2600-00FK1RGA4 Ver. 6.
COPYRIGHT This manual is proprietary to SAMSUNG Electronics Co., Ltd. and is protected by copyright. No information contained herein may be copied, translated, transcribed or duplicated for any commercial purposes or disclosed to the third party in any form without the prior written consent of SAMSUNG Electronics Co., Ltd. TRADEMARKS Product names mentioned in this manual may be trademarks and/or registered trademarks of their respective companies.
INTRODUCTION INTRODUCTION Purpose This manual describes the overview, management, and setup of WEC8500/WEC8050 that is a Samsung Wireless Enterprise (W-EP) Access Point Controller (APC). This manual is written for WEC8500 version 1.4.4, WEC8050 version 1.0.0. Document Content and Organization This manual consists of ten Chapters, three Annexes, and a list of Abbreviations. CHAPTER 1.
INTRODUCTION CHAPTER 7. WLAN Additional Service This chapter describes how to set up WLAN additional services available in the APC. CHAPTER 8. Security This chapter describes how to set up security related setting such as Remote Authentication Dial-In User Service (RADIUS) server available in the APC, unauthorized AP detection and blocking function, guest access, WEB pass-through, Network Address Translation (NAT), firewall function, etc. CHAPTER 9.
INTRODUCTION Console Screen Output The lined box with ‘Courier New’ font will be used to distinguish between the main content and console output screen text. ‘Bold Courier New’ font will indicate the value entered by the operator on the console screen. Revision History VERSION DATE OF ISSUE 6.0 12. 2014. REMARKS Updated the content overall in accordance with the package version 2.4.0 5.0 05. 2014. Updated the content overall in accordance with the package version 2.0.0 4.0 01. 2014.
TABLE OF CONTENTS TABLE OF CONTENTS INTRODUCTION 3 Purpose ....................................................................................................................................... 3 Document Content and Organization .......................................................................................... 3 Conventions ................................................................................................................................ 4 Console Screen Output ....................
TABLE OF CONTENTS 2.3 Initial Setup Wizard ..................................................................................................................48 2.3.1 Overview......................................................................................................................48 2.3.2 Connecting ..................................................................................................................48 2.3.3 How to Use ...........................................................
TABLE OF CONTENTS 3.9.2 Configuring Application Group ................................................................................... 134 3.9.3 Checking Statistics by Category ................................................................................ 134 CHAPTER 4. AP Connection Management 4.1 4.2 APC Management .................................................................................................................. 139 4.1.1 Managing APC List .....................................
TABLE OF CONTENTS 5.5 5.4.3 DHCP Proxy ..............................................................................................................243 5.4.4 Option 82 Configuration .............................................................................................244 5.4.5 Primary/Secondary Server Configuration ..................................................................246 Radio Service Configuration..................................................................................
TABLE OF CONTENTS 7.4.7 Energy Saving Auto Classification ............................................................................. 297 7.5 Location Tracking .................................................................................................................. 300 7.6 Spectrum Analysis ................................................................................................................ 301 7.6.1 Retrieving Spectrum Analysis Data .............................................
TABLE OF CONTENTS 8.3 8.4 8.2.3 Enabling Blocking Function .......................................................................................370 8.2.4 Blocking .....................................................................................................................370 Captive Portal .........................................................................................................................374 8.3.1 Configuring Guest Authentication .......................................
TABLE OF CONTENTS CHAPTER 10. System Management 431 10.1 SNMP Configuration.............................................................................................................. 431 10.1.1 SNMP Community ..................................................................................................... 431 10.1.2 SNMP Trap ................................................................................................................ 432 10.2 System Management ..............................
TABLE OF CONTENTS 10.11.8 Managing File in Web UI ...........................................................................................477 10.11.9 Statistics Function ......................................................................................................480 ANNEX A. CLI Command Structure 522 A.1 configure ................................................................................................................................522 A.2 show....................................
TABLE OF CONTENTS LIST OF FIGURES Figure 1. System Structure for Wireless Enterprise Solution ...................................................... 22 Figure 2. W-EP Network Configuration ....................................................................................... 23 Figure 3. WEC8500 Interface-Front/Back ................................................................................... 26 Figure 4. System LED Configuration ......................................................................
TABLE OF CONTENTS Figure 35. VRRP-Operation Window ........................................................................................ 112 Figure 36. VRRP-Circuit Failover Window (1) ........................................................................... 112 Figure 37. VRRP-Circuit Failover Window (2) ........................................................................... 112 Figure 38. IPWATCHD Configuration Window ..........................................................................
TABLE OF CONTENTS Figure 74. Window for Configuring Local Bridging Forwarding of Remote AP Group ............... 172 Figure 75. AP Time Synchronization Configuration Options ..................................................... 174 Figure 76. Adding Access Points .............................................................................................. 175 Figure 77. AP Profile Setting (1) ............................................................................................... 179 Figure 78.
TABLE OF CONTENTS Figure 113. Dynamic WEP Configuration Window ....................................................................233 Figure 114. DHCP server configuration.....................................................................................234 Figure 115. DHCP Pool (1) .......................................................................................................240 Figure 116. DHCP Pool (2) ...........................................................................................
TABLE OF CONTENTS Figure 152. VoIP Stations Retrieval Screen .............................................................................. 324 Figure 153. Active Call Retrieval Screen .................................................................................. 325 Figure 154. Complete Calls Retrieval Screen ........................................................................... 325 Figure 155. 802.11a/n Admission Control Configuration Window .............................................
TABLE OF CONTENTS Figure 191. Web Auth Configuration Window ...........................................................................380 Figure 192. WLAN Guest Configuration Window ......................................................................383 Figure 193. WLAN Layer 2 Security Configuration Window ......................................................383 Figure 194. WLAN Web Policy Configuration Window ..............................................................384 Figure 195.
TABLE OF CONTENTS Figure 230. Telnet/SSH server configuration ............................................................................ 429 Figure 231. Adding SNMP community ...................................................................................... 432 Figure 232. SNMP trap configuration ....................................................................................... 433 Figure 233. System information ....................................................................................
CHAPTER 1. Access Point Controller System Overview CHAPTER 1. Access Point Controller System Overview 1.1 APC Overview The Samsung Access Pointer Controller (APC) comprehensively manages the user information and traffics while managing an Access Point (AP), i.e. a device that provides wireless connection service for a user terminal in a Wi-Fi environment. There are two types depending on the AP capacity; WEC8500 and WEC8050.
CHAPTER 1. Access Point Controller System Overview Legacy System IP-PBX Groupware (Mail, PIMS) Enterprise Mobile Server WLAN Network Wireless Terminal APC (WEC8500) Call Manager FFA/ERP SFA/CRM etc. Push Mail/Payment Mobile device management, etc. W-EP AP Mail, UC Service based on Android Figure 1.
CHAPTER 1. Access Point Controller System Overview 1.2 Network Configuration The network configuration of Samsung W-EP solution that includes APC is shown below. IP-PBX WEC8050/WEC8500 Router Internet WEM … Ethernet Switch … W-EP AP FMC client Figure 2. W-EP Network Configuration IP-PBX As an enterprise call manager, it is a switch required to provide the Fixed Mobile Convergence (FMC) function to a wireless terminal (optional).
CHAPTER 1. Access Point Controller System Overview W-EP AP (W-EP Wireless LAN AP) The W-EP wireless LAN AP is a device that provides wireless connection service to a user terminal. It should be installed by considering the service area or region that will be provided in an enterprise environment. Typically, the number of W-EP wireless LAN APs is determined by considering the size of installation area and the number of users to secure service coverage.
CHAPTER 1. Access Point Controller System Overview WIPS Solution It monitors the properness of the implementation of the wireless network infrastructure by detecting penetration via unauthorized wireless equipment installed in the internal network, the detoured gateway segment of the internal officers and employees who illegally connect to the commercial WLAN service, etc.
CHAPTER 1. Access Point Controller System Overview 1.3 APC Configuration and Functions 1.3.1 WEC8500 Configuration and Functions The Configuration and the purpose of each item of WEC8500 are as follows: Console port System LED Management port USB port 1G Optic port 10G Optic port Ground hole Power Module Figure 3. WEC8500 Interface-Front/Back System LED System LED indicates the various statuses of system. Each LED displays the following information. Figure 4.
CHAPTER 1. Access Point Controller System Overview LED module 2) Status Red Description Power is turned off or a fault occurred while the power module 2 is installed. Off Power module 2 is not installed. Console port (RS232C) A console port is used to check the operational status of WEC8500 or for input through the CLI.
CHAPTER 1. Access Point Controller System Overview Separate the electrical wiring of a switch or related devices and the electromagnetic area of network data line Cable or connector and safe connection without damaged cable sheath The 1000 BASE-T standard does not support the forced mode. The auto-negotiation function must be always used for 1000 BASE-T port or trunk connection.
CHAPTER 1. Access Point Controller System Overview Power module AC LED DC LED Power input Power connector switch Figure 7. Power module configuration Configuration item Description Power input connector Connector to connect the power cable to Power switch Switch to turn on/off power AC LED Turned on when there is a normal AC power input. DC LED Turned on when there is a normal DC power output. © SAMSUNG Electronics Co., Ltd.
CHAPTER 1. Access Point Controller System Overview 1.3.2 WEC8050 Configuration and Functions The configuration and the purpose of each item of WEC8050 are as follows: Status LED Ground hole Console Port Ethernet Port Power Figure 8. WEC8050 interface-Front/Back Status LED This LED indicates the various statuses of system. Each LED displays the following information. Figure 9.
CHAPTER 1. Access Point Controller System Overview Console port (RS232C) A console port is provided to check the operational status of WEC8050 or for input through the CLI. Its basic requirements are as follows: Default baud rate: 115200 bps Character size: 8 Characters Parity: None Stop bit: 1, Data bit: 8 Flow control: None Ethernet port It has 4 10/100/1000 Base-T ports. LINK LED ACT LED Figure 10.
CHAPTER 1. Access Point Controller System Overview 1.4 APC Application Configuration and Service Scenario 1.4.1 Basic Configuration To provide wireless connection service using a wireless LAN in the W-EP environment, the W-EP wireless LAN AP that helps a terminal connect to the network through wireless and an APC that controls the terminal are basically required.
CHAPTER 1. Access Point Controller System Overview The basic W-EP wireless LAN network configuration is a centralized structure where all the wireless user traffics go through tunneling between APC and W-EP wireless LAN AP. Therefore, the network information such as subnet information allocated to a wireless user depends on the configuration of backbone network where the APC is connected. This provides the following advantages during network configuration and setup. 1.4.
CHAPTER 1. Access Point Controller System Overview In this configuration, several APC s are used to minimize service disruption caused by a disconnected APC and to enhance service sustainability. Basically, two or more APC s must be installed in the same site for APC redundancy. The redundancy configuration includes active-active configuration, active-standby configuration, and many-to-one configuration. An operator can select a configuration based on the number of available APC s and redundancy level. 1.
CHAPTER 1. Access Point Controller System Overview 1.4.3.1 Configuration of Distributed Clustering Service The configuration of distributed clustering is to install each WEC8500 in a building or a local site according to its capacity. This option can be used when there is no integrated backbone configuration in a site or networks are separated for each building. It is suitable for a site where several buildings are apart from each other.
CHAPTER 1. Access Point Controller System Overview 1.4.3.2 Configuration of Centralized Clustering Service In the centralized cluster configuration, all the WEC8500s in a site are installed in the center. This is suitable when all the networks in a site are configured around the backbone. This option is suitable for a site where several buildings are close to each other or a large building where a seamless handover service is required using one or more WEC8500s.
CHAPTER 1. Access Point Controller System Overview 1.4.4 Configuration of Multiple Sites Consisting of Headquarter and Branches The W-EP wireless LAN network environment usually consists of one headquarter and several branches. In this case, there are two types of network configuration. Hierarchical type: A APC is installed in a branch as well as headquarter. Branch AP type: A APC is installed only in a headquarter and only a W-EP wireless LAN AP is installed in a branch.
CHAPTER 1. Access Point Controller System Overview If user traffics are concentrated on a single centralized APC when there are many branches or they are far from headquarter, performance may be deteriorated due to the time delay of packet transmission, etc. Therefore, use different operation schemes according to the location of W-EP wireless LAN AP in the configuration of headquarter and branches.
CHAPTER 1. Access Point Controller System Overview 1.5 NAT Configuration between AP and APC The APC system provides the same services even when the APC or AP is in a NAT environment. If the APC system is in a NAT environment and obtaining a public IP address is difficult, the APC can be configured to use a private IP address by enabling port mapping on the existing NAT equipment, so that it can provide services to APs on the public IP network and APs existing under other NAT networks.
CHAPTER 2. Basic System Configuration CHAPTER 2. Basic System Configuration In this chapter, the basic system configuration using web and Command Line Interface (CLI) is introduced and how to use CLI and Web UI is described. 2.1 Basic System Configuration 2.1.
CHAPTER 2. Basic System Configuration 2.1.2 Managing Operator Account An operator who has an administrator privilege (level 1) can create or delete a new operator account. When creating an account, specify the account’s privilege level (level 1-4). To set up operator account related functions, go to configure mode by executing the following command.
CHAPTER 2. Basic System Configuration 2.1.3 APC Management Port Configuration To connect to the APC remotely using telnet/SSH or web, it is necessary to set up an IP address to the management port. Set up the management port as follows: 1) Go to configure ‘mgmt0’ interface configuration mode of CLI. WEC8500# configure terminal WEC8500/configure# interface mgmt0 2) Set up an IP address. WEC8500/configure/interface mgmt0# ip address 100.100.100.
CHAPTER 2. Basic System Configuration A usage example is given below. WEC8500# show ? 80211a 80211bg 80211h access-list alarm ap ap-debug ... vap version vlan vqm vrrp wids wips wireless-acl-list wlan Display 802.11a network settings Display 802.11bg network settings Display 802.
CHAPTER 2. Basic System Configuration Command error When a command that is not supported by the system is entered, an error message is displayed. WEC8500# command-unknown ^ Error : Command ‘command-unknown’ does not exist When a parameter that is not supported by a command is entered, an error message according to the situation is displayed. WEC8500# configure test ^ % Invalid parameter (mandatory) Command modes When the ‘exit’ command is entered, the mode is changed to the upper command mode.
CHAPTER 2. Basic System Configuration 2.2 Using Web UI 2.2.1 Web UI Connection To use the WEC, i.e. Web UI of APC system, the IP address of ethernet port must be set up. When connecting to the IP address of APC ethernet port in a web browser, the below login window is displayed. Log in using a default connection account ‘samsung’. After the first login, you go through the course of changing the password.
CHAPTER 2. Basic System Configuration 2.2.2 WEC Main Window The WEC Main window consists of menu bar, sub-menus, and detail windows of each menu. Menu bar Sub-menu Figure 18. WEC Main Window Menu bar The menu bar consists of the following items: : Provides detail configuration or retrieval function for each item. When you select each item, lower menus in the sub-menus area are displayed. : Displays a user login ID. : Logs out from the WEC.
CHAPTER 2. Basic System Configuration 2.2.3 Managing Operator Account To add a operator account in Web UI, follow the below procedure. In the menu bar of , select and then select menu in the sub menu. The subtree shows the and menu items. Select . You can add or delete a operator account in the WEC. Figure 19. Operator Account Management Window 1) To add an account, click the button. Figure 20.
CHAPTER 2. Basic System Configuration 2.3 Initial Setup Wizard 2.3.1 Overview The initial setup wizard aims to finish the basic settings by guiding the settings required for the basic WLAN service in order when the APC is installed. It supports only the basic settings to operate the WLAN service and the settings which are additional or are not frequently used are not supported here. They must be made through the general WEC screen. 2.3.
CHAPTER 2. Basic System Configuration 2.3.3 How to Use If the access to the APC is made through the web browser, follow the login procedure as shown in ‘2.2.1 Web UI Connection’. After that, you can see the Welcome message by connecting to the wizard. Figure 21. Initial Setup Wizard Welcome Screen Press the Next button to move to the configuration step 1 and then start the basic settings. Press the Exit button to close the wizard and then move to the general WEC screen.
CHAPTER 2. Basic System Configuration : Show the current setup step and the whole setup step by being located on the top of the screen. When you hover the mouse over each number, it shows the name of the step and you can click to move to the step just before or after the current step. : When you press the Next button, you move to the next setup step and when you press the Prev button, you return to the previous setup step. : Press the Exit button to close the wizard and then move to the general WEC screen.
CHAPTER 2. Basic System Configuration 8) DNS: The APC gets DNS information from a DNS server and provides the DNS relay function that relays the DNS server and a client. If a DNS server is connected to the APC and a UE connected to the APC configures the DNS server as the APC, the DNS service can be received. 9) NTP: If the APC is configured as a NTP client, it receives the Coordinated Universal Time (UTC) information from the configured NTP server and synchronizes the local time.
CHAPTER 3. Data Network Function CHAPTER 3. Data Network Function In this chapter, how to set up the data network functions of APC including VLAN, link aggregation, and layer 3 protocol is described. 3.1 Port Configuration The APC port is configured with a physical interface. 3.1.1 Physical interface of 11 ports except WEC8500 console port Physical interface of 4 ports except WEC8050 console port Port management The WEC8500 Management port is used to manage the WEC8500.
CHAPTER 3. Data Network Function The port related CLI commands are as follows: [auto-nego, speed, duplex] The commands used to configure an auto-nego, speed, and duplex addresses are shown below. To delete the configuration, enter the ‘no’ parameter.
CHAPTER 3. Data Network Function Below is an example of port setting to enter the initial setup wizard upon the initial installation of WEC8050. WEC8500/configure/interface WEC8500/configure/interface WEC8500/configure/interface WEC8500/configure/interface ge1# ge1# ge1# ge1# no shutdown flowcontrol on no switchport ip address 192.168.1.2/24 Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus.
CHAPTER 3. Data Network Function [Port Configuration Change] 1) 2) In the Ports initial window, click the button to go to port configuration change window. In the port configuration change window, the auto-nego, speed, duplex, admin status, flow control, mtu size, switch port, or ip address, etc. can be configured. Figure 24. Port Configuration Change Window © SAMSUNG Electronics Co., Ltd.
CHAPTER 3. Data Network Function 3.2 Interface Configuration The WEC8500 interface consists of the following physical interface and virtual interface. Physical interface of 11 ports except console port 1024 virtual interfaces using VLAN There are two types of WEC8050 interface as shown below; physical interface and virtual interface. Physical interface of 4 ports except console port 128 virtual interfaces using VLAN 3.2.
CHAPTER 3. Data Network Function [ip address dhcp] This is a command that configures a dynamic IP address using DHCP. The ‘no’ parameter is used to delete the configuration. ip address dhcp no ip address dhcp [shutdown] This is a command that makes the interface not working. The ‘no’ parameter is used to restart the interface.
CHAPTER 3. Data Network Function 3) Perform detail configuration in the VLAN detail configuration window. If you specify PRIMARY DHCP SERVER or SECONDARY DHCP SERVER in the DHCP area, you can specify the configuration of a DHCP server. After configuration, click the button to apply it to the system. Figure 27. Interfaces Window (3) [Deleting VLAN] In the Interface initial window, click the button to delete a selected VLAN.
CHAPTER 3. Data Network Function 3.2.2 Managing Interface Group To use WLAN and other services, it is necessary to configure an interface into an interface group. Configuration using CLI An example of entering into the group configuration mode of ifg_01 interface is shown below. WEC8500# configure terminal WEC8500/configure# if-group ifg_01 Interface Group related commands are as follows: [Creating or Deleting Interface group] This command creates an interface group.
CHAPTER 3. Data Network Function Follow the below procedure to add an interface group. 1) In the Interface group initial window, click the button. 2) Enter information on GROUP NAME and GROUP DESCRIPTION and then add or delete an interface to or from an interface group. Figure 29. Interface Group Window (2) 3) Click the button to apply the configuration. © SAMSUNG Electronics Co., Ltd.
CHAPTER 3. Data Network Function 3.3 VLAN Configuration 3.3.1 VLAN Configuration using CLI To configure VLAN, go to the VLAN interface mode by executing the following command. WEC8500# configure terminal WEC8500/configure# interface vlan WEC8500/configure/interface vlan# The related command is shown below and the range of VLAN ID is 1-4094. [vlan bridge] This command creates VLAN. The ‘no’ parameter is used to delete VLAN.
CHAPTER 3. Data Network Function [switchport trunk allowed vlan] This command configures the mode of switch port to trunk. The ‘no’ parameter is used to delete the configuration. switchport trunk allowed vlan: Configure VLAN to the trunk mode. switchport trunk allowed vlan all: Configure all the VLANs to the trunk mode. switchport trunk allowed vlan none: Stops VLAN data transmission/reception. switchport trunk allowed vlan add [VLAN_ID]: Adds VLAN to the trunk mode.
CHAPTER 3. Data Network Function 3.3.2 Bridge To set up bridge related functions, go to configure mode by executing the following command WEC8500# configure terminal The bridge related commands are as follows: [bridge address] This command configures a bridge address. The ‘no’ parameter is used to clear the configuration. bridge 1 address [MAC] [forward/discard] [IFNAME] no bridge 1 address [MAC] [forward/discard] [IFNAME] Parameter Description MAC MAC address. Entered in the format of HHHH.
CHAPTER 3. Data Network Function Parameter Description - rstp: RSTP [clear mac address-table] This command deletes the filtering database of a default bridge.
CHAPTER 3. Data Network Function [show bridge] This command retrieves bridge information. show bridge [show interface switchport bridge] This command retrieves the bridge information, i.e. the layer 2 protocol characteristic information of the current VLAN, of a switch port. show interface switchport bridge [BRIDGE_NAME] Parameter Description BRIDGE_NAME Bridge name [switchport] This command configures a switch port, i.e. the layer 2 protocol characteristic information of the current VLAN.
CHAPTER 3. Data Network Function 3.3.3 Spanning Tree Configuration using CLI To set up spanning tree related functions, go to configure mode by executing the following command. WEC8500# configure terminal The related command is as follows. [bridge forward-time] This command configures the forward time of a bridge. The ‘no’ parameter is used for default configuration.
CHAPTER 3. Data Network Function [bridge max-age] This command configures the max-age of a bridge. The ‘no’ parameter is used for default configuration. bridge 1 max-age [MAXAGE] no bridge 1 max-age Parameter Description MAXAGE Configures a maximum time (range: 6-40 s) [bridge max-hops] This command configures the maximum allowed number of hops of a Bridge Protocol Data Unit (BPDU) bridge in the MST area. The ‘no’ parameter is used for default configuration.
CHAPTER 3. Data Network Function [bridge priority] This command configures the priority of a bridge. The ‘no’ parameter is used to delete a priority. bridge 1 priority [PRIORITY] no bridge 1 priority Parameter Description PRIORITY Bridge priority (range: 0-61440) [bridge shutdown] This command clears bridge settings. The ‘no’ parameter is used to restart a bridge.
CHAPTER 3. Data Network Function [Managing the MSTP VLAN instance] When you select the menu, the configured MSTP VLAN Instance list is displayed on the window. Click the or button to add or delete an instance. Figure 31. Spanning Tree Configuration Window (2) [Managing MSTP Port] When you select the menu, the configured MSTP Port list is displayed on the window. Click the or button to add or delete a port. Figure 32.
CHAPTER 3. Data Network Function 3.4 Layer 3 Protocol Configuration This provides the IP address configuration and static/dynamic routing configuration of an interface. The APC provides the Open Shortest Path First (OSPF) routing protocol. 3.4.1 IP Address Configuration The procedure for IP address configuration is given below. 1) Go to configure interface configuration mode of CLI. WEC8500# configure terminal WEC8500/configure# interface ge2 2) Set up an IP address.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The configured static route list is displayed on the window. When you click the or button, you can add or delete a static routing entry. Figure 33.
CHAPTER 3. Data Network Function 3.4.4 PIM Configuration The procedure for Protocol Independent Multicast (PIM) configuration is given below. 1) Go to configure interface configuration mode of CLI. WEC8500# configure terminal WEC8500/configure# interface ge2 2) Configure the PIM sparse mode to an interface. WEC8500/configure/interface ge2# ip pim sparse-mode 3) Check a configured PIM using the ‘show running-config network’ command.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The OSPF initial window is shown below. Figure 34. OSPF Configuration Window Click the button and configure the PROCESS ID to 1-10 in the below screen. Configuration using CLI 1) Go to configure ospf configuration mode of CLI.
CHAPTER 3.
CHAPTER 3. Data Network Function 5) CAPABILITY OPAQUE configuration Enter the capability opaque. WEC8500/configure/router/ospf opaque WEC8500/configure/router/ospf WEC8500/configure/router/ospf 6) Description Capability opaque Enabled when the CLI is entered. COMPATIBLE RFC configuration Enter the compatible rfc1583. 2# compatible ? Compatible with RFC 1583 2# compatible rfc1583 ? 2# compatible rfc1583 Parameter Description compatible rfc1583 Enabled when the CLI is entered.
CHAPTER 3. Data Network Function 9) MAXIMUM AREA configuration Enter the DEFAULT METRIC (1-4294967294) to use. WEC8500/configure/router/ospf 1 - 4294967294 WEC8500/configure/router/ospf WEC8500/configure/router/ospf 2# maximum-area ? Area limit 2# maximum-area 3 ? 2# maximum-area 3 10) SPF TIMER (MILLISECONDS) configuration Configure the SPF TIMER (MILLISECONDS) value.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Click a PROCESS ID that user wants to configure. The OSPF configuration window is shown below. Use the value configured in ‘Configuration using CLI’ as a user-defined value in the below screen. The value configured in ‘Configuration using CLI’ is shown in the below screen. © SAMSUNG Electronics Co.
CHAPTER 3. Data Network Function 3.4.5.
CHAPTER 3. Data Network Function 4) Configuration of default-information METRIC-TYPE Configure the OSPF metric-type (1/2) value. WEC8500/configure/router/ospf type ? 1 2 WEC8500/configure/router/ospf type 1 ? 5) 2# default-information originate metricSet OSPF External Type 1 metrics Set OSPF External Type 2 metrics 2# default-information originate metric- Configuration of default-information ROUTE MAP Enter the name of pointer to route-map entries.
CHAPTER 3. Data Network Function 3.4.5.3 Distance Configuration of General Settings Configuration using CLI 1) Detail configuration of OSPF distance WEC8500/configure/router/ospf 2# distance ? admin ospf 2) OSPF Administrative distance OSPF Distance Distance admin configuration Enter the OSPF Admin distance value.
CHAPTER 3. Data Network Function 4) Configuration of INTER-AREA distance ospf Enter the OSPF INTER-AREA distance value. WEC8500/configure/router/ospf 2# distance ospf inter-area ? 1 - 255 <1-255> Distance for external/interarea/intra-area routes WEC8500/configure/router/ospf 2# distance ospf inter-area 50 ? WEC8500/configure/router/ospf 2# distance ospf inter-area 50 WEC8500/configure/router/ospf 2# 5) Configuration of INTRA-AREA distance ospf Enter the OSPF INTRA-AREA distance value.
CHAPTER 3. Data Network Function 3.4.5.4 Overflow Configuration of General Settings Configuration using CLI 1) Detail configuration of OSPF overflow WEC8500/configure/router/ospf 2# overflow ? database Database WEC8500/configure/router/ospf 2# overflow database ? external External link states 0 - 4294967294 Maximum number of LSAs WEC8500/configure/router/ospf 2# overflow database 2) Overflow external configuration Enter the maximum number of LSAs and time to recover (0 not recover) value.
CHAPTER 3. Data Network Function WEC8500/configure/router/ospf hard exceed soft exceed WEC8500/configure/router/ospf WEC8500/configure/router/ospf 2# overflow database 100 ? Hard limit; Instance will be shutdown if Soft limit; Warning will be given if 2# overflow database 100 hard ? 2# overflow database 100 hard Enter the maximum number of LSAs and soft limit value.
CHAPTER 3. Data Network Function 3.4.5.5 Network Configuration Configuration using CLI Go to configure ospf configuration mode of CLI.
CHAPTER 3. Data Network Function 3.4.5.6 Configuration of Network Details Configuration using CLI 1) Go to configure ospf configuration mode of CLI. WEC8500# configure terminal WEC8500/configure# router ospf WEC8500/configure# router ospf ? 1 - 10 OSPF process ID 2) Network configuration Configure the ADDRESS, NETMASK, and AREA ID of a user-defined network. WEC8500/configure/router/ospf A.B.C.D A.B.C.D/M WEC8500/configure/router/ospf A.B.C.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Enter the NETWORK ADDRESS, NETMASK, and AREA ID and click the button. 3.4.5.7 Redistribute Configuration Configuration using CLI Go to configure ospf configuration mode of CLI.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The OSPF Redistribute initial window is shown below. Configuration using CLI 1) Connected configuration The metric, metric-type, route-map, tag detail setting and default setting can be configured.
CHAPTER 3. Data Network Function 3) Parameter Description metric Enter a value from 1-16777214. Metric-type configuration WEC8500/configure/router/ospf 1 2 WEC8500/configure/router/ospf 1 ? WEC8500/configure/router/ospf 4) 2# redistribute connected metric-type ? Set OSPF External Type 1 metrics Set OSPF External Type 2 metrics 2# redistribute connected metric-type 2# redistribute connected metric-type 1 Parameter Description metric-type Select 1 or 2.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. After configuring Redistribute default, select a PROCESS ID for detail configuration. Configuring Redistribute details Configure the details of metric, metric-type, route-map, or tag, etc. which is configured in CLI. © SAMSUNG Electronics Co., Ltd.
CHAPTER 3. Data Network Function 3.4.5.8 AREA Configuration The Area configuration includes Stub, Not So Stubby Areas (NSSA), Virtual-Link, Range, or Detail. 1) Stub configuration Configuration using CLI WEC8500/configure/router/ospf no-summary stub WEC8500/configure/router/ospf WEC8500/configure/router/ospf 2# area 1 stub ? Do not inject inter-area routes into 2# area 1 stub no-summary ? 2# area 1 stub no-summary Parameter Description no-summary Select Stub or No Summary.
CHAPTER 3. Data Network Function 2) NSSA configuration Configuration using CLI WEC8500/configure/router/ospf 2# area 1 nssa ? default-information-originate Originate Type 7 default into NSSA area no-redistribution no-summary translator-role No redistribution into this NSSA area Do not send summary LSA into NSSA NSSA-ABR Translator role default-information-originate configuration CLI of NSSA The metric, metric-type, no-redistribution, no-summary, or translator-role details can be configured.
CHAPTER 3. Data Network Function Metric-type configuration of NSSA default-information-originate WEC8500/configure/router/ospf 1# area 2 nssa default-informationoriginate metric-type ? 1 - 2 OSPF Link State type WEC8500/configure/router/ospf 1# area 2 nssa default-informationoriginate metric-type 2 WEC8500/configure/router/ospf 1# Parameter Description OSPF metric-type Select 1 or 2.
CHAPTER 3.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The default window is shown below. The default configuration screen is shown below. The NSSA window screen is shown as below after detail configuration is completed. If you select a Process ID after NSSA default configuration, operator can do detail configuration. © SAMSUNG Electronics Co.
CHAPTER 3. Data Network Function 3) Virtual-Link configuration Configuration using CLI WEC8500/configure/router/ospf authentication default-cost or stub area filter-list nssa range (border routers only) shortcut stub virtual-link WEC8500/configure/router/ospf A.B.C.
CHAPTER 3. Data Network Function WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.1 authentication-key ? Authentication key (8 chars) WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.1 authentication-key aaaaaaaa WEC8500/configure/router/ospf 2# Dead-interval configuration The default value of dead-interval is 4 times of hello-interval. Because the default hellointerval is configured to 10 sec., the dead-interval will be 40 seconds if the hello-interval is not configured.
CHAPTER 3. Data Network Function WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.1 message-digest-key 2 md5 ? Authentication key (16 chars) WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.1 message-digest-key 2 md5 b WEC8500/configure/router/ospf 2# Retransmit-interval configuration The default retransmit-interval is 5 seconds. In addition, operator can change it to a value between 1 second and 65535 seconds. WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.
CHAPTER 3. Data Network Function Unlike other configurations, there are two tabs at the top; General page and Authentication page. Start configuration in the General page for the basic configuration of Virtual-Link. In the default configuration page, configure PROCESS ID, AREA ID, or LINK ID. For detail configuration, select a PROCESS ID you want. Operator can do detail configuration for an item you select. The detail configuration page is shown below.
CHAPTER 3. Data Network Function Click the
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The configuration page is as follows: 5) Detail configuration Configuration using CLI This is additional explanations for Area. Operator can configure authentication, default-cost, or shortcut.
CHAPTER 3. Data Network Function Default-cost configuration Configure a value between 0 and 1677215 as a default-cost. However, operator can configure the default-cost value in AREA ID whether a stub or NSSA is configured. If you try to configure the default-cost in an ID where neither the two items are configured, the following error phrase is displayed.
CHAPTER 3. Data Network Function 3.4.5.9 Summary Configuration Configuration using CLI WEC8500/configure/router/ospf A.B.C.D/M WEC8500/configure/router/ospf not-advertise tag 2# summary-address ? IP summary prefix 2# summary-address 1.1.1.1/16 ? Suppress routes that match the prefix Set tag WEC8500/configure/router/ospf 2# summary-address 1.1.1.1/16 WEC8500/configure/router/ospf 2# Parameter Description summary-address A.B.C.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The configuration page is as follows: After default configuration, select a PROCESS ID for detail configuration. The detail configuration includes advertise and TAG configuration mentioned in the CLI. Unlike CLI, there is no no-advertise. A user can change the default Enable to Disable. 3.4.5.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The configuration page is as follows: After selecting a PROCESS ID that a user will use, select an interface to apply. Among the interface items displayed on the screen, configure the interface that a user wants. 3.4.5.
CHAPTER 3.
CHAPTER 3. Data Network Function point-to-point Specify OSPF point-to-point network point-to-multipoint Specify OSPF point-to-multipoint network WEC8500/configure/interface ge2# ip ospf network Authentication configuration This is CLI that selects whether to use user authentication.
CHAPTER 3. Data Network Function WEC8500/configure/interface ge2# ip ospf dead-interval 30 ? WEC8500/configure/interface ge2# ip ospf dead-interval 30 Hello-interval configuration The default hello-interval is 10 seconds. In addition, operator can change it to a value between 1 second and 65535 seconds.
CHAPTER 3. Data Network Function PRIORITY configuration The default OSPF Priority value is 1. A user can configure the priority between 1 and 255. WEC8500/configure/interface ge2# ip ospf priority ? 0 - 255 Priority WEC8500/configure/interface ge2# ip ospf priority 2 Configuration using Web UI In the menu bar of , select and then select the menu in the submenus.
CHAPTER 3. Data Network Function The detail item configuration page is as follows: When you select the name of an enabled interface, the below detail item configuration page is displayed. After entering a value that a user wants for the item configured in the above CLI, click the button. Authentication configuration Just as General configuration, click the Authentication configuration in the tab. Then, the page for authentication related detail configuration is displayed as shown below.
CHAPTER 3. Data Network Function 3.4.6 VRRP Configuration The Virtual Router Redundancy Protocol (VRRP) is an Internet protocol that provides the backup router operation method in a LAN. If a fault occurs with a router that transmits a packet from a host in a LAN, decide a virtual IP address in a DHCP manually or by default by using a virtual router fault recovery protocol and share it among routers.
CHAPTER 3. Data Network Function [preempt-delay] This command configures the preempt delay time. preempt-delay [DELAY_TIME] Parameter Description DELAY_TIME Preempt delay time (range: 0-3600 s) [preempt-mode] This command configures whether to use the preempt mode. preempt-mode [MODE] Parameter MODE Description - true: Use the preempt mode - false: Stop using the preempt mode. [priority] This command configures a priority.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The VRRP menu provides two sub menus, i.e. Operation and Circuit Failover. [Operation] When you click the / button, you can Enable or disable VRRP. In addition, when you click the or button, you can add or delete VRRP configuration. Figure 35.
CHAPTER 3. Data Network Function 3.4.7 Configuring IPWATCHD The IP WATCH Deamon (IPWATCHD) provides the function of detecting active or passive IP collision. Regardless of IP collision attacker or victim, the information including source ip/mac is transmitted as an evm fault event when the IP collision occurs. At the collision time, the Gratuitous Address Resolution Protocol (GARP) reply is transmitted 3 times to the unicast at every 1 second.
CHAPTER 3. Data Network Function 3.5 QoS The Access Control List (ACL) allows or blocks a specific network traffic based on an operator’s configuration. The APC provides QoS using ACL. 3.5.1 ACL Configuration 3.5.1.1 Access List Configuration You can create or delete an access list for ACL configuration. To delete an access list, an operator can enter the name of an access list directly or enter a command by copying a value retrieved from the ‘show running-config network’.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The initial window of ACL rule configuration is shown below. When you click the or button, you can add or delete ACL rule. Figure 39. ACL Configuration Window To change the configuration of ACL rule, click ACL NAME to change.
CHAPTER 3. Data Network Function Parameter Description ACL_NAME ACL name to configure An example of entering a command that configures ‘acl1’ to the ‘ge2’ interface is shown below. APC# configure terminal APC/configure# interface ge2 APC/configure/interface ge2#ip access-group fqm in acl1 3) To check the configuration information, use the ‘show running-config network’ command.
CHAPTER 3. Data Network Function 3.5.1.3 1) WLAN ACL Configuration Go to the fqm mode to configure the configure ACL rule of CLI. APC# configure terminal APC/configure# fqm-mode 2) Configure WLAN ACL by entering the ‘ip access-group wireless’ command. ip access-group wireless [ACL_NAME] Parameter Description ACL_NAME ACL name to configure 3) To check the configuration information, use the ‘show running-config network’ command. 3.5.1.
CHAPTER 3. Data Network Function Figure 43. Admin ACL Configuration Window 3.5.2 Class-map Configuration Go to the fqm mode to configure the configure ACL rule of CLI. 1) APC# configure terminal APC/configure# fqm-mode 2) Go to Class-map mode. class-map c1 3) Select match-all or match-any. match-type [MODE] 4) Parameter Description MODE Match mode configuration (match-all/match-any) Perform detail configuration according to match criteria.
CHAPTER 3. Data Network Function 3.5.3 Policy-map Configuration 1) Go to the fqm mode to configure the configure ACL rule of CLI. APC# configure terminal APC/configure# fqm-mode 2) Go to policy-map mode. To delete a policy map, enter ‘no’ parameter in front of the command. policy-map [POLICY_MAP_NAME] no policy-map [POLICY_MAP_NAME] 3) By using the class name configured in the class-map, go to the input mode. class [CLASSMAP_NAME] 4) Configure a policy-map using the following command.
CHAPTER 3. Data Network Function 3.5.4 Service Policy Configuration Apply the policy configured in the policy-map to an interface. 1) Go to configure interface configuring mode to apply the service policy of CLI. APC# configure terminal APC/configure# interface ge2 APC/configure/interface ge2# 2) Apply the policy configured in the policy-map to an interface. The ‘no’ parameter is used to delete the policy.
CHAPTER 3. Data Network Function 3.5.5 Time Profile The procedure of configuring a time profile and applying it to ACL is described. 3.5.5.1 Time Profile Configuration Configuration using CLI 1) Go to configure of CLI fqm mode. APC# configure terminal APC/configure# fqm-mode 2) Configure a time profile. The ‘no’ parameter is used to delete a time profile.
CHAPTER 3. Data Network Function Select an item in the list and perform detail configuration. Figure 45. Time Profile Configuration Window (2) After finishing configuration in the window, click the button to apply it to the system. 3.5.5.2 Applying to ACL Configuration using CLI 1) Go to the fqm mode to configure the configure ACL rule of CLI. APC# configure terminal APC/configure# fqm-mode 2) Apply a time-profile to ACL. The ‘no’ parameter is used to delete a time profile.
CHAPTER 3. Data Network Function Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. To change the configuration of ACL rule, click ACLNAME to change. You can change the configuration using the or button. In addition, if there is a time profile in an ACL name, the IP ACL window is changed as shown below.
CHAPTER 3. Data Network Function 3.5.6 OS-AWARE OS-AWARE is a function to use the option value of the DHCP Discover/Request transmitted from a station to check the type of the operating system used by the station. The procedures to set OS-AWARE and apply the OS-AWARE settings to ACL are described below. 3.5.6.1 OS-AWARE Configuration Configuration using CLI 1) Go to configure os-aware mode of CLI.
CHAPTER 3. Data Network Function os-aware ‘window7’ modification: APC# configure terminal APC/configure# os-aware APC/configure/os-aware # os-aware window7 seq 8 dhcp-option 2 eq FF os-type windows os-aware ‘window7’ deletion: APC# configure terminal APC/configure# os-aware APC/configure/os-aware # no os-aware window7 3) Check the settings by using the ‘show OS-AWARE-all’ or ‘show OS-AWARE[OS_AWARE NAME]’ commands.
CHAPTER 3. Data Network Function Parameter Description OS_AWARE NAME os-aware name to configure An example of applying ‘window7’ to ‘acl’ is as follows. APC# configure terminal APC/configure# fqm-mode access-list ip acl1 permit seq 1 icmp any any os-aware window7 3) To check the configuration information, use the ‘show running-config network’ command. © SAMSUNG Electronics Co., Ltd.
CHAPTER 3. Data Network Function 3.6 Multicast to Unicast Execute the ‘show multi2uni-list’ command to check the list of wireless terminals that use the multicast to unicast function. 3.7 IP Multicast Configuration 3.7.1 IP Multicast Routing Configuration Configuration using CLI 1) Go to configure mode of CLI. WEC8500# configure terminal 2) Enable or disable the routing function for IP multicast.
CHAPTER 3. Data Network Function 2) Perform PIM configuration. ip pim sparse-mode: Enable no ip pim sparse-mode: Disable Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. When you click the or button, you can add or delete PIM-SM configuration. Figure 48. PIM-SM Configuration Window (1) Follow the below procedure to add a PIM.
CHAPTER 3. Data Network Function 3) Select an interface to add. Figure 50. PIM-SM Configuration Window (3) 4) The selected interface is displayed on the window. Click the button to apply the configuration. Figure 51. PIM-SM Configuration Window (4) © SAMSUNG Electronics Co., Ltd.
CHAPTER 3. Data Network Function 3.8 IGMP Snooping Configuration using CLI Use the ‘ip igmp snooping’ command to enable or disable Internet Group Management Protocol (IGMP) Snooping. ip igmp snooping no ip igmp snooping When this command is executed in the Configure mode, the IGMP Snooping of a bridge is enabled or disabled. If it is executed in the interface mode, the IGMP Snooping of an interface is enabled or disabled.
CHAPTER 3. Data Network Function [ip igmp snooping mroute] This command enables or disables the Mroute function. ip igmp snooping mroute [INTERFACE] no ip igmp snooping mroute [INTERFACE] Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. [Config] Enables or disables the IGMP Snooping function or configures related functions.
CHAPTER 3. Data Network Function 2) Click the
CHAPTER 3. Data Network Function 3.9 Deep Packet Inspection It supports QoS by application. It may allow drop, bandwidth contract, and DSCP marking and it provides statistics by detailed category. The application of DPI in a unit of WLAN is possible and it also provides a monitoring function. 3.9.1 Configuring Profile and Application Rule A profile is a set of application rules and each rule includes the QoS settings of the application. The profile must set at least one application rule.
CHAPTER 3. Data Network Function Parameter Description NAME Profile name ID WLAN ID 3.9.2 Configuring Application Group Possible to configure one or more applications as a group. Configuration using CLI 1) Enter the DPI Configuration mode. APC# configure terminal APC/configure# dpi APC/configure/dpi# 2) Make a group and add an application.
CHAPTER 3.
CHAPTER 3.
CHAPTER 3. Data Network Function 3 packets | Downstream Byte ............................ 193 bytes | Upstream Packet Drop Count ................. 0 packets | Upstream Drop Byte ......................... 0 bytes | Downstream Packet Drop Count ............... 0 packets | Downstream Drop Byte ....................... 0 bytes | | Top 10 Stations |----1----2---3----4----5----6----7----8----9---|% | 1. 00:12:47:F3:CF:A4 100.
CHAPTER 3. Data Network Function 5) Parameter Description ID WLAN ID Check the statistical information on all stations. APC# show dpi stat station 6) Check the statistical information on specific stations. APC# show dpi stat station [MAC] 7) 파라미터 설명 MAC Station MAC Check the statistical information on all device-os-types. APC# show dpi stat device-os-type 8) Check the statistical information on specific device-os-types.
CHAPTER 4. AP Connection Management CHAPTER 4. AP Connection Management This chapter describes the various configuration methods to manage the connection between the APC and AP. 4.1 APC Management 4.1.1 Managing APC List To enable the APC system to provide the cluster or redundancy service, several APC systems must be installed at a site and each APC must have the information of other APC systems.
CHAPTER 4. AP Connection Management Configuration using CLI The procedures for configuration are as follows. 1) Go to configure mode of CLI. WEC8500# configure terminal WEC8500/configure# apc WEC8500/configure/apc/apc-list# 2) Go to the apc-list item of CLI. WEC8500/configure# apc WEC8500/configure/apc/apc-list# 3) Add, delete or change APC.
CHAPTER 4. AP Connection Management 4.1.2 Management Interface Configuration The APC can communicate with a W-EP wireless LAN AP using management interface. This is one of the information that must be configured first of all for wireless LAN service. Configuration using CLI To configure management interface, execute the command as follows: 1) Go to configure mode of CLI. WEC8500# configure terminal WEC8500/configure# 2) Configure a management interface.
CHAPTER 4. AP Connection Management 4.1.3 CAPWAP Configuration A secured tunnel is created between APC and W-EP wireless LAN AP using Control And Provisioning Wireless Access Point (CAPWAP), i.e. a standard protocol, and data is transmitted through the tunnel. An encrypted data is used for both wire and wireless sections, high security is provided. The CAPWAP channel consists of control channel and data channel depending on the type of packet being transmitted/received.
CHAPTER 4. AP Connection Management discovery-by-multicast: Configures whether to allow connection to CAPWAP multicast. (The ‘add-multicast-if’ must be configured before configuring whether to allow multicast connection.) discovery-del-timer: If the Join message is not received after receiving a Discovery message, this configures the timeout to discard the previously received Discovery messages.
CHAPTER 4. AP Connection Management 4.1.4 AP Registration (Auto Discovery) Configuration The APC provides the AP auto-discovery function that automatically registers APs in the same network without having to configure any settings in advance. To configure the function, execute the following commands. Configuration using CLI 1) Go to configure apc capwap of CLI.
CHAPTER 4. AP Connection Management 4.1.5 Managing AP File Transmission It provides the configuration and transmission management function for the tech support file of the AP. 4.1.5.1 1) Tech Support Information File Go to configure APC mode of CLI. WEC8500# configure terminal WEC8500/configure# apc WEC8500/configure/apc# 2) Configure a file transmission method to collect the AP Tech support information.
CHAPTER 4. AP Connection Management Operator can also configure fallback to return to the original APC from the backup APC during the service. If the fallback operation is configured, the AP periodically performs health check to check whether the primary APC can be connected. When the connection is required, it can immediately perform fallback according to the fallback option or can perform fallback on a specified time.
CHAPTER 4. AP Connection Management Parameter PORT Description CAPWAP PORT number of the APC to add This port number is required by an AP to connect to the APC. If no port number is entered, it is set to 5246, the default port number of CAPWAP protocol. It is recommended not to use a different port number if it is specially required. FALLBACK START- Enter the time zone where an AP connected to the backup (secondary or END TIME tertiary) APC can do fallback.
CHAPTER 4. AP Connection Management 4) To check the configured apc list, execute the ‘show apc summary’ command. 5) To check the redundancy information, execute the ‘show redundancy summary’ command. 6) To check the configured AP profile, execute the ‘show ap detail [AP_PROFILE_ NAME]’ command. Configuration using Web UI By referring to the ‘APC List Management’, add the APC list that will be used as a backup APC.
CHAPTER 4. AP Connection Management Parameter Description CAPWAP protocol. It is recommended not to use a different port number if it is specially required. PUBLIC_IP_ADD PUBLIC IP address of the APC to add RESS This address is an IP required by an AP to connect to the APC. If the APC is in the NAT environment, you must enter an official IP configured in the NAT instead of the private IP of APC.
CHAPTER 4. AP Connection Management Figure 62. AP redundancy Configuration Window Parameter APC_NAME Description Enter the name of an APC registered to redundancy. - Primary apc: The first APC that the AP attempts to connect. It is usually configured with the currently connected APC. - Secondary-apc, tertiary-apc: APC that the AP attempts to connect when there is no response from the primary-apc. DISCOVERY_TYPE Discovery Type - ap-followed: Discovery type is set by AP.
CHAPTER 4. AP Connection Management 4.2 AP Management 4.2.1 AP Group Configuration The APC manages the services provided to the AP by group. An operator can add or delete several APs to/from a group. It is also possible to add/remove WLANs to/from an AP group so that the same WLAN services can be provided for each group. When the APC is installed for the first time, a ‘default’ group is created. When the AP information is created first time, the AP is automatically added to the ‘default’ group.
CHAPTER 4. AP Connection Management Configuration using CLI To manage an AP group, execute the command as follows. 1) Go to configure mode of CLI. WEC8500# configure terminal WEC8500/configure# 2) Create or delete an AP group. Use ‘no’ parameter in front of the command to delete an AP group. ap-group [AP_GROUP_NAME] no ap-group [AP_GROUP_NAME] 3) Add or delete an AP to or from the AP group. Use ‘no’ parameter in front of the command to delete an AP from the AP group.
CHAPTER 4. AP Connection Management 4.2.1.1 General AP Group Settings To aid management of APs in groups, the APC allows configuration of settings which can be applied commonly to each group. The following functions are provided: Parameter Description Description This configures the description of the AP group. AP Mode This configures the operation mode of the AP. The operator can select General AP, Root AP, or Repeater AP. Location This configures the installation location information of the AP.
CHAPTER 4. AP Connection Management overwrite-ip-mode no overwrite-ip-mode ip-mode overwrite-state no overwrite-state shutdown no shutdown no overwrite-redundancy discovery primary-apc no primary-apc secondary-apc no secondary-apc tertiary-apc no tertiary-apc Parameter Description DESCRIPTION This contains a brief description of the AP group.
CHAPTER 4. AP Connection Management Parameter Description AP are used. - apc-referral: The APC list configured for the APC is used as the discovery list. - DHCP: The APC list information relayed by DHCP option 138 (IPv4) or option 52 (IPv6) is used as the discovery list. - auto: Discovery type is automatically changed by the AP for automatic connection to the APC. PRIMARY-APC This is the name of the primary APC server. The AP attempts to connect to this APC first.
CHAPTER 4. AP Connection Management 4.2.1.2 Adding/Removing APs To aid management of APs in groups, the APC allows addition/removal of APs to/from AP groups. Configuration using CLI 1) Go to configure mode of CLI. WEC8500# configure terminal WEC8500/configure# 2) Create an AP group or enter the AP group configuration mode. ap-group [AP_GROUP_NAME] 3) Add/remove an AP to/from the AP group. Use ‘no’ parameter in front of the command to delete an AP from the AP group.
CHAPTER 4. AP Connection Management Configuration using Web UI In the menu bar of , select , select in the submenu, and then select an AP group to configure. Under the ‘APs’ tab of the AP group, APs can be added or removed. Figure 66. AP Add/Remove Window for AP Group 4.2.1.3 Adding/Removing WLANs To allows the same WLAN services to be provided to the APs allocated to each group, the APC allows addition/removal of WLANs to/from each AP group.
CHAPTER 4. AP Connection Management 4) Use the ‘show ap-group summary’ command to check the AP group information. Configuration using Web UI In the menu bar of , select , select in the submenu, and then select an AP group to configure. Under the ‘WLANs’ tab of the AP group, WLANs can be added or removed. Figure 67. WLAN Add/Remove Window for AP Group © SAMSUNG Electronics Co., Ltd.
CHAPTER 4. AP Connection Management 4.2.1.4 802.11a/n Configuration Configuration using Web UI In the menu bar of , select , select in the submenu, and then select an AP group to configure. Settings can be configured under the ‘802.11a/n’ tab of the AP group. Figure 68. 802.11a/n Window for AP Group The configuration items are as follows: [Service Configuration of AP Group] SERVICE: Enable or disable the radio service.
CHAPTER 4. AP Connection Management 4.2.1.5 802.11b/g/n Configuration Configuration using Web UI In the menu bar of , select , select in the submenu, and then select an AP group to configure. Settings can be configured under the ‘802.11b/g/n’ tab of the AP group. Figure 69. 802.11b/g/n Window for AP Group The configuration items are as follows: [Service Configuration of AP Group] SERVICE: Enable or disable the radio service.
CHAPTER 4. AP Connection Management 4.2.1.6 Advanced Configuration In order to provide the same services to the APs allocated to each group, the APC allows configuration of advanced settings for each AP group. Configuring AP Group Profile with CLI 1) Go to configure mode of CLI. WEC8500# configure terminal WEC8500/configure# 2) 3) Create an AP group or enter the AP group configuration mode. ap-group [AP_GROUP_NAME] Enter the profile configuration mode for the AP group.
CHAPTER 4.
CHAPTER 4. AP Connection Management Parameter Description double the length of echo-interval as the echo timeout time. If no echo message is received from the AP for as long as double the length of the echo-interval, the APC judges that the AP is down (unit: seconds). OVERWRITE-TELNET-SSH If overwrite-telnet-ssh is enabled, the telnet and SSH settings for the AP group are applied to all APs within the group. TELNET-ENABLE This enables the telnet server and configures telnet port of the AP.
CHAPTER 4. AP Connection Management Parameter Description TEMPERATURE-ALARM- If the temperature alarm occurs, whether the radio of the AP is CONTROL-TYPE set to be off or on. OVERWRITE-LINK- If the overwrite-link-aggregation is activated, the link aggregation AGGREGATION information set in the AP group is applied to all APs in the group. LINK-AGGREGATION In case of an AP model for 802.11ac, provide two uplink Ethernet ports. Possible to set link aggregation for two Ethernet ports.
CHAPTER 4.
CHAPTER 4. AP Connection Management Value of station roam delta WEC8500# 15 Configuration using Web UI In the menu bar of , select , select in the submenu, and then select an AP group to configure. Advanced settings and AirMove settings of the AP group can be changed under the ‘Advanced’ tab of AP Group. Figure 70. Advanced Configuration Window for AP Group © SAMSUNG Electronics Co., Ltd.
CHAPTER 4. AP Connection Management 4.2.2 Configuring Remote AP Group If the APs are located in an area where the APC is not located, those APs must be classified into a separate group for service. The APC can manage the APs in another area by grouping them into a remote AP group. In the Remote AP group, the operator can configure the below information and the APs in the Remote AP group are operating based on the same configuration.
CHAPTER 4. AP Connection Management 3) Designate remote AP group properties to the AP group. group-type remote 4) When the remote AP group is deleted, use the 'no' parameter in front of the ap-group command to delete the remote AP group. no ap-group[REMOTE_AP_GROUP_NAME] Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Click the or button to add or delete a group. Figure 71.
CHAPTER 4. AP Connection Management no remote secondary-radius[RADIUS_SERVER_INDEX] remote tertiary-radius[RADIUS_SERVER_INDEX] no remote tertiary-radius[RADIUS_SERVER_INDEX] 3) Add or delete users (stations) connecting to the remote AP. add-user [USER NAME] no add-user [USER NAME] 4) Execute the ‘show remote-ap-group detail [REMOTE AP GROUP NAME]’ command to check the AP group information.
CHAPTER 4. AP Connection Management 4.2.2.3 Role-based Access Control Configuration of Remote AP Group Explanation on the configuration of the role based access control of the remote AP group is separately made in the “Role Based Access Control” chapter. 4.2.2.4 Configuring Tunneling Forwarding of Remote AP Group Possible to configure the split ACL to a WLAN set with tunneling among WLANs included in the remote AP group.
CHAPTER 4. AP Connection Management Figure 73. Window for Configuring Tunneling Forwarding of Remote AP Group 4.2.2.5 Configuring Local Bridging Forwarding of Remote AP Group You can configure the VLAN ID, ACL, and PreAuth ACL to a WLAN set with local bridging among WLANs included in the remote AP group. Configuration using CLI To configure the local bridging forwarding of the remote AP group, perform the command as follows: 1) Go to configure Remote AP Group configuration mode of CLI.
CHAPTER 4. AP Connection Management 4) Use the ‘send-remote-acl-to-ap profile-only’ command to send the ACL Profile information of the remote AP group to APs. 5) Use the ‘send-remote-acl-to-ap all’ command to send the information on the ACL Profile, Tunneling Forwarding and Local Bridging Forwarding of the remote AP group to APs. Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus.
CHAPTER 4. AP Connection Management 4.2.3 AP Time Synchronization per Group The AP can configure its time information using either the time stamp method or the NTP method. In the Time Stamp type, the APC periodically transmits the time of APC to an AP and the AP is operating based on the received time. Unless a user changes the configuration, the default is Time Stamp type and the interval is set to 7200 seconds (2 hours).
CHAPTER 4. AP Connection Management add-ntp [NTP_SERVER_ADDRESS] no add-ntp [NTP_SERVER_ADDRESS] ntp-interval [NUMBER] 3) Configure the method of transmitting the time information to an AP as ‘ntp’. mode ntp 4) Use the ‘show apc ap-time-config’ command to check the configured information.
CHAPTER 4. AP Connection Management 4.2.4 AP Configuration The management interface of APC must be configured for the connection between APC and W-EP AP. 4.2.4.1 Configuring MAC address Configuration using CLI To configure AP information, execute the command as follows: 1) Go to configure AP configuration mode of CLI.
CHAPTER 4. AP Connection Management 4.2.4.2 Configuring AP Profile Configuration using CLI To configure an AP profile configuration, execute the command as follows: 1) Go to configure AP configuration AP profile mode of CLI. WEC8500# configure terminal WEC8500/configure# ap ap_1 WEC8500/configure/ap ap_1# profile WEC8500/configure/ap ap_1/profile# 2) Configure the profile of an AP using the below command. name [STRING]: Configures the name of an AP.
CHAPTER 4. AP Connection Management edge-ap: Configures whether to enable the Edge AP function. edge-ap-opmode: Smart Handover is enabled as operation mode of the edge AP. In RSSI mode, handover is determined by looking up the RSSI value. In Force mode, handover is performed by force. edge-ap-threshold: Configures a threshold value for performing smart handover at the edge AP (range: -60 to -100 dBm, default: -80 dBm).
CHAPTER 4. AP Connection Management ssh-enable: Configures whether to enable the SSH server of an AP. static-ip [IP_ADDRESS] [NETMASK] [GATEWAY]: Configures the static IP address of an AP. statistics-timer [TIMER]: Configures the time interval of transmitting the statistics information provided by CAPWAP (unit: seconds) telnet-enable: Configures whether to enable the telnet server of an AP. time-config: Configure the timezone per AP.
CHAPTER 4. AP Connection Management Ethernet ports. Possible to set link aggregation for two Ethernet ports. If link aggregation is activated, possible to set the following mode: - Both (Destination + Source) - Destination - Source 3) To check the information of a configured AP profile, use the ‘show ap detail [AP_NAME]’ command. Configuration using Web UI In the menu bar of , select and then select the AP selection menu in the sub-menus.
CHAPTER 4. AP Connection Management MAP LOCATION LOCATION: Information of location where an AP is installed IP ADDRESS: IP address of AP IP ADDRESS POLICY: IP address mode DISCOVERY TYPE: AP discovery type ADMIN STATUS: AP administrative status OPER STATUS: Current AP operational status PRIMARY CONTROLLER NAME, SECONDARY CONTROLLER NAME, TERTIARY CONTROLLER NAME: Redundancy mode For WEC8050, the TERTIARY CONTROLLER NAME is not supported.
CHAPTER 4. AP Connection Management Figure 78. AP Profile Setting (2) 4.2.4.3 AP Mode Configuration Configuration using CLI To configure AP mode, execute the command as follows. 1) Go to configure AP configuration AP profile mode of CLI. WEC8500# configure terminal WEC8500/configure# ap ap_1 WEC8500/configure/ap ap_1# profile WEC8500/configure/ap ap_1/profile# 2) Configure the AP mode.
CHAPTER 4. AP Connection Management Configuration using Web UI In the menu bar of , select and then select the AP selection menu in the sub-menus. After selecting the AP MODE NAME item, click the button to apply the configuration. Figure 79. AP mode configuration 4.2.4.4 AP CLI Access Account The APC operator can add or remove account information relating to the AP CLI.
CHAPTER 4. AP Connection Management WEC8500# configure terminal WEC8500/configure# apc WEC8500/configure/apc # 2) Add an AP CLI account. ap-account [ID] [PASSWORD] [LEVEL] Parameter ID Description This is the ID of the AP CLI account. Only an alphanumeric value of up to eight characters can be entered. Password This is the password of the AP CLI account. Only an alphanumeric value of up to eight characters can be entered. Level This is the level of the AP CLI account.
CHAPTER 4. AP Connection Management 4.2.4.5 AP SNMP Agent Configuration The APC operator can configure SNMP Agent settings for all APs. Configuration using CLI Execute the following commands to configure the SNMP Agent settings of the AP. 1) Go to configure snmp ap mode of CLI. WEC8500# configure terminal WEC8500/configure# snmp WEC8500/configure/snmp# ap WEC8500/configure/snmp/ap# 2) Configure the snap agent information of the AP. Enable/disable SNMP of the AP.
CHAPTER 4. AP Connection Management Parameter PRIVATE KEY 3) Description A number in the range of 8 to 20 can be entered. Use the ‘show snmp ap’ command to retrieve the agent information configured for the AP. Configuration using Web UI In the menu bar of , select , select in the submenu, and then select or to configure the SNMP agent information. Figure 81. AP SNMP v1/v2c Community Configuration Window Figure 82.
CHAPTER 4. AP Connection Management 4.2.5 Information Management The APC manages the history statistics information, real-time interface statistics information, and tech support information of the AP. AP History Statistics The AP transmits the interface (WAN and WLAN) and CPU load/memory usage statistics information collected for 5 min. to the APC. The APC forwards the information to the WEM via FTP. If the APC does not interoperate with the WEM, the APC stores the information for 3 days.
CHAPTER 4. AP Connection Management 4.2.5.2 Real-time Interface Statistics Information Configuration using CLI 1) Go to configure AP configuration. WEC8500# configure terminal WEC8500/configure# ap ap_1 WEC8500/configure/ap ap_1# 2) Configure to make real-time interface statistics information updated periodically. WEC8500/configure/ap ap_1# get-if-stats 3) To check the interface statistics information of an AP, use the ‘show ap if-stats [AP_NAME]’ command.
CHAPTER 4. AP Connection Management 4.2.5.3 Tech Support Information Execute the below command to download the Tech Support information from an AP. Configuration using CLI 1) Go to configure AP configuration tech-support of CLI. WEC8500# configure terminal WEC8500/configure# ap [ap profile name] WEC8500/configure/ap ap_1# tech-support WEC8500/configure/ap ap_1/tech-support# 2) Request the coredump file of the AP.
CHAPTER 4. AP Connection Management 4.2.6 Outdoor AP Configuration The APC system provides outdoor AP connection diagnostic functions for outdoor APs. The AP connection diagnostics function checks ping status of outdoor APs and displays the results on the operator’s monitor. Procedure of using the outdoor AP connection diagnostics function is as follows: 1) The operator creates/deletes outdoor APWEC using CLI.
CHAPTER 4. AP Connection Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. To create an outdoor AP, click , select <3rd Party Outdoor AP>, enter AP PROFILE NAME, MAC ADDRESS, and IP ADDRESS, and then select . Figure 86. Outdoor AP Create Window 4.2.
CHAPTER 4. AP Connection Management Configuration using CLI (Upgrade environment) To configure AP upgrade related environment, the following command is provided. First of all, go to the configure AP-all upgrade mode of CLI. WEC8500# configure terminal WEC8500/configure# ap-all WEC8500/configure/ap-all# upgrade WEC8500/configure/ap-all/upgrade# [select-package] This command configures a package to use during AP upgrade.
CHAPTER 4. AP Connection Management [max-download] This command configures the maximum number of simultaneous downloads when transmitting the package file of an AP from the APC to the AP. Max-download [COUNT] Parameter COUNT Description Maximum number of simultaneous downloads of AP image file (range: 1-50, default: 10) [max-retry] This command configures maximum number of re-attempts when AP upgrade is failed.
CHAPTER 4. AP Connection Management Configuration using Web UI In the menu bar of , select and then select menu in the sub menu. You can perform AP upgrade in the AP Upgrade tab and configure upgrade related environment in the Advanced tab. [AP Upgrade tab] AP Upgrade tab upgrades all the APs or a specific AP. Figure 87. AP upgrade The procedure of entire AP upgrade is as follows: 1) In the AP Upgrade window, click the button.
CHAPTER 4. AP Connection Management SCOPE: Selects upgrade method. To make the AP working as the package immediately after upgrade, select Quick Upgrade. To download the package to the AP, select the Predownload menu. TARGE AP: Select an AP target to upgrade. If you select , an AP that is configured as individual is excluded from upgrade. SELECT AP PACKAGE: Selects an AP package to upgrade.
CHAPTER 4. AP Connection Management [Advanced tab] Configures AP upgrade related environment settings. Figure 90. AP upgrade-advanced 4.2.8 TRANSFER MODE: Selects a protocol that transmits an AP package. MAX DOWNLOAD: Configures maximum number of sessions that can be downloaded simultaneously. MAX RETRY: Configures maximum number of re-attempts when AP upgrade is failed. DEFAULT AP PACKAGE: Select an AP package that will be used for automatic upgrade during AP joint.
CHAPTER 4. AP Connection Management CLI for checking configuration: WEC8500 # show remote-ap-group upgrade config rUpgrade ================== Remote Ap Group Upgrade Config ================= Group Name Enable Type Mode Path PortNum MAXretries ForceOption : rUpgrade : Enable : Default : FTP : package/ap : 21 : 3 : Disable weafama : : : : weafamb (APID:0, IP:0.0.0.0) () (APID:0, IP:0.0.0.
CHAPTER 4. AP Connection Management Figure 92. Remote AP Group Upgrade Activation_2 4.2.8.2 Master AP Configuration (Optional) The operator can configure the master AP for AP upgrade in the remote group. If none is configured, a master AP is automatically selected.
CHAPTER 4. AP Connection Management WEC8500# show remote-ap-group upgrade list rUpgrade /* (RC/FR/RC) : RetryCount/FailReason/RebootCause AP_ID Model Version(config/current) Status(RC/FR/RC) 1 WEA303i Global/1.7.0.U2 None( 0/ 0/128) 2 WEA312i Global/1.7.0.U2 None( 0/ 0/146) 3 WEA303i Global/1.7.0.U1 None( 0/ 0/146) MasterAp MasterApCfg - Configuration using Web UI Administration > Package Upgrade > Remote AP Group Example: Figure 93. Checking Master AP Configuration Figure 94.
CHAPTER 4. AP Connection Management 4.2.8.3 AP Package Configuration The operator can configure an AP package to upgrade in the remote group. Configuration using CLI Example: WEC8500# configure terminal WEC8500/configure# ap-group rUpgrade WEC8500/configure/ap-group rUpgrade# remote WEC8500/configure/ap-group rUpgrade/remote# upgrade WEC8500/configure/ap-group rUpgrade/remote/upgrade# select-package weafama weafama_1.7.0.U.
CHAPTER 4. AP Connection Management Configuration using Web UI Administration > Package Upgrade > Remote AP Group Example: Figure 95. AP Package Configuration 4.2.8.4 Starting AP Upgrade The operator can start or stop AP upgrade in the remote group.
CHAPTER 4. AP Connection Management Path PortNum MAXretries ForceOption : : : : package/ap 21 3 Disable weafama : ap_1 (APID:1, IP:10.10.10.160) : weafama_1.7.0.U.bin (1.7.0.U) weafamb : (APID:0, IP:0.0.0.0) : () WEC8500# show remote-ap-group upgrade list rUpgrade /* (RC/FR/RC) : RetryCount/FailReason/RebootCause AP_ID Model Version(config/current) Status(RC/FR/RC) MasterAp 1 WEA303i Remote/1.7.0.U2 DownloadSuccess( 0/ 0/128) MasterApCfg 2 WEA312i Remote/1.7.0.
CHAPTER 4. AP Connection Management 4.2.8.5 Restarting and Upgrading AP After downloading the AP package, APs in the remote group are restarted so that they can run on the upgraded version.
CHAPTER 4. AP Connection Management Configuration using Web UI Administration > Package Upgrade > Remote AP Group Example: Figure 97. Restarting and Upgrading AP © SAMSUNG Electronics Co., Ltd.
CHAPTER 5. WLAN Management CHAPTER 5. WLAN Management This chapter describes how to create and configure WLAN that is the most fundamental basis for W-EP wireless LAN service. 5.1 WLAN Configuration 5.1.1 Basic WLAN Configuration The WLAN profile helps configure and manage the WLAN connection service of an AP in the APC. To use WLAN service, it is necessary to basically configure AP group and interface group and specify Service Set Identifier (SSID).
CHAPTER 5. WLAN Management A newly created WLAN is added to the ‘default’ AP group if the WLAN ID is in the range of 1-16. If its WLAN ID is 17 or above, the WLAN is not included in the AP group. Maximum 16 WLANs can be allocated to each AP group. WEC8500# configure terminal WEC8500/configure# ap-group apg_01 WEC8500/configure/ap-group apg_01# add-wlan 1 3) Configure an interface group to which the WLAN service will be provided.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Select a WLAN ID to change in the WLANs screen and go to the tab. In the screen, you can use various functions such as adding or deleting a WLAN. Figure 98. WLAN basic configuration (1) Figure 99. WLAN basic configuration (2) © SAMSUNG Electronics Co., Ltd.
CHAPTER 5. WLAN Management You can configure various functions such as interface group and SSID, etc. The configurations available in the General tab are as follows: INTERFACE GROUP: Configures an interface group. RADIO AREA: Configures a radio area. CAPWAP TUNNEL MODE/LOCAL VLAN: Configures the local switching function. SUPRESS SSID: Enables or disables the function.
CHAPTER 5. WLAN Management 5) Specify the service MAC type. mac-type [MAC_TYPE] Parameter Description MAC_TYPE - localMac: An AP itself provides data service. - splitMac: Provides data service through the APC. 6) Select a radio bandwidth to provide the WLAN service. radio [RADIO] Parameter RADIO Description - 1: 5 GHz - 2: 2.4 GHz - 3: Supports both 5/2.4 GHz 7) 8) Select whether to provide the SSID as hidden. If it is set to ‘hidden’, the SSID is not found when other devices do searching.
CHAPTER 5. WLAN Management 5.1.3 WLAN-based ACL Configuration To configure ACL to apply to the WLAN service, define IP-based ACL first and then configure it to the WLAN. Configuration using CLI The procedures for configuration are as follows. 1) Before applying ACL, retrieve ACL that is configured as WLAN ACL. WEC8500# show running-config network fqm-mode … ip access-group wireless acl1 ! 2) Go to configure wlan configuration mode of CLI.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Select a WLAN ID to change in the WLANs screen and go to the tab. Figure 100. WLAN-based ACL configuration ACL RULE: Configures the WLAN-based ACL function. STATIC ADDRESS DISALLOWED DHCP OVERRIDE DHCP SERVER: Enter a DHCP server IP address. WMM: Configures the WiFi Multimedia (WMM) mode.
CHAPTER 5. WLAN Management 5.1.4 Managing Root Service To provide a wireless LAN service where cable installation is difficult, a W-EP AP can be configured as a repeater mode to relay wireless LAN traffics. To configure this kind of network, the Repeater AP and Root AP are required. The Repeater AP is working as a wireless terminal and the Root AP connects a Repeater AP to a wireless terminal for connection to the APC. The root AP must be enabled with the repeater service to allow repeater AP connections.
CHAPTER 5. WLAN Management 4) Configure it to a Root AP. WEC8500/ configure/ap ap_1# profile ap-mode rootAp 5) Restart the configured AP. [Changing to Repeater AP] The procedure of changing a W-EP AP to a Repeater AP is as follows: 1) Go to configure mode of CLI. WEC8500# configure terminal 2) Check the registered AP list. WEC8500/configure# show ap summary 3) Go to AP configuration mode of an AP that will be changed to a Repeater AP. WEC8500/configure# ap ap_2 4) Configure it to a Repeat AP.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. To enable repeater service, configure the INTERFACE GROUP in the Repeater Service of the window, select Enable in the SERVICE, and click the button. Figure 101.
CHAPTER 5. WLAN Management 5.1.5 MCS Configuration Management by WLAN This is a function of configuring data rate and MCS by WLAN. You can configure MCS, etc. by each WLAN differently because it is necessary to configure MCS, etc. differently depending on the types of services such as FMC. Configuration using CLI 1) Go to configure WLAN configuration mode of CLI.
CHAPTER 5. WLAN Management 5) Configure the 802.11ac Modulation and Coding Scheme (MCS) rate. Only 5G bandwidth for 802.11ac MCS is configurable.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Select the WLAN ID to change in the WLANs screen and move to the <802.11a/n/ac> or <802.11b/g/n> tab depending on the bandwidth. Figure 103. MCS by WLAN: 802.11a/n/ac Configuration Management window Figure 104. MCS by WLAN: 802.11b/g/n Configuration Management window © SAMSUNG Electronics Co., Ltd.
CHAPTER 5. WLAN Management 5.2 Local Switching The APC provides the local switching function to support a service to an individual network such as a branch office. The local switching function enables an AP to be connected to WAN for external connection in an individual network where the APC is not installed. The control packet of an AP and a wireless terminal is processed in the centralized APC and a general data packet is processed in an individual network.
CHAPTER 5.
CHAPTER 5. WLAN Management In the menu bar of , select and then select the menu in the sub-menus. In the Access Points screen, select an AP to change and go to the tab. Select the WLAN set with tunneling and enter the split ACL before clicking the button. Figure 106. Split ACL Configuration Window of WLAN Allocated to AP Select the WLAN set with local bridging and then enter VLAN ID/ACL/Pre-Auth. ACL before clicking the button.
CHAPTER 5. WLAN Management 5.3 Security and Authentication The Samsung W-EP AP/APC supports the security and authentication function defined in the IEEE 802.11-based wireless LAN security standard and its main mechanism is as follows: Wired Equivalent Privacy (WEP) Wi-Fi Protected Access Version 1 (WPA1), Wi-Fi Protected Access Version 2 (WPA2) Authentication type: Pre-Shared Key (PSK), 802.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Select a WLAN ID to change in the WLANs screen and go to the tab. Figure 108. Initialization of WLAN security function The configuration items available in the window are as follows. Item Description PROFILE NAME A WLAN configuration name is displayed.
CHAPTER 5. WLAN Management Item Description PMK LIFETIME PMK effective time (unit: s, range: 0-1000000, default: 43200) EAPOL REAUTHENTICATION EAP re-authentication interval (unit: s, range: 0-100000, PERIOD default: 0) STATIC WEP WEP KEY key input format FORMAT - ASCII: ASCII character string - HEX: Hexadecimal value WEP KEY Key length SIZE - 40: 40-bit (5-byte) - 104: 104-bit (13-byte) STATIC WEP WEP KEY Key index (1-4) INDEX WEP KEY key value 802.
CHAPTER 5. WLAN Management Parameter WPA_TYPE Description WPA type (wpa/wpa2): WPA Version 2 must be enabled at all times. - wpa: WPA Version 1 - wpa2: WPA Version 2 4) Configure the PSK key. WEC8500/configure/wlan 1/security# psk [KEY_TYPE] [KEY_STRING] Parameter KEY_TYPE Description PSK key input format (ascii/hex) - ASCII: ASCII character string - HEX: Hexadecimal value KEY_STRING 5) PSK key Configure the encryption type.
CHAPTER 5. WLAN Management 8) Disable the 802.1x authentication. WEC8500/configure/wlan 1/security# no ieee8021x 9) After applying the changed configuration, exit the security configuration mode. WEC8500/configure/wlan 1/security# apply WEC8500/configure/wlan 1/security# exit 10) To check the configuration information, use the following command.
CHAPTER 5. WLAN Management 5.3.3 WPA/WPA2 802.1x Configuration The WPA/WPA2 802.1x, one of wireless LAN authentication types does authentication through an authentication server such as a Remote Authentication Dial-In User Service (RADIUS) server. To configure WPA/WPA2 802.1x to WLAN, execute the command as follows: As the 802.1x authentication needs interoperation with a RADIUS server, the RADIUS server required for the WLAN security configuration must be configured first.
CHAPTER 5. WLAN Management Parameter ENC_TYPE Description Encryption type (tkip/ ccmp) - tkip: TKIP type. TKIP cannot be configured for WPA Version 2. - ccmp: AES-CCMP type 5) Disable the PSK key management algorithm. WEC8500/configure/wlan 1/security# no keymgmt psk 6) Configure the key management algorithm to 802.1x. WEC8500/configure/wlan 1/security# keymgmt ieee8021x 7) Enable the 802.1x authentication.
CHAPTER 5. WLAN Management 10) After applying the changed configuration, exit the security configuration mode. WEC8500/configure/wlan 1/security# apply WEC8500/configure/wlan 1/security# exit 11) To check the configuration information, use the following command. WEC8500/configure# show wlan security summary 12) To check configuration information, use the ‘show wlan security summary’ command.
CHAPTER 5. WLAN Management Item ACCOUNTI NG SERVER Description Enable/ Disable Whether the accounting function is enabled. - Enable: The accounting function is enabled. - Disable: The accounting function is disabled. RADIUS SERVER 1 Accounting server that will be used as the first priority (Can select one out of pre-configured RADIUS servers.) RADIUS SERVER 2 Accounting server that will be used as the second priority (Can select one out of pre-configured RADIUS servers.
CHAPTER 5. WLAN Management 5.3.4 Static WEP Configuration The WEP is a security algorithm defined in the initial wireless LAN standard. It provides security by using a cryptographic key and Initial Vector (IV) to encrypt the wireless transmission data exchanged between an AP and a wireless terminal connected to a wireless LAN. Configuration using CLI For static WEP configuration, execute the following commands. 1) Go to configure wlan configuration mode of CLI.
CHAPTER 5. WLAN Management Parameter Description KEY_TYPE WEP key Input format of WEP cryptographic key (ascii/hex) - ASCII: ASCII character string - HEX: Hexadecimal value KEY STRING WEP cryptographic key KEY_INDEX Key index (range: 1-4) KEY_LENGTH Key length (Bit unit) - 40 - 104 7) After applying the changed configuration, exit the security configuration mode.
CHAPTER 5. WLAN Management 5.3.5 Dynamic WEP Configuration The Dynamic WEP is a security algorithm that improves the security vulnerabilities of a static WEP by using 802.1x authentication. Unlike the static WEP that is based on a configured fixed key, it creates a cryptographic key by executing 802.1x authentication when a terminal is connected. Configuration using CLI For dynamic WEP configuration, execute the command as follows: 1) Go to configure wlan configuration mode of CLI.
CHAPTER 5. WLAN Management 6) Parameter Description RADIUS_SERVER_ID_LIST RADIUS server ID list (Up to 3 IDs can be configured.) After enabling the RADIUS server function for accounting, specify the index of account RADIUS server. The RADIUS server information must be configured in advance. WEC8500/configure/wlan 1/security# radius-server acct-servers [RADIUS_SERVER_ID_LIST] 7) Parameter Description RADIUS_SERVER_ID_LIST RADIUS server ID list (Up to 3 IDs can be configured.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. 1) Select a WLAN ID to change in the WLANs screen and go to the tab. For details about configuration, refer to the section 5.3.3. 2) Click the tab. Figure 113. Dynamic WEP Configuration Window Select the L2 Security Type as Dynamic WEP. After configuring the rest values as required, click the button.
CHAPTER 5. WLAN Management 5.4 DHCP Configuration The DHCP service of APC consists of DHCP server, DHCP relay, and DHCP proxy. 5.4.1 DHCP Server 5.4.1.1 DHCP Server Configuration A DHCP server in the APC dynamically allocates an IP address to a client. Configuration using CLI 1) Go to configure mode of CLI. WEC8500# configure terminal WEC8500/configure # 2) To enable or disable the DHCP server, enter the ‘ip dhcp’ command. Use ‘no’ in front of the command to disable the configuration.
CHAPTER 5. WLAN Management 5.4.1.2 DHCP Pool The DHCP pool includes the range of IP address to be allocated to a client, DNS server that will be used by a DHCP client, NTP server, and default router IP address information, etc. Configuration using CLI [Pool Creation] The procedure of creating a pool in an internal DHCP server and entering into the pool mode is as follows: 1) Go to configure mode of CLI. WEC8500# configure terminal WEC8500/configure # 2) Enter the ‘ip dhcp pool’ command.
CHAPTER 5. WLAN Management Parameter Description IP_ADDRESS IP address NETMASK Netmask address LENGTH Netmask length [Configuring Gateway] This command configures the gateway address of a DHCP client. Enter ‘no’ parameter to delete a configured address. default-router [IP_ADDRESS] no default-router Parameter Description IP_ADDRESS Gateway IP address [Configuring DNS Server] Up to 3 IP addresses can be configured for a DNS server. Enter ‘no’ parameter to delete a configured DNS server.
CHAPTER 5. WLAN Management [Configuring Fixed IP Address to MAC Address] This command configures a fixed IP address to a specific MAC address or deletes the configuration. The ‘range’ of IP address to configure cannot be overlapped with the IP range and maximum 255 IP addresses can be configured. In addition, use the ‘no fix-address all’ command to delete all the configured values. fix-address [aa:bb:cc:dd:ee:ff A.B.C.D] no fix-address [aa:bb:cc:dd:ee:ff A.B.C.
CHAPTER 5. WLAN Management [Ping check] When a DHCP server allocates an IP address to a client, ping check can be used to check if an IP address to allocate is being used in the current network. ping-check [enable/disable] Parameter Description enable/disable Configures whether to use ping check (default: disable) [Configuring IP Address Range] A DHCP server configures the range of IP address to allocate to a client.
CHAPTER 5. WLAN Management Mode: Can be configured to the active/passive mode. active: Although a client does not request data transmission, the DHCP server transmits user-option data (Default). passive: The DHCP server transmits data upon a client’s request. Command Description - user-option [1-254] string [string] [active/passive] Configures an option.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Click the or button to add or delete a DHCP pool. Figure 115. DHCP Pool (1) The window where a DHCP pool can be added is shown below. Figure 116. DHCP Pool (2) © SAMSUNG Electronics Co., Ltd.
CHAPTER 5. WLAN Management 5.4.1.3 POOL NAME: DHCP pool name (mandatory input item) NETWORK: Network bandwidth IP that a DHCP server will serve (mandatory input item) MASK: Netmask length IP of an IP that is entered into the NETWORK item (mandatory input item) LEASE TIME: DHCP IP address lease time (Unit: s, default: 3600 s, Maximum value: 8640000 s) DOMAIN NAME: Configures a domain name that will be used by a DHCP client in a DNS.
CHAPTER 5. WLAN Management 5.4.2 DHCP Relay The DHCP relay forwards a DHCP packet received from a client through broadcast to the DHCP server. Because it switches with the DHCP proxy, the DHCP relay is enabled when the DHCP proxy is disabled. The DHCP relay is working in the unit of interface. It is disabled in the ‘mgmt0’ and ‘lo’ interface. The DHCP relay is not working even when no IP address is configured in the interface.
CHAPTER 5. WLAN Management 5.4.3 DHCP Proxy The procedure of changing to the DHCP proxy is as follows. Configuration using CLI The CLI configuring a DHCP proxy is located as a command under ‘ip dhcp-proxy’ in the configure mode. 1) Go to configure mode of CLI. WEC8500# configure terminal 2) Switch to the DHCP proxy. WEC8500/configure#ip dhcp-proxy enable 3) To check the configured information, use the ‘show ip dhcp-proxy’ command.
CHAPTER 5. WLAN Management 5.4.4 Option 82 Configuration The APC uses the DHCP Option 82 to provide various services during IP allocation by forwarding the information such as access control, QoS, or security policy, etc. when a wireless terminal connected to an AP receives an IP address. The Option 82 has two fields, i.e. remote ID and circuit ID. Enter the name of an interface for which the APC constantly does relay/proxy in the circuit ID and enter a part of AP information in the remote ID accordingly.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. In the interface, you can see the page where you can change the Option 82. Figure 119. Option 82 configuration (1) Select an item in the list and perform detail configuration. Figure 120.
CHAPTER 5. WLAN Management 5.4.5 Primary/Secondary Server Configuration The DHCP relay/proxy can transmit a DHCP packet received from a client through broadcast to maximum two DHCP servers. Here, the two servers are called a primary server and a secondary server. The configuration of primary/secondary servers can be done in the interface mode, but it is also possible in the global mode.
CHAPTER 5. WLAN Management Configuration using Web UI [Configuration at Interface] In the menu bar of , select and then select the menu in the sub-menus. In the interface, you can see the page where you can change the Option 82. Figure 121. Primary/Secondary server configuration (1) Select an item in the list and perform detail configuration. Figure 122.
CHAPTER 5. WLAN Management [Configuration at Global] In the menu bar of , select and then select the menu in the sub-menus. Configure the PRIMARY SERVER and SECONDARY SERVER of the Global Parameter. If you does Global configuration, the configuration is applied to all the interfaces whose ‘GLOBAL USE’ checkbox is checked in the DHCP configuration of APC interface. Figure 123. Primary/Secondary server configuration (3) © SAMSUNG Electronics Co., Ltd.
CHAPTER 5. WLAN Management 5.5 Radio Service Configuration The APC supports WLAN-based radio configuration. You can enable or disable WMM based on WLAN and change DTIM and station idle timeout. Configuration using CLI 1) Go to configure wlan-radio-service mode of CLI. APC# configure terminal APC/configure# wlan-radio-service APC/configure/wlan-radio-service# 2) Configure whether to enable or disable WMM.
CHAPTER 5. WLAN Management Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Select a WLAN ID to change in the WLANs screen and go to the tab. Figure 124. Radio service configuration After configuring the below items, click the button. WMM: Configures the WMM mode. DTIM: Enter a DTIM value (1-255). STATION IDLE TIMEOUT: Enter a station idle timeout value.
CHAPTER 6. Wi-Fi Configuration CHAPTER 6. Wi-Fi Configuration This chapter describes how to manage the 802.11a, 80211.bg, 802.11n or 80211ac device of W-EP AP. An 802.11n device supports 2.4 GHz and 5 GHz wireless bandwidth and high data processing speed. 6.1 802.11a/b/g/n/ac Radio Property 6.1.1 802.11a/b/g Configuration The configuration of radio property for 802.11a/b/g/ac is as follows: Configuration using CLI 1) Go to configure radio mode to configure of CLI.
CHAPTER 6. Wi-Fi Configuration 3) Configure channel of multiple APs belonging to the group. channel [CHANNEL] group [GROUP_ID] all-ap/active-ap: Channel is configured for multiple APs. channel [CHANNEL] group [GROUP_ID] all-ap/active-ap fixed: Channel is fixed and is not affected by automatic adjustment functions such as RRM. (Channel values are indicated as * when retrieved by ‘show 80211a summary’ or ‘show 80211bg summary’.
CHAPTER 6. Wi-Fi Configuration 6) To check the configured channel and TX power information, use the following command.
CHAPTER 6. Wi-Fi Configuration 11) Configure the bandwidth of the AP. Bandwidth can be configured only for 80211a/n/ac. bandwidth [BANDWIDTH] ap [AP_ID]: Bandwidth is configured for a specific AP. bandwidth [BANDWIDTH] global: Bandwidth is configured for all APs.
CHAPTER 6. Wi-Fi Configuration [TX power Configuration] TX CURRENT POWER: TX Power (range: 3-23) TX POWER FIX: The configured TX power is configured as fixed and it is not affected by the automatic adjustment function such as RRM. When selecting the <802.11a/n/ac> or <802.11b/g/n> menu, the Tx power value is displayed as *. (Optional) To check the configured channel and TX power information, go to <802.
CHAPTER 6. Wi-Fi Configuration 6.1.2 802.11n Configuration The 802.11n configuration is as follows: Configuration using CLI 1) Go to configure radio mode (80211a or 80211bg) to configure of CLI. WEC8500# configure terminal WEC8500/configure# 80211a 2) Go to the 11n-support mode. WEC8500/configure/80211a#11n-support 3) Configure an AP so that it can support 802.11n property.
CHAPTER 6. Wi-Fi Configuration 6.1.3 802.11ac Configuration The 802.11ac configuration is as follows: Configuration using CLI 1) Go to configure radio mode of 80211a to configure. WEC8500# configure terminal WEC8500/configure# 80211a 2) Enter 11ac-support mode. WEC8500/configure/80211a#11ac-support 3) Configure the AP so that it can support the 802.11ac property.
CHAPTER 6. Wi-Fi Configuration [OPERATIONAL TYPE] Enable/disable 11ac operation. [VHT (802.11AC) MCS SETTING] Determine the spatial stream count for each AP model and enter maximum MCS value for each spatial stream count.
CHAPTER 6. Wi-Fi Configuration 6.2 Wi-Fi QoS Configuration The APC provides various QoS in the wire/wireless section for every packet type (voice, video, best-effort, or background). The QoS can be configured for each wireless section (2.4 GHz, 5 GHz). 6.2.1 QoS Configuration of Wireless Terminal The system provides probable QoS by changing the Enhanced Distributed Channel Access (EDCA) parameter in a wireless section.
CHAPTER 6. Wi-Fi Configuration [Wired tab] Figure 127. QoS configuration of a wireless terminal (1) [Wireless tab] Figure 128. QoS configuration of a wireless terminal (2) © SAMSUNG Electronics Co., Ltd.
CHAPTER 6. Wi-Fi Configuration 6.2.2 QoS Configuration of AP 6.2.2.1 Wire Section The APC provides QoS in a wire section using 802.1p and Differentiated Services Code Point (DSCP) marking and it can adjust packet traffics because it can adjust queue length depending on packet type. Configuration using CLI To configure the Station QoS parameter that will be applied to the wire section between APC and AP, execute the command as follows: 1) Go to configure QoS mode of a wireless section of CLI.
CHAPTER 6. Wi-Fi Configuration 4) Configure a default DSCP value per packet. dscp-tag [PACKET_TYPE] [DSCP TAG] Parameter Description PACKET_TYPE Packet type configuration (voice/video/best_effort/background) DSCP_TAG Default DSCP value 5) Configure a protocol to distinguish packet types. protocol [PROTOCOL] Parameter PROTOCOL Description Protocol configuration (none/dot1p/dscp) - none: Determine the type of every incoming packet with best effort.
CHAPTER 6. Wi-Fi Configuration Configuration using Web UI In the menu bar of , select and then select the <802.11a/n> or <802.11b/g/n> menu in the sub-menus. 1) 2) 3) 4) 5) 6) 6.2.2.2 Select one out of None/Default/User Priority in the 802.1P POLICY drop-down list of Tagging Policy. To disable a DSCP policy in the DSCP POLICY, select Disable. To enable a DSCP policy in the DSCP POLICY, select Enable.
CHAPTER 6. Wi-Fi Configuration Configuration using Web UI In the menu bar of , select and then select the <802.11a/n> or <802.11b/g/n> menu in the sub-menus. Figure 129. QoS configuration of AP (wireless section) In the Access Point tab, enter 802.1p or a DSCP value into the QoS Default Values. Click the button to apply. © SAMSUNG Electronics Co., Ltd.
CHAPTER 6. Wi-Fi Configuration 6.2.3 Configuring QoS Profile of a Specific Terminal You can configure a QoS profile that is applied to a specific wireless terminal. This QoS profile is applied from the RADIUS server of a wireless terminal during authentication. Configuration using CLI Go to configure QoS profile configuration mode of CLI. 1) APC# configure terminal APC/configure# qos APC/configure/qos Samsung # 2) Configure 802.
CHAPTER 6. Wi-Fi Configuration Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. To create a QoS profile to apply to a terminal, click the button in the initial window. The QoS addition window consists of the following QoS parameters. By entering each QoS parameter, you can configure the QoS profile of a specific terminal or configure the usage control function for each user. Figure 130.
CHAPTER 6. Wi-Fi Configuration 6.2.4 Voice Optimization Configuration The APC configures an EDCA parameter value that is optimized for voice service to an AP in real-time. Configuration using CLI 1) Go to configure radio cvo mode to configure of CLI. APC# configure terminal APC/configure# [80211a|80211bg] cvo APC/configure/80211a/cvo# 2) Enable or disable the function. [no] enable 3) To check the configured information, use the ‘show 80211a cvo config’ command.
CHAPTER 6. Wi-Fi Configuration 6.3 802.11h Configuration The APC supports the configuration and transmission power limitation for the Dynamic Frequency Selection (DFS) function in an AP. When the AP detects radar, an event is sent to the WEM and a detouring channel can be configured in the AP.
CHAPTER 6. Wi-Fi Configuration Configuration using Web UI In the menu bar of , select and then select the <802.11a/n> <802.11h> menu in the sub-menus. Figure 132. Configuring 802.11h POWER CONSTRAINT: Power constraint value (0-100) CHANNEL SWITCH: Enables channel switch announcement. RESTRICTION MODE: Configures transmission restriction. CHANNEL SWTICH COUNT: Enter a waiting time until channel switching announcement.
CHAPTER 6. Wi-Fi Configuration 6.4 Country Code You can use a country code to restrict the number of channels that can be used in an AP and the maximum transmission power of each channel. Configuration using CLI To configure the country code function, go to country mode first by executing the following command.
CHAPTER 6. Wi-Fi Configuration [Editing Country Code] You can add or delete an operation channel per country and change maximum transmission power per channel. The command used to add or delete a channel per country is shown below. add-channel [COUNTRY_CODE] [CHANNEL_NUMBER] [MAX_TX_POWER]: Adds a channel. del-channel [COUNTRY_CODE] [CHANNEL_NUMBER]: Deletes a channel. Parameter Description COUNTRY_CODE Country code to configure CHANNEL_NUMBER Channel to configure.
CHAPTER 6. Wi-Fi Configuration Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Figure 133. Country code window (1) [Global Country Code Configuration] 1) Select a country in the DEFAULT COUNTRY drop-down list of Configured Country Code item. (Only an authenticated country code is supported.) 2) Select an environment in the DEFAULT ENVIRONMENT drop-down list.
CHAPTER 6. Wi-Fi Configuration [AP Country Code Configuration] In the menu bar of , select and then select the menu in the sub-menus. Figure 134. Country code window (2) After selecting COUNTRY and ENVIRONMENT, click the button. © SAMSUNG Electronics Co., Ltd.
CHAPTER 7. WLAN Additional Services CHAPTER 7. WLAN Additional Services In this chapter, how to configure WLAN additional services such as wireless terminal management, spectrum analysis, Call Admission Control (CAC) and Radio Resource Management (RRM), etc. is described. 7.1 Managing Wireless Terminal 7.1.1 Information Retrieval Functions Configuration using CLI Using the following command, you can retrieve the information of a wireless terminal being serviced by the APC.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The brief information of each station is displayed in the window. To check the detail information of a specific station, click the MAC information of the specific station in the Stations window list. Figure 135. Information viewing window 7.1.
CHAPTER 7. WLAN Additional Services 7.2 Handover Management The handover releases a connection with an existing AP and connects to a new AP. It provides seamless wireless LAN connection to a wireless terminal. The APC provides both 802.11 standard handover and Samsung’s unique AirMove (Network Controlled Handover) handover. 7.2.
CHAPTER 7. WLAN Additional Services AirMove Configuration Item Description scan interleaving time Configures the scanning interval of a wireless terminal. - OPTION: scan-time-interleave - OPTION_DETAIL: Time (ms) Service time in scanning period Configures a period when an wireless terminal transmits/receives an actual data traffic after scanning.
CHAPTER 7. WLAN Additional Services [AirMove Enable/Disable Configuration] The AirMove is enabled by default, so use the following command to disable it. no handover mode NCHO To check the configuration information, use the ‘show handover configuration’ command. Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Figure 136.
CHAPTER 7. WLAN Additional Services 7.3 Call Admission Control (CAC) Configuration The CAC function is provided to protect existing calls from the calls incoming to a wireless LAN. The APC does not allow an additional call when maximum allowed number of calls per radio is reached. 7.3.1 SIP ALG Configuration To make Call Admission Control (CAC) working, the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) function must be enabled.
CHAPTER 7. WLAN Additional Services 2) Enable the SIP ALG. APC/configure# sipalg enable 3) To check the configuration information, use the ‘show sipalg configuration’ command. Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. Figure 137. SIP ALG configuration window After configuring SIP ALG that is a voice CAC related configuration in the SIP ALG, click the button.
CHAPTER 7. WLAN Additional Services 7.3.2 Voice CAC Configuration To protect existing calls, the voice CAC function configures maximum allowed number of calls and rejects any call request when the maximum number is exceeded. You can configure the number of marginal voice calls for handover. Configuration using CLI For voice CAC configuration, execute the command as follows: 1) Go to configure voice CAC mode of a wireless section of CLI.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select the <802.11a/n> or <802.11b/g/n> menu in the submenus. Figure 138. Admission control configuration of 802.11a/n After configuring the below item in the Call Admission Control, click the button. ADMISSION CONTROL: Configures the CAC function.
CHAPTER 7. WLAN Additional Services 7.3.3 Video CAC Configuration To protect existing video calls, the video CAC function configures the maximum allowed number of video calls and rejects any call request when the maximum number is exceeded. You can configure the number of marginal calls for handover. Configuration using CLI For video CAC configuration, execute the command as follows: 1) Go to configure video CAC mode of a wireless section of CLI.
CHAPTER 7. WLAN Additional Services 6) Configure the maximum allowed usage of channels. 7) Parameter Description VALUE Maximum allowed usage of channels Configure the usage of marginal channels with consideration for handover.
CHAPTER 7. WLAN Additional Services 7.4 Radio Resource Management (RRM) RRM performs automatic setup function for AP’s channel and Tx Power. RRM is functionally divided into Dynamic Channel Selection (DCS), Dynamic Power control (DPC), and Coverage Hole Detection and Control (CHDC). The DCS automatically sets the channels of the APs. The DPC DCS automatically sets the Tx Power of the AP. The CHDC adjusts the Tx Power when Coverage Hole occurs. 7.4.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select the <802.11a/n/ac> or <802.11b/g/n> menu in the sub-menus. Enable or disable the RRM service at the top of the menu. The RRM can be set in either 802.11a/n/ac screen or 802.11b/g/n screens. Configure priorities between the neighbor list of each Wlan at the bottom of the menu. Figure 140. RRM configuration window 7.4.
CHAPTER 7. WLAN Additional Services 4) Execute the following command to change the Received Signal Strength Indication (RSSI) threshold for neighbor AP. The default value is -70 (dBm). WEC8500/configure/rrm/80211a/dpc# rssi-threshold [value] 5) If you need to change the RSSI threshold for the station, execute the following command. The default value is -70 (dBm). This parameter is used only in the DCS-DPC joint algorithm.
CHAPTER 7. WLAN Additional Services 7.4.3 DCS Configuration This section describes the setting options of the DCS function which automatically sets the channel of the AP. Configuration using CLI 1) Go to configure rrm configuration mode of CLI. WEC8500# configure terminal WEC8500/configure# rrm 2) Go to the wireless section where you want to change the settings. WEC8500/configure/rrm# 80211a 3) Set the DCS function. Enter the dcs setting mode and set it to ‘enable’.
CHAPTER 7. WLAN Additional Services 8) Execute the following command to set the anchor time. The default value is start time 4, end time 5. If both start time and end time are set to the same time, Anchor Run function is disabled. WEC8500/configure/rrm/80211a/dcs# anchor-time start [value] end [value] 9) Execute the following command to change the channels that is automatically set by the DCS. Use the ‘no’ parameter to disable the mode.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select the <802.11a/n/ac> or <802.11b/g/n> menu in the sub-menus. Enable or disable the DCS in the SERVICE field in Dynamic Channel Selection. Figure 142. DCS settings 7.4.4 CHDC Configuration This section describes the setting options of the CHDC function which adjusts the Tx Power when Coverage Hole occurs.
CHAPTER 7. WLAN Additional Services WEC8500/configure/rrm/80211a/chdc# statsCollectEnable Success: DBI set for DPC 11A Stats collect Enable : 1 5) If a coverage hole is estimated from the statistics for the pre-alarm function, a warning can be transmitted. After entering into the chdc configuration mode, complete configuration (statsWarningEnable). To disable the configuration, enter the ‘no’ parameter.
CHAPTER 7. WLAN Additional Services 10) Configure a value that requests an interval to an AP to collect statistics for the prealarm function. The default is 120 seconds and it can be 30~3600 seconds. WEC8500/configure/rrm/80211a/chdc# statsCollectInterval 60 This Value: 60 is already set 11) Configure the minimum value of the idle time-out count of statistics for the pre-alarm function. This parameter can have a value ranging from 0 to 1,000.
CHAPTER 7. WLAN Additional Services Statistics Action Enable .. Enabled Enabled RSSI Voice Threshold .. -75 -75 RSSI Data Threshold .. 80 -30 Minimum Failed Client Count .. 1 1 Percentage Min. Failed Count .. 25 25 Minimum Idle time-out Count .. 10 10 Statistics Collect Interval .. 120 60 Neighbor List Management -------------------- ----------------WLAN Neighbor Priority ..
CHAPTER 7. WLAN Additional Services 7.4.5 Sleeping Cell Detection This is a function that allows the APC to detect the statuses of APs that are not performing basic functions and transmit an alarm/warning. Configuration using CLI 1) Enable/Disable: Configure whether the silent alarm detection function will be performed.
CHAPTER 7. WLAN Additional Services Configuration using Web UI From the menu bar of , select and then select in the submenus. © SAMSUNG Electronics Co., Ltd.
CHAPTER 7. WLAN Additional Services 7.4.6 Energy Saving Groups The purpose is to reduce the power consumption of the APC by turning off the RF radios of APs without any connected STA at a specific time when the number of STAs connected to the APC drops drastically. The APs of the APC are divided into the active group in which APs are always in operation and the standby group in which the RF radios of APs are turned off.
CHAPTER 7. WLAN Additional Services 6) DEL-AP: Delete AP members from the energy saving group. WEC8500/configure/rrm/energy-saving-group 1# del-ap Configuration using Web UI From the menu bar of , select and then select in the submenus. 7.4.
CHAPTER 7. WLAN Additional Services Up to 20 groups can be designated (Same as WEC8500/WEC8050). Energy Saving Auto Classification is not a method under which the operator configures a standby group but a method under which the system automatically classifies an energy saving group by using the analysis of each AP. For the convenience of the operator, the existing Energy Saving Groups and Energy Saving Auto Classification functions can be used by mixture.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select menus in the sub-menus. © SAMSUNG Electronics Co., Ltd.
CHAPTER 7. WLAN Additional Services 7.5 Location Tracking The APC tracks the location information of several terminals in a wireless LAN network based on the wireless data collected from W-EP wireless LAN APs. To configure the location tracking function, execute the command as follows: 1) Go to configure locationtrack configuration mode of CLI. WEC8500# configure terminal WEC8500/configure # locationtrack WEC8500/configure/locationtrack # 2) Configure the location tracking function.
CHAPTER 7. WLAN Additional Services 7.6 Spectrum Analysis A non-802.11 device such as microwave oven, bluetooth, or Closed Circuit Television (CCTV), etc. deteriorates data transmitting/receiving performance because it causes interference in a wireless LAN environment. As a function that measures surrounding interference, the spectrum analysis analyzes wireless or Radio Frequency (RF) signals to resolve interference problem instantly. 7.6.
CHAPTER 7. WLAN Additional Services Operational Status............................... Up Map Location...................................... Channel Information: Channel Interval.................................. 2000 ms Channel........................................... 1 2 3 4 5 6 7 8 9 10 11 12 13 Channel ID...........................................
CHAPTER 7. WLAN Additional Services IP Address....................................... 100.100.100.220 Mode............................................. General Operational Status............................... Up Map Location..................................... Affected Channels: Channel Interval................................. 2000 ms Channel..........................................
CHAPTER 7. WLAN Additional Services 802.11bgn Video Camera........................... ZigBee........................................... 802.11an Continuous Transmitter.................. 802.11an DECT-like Phone......................... 802.11an Video Camera............................ Enabled Enabled Enabled Enabled Enabled Real Time Interference Report: Number of Interferers.................................
CHAPTER 7. WLAN Additional Services [Enable/Disable Spectrum] The command that enables or disables the spectrum analysis function is shown below. service [MODE] Parameter MODE Description Enables or disables spectrum analysis - enable: Enable (default) - disable: Disable [Spectrum Analysis Report Configuration] The command used to enable or disable each spectrum analysis data item is shown below.
CHAPTER 7. WLAN Additional Services 7.6.3 Interference Type Configuration The interference type of 2.4 GHz or 5 GHz that can be detected by the W-EP wireless LAN is shown below. Wireless bandwidth Interference type 2.4 GHz continuous_transmitter, cordless_phone, video_camera 5 GHz bluetooth, continuous_transmitter, cordless_phone, microwave_oven, video_camera, zigbee To configure an interference type, execute the command as follows: 1) Go to configure mode of CLI.
CHAPTER 7. WLAN Additional Services 7.7 Controlling Usage per User A wireless terminal can control traffic usage per user by receiving a QoS profile that specifies traffic usage (bandwidth) from the RADIUS server at the authentication stage. You can configure upward and downward usage per wireless terminal. Configuration using CLI The procedure of configuring a usage to a profile is as follows: 1) Go to configure mode of CLI. APC# configure terminal 2) Create a QoS profile.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. To create a QoS profile to apply to a terminal, click the button in the initial window. The QoS addition window consists of the following QoS parameters. By entering each QoS parameter, you can configure the QoS profile of a specific terminal or configure the usage control function for each user. Figure 145.
CHAPTER 7. WLAN Additional Services 7.8 Remote Packet Capture APC can capture a packet exchanged between the wireless terminals on a remote PC in real-time by using the remote packet capture protocol. To configure the remote packet capture function, you must go to the pcap mode by executing the command as follows: APC# configure terminal APC/configure# pcap Configuring the MAC address of a wireless terminal Configure the MAC address of a wireless terminal whose packets will be captured.
CHAPTER 7. WLAN Additional Services Starting Service You must start the remote packet capture service to connect to a device using a program that supports the remote packet capture protocol on a remote PC. The related commands are given below. APC/configure/pcap# start-service Retrieving Configuration Information Use the ‘show pcap current-config’ command to retrieve the remote packet capture configuration information.
CHAPTER 7. WLAN Additional Services 7.9 Clustering The clustering function comprehensively manages several APC systems in a single wireless LAN when several APC systems are used to manage a wireless LAN that cannot be managed by a single APC. The inter-APC handover function is provided by using clustering. In other words, it can provide the handover function between wireless LANs managed by different APC systems. However, if a model is different, it is not interoperated through clustering.
CHAPTER 7. WLAN Additional Services ENABLE : YES OWN-APC-INDEX : 1 ======================================================== [Adding APC to APC List] To add an APC to the cluster, the APC must be added to the APC list first. APC information is automatically added to the APC list. 1) Go to apc-list configure mode of CLI. WEC8500# configure terminal WEC8500/configure# apc apc-list WEC8500/configure/apc/apc-list# 2) Add the APC to the APC list.
CHAPTER 7. WLAN Additional Services [Deleting APC from cluster] Delete the APC added in cluster. To delete an APC from a cluster, you must delete the APC from the cluster configuration of all the APCs in the cluster. 1) Go to configure mode of CLI. WEC8500# configure terminal WEC8500/configure# 2) Delete an APC from the cluster. To delete all the APC systems in a cluster, enter the ‘cluster del-apc-all’ command.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. The Clustering window is shown below. Figure 146. Clustering window Configure a clustering configuration value in the item and then click the button to apply. The Clustering Members item shows all the clustering members.
CHAPTER 7. WLAN Additional Services 7.10 Limiting the Number of Connected Users The W-EP wireless LAN system limits the number of wireless terminals connected to each AP. The limitation is per radio (2.4/5 GHz bandwidth) or WLAN for each AP. 7.10.1 Limiting Connections per Radio Configuration using CLI 1) Go to configure mode of CLI. APC# configure terminal APC/configure# 2) Configure connection limitation.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select the <802.11a/n> or <802.11b/g/n> menu in the sub-menus. Figure 148. Configuring connection limitation per radio After configuring MAX CLIENT COUNTS, click the button. 7.10.
CHAPTER 7. WLAN Additional Services 4) Enable the WLAN. APC/configure/wlan 1# enable 5) To check the configured connection limitation, use the ‘show wlan detail’ command. Configuration using Web UI In the menu bar of , select and then select the <802.11a/n> or <802.11b/g/n> menu in the sub-menus. Figure 149. Configuring connection limitation per WLAN After configuring MAXIMUM CONNECTIONS, click the button. © SAMSUNG Electronics Co., Ltd.
CHAPTER 7. WLAN Additional Services 7.11 Voice Statistics and Communication Failure Detection Because APC provides voice statistics and the WLAN-based communication failure detection function, you can easily know communication failure reason. 7.11.1 Voice Statistics Function It provides the number of successful voice communication and call time. When the CAC function is enabled, the CAC statistics is also provided. Configuration using CLI Use the following command to check voice statistics.
CHAPTER 7. WLAN Additional Services Configuration using Web UI In the menu bar of , select and then select the <802.11a/n> or <802.11b/g/n> AP menu in the sub-menus. Figure 150. Voice statistics © SAMSUNG Electronics Co., Ltd.
CHAPTER 7. WLAN Additional Services 7.11.2 Detecting WLAN-based Communication Failure You can configure whether to detect WLAN-based communication failure. Configuration using CLI 1) Go to configure mode of CLI. APC# configure terminal APC/configure# 2) Enable or disable communication failure detection. [no] call-fail-detect [WLAN_ID] Parameter Description WLAN_ID WLAN ID (range: 1-240) 3) To check the configured connection limitation information, use the ‘show voip config [WLAN_ID]’ command.
CHAPTER 7. WLAN Additional Services 7.12 Voice Signal and Media Monitoring For voice call fault analysis, the APC provides VoIP wireless terminal, call information, event and RTP media voice quality statistics. 7.12.1 Checking Voice Related Wireless Information Configuration using CLI Execute the following command to check voice related fault analysis statistics. 1) Check the connection status of a voice wireless terminal.
CHAPTER 7. WLAN Additional Services 3) Check the information of a completed call. WEC8500# show voice complete-call summary CONN Start Time Dur AP SSID MAC Address Tel-no IPv4 Address Port Rat MOS LQ/CQ/PQ Pkt Cnt ==== ==================== ==== ==== =============== === ============== ========== =============== ===== ==== ============== =============== 0 2013/05/11-17:24:23 26 1 uready Caller D4:88:90:1B:3C:E2 10.10.10.194 23143 GOOD 4.01/3.95/3.84 225,664 Callee 3C:8B:FE:2E:6F:6A 10.10.10.
CHAPTER 7. WLAN Additional Services 5) Check a WLAN event related to a voice.
CHAPTER 7. WLAN Additional Services WLAN (A_toanyone_1) Voice Statistis ------ ------ ------- ------ ----- --- ------ ------ --- ------ -----Type Total Success Failed Active UpstreamTime Downstream Calls Call Call Call MOS Jitter Delay MOS Jitter Delay ------ ------ ----- ------ ------ --- ------ ------ --- ------ -----Total 11 9 0 2 0.0 0 0 0.0 0 0 5 Min 0 0 0 0 0.0 0 0 0.0 0 0 15 Min 0 0 0 0 0.0 0 0 0.0 0 0 1 Hour 0 0 0 0 0.0 0 0 0.0 0 0 1 Day 11 9 0 2 0.0 0 0 0.
CHAPTER 7. WLAN Additional Services 2) Check the connection status of an active call. In the menu bar of , select and then select the menu in the sub-menus. Figure 153. Active Call Retrieval Screen 3) Check the information of a completed call. In the menu bar of , select and then select the menu in the sub-menus. Figure 154. Complete Calls Retrieval Screen © SAMSUNG Electronics Co., Ltd.
CHAPTER 7. WLAN Additional Services 7.12.2 Checking Voice Related Quality Information Configuration using CLI Execute the following command to check the voice related quality analysis (Voice Quality Monitoring) information. 1) Operator can check the voice quality analysis information of a wireless terminal that has an active call. WEC8500# show voice vqm current-stats brief ======================================================== [CONN-740 Start Time=2013/7/19.
CHAPTER 7. WLAN Additional Services ssid [Ajay_2_2_4GAjay_2_2_4G] Direction [12] wlanId [22] startApId [22] endApId [22] Session id :1 SRC [I/F=ge4 Call-ID=035be38a40032eb8edb0b94e944d58d4 Phone-No=9910, IP=20.20.20.25:25407] DST [I/F=ge4 Call-ID=917a913e-83ae-497f-ad84-bf0ee80edf36@ug1.scm.com Phone-No=9960, IP=20.20.20.30:22458] RTP Flow Quality Metrics: [Flow-1] DIR==Forward Quality Ratings=Fair [MOS-LQ=3.73, MOS-CQ=3.65, MOS-PQ=3.
CHAPTER 7. WLAN Additional Services Upload Count Upload Ok Count Upload Fail Count Requested Count = 1141 = 0 = 0 = 1141 WEC8500# 4) Operator can check the alarm information that occurs during call.
CHAPTER 7. WLAN Additional Services 7.13 Multicast Stream Admission Control The multicast stream admission control is provided to protect the currently running multicast streams from new streams that flow into the wireless LAN. When the maximum allowed usage of streams or channels per radio is reached, the APC does not allow any additional streams. 7.13.
CHAPTER 7. WLAN Additional Services 4) Set the maximum allowed usage of channels. 5) Description VALUE Maximum allowed usage of channels reserved-ho-streams [VALUE] Parameter Description VALUE Number of marginal streams with consideration for handover Configure the usage of marginal channels with consideration for handover. 7) Parameter Configure the number of marginal streams with consideration for handover.
CHAPTER 7. WLAN Additional Services After configuring the items below in the Multicast Stream Admission Control, click the button. ADMISSION CONTROL: Configure the CAC function METHOD: Select the method of admission control MAX STREAMS: Maximum allowed number of streams (range: 1-20) HANDOVER STREAMS: Number of marginal streams with consideration for handover (range: 0-6) The maximum allowed number of streams becomes MAX STREAMS-HANDOVER STREAMS.
CHAPTER 7. WLAN Additional Services WEC8500/configure/wlan WLAN (1) band steering WEC8500/configure/wlan WLAN (1) band steering 3) band-steering enable On (5-GHz preferred) no band-steering enable Off Select a steering band. band-steering [VALUE] Parameter Description VALUE 1 (5.0 GHz), 2 (2.4 GHz) WEC8500/configure/wlan WLAN (1) band steering WEC8500/configure/wlan WLAN (1) band steering 4) 1# is 1# is 1# is 1# is band-steering 1 On (5-GHz preferred) band-steering 2 On (2.
CHAPTER 7. WLAN Additional Services Configuration using Web UI WLAN > Advanced > BAND STEERING [Disable][2.4 GHz preferred][5 GHz preferred] Figure 156. Band Steering Function On/Off and Band Setting © SAMSUNG Electronics Co., Ltd.
CHAPTER 7. WLAN Additional Services 7.15 Wi-Fi Load Balancing The load balancing function in the AP Controller is a function of load balancing by transferring the message that the connections to wireless stations among APs have been permitted or cannot be permitted based on the set threshold value and then controlling the number of stations connected to APs. 7.15.
CHAPTER 7. WLAN Additional Services WEC8500/configure/wlan 1# load-balancing threshold_station 100 Wi-Fi Load Balancing threshold: 100 stations 4) Configure the maximum denial count value.
CHAPTER 7. WLAN Additional Services 7.16 Station-based Adaptive Load Balancing Station-based Adaptive Load Balancing performs load balancing based on the number of stations and RSSI in an individual radio unit of the AP group. Configuring Basic Function and Setting Load Balancing Parameters of AP Group are available and the settings of the load balancing parameters in individual APs are available to apply a different value set only for a specific AP. 7.16.
CHAPTER 7. WLAN Additional Services 6) To calibrate the RSSI value depending on types of stations, the calibration value must be set. calibration mobile [NUMBER] calibration pc [NUMBER] calibration others [NUMBER] Parameter NUMBER Description RSSI calibration value (-dbm) - Default value: 0 dbm 7) To exclude stations where the traffic occurs from load balancing, the following option must be set (Default: no idle-station): idle-station 7.16.
CHAPTER 7. WLAN Additional Services 5) Set the station threshold to perform the Load Balancing function. threshold [NUMBER] Parameter Description NUMBER Station threshold as the standard for the performance of load balancing 6) Set the time of blocking the reconnection after the load of the station is now balanced. kickout-timeout [NUMBER] Parameter Description NUMBER Reconnection limit time (0~100 sec.
CHAPTER 7. WLAN Additional Services 7.16.3 Setting AP Parameters Station-based Adaptive Load Balancing operates as the default value of the setting of the AP group but it is possible to set other parameter value to an individual AP. Because it operates in a radio unit, the parameters to change must be set to the individual radio of the corresponding AP must be set.
CHAPTER 7. WLAN Additional Services 6) Set the time of blocking the reconnection after the load of the station is now balanced. kickout-timeout [NUMBER] Parameter Description NUMBER Reconnection limit time (0~100 sec.) 7) To lead the station which performs load balancing to connect to a specific AP, set the probe response limit time to other APs. no-probe-timeout [NUMBER] Parameter Description NUMBER Probe response limit time (0~100 sec.
CHAPTER 8. Security CHAPTER 8. Security The W-EP wireless LAN system supports the security function, required in a wire/wireless network environment, such as RADIUS server interoperation function, system user management, guest connection service, unauthorized AP/terminal detection and simple blocking function, firewall, access control (ACL), etc. In this chapter, how to configure various security functions supported in the system is described. 8.
CHAPTER 8. Security 3) Parameter Description IP_ADDRESS The IP address of a RADIUS server Configure the key of a RADIUS server. WEC8500/configure/security/radius 1# secret [KEY_TYPE] [KEY_STRING] Parameter KEY_TYPE Description RADIUS server key input format - ASCII: ASCII character string - HEX: Hexadecimal value KEY_STRING 4) RADIUS server key Enable the accounting function of a RADIUS server and configure the port number.
CHAPTER 8. Security Parameter Description RETRY_INTERVAL Retransmission interval for a RADIUS message (unit: seconds, range: 1-60, default value: 2) RETRY_COUNT Maximum retransmission count of a RADIUS message (range: 1-20, default value: 10) FO_RETRY_COUNT Maximum retransmission count of a RADIUS message before a RADIUS server failover is attempted Must smaller than the RETRY_COUNT value (range: 1-10, default value: 3) 7) Exit RADIUS server configuration and security configuration mode.
CHAPTER 8.
CHAPTER 8. Security 2) Set the password type that will be used for the MAC authentication of the device. WEC8500/configure/security/radius 1# mac-auth-pw-type [PW_TYPE] Parameter PW_TYPE Description Password type (default value: mac) - mac: MAC address of the device.
CHAPTER 8. Security Configuration using Web UI In the menu bar of , select and then select menus in the sub-menus. After selecting a RADIUS server to configure, configure the MAC authentication item. Figure 159. RADIUS Server MAC Authentication Configuration Window Item PASSWORD TYPE Description Password type - MAC Address: MAC address of the UE.
CHAPTER 8. Security 8.1.2 Internal RADIUS Server The W-EP wireless LAN system provides the security and authentication function by interoperating with an internal RADIUS server. To use the internal RADIUS server, operator can add, delete, or edit a user (WEC8500: maximum 2048 users, WEC8050: maximum 512 users). Configuration using CLI To configure a local network user related function, enter into the ‘radiuscm’ of configure mode by executing the following command.
CHAPTER 8. Security Parameter Description - Korean is not allowed. - Special characters ‘, *, ?, \, ; cannot be used. department Division information - Character varying (1-63) - OPTIONAL - Korean is not allowed. - Special characters ‘, *, ?, \, ; cannot be used. Home_phone Home phone number - Character varying (1-63) - OPTIONAL - Korean is not allowed. - Special characters ‘, *, ?, \, ; cannot be used. Work_phone Office phone number - Character varying (1-63) - OPTIONAL - Korean is not allowed.
CHAPTER 8. Security [Importing User] To import the Local Net Users list file, execute the following command. Import-local-userdb {filename} Parameter Filename Description File to import - CSV file format - Filename (1-512) [Exporting User] To export the Local Net Users list file, execute the following command. Export-local-userdb {filename} Parameter Filename Description File to export - CSV file format - Filename (1-512) [Checking User] To check one local net user, execute the following command.
CHAPTER 8. Security To add a user, click the button. 1) Enter an item according to each parameter description, and click the button.
CHAPTER 8. Security 8.2 Unauthorized AP/Terminal Detection and Blocking As the security function, the W-EP wireless LAN device provides the detection service for an unauthorized AP using the Wireless Intrusion Detection System (WIDS)/WIPS function. This function detects any AP that is illegally installed without an administrator’s approval and also any wireless terminals connected to the AP.
CHAPTER 8. Security 8.2.2 Detection The W-EP wireless LAN system detects all the packets in a wireless LAN network, classifies unauthorized APs and wireless terminals, and creates related alarms and logs. The detected unauthorized APs are classified as follows according to the configured classification policy. Classification type Managed AP Description AP that is allowed to be used by an administrator among the detected unauthorized APs - Configures the managed AP classification policy.
CHAPTER 8. Security Parameter SSID_NAME Description SSID that is used when the SSID_TYPE is entered as user-configured-ssid 3) To check the configured information, use the ‘show wids device rule managed’ command. Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. And then, select at the upper tab.
CHAPTER 8. Security 8.2.2.2 Configuring the unmanaged AP classification policy To configure the unmanaged type unauthorized AP classification policy, execute the command as follows: Configuration using CLI 1) Go to configure wi device configuration mode of CLI. WEC8500# configure terminal WEC8500/configure# wi WEC8500/configure/wi# device WEC8500/configure/wi/device# 2) Configure the unmanaged type unauthorized AP policy.
CHAPTER 8. Security 3) To check the configured information, use the ‘show wids device rule unmanaged’ command. Configuration using Web UI In the menu bar of , select and then select the menu in the sub-menus. And then, select at the upper tab. 1) By using Add, Delete, or Change, operator can add, delete, or change user defined rules. Figure 163.