802.11b Channel RW interrobust RW channel RW multrate Frequencies 1 Mbits/sec (1) 2 Mbits/sec (2) (default) 5.
802.11b Wireless Interface Commands Name Supported Data Rates Type Octet String Values 1 Mbits/sec Access CLI Parameter R suppdatarates 2 Mbits/sec 5.5 Mbits/sec Transmit Rate Integer32 11 Mbits/sec 0 (auto fallback default) RW txrate 1 Mbits/sec 2 Mbits/sec 5.5 Mbits/sec Supported Frequency Channels Physical Layer Type Octet String Regulatory Domain List DisplayString Integer 11 Mbits/sec Depends on Regulatory Domain dsss (direct sequence spread spectrum) for 802.11b U.S.
802.11b Wireless Interface Commands Syntax Examples Network Name (SSID) [Device-Name]> set wif netname [Device-Name]> show wif For results of the show wif command, see Figure A-20.
802.11b Wireless Interface Commands • 100% of the maximum transmit power level of the card • 50% • 25% • 12.5% Perform the following commands to enable TX Power Control and set the transmit power level: [Device-Name]> set txpowercontrol enable [Device-Name]> set wif currenttxpowerlevel Allowed values are: 1 (100%), 2 (50%), 3 (25%), 4 (12.5%) Autochannel Select (ACS) ACS is enabled by default. Reboot after disabling or enabling ACS.
802.11b Wireless Interface Commands Enable/Disable Interference Robustness (802.11b Only) [Device-Name]> set wif interrobust Enable/Disable Load Balancing (802.11b Only) [Device-Name]> set wif ldbalance Enable/Disable Medium Density Distribution (802.11b Only) [Device-Name]> set wif meddendistrib Set the Distance Between APs (802.
802.11b Wireless Interface Commands Set the Multicast Rate (802.11b Only) [Device-Name]> set wif multrate <1,2,5.5,11 (Mbits/sec)> NOTE: The Distance Between APs must be set before the Multicast Rate. NOTE: There is an inter-dependent relationship between the Distance between APs and the Multicast Rate. In general, larger systems operate at lower average transmit rates. Distance between APs A-114 Multicast Rate Large 1 and 2 Mbits/sec Medium 1, 2, and 5.5 Mbits/sec Small 1, 2, 5.
802.11b/g Wireless Interface Commands 802.11b/g Wireless Interface Commands The wireless interface group parameter is wif. For Single-radio APs, the wireless interface uses table index 3. See Interfaces for information on these parameters. 802.
802.11b/g Wireless Interface Commands Access CLI Parameter Name Type Values Supported Frequency Octet String Depends on R suppchannels Channels Regulatory Domain Load Balancing Integer enable (default) RW ldbalance Wireless Operational Mode Integer disable dot11b-only RW mode RW channel dot11g-only dot11bg (default) Operating Frequency Channel Integer Supported Data Rates Octet String dot11g-wifi 1 - 14; available channels vary by regulatory domain/country; see 802.
802.11b/g Wireless Interface Commands Name Transmit Rate Type Integer32 Values For 802.11b-only mode: Access CLI Parameter RW txrate 0 (auto fallback default) 1 Mbits/sec 2 Mbits/sec 5.5 Mbits/sec 11 Mbits/sec For 802.
802.11b/g Wireless Interface Commands Name Transmit Rate (continued) Type Integer32 Values For 802.11g-wifi and 802.11bg modes: Access CLI Parameter RW txrate 0 (auto fallback default) 1 Mbits/sec 2 Mbits/sec 5.5 Mbits/sec 11 Mbits/sec 6 Mbits/sec 9 Mbits/sec 12 Mbits/sec 18 Mbits/sec 24 Mbits/sec Physical Layer Type Integer ERP (Extended R phytype Rate Protocol) Note 1: For 802.11a APs in Europe, Auto Channel Select is a read-only parameter; it is always enabled.
802.11b/g Wireless Interface Commands Operational Mode [Device-Name]> set wif mode Mode Operational Mode 1 dot11b-only 2 dot11g-only 3 dot11bg 4 dot11a-only 5 dot11g-wifi TX Power Control The TX Power Control feature lets the user configure the transmit power level of the card in the AP at one of four levels: • 100% of the maximum transmit power level of the card • 50% • 25% • 12.
802.11b/g Wireless Interface Commands Perform the following commands to enable TX Power Control and set the transmit power level: [Device-Name]> set txpowercontrol enable [Device-Name]> set wif currenttxpowerlevel Allowed values are: 1 (100%), 2 (50%), 3 (25%), 4 (12.5%) Autochannel Select (ACS) ACS is enabled by default. Reboot after disabling or enabling ACS.
Wireless Interface SSID/VLAN/Security Commands Wireless Interface SSID/VLAN/Security Commands Wireless Interface SSID Table Parameters The Wireless Interface SSID table manages the SSID and VLAN pairs and the security modes of those pairs. NOTE: The ability to configure up to 16 VLAN/SSID pairs and configure a security mode per SSID is available only for the AP-6, and APs that have an 802.11a/b/g or 802.11b/g Upgrade Kit installed.
Wireless Interface SSID/VLAN/Security Commands Name Security Mode Type Integer Values none Access CLI Parameter RW secmode dot1x mixed wpa wpa-psk Supported Security Modes DisplayString wep none R supsecmode dot1x mixed wpa wpa-psk Encryption Key 0 Encryption Key 1 Encryption Key 2 Encryption Key 3 Encryption Transmit Key Encryption Key Length WEPKeyType WEPKeyType WEPKeyType WEPKeyType Integer32 wep User Defined User Defined User Defined User Defined 0-3 WO WO WO WO RW encryptkey0 encryptkey1
Wireless Interface SSID/VLAN/Security Commands Name Type Re-keying Interval Integer32 Values 60 – 65535 seconds Access CLI Parameter RW rekeyint default is 900 sec Pre-Shared Key1 OctetString Size 32 WO pskey DisplayString 0 to 255 WO passphrase PSK Pass characters2 Phrase1 Note 1: Configure either the Pre-Shared Key or the PSK Pass Phrase (but not both) to create a pre-shared key for WPA-PSK mode. Setting Pre-Shared Key will override a previous PSK Pass Phrase setting.
Wireless Interface SSID/VLAN/Security Commands To configure an SSID and VLAN pair, and the security mode associated with the pair, use the following command: Syntax: [Device-Name]> set wifssidtbl Example: [Device-Name]> set wifssidtbl 3 2 Engineering 1050 enable WPA Depending on the configured security mode, the following paramet
VLAN/SSID Pair Commands NOTE: If you set Security Mode to 802.1x, WPA, or Mixed, you also need to configure the RADIUS Authentication parameters. If you set Authentication Mode to Mixed, you also need to configure WEP Encryption settings.
VLAN/SSID Pair Commands VLAN ID Table NOTE: Sixteen VLAN/SSID pairs are available for the AP-6, and APs that have an 802.11a/b/g or 802.11b/g Upgrade Kit installed. The AP-5 and AP-4 support only one VLAN/SSID pair. Name VLAN ID Table Index1 Type Table Integer32 Identifier (ID) Vlan Id Network Name (SSID) Status Display String Integer Values N/A 3.1 - 3.16 (Wireless A); 4.1 - 4.
VLAN/SSID Pair Commands Syntax Examples Enable VLAN Management [Device-Name]> set vlanstatus enable [Device-Name]> set vlanmgmtid <1-4094> [Device-Name]> show vlandidtbl (to review your settings) [Device-Name]> reboot 0 Disable VLAN Management [Device-Name]> set vlanstatus disable or [Device-Name]> set vlanmgmtid 0 [Device-Name]> reboot 0 Add an Entry to the VLAN ID Table [Device-Name]> set vlanidtbl id <1-4094, -1=untagged> ssid [Device-Name]> show vlandidt
VLAN/SSID Pair Commands A-128 Avaya Wireless AP-4/5/6 User’s Guide
B ASCII Character Chart Description You can configure WEP Encryption Keys in either Hexadecimal or ASCII format. Hexadecimal digits are 0-9 and A-F (not case sensitive). ASCII characters are 0-9, A-F, a-f (case sensitive), and punctuation marks. Each ASCII character corresponds to two hexadecimal digits. The table below lists the ASCII characters that you can use to configure WEP Encryption Keys. It also lists the Hexadecimal equivalent for each ASCII character.
Description ASCII Character Hex Equivalent B-2 ASCII Character Hex Equivalent ASCII Character Hex Equivalent ASCII Character Hex Equivalent .
Specifications C In This Appendix • Software Features • Hardware Specifications • Radio Specifications Software Features The tables below compare the software features available depending on the card type in the Access Point: • Number of Stations per BSS • Management Functions • Advanced Bridging Functions • Medium Access Control (MAC) Functions • Security Functions • Network Functions • Advanced Wireless Functions Avaya Wireless AP-4/5/6 User’s Guide C-1
Software Features Number of Stations per BSS Feature AP-4 AP-6 & 11b/g Kit AP-5 AP-6 & 11a/b/g Kit Without encryption up to 250 up to 250 up to 250 up to 250 With WEP encryption up to 120 up to 120 up to 120 up to 120 With 802.1x Authentication up to 88 up to 88 up to 88 up to 88 With WPA N/A N/A up to 27 up to 27 Management Functions Feature 802.11b 802.11a 802.
Software Features Advanced Bridging Functions Feature 802.11b 802.11a 802.11b/g IEEE 802.
Software Features Medium Access Control (MAC) Functions Feature 802.11b 802.11a 802.11b/g Automatic Channel Selection (ACS) yes yes yes Dynamic Frequency Selection (DFS) 1 N/A yes N/A Closed System Feature yes yes yes TX Power Control N/A Available with 802.11a upgrade kit. Not available with 5Ghz upgrade kit. yes Note 1: A user cannot manually select a channel for products sold in Europe; these products require automatic channel selection using Dynamic Frequency Selection (DFS).
Software Features Security Functions Feature 802.11b 802.11a 802.11b/g IEEE 802.11 WEP 1 yes yes yes MAC Access Control yes yes yes RADIUS MAC-based Access Control yes yes yes IEEE 802.
Software Features Feature Wi-Fi Protected Access (WPA) 802.11b N/A 802.11a Available with AP-600a/b/g or 802.11a/b/g Upgrade Kit 802.11b/g yes Not available with AP-5 Note 1: Key lengths supported by 802.11a: 64-bit, 128-bit, and 152-bit. Key lengths supported by 802.11b: 64-bit and 128-bit. Key lengths supported by 802.11b/g: 64-bit, 128-bit, and 152-bit. Note 2: EAP-MD5, EAP-TLS, EAP-TTLS, and PEAP client supplicant supported. Note 3: Use in conjunction with WPA or 802.1x Authentication.
Software Features Network Functions Feature 802.11b 802.11a 802.
Software Features Advanced Wireless Functions Feature 802.11b 802.11a 802.11b/g WEP Plus (Weak Key Avoidance) yes — — Remote Link Test yes — — Link Test Responder2 yes yes — Load Balancing2 yes yes — yes — — yes — — Distance between APs3 yes — — Interference Robustness yes — — SpectraLink VoIP Support yes — — AP List2 Medium Density Distribution 3 Note 1: Available only one way (AP to client) if using an Avaya 802.11a/b Card or a non-Avaya Wireless client.
Hardware Specifications Hardware Specifications Physical Specifications AP (without metal base) Dimensions (H x W x L) = 3.5 x 17 x 21.5 cm (1.5 x 6.75 x 8.5 in.) Weight = 0.68 kg (1.50 lb.) Electrical Specifications Using the Power Adapter Voltage (Input) = 100 to 240 VAC (50-60 Hz) @ 0.
Hardware Specifications Environmental Specifications AP Unit • Operating Temperature = 0° to +55°C ambient temperature (without plastic cabinet) • Operating Humidity = 95% maximum (non condensing) • Storage Temperature = -20 to +75°C ambient temperature • Storage Humidity = 95% maximum (non condensing) NOTE: For AP-6 units operating at temperatures above 50°C (122°F), we recommend that the plastic enclosure be removed.
Radio Specifications Power over Ethernet Interface Category 5, foiled, twisted pair cables must be used to ensure compliance with FCC Part 15, subpart B, Class B requirements Standard 802.3af pin assignments HTTP Interface • Microsoft Internet Explorer 6 with Service Pack 1 or later • Netscape 6.1 or later Radio Specifications • 802.11a Channel Frequencies • 802.11b Channel Frequencies • 802.
Radio Specifications 802.11a Channel Frequencies The available 802.11a Channels varies by regulatory domain and/or country. 802.11a radio certification is available in the following regions: • FCC: U.S., Canada, and Australia • ETSI: Europe and the United Kingdom • MKK: Japan • SG: Singapore • ASIA: China, Hong Kong, and South Korea • TW: Taiwan There are five sets of frequency bands that determine the available channels depending on the regulatory domain. Some countries restrict 802.
Radio Specifications Frequency Band Lower Band (36 = default) Middle Band (52 = default) H Band Upper Band (149 = default) ISM Band Channel FCC ID (GHz) ETSI (GHz) MKK (GHz) SG (GHz) ASIA (GHz) TW (GHz) 34 — — 5.170 1 — — — 36 5.180 5.180 — 5.180 — — 38 — — 5.190 — — — 40 5.200 5.200 — 5.200 — — 42 — — 5.210 — — — 44 5.220 5.220 — 5.220 — — 46 — — 5.230 — — — 48 5.240 5.240 — 5.240 — — 52 5.260 5.260 — — — 5.260 56 5.280 5.
Radio Specifications 802.11b Channel Frequencies The available 802.11b channels vary by regulatory domain and/or country. 802.11b radio certification is available in the following regions: • FCC - U.S./Canada, Mexico, South America, India, Korea, Australia, and South Africa • ETSI - Most of Europe, including the United Kingdom, Ireland, Singapore, and Hong Kong • MKK - Japan • IL - Israel Some countries restrict 802.11b operation to specific frequency bands.
Radio Specifications Channel ID FCC (GHz) ETSI (GHz) MKK (GHz) IL (GHz) 6 2.437 2.437 2.437 2.437 7 2.442 2.442 2.442 2.442 8 2.447 2.447 2.447 2.447 9 2.452 2.452 2.452 - 10 2.457 2.4571 2.457 - 11 2.462 2.462 1 2.462 - 12 - 2.4671 2.467 - 13 - 2.4721 2.472 - 14 - - 2.484 - Note 1: France is restricted to these four channels.
Radio Specifications 802.11g Channel Frequencies The available 802.11g channels vary by regulatory domain and/or country. 802.11g radio certification is available in the following regions: • FCC - U.S./Canada, Mexico, and Australia • ETSI - Europe and the United Kingdom • ETSI - Europe, including the United Kingdom, China, and South Korea • MKK - Japan • IL - Israel Some countries restrict 802.11g operation to specific frequency bands.
Radio Specifications Channel ID FCC (GHz) ETSI (GHz) MKK (GHz) IL (GHz) 6 2.437 2.437 2.437 2.437 7 2.442 2.442 2.442 2.442 8 2.447 2.447 2.447 2.447 9 2.452 2.452 2.452 - 10 2.457 2.4571 2.457 - 11 2.462 2.462 1 2.462 - 12 - 2.4671 2.467 - 13 - 2.4721 2.472 14 - - 2.484 2 - Note 1: France is restricted to these channels. Note 2: Channel 14 is only available when using 802.11b only mode.
Radio Specifications Wireless Communication Range The range of the wireless signal is related to the composition of objects in the radio wave path and the transmit rate of the wireless communication. Communications at a lower transmit range may travel longer distances. The range values listed in the Communications Range Chart are typical distances as calculated by Avaya’s development team for FCC-certified products.
Radio Specifications AP-4 802.11b Wireless Communication Ranges Range Open Office 11 Mbits/s 5.5 Mbits/s 2 Mbits/s 1 Mbits/s 177 m 219 m 272 m 338 m (581 ft.) (718 ft.) (892 ft.) (1109 ft.) Semi-Open Office 122 m 151 m 187 m 232 m (400 ft.) (495 ft.) (614 ft.) (761 ft.) Closed Office 84 m 104 m 129 m 160 m (276 ft.) (341 ft.) (423 ft.) (525 ft.
Radio Specifications AP-5 802.11a Wireless Communication Ranges Range 54 48 Mbits/s Mbits/s 36 Mbits/s 24 Mbits/s 18 Mbits/s 12 Mbits/s 9 6 Mbits/s Mbits/s Open Office 37 m 57 m 82 m (121 ft.) (187 ft.) (269 ft.) 118 m (387 ft.) 146 m (479 ft.) 169 m 181 m 195 m (554 ft.) (594 ft.) (640 ft.) SemiOpen Office 26 m (85 ft.) 39 m 57 m (128 ft.) (187 ft.) 81 m (266 ft.) 101 m (331 ft.) 116 m 125 m 134 m (381 ft.) (410 ft.) (440 ft.) Closed Office 18 m (59 ft.) 27 m (89 ft.) 39 m (128 ft.
Radio Specifications AP-6 802.11 b/g Wireless Communication Ranges 54 Mbits/s 48 Mbits/s 36 Mbits/s 24 Mbits/s 18 Mbits/s 12 Mbits/s Open Office 60 m (197 ft.) 75 m (246 ft.) 123 m (404 ft.) 164 m (538 ft.) 204 m (669 ft.) 253 m (830 ft.) Semi-Open Office 41 m (135 ft.) 51 m (167 ft.) 85 m (279 ft.) 113 m (371 ft.) 140 m (459 ft.) 174 m (571 ft.) Closed Office 28 m (92 ft.) 35 m (115 ft.) 58 m (190 ft.) 78 m (256 ft.) 97 m (318 ft.) 120 m (394 ft.
Radio Specifications Tx Power (dBm) 15 15 15 15 15 15 Receiver Sensitivity (dBm) -88 -89 -83 -85 -86 -90 Antenna Gain C-22 3 dBi (integrated diversity antenna module; 2.4-2.
Technical Support D Before You Seek Help If you are having a problem using an AP and cannot resolve it with the information in Troubleshooting, gather the following information and contact your local authorized reseller or visit http://www.avaya.
Before You Seek Help • Information about your network — Network operating system (e.g., Microsoft Networking); include version information — Protocols used by network (e.g., TCP/IP, NetBEUI, IPX/SPX, AppleTalk) — Ethernet frame type (e.g., 802.3, Ethernet II), if known — IP addressing scheme (include address range and whether static or DHCP) — Network speed and duplex (10 or 100 Mbits/sec; full or half duplex) — Type of Ethernet device that the Access Points are connected to (e.g.
Before You Seek Help Avaya Wireless AP-4/5/6 User’s Guide D-3
Before You Seek Help D-4 Avaya Wireless AP-4/5/6 User’s Guide