Cedar 8880AG Enterprise Dual-Radio Access Point/Bridge User Guide Release 2.
Cedar 880AG Dual-Radio AP/Bridge Copyright Copyright © 2008 Intelicis Corporation. All rights reserved. This product and documentation are protected by copyright. No part of this product or document may be reproduced, transmitted, transcribed and stored in a retrieval system in any form or by any means without prior written authorization of Intelicis. Third Party Copyright Acknowledgements Please refer to the license.
Cedar 880AG Dual-Radio AP/Bridge band of operation under all conditions of normal operation as specified in this users guide.
Cedar 880AG Dual-Radio AP/Bridge 1 2 3 4 5 6 Introduction................................................................................................................... 8 1.1 Wireless Network................................................................................................ 8 1.2 Wireless LAN Bridge ......................................................................................... 9 1.3 Wireless Mesh Network.......................................................................
Cedar 880AG Dual-Radio AP/Bridge 6.2.3 MAC Profile.......................................................................................... 41 6.2.4 Filter...................................................................................................... 43 6.3 Examples........................................................................................................... 44 6.3.1 802.1x Authentication........................................................................... 44 6.3.
Cedar 880AG Dual-Radio AP/Bridge 11.2 System Commands........................................................................................ 79 11.2.1 show system .......................................................................................... 79 11.2.2 config system ........................................................................................ 79 11.2.3 show sntp .............................................................................................. 80 11.2.4 config sntp.......
Cedar 880AG Dual-Radio AP/Bridge 11.8.3 802.1x Authentication......................................................................... 104 11.8.4 MAC Authentication........................................................................... 104 11.8.5 WLAN with WPA and 802.1x Authentication ................................... 105 11.8.6 WLAN with WEP and MAC Authentication ..................................... 105 11.8.7 Bridge Link ............................................................................
Cedar 880AG Dual-Radio AP/Bridge Introduction This manual contains information on configuring and managing the Intelicis Enterprise Dual-Radio Access Point – Cedar880 product family.
Cedar 880AG Dual-Radio AP/Bridge Figure 1.1 Wireless Networks 1.2 Wireless LAN Bridge Cedar Wireless Access Point provides the capability of being configured as a regular Access Point, a Wireless LAN Bridge or both. A Wireless LAN Bridge wirelessly connects two ore more Ethernet LANs together. It is a very practical, easy and in most cases inexpensive way to connect Ethernet LANs or extend the range of existing WLANs. As illustrated in Figure 1.2 and 1.
Cedar 880AG Dual-Radio AP/Bridge networks. This is an ideal topology for connecting main office with warehouse, or between office buildings. Figure 1.2 Point-to-Point Bridge Point-to-Multipoint Point-to-Multipoint Bridge allows you to use multiple access points to bridge Local Area Networks from different locations. Access point A serves as a base bridge while Access point B and C serve as non-base bridges. This is an ideal topology for central office to collect data from remote offices. Figure 1.
Cedar 880AG Dual-Radio AP/Bridge operate, the rest of the network can still communicate. It allows for continuous connections and reconfiguration around broken or blocked paths. Mesh networks are self-configuring. When the mesh nodes power up, the nodes hear each other’s broadcast and a network is automatically forms. Mesh networks are also selfhealing. When a node breaks downs or a connections goes bad, the nodes re-discover an alternative routing path. Network connectivity is thus preserved automatically.
Cedar 880AG Dual-Radio AP/Bridge 1.5 Application Deployment Applications can be deployed easily after a network infrastructure is in place. Figure 1.5 illustrates a possible scenario: • • • • • High Speed Internet Access is available for all wireless clients. Voice over IP applications can be used for calling over the Internet. Streaming media data can be offered over the IP network. Handheld devices for mobile staff can easily communicate with each other.
Cedar 880AG Dual-Radio AP/Bridge 2 Installation This chapter provides instructions on how to install Cedar 880AG. 2.1 Package Contents Before installation, please inspect the package contents first and report any missing or damaged items to your sales representative.
Cedar 880AG Dual-Radio AP/Bridge Figure 2.1 Cedar 880AG Top Panel • Power LED This Power LED is constantly ON when power is applied. • Ethernet Link/Activity LED This LED is ON when Ethernet establishes link; flashing when there is Ethernet activity. • 802.11a Wireless LED This LED is slow flashing when 802.11a wireless is ready for client to associate; fast flashing when there is traffic on 802.11a wireless. • 802.11g Wireless LED This LED is slow flashing when 802.
Cedar 880AG Dual-Radio AP/Bridge LED Color Green, solid Off Blue, solid Flashing Orange, slow flashing Fast flashing Off Orange, slow flashing Fast flashing Off 2.3 Indication The unit power is on. The unit power is off. The Ethernet port has successful link. The Ethernet port is linked and has activity The 802.11a wireless is ready for client to associate. There is activity on 802.11a wireless The 802.11a wireless is not ready. The 802.11g wireless is ready for client to associate.
Cedar 880AG Dual-Radio AP/Bridge 2.3.3 Supplying Power to the Unit The Indoor Cedar 880AG is equipped with a universal 100-240 VAC, 50/60 Hz power supply. To power the unit, connect the included power adaptor to the wall outlet and plug the DC output connector into the power jack on the rear panel of Cedar 880AG. Cedar 880AG also supports the 802.3af PoE standard.
Cedar 880AG Dual-Radio AP/Bridge 3 Initial Configuration This chapter contains the following information: • Discover AP’s IP address using Scan Tool • Cedar’s default settings • Web Management Interface • Command Line Interface 3.1 Scan Tool Cedar 880AG by default acquires its IP address and subnet mask from the DHCP server. The administrator can use the Scan Tool to find out the AP’s IP address. Scan Tool is a utility that is included in the AP CD-ROM.
Cedar 880AG Dual-Radio AP/Bridge Figure 3.1 Scan Tool Main Screen 4. Locate the AP you want to manage by using the MAC address (AP’s MAC address can be found at its back panel). If the AP has acquired an IP address from the DHCP server, use it to log in to AP’s web interface (section 3.3). 5. If DHCP server is not available in the system, AP’s IP address is displayed as 0.0.0.0. Click the AP entry and then the Configure button to enter the configure IP screen (Figure 3.2).
Cedar 880AG Dual-Radio AP/Bridge Figure 3.2 Scan Tool Configure IP Screen 6. The administrator can assign a static IP address to the AP by : a) Change IP address mode to static b) Enter IP address, subnet mask and gateway IP address. c) Provide the SNMP read/write community name in order to make any configuration change. The Cedar initial SNMP read/write community name is private. 7. You can also use Scan Tool to upgrade the AP firmware by clicking the Upgrade tab: a) Select either FTP or TFTP protocol.
Cedar 880AG Dual-Radio AP/Bridge Default SSID for Radio 2 Intelicis-g Table 3.1 Cedar Manufacturer Default Setting 3.3 Web Management Interface The Cedar Web Management Interface is accessible from any web browser on the network. Enter the Cedar IP address and port 8080 in the browser address line to activate the Cedar Web Interface. You will be prompted for username and password. Enter the default username “admin” and password “changeitnow”. After the initial login, the home page is displayed.
Cedar 880AG Dual-Radio AP/Bridge 3.3.
Cedar 880AG Dual-Radio AP/Bridge In order to perform any configuration changes, you need to be in the privilege mode. To enter the privilege mode, click Enable, and enter your privilege password. Save All configuration changes must to be saved into the system. One efficient way of doing this is by clicking Save. The save operation is required; otherwise changes will be lost after reboot. Reboot Sometimes, you may need to reboot the system in order for any new changes to take effect.
Cedar 880AG Dual-Radio AP/Bridge Logout Click Logout to log out of the system. Help Click Help to receive on-line help information.
Cedar 880AG Dual-Radio AP/Bridge 4 System This chapter contains information on the following topics: • • • • • Change system setting Change password and privilege password Upgrade Execute CLI command file Import/Export configuration file 4.1 System Setting Select System >Setting to change system parameters. System Name The System Name is a descriptive string (maximum length of 20) that describes the system. The default value is .
Cedar 880AG Dual-Radio AP/Bridge Session Timeout The Cedar Command Line Interface times out after the session is inactive for a period of time. This parameter specifies the time out period in minutes. The default is 10 minutes. SNTP Setting This Simple Network Time Protocol (SNTP) setting is used to synchronize computer clocks on the Internet. If the setting is on (default), Cedar automatically synchronizes its clock with the reference SNTP Server.
Cedar 880AG Dual-Radio AP/Bridge Login Password The administrator uses the combination of Login Name and Login Password to log in to Cedar. After log in, the administrator can view most of the system parameters. In order to view all of the system parameters and perform any changes, the administrator needs to enter the privilege mode. The manufacture default value for Login Password is “changeitnow”. Privilege Password The Privilege Password is used by the administrator to enter the privilege mode.
Cedar 880AG Dual-Radio AP/Bridge Select System > Upgrade to upgrade the firmware. Protocol Choose either FTP (File Transfer Protocol) or TFTP (Trivial File Transfer Protocol). Username/Password Enter the username and password Cedar uses to log into the FTP server. If the username and password are not specified, Cedar logs in to the FTP server as “anonymous” with no password. Server IP The Server IP is the IP address of the local FTP or TFTP server where Cedar can retrieve the firmware.
Cedar 880AG Dual-Radio AP/Bridge Execute CLI Command File The administrator can put all the CLI commands in a batch file and execute them together. Command batch files are especially useful when the administrator needs to make sizeable configuration changes. One of the following methods can be chosen: • Copy the command file to a local FTP server root directory. Make sure the file can be retrieved via “anonymous” login with no password. • Copy the command file to a user’s FTP home directory.
Cedar 880AG Dual-Radio AP/Bridge 5 Network This chapter contains information on the following topics: • • • Change network settings Configure VLAN Configure DHCP Server 5.1 Overview 5.1.1 VLAN Virtual LAN (VLAN) logically groups users by their functionality instead of physical location. VLAN uses software to configure logical topologies on top of the physical network infrastructure. Users grouped into one VLAN may be located on different floors or in different buildings.
Cedar 880AG Dual-Radio AP/Bridge Figure 5.1 VLANs 5.1.2 DHCP Dynamic Host Configuration Protocol (DHCP) is a protocol for assigning dynamic IP addresses to computers on a network. Dynamic addressing simplifies network administration because the software keeps track of IP addresses. This means a new computer can be added to a network without the hassle of manually assigning it a unique IP address. 5.2 Web Interface 5.2.1 Network Setting Select Network > IP to change network parameters.
Cedar 880AG Dual-Radio AP/Bridge Mode: DHCP: If DHCP is chosen, a dynamic IP address is assigned to AP by the DHCP Server. In addition, the subnet mask, default gateway and DNS server addresses are also assigned. Because DHCP assigns the IP address dynamically, different IP addresses may be assigned to the AP after each reboot. Static: In order to have full control of the IP address, the administrator may choose to use the Static IP.
Cedar 880AG Dual-Radio AP/Bridge Primary or Secondary DNS Optionally enter the primary or secondary Domain Name Server (DNS) IP address. DNS translates domain names into IP addresses. Using DNS, network users are allowed to use more descriptive names such as www.example.com rather than 198.105.232.4. 5.2.2 VLAN Select Network->VLAN to display the Virtual LANs in the system. By default, VLAN support is disabled in Cedar. In this case, a single lan with the VLAN ID untagged is displayed.
Cedar 880AG Dual-Radio AP/Bridge STP The 802.1d Spanning Tree Protocol (STP) is used to prevent interfaces from looping. • On: STP is enabled. If a loop is detected, one of the connections will be disconnected. • Off: (default) STP is disabled. Aging Time Specify how long an inactive MAC address remains in the MAC table before it is removed from the table. The default is 300 seconds (5 minutes). Interfaces Display a list of interfaces associated with this VLAN.
Cedar 880AG Dual-Radio AP/Bridge • Aging time: Number of seconds remaining before this entry is removed due to inactivity 5.2.3 DHCP If DHCP is not available in your network, Cedar can be configured to assign dynamic IP addresses to computers on the network. Select Network>DHCP to perform this function. DHCP Setting On: Enable DHCP service. Off: (default) Disable DHCP service. Pool Status The pool status should be turned on to enable DHCP service.
Cedar 880AG Dual-Radio AP/Bridge Gateway Enter the default gateway IP address which the DHCP server will assign to its users. DNS Enter the DNS IP address which the DHCP server will assign to its users. WINS Enter the Windows Internet Name Server IP address which the DHCP server will assign to its Windows users. Lease Time Enter how long the assigned IP address is valid for. The default is 1800 seconds (30 minutes). 5.3 Examples 5.3.
Cedar 880AG Dual-Radio AP/Bridge 2. Click Network->IP from Cedar web interface to modify the network settings. 3. Select Tagged, and enter the VLAN ID. 4. The VLAN ID change takes effect immediately. You will need to change the port which the AP is using to a trunk port. 5. Save the configuration.
Cedar 880AG Dual-Radio AP/Bridge 6 Security This chapter contains information on the following topics: • • • • Configure RADIUS profile Configure 802.1x authentication Configure MAC authentication Configure Filter to block certain traffic 6.1 Overview 6.1.1 802.1x Authentication Wireless Networks provide enormous flexibility, but they can also create potential security problems in the network.
Cedar 880AG Dual-Radio AP/Bridge Figure 6.1 802.1x authentication sequence 1. 2. 3. 4. 5. The supplicant sends an authentication request containing identification and connection information to the authenticator. The authenticator performs an initial negotiation with the supplicant to establish connection information (username, password, etc). The authenticator then forwards the user information in an authentication request to the RADIUS Server.
Cedar 880AG Dual-Radio AP/Bridge MAC authentication provides an alternative solution. It controls wireless access to the network by storing a list of MAC addresses on a local or RADIUS server. This list of MAC addresses identifies the authorized stations that may access the wireless network. 6.2 Web Interface 6.2.1 RADIUS Profile RADIUS profile is used to store RADIUS server information. Select Security->RADIUS to list the available RADIUS profiles in the system.
Cedar 880AG Dual-Radio AP/Bridge switches to the secondary RADIUS server for authentication. The parameter specifies the number of retries. The default is 4. Primary Auth Server Retry Period If the primary RADIUS server is down, Cedar will use the secondary RADIUS server for authentication. In the meantime, Cedar will periodically retry the primary RADIUS server and check if it is up again. The parameter specifies the retry period. The default setting is 600 seconds (10 minutes).
Cedar 880AG Dual-Radio AP/Bridge Profile Name Enter a descriptive name for the profile. The maximum length is 15. Re-authentication • • On: Cedar will automatically re-authenticate the clients based on the reauthentication period parameter. Off: (default) Cedar will not automatically re-authenticate the clients. Re-authentication Period This parameter specifies the re-authentication timer in seconds. The default setting is 3600 seconds (60 minutes).
Cedar 880AG Dual-Radio AP/Bridge MAC profiles in the system. Click the existing profile name to enter the editing screen or click the Add button to create a new one. Profile Name Enter a descriptive name for the profile. The maximum length is 15. Authentication Method • • • Reject all users except for the ones on the Permit List. Allow all users except for the ones on the Deny List.
Cedar 880AG Dual-Radio AP/Bridge 6.2.4 Filter A filter may be used to block traffic from certain users. Select Security->Filter to list the available filters in the system. Click the existing filter name to enter the editing screen or click the Add button to create a new one. Priority All the incoming and outgoing packets will be checked against the filter rules based on their priority. Low number means high priority (e.g. 1 is the highest priority) and will be checked first. When a condition is met (e.g.
Cedar 880AG Dual-Radio AP/Bridge Interface Select an interface to be filtered. ) Filter can be used to block traffic between different sub-nets or traffic to other APs. Filter does not block traffic within the same AP. 6.3 Examples 6.3.1 802.1x Authentication 1 Identify a RADIUS server to be used for 802.1x authentication. Write down its IP address and server secret code. Confirm the authentication port is 1812. 2 Create some 802.1x user entries in the RADIUS server.
Cedar 880AG Dual-Radio AP/Bridge 6.3.2 MAC Authentication 1 Identify a RADIUS server to be used for MAC authentication. Write down its IP address and server secret code. Confirm the authentication port is 1812. 2 Create some MAC user entries in the RADIUS server. For example, User Name: 000cf157b3bc Password: Type: MAC 3 Click Security->RADIUS from the Cedar web interface to display all the RADIUS profiles. 4 Click Add to add a new profile.
Cedar 880AG Dual-Radio AP/Bridge 7 Wireless This chapter contains information on the following topics: • • • • • Configure Wireless Setting Configure WLAN Configure Radio 1 and 2 Configure Bridge Link Configure Mesh 7.1 Overview 7.1.1 WLAN Similar to the Virtual LAN concept, WLAN is a way to logically group wireless users into sub-networks. Each WLAN may implement a different security mechanism and has a different level of access to the network.
Cedar 880AG Dual-Radio AP/Bridge Figure 7.1 Bridge Link in Multiple VLANs Network 7.2 Web Interface 7.2.
Cedar 880AG Dual-Radio AP/Bridge Wireless Setting On: (default) Enable the wireless service. Off: Disable the wireless service. Wireless Status Display the status of the wireless service. Country Code Display the AP’s country code. The country code is set during the manufacture stage and can not be modified by the users. 80211d World Mode If world mode is turned on, the AP broadcasts its local settings, such as the country code. The default setting is off.
Cedar 880AG Dual-Radio AP/Bridge 49
Cedar 880AG Dual-Radio AP/Bridge Name Enter a descriptive name for the wireless network. The maximum length is 12. SSID SSID stands for Service Set Identifier, a 32 character unique identifier used by mobile users to connect to a wireless network. SSID Broadcast • • On: (default) The SSID configured on the access point will be broadcast to all wireless devices within range. Off: The automatic SSID broadcast feature is disabled. VLAN ID Specify whether the VLAN ID tag will be used.
Cedar 880AG Dual-Radio AP/Bridge profile which contains 802.1x specific information. The administrator may select one, two or all three of the association mode and encryption method combinations listed below: • • • Dynamic WEP with 802.1x authentication o association mode is Open o encryption method is Dynamic WEP WPA/TKIP with 802.1x authentication o association mode is Wi-Fi Alliance’s WPA o encryption method is TKIP WPA2/AES with 802.
Cedar 880AG Dual-Radio AP/Bridge Specify the MAC authentication profile to be used for authentication. You must have already configured a MAC authentication profile in the system. If the MAC authentication method requires the RADIUS Server, you will also need to specify the RADIUS profile. RADIUS Profile Specify the RADIUS profile to be used for 802.1x or MAC authentication.
Cedar 880AG Dual-Radio AP/Bridge 53
Cedar 880AG Dual-Radio AP/Bridge RF Enable or disable the radio. • • On: the default setting Off: disables the radio Frequency Select one of the communication modes between wireless clients and the Access Point. Radio 1 operates in frequency a or super-ag. Radio 2 operates in frequency b, g, bg or super-ag. • • • • • a: The default setting for Radio 1. b: The radio supports 802.11b standard only. g: The radio supports 802.11g standard only. bg: The default setting for Radio 2.
Cedar 880AG Dual-Radio AP/Bridge • • • • • Auto: the default setting. It allows the AP to select a free or relatively unused communication channel. Channels in the Auto Channel List are preferred channels and will be scanned first.
Cedar 880AG Dual-Radio AP/Bridge • • Add a WLAN to this Radio from the available WLAN list. Delete a WLAN from this Radio. Bridge Link • • Add a Bridge Link to this Radio from the available Bridge Link list. Delete a Bridge Link from this Radio. Auto Channel List Auto Channel List is a list of preferred channels that the administrator wishes the AP to scan first when channel is set to “Auto”.
Cedar 880AG Dual-Radio AP/Bridge CTS Protection See description in RTS threshold. • • On: The default setting. Off: Disable CTS protection. Antenna Setting Antenna diversity improves performance of the AP by automatically selecting the best antenna for signal reception and transmission. • • • Diversity: (default) Enable antenna diversity. Ant1: Always uses antenna 1. Ant2: Always uses antenna 2.
Cedar 880AG Dual-Radio AP/Bridge WiFi Multimedia Quality of Service (QoS) is used to enhanced throughput and performance for time sensitive traffic such as voice, video and streaming data. Cedar’s QoS support is based on the Wireless multimedia (WMM) standards. • • Off: The default setting. On: Enable WiFi multimedia support. Link Distance The typical distance between the wireless clients and AP is less than 1 kilometer (km).
Cedar 880AG Dual-Radio AP/Bridge • • • • The two APs should be placed such that there are minimal objects between them. Any steel or wood objects absorb RF energy. You should also consider radio interference from devices such as microwave ovens or other APs. Scan the channel activities to select a channel that is least busy. Adjust the power level setting when the distance of the two APs changes; the further the distance, the higher the power. Adjust the link distance parameter as you see fit.
Cedar 880AG Dual-Radio AP/Bridge ) All changes are required to save configuration and reboot to take effect. Setting On: Enable the mesh function. Off: (default) Disable the mesh function. Radio Choose a radio to perform the mesh function. Role In a mesh network, at least one access point has to be the root. The rest of the APs maintain wireless links with the root AP or other non-root AP. Root: The root AP usually has the direct connection with the corporate network.
Cedar 880AG Dual-Radio AP/Bridge 4 Click WPA/TKIP with 802.1x Authentication, and select an 802.1x Auth Profile from the list box. 5 Select a RADIUS Profile from the list box. 6 Click Apply. 7 Click Wireless->Radio 2 from the Cedar web interface to display radio 2 parameters. 8 Click myWLAN from the available WLAN list box and add it to the selected WLAN list box. 9 Click Apply. 10 Save the configuration. 7.3.
Cedar 880AG Dual-Radio AP/Bridge 9 Click myWLAN from the available WLAN list box and add it to the selected WLAN list box. 10 Click Apply. 11 Save the configuration. 7.3.3 Bridge Link 1 Click Wireless->Bridge Link from the Cedar web interface to display all the Bridge Links. 2 Click Add to add a new Bridge Link. Enter the following sample data and use default for the remainder of the parameters. Name: myLink 3 Enter Link SSID (the remote Bridge should use the same SSID).
Cedar 880AG Dual-Radio AP/Bridge 7.3.4 Bridge Link with Multiple VLANs 1 Follow instructions in Chapter 5.3.2 to configure management VLAN ID. 2 Follow instructions in Chapter 7.3.1 or 7.3.2 to create a WLAN. Assign a VLAN ID to the WLAN. When the WLAN is added to Radio 1 or 2, the system automatically creates VLAN for you. Select Network->VLAN to display all the Virtual LANs in the system 3 Follow instructions in Chapter 7.3.3 to create a bridge link.
Cedar 880AG Dual-Radio AP/Bridge 8 Management 8.1 Management Setting The Cedar Command Line Interface is available through a serial console port, telnet or SSH. The Cedar Web Interface is accessible from any web browser on the network. The administrator can modify the telnet, SSH or Web interface setting by selecting Management from the menu. 8.2 SNMP In addition to the command line interface and web interface, the Cedar access point can be managed through SNMP (Simple Network Management Protocol).
Cedar 880AG Dual-Radio AP/Bridge Setting Enable or disable SNMP. Read Only Community Name The SNMP community name for read only (GET) operations. The default value is “public”. Read/Write Community Name The SNMP community name for read and write (SET) operations. The default value is “private”. 8.3 Serial Over IP With Serial over IP enabled, any serial port device connected to Cedar AP could be accessed from anywhere over the wireless network as if it was attached to local PC.
Cedar 880AG Dual-Radio AP/Bridge Stop Bit The number of stop bits to mark the last part of a character frame. Parity Optional parity bit that follows the data bits. Flow Control Flow control mechanism. Network Role The AP is operated as a client or server. Server IP The Serial over IP server’s IP address. Server Port The Serial over IP server’s port number. Rx Char Timeout Character received timeout period. Rx Char Delimiters Character received delimiter.
Cedar 880AG Dual-Radio AP/Bridge 9 Log The Cedar log file can be viewed by selecting Log from the menu.
Cedar 880AG Dual-Radio AP/Bridge 10 Monitor This chapter contains information on the following topics: • • • • • • Monitor interfaces Monitor radios Monitor Rogue APs Monitor wireless users Monitor wireless links Monitor wireless mesh 10.1 Interfaces Interface statistics are available for the administrator to monitor network activities. Select Monitor->Interface to list all interfaces in the system. Click the individual interface name to display detailed statistics.
Cedar 880AG Dual-Radio AP/Bridge 10.2 Wireless Statistics Radio statistics are available for the administrator to monitor wireless network activities. Select Monitor->Radio to display radio 1 and radio 2 statistics. 10.3 Rogue APs Cedar periodically scans its coverage area for information about other access points. If any of the AP appears to be un-trusted or invalid, the administrator may consider to block its access by blocking the switch port that the AP is connected to.
Cedar 880AG Dual-Radio AP/Bridge Select Monitor->Rogue AP to display information about rogue APs. ) The administrator needs to turn on the Rogue AP detection in the Radio screen in order to enable this feature. 10.4 Wireless Users The administrator can select Monitor->Wireless Users to monitor all the active wireless users.
Cedar 880AG Dual-Radio AP/Bridge Description of the parameters: Wireless MAC: MAC address of the wireless user. IP: IP address of the wireless user. WLAN: the WLAN which the wireless user associates to. Radio: The radio (1 or 2) being used by the wireless user. Signal: Signal to Noise Ratio at the AP when frames are received from the wireless user. Tx Rate: Transmission rate. Idle Time: The amount of the time the AP has remained inactive. Channel Usage: A ratio indicating how busy the AP is.
Cedar 880AG Dual-Radio AP/Bridge Description of the parameters: Wireless MAC: MAC address of the remote bridge link. Link: link name. Radio: The radio (1 or 2) being used by the bridge link. Signal: Signal to Noise Ratio at the AP when frames are received from the bridge link. Tx Rate: Transfer rate. Idle Time: The amount of the time the AP has remained inactive. Channel Usage: A ratio indicating how busy the AP is. Rx Pkts: Number of packets received. Rx Bytes: Number of bytes received.
Cedar 880AG Dual-Radio AP/Bridge Description of the parameters: SNR: Signal-to-Noise Ratio at the AP when frames are received from the bridge link. SNR is calculated according to the following formula; the higher this number, the better the signal quality. It is highly recommended to maintain the SNR in green color (larger than 36). SNR (dB) = Signal (dBm) – Noise (dBm) Signal: Noise: Signal strength. Noise level.
Cedar 880AG Dual-Radio AP/Bridge Level: How many levels between the local AP and the root AP. For the root AP, the level is always 0. Link State: link status. Local MAC: MAC address of the local AP. Remote Uplink MAC: MAC address of the remote uplink AP. Number of Downlinks: Number of down links. Description of the link parameters: Wireless MAC: MAC address of the remote bridge link. Link: link name. Radio: The radio (1 or 2) being used by the bridge link.
Cedar 880AG Dual-Radio AP/Bridge 11 Command Line Interface The Command Line Interface is available through a serial console port, telnet or SSH. To establish a telnet or SSH connection, enter one of the following commands. telnet 192.168.1.188 ssh 192.168.1.188 11.1 Base Commands 11.1.1 enable Syntax: enable Description This command allows the user to enter the privileged mode to do advanced configuration. Example: Cedar# enable 11.1.
Cedar 880AG Dual-Radio AP/Bridge Description: Save the whole system configuration into non-volatile memory. Example: Cedar# config save 11.1.4 quit Syntax: quit Description: This command allows the user to quit from current CLI session. This command is equivalent to “exit”. Example: Cedar# quit 11.1.5 exit Syntax: exit Description: This command allows the user to quit from current CLI session. This command is equivalent to “quit”. Example: Cedar# exit 11.1.
Cedar 880AG Dual-Radio AP/Bridge Description: Reboot the system. Example: Cedar# reboot 11.1.7 reset Syntax: reset Description: Reset the current system configuration to manufacturer default and reboot the system. Example: Cedar# reset 11.1.8 up arrow Syntax: ↑ Description: Display the previous typed command from the command history table. Example: Cedar# ↑ 11.1.9 down arrow Syntax: ↓ Description: Display the next typed command from the command history table.
Cedar 880AG Dual-Radio AP/Bridge 11.1.10 debug Syntax: debug { | } Description: This command is used for enabling debug messages. The global debug switch must be on in order to see the debug messages. The different debug level can be used to control the amount of debug messages in the specified module. Example: Cedar# debug //enable global switch for debug messages Cedar# debug auth 3 11.1.
Cedar 880AG Dual-Radio AP/Bridge Example: Cedar# help Cedar# ? 11.2 System Commands 11.2.1 show system Syntax show system Description: Display system information; including system login name, model, firmware version, system time and system up time. Example: Cedar# show system 11.2.
Cedar 880AG Dual-Radio AP/Bridge Description: Configure system related parameters. name: login_name: password: enable_password: sesssion_timeout: time: export: import: System name The username for system login. The password for system login. The password to enter privilege mode to do advance configurations or operations The idle timeout for the CLI session. System time The AP configuration can be exported to a file on an FTP server. The CLI command file can be imported from an FTP server.
Cedar 880AG Dual-Radio AP/Bridge Description: Configure SNTP related parameters. server: offset: SNTP server location. Offset to the UTC time. Example: Cedar# config sntp on Cedar# config sntp offset -8 11.2.5 upgrade Syntax: upgrade { server | file | username | password } Description: Upgrade system firmware. The system uses the provided username and password to retrieve new firmware from either FTP or TFTP server and then performs the upgrade.
Cedar 880AG Dual-Radio AP/Bridge Description: Display interface information. all: Display the information of all interfaces. Example: Cedar# show interface lan Cedar# show interface all 11.3.2 config interface Syntax: config interface { | ip <0 | 1 | 2 | 3 | 4> { [addr ] [netmask ] [mode ] [clear] } } Description: Configure interface IP addresses and operation mode. Each interface allows up to 5 different IP addresses.
Cedar 880AG Dual-Radio AP/Bridge Example: Cedar# show vlan all Cedar# show vlan lan 11.3.4 config vlan Syntax: config vlan { mgmt_vid | { aging <# in seconds>] | stp } } Description: VLAN interface is created automatically by the system when management vid (mgmt_vid) or WLAN vid is configured to value other than “untagged”. aging: stp: The time interval an inactive MAC address remains in the MAC table before it is removed. Enable/Disable 802.
Cedar 880AG Dual-Radio AP/Bridge Description: dhcp: dhcp table: dhcp pool: dns: route: Display DHCP summary. Display client IP addresses assignment. Display specific DHCP pool. Display primary and secondary DNS. Display routing table. Example: Cedar# show ip dhcp Cedar# show ip dhcp table Cedar# show ip dhcp pool 0 Cedar# show ip dns Cedar# show ip route 11.3.6 config ip Syntax: config ip {dhcp … | dns … | route …} Description: dhcp: dns: route: Configure DHCP server related operations.
Cedar 880AG Dual-Radio AP/Bridge [dns ] [wins ] [gw ] [lease_time
Cedar 880AG Dual-Radio AP/Bridge config ip route Syntax: config ip route {add | del} { net netmask [gw ] if < if name> } Description: add: del: net: netmask: gw: if: Add a route entry in the routing table. Delete a route entry in the routing table. The network address of the specified route will apply. The network mask address of the specified route will apply. The gateway IP address of the specified route will apply.
Cedar 880AG Dual-Radio AP/Bridge 11.4.2 config auth Syntax: config auth { 8021x … | mac … | radius … } Description: Configure 802.1x, mac or radius authentication profile. See ‘config auth …’ sections for details.
Cedar 880AG Dual-Radio AP/Bridge Description: radius_failover_limit: Number of retries for the primary radius server before switching to the secondary radius server. Default is 4. primary_radius_retry_period: Retry period in seconds for the primary radius server. Default is 600. radius_nas_ip: IP address of the AP. primary_auth_ip: IP address of the primary authentication radius server. primary_auth_port The listen port number of the primary radius server.
Cedar 880AG Dual-Radio AP/Bridge add | del | { [reauthentication ] [reauthentication_period <# in seconds>] [wep_key_len < 64 | 128 >] [wep_key_interval < 0 | 60-2592000>] } } Description: reauthentication: reauthentication_period: wep_key_len: Wep_key_interval: Enable/Disable re-authentication. Re-authentication timer in seconds. Default is 3600 seconds. The length of the generated dynamic WEP keys in bits. Default is 128 bits.
Cedar 880AG Dual-Radio AP/Bridge Description: permitadd: permitdel: denyadd: denydel: auth_method: Add an MAC address to the Permit List. Delete an MAC address from the Permit List. Add an MAC address to the Deny List. Delete an MAC address from the Deny List. Choose from permit, deny or radius. Example: Cedar# config auth mac profile add MAC Cedar# config auth mac profile MAC denyadd 000cf157b3be Cedar# config auth mac profile MAC auth_method radius 11.4.
Cedar 880AG Dual-Radio AP/Bridge [ip ] [protocol ] [src_port ] [dst_port ] [priority <1-n>] [if ] [action ] } } Description: action: priority: mac: ip: ‘deny’: packets that match the rules will be dropped. ‘permit’: packets that match the rules will be accepted. ‘next’: packets that match the rules will go to the immediate next rule to do further matching. It is used for multiple rule chain. ‘1’ is the highest priority.
Cedar 880AG Dual-Radio AP/Bridge Description: summary: rogue: users: link: link : Display wireless summary information. Display all the rogue APs detected by Cedar. Display all the active wireless users which are using the AP. Display all the wireless bridge links. Display individual wireless bridge link. Example: Cedar# show wireless summary Cedar# show wireless rogue Cedar# show wireless link 11.5.
Cedar 880AG Dual-Radio AP/Bridge Example: Cedar# show wlan all Cedar# show wlan Intelicis-a 11.5.
Cedar 880AG Dual-Radio AP/Bridge Description: ssid: ssid broadcast: vid: tx_rate: max_tx_rate: min_associate_rate: dtim: max_stations: max_tx_rate: associate: encrypt: wep_key_#: default_wep_key: wpa_psk: 8021x_auth: 8021x_auth_profile: mac_auth: mac_auth_profile: radius_profile: A unique identifier used by mobile users to connect to a wireless network. Enable/Disable SSID to be broadcast to all wireless devices. Enable/Disable VLAN tag to be used.
Cedar 880AG Dual-Radio AP/Bridge Example: Cedar# show radio 1 11.5.
Cedar 880AG Dual-Radio AP/Bridge freq super-ag, radio 2: 6 auto_channel_list: A list of channel numbers for auto-channeling. default: all the available channels freq b,g, bg: 1-14 freq a: 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165 basic_rates & Transmission rate used between wireless clients and the AP. supported_rates: freq a: 6, 9, 12, 18, 24, 36, 48, 54 freq b: 1, 2, 5.5, 11 freq g: 6, 9, 12, 18, 24, 36, 48, 54 freq bg: 1, 2, 5.
Cedar 880AG Dual-Radio AP/Bridge Syntax: show brglnk { all | } Description: all: Display a summary of all the bridge links. : Display detailed bridge link configuration. Example: Cedar# show brglnk all Cedar# show brglnk myLink 11.5.
Cedar 880AG Dual-Radio AP/Bridge Description: Display TELNET server configuration. Example: Cedar# show telnet 11.6.2 config telnet Syntax: config telnet { | [port ] } Description: Configure TELNET server parameters. port: Port number which TELNET server will listen to Example: Cedar# config telnet port 12000 Cedar# config telnet on 11.6.3 show ssh Syntax: show ssh Description: Display SSH server configuration. Example: Cedar# show ssh 11.6.
Cedar 880AG Dual-Radio AP/Bridge Description: Configure SSH server parameters. Example: Cedar# config ssh port 12000 Cedar# config ssh on 11.6.5 show web Syntax: show web Description: Display WEB server configuration. Example: Cedar# show web 11.6.6 config web Syntax: config web { | port } Description: Configure WEB server settings. Example: Cedar# config web on Cedar# config web port 80 11.6.
Cedar 880AG Dual-Radio AP/Bridge Description: Display SNMP configuration. Example: Cedar# show snmp 11.6.8 config snmp Syntax: config snmp { | community { [name ] [write < on | off>] } } Description: Configure SNMP community settings. name: write: SNMP community name. Enable or disable write privilege.
Cedar 880AG Dual-Radio AP/Bridge 11.6.10 config syslog Syntax: config syslog { | clear} Description: Configure system log settings. Example: Cedar# config syslog on Cedar# config syslog clear 11.7 Miscellaneous Commands 11.7.1 ping Syntax: ping Description: A utility to test the network connection between two hosts. Example: Cedar# ping 100.100.100.1 11.7.
Cedar 880AG Dual-Radio AP/Bridge Description: A network utility to retrieve network routing path information. Example: Cedar# traceroute www.yahoo.com 11.7.3 show arp Syntax: show arp Description: Display ARP table information. Example: Cedar# show arp 11.7.4 show memory Syntax: show memory Description: Display system memory usage information. Example: Cedar# show memory 11.8 Examples 11.8.1 System Commands Here are some examples of how to execute system commands using the Command Line Interface.
Cedar 880AG Dual-Radio AP/Bridge 2. To change the login password: Cedar# config system password Current Password: New Password: Re-confirmed: 3. To change the privilege password: Cedar# config system enable_password Current Password: New Password: Re-confirmed: 4. To change the SNTP offset to Pacific Standard Time zone. Cedar# config sntp offset –8 5. To upgrade the firmware: Cedar# upgrade ftp server 192.168.15.184 username admin password xxxx file cedar880ag-05172005-1.0.0.120a.bin 6.
Cedar 880AG Dual-Radio AP/Bridge 3. Configure domain name servers. For example, change the primary DNS to 192.168.1.1 Cedar# config primary dns 192.168.1.1 Cedar# show ip dns 4. Save the configuration changes. Cedar# config save 5. Configure management VLAN ID, for example 4094. Cedar# config vlan mgmt_vid 4094 Cedar# show vlan all 11.8.3 1. 802.1x Authentication Create some 802.1x user entries in a Cypress RADIUS server.
Cedar 880AG Dual-Radio AP/Bridge 2. Create a RADIUS profile. Cedar# config auth radius profile add myRADIUS Cedar# config auth radius profile myRADIUS primary_auth_ip 192.168.1.1 Cedar# config auth radius profile myRADIUS primary_auth_secret xxx Cedar# show auth profile myRADIUS 3. Configure a MAC authentication profile. Cedar# config auth mac profile add myMAC Cedar# config auth mac profile myMAC auth_method radius Cedar# show auth profile myMAC 4. Save the configuration changes.
Cedar 880AG Dual-Radio AP/Bridge Cedar# config wlan add myWLAN Cedar# config wlan myWLAN ssid myWLAN Cedar# config wlan myWLAN associate open encrypt wep Cedar# config wlan myWLAN default_wep_key 0 wep_key_0 wepke Cedar# config wlan myWLAN radius_profile myRADIUS Cedar# config wlan myWLAN mac_auth_profile myMAC Cedar# config wlan myWLAN mac_auth on Cedar# show wlan myWLAN 2. Add this WLAN to Radio 2. Cedar# config radio 2 wlanadd myWLAN Cedar# show radio 2 3. Save the configuration changes.
Cedar 880AG Dual-Radio AP/Bridge 1. Configure management VLAN ID, for example 4094. Cedar# config vlan mgmt_vid 4094 Cedar# show vlan all 1 Create a WLAN with VLAN ID. Cedar# config wlan add myWLAN Cedar# config wlan myWLAN ssid myWLAN vid 4094 Cedar# config wlan myWLAN associate wpa encrypt tkip Cedar# config wlan myWLAN radius_profile myRADIUS Cedar# config wlan myWLAN 8021x_auth_profile my8021x Cedar# config wlan myWLAN 8021x_auth on Cedar# show wlan myWLAN 2 Follow instructions in Chapter 11.8.
Cedar 880AG Dual-Radio AP/Bridge Appendix I - Recovery Procedure If you are not able to receive the login prompt from Cedar via the console port, your AP may have been corrupted. Please follow the procedure described below to recover the AP. 1. Download the firmware burner (FwBurner) and firmware images (FwFlash.img) from the Intelicis website support.intelicis.com and save them in a TFTP server. Do not change the names of the images. Configure the IP of the TFTP server to 192.168.1.237. 2.
Cedar 880AG Dual-Radio AP/Bridge Ethernet eth0: MAC address 00:03:7f:e0:02:bf IP: 192.168.1.1/255.255.255.0, Gateway: 192.168.1.237 Default server: 192.168.1.237, DNS server IP: 192.168.1.237 RedBoot(tm) bootstrap and debug environment [RAM] Non-certified release, version v2_0 - built 18:22:58, May 13 2006 Copyright (C) 2000, 2001, 2002, Red Hat, Inc. Copyright (C) 2005, Devicescape Software, Inc.