Enterasys RoamAbout ® Wireless Networking RBT-4102 Wireless Access Point Configuration Guide P/N 9034186-05
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
Enterasys Networks, Inc. Firmware License Agreement BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc.
If the Program is exported from the United States pursuant to the License Exception TSR under the U.S.
11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement.
Enterasys Networks, Inc. Software License Agreement This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. on behalf of itself and its Affiliates (“Enterasys”) that sets forth your rights and obligations with respect to the software contained in CD‐ROM or other media.
to Enterasys. 5. PROTECTION AND SECURITY. In the performance of this Agreement or in contemplation thereof, You and your employees and agents may have access to private or confidential information owned or controlled by Enterasys relating to the Licensed Materials supplied hereunder including, but not limited to, product specifications and schematics, and such information may contain proprietary details and disclosures.
. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The Licensed Materials (i) were developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 (a) through (d) of the Commercial Computer Software‐Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers.
viii
Contents Preface Purpose of This Manual ................................................................................................................................... xiii Intended Audience ........................................................................................................................................... xiii Firmware Version Support ...............................................................................................................................
Using Web Management to Configure Authentication ........................................................................... 4-16 Using the CLI to Configure Authentication ............................................................................................. 4-17 Filter Control and VLANs .............................................................................................................................. 4-18 Using Web Management to Configure Filter Control and VLANs .........................
Security ......................................................................................................................................................... 4-78 Wired Equivalent Privacy (WEP) ............................................................................................................ 4-79 Using Web Management to Configure Security Settings ....................................................................... 4-79 Using the CLI to Configure WPA Pre-Shared Key ........................
xii
Preface Purpose of This Manual This manual provides configuration instructions for the RoamAbout RBT‐4102 Access Point using Web management and the Command Line Interface (CLI). For complete CLI information, refer to the Enterasys RoamAbout RBT‐4102 Wireless Access Point Command Line Interface Reference Guide. Intended Audience This manual is intended for the wireless network manager who will configure the Enterasys RoamAbout 4102 Access Point.
The following conventions are used in the text of this document: Convention Description Bold font Indicates mandatory keywords, parameters or keyboard keys. italic font Indicates complete document titles, and command parameters. Courier font Used for examples of information displayed on the screen. Courier font in italics Indicates a user-supplied value, either required or optional. [] Square brackets indicate an optional value. {} Braces indicate required values.
1 Introduction Overview The RoamAbout RBT‐4102, RBT‐4102‐BG, and RBT‐4102‐EU, are IEEE 802.11a/b/g access points that provide transparent, wireless high‐speed data communications between the wired LAN (WLAN) and fixed or mobile devices equipped with an 802.11a, 802.11b, or 802.11g wireless adapter. This solution offers fast, reliable wireless connectivity with considerable cost savings over wired LANs (which include long‐term maintenance overhead for cabling). Using 802.11a and 802.
Features Features The features and benefits of the RBT‐4102 include the following: • Local network connection via 10/100 Mbps Ethernet ports or 54 Mbps wireless interface (supporting up to 255 mobile users per radio). • IEEE 802.11a, 802.11b, and 802.11g compliant. • Rogue AP Detection provides the ability to scan the airwaves and collect information about access points in the area. This feature detects neighboring access points and access points not authorized to participate in the network.
Applications The supported functions allow a security administrator to configure the RBT‐4102 as follows: • Grant restricted access to an un‐authenticated guest user. • Grant access to an authenticated user with an assigned role. • Support a default role for un‐authenticated users or authenticated users without authorization information. • Control access by IP subnet or address range. • Control access by TCP/UDP port number. • Fifty roles, with a maximum of 50 rules per role.
Applications 1-4 Introduction
2 Network Configuration Overview The wireless solution supports a stand‐alone wireless network configuration as well as an integrated configuration with 10/100 Mbps Ethernet LANs. Wireless network cards, adapters, and access points can be configured as: • Ad hoc for departmental, SOHO, or enterprise LANs • Infrastructure for wireless LANs • Infrastructure wireless LAN for roaming wireless PCs The 802.11b and 802.11g frequency band which operates at 2.
Network Topologies Network Topologies Ad Hoc Wireless LAN (no Access Point or Bridge) An ad hoc wireless LAN consists of a group of computers, each equipped with a wireless adapter, connected via radio signals as an independent wireless LAN. Computers in a specific ad hoc wireless LAN must therefore be configured to the same radio channel. Figure 2‐1 shows an example of this configuration.
Network Topologies Infrastructure Wireless LAN The access point also provides access to a wired LAN for wireless workstations. An integrated wired/wireless LAN is called an infrastructure configuration. A Basic Service Set (BSS) consists of a group of wireless PC users, and an access point that is directly connected to the wired LAN.
Network Topologies Infrastructure Wireless LAN for Roaming Wireless PCs The Basic Service Set (BSS) defines the communications domain for each access point and its associated wireless clients. The BSS ID is a 48‐bit binary number based on the access point’s wireless MAC address, and is set automatically and transparently as clients associate with the access point. The BSS ID is used in frames sent between the access point and its clients to identify traffic in the service area.
Network Topologies Infrastructure Wireless Bridge The IEEE 802.11 standard defines a Wireless Distribution System (WDS) for bridge connections between BSS areas (access points). The access point uses WDS to forward traffic on links between units. The access point supports WDS bridge links on either the 5 GHz (802.11a) or 2.4 GHz (802.11b/g) bands and can be used with various external antennas to offer flexible deployment options.
Network Topologies 2-6 Network Configuration
3 Initial Configuration Overview You can manage the Enterasys RoamAbout RBT‐4102 with: • The Command Line Interface (CLI) accessed through a direct connection to the console port. For a description of how to use the CLI, and command descriptions, refer to the Enterasys RoamAbout RBT‐4102 Wireless Access Point Command Line Interface Reference Guide. • The web interface accessed through a web browser (Internet Explorer V5.0 or above, or Netscape Navigator V6.2 or above).
Initial Setup Using the CLI • Set the emulation mode to VT100. • When using HyperTerminal, select Terminal keys, not Windows keys. Note: When using HyperTerminal with Microsoft® Windows® 2000, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service packs. 4.
Initial Setup Using the CLI RICO, QA-QATAR, RO-ROMANIA, RU-RUSSIA, SA-SAUDI ARABIA, SG-SINGAPORE, SK-SLOVAK REPUBLIC, SI-SLOVENIA, ZA-SOUTH AFRICA, ES-SPAIN, SE-SWEDEN, CH-SWITZERLAND, SY-SYRIA, TW-TAIWAN, TH-THAILAND, TT-TRINIDAD & TOBAGO, TN-TUNISIA, TR-TURKEY, UA-UKRAINE, AE-UNITED ARAB EMIRATES, GB-UNITED KINGDOM, UY-URUGUAY, UZ-UZBEKISTAN, VE-VENEZUELA, VN-VIETNAM, YE-YEMEN, ZW-ZIMBABWE b.
Initial Setup Using the CLI 4. Change the default username and password: type username and specify a unique user name; type password and specify a unique password. RoamAbout 4102(config)#username KarenBD RoamAbout 4102(config)#password ****** Confirm new password: ****** RoamAbout 4102(config)# 5. To specify the management VLAN ID, type management‐vlanid and specify a management vlanid. Note: You must set up the network switch port to support tagged VLAN packets from the access point.
Initial Setup Using the CLI . • If applicable, the County Code page appears, go to step 3. • If the Country Code page does not appear, go to step 4. 3. If applicable, set the Country: a. Click on the arrow in the Country pull‐down menu to select the appropriate country, then click Apply at the bottom of the page. b. Click Administration from the menu on the left‐hand side of the page. The Administration page appears.
Initial Setup Using the CLI ```` c. Click the Reset button next to Reset Access Point, located at the bottom of the page. The access point prompts you to confirm that you want to reboot the system. d. Click OK. The access point reboots, and the Login window appears. e. Enter the username admin and the password password, and click LOGIN. The Identification window appears. f. 3-6 Initial Configuration Go to step 4.
Initial Setup Using the CLI 4. Enter the following information, and click Apply. • System Name is an alias used for the access point, enabling the device to be uniquely identified on the network. Default: RoamAbout AP. Length: 1 to 22 characters • System Location is a text string that describes the system location. Maximum length: 253 characters • System Contact is a text string that describes the system contact. Maximum length: 253 characters The access point displays a Settings Saved message. Click OK.
Initial Setup Using the CLI b. Click the DHCP Client: Disable radio button. DHCP allows you to enable or disable the option to obtain the IP settings for the access point from a DHCP (Dynamic Host Configuration Protocol) server. The IP address, subnet mask, default gateway, and Domain Name Server (DNS) address are dynamically assigned to the access point by the network DHCP server. Default: Enable c. Specify the IP Address, Subnet Mask, Default Gateway, and Primary and Secondary DNS.
Initial Setup Using the CLI f. Click Administration from the menu on the left‐hand side of the page. The Administration page appears. g. Click the Reset button next to Reset Access Point, located at the bottom of the page. The access point prompts you to confirm that you want to reboot the system. h. Click OK. The access point reboots. i. Type the IP address that you specified for the access point in your browser’s address field. For example, enter http://10.2.101.22/. The Login window appears. j.
Initial Setup Using the CLI c. Specify a new password in the Password field. d. Specify the new password again in the Confirm Password field. e. Click Apply at the bottom of the page. The access point displays a Settings Saved message. f. 7. Click OK. To specify the management VLAN ID: a. Click Filter Control from the menu. The Filter Control page appears. b. Click the Management VLAN ID: field and enter the VLAN ID from which you will manage the AP.
4 Advanced Configuration Overview This chapter presents advanced configuration information organized according to the structure of the web interface for easy reference. Enterasys Networks recommends that you configure a user name and password to control management access to this device as the first advanced configuration step (refer to Administration on page 4‐39). Table 4‐1 lists the configuration options and brief descriptions.
Overview Table 4-1 Advanced Configuration (continued) Menu Description Page SNMP Controls access to this access point from management stations using SNMP, as well as the hosts that will receive trap messages. 4-30 Administration Configures user name and password for management access; upgrades software from local file, FTP, or TFTP server; resets configuration settings to factory defaults; and resets the access point.
Identification Identification Using Web Management to Configure System Information The system information parameters for the RBT‐4102 can be left at their default settings. However, modifying these parameters can help you to more easily distinguish different devices in your network. • System Name is an alias used for the access point, enabling the device to be uniquely identified on the network. Default: RoamAbout AP.
Identification Using the CLI to Configure System Information From the config mode, use the system name command to specify a new system name. Then return to the Executive mode, and use the show system command to display the changes to the system identification settings.
TCP / IP Settings TCP / IP Settings Configuring the RBT‐4102 with an IP address expands your ability to manage the access point. A number of access point features depend on IP addressing to operate. Note: You can use the web browser interface to access the access point if the access point already has an IP address that is reachable through your network. By default, the RBT‐4102 will be automatically configured with IP settings from a Dynamic Host Configuration Protocol (DHCP) server.
TCP / IP Settings Using Web Management to Configure TCP/IP Select TCP/IP Settings from the menu. • DHCP allows you to enable or disable the option to obtain the IP settings for the access point from a DHCP (Dynamic Host Configuration Protocol) server. The IP address, subnet mask, default gateway, and Domain Name Server (DNS) address are dynamically assigned to the access point by the network DHCP server.
TCP / IP Settings If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided. Otherwise, leave the address as all zeros (0.0.0.0). – • Primary DNS and Secondary DNS are the IP addresses of the Domain Name Servers (DNS) on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.
TCP / IP Settings • Ethernet Settings The Ethernet Settings options let you control the speed and duplex setting as well as the auto‐ negotiation state of the Ethernet port. – Auto Negotiate disables or enables the negotiation state of the Ethernet port. Default: Enabled. – Speed Duplex (Admin) lets you choose from the following: 100Mbps/Full, 100Mbps/Half, 10Mbps/Full, and 10Mbps/Half. Default: 100Mbps/Half when Auto‐negotiation is enabled.
TCP / IP Settings Untagged VlanId : 1 ======================================== RoamAbout 4102# SSH Configuration To enable the SSH server, use the ip ssh‐server enable command from the CLI Ethernet interface configuration mode. To set the SSH server UDP port, use the ip ssh‐server port command. To disable the Telnet server, use the no ip telnet‐server command. To view the current settings, use the show system command from the CLI Executive mode (not shown in the following example).
TCP / IP Settings Auto Negotiate : Disable Speed-duplex(Admin) : 100Base-TX Full Duplex Speed-duplex(Oper) : 100Base-TX Full Duplex ======================================== test4102(if-ethernet)# 4-10 Advanced Configuration
RADIUS RADIUS Remote Authentication Dial‐in User Service (RADIUS) is an authentication protocol that uses software running on a central server to control access to RADIUS‐aware devices on the network. An authentication server contains a database of user credentials for each user that requires access to the network. A primary RADIUS server must be specified for the RBT‐4102 to implement IEEE 802.1x network access control and Wi‐Fi Protected Access (WPA) wireless security.
RADIUS Using Web Management to Configure RADIUS Select RADIUS from the menu. • Primary Radius Server Setup configures the following settings to use RADIUS authentication on the access point: – IP Address/Server Name specifies the IP address or host name of the RADIUS server. The IP address must be an IP Version 4 address. – Port Number is the UDP port number used by the RADIUS server for authentication. This value must match the configuration of your primary RADIUS authentication server.
RADIUS • – RADIUS Accounting enables or disables the AP to send RADIUS accounting information for clients to the RADIUS accounting server. Default: Disable – Accounting Port specifies the specific destination port for RADIUS accounting packets. A value between 1024 and 65535. This value must match the configuration of your primary RADIUS accounting server. Default: 1813 – Interim Update Timeout determines how often to send accounting updates from the access point to the server for this session.
RADIUS Table 4-2 RADIUS Attributes (continued) RADIUS Accounting Attribute Description NAS Identifier Hard coded identifier of the RADIUS Accounting client. Acct-Interim-Interval Indicates the number of seconds between each interim update in seconds for the given session.
Authentication Authentication Wireless clients can be authenticated for network access by checking their MAC address against the local database configured on the access point, or by using a database configured on a central RADIUS server. Alternatively, authentication can be implemented using the IEEE 802.1X network access control protocol. Client station MAC authentication occurs prior to the IEEE 802.1X authentication procedure configured for the access point.
Authentication Using Web Management to Configure Authentication Select Authentication from the menu. • 802.1x Supplicant allows you to enable or disable the access point as an 802.1x authentication supplicant to authenticate with the network. If enabled, you must specify: 4-16 – Username: the username that the access point uses to authenticate to the network. Range: 1 to 32 characters – Password: the password that the access point uses to authenticate to the network.
Authentication Using the CLI to Configure Authentication Use the 802.1x supplicant user command from the global configuration mode to specify the username and password that the access points uses for authentication with the network. Use the 802.1x supplicant command to enable the access point as an 802.1x supplicant. To display the current settings, use the show authentication command from the Executive mode. Use the no 8021.x supplication command from the global configuration mode to disable.
Filter Control and VLANs Filter Control and VLANs The access point can employ VLAN ID and network traffic frame filtering to control access to network resources and increase security. You can prevent communications between wireless clients and prevent access point management from wireless clients. Also, you can block specific Ethernet traffic from being forwarded by the access point. Using Web Management to Configure Filter Control and VLANs Select Filter Control from the menu.
Filter Control and VLANs • Management VLAN ID specifies the management VLAN ID for the access point. The management VLAN is for managing the access point. For example, the access point allows traffic that is tagged with the specified VLAN to manage the access point via remote management, SSH, SNMP, Telnet, and so forth. VLAN management is enabled by default, and cannot be disabled. Note: You must set up the network switch port to support tagged VLAN packets from the access point.
Filter Control and VLANs Using the CLI to Configure Filter Control and VLANs CLI Commands for VLAN Support From the global configuration mode, use the management‐vlanid command to set the default Management VLAN ID for the Ethernet interface. VLAN tagging is enabled by default, and cannot be disabled. To view the current management VLAN settings, use the show system command. Example RoamAbout 4102#configure Enter configuration commands, one per line.
Filter Control and VLANs From the interface ethernet mode, use the untagged‐vlanid to specify a VLAN ID for the AP to use for untagged packets entering through the AP’s Ethernet port. Use the show interface command from the Executive mode to view untagged‐vlanid status. RoamAbout 4102#configure Enter configuration commands, one per line. End with CTRL/Z RoamAbout 4102(config)#interface ethernet Enter Ethernet configuration commands, one per line.
Filter Control and VLANs CLI Commands for Filtering Use the filter ibss‐relay command from the global configuration to set the mode for wireless‐to‐ wireless communications through the access point. Use the filter wireless‐ap‐manage command to restrict management access from wireless clients. Use the iapp or no iapp commands to enable or disable clients from roaming between access points.
Filter Control and VLANs SVP Commands To enable SVP, from the global configuration mode, use the svp command. To disable SVP, use the no version of the command. Use the show svp command from the Executive mode to view the SVP status. Example RoamAbout 4102#configure Enter configuration commands, one per line.
CDP Settings CDP Settings Cabletron Discovery Protocol (CDP) settings control how the AP uses CDP to discover neighbors on the physical LAN to which it connects. Using Web Management to Configure CDP Select CDP Settings from the menu. The CDP Settings page appears. Note: The Port Status overrides the Global Status. Make the same selections for both global and port status or make sure the port status settings match the behavior you want.
CDP Settings • Port Status: – Disable ‐ disables this AP from using CDP. – Enable ‐ enables this AP to use CDP and to send information about itself at the specified Transmit Frequency. – Auto ‐ enables this AP to use CDP and to send information about itself only when neighbors request information. Default: Auto Note: The Port Status overrides the Global Status.
CDP Settings Using the CLI to Configure CDP From the global configuration mode, enable cdp with the cdp auto‐enable or cdp enable commands. Specify the hold time, transmit frequency and optionally an authentication code using the cdp hold‐time, cdp tx‐frequency and cdp authentication commands. To disable cdp, use the cdp disable command. Use the show cdp command from Executive mode to display cdp settings, or to view neighbor entries or cdp traffic statics.
Rogue AP Detection Rogue AP Detection This feature scans the airwaves and collects information about access points in the area. The term “rogue AP” is used to describe an access point that is not authorized to participate on the network. It may not have the proper security settings in place. Rogue AP’s can potentially allow unauthorized users access to the network.
Rogue AP Detection • RADIUS Authentication enables the access point to discover rogue access points. Enabling RADIUS Authentication causes the access point to check the MAC address/Basic Service Set Identifier (BSSID) of each access point that it finds against a RADIUS server to determine whether the access point is allowed. With RADIUS authentication disabled, the access point can identify its neighboring access points only; it cannot identify whether the access points are allowed or are rogues.
Rogue AP Detection 802.11a : Rogue AP Status No. AP Address(BSSID) SSID Channel(MHz) RSSI Encr. ======================================================================== IBSS 802.11b/g : Rogue AP Setting ============================================================================== Rogue AP Detection : Enabled Rogue AP Authentication : Enabled Rogue AP Scan Interval : 120 minutes Rogue AP Scan Duration : 200 milliseconds Rogue AP Scan InterDuration: 2000 milliseconds 802.11b/g : Rogue AP Status No.
SNMP SNMP The access point includes an on‐board agent that supports SNMP versions 1, 2c, and 3. Access to the on‐board agent using SNMP v1 and v2c is controlled by community strings. To communicate with the access point, a management station must first submit a valid community string for authentication.
SNMP • SNMP allows you to enable or disable SNMP management access and also enables the access point to send SNMP traps (notifications). SNMP management is enabled by default. • SNMPv1 allows you to enable or disable management access from SNMPv1 clients. • Community Name (Read Only) defines the SNMP community access string that has read‐only access. Authorized management stations are only able to retrieve MIB objects.
SNMP Table 4-3 SNMP Notifications (continued) localMacAddrAuthSuccess A client station successfully authenticated its MAC address with the local database on the access point. localMacAddrAuthFail A client station failed authentication with the local MAC address database on the access point. iappStationRoamedFrom A client station roamed from another access point (identified by its IP address). iappStationRoamedTo A client station roamed to another access point (identified by its IP address).
SNMP – User specifies string to identify an SNMP user. (32 characters maximum) – Group is the name of the SNMP group to which the user is assigned (32 characters maximum). There are three pre‐defined groups: RO, RWAuth, or RWPriv. – Auth Type specifies the authentication type used for user authentication: “md5” or “none.” – Priv Type is the encryption type used for SNMP data encryption: Either DES or none. If DES is selected, a key must be entered in the Passphrase field.
SNMP • • 4-34 SNMP Targets – Target ID is the name you enter to identify the SNMP target. Maximum: 32 characters – IP Address is the IP address of the user. – UDP port is the UDP port of the server. – SNMP user is the name of the user. This name must match the name you entered in SNMP Users. – Filter ID is the filter ID that you entered in the SNMP Filter section. – Action Add adds a new target; Edt allows you to edit an existing target; Del deletes the target.
SNMP Using the CLI to Configure SNMP The access point includes an on‐board agent that supports SNMP versions 1, 2c, and 3. Access to the on‐board agent using SNMP v1 and v2c is controlled by community strings. To communicate with the access point, a management station must first submit a valid community string for authentication. Refer to the Enterasys RoamAbout RBT‐4102 Wireless Access Point Command Line Interface Reference Guide, for a complete list of SNMP commands.
SNMP localMacAddrAuthSuccess sntpServerFail systemDown Enabled Enabled Enabled pppLogonFail radiusServerChanged systemUp Enabled Enabled Enabled ============================================= RoamAbout 4102# CLI Commands for Configuring SNMPv3 Users and Groups Use the snmp‐server engine‐id command to define the SNMP v3 engine before creating groups or assigning users to groups. Use the snmp‐server group command to create groups with a specific security level.
SNMP Passphrase:**************** PrivType :DES Passphrase:**************** ============================================= RoamAbout 4102#show snmp group-assignments GroupName :TPS UserName :chris RoamAbout 4102# RoamAbout RBT-4102 Wireless Access Point Configuration Guide 4-37
SNMP CLI Commands for Configuring SNMPv3 Targets To create a notification target, use the snmp‐server targets command from the CLI configuration mode. To assign a filter to a target, use the snmp‐server filter‐assignment command. To view the current SNMP targets, use the show snmp target command from the CLI Executive mode. To view filter assignment to targets, use the show snmp filter‐assignments command. Example RoamAbout RoamAbout RoamAbout RoamAbout 4102(config)#snmp-server targets mytraps 192.168.1.
Administration Administration Changing the Password Management access to the Web and CLI interface on the RBT‐4102 is controlled through a single user name and password. You can also gain additional access security by disabling the com port after configuring the AP, and using control filters (refer to “Filter Control and VLANs” on page 4‐18). To protect access to the management interface, you should change the user name and password as soon as possible.
Administration Using Web Management to Change the Password Select Administration from the menu. • • Change Username/Password A username and password are required to configure the access point. Enterasys Networks strongly recommends that you change your password from the default value to ensure network security. – Username is the name of the user. The default name is “admin”. Length: 3‐16 characters, case sensitive. – New Password is the password for management access.
Administration Using the CLI to Change the Password Use the username and password commands from the CLI configuration mode. Example RoamAbout RoamAbout RoamAbout RoamAbout RoamAbout 4102(config)#username John 4102(config)#password **** 4102(config)#confirm password **** 4102(config)#exit 4102# Enabling and Disabling Com Port To provide more security for the access point, management access through the console port can be disabled.
Administration Upgrading Firmware You can upgrade the RBT‐4102 software from a local file on the management workstation, or from an FTP or TFTP server. New software may be provided periodically on the Wireless Web site (http://www.enterasys.com/products/wireless). After upgrading new software, you must reboot the RBT‐4102 to implement the new code. Until a reboot occurs, the RBT‐4102 will continue to run the software it was using before the upgrade started.
Administration Using Web Management to Upgrade Firmware • Current version displays the version number of code. • Local downloads an operation code image file from the Web management station to the access point using HTTP. Specify the name of the code file in the New firmware file field, either: • • – Use the Browse button to locate the image file locally on the management station. – Enter the name of the code file on the server.
Administration Using the CLI to Upgrade Firmware To download software from a TFTP/FTP Server, use the copy command from the Executive mode. The copy command requires you to specify either the file type and then the server type, or the server type and then the file type. You must then specify the file name, and IP address of the TFTP server. When the download is complete, you can use the dir command to check that the new file is present in the access point file system.
System Log System Log The RBT‐4102 can be configured to send event and error messages to a System Log Server. The system clock can also be synchronized with a time server, so that all the messages sent to the Syslog server are stamped with the correct time and date. The RBT‐4102 supports a logging process that can control error messages saved to memory or sent to a Syslog server. The logged messages serve as a valuable tool for isolating access point and network problems.
System Log • Logging Level sets the severity level for event logging. • Logging Facility‐Type specifies the syslog facility to use for messages, (16 to 23) local 0 to local 7. The system allows you to limit the messages that are logged by specifying a minimum severity level. Table 4‐4 lists the error message levels from the most severe (Emergency) to least severe (Debug). The message levels that are logged include the specified minimum level up to the Emergency level.
System Log Using the CLI to Configure System Log To enable logging on the access point, use the logging on command from the global configuration mode. The logging level command sets the minimum level of message to log. Use the logging console command to enable logging to the console. Use the logging host command to specify the Syslog servers. The logging facility‐type command sets the facility‐type number to use on the Syslog server. To view the current logging settings, use the show logging command.
System Log Using Web Management to Configure SNTP Simple Network Time Protocol (SNTP) allows the RBT‐4102 to set its internal clock based on periodic updates from a time server. Maintaining an accurate time on the access point enables the system log to record meaningful dates and times for event entries. The RBT‐4102 acts as an SNTP client, periodically sending time synchronization requests to specific time servers. You can configure up to two time server IP addresses.
System Log Using the CLI to Configure SNTP To enable SNTP support on the access point, from the global configuration mode specify SNTP server IP addresses using the sntp‐server ip command, then use the sntp‐server enable command to enable the service. Use the sntp‐server timezone command to set the time zone for your location, and the sntp‐server daylight‐saving command to set daylight savings. To view the current SNTP settings, use the show sntp command from the Executive mode.
WDS and STP WDS and STP Each access point radio interface can be configured to operate in a bridge mode, which allows it to forward traffic directly to other access point units. To set up bridge links between access point units, you must configure the Wireless Distribution System (WDS) forwarding table by specifying the wireless MAC address of all units to which you want to forward traffic. You can specify up to eight WDS bridge links for each unit in the wireless bridge network.
WDS and STP Using Web Management to Configure WDS and STP Select WDS & STP from the menu.
WDS and STP • WDS Bridge allows you to specify up to eight WDS bridge links (MAC addresses) per radio interface for each unit in the wireless bridge network. One unit must be configured as the “root bridge” in the wireless network. The root bridge is the unit connected to the main core of the wired LAN. Other bridges need to specify one “Parent” link to the root bridge or to a bridge connected to the root bridge. The other seven WDS links are available as “Child” links to other bridges.
WDS and STP – – – – – ‐ Range: 0‐65535 ‐ Default: 32768 Bridge Max Age is the maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STP information (provided in the last configuration message) becomes the designated port for the attached LAN.
WDS and STP Using the CLI to Configure WDS To set the role of the access point radio interface, use the bridge role command from the CLI wireless interface configuration mode. Then, configure the MAC addresses of the child links to other nodes using the bridge‐link child command. If the radio interface role is set to Bridge, the MAC address of the parent node must also be configured using the bridge‐link parent command. To view the current bridge link settings, use the show bridge link command.
WDS and STP Using the CLI to Configure STP If a radio interface is set to the Bridge or Root Bridge role, STP can be enabled on the access point to maintain a valid network topology. To globally enable STP, use the bridge stp enable command from the CLI configuration mode. Then, configure the other global STP parameters for the bridge.
Radio Interface Radio Interface The IEEE 802.11a and 802.11b/g interfaces include configuration options for radio signal characteristics, Virtual APs (VAPs), and wireless security features. The configuration options for both radio interfaces are nearly identical, and are both covered in this section of the manual.
Radio Interface Radio Settings Using Web Management to Configure Interface Radio Settings Select Radio Settings under the type of interface (802.11a or 802.11b/g) that you want to configure. Note: The WMM and Virtual AP fields (not shown here) are discussed later in this section. • Interface Status disables/enables use of this default radio interface. Default: Enable. Notes: Before enabling the radio card, you must set the country selection, if applicable, using the CLI.
Radio Interface • Native VLAN ID is the VLAN ID for this default radio interface. The access point assigns this VLAN ID to all client traffic using this radio interface unless you assign unique VLAN IDs to clients through the RADIUS server using RFC 3580 (Section 3.31) tunnel attributes. Using RFC 3580 (Section 3.31) tunnel attributes, you must configure user VLAN IDs (1‐4094) on the RADIUS server for each client authorized to access the network.
Radio Interface – Right. The radio only uses the antenna on the right side (the side closest to the access point LEDs). Select this method when using an optional external antenna that is connected to the right antenna connector. – Left. The radio only uses the antenna on the left side (the side farthest from the access point LEDs). The access point does not support an external antenna connection on its left antenna. Therefore, this method is not valid for the access point.
Radio Interface – The 802.11b/g radio channel that the access point uses to communicate with wireless clients. When multiple access points are deployed in the same area, set the channel on neighboring access points at least five channels apart to avoid interference with each other. For example, in the United States you can deploy up to three access points in the same area (e.g., channels 1, 6, 11).
Radio Interface faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames. Range: 1‐255 beacons; Default: 2 beacons • Fragment Length (256‐2346) specifies an alternative frame length for packets. When transmitting data via the wireless network, your wireless network automatically splits up the file or message in a number of different packets that are re‐assembled again by the communication partner.
Radio Interface Using the CLI to Configure the 802.11a Interface Radio Settings From the global configuration mode, enter the interface wireless a command to access the 802.11a radio interface. Set the interface SSID using the ssid command and, if required, configure a name for the interface using the description command. Use the channel command to set the radio channel. Set any other parameters as required. Example RoamAbout 4102#configure Enter configuration commands, one per line.
Radio Interface To view the current 802.11a radio settings, use the show interface wireless a command.
Radio Interface AC2(Video) AC3(Voice) WMM AP Parameters AC0(Best Effort) Admission Control: No TXOP Limit: 0.000 ms : logCwMin: 3 logCwMax: Admission Control: No TXOP Limit: 3.008 ms : logCwMin: 2 logCwMax: Admission Control: No TXOP Limit: 1.504 ms 4 AIFSN: 2 3 AIFSN: 2 : logCwMin: 4 logCwMax: 6 AIFSN: 3 Admission Control: No TXOP Limit: 0.000 ms AC1(Background) : logCwMin: 4 logCwMax: 10 AIFSN: 7 Admission Control: No TXOP Limit: 0.
Radio Interface Using the CLI to Configure the 802.11b/g Interface Radio Settings From the global configuration mode, enter the interface wireless g command to access the 802.11g radio interface. Set the interface SSID using the ssid command and, if required, configure a name for the interface using the description command. You can also use the secure‐access command to stop sending the SSID in beacon messages. Select a radio channel or set selection to Auto using the channel command.
Radio Interface To view the current 802.11g radio settings, use the show interface wireless g command. Example RBT4102-230.101#show int wireless g Wireless Interface Information ========================================================================= ----------------Identification------------------------------------------Description : PSK auth for Vista client SSID : 4102-SW-101-PSK 802.11g band : 802.11b + 802.
Radio Interface AC1(Background) AC2(Video) AC3(Voice) TXOP Limit: 0.000 ms : logCwMin: 4 logCwMax: 10 Admission Control: No TXOP Limit: 0.000 ms : logCwMin: 3 logCwMax: 4 Admission Control: No TXOP Limit: 3.008 ms : logCwMin: 2 logCwMax: 3 Admission Control: No TXOP Limit: 1.504 ms AIFSN: 7 AIFSN: 2 AIFSN: 2 WMM AP Parameters AC0(Best Effort) : logCwMin: 4 logCwMax: 6 AIFSN: 3 Admission Control: No TXOP Limit: 0.
Radio Interface Wi-Fi Multimedia (WMM) Configuration Wireless networks offer an equal opportunity for all devices to transmit data from any type of application. Although this is acceptable for most applications, multimedia applications (with audio and video) are particularly sensitive to the delay and throughput variations that result from this “equal opportunity” wireless access method.
Radio Interface After a collision detection, a backoff wait time is calculated. The total wait time is the sum of a minimum wait time (Arbitration Inter‐Frame Space, or AIFS) determined from the AIFSN, and a random backoff time calculated from a value selected from zero to the CW. The CW value varies within a configurable range. It starts at CWMin and doubles after every collision up to a maximum value, CWMax. After a successful transmission, the CW value is reset to its CWMin value.
Radio Interface – Support: WMM will be used for any associated device that supports this feature. Devices that do not support this feature may still associate with the access point. – Required: WMM must be supported on any device trying to associated with the access point. Devices that do not support this feature will not be allowed to associate with the access point. • WMM BSS Parameters – These parameters apply to the wireless clients.
Radio Interface ----------------Antenna-------------------------------------------------Antenna Select : Fixed Fixed Antenna Control : Diversity Antenna ID : 0x0000(Integrated antenna) Ack-TimeOut : 0 us ----------------802.
Radio Interface Admission Control: No TXOP Limit: 0.000 ms AC2(Video) : logCwMin: 3 logCwMax: 4 AIFSN: 1 Admission Control: No TXOP Limit: 3.008 ms AC3(Voice) : logCwMin: 2 logCwMax: 3 AIFSN: 1 Admission Control: No TXOP Limit: 1.504 ms ========================================================================= RBT4102-230.
Radio Interface Virtual APs (VAPs) Configuration In addition to defining network characteristics for the default radio interface, you can define network characteristics for up to seven VAPs per radio interface. Each default radio interface and VAP has its own unique Service Set Identifier (SSID) with which clients can associate, using a variety of security and authentication options. Using Web Management to Configure Virtual APs Select Radio Settings under the type of interface (802.11a or 802.
Radio Interface – – Secure Access specifies whether clients can access the default radio interface network by discovering and automatically configuring the SSID, or whether clients must be already configured with the SSID. Default: Disable ‐ Enabled specifies that this VAP denies access to wireless clients that do not have its network name (SSID) already configured.
Radio Interface Using the CLI to Configure Virtual APs From the global configuration mode, enter the interface wireless a command to access the 802.11a radio interface, or the interface wireless g command to access the 802.11g radio interface. Use the vap [1‐7] command to specify the VAP you want to configure and to enter VAP mode. Set the VAP SSID using the ssid command and, if required, configure a name for the VAP using the description command.
Radio Interface To view VAP settings, use the show interface wireless command. AP4102-230.108#show interface wireless g 1 Wireless Interface Information ========================================================================= ----------------Identification------------------------------------------Description : RoamAbout AP4102 - 802.11b/g SSID : SW-4102-faculty 802.11g band : 802.11b + 802.
Radio Interface AC2(Video) AC3(Voice) Admission Control: No TXOP Limit: 0.000 ms : logCwMin: 3 logCwMax: Admission Control: No TXOP Limit: 3.008 ms : logCwMin: 2 logCwMax: Admission Control: No TXOP Limit: 1.504 ms 4 AIFSN: 2 3 AIFSN: 2 WMM AP Parameters AC0(Best Effort) : logCwMin: 4 logCwMax: 6 AIFSN: 3 Admission Control: No TXOP Limit: 0.000 ms AC1(Background) : logCwMin: 4 logCwMax: 10 AIFSN: 7 Admission Control: No TXOP Limit: 0.
Security Security The access point is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID. Wireless clients with an SSID setting of “any” can read the SSID from the beacon and automatically set their SSID to allow immediate connection to the nearest access point. The security mechanisms that you may employ depend upon the level of security required, the network and management resources available, and the software support provided on wireless clients.
Security Wired Equivalent Privacy (WEP) WEP provides a basic level of security, preventing unauthorized access to the network and encrypting data transmitted between wireless clients and the access point. WEP uses static shared keys (fixed‐length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network. WEP is the security protocol initially specified in the IEEE 802.11 standard for wireless communications.
Security – Key Type specifies the preferred method of entering WEP encryption keys on the access point and enter up to four keys: ‐ Hexadecimal: Enter keys as 10 hexadecimal digits (0 to 9 and A to F) for 64 bit keys, 26 hexadecimal digits for 128 bit keys, or 32 hexadecimal digits for 152 bit keys. ‐ Alphanumeric: Enter keys as 5 alphanumeric characters for 64 bit keys, 13 alphanumeric characters for 128 bit keys, or 16 alphanumeric characters for 152 bit keys.
Security RoamAbout RBT-4102 Wireless Access Point Configuration Guide 4-81
Security • Pre‐Authentication. If Pre‐Authentication is enabled, a WPA2 wireless client can perform an 802.1X authentication with other wireless access points in its range when it is still connected to its current wireless access point. To use Pre‐Authentication, you must have the following: • – Wireless network adaptors that support WPA2. – Windows XP wireless network adaptor drivers that support the passing of WPA2 capabilities to Windows Wireless Auto Configuration.
Security – • • • • Supported ‐ allows WPA‐enabled clients and clients only capable of supporting WEP to access the network. WPA Key Management: You can configure WPA to work in an enterprise environment using IEEE 802.1x and a RADIUS server for user authentication. For smaller networks, you can configure WPA using a common pre‐shared key for client authentication with the access point. – WPA authentication over 802.1x sets this radio interface or VAP to the WPA enterprise mode.
Security The 802.1x EAP packets are also used to pass dynamic unicast session keys and static broadcast keys to wireless clients. Session keys are unique to each client and are used to encrypt and correlate traffic passing between a specific client and the access point. You can also enable broadcast key rotation, so the access point provides a dynamic broadcast key and changes it at a specified interval. You can enable 802.
Security If you specify RADIUS MAC for this default interface or VAP, you must specify the following parameters: – MAC Authentication Password specifies the authentication password this radio interface or VAP sends to the RADIUS server to authenticate MAC addresses. – MAC Authentication Session Timeout specifies the amount of time after which you want a MAC authentication session to timeout between the AP and the RADIUS server.
Security Using the CLI to Configure WPA Pre-Shared Key To enter a key value, use the wpa‐psk‐type command to specify a hexadecimal or alphanumeric key, and then use the wpa‐preshared‐key command to define the key. To view the current security settings, use the show interface wireless a or show interface wireless g command (not shown in example). Example RoamAbout 4102#configure RoamAbout 4102(config)#no 802.1X RoamAbout 4102(config)#interface wireless g Enter Wireless configuration commands, one per line.
Security To view the current security settings, use the show interface wireless a or show interface wireless g command. Example RBT4102-230.
Security AC1(Background) AC2(Video) AC3(Voice) WMM AP Parameters AC0(Best Effort) : logCwMin: 4 logCwMax: 10 Admission Control: No TXOP Limit: 0.000 ms : logCwMin: 3 logCwMax: 4 Admission Control: No TXOP Limit: 3.008 ms : logCwMin: 2 logCwMax: 3 Admission Control: No TXOP Limit: 1.504 ms AIFSN: 7 AIFSN: 2 AIFSN: 2 : logCwMin: 4 logCwMax: 6 AIFSN: 3 Admission Control: No TXOP Limit: 0.000 ms AC1(Background) : logCwMin: 4 logCwMax: 10 AIFSN: 7 Admission Control: No TXOP Limit: 0.
Security Using the CLI to Configure Local MAC Authentication Use the mac‐authentication server command from the Interface Wireless or Interface Wireless: VAP configuration modes to enable local MAC authentication. Set the default behavior (allow or deny) for all unknown MAC addresses using the mac‐access permission command. Use the mac‐ access entry command to update the local table by entering, changing and removing MAC addresses.
Security 802.11a 802.
Security Using the CLI to Configure RADIUS MAC Authentication Use the mac‐authentication server command from the Interface Wireless or Interface Wireless: VAP configuration modes to enable remote MAC authentication. Set the timeout value for re‐ authentication using the mac‐authentication session‐timeout command. Specify a password for the AP to send to the RADIUS server for MAC authentication using the mac‐authentication password command.
Security To display the current settings, use the show authentication command from the Executive mode. Example RoamAbout 4102#show authentication 802.
Security Using the CLI to Configure WEP Shared Key Security From the interface wireless or interface wireless: VAP configuration modes, use the authentication command to enable WEP shared‐key authentication and the encryption command to enable WEP encryption. Use the cipher ‐suite command to select WEP cipher type for broadcasting and multicasting. To enter WEP keys, use the key command (from the interface wireless mode only), and then set one key as the transmit key using the transmit‐key command.
Security To view the current security settings, use the show interface wireless a or show interface wireless g command. RoamAbout 4102#show interface wireless g Wireless Interface Information ======================================================================= ----------------Identification------------------------------------------Description : RoamAbout AP4102 - 802.11b/g SSID : WPA 802.11g band : 802.11b + 802.
Security Using the CLI to Configure WEP over 802.1x Security From the interface wireless or interface wireless: VAP configuration modes, use the authentication command to select open system authentication. Use the cipher‐suite command to select WEP cipher type. Set 802.1x to required with 802.1x command. Disable MAC authentication with the no mac‐authentication command. Examples RoamAbout 4102#configure Enter configuration commands, one per line.
Security WPA Key Mgmt Mode WPA PSK Key Type Encryption Default Transmit Key Common Static Keys DYNAMIC HEX 64-BIT ENCRYPTION 1 Key 1: ***** Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Pre-Authentication : Disabled Authentication Type : OPEN ----------------Authentication Parameters--------------------------------802.1X : REQUIRED Broadcast Key Refresh Rate : 0 min Session Key Refresh Rate : 0 min 802.
Security Using the CLI to Configure WPA2 Security From the interface wireless or interface wireless: VAP configuration modes, use the authentication command to select the wpa2 required authentication. Examples RoamAbout 4102(config)#interface wireless g Enter Wireless configuration commands, one per line. RoamAbout 4102(if-wireless g)#authentication wpa2 required Data Encryption is set to Enabled. WPA Clients Mode is set to Disabled. WPA2 Clients Mode is set to Required.
Security WPA PSK Key Type Encryption Default Transmit Key Common Static Keys HEX 64-BIT ENCRYPTION 1 Key 1: ***** Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Pre-Authentication : Disabled Authentication Type : WPA2-ONLY ----------------Authentication Parameters--------------------------------802.1X : REQUIRED Broadcast Key Refresh Rate : 0 min Session Key Refresh Rate : 0 min 802.
Security Using the CLI to Configure WPA2 Pre-Shared Key Security From the interface wireless or interface wireless: VAP configuration modes, use the authentication command to select wpa2‐psk authentication. Use the wpa‐pre‐shared‐key password command to enter a password. Examples RoamAbout 4102# RoamAbout 4102#configure Enter configuration commands, one per line. End with CTRL/Z RoamAbout 4102(config)#int wireless g Enter Wireless configuration commands, one per line.
Security Multicast cipher Unicast cipher PMKSA Lifetime WPA clients WPA Key Mgmt Mode WPA PSK Key Type Encryption Default Transmit Key Common Static Keys AES AES 720 minutes REQUIRED PRE SHARED KEY ALPHANUMERIC 64-BIT ENCRYPTION 1 Key 1: ***** Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Pre-Authentication : Disabled Authentication Type : WPA2-PSK ----------------Authentication Parameters--------------------------------802.1X : DISABLED Broadcast Key Refresh Rate : 0 min Session Key Refresh Rate : 0 min 802.
Status Information Status Information Status information is described in Table 4‐8. Table 4-8 Status Menu Description AP Status Displays configuration settings for the basic system and the wireless interface CDP Status Displays information about neighbors with which this AP exchanges Cabletron Discovery Protocol (CDP) packets and information about packets exchanged. Station Status Displays the wireless clients currently associated with the access point.
Status Information Using Web Management to View AP Status Select AP Status from the menu.
Status Information AP System Configuration displays the following basic system configuration settings: • System Up Time is the length of time the management agent has been up. • MAC Address is the physical layer address for the device. • System Name is the name assigned to this system. • System Contact is the administrator responsible for the system. • IP Address is the IP address of the management interface for this device.
Status Information Using the CLI to Display AP Status To view the current access point system settings, use the show system command from the Executive mode. To view the current radio interface settings, use the show interface wireless a or show interface wireless g command. Examples .
Status Information Using Web Management to View CDP Status The CDP Status window shows the CDP enabled devices currently associated with the access point. Select CDP Status from the menu. Neighbors Information displays the following details of neighboring CDP enabled devices: • IP Address – IP address of the management interface for the neighboring device. • MAC Address – The physical layer address for the neighboring device. • Time Mark – Time at which the device was detected.
Status Information Using the CLI to Display CDP Status Use the cdp enable or cdp auto‐enable commands from the general configuration mode to enable the AP to use CDP. Set CDP parameters using the cdp hold‐time, cdp tx‐frequency, and cdp authentication commands. To view the current CDP settings, use the show cdp command from the Executive mode. Example RoamAbout 4102#configure Enter configuration commands, one per line.
Status Information Using Web Management to View Station Status The Station Status window displays the status of stations associated with the default radio interfaces and any VAPs configured for each radio interface This page is refreshed every five seconds. Select Station Status from the menu.
Status Information 4-108 • Station Address is the MAC address of the wireless client. • Authenticated displays if the station has been authenticated. The two basic methods of authentication supported for 802.11 wireless networks are “open system” and “shared key.” Open‐system authentication accepts any client attempting to connect to the access point without verifying its identity.
Status Information Using Web Management to View Neighbor AP Detection Status The Neighbor AP Detection Status window shows the wireless clients currently associated with the access point. Select Neighbor AP Detection Status from the menu. The Web interface displays a list of 802.11a and a list of 802.11b/g neighbors detected. Click the appropriate radio button to Sort by: BSSID, Channel, SSID, RSSI and then click Save as Default to display the 802.11a or 802.
Status Information Using the CLI to View Neighbor AP Detection Status To view the neighbor AP detection results of a rogue AP scan, use the show rogue‐ap command from the Executive mode. Example RoamAbout 4102#show rogue-ap 802.
Status Information Using Web Management to View WDS-STP Status Select WDS‐STP Status from the menu. • Port number is the designated port. • Priority defines the priority of the port in STP. If the path cost for all ports on a switch are the same, the port with the highest priority (for example, the lowest value), will be configured as an active link in the spanning tree. • Path Cost is used by STP to determine the best path between devices. Path takes precedence over priority.
Status Information Using the CLI to View WDS-STP Status To view the status information shown in the WDS‐STP Status web page, you will need to enter several commands. This section breaks up the commands that you will need to show complete screen examples. All examples display the choices available for the commands.
Status Information show bridge link Child Status The following example uses the show bridge link command, from the Executive mode, to display the status for each Child connection.
Status Information Root Bridge Status The following example uses the show bridge link command, from the Executive mode, to display the root bridge status.
Status Information Using Web Management to View Event Logs The Event Logs window shows the log messages generated by the access point and stored in memory. The Clear Logs button clears all event logs. Event Logs displays the following information: • Log Time is the time the log message was generated. • Event Level is the logging level associated with this message. For a description of the various levels, refer to “Logging Level Descriptions” on page 4‐46.
Status Information Using the CLI to View Event Logs From the global configuration mode, use the show logging command. Examples RoamAbout 4102#show logging Logging Information ============================================ Syslog State : Enabled Logging Console State : Enabled Logging Level : Alert Logging Facility Type : 16 Servers 1: 192.168.1.19, UDP Port: 514, State: Enabled 2: 0.0.0.0, UDP Port: 514, State: Disabled 3: 0.0.0.0, UDP Port: 514, State: Disabled 4: 0.0.0.
Status Information Oct 21 10:15:51 Notice: 802.11b/g VAP2:Station Associated: 00-e0-63-50-3d-eb Oct 21 10:15:51 Notice: 802.11b/g VAP2:Station Forwarding: 00-e0-63-50-3d-eb Encryption key type=STATIC WEP Press next. previous. abort. continue to end : Oct 21 10:15:51 Notice: 802.11b/g VAP2:Station Authenticated: 00-e0-63-50-3d-eb Oct 21 10:15:51 Notice: Successful Local MAC Address Authentication for station 00-E0-6350-3D-EB on Radio b/g VAP 2 Oct 21 10:15:35 Notice: 802.
Status Information 4-118 Advanced Configuration
A Default Settings This appendix lists the access point system defaults. To reset the access point defaults, refer to the CLI command “reset configuration” from the Executive level prompt. Feature Parameter Default Identification System Name RoamAbout AP Administration User Name admin Password password Com Port Enabled DHCP Enabled HTTP Server Enabled HTTP Port 80 HTTPS Server Enabled HTTPS Port 443 SSH Server Enabled SSH Server Port 22 IP Telnet Server Enabled IP Address 192.
Feature Parameter Default CDP CDP Auto Enable Auto Hold Time 180 (seconds) Tx Frequency 60 (seconds) Port Settings Auto Management VLAN Disabled Management VLAN ID 1 VLAN Disabled Native VLAN 1 Untagged VLAN ID 1 IAPP IAPP Enabled Filter Control IBSS Relay All VAP Wireless AP Management Disabled Ethernet Type Filter Disabled Interface a Disabled Interface b/g Disabled Duration 350 (milliseconds) Interduration 3000 (milliseconds) Interval 720 (minutes) Authentication
Feature Parameter Default System Log Syslog Setup Disabled Logging Console Disabled Logging Level Error Logging Facility Type 16 SNTP Server Disabled SNTP Primary Server 137.92.140.80 SNTP Secondary Server 192.43.244.18 SNTP Server Date-Time 00:00, January 1st, 2000 Daylight Savings Disabled Bridge Disabled Channel Auto Sync Disabled Bridge Priority 32768 Bridge Max Age 20 Bridge Hello Time 2 Bridge Forwarding Delay 15 WDS & STP Spanning Tree 802.11a/802.
Feature Wireless Interface 802.11a (Continued) Wireless Security 802.
Feature MAC Authentication 802.1x Authentication Wireless Interface 802.11b/g Parameter Default MAC Authentication Local MAC System Default Allowed Session Timeout 0 (disabled) Password NOPASSWORD Status Disabled Broadcast Key Refresh 0 minutes (disabled) Session Key Refresh 0 minutes (disabled) Session Timeout 60 minutes (disabled) Radio Settings Enabled Description RoamAbout AP4102 - 802.
Feature Wireless Interface 802.11b/g (Continued) Wireless Security 802.11b/g MAC Authentication 802.
B Troubleshooting Troubleshooting Steps Check the following items before contacting technical support. 1. If wireless clients cannot access the network, check the following: a. Be sure the access point and the wireless clients are configured with the same Service Set ID (SSID). b. If authentication or encryption are enabled, ensure that the wireless clients are properly configured with the appropriate authentication or encryption keys. c.
Troubleshooting Steps 3. 4. If you cannot access the on‐board configuration program via a serial port connection: a. Be sure you have set the terminal emulator program to VT100 compatible, 8 data bits, 1 stop bit, no parity and 9600 bps. b. Check that the null‐modem serial cable conforms to the pin‐out connections provided in the RoamAbout Wireless RBT‐4102 Installation Guide.
Maximum Distance Tables Maximum Distance Tables Table B‐1 through Table B‐3 list the wireless distances. The operating range distances listed in the following tables are for typical environments only. Operating ranges can vary considerably depending on factors such as local interference and barrier composition. It is recommended to do a site survey to determine the maximum ranges for specific access point locations in your environment. Table B-1 802.
Maximum Distance Tables B-4 Troubleshooting
Index Numerics 802.1D tags WWM 4-68 802.1x description 4-83 enable options 4-84 session key refresh rate 4-84 session timeout 4-84 802.
Logging Console 4-45 Logging level 4-46 Lost password B-2 M MAC address authentication 4-84 MAC Authentication MAC address username 4-11 RADIUS server password required 4-11 MAC Authentication Settings 4-85 MAC Authentication table 4-85 Maximum Associations 4-58 Maximum data rate 802.
V VLAN configuration 4-58 native ID 4-58 VLAN ID 4-19 VLAN ID RADIUS Attributes 4-58 VLAN IDs 4-58 VLANs 4-18 W WDS 4-50 bridge 4-52 CLI 4-54 WDS & STP web management 4-51 Web Management SNMP 4-30 WMM 4-69 Web management administration 4-40 authentication 4-16 CDP 4-24 com port 4-41 configuration page descriptions 4-1 default username and password 3-5 Filter Control 4-18 initial configuration 3-4 Radio settings 4-57 system log 4-45 VLANS 4-18 WDS & STP 4-51 WEP 4-79 configuring 4-79, 4-82 shared key 4-83 W
Index-4