MANAGEMENT GUIDE IEEE 802.
Enterprise Access Point Management Guide No. 1, Creation Road III, Hsinchu Science Park, 30077, Taiwan, R.O.C. TEL: +886 3 5638888 Fax: +886 3 6686111 March 2013 Pub.
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright © 2013 by SMC Networks, Inc. No.
Warranty and Product Registration To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http://www.smc.com.
How to Use This Guide This guide includes detailed information on the access point (AP) software, including how to operate and use the management functions of the AP. To deploy this AP effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all its software features. Who Should Read This This guide is for network administrators who are responsible for operating and Guide? maintaining network equipment.
How to Use This Guide Conventions The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions. Caution: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment. Warning: Alerts you to a potential hazard that could cause personal injury. Revision History This section summarizes the changes in each revision of this guide.
Contents Section I Warranty and Product Registration 4 How to Use This Guide 5 Contents 7 Figures 12 Tables 14 Getting Started 17 1 Introduction 18 Configuration Options 18 Console Port Connection 19 Console Login 19 Network Connections 20 Connecting to the Web Interface 20 Home Page and Main Menu 21 Common Web Page Buttons 22 2 Initial Configuration 24 CLI Initial Configuration Steps 24 Setting an IP Address 24 Setting a Password 25 Setting the Country Code 25 Web Qu
Contents Section II Web Configuration 3 System Settings 32 33 Administration Settings 34 IPv4 Address 35 IPv6 Address 36 RADIUS Settings 37 Primary and Secondary RADIUS Server Setup 37 RADIUS Accounting 38 System Time 39 SNTP Server Settings 40 Time Zone Setting 40 Daylight Saving Settings 40 VLAN Configuration 40 System Logs 42 Quick Start Wizard 43 System Resource 44 Bridge STP Configuration 45 Spanning Tree Protocol (STP) 45 Bridge Configuration 48 4 Management Setti
Contents Link Layer Discovery Protocol 61 Access Control Lists 63 Source Address Settings 63 Destination Address Settings 64 Ethernet Type 65 Link Integrity 66 6 Wireless Settings 67 Authentication 68 Local MAC Authentication 68 RADIUS MAC Authentication 69 Band Steering 70 Radio Settings 71 Virtual Access Points (VAPs) 75 VAP Basic Settings 76 WDS-STA Mode 78 Wireless Security Settings 79 Wired Equivalent Privacy (WEP) 81 VAP QoS Settings 82 VAP Bandwidth Settings 84
Contents WDS Status Section III 104 Command Line Interface 9 Using the Command Line Interface 107 109 Console Connection 109 Telnet Connection 110 Entering Commands 111 Keywords and Arguments 111 Minimum Abbreviation 111 Command Completion 111 Getting Help on Commands 111 Showing Commands 111 Negating the Effect of Commands 112 Using Command History 112 Understanding Command Modes 112 Command Line Processing 114 10 General Commands 115 11 System Management Commands 119 12 S
Contents Section IV 21 Spanning Tree Commands 185 22 WDS Bridge Commands 197 23 Ethernet Interface Commands 199 24 Wireless Interface Commands 206 25 Wireless Security Commands 234 26 Rogue AP Detection Commands 243 27 Link Integrity Commands 249 28 Link Layer Discovery Commands 252 29 VLAN Commands 256 30 WMM Commands 260 31 QoS Commands 265 Appendices 273 A Troubleshooting 274 Problems Accessing the Management Interface 274 Using System Logs 274 Index of CLI Commands 276
Figures Figure 1: Login Page 21 Figure 2: The Home Page 21 Figure 3: Set Configuration Changes 22 Figure 4: Help Menu 23 Figure 5: Quick Start - Step 1 27 Figure 6: Quick Start - Step 2 28 Figure 7: Quick Start - Step 3 29 Figure 8: Quick Start - Step 4 31 Figure 9: Administration 34 Figure 10: IPv4 Configuration 35 Figure 11: IPv6 Configuration 36 Figure 12: RADIUS Settings 38 Figure 13: SNTP Settings 39 Figure 14: Setting the VLAN Identity 41 Figure 15: System Log Settings 42
Figures Figure 30: Destination ACLs 64 Figure 31: Ethernet Type Filter 65 Figure 32: Link Integrity 66 Figure 33: Local Authentication 68 Figure 34: RADIUS Authentication 69 Figure 35: Band Steering 70 Figure 36: Radio Settings 71 Figure 37: VAP Settings 76 Figure 38: VAP Basic Settings 77 Figure 39: WDS-STA Mode 78 Figure 40: Configuring VAPs - Security Settings 79 Figure 41: WEP Configuration 81 Figure 42: QoS Settings 82 Figure 43: QoS Template Setting 83 Figure 44: Bandwidth
Tables Table 1: Logging Levels 43 Table 2: WMM Access Categories 87 Table 3: Command Modes 113 Table 4: General Commands 115 Table 5: System Management Commands 119 Table 6: Country Codes 120 Table 7: System Management Commands 139 Table 8: Logging Levels 141 Table 9: System Clock Commands 144 Table 10: DHCP Relay Commands 149 Table 11: SNMP Commands 151 Table 12: Flash/File Commands 164 Table 13: RADIUS Client Commands 167 Table 14: 802.
Tables Table 30: Troubleshooting Chart 274 – 15 –
Tables – 16 –
Section I Getting Started This section provides an overview of the access point, and introduces some basic concepts about wireless networking. It also describes the basic settings required to access the management interface.
1 Introduction The access point (AP) runs software that includes a network management agent. The agent offers a variety of management options, including SNMP and a webbased interface. A PC may also be connected directly to the AP’s console port for configuration using a command line interface (CLI). Configuration Options The AP’s HTTP web agent allows you to configure AP parameters, monitor wireless connections, and display statistics using a standard web browser such as Internet Explorer 6.
Chapter 1 | Introduction Console Port Connection Console Port Connection The AP provides an RS-232 serial console port that enables a connection to a PC or terminal for monitoring and configuring the AP. A null-modem console cable is provided with the AP. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the AP. You can use the console cable provided with this package, or use a nullmodem cable that complies with the wiring assignments shown in the Installation Guide.
Chapter 1 | Introduction Network Connections 2. At the login prompt, enter “admin.” 3. At the Password prompt, press . There is no default password. 4. The session is opened and the CLI displays the “SMC#” prompt indicating you have access to the CLI commands.
Chapter 1 | Introduction Connecting to the Web Interface 2. Log into the interface by entering the default username “admin” with no password, then click Login. Note: It is strongly recommended to change the default user name and password the first time you access the web interface. For information on changing user names and passwords, See “Administration Settings” on page 34. Figure 1: Login Page Home Page and Main After logging in to the web interface, the home page displays.
Chapter 1 | Introduction Connecting to the Web Interface To configure settings, click the relevant Main Menu item. Each Main Menu item is sumarized below with links to the relevant section in this guide where configuration parameters are described in detail: ◆ System — Configures Management IP, WAN, LAN and QoS settings. See “System Settings” on page 33. ◆ Administration — Configures HTTP, Telnet, and SSH access settings. See “Management Settings” on page 49.
Chapter 1 | Introduction Connecting to the Web Interface Figure 4: Help Menu ◆ Logout – Ends the web management session. ◆ Save Config – Saves the current configuration so that it is retained after a restart.
2 Initial Configuration The AP’s initial configuration steps can be made through the CLI or web browser interface. If the AP is not configured with an IP address that is compatible with your network. You can first use the command line interface (CLI) as described below to configure a valid IP address. CLI Initial Configuration Steps First connect to the AP’s console port and log in to the CLI, as described in “Console Port Connection” on page 19. Then proceed with the required configuration.
Chapter 2 | Initial Configuration CLI Initial Configuration Steps Setting a Password If you are logging in to the CLI for the fist time, you should define management access passwords for an administrator and guest (used for CLI and web management), record them, and then keep them in a safe place. Note: If you loose your management access passwords, you will need to use the Reset button on the AP to set the configuration back to factory default values.
Chapter 2 | Initial Configuration Web Quick Start BA-BOSNIA, BR-BRAZIL, BN-BRUNEI_DARUSSALAM, BG-BULGARIA, CA-CANADA, CL-CHILE, CN-CHINA, CO-COLOMBIA, CR-COSTA_RICA, HR-CROATIA, CY-CYPRUS, CZ-CZECH_REPUBLIC, DK-DENMARK, DK-DENMARK, DO-DOMINICAN_REPUBLIC, EC-ECUADOR, EG-EGYPT, EE-ESTONIA, FI-FINLAND, FO-FAROE_ISLANDS, FR-FRANCE, F2-FRANCE2, GE-GEORGIA, DE-GERMANY, GR-GREECE, GT-GUATEMALA, HK-HONG_KONG, HN-HONDURAS, HU-HUNGARY, IS-ICELAND, IN-INDIA, ID-INDONESIA, IR-IRAN, IQ-IRAQ, IE-IRELAND, IL-ISRAEL, IT-I
Chapter 2 | Initial Configuration Web Quick Start Figure 5: Quick Start - Step 1 The following items are displayed on the first page of the Quick Start wizard: Identification ◆ System Name — The name assigned to the access point. (Default: WAP5110) Change Password ◆ Username/Guest Username — The name of the user is fixed as either “admin” or “guest” and is not configurable.
Chapter 2 | Initial Configuration Web Quick Start Caution: You must set the country code to the country of operation. Setting the country code restricts operation of the access point to the radio channels and transmit power levels permitted for wireless networks in the specified country. ◆ Cancel — Cancels the newly entered settings and restores the orignals. ◆ Next — Proceeds to the next page. Step 2 The second page of the Quick Start configures IP settings and DHCP client status.
Chapter 2 | Initial Configuration Web Quick Start ◆ Primary and Secondary DNS Address — The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. (The default Primary and Secondary DNS addresses are null values.) ◆ Management IP — The IPv4 address of the AP through which you can access management interfaces.
Chapter 2 | Initial Configuration Web Quick Start Security ◆ ◆ Association Mode — Defines the mode with which the VAP will associate with clients. (For more information on security modes, see “Wireless Security Settings” on page 79.) ■ Open System: The VAP is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID.
Chapter 2 | Initial Configuration Web Quick Start Authentication ◆ 802.1X — The access point supports 802.1X authentication only for clients initiating the 802.1X authentication process (i.e., the access point does not initiate 802.1X authentication). For clients initiating 802.1X, only those successfully authenticated are allowed to access the network. For those clients not initiating 802.1X, access to the network is allowed after successful wireless association with the access point. The 802.
Section II Web Configuration This section provides details on configuring the access point using the web browser interface.
3 System Settings This chapter describes basic system settings on the access point.
Chapter 3 | System Settings Administration Settings Administration Settings The Administration Settings page configures some basic settings for the AP, such as the system identification name, the management access passwords, and the wireless operation Country Code. Figure 9: Administration The following items are displayed on this page: ◆ System Name — An alias for the AP, enabling the device to be uniquely identified on the network.
Chapter 3 | System Settings IPv4 Address Caution: You must set the country code to the country of operation. Setting the country code restricts operation of the AP to the radio channels and transmit power levels permitted for wireless networks in the specified country. IPv4 Address Configuring the AP with an IPv4 address expands your ability to manage the AP. A number of the AP’s features depend on IPv4 addressing to operate.
Chapter 3 | System Settings IPv6 Address If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided. ◆ Primary and Secondary DNS Address — The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.
Chapter 3 | System Settings RADIUS Settings The following items are displayed on this page: ◆ DHCP Status — Enables/disables DHCPv6 on the access point. ◆ IP Address — Specifies an IPv6 address for management of the access point. (Default: 2001:db8::1) ◆ Subnet Mask — Indicates the local subnet mask. (Default: 64) ◆ Default Gateway — The default gateway is the IPv6 address of the router for the access point, which is used if the requested destination address is not on the local subnet.
Chapter 3 | System Settings RADIUS Settings Figure 12: RADIUS Settings The following items are displayed on the RADIUS Settings page: ◆ RADIUS Status — Enables/disables the primary RADIUS server. ◆ IP Address — Specifies the IP address or host name of the RADIUS server. ◆ Port (1024-65535) — The UDP port number used by the RADIUS server for authentication messages.
Chapter 3 | System Settings System Time ◆ Port (1024-65535) — The UDP port number used by the RADIUS accounting server for authentication messages. (Range: 1024-65535; Default: 1813) ◆ Key — A shared text string used to encrypt messages between the access point and the RADIUS accounting server. Be sure that the same text string is specified on the RADIUS server. Do not use blank spaces in the string.
Chapter 3 | System Settings VLAN Configuration SNTP Server Settings Configures the access point to operate as an SNTP client. When enabled, at least one time server IP address must be specified. ◆ SNTP Status — Enables/disables SNTP. (Default: enabled) ◆ Primary Server — The IP address of an SNTP or NTP time server that the access point attempts to poll for a time update. ◆ Secondary Server — The IP address of a secondary SNTP or NTP time server.
Chapter 3 | System Settings VLAN Configuration Note the following points about the access point’s VLAN support: ◆ The management VLAN is for managing the access point through remote management tools, such as the web interface, SSH, SNMP, or Telnet. The access point only accepts management traffic that is tagged with the specified management VLAN ID. ◆ All wireless clients associated to the access point are assigned to a VLAN.
Chapter 3 | System Settings System Logs System Logs The access point can be configured to send event and error messages to a System Log Server. The system clock can also be synchronized with a time server, so that all the messages sent to the Syslog server are stamped with the correct time and date. Figure 15: System Log Settings The following items are displayed on this page: ◆ Syslog Status — Enables/disables the logging of error messages.
Chapter 3 | System Settings Quick Start Wizard ◆ Logging Level — Sets the minimum severity level for event logging. (Default: Debug) The system allows you to limit the messages that are logged by specifying a minimum severity level. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug). The message levels that are logged include the specified minimum level up to the Emergency level.
Chapter 3 | System Settings System Resource System Resource The System Resource page displays information on the AP’s current CPU and memory utilization. This page also allows you to set thresholds for the CPU and memory usage, where an SNMP trap can be sent as an alert. Figure 16: System Resource The following items are displayed on this page: ◆ CPU Rising Threshold — A high CPU utilization percentage above which a “CPU Busy” SNMP trap message is sent (only sent once).
Chapter 3 | System Settings Bridge STP Configuration ◆ Memory Status — Displays detailed information on the current memory utilization. Bridge STP Configuration The Bridge menu enables configuration of the Spanning Tree Protocol (STP) and the address table aging time. Spanning Tree The Spanning Tree Protocol (STP) can be used to detect and disable network loops, Protocol (STP) and to provide backup links between switches, bridges or routers.
Chapter 3 | System Settings Bridge STP Configuration Figure 17: Spanning Tree Protocol Bridge Sets STP bridge link parameters. The following items are displayed on the STP page: ◆ Spanning Tree Protcol — Enables/disables STP on the AP. (Default: Disabled) ◆ Priority — Used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STP root device.
Chapter 3 | System Settings Bridge STP Configuration to the network. (Default: 20 seconds; Range: 6-40 seconds) Minimum: The higher of 6 or [2 x (Hello Time + 1)]. Maximum: The lower of 40 or [2 x (Forward Delay - 1)] ◆ Hello Time — Interval (in seconds) at which the root device transmits a configuration message. (Default: 2 seconds; Range: 1-10 seconds) Minimum: 1 Maximum: The lower of 10 or [(Max.
Chapter 3 | System Settings Bridge STP Configuration ◆ Link Port Priority — Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the spanning tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops.
4 Management Settings This chapter describes management access settings on the access point. It includes the following sections: ◆ “Remote Management Settings” on page 49 ◆ “Access Limitation” on page 51 ◆ “Simple Network Management Protocol” on page 52 Remote Management Settings The Web, Telnet, and SNMP management interfaces are enabled and open to all IP addresses by default.
Chapter 4 | Management Settings Remote Management Settings ◆ The client and server generate session keys for encrypting and decrypting data. ◆ The client and server establish a secure encrypted connection. ◆ A padlock icon should appear in the status bar for Internet Explorer. Figure 19: Remote Management The following items are displayed on Admin Interface page: ◆ Telnet Access — Enables/disables management access from Telnet interfaces.
Chapter 4 | Management Settings Access Limitation ◆ HTTP Port — Specifies the HTTP port for IP connectivity. (Default: 80; Range 1024-65535) ◆ HTTPS Server — Enables/disables management access from a HTTPS server. (Default: enabled) ◆ HTTPS Port — Specifies the HTTPS port for secure IP connectivity. (Default: 443; Range 1024-65535) ◆ SNMP Access — Enables management access through SNMP. For more information on SNMP access, see “Simple Network Management Protocol” on page 52.
Chapter 4 | Management Settings Simple Network Management Protocol ◆ IP Address — Specifies the IP address. ◆ Subnet Mask — Specifies the subnet mask in the form 255.255.255.x Restrict Management ◆ Enable/Disable — Enables/disables management of the device by a wireless client. (Default: disabled) DHCP Filter ◆ Enable/Disable — Enables/disables the AP and wireless clients from obtaining an IP address from a DHCP server installed on wireless client.
Chapter 4 | Management Settings Simple Network Management Protocol strings to be configured for authentication. Trap notifications can be enabled and sent to up to four management stations. Figure 21: SNMP Basic Settings The following items are displayed on this page: ◆ SNMP — Enables or disables SNMP management access and also enables the access point to send SNMP traps (notifications). (Default: Disable) ◆ System Location — A text string that describes the system location.
Chapter 4 | Management Settings Simple Network Management Protocol SNMP Trap Settings Traps indicating status changes are issued by the AP to specified trap managers. You must specify trap managers so that key events are reported by the AP to your management station (using network management platforms). Figure 22: SNMP Trap Settings The following items are displayed on this page: ◆ Trap Destination — Specifies the recipient of SNMP notifications. Enter the IP address or the host name.
Chapter 4 | Management Settings Simple Network Management Protocol View Access Control To configure SNMPv3 management access to the AP, follow these steps: Model 1. Specify read and write access views for the AP MIB tree. 2. Configure SNMP user groups with the required security model (that is, SNMP v1, v2c, or v3) and security level (authentication and privacy). 3. Assign SNMP users to groups, along with their specific authentication and privacy passwords.
Chapter 4 | Management Settings Simple Network Management Protocol “1111 1111 1011 1111.” If applied to the subtree “1.3.6.1.2.1.2.2.1.1.23,” the zero corresponds to the 10th subtree ID. When there are more subtree IDs than bits in the mask, the mask is padded with ones. ◆ View List – Shows the currently configured object identifiers of branches within the MIB tree that define the SNMP view.
Chapter 4 | Management Settings Simple Network Management Protocol The following items are displayed on this page: ◆ User Name — The SNMPv3 user name. (32 characters maximum) ◆ Group — The SNMPv3 group name. ◆ Auth Type — The authentication type used for the SNMP user; either MD5 or none. When MD5 is selected, enter a password in the corresponding Passphrase field. ◆ Auth Passphrase — The authentication password or key associated with the authentication and privacy settings.
Chapter 4 | Management Settings Simple Network Management Protocol Figure 25: SNMPv3 Targets The following items are displayed on this page: ◆ Target ID — A user-defined name that identifies a receiver of notifications. (Maximum length: 32 characters) ◆ IP Address — Specifies the IP address of the receiving management station. ◆ UDP Port — The UDP port that is used on the receiving management station for notification messages.
Chapter 4 | Management Settings Simple Network Management Protocol The following items are displayed on this page: ◆ Filter ID — A user-defined name that identifies the filter. (Maximum length: 32 characters) ◆ Subtree — Specifies MIB subtree to be filtered. The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”. ◆ Type — Indicates if the filter is to “include” or “exclude” the MIB subtree objects from the filter.
5 Advanced Settings This chapter describes advanced settings on the access point. It includes the following sections: ◆ “Local Bridge Filter” on page 60 ◆ “Link Layer Discovery Protocol” on page 61 ◆ “Access Control Lists” on page 63 ◆ “Link Integrity” on page 66 Local Bridge Filter The access point can employ network traffic frame filtering to control access to network resources and increase security.
Chapter 5 | Advanced Settings Link Layer Discovery Protocol ◆ Prevent Intra VAP client communication — When enabled, clients associated with a specific VAP interface cannot establish wireless communications with each other. Clients can communicate with clients associated to other VAP interfaces.
Chapter 5 | Advanced Settings Link Layer Discovery Protocol The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner. TTL in seconds is based on the following rule: (Transmission Interval * Hold time) ≤ 65536. Therefore, the default TTL is 4*30 = 120 seconds. ◆ Message Transmission Interval (seconds) — Configures the periodic transmit interval for LLDP advertisements.
Chapter 5 | Advanced Settings Access Control Lists Access Control Lists Access Control Lists allow you to configure a list of wireless client MAC addresses that are not authorized to access the network. A database of MAC addresses can be configured locally on the access point. Source Address The ACL Source Address Settings page enables traffic filtering based on the source Settings MAC address in the data frame.
Chapter 5 | Advanced Settings Access Control Lists Destination Address The ACL Destination Address Settings page enables traffic filtering based on the Settings destination MAC address in the data frame. Figure 30: Destination ACLs The following items are displayed on this page: ◆ DA Status — Enables network traffic with specific destination MAC addresses to be filtered (dropped) from the access point.
Chapter 5 | Advanced Settings Access Control Lists Ethernet Type The Ethernet Type Filter controls checks on the Ethernet type of all incoming and outgoing Ethernet packets against the protocol filtering table. (Default: Disabled) Figure 31: Ethernet Type Filter The following items are displayed on this page: ◆ Disabled — Access point does not filter Ethernet protocol types. ◆ Enabled — Access point filters Ethernet protocol types based on the configuration of protocol types in the filter table.
Chapter 5 | Advanced Settings Link Integrity Link Integrity The AP provides a link integrity feature that can be used to ensure that wireless clients are connected to resources on the wired network. The AP does this by periodically sending Ping messages to a host device in the wired Ethernet network. If the AP detects that the connection to the host has failed, it can disable the radio interfaces, forcing clients to find and associate with another AP.
6 Wireless Settings This chapter describes wireless settings on the access point.
Chapter 6 | Wireless Settings Authentication Authentication Wireless clients can be authenticated for network access by checking their MAC address against the local database configured on the access point, or by using a database configured on a central RADIUS server. Alternatively, authentication can be implemented using the IEEE 802.1X network access control protocol. You can configure a list of the MAC addresses for wireless clients that are authorized to access the network.
Chapter 6 | Wireless Settings Authentication ◆ Local MAC — The MAC address of the associating station is compared against the local database stored on the access point. The Local MAC Authentication section enables the local database to be set up. ◆ System Default — Specifies a default action for all unknown MAC addresses (that is, those not listed in the local MAC database). ◆ ◆ ■ Deny: Blocks access for all MAC addresses except those listed in the local database as “Allow.
Chapter 6 | Wireless Settings Band Steering ◆ RADIUS MAC — The MAC address of the associating station is compared against the RADIUS server database. The RADIUS MAC Authentication section enables the RADIUS database to be set up. ◆ Session Timeout — The time period after which a connected client must be re-authenticated. During the re-authentication process of verifying the client’s credentials on the RADIUS server, the client remains connected the network.
Chapter 6 | Wireless Settings Radio Settings Radio Settings The IEEE 802.11n wireless interfaces include configuration options for radio signal characteristics and wireless security features. The AP can operate in several radio modes, mixed 802.11b/g/n (2.4 GHz), or mixed 802.11a/n (5 GHz). Note that the radios can operate at 2.4 GHz and 5 GHz at the same time. The web interface identifies the radio configuration pages as: ◆ Radio 0 — the 2.4 GHz 802.11b/g/n radio interface ◆ Radio 1 — the 5 GHz 802.
Chapter 6 | Wireless Settings Radio Settings The following items are displayed on this page: ◆ High Throughput Mode — The access point provides a channel bandwidth of 20 MHz by default giving an 802.11g connection speed of 54 Mbps and a 802.11n connection speed of up to 108 Mbps, and ensures backward compliance for slower 802.11b devices. Setting the HT Channel Bandwidth to 40 MHz increases connection speed for 802.11n up to 300 Mbps.
Chapter 6 | Wireless Settings Radio Settings ◆ Maximum Association Clients — The total maximum number of clients that may associate with the radio. (Range: 1-127; Default: 127) ◆ Radio Mode — Defines the radio operation mode. ■ Radio 0 (2.4 GHz Radio) — Default: 11n (g compatible); Options: 11n (b&g compatible), 11n (g compatible). ■ Radio 1 (5 GHz Radio) — Default: 11n; Options: 11n (a compatible), 11n. Note: Enabling the AP to communicate with 802.11b/g clients in both 802.11b/g/n Mixed and 802.
Chapter 6 | Wireless Settings Radio Settings the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled. The access points contending for the medium may not be aware of each other. The RTS/CTS mechanism can solve this “Hidden Node Problem.” (Range: 1-2346 bytes: Default: 2346 bytes) ◆ Short Guard Interval — The 802.11n draft specifies two guard intervals: 400ns (short) and 800ns (long).
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ Long Distance Setting — When you have long-distance links in the wireless network, some timing parameters require an adjustment to maintain communications. Enter the approximate distance (in meters) of the client from the AP. Click on the “Show Reference Data” button to compute a set of recommended values for SlotTime, ACKTimeOut and CTSTimeOut. You can use the recommended values or enter your own values that work for your specific environment.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Figure 37: VAP Settings The following items are displayed on this page: ◆ VAP Number — The number associated with the VAP, 0-15. ◆ SSID — The name of the basic service set provided by a VAP interface. Clients that want to connect to the network through the access point must set their SSID to the same as that of an access point VAP interface. (Default: EAP9112A_11BGN_# (0 to 15) for 2.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Each VAP can operate in one of three modes; normal AP mode, WDS-AP bridge AP mode, or WDS-STA bridge station mode. The default mode is AP for the VAP to support normal access point services. Note: For more information and examples for setting up WDS networks, see “WDS Setup Examples” on page 45. Note that the Basic Settings are the same for both AP and WDS-AP modes.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) When the association pool for the VAP is full and the AP receives an association request from a high-priority (11n) client, the AP sends a disassociation to a lower priority client (11a/g or 11b) in order to be able to associate the highpriority client. If there are no lower-priority clients to disassociate, the AP will reject the association request.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ WDS-AP (Parent) SSID — The SSID of the VAP on the connecting access point that is set to WDS-AP mode. ◆ WDS-AP (Parent) MAC — The MAC address of the VAP on the connecting access point that is set to WDS-AP mode. Wireless Security Describes the wireless security settings for each VAP, including association mode, Settings encryption, and authentication.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) on the access point and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the enterprise, providing a robust and manageable alternative for small networks. ◆ ■ WPA2: WPA was introduced as an interim solution for the vulnerability of WEP pending the ratification of the IEEE 802.11i wireless security standard. In effect, the WPA security features are a subset of the 802.11i standard.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Wired Equivalent WEP provides a basic level of security, preventing unauthorized access to the Privacy (WEP) network, and encrypting data transmitted between wireless clients and the VAP. WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings) that are manually distributed to all clients that want to use the network. WEP is the security protocol initially specified in the IEEE 802.11 standard for wireless communications.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ Key Type – Select the preferred method of entering WEP encryption keys for the VAP, either hexadecimal digits (Hex) or alphanumeric characters (ASCII). ◆ Key Length – Select 64 Bit or 128 Bit key length. Note that the same size of encryption key must be supported on all wireless clients. (Default: 64 bit) ◆ Key – Enter up to four WEP encryption keys for the VAP.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ VAP to 802.1p Setting — You can modify the VLAN priority tags of traffic on the VAP interface with a specified priority value. Requires the default VLAN ID for the VAP to be any other value than 1. Note: The VAP-to-802.1p priority QoS feature cannot be enabled together with the 802.1d-to-802.1p or 802.1d-to-DSCP features. ◆ 802.1d to 802.1p Setting — Enables the mapping of traffic priority from WMM 802.1d priorities to 802.
Chapter 6 | Wireless Settings Rogue AP Detection ◆ QoS Template Name — A descriptive name that identifies the mappng template. All eight templates have a default name that can be edited by the user (maximum 32 characters). ◆ Vap/802.1d (Default User Priority) — The WMM 802.1d priority value in a tagged packet. ◆ 802.1p/DSCP (Retagged User Priority) — The 802.1p or IP DSCP priority value that replaces the WMM 802.1d value in tagged packets.
Chapter 6 | Wireless Settings Rogue AP Detection where any rogue APs can be identified. Rogue access points can be identified by unknown BSSID (MAC address). Figure 45: Rogue AP Detection The following items are displayed on this page: ◆ AP Scan Setting — Enables the periodic scanning for other nearby access points. (Default: Disable) ◆ Scan Interval — Sets the time between each rogue AP scan.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) ◆ Friendly AP MAC Table — Displays the MAC addresses of known APs in the network. ◆ Rogue AP Scan Result — Displays information of unknown APs detected within the range of the AP running the scan. ◆ Friendly Active AP Scan Result — Displays information of known APs detected within the range of the AP running the scan. ◆ Start Instant Scan — Starts an immediate rogue AP scan on the radio interface.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) Table 2: WMM Access Categories Access Category WMM Designation Description 802.1D Tags AC_VO (AC3) Voice Highest priority, minimum delay. Time-sensitive data such as VoIP (Voice over IP) calls. 7, 6 AC_VI (AC2) Video High priority, minimum delay. Time-sensitive data such as streaming video. 5, 4 AC_BE (AC0) Best Effort Normal priority, medium delay and throughput. Data only affected by long delays.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) Figure 46: WMM Backoff Wait Times Time CWMin High Priority CWMax AIFS Random Backoff Minimum Wait Time Random Wait Time CWMin Low Priority CWMax AIFS Random Backoff Minimum Wait Time Random Wait Time For high-priority traffic, the AIFSN and CW values are smaller. The smaller values equate to less backoff and wait time, and therefore more transmit opportunities.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) The following items are displayed on this page: ◆ ◆ WMM — Sets the WMM operational mode on the access point. When enabled, the parameters for each AC queue will be employed on the access point and QoS capabilities are advertised to WMM-enabled clients. (Default: Disabled) ■ Disable: WMM is disabled. ■ Enable: WMM must be supported on any device trying to associated with the access point.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) ■ ◆ Admission Control: The admission control mode for the access category. When enabled, clients are blocked from using the access category. (Default: Disabled) Set WMM — Applies the new parameters and saves them to RAM memory. Also prompts a screen to inform you when it has taken affect. Click “OK” to return to the home page. Changes will not be saved upon a reboot unless the running configuration file is saved.
7 Maintenance Settings Maintenance settings includes the following sections: ◆ “Upgrading Firmware” on page 91 ◆ “Running Configuration” on page 93 ◆ “Resetting the Access Point” on page 94 ◆ “Scheduled Reboot” on page 95 Upgrading Firmware You can upgrade new access point software from a local file on the management workstation, or from an FTP or TFTP server. New software may be provided periodically from your distributor.
Chapter 7 | Maintenance Settings Upgrading Firmware Figure 48: Firmware The following items are displayed on this page: ◆ Firmware Version — Displays the software image version that is being used as the runtime image. The “Active” image is the current running software, and the “Backup” image is the second software file installed on the AP, but not running. ◆ Next Boot Image — Specifies what version of software will be used as a runtime image upon bootup.
Chapter 7 | Maintenance Settings Running Configuration ◆ ■ New Firmware File: Specifies the name of the code file on the server. The new firmware file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) ■ IP Address: IP address or host name of FTP or TFTP server.
Chapter 7 | Maintenance Settings Resetting the Access Point The following items are displayed on this page: ◆ File Backup/Restore — Downloads an operation code image file from a specified remote FTP or TFTP server. After filling in the following fields, click Start Export/Import to proceed. ◆ Export/Import — Select Export to upload a file to an FTP/TFTP server. Select Import to download a file from an FTP/TFTP server. ◆ Config file — Specifies the name of the configuration file.
Chapter 7 | Maintenance Settings Scheduled Reboot Figure 50: Resetting the Access Point The following items are displayed on this page: ◆ Save Runtime config before Reboot — Checking this option saves the current running configuration to the startup file. ◆ Reboot — Click the “Reboot” button to reset the configuration settings for the AP and reboot the system. Note that all unsaved user configured information will be lost.
Chapter 7 | Maintenance Settings Scheduled Reboot ◆ Status — Selects a fixed time interval or a countdown time, or disables the feature. ◆ Interval — Specifies the interval in days. (Range: 1~7 days) ◆ Schedule Time — Specifies a time in hours and minutes. (Range: 0~23 hours, 0~59 minutes) Figure 52: Reboot Schedule — Countdown Time The following items are displayed on this page: ◆ Status — Selects a fixed time interval or a countdown time, or disables the feature.
8 Status Information The Information menu displays information on the current system configuration, the wireless interface, the station status and system logs.
Chapter 8 | Status Information AP Status AP Status The AP Status window displays basic system configuration settings, as well as the settings for the wireless interfaces. AP System The AP System Configuration table displays the basic system configuration settings Configuration Figure 53: AP System Configuration The following items are displayed on this page: ◆ Serial Number — The serial number of the physical access point. ◆ System Up Time — Length of time the management agent has been up.
Chapter 8 | Status Information AP Status ◆ System Name — Name assigned to this system. ◆ System Contact — Administrator responsible for the system. ◆ IP Address — IP address of the management interface for this device. ◆ IP Default Gateway — IP address of the gateway router between this device and management stations that exist on other network segments. ◆ HTTP Server Status — Shows if management access via HTTP is enabled. ◆ HTTP Port — Shows the TCP port used by the HTTP interface.
Chapter 8 | Status Information AP Status AP Wireless The AP Wireless Configuration displays the VAP interface settings for the 2.4 GHz Configuration and 5 GHz radios. Figure 54: AP Wireless Configuration The following items are displayed on this page for the 2.4 GHz and 5 GHz radio interfaces: ◆ VAP — Displays the VAP number. ◆ SSID — The service set identifier for the VAP interface. ◆ Status — Displays the interface mode setting, either “ap”, “wds-ap”, or “wds-sta”.
Chapter 8 | Status Information Station Status Station Status The Station Status window shows the wireless clients currently associated with the 2.4 GHz and 5 GHz radio interfaces. Figure 55: Station Status The following items are displayed on this page: ◆ Total Station Number of this device — The total number of clients associated to the AP. ◆ Total Station Number of Radio 0 — The total number of clients associated to the 2.4 GHz radio.
Chapter 8 | Status Information Station Statistics Station Statistics The Station Statistics window shows the statistic information for wireless clients currently associated with the 2.4 GHz and 5 GHz radio interfaces. Figure 56: Station Statistics The following items are displayed on this page: ◆ Station Address — The MAC address of the wireless client. ◆ TxPkts — The number of transmitted packets from this client. ◆ TxBytes — The number of transmitted bytes from this client.
Chapter 8 | Status Information Event Logs Event Logs The Event Logs window shows the log messages generated by the access point and stored in memory. Figure 57: Event Logs The following items are displayed on this page: ◆ Display Event Log — Selects the log entries to display. Up to 20 log messages can be displayed at one time. Each log entry includes the time the log message was generated, the logging level associated with the message, and the text of the log message.
Chapter 8 | Status Information WDS Status WDS Status The WDS Status window shows the WDS information for the 2.4 GHz and 5 GHz radio interfaces. Figure 58: WDS Status The following items are displayed on this page: ◆ Auto Refresh Setting — Enables the automatic refresh of WDS status information. When enabled, you can also set the time interval between each status refresh. ◆ WDS-STA Status — The status of other APs in WDS-STA mode connected to the AP interfaces.
Chapter 8 | Status Information WDS Status ◆ ■ RxRate (Mbps) — The data receive rate from the AP client. ■ IP — The IP address assigned to the AP client. ■ Privacy — The data encryption method used by the AP client. ■ Authentication — The authentication method used by the AP client. WDS-AP Status — The status of other APs in WDS-AP mode connected to AP interfaces. ■ Station Address — The MAC address of the WDS-enabled AP.
Chapter 8 | Status Information WDS Status – 106 –
Section III Command Line Interface This section provides a detailed description of the Command Line Interface, along with examples for all of the commands.
Section III | Command Line Interface ◆ “Wireless Security Commands” on page 234 ◆ “Rogue AP Detection Commands” on page 243 ◆ “Link Integrity Commands” on page 249 ◆ “Link Layer Discovery Commands” on page 252 ◆ “VLAN Commands” on page 256 ◆ “WMM Commands” on page 260 ◆ “QoS Commands” on page 265 – 108 –
9 Using the Command Line Interface When accessing the management interface for the over a direct connection to the console port, or via a Telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. Using the access point’s command-line interface (CLI) is very similar to entering commands on a UNIX system. Console Connection To access the AP through the console port, first set up a console connection to the AP.
Chapter 9 | Using the Command Line Interface Telnet Connection Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. If the access point does not acquire an IP address from a DHCP server, the default IP address used by the access point for management is 192.168.1.10.
Chapter 9 | Using the Command Line Interface Entering Commands Entering Commands This section describes how to enter CLI commands. Keywords and A CLI command is a series of keywords and arguments. Keywords identify a Arguments command, and arguments specify configuration parameters. For example, in the command “show interfaces ethernet,” show and interfaces are keywords, and ethernet is an argument that specifies the interface type.
Chapter 9 | Using the Command Line Interface Entering Commands interface line lldp logging long-distance radius rogue-ap snmp sntp station system version wds AP: show Show interface information. TTY line information. Show lldp parameters. Show the logging buffers. Show the outdoor parameter information. Show radius server. Show Rogue AP information. Show snmp configuration. Show sntp configuration. Show 802.11 station table. Show system information. Show system version. Show WDS service.
Chapter 9 | Using the Command Line Interface Entering Commands current mode. The command classes and associated modes are displayed in the following table: Table 3: Command Modes Class Mode Exec Privileged Configuration Global Interface-ethernet Interface-wireless Interface-wireless-vap Exec Commands When you open a new console session on an access point, the system enters Exec command mode. Only a limited number of the commands are available in this mode.
Chapter 9 | Using the Command Line Interface Entering Commands AP#configure AP(config)# To enter Interface mode, you must enter the “interface ethernet” while in Global Configuration mode. The system prompt will change to “AP(if-ethernet)#,” or “AP(if-wireless 0)” indicating that you have access privileges to the associated commands. You can use the exit command to return to the Exec mode. AP(config)#interface ethernet AP(if-ethernet)# Command Line Commands are not case sensitive.
10 General Commands This chapter details general commands that apply to the CLI.
Chapter 10 | General Commands end This command returns to the previous configuration mode. Default Setting None Command Mode Global Configuration, Interface Configuration Example This example shows how to return to the Configuration mode from the Interface Configuration mode: AP(if-ethernet)#end AP(config)# exit This command returns to the Exec mode or exits the configuration program.
Chapter 10 | General Commands Command Mode Exec Example The following example disables the CLI timeout. AP(config)# cli-session-timeout disable AP(config)# ping This command sends ICMP echo request packets to another node on the network. Syntax ping host_name - Alias of the host. ip_address - IP address of the host. Default Setting None Command Mode Exec Command Usage ◆ Use the ping command to see if another site on the network can be reached.
Chapter 10 | General Commands reset This command restarts the system or restores the factory default settings. Syntax reset board - Reboots the system. configuration - Resets the configuration settings to the factory defaults, and then reboots the system. configuration-keep-ip - Resets the configuration settings to the factory defaults except for the IP address, and then reboots the system.
11 System Management Commands These commands are used to configure the password, system logs, browser management options, clock settings, and a variety of other system information.
Chapter 11 | System Management Commands Table 5: System Management Commands (Continued) Command Function Mode Page show version Displays version information for the system Exec 132 show config Displays detailed configuration information for the system Exec 132 country This command configures the access point’s country code, which identifies the country of operation and sets the authorized radio channels.
Chapter 11 | System Management Commands Table 6: Country Codes (Continued) Country Code Country Code Country Code Country Code China CN Israel IL Panama PA Uruguay UY Colombia CO Italy IT Peru PE Uzbekistan UZ Costa Rica CR Japan JP Philippines PH Yemen YE Croatia HR Jordan JO Poland PL Venezuela VE Cyprus CY Kazakhstan KZ Portugal PT Vietnam VN Czech Republic CZ North Korea KP Puerto Rico PR Zimbabwe ZW Denmark DK Korea Republic KR Slovenia SI
Chapter 11 | System Management Commands Default Setting SMC Command Mode Global Configuration Example AP(config)#prompt RD2 RD2(config)# system name This command specifies or modifies the system name for this device. Syntax system name name - The name of this host.
Chapter 11 | System Management Commands memory-falling - The memory utilization falling threshold in Kbytes. (Range: 0 to less than the memory rising threshold) interval - The utilization check interval in seconds.
Chapter 11 | System Management Commands Default Setting None. There are no admin or guest passwords. Command Mode Global Configuration Example AP(config)#password admin null tpschris AP(config)# reboot-schedule This command restarts the system after a scheduled time. Syntax reboot-schedule {fixed-time | countdown | disable} fixed-time - Reboots after a specified time in days, hours, and minutes. countdown - Reboots after a specified coundown time in minutes.
Chapter 11 | System Management Commands Default Setting Enabled Command Mode Global Configuration Command Usage ◆ The access point supports Secure Shell version 2.0 only. ◆ After boot up, the SSH server needs about two minutes to generate host encryption keys. The SSH server is disabled while the keys are being generated. The show system command displays the status of the SSH server. Example AP(config)# apmgmtui ssh enable AP(config)# apmgmtui ssh port This command sets the Secure Shell server port.
Chapter 11 | System Management Commands Default Setting Interface enabled Command Mode Global Configuration Example AP(config)# apmgmtui telnet-server enable AP(config)# apmgmtui http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. Syntax apmgmtui http port no apmgmtui http port port-number - The TCP port to be used by the browser interface.
Chapter 11 | System Management Commands Command Mode Global Configuration Example AP(config)# apmgmtui http server AP(config)# Related Commands apmgmtui http port apmgmtui http This command sets the web browser timeout limit. session-timeout Syntax apmgmtui http session-timeout seconds - The web session timeout.
Chapter 11 | System Management Commands Command Mode Global Configuration Command Usage ◆ You cannot configure the HTTP and HTTPS servers to use the same port. ◆ To avoid using common reserved TCP port numbers below 1024, the configurable range is restricted to 443 and between 1024 and 65535.
Chapter 11 | System Management Commands ■ The client and server establish a secure encrypted connection. A padlock icon should appear in the status bar for Internet Explorer. Example AP(config)# apmgmtui https server AP(config)# apmgmtui snmp This command enables and disables SNMP management access to the AP. Syntax apmgmtui snmp [enable | disable] enable - Enables SNMP management access. disable - Disables SNMP management access.
Chapter 11 | System Management Commands subnet-mask - Specifies a range of IP addresses allowed management access. Default Setting All addresses Command Mode Global Configuration Command Usage If anyone tries to access a management interface on the access point from an invalid address, the unit will reject the connection, enter an event message in the system log, and send a trap message to the trap manager. ◆ ◆ Management access applies to SNMP, HTTP (web), Telnet, and SSH connections.
Chapter 11 | System Management Commands Example AP#show system System Information ============================================================== Serial Number : AC25123456 System Up time : 1 min System Name : WAP5110 System Location : where? System Contact : who? System Country Code : TW - Taiwan MAC Address : 70:72:CF:00:11:70 Radio 0 MAC Address : 70:72:CF:00:11:70 Radio 1 MAC Address : 70:72:CF:00:11:80 IP Address : 192.168.2.10 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.2.
Chapter 11 | System Management Commands iowait (%) 0.00 idle (%) 92.08 =============== Memory ====================================== free (kb) 95820 used (kb) 17256 used (%) 15.26 cached (kb) 4900 ============================================================= AP# show version This command displays the software version for the system. Command Mode Exec Example AP#show version Boot Rom Version Software Version Hardware Version AP# : U-Boot 1.1.4 r1.4 : 0.3.3.
Chapter 11 | System Management Commands HTTP Access HTTP Port HTTP Timeout HTTPs Access HTTPs Port SSH Access SSH Port Telnet Access Telnet Port Slot Status Boot Rom Version Software Version Hardware Version Part Number Production Date User Name Reboot scheduling : : : : : : : : : : : : : : : : : Enable 80 1800 Enable 443 Enable 22 Enable 23 Dual band(a/g) U-Boot 1.1.4 r1.4 0.3.3.
Chapter 11 | System Management Commands There is no group. ================================== User List: ================================== There is no SNMPv3 User. ================================== Target List: ================================== There is no SNMP target. ================================== Filter List: ================================== There is no notification filter.
Chapter 11 | System Management Commands Destination Filter :DISABLED Destination MAC : ========================================== Console Line Information =========================================================== databits : 8 parity : none speed : 115200 stop bits : 1 =========================================================== Ethernet Interface Information ======================================== IP Address : 192.168.2.10 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.2.
Chapter 11 | System Management Commands WPA PSK Key Type : ascii WPA PSK Key : ******** Default Transmit Key : 1 Static WEP Keys Key 1 : ***** Key 2 : ***** Key 3 : ***** Key 4 : ***** Pre-Authentication : DISABLE ----------------------------------802.1x----------------------------------802.1x : DISABLE 802.
Chapter 11 | System Management Commands Maximum Association Client Per Radio : 127 Clients -----------------------------802.
Chapter 11 | System Management Commands AC0(BE) AC1(BK) AC2(VI) AC3(VO) CwMin: CwMin: CwMin: CwMin: 4 4 3 2 CwMax: CwMax: CwMax: CwMax: 10 10 4 3 AIFSN: AIFSN: AIFSN: AIFSN: 3 7 2 2 TXOP TXOP TXOP TXOP Limit: 0 Limit: 0 Limit:3008 Limit:1504 ACM:Disabled ACM:Disabled ACM:Disabled ACM:Disabled LLDP Information =================================================================== Status :Disabled Message Transmission Hold Time :4 Message Transmission Interval (seconds) :30 Reinitial Delay Time (secon
12 System Logging Commands These commands are used to configure system logging on the access point.
Chapter 12 | System Logging Commands logging host This command specifies syslog servers host that will receive logging messages. Use the no form to remove syslog server host. Syntax logging host <1 | 2 | 3 | 4> [udp_port] no logging host <1 | 2 | 3 | 4> 1 - First syslog server. 2 - Second syslog server. 3 - Third syslog server. 4 - Fourth syslog server. host_name - The name of a syslog server. (Range: 1-20 characters) host_ip_address - The IP address of a syslog server.
Chapter 12 | System Logging Commands logging level This command sets the minimum severity level for event logging. Syntax logging level Default Setting Informational Command Mode Global Configuration Command Usage Messages sent include the selected level down to Emergency level. Table 8: Logging Levels Level Argument Description Emergency System unusable Alert Immediate action needed Critical Critical conditions (e.g.
Chapter 12 | System Logging Commands Example AP(config)#logging clear AP(config)# show logging This command displays the logging configuration. Syntax show logging Command Mode Exec Example AP#show logging Logging Information ===================================================== Syslog State : ENABLE Logging Console State : DISABLE Logging Level : Debug Servers 1: 10.7.16.98, UDP Port: 514, State: DISABLE 2: 10.7.13.48, UDP Port: 514, State: DISABLE 3: 10.7.123.123, UDP Port: 65535, State: DISABLE 4: 10.
Chapter 12 | System Logging Commands AP# – 143 –
13 System Clock Commands These commands are used to configure SNTP and system clock settings on the access point.
Chapter 13 | System Clock Commands Example AP(config)#sntp-server ip 1 10.1.0.19 AP# Related Commands sntp-server enabled show sntp sntp-server enabled This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests.
Chapter 13 | System Clock Commands hour - Sets the hour. (Range: 0-23) minute - Sets the minute. (Range: 0-59) Default Setting 00:14:00, January 1, 1970 Command Mode Global Configuration Example This example sets the system clock to 12:10 April 27, 2009. AP(config)# sntp-server date-time 2009 4 27 12 10 AP(config)# Related Commands sntp-server enabled sntp-server daylight- This command sets the start and end dates for daylight savings time. Use the no saving form to disable daylight savings time.
Chapter 13 | System Clock Commands ◆ Using the command without setting the start and end date enables the daylight-saving feature. Example This sets daylight savings time to be used from the Sunday in the fourth week of April, to the Sunday in the fourth week of October. AP(config)# sntp-server daylight-saving date-week 4 4 0 10 4 0 AP(config)# sntp-server timezone This command sets the time zone for the access point’s internal clock.
Chapter 13 | System Clock Commands SNTP Information =========================================================== Service State : ENABLED SNTP (server 1) IP : 129.6.15.28 SNTP (server 2) IP : 132.163.4.
14 DHCP Relay Commands Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients that broadcast a request. To receive the broadcast request, the DHCP server would normally have to be on the same subnet as the client. However, when the access point’s DHCP relay agent is enabled, received client requests can be forwarded directly by the access point to a known DHCP server on another subnet.
Chapter 14 | DHCP Relay Commands Related Commands show interface wireless – 150 –
15 SNMP Commands Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages.
Chapter 15 | SNMP Commands snmp-server This command defines the community access string for the Simple Network community Management Protocol. Use the no form to remove the specified community string. Syntax snmp-server community string [ro | rw] no snmp-server community string string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 23 characters, case sensitive) ro - Specifies read-only access.
Chapter 15 | SNMP Commands Command Mode Global Configuration Example AP(config)#snmp-server contact Paul AP(config)# Related Commands snmp-server location snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location no snmp-server location text - String that describes the system location.
Chapter 15 | SNMP Commands Command Mode Global Configuration Command Usage ◆ This command enables both authentication failure notifications and link-updown notifications. ◆ The snmp-server host command specifies the host device that will receive SNMP notifications. Example AP(config)#snmp-server enable server AP(config)# Related Commands snmp-server host snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host.
Chapter 15 | SNMP Commands Example AP(config)#snmp-server host 1 10.1.19.23 batman AP(config)# Related Commands snmp-server enable server snmp-server trap This command enables the access point to send specific SNMP traps (i.e., notifications). Use the no form to disable specific trap messages. Syntax snmp-server trap no snmp-server trap trap - One of the following SNMP trap messages: sysSystemDown - The access point is about to shutdown and reboot.
Chapter 15 | SNMP Commands include - Defines a filter type that includes objects in the MIB subtree. exclude - Defines a filter type that excludes objects in the MIB subtree. subtree - The part of the MIB subtree that is to be filtered. mask - An optional hexadecimal value bit mask to define objects in the MIB subtree. Default Setting None Command Mode Global Configuration Command Usage The access point allows multiple notification filters to be created.
Chapter 15 | SNMP Commands level - The SNMPv3 security level of the group. One of the following: NoAuthNoPriv - A group using no authentication and no data encryption. Users in this group use no security, either authentication or encryption, in SNMP messages they send to the agent. AuthNoPriv - A group using authentication, but no data encryption. Users in this group send SNMP messages that use an MD5 key/ password for authentication, but not a DES key/password for encryption.
Chapter 15 | SNMP Commands username - Name of the user connecting to the SNMP agent. (Range: 1-32 characters) groupname - Name of an SNMP group to which the user is assigned. (Range: 1-32 characters) none | md5 - Uses no authentication or MD5 authentication. auth-passphrase - Authentication password. Enter a minimum of eight characters for the user. (8 – 32 characters) none | des - Uses SNMPv3 with no privacy, or with DES56 encryption. priv-passphrase - Privacy password.
Chapter 15 | SNMP Commands port-number - The UDP port that is used on the receiving management station for notifications. notification-filter-id - The name if a defined notification filter. Default Setting None Command Mode Global Configuration Command Usage ◆ The access point supports multiple SNMP v3 target IDs. ◆ The SNMP v3 user name that is specified in the target must first be configured using the snmp-server user command. Example AP(config)#snmp-server target tarname 192.168.1.
Chapter 15 | SNMP Commands ◆ Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects. Note that the filter entries are applied in the sequence that they are defined. ◆ The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”. Example AP(config)#snmp-server filter trapfilter include .1 AP(config)#snmp-server filter trapfilter exclude .1.3.6.1.2.1.2.2.1.1.
Chapter 15 | SNMP Commands Example AP# show snmp target Target List: ================================== Target ID : christraps IP Address : 192.168.1.33 User Name : chris UDP Port : 4321 Filter ID : Not Defined ================================== AP# show snmp filter This command displays the SNMP v3 notification filter settings. Syntax show snmp filter [filter-id] filter-id - A user-defined name that identifies an SNMP v3 notification filter.
Chapter 15 | SNMP Commands Example AP# show snmp SNMP Information ============================================== Service State : Enable Community (ro) : ******* Community (rw) : ******** Location : where? Contact : who? ============================================== Trap Destination List: ============================================== Trap Destination: 192.168.1.
Chapter 15 | SNMP Commands show snmp vacm This command displays the configured SNMP v3 groups. group Syntax show snmp vacm group [group-name] group-name - The name of a user-defined SNMPv3 group.
16 Flash/File Commands These commands are used to manage the system code or configuration files. Table 12: Flash/File Commands Command Function Mode Page dual-image Specifies the file or image used to start up the system GC 164 copy Copies a code image or configuration between flash memory and a FTP/TFTP server Exec 165 show dual-image Displays the name of the current operation code file that booted the system Exec 166 dual-image This command specifies the image used to start up the system.
Chapter 16 | Flash/File Commands Example AP# dual-image boot-image A Change image to A AP# copy This command copies a boot file, code image, or configuration file between the access point’s flash memory and a FTP/TFTP server. When you save the configuration settings to a file on a FTP/TFTP server, that file can later be downloaded to the access point to restore system operation. The success of the file transfer depends on the accessibility of the FTP/TFTP server and the quality of the network connection.
Chapter 16 | Flash/File Commands ◆ The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) ◆ Due to the size limit of the flash memory, the access point supports only two operation code files.
17 RADIUS Client Commands Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access for RADIUS-aware devices to the network. An authentication server contains a database of credentials, such as users names and passwords, for each wireless client that requires access to the access point. Table 13: RADIUS Client Commands Command Function Mode Page radius-server enable Enables the RADIUS server.
Chapter 17 | RADIUS Client Commands Command Mode Global Configuration Example AP(config)# radius-server primary enable This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server address This command specifies the primary and secondary RADIUS server address. Syntax radius-server {primary | secondary} address
address - IP address of server. Default Setting 10.7.16.Chapter 17 | RADIUS Client Commands Example AP(config)# radius-server primary port 1810 This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server key This command sets the RADIUS encryption key. Syntax radius-server {primary | secondary] key key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
Chapter 17 | RADIUS Client Commands Command Usage When the RADIUS Accounting server UDP address is specified, a RADIUS accounting session is automatically started for each user that is successfully authenticated to the access point. Example AP(config)# radius-server accounting address 192.168.1.19 This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command sets the RADIUS Accounting port.
Chapter 17 | RADIUS Client Commands Default Setting DEFAULT Command Mode Global Configuration Example AP(config)# radius-server accounting key green This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command sets the interval between transmitting accounting updates to the accounting RADIUS server.
Chapter 17 | RADIUS Client Commands Command Mode Global Configuration Example AP(config)# make-radius-effective It will take several minutes ! Please wait a while... AP(config)# show radius This command displays the current settings for the RADIUS server. Default Setting None Command Mode Exec Example AP#show radius Radius Accounting Information ============================================== IP : 10.7.16.
18 802.1X Authentication Commands The access point supports IEEE 802.1X access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. Client authentication is then verified by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to the network. The 802.
Chapter 18 | 802.1X Authentication Commands Example AP(if-wireless 0: VAP[0])# 802.1x enable This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# Related Commands show interface wireless 802.1x This command sets the time period after which a connected client must be rereauthentication-time authenticated. Syntax 802.1x reauthentication-time seconds - The number of seconds.
19 MAC Address Authentication Commands Use these commands to define MAC authentication on the access point. For local MAC authentication, first define the default filtering policy, then enter the MAC addresses to be filtered, indicating if they are allowed or denied. For RADIUS MAC authentication, the MAC addresses and filtering policy must be configured on the RADIUS server.
Chapter 19 | MAC Address Authentication Commands Example AP(config)#mac-authentication server remote AP(config)# Related Commands mac-authentication server local address entry radius-server address mac-authentication This command sets local filtering to allow or deny listed MAC addresses. server local address default Syntax mac-authentication server local address default allowed - Only MAC addresses entered as “denied” in the address filtering table are denied.
Chapter 19 | MAC Address Authentication Commands Default None Command Mode Global Configuration Command Mode ◆ The access point supports up to 1024 MAC addresses. ◆ An entry in the address table may be allowed or denied access depending on the global setting configured for the mac-authentication server local address default command.
Chapter 19 | MAC Address Authentication Commands mac-authentication This command sets the interval at which associated clients will be re-authenticated session-timeout with the RADIUS server authentication database. Use the no form to disable reauthentication. Syntax mac-authentication session-timeout no mac-authentication session-timeout seconds - Re-authentication interval.
20 Filtering Commands The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types.
Chapter 20 | Filtering Commands Command Mode Global Configuration Command Usage This command can disable wireless-to-wireless communications between clients via the access point. However, it does not affect communications between wireless clients and the wired network. Example AP(config)#filter local-bridge all-vap AP(config)# filter restrict- This command prevents wireless clients from accessing the management interface management on the access point. Use the no form to disable this filtering.
Chapter 20 | Filtering Commands Example AP(config)#filter dhcp enable AP(config)# filter acl-source- This command configures ACL filtering based on source MAC addresses in data address frames. Syntax filter acl-source-address {enable | disable | add | delete } enable - Key word that enables ACL filtering on the access point. disable - Key word that disables ACL filtering on the access point. add - Key word that adds a MAC address to the filter table.
Chapter 20 | Filtering Commands delete - Key word that removes a MAC address from the filter table mac-address - Specifies a MAC address in the form xx-xx-xx-xx-xx-xx. Default Disabled Command Mode Global Configuration Example AP(config)#filter acl-destination-address add 00-12-34-56-78-9a AP(config)#filter acl-destination-address enable AP(config)# filter ethernet-type This command checks the Ethernet type on all incoming and outgoing Ethernet enabled packets against the protocol filtering table.
Chapter 20 | Filtering Commands protocol - An Ethernet protocol type.
Chapter 20 | Filtering Commands – 184 –
21 Spanning Tree Commands The commands described in this section are used to set the MAC address table aging time and spanning tree parameters for both the Ethernet and wireless interfaces.
Chapter 21 | Spanning Tree Commands bridge stp service This command enables the Spanning Tree Protocol. Use the no form to disable the Spanning Tree Protocol. Syntax [no] bridge stp service Default Setting Enabled Command Mode Global Configuration Example This example globally enables the Spanning Tree Protocol. AP(config)bridge stp service AP(config) bridge stp br-conf Use this command to configure the spanning tree bridge forward time globally for forwarding-delay the wireless bridge.
Chapter 21 | Spanning Tree Commands bridge stp br-conf Use this command to configure the spanning tree bridge hello time globally for the hello-time wireless bridge. Syntax bridge stp br-conf hello-time
Chapter 21 | Spanning Tree Commands root port, a new root port is selected from among the device ports attached to the network. Example AP(config)#bridge stp max-age 40 AP(config)# bridge stp br-conf Use this command to configure the spanning tree priority globally for the wireless priority bridge. Syntax bridge stp br-conf priority priority - Priority of the bridge.
Chapter 21 | Spanning Tree Commands Command Usage Use this command to enter STP interface configuration mode. In this mode STP settings for specific VAP interfaces can be configured. Example AP(config)# bridge stp port-conf interface wireless 0 Enter Wireless configuration commands, one per line. AP(stp-if-wireless 0)# bridge-link path-cost Use this command to configure the spanning tree path cost for the Ethernet port. Syntax bridge-link path-cost cost - The path cost for the port.
Chapter 21 | Spanning Tree Commands Command Mode Interface Configuration (Ethernet) Command Usage ◆ This command defines the priority for the use of a port in the Spanning Tree Protocol. If the path cost for all ports on a wireless bridge are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. ◆ Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled.
Chapter 21 | Spanning Tree Commands Command Usage ◆ This command is used by the Spanning Tree Protocol to determine the best path between devices. Therefore, lower values should be assigned to interfaces with faster media, and higher values assigned to interfaces with slower media. ◆ Path cost takes precedence over port priority. Example AP(stp-if-wireless 0: VAP[0])# path-cost 512 AP(stp-if-wireless 0: VAP[0])# port-priority (STP This command sets the spanning tree path cost for the VAP interface.
Chapter 21 | Spanning Tree Commands Command Mode Global Configuration Command Usage The AP stores the MAC addresses for all known devices. All the addresses learned by monitoring traffic are stored in a dynamic address table. This information is used to pass traffic directly between inbound and outbound interfaces. When the MAC address table “aging time” has expired, a learned MAC address is discarded from the table.
Chapter 21 | Spanning Tree Commands Example AP# show bridge br-conf all BR0 configuration ======================================== BRIDGE MAC : 00:12:cf:a2:54:30 Priority : 32768 Hello Time : 2 Maximum Age : 20 Forward Delay : 0 ======================================== AP# show bridge port-conf This command displays spanning tree settings for specified interfaces.
Chapter 21 | Spanning Tree Commands ATH3 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH4 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH5 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH6 configuration =====================
Chapter 21 | Spanning Tree Commands Designated Bridge ID : 8000.0012cfa25430 Root Port Path Cost : 0 State : FORWARDING eth0 --- port 0x1 Port ID : 0x8001 Designated Root ID : 8000.0012cfa25430 Designated Bridge ID : 8000.0012cfa25430 Root Port Path Cost : 0 State : DISABLED ===================================================== AP# show bridge forward This command displays STP settings for forwarding MAC addesses on specified address interfaces or VLANs.
Chapter 21 | Spanning Tree Commands show bridge mac- This command displays the MAC address table aging time.
22 WDS Bridge Commands The commands described in this section are used to set the operation mode for each access point interface and configure Wireless Distribution System (WDS) forwarding table settings.
Chapter 22 | WDS Bridge Commands Default Setting None Command Mode Interface Configuration (Wireless) VAP Command Usage In WDS-STA mode, the VAP operates as a client station in WDS mode, which connects to an access point in WDS-AP mode. The user needs to specify the SSID and MAC address of the VAP to which it intends to connect.
23 Ethernet Interface Commands The commands described in this section configure connection parameters for the Ethernet port and wireless interface.
Chapter 23 | Ethernet Interface Commands dns This command specifies the address for the primary or secondary domain name server to be used for name-to-address resolution. Syntax dns {primary-server | secondary-server} primary-server - Primary server used for name resolution. secondary-server - Secondary server used for name resolution. server-address - IP address of domain-name server.
Chapter 23 | Ethernet Interface Commands Command Mode Interface Configuration (Ethernet) Command Usage ◆ DHCP is disabled by default. If DHCP is enabled, you must first disable the DHCP client with the no ip dhcp command before you manually configure a new IP address. ◆ You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets.
Chapter 23 | Ethernet Interface Commands effort to learn its IP address. (DHCP values can include the IP address, subnet mask, and default gateway.) Example AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. AP(if-ethernet)#ip dhcp AP(if-ethernet)# Related Commands ip address ip management This command sets the IP address for management access to the AP. address Syntax ip management address ip-address - The IP address for management access.
Chapter 23 | Ethernet Interface Commands ipv6-address - IPv6 address. netmask - Network mask for the associated IPv6 subnet. This mask identifies the host address bits used for routing to specific subnets. gateway - IPv6 address of the default gateway. Default Setting IP address: 2001:db8::1 Netmask: 64 Gateway: 2001:db8::2 Command Mode Interface Configuration (Ethernet) Command Usage DHCPv6 is disabled by default.
Chapter 23 | Ethernet Interface Commands Command Usage ◆ You must assign an IPv6 address to this device to gain management access over the network or to connect the access point to existing IPv6 subnets. You can manually configure a specific IPv6 address using the ipv6 address command, or direct the device to obtain an address from a DHCPv6 server using this command. ◆ When you use this command, the access point will begin broadcasting DHCPv6 client requests. The current IPv6 address (i.e.
Chapter 23 | Ethernet Interface Commands show interface This command displays the status for the Ethernet interface. ethernet Syntax show ethernet interface Default Setting Ethernet interface Command Mode Exec Example AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.2.10 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.2.254 Primary DNS : Secondary DNS : Management IP : 192.168.1.10 Management Subnet : 255.255.255.
24 Wireless Interface Commands The commands described in this section configure connection parameters for the wireless interfaces.
Chapter 24 | Wireless Interface Commands Table 20: Wireless Interface Commands (Continued) Command Function Mode Page assoc- timeout-interval Configures the idle time interval (when no frames are sent) after which a client is disassociated from the VAP interface IC-W-VAP 220 auth- timeout-value Configures the time interval after which clients must be re-authenticated IC-W-VAP 220 multicast-enhance Enhances multicast quality for wireless clients IC-W-VAP 221 shutdown Disables the wireless i
Chapter 24 | Wireless Interface Commands interface wireless This command enters wireless interface configuration mode. Syntax interface wireless index - The index of the wireless interface. (Range: 0 or 1, where “0” is the 2.4 GHz interface and “1” the 5 GHz interface) Default Setting None Command Mode Global Configuration Example AP(config)# interface wireless 0 Enter Wireless configuration commands, one per line.
Chapter 24 | Wireless Interface Commands a-mpdu This command enables and sets the Aggregate MAC Protocol Data Unit (A-MPDU). Syntax a-mpdu {enable | disable | length | } enable - Enable A-MPDU. disable - Disable A-MPDU. length - 1024-65535 bytes. Default Setting Disabled Command Mode Interface Configuration (Wireless) Example AP(if-wireless 0)#a-mpdu enable AP(if-wireless 0)# a-msdu This command enables and sets the Aggregate MAC Service Data Unit (A-MSDU).
Chapter 24 | Wireless Interface Commands channel This command configures the radio channel through which the access point communicates with wireless clients. Syntax channel {ht20 | ht40 | auto} ht20-channel - The 802.11n 20 MHz channel number: 11ng mode: 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11 11na mode: 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165 ht40-channel - The 802.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# channel ht20 06 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# transmit-power This command adjusts the power of the radio signals transmitted from the access point. Syntax transmit-power {percentage | dbm } percent-power - Signal strength as a percentage transmitted from the AP.
Chapter 24 | Wireless Interface Commands min-allowed-rate This command selects minimum allowed transmit data rates for the AP. Syntax min-allowed-rate {all | } all - Selects all available rates. cck-rate - Specifies the minimum CCK rate (2.4 GHz radio only). (Options: 1, 2, 5. 5, 11 Mbps) ofdm-rate - Specifies the minimum OFDM rate. (Options: 6, 9, 12, 18, 24, 36, 48, 54 Mbps) singlestream-rate - Specifies the minimum 802.11n single stream rate.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# disable-coexist y AP(if-wireless 0)# make-rf-setting- This command implements all wireless command changes made in current CLI effective session. Syntax make-rf-setting-effective Command Mode Interface Configuration (Wireless) Example AP(if-wireless 0)# make-RF-setting-effective It will take several minutes ! Please wait a while...
Chapter 24 | Wireless Interface Commands ◆ Set the preamble to long to ensure the access point can support all 802.11b and 802.11g clients. Example AP(if-wireless 0)# preamble short-or-long This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# short-guard-interval This command sets the 802.11n guard interval to 400ns (short) or 800ns (long).
Chapter 24 | Wireless Interface Commands Default Setting 100 TUs Command Mode Interface Configuration (Wireless) Command Usage The beacon signals allow wireless clients to maintain contact with the access point. They may also carry power-management information.
Chapter 24 | Wireless Interface Commands stations in Power Save mode, but delays the transmission of broadcast/ multicast frames. Example AP(if-wireless 0)# dtim-period 10 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# rts-threshold This command sets the packet size threshold at which a Request to Send (RTS) signal must be sent to the receiving station prior to the sending station starting communications.
Chapter 24 | Wireless Interface Commands ssid This command configures the service set identifier (SSID) of the VAP. Syntax ssid string - The name of a basic service set supported by the access point. (Range: 1 - 32 characters) Default Setting 2.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0: VAP[0])#closed-system This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0)# max-client This command configures the maximum number of wireless clients that can associate with a radio. Syntax max-client max-clients - The maximum number associated clients for the radio.
Chapter 24 | Wireless Interface Commands Default Setting 127 Command Mode Interface Configuration (Wireless-VAP) Command Usage This command sets the total maximum number of clients that may associate with a VAP interface. If the value is greater than the setting for the maximum clients per radio (max-client command), the command does not take effect.
Chapter 24 | Wireless Interface Commands assoc-timeout- This command configures the idle time interval (when no frames are sent) after interval which the client is disassociated from the VAP interface. Syntax assoc-timeout-interval minutes - The number of minutes of inactivity before disassociation.
Chapter 24 | Wireless Interface Commands multicast-enhance This command enables a feature that improves multicast video quality for wireless clients. Use the no form to disable the feature. Syntax [no] multicast-enhance Default Setting Disabled Command Mode Interface Configuration (Wireless-VAP) Command Usage When a wireless client joins a multicast group, this feature converts multicast packets to unicast packets to improve multicast video quality.
Chapter 24 | Wireless Interface Commands interfere-chan- This command rescans channels when interference is detected on the current recover channel. Use the no form to disable the feature. Syntax [no] interfere-chan-recover Default Setting Disabled Command Mode Interface Configuration (Wireless) Command Usage ◆ When interference is detected on the current channel, the AP re-scans all channels and then changes to a new clear channel.
Chapter 24 | Wireless Interface Commands Example AP(config)# band-steering AP(config)# wlandev-interfere- This command enables the detection of nearby APs that are using the same detection channel. Use the no form to disable the feature. Syntax wlandev-interfere-detection
Chapter 24 | Wireless Interface Commands Default Setting right-left Command Mode Interface Configuration (Wireless) Example AP(if-wireless 0)# antenna-chain left This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# long-distance This command computes settings that allow wireless clients a long distance from the AP to maintain communications. Syntax long-distance enable - Enables the long distance settings.
Chapter 24 | Wireless Interface Commands long-distance This command computes settings that allow wireless clients a long distance from reference-data the AP to maintain communications. Syntax long-distance reference-data distance - An approximate distance in meters. (Range: 1-50000 meters) Default 0 (disabled) Command Mode Interface Configuration (Wireless) Command Usage Enter the approximate distance (in meters) of the client from the AP.
Chapter 24 | Wireless Interface Commands long-distance This command sets the acknowledge timeout for long-distance communications. acktimeout Syntax long-distance acktimeout timeout - The adjusted acknowledge timeout in microseconds.
Chapter 24 | Wireless Interface Commands disable - Disables the feature. Default Disabled Command Mode Interface Configuration (Wireless-VAP) Command Usage This command enables the rate limiting of traffic from the wired network as it is passed to the VAP interface. You can set a maximum rate in Kbytes per second.
Chapter 24 | Wireless Interface Commands bandwidth-control This command enables the uplink bandwidth control for a VAP interface. uplink Syntax bandwidth-control uplink enable - Enables the uplink bandwidth control setting. disable - Disables the feature. Default Disabled Command Mode Interface Configuration (Wireless-VAP) Command Usage This command enables the rate limiting of traffic from the VAP interface as it is passed to the wired network.
Chapter 24 | Wireless Interface Commands AP(if-wireless 0: VAP[0])# show interface This command displays the status for a specified VAP interface. wireless Syntax show interface wireless vap index - The wireless interface slot number. (Range: 0 or 1) vap-index - The number that identifies a VAP interface.
Chapter 24 | Wireless Interface Commands ----------------------------------Security---------------------------------Closed System : DISABLE WPA Function : OPEN-SYSTEM, WPA FUNCTION DISABLE WPA PSK Key Type : ascii WPA PSK Key : ******** Default Transmit Key : 1 Static WEP Keys Key 1 : ***** Key 2 : ***** Key 3 : ***** Key 4 : ***** Pre-Authentication : DISABLE -----------------------------------802.1x----------------------------------802.1x : DISABLE 802.
Chapter 24 | Wireless Interface Commands show station This command shows the wireless clients associated with the access point.
Chapter 24 | Wireless Interface Commands show station statistics This command shows statistics information for wireless clients associated with the access point.
Chapter 24 | Wireless Interface Commands Total Station if-wireless 1 Total Station if-wireless 1 Total Station if-wireless 1 Total Station if-wireless 1 Total Station if-wireless 1 Total Station if-wireless 1 Total Station if-wireless 1 Total Station if-wireless 1 Total Station Number of this VAP [8] : Number of this VAP [9] : Number of this VAP [10] : Number of this VAP [11] : Number of this VAP [12] : Number of this VAP [13] : Number of this VAP [14] : Number of this VAP [15] : Number of this vap: 0 va
25 Wireless Security Commands The commands described in this section configure parameters for wireless security on the VAP interfaces. Table 21: Wireless Security Commands Command Function Mode Page auth Defines the 802.
Chapter 25 | Wireless Security Commands wpa2-psk - Clients using WPA2 with a Pre-shared Key are accepted for authentication. wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for authentication. wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Pre-shared Key are accepted for authentication Default Setting open-system Command Mode Interface Configuration (Wireless-VAP) Command Usage The auth command automatically configures settings for each authentication type, including encryption, 802.
Chapter 25 | Wireless Security Commands ◆ WPA2 defines a transitional mode of operation for networks moving from WPA security to WPA2. WPA2 Mixed Mode allows both WPA and WPA2 clients to associate to a common VAP interface. When the encryption cipher suite is set to TKIP, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for each client. The access point advertises it’s supported encryption ciphers in beacon frames and probe responses.
Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# encryption This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# Related Commands key key This command sets the keys used for WEP encryption. Use the no form to delete a configured key. Syntax key { | static | dynamic} no key index - Key index. (Range: 1-4) size - Key size.
Chapter 25 | Wireless Security Commands ◆ The WEP key index, length and type configured for the VAP must match those configured for clients.
Chapter 25 | Wireless Security Commands cipher-suite This command defines the cipher algorithm used to encrypt the global key for broadcast and multicast traffic when using WPA or WPA2 security. Syntax multicast-cipher aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher. tkip - Use TKIP encryption for the multicast cipher. TKIP or AES-CCMP can be used for the unicast cipher depending on the capability of the client.
Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# cipher-suite tkip This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# wpa-pre-shared-key This command defines a Wi-Fi Protected Access (WPA/WPA2) Pre-shared-key. Syntax wpa-pre-shared-key hex - Specifies hexadecimal digits as the key input format.
Chapter 25 | Wireless Security Commands pmksa-lifetime This command sets the time for aging out cached WPA2 Pairwise Master Key Security Association (PMKSA) information for fast roaming. Syntax pmksa-lifetime minutes - The time for aging out PMKSA information.
Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# make-security-effective It will take several minutes ! Please wait a while... device eth0 left promiscuous mode br0: port 1(eth0) entering disabled state br0: port 3(ath16) entering disabled state br0: port 2(ath0) entering disabled state device ath16 left promiscuous mode br0: port 3(ath16) entering disabled state device ath0 left promiscuous mode br0: port 2(ath0) entering disabled state wlan_vap_delete : enter.
26 Rogue AP Detection Commands A “rogue AP” is either an access point that is not authorized to participate in the wireless network, or an access point that does not have the correct security configuration. Rogue APs can potentially allow unauthorized users access to the network. Alternatively, client stations may mistakenly associate to a rogue AP and be prevented from accessing network resources. Rogue APs may also cause radio interference and degrade the wireless LAN performance.
Chapter 26 | Rogue AP Detection Commands Command Usage ◆ While the access point scans a channel for rogue APs, wireless clients will not be able to connect to the access point. Therefore, avoid frequent scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue AP.
Chapter 26 | Rogue AP Detection Commands Command Mode Interface Configuration (Wireless) Command Usage Enter the MAC address/Basic Service Set Identifier (BSSID) of known APs in the network. These MAC addresses will be filtered out of the list of detected APs during a scan. Building a database of approved APs allows the AP to discover rogue APs. Without a configured database, the AP can detect neighboring APs only, it cannot identify whether the APs are rogues.
Chapter 26 | Rogue AP Detection Commands Command Mode Interface Configuration (Wireless) Command Usage ◆ During a scan, client access may be disrupted and new clients may not be able to associate to the access point. If clients experience severe disruption, reduce the scan duration time. ◆ A long scan duration time will detect more access points in the area, but causes more disruption to client access.
Chapter 26 | Rogue AP Detection Commands rogue-ap instant-scan This command starts an immediate scan for access points on the radio interface. Default Setting Disabled Command Mode Interface Configuration (Wireless) Command Usage While the access point scans a channel for rogue APs, wireless clients will not be able to connect to the access point. Therefore, avoid frequent scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue AP.
Chapter 26 | Rogue AP Detection Commands – 248 –
27 Link Integrity Commands The access point provides a link integrity feature that can be used to ensure that wireless clients are connected to resources on the wired network. The access point does this by periodically sending Ping messages to a host device in the wired Ethernet network. If the access point detects that the connection to the host has failed, it disables the radio interfaces, forcing clients to find and associate with another access point.
Chapter 27 | Link Integrity Commands Response Timeout: 2 seconds Retry Counts: 5 Command Mode Global Configuration Command Usage ◆ When link integrity is enabled, the IP address of a host device in the wired network must be specified. ◆ The access point periodically sends an ICMP echo request (Ping) packet to the link host IP address. When the number of failed responses (either the host does not respond or is unreachable) exceeds the limit set by this command, the link is determined as lost.
Chapter 27 | Link Integrity Commands Example AP(config)# link-integrity link-fail-action 0 enable AP(config)# show link-integrity This command displays the current link integrity configuration. Command Mode Exec Example AP#show link-integrity Link Integrity Information =================================================================== Link integrity: disabled Destination IP: 192.168.2.
28 Link Layer Discovery Commands LLDP allows devices in the local broadcast domain to share information about themselves. LLDP-capable devices periodically transmit information in messages called Type Length Value (TLV) fields to neighbor devices. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
Chapter 28 | Link Layer Discovery Commands lldp-transmit hold- This command configures the time-to-live (TTL) value sent in LLDP advertisements. muliplier Syntax lldp transmit hold-multiplier multiplier - The hold multiplier number.
Chapter 28 | Link Layer Discovery Commands Example AP(config)# lldp transmit interval 30 AP(config)# lldp transmit re-init- This command configures the delay before attempting to re-initialize after LLDP delay ports are disabled or the link goes down. Syntax lldp transmit re-init-delay seconds - Time in seconds.
Chapter 28 | Link Layer Discovery Commands Command Usage ◆ The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission.
29 VLAN Commands The access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network. VLAN IDs can be mapped to specific VAP interfaces, allowing users to remain within the same VLAN as they move around a campus site. Caution: When VLANs are enabled, the access point’s Ethernet port drops all received traffic that does not include a VLAN tag.
Chapter 29 | VLAN Commands ◆ Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point’s management VLAN ID, or with a VLAN tag that matches one of the VAP default VLAN IDs. Example AP(config)# vlan enabled Warning! VLAN's status has been changed now ! It will take several seconds ! Please wait a while... AP(config)# Related Commands management-vlanid management-vlanid This command configures the management VLAN ID for the access point.
Chapter 29 | VLAN Commands native-vlanid This command configures the default VLAN ID for the LAN port interface. Syntax native-vlanid vlan-id - Default VLAN ID. (Range: 1-4094) Default Setting 1 Command Mode Global Configuration Command Usage ◆ To implement the default VLAN ID setting for the LAN port, the AP must first enable VLAN support using the vlan command. ◆ When VLANs are enabled, the AP assigns the default VLAN ID to untagged frames received on the LAN port interface.
Chapter 29 | VLAN Commands ◆ When VLANs are enabled, the access point tags frames received from wireless clients with the default VLAN ID for the VAP interface.
30 WMM Commands The access point implements QoS using the Wi-Fi Multimedia (WMM) standard. Using WMM, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard and it enables the access point to inter-operate with both WMM-enabled clients and other devices that may lack any WMM functionality.
Chapter 30 | WMM Commands wmm-acknowledge- This command allows the acknowledgement wait time to be enabled or disabled policy for each Access Category (AC). Syntax wmm-acknowledge-policy ac_number - Access categories. (Range: 0-3) ack - Require the sender to wait for an acknowledgement from the receiver. noack - Does not require the sender to wait for an acknowledgement from the receiver.
Chapter 30 | WMM Commands AP - Access Point BSS - Wireless client ac_number - Access categories (ACs) – voice, video, best effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802.1D priority tags as shown in Table 2 on page 87. (Range: 0-3) LogCwMin - Minimum log value of the contention window. This is the initial upper limit of the random backoff wait time before wireless medium access can be attempted.
Chapter 30 | WMM Commands Table 28: BSS Parameters WMM Parameters AC0 (Best Effort) AC1 (Background) AC2 (Video) AC3 (Voice) LogCwMin 4 4 3 2 LogCwMax 6 10 4 3 AIFS 3 7 1 1 TXOP Limit 0 0 94 47 Disabled Disabled Disabled Admission Control Disabled Command Mode Interface Configuration (Wireless) Example AP(if-wireless 0)# wmmparam ap 0 5 10 3 64 1 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)#
Chapter 30 | WMM Commands – 264 –
31 QoS Commands The QoS commands configure QoS priority mapping for traffic on VAP interfaces. The AP enables Wi-Fi Multimedia (WMM) 802.1d priorities to be mapped to 802.1p priorities or IP DSCP priorities. Table 29: QoS Commands Command Function Mode Page qos vap-802.1p Enables the setting of VAP traffic to a specific 802.1p priority value IC-W VAP 265 qos vap-802.1p retagged-userpriority Sets the 802.1p priority value for VAP traffic IC-W VAP 266 qos 802.1d-802.
Chapter 31 | QoS Commands Command Usage ◆ To implement this command on a VAP interface the default VLAN ID for the VAP must be set to any other value than 1. ◆ The VAP-to-802.1p priority QoS feature cannot be enabled together with the 802.1d-to-802.1p or 802.1d-to-DSCP features. Example AP(if-wireless 0: VAP[0])# qos vap-802.1p enable This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# qos vap-802.
Chapter 31 | QoS Commands qos 802.1d-802.1p This command enables the mapping of WMM 802.1d priority values to 802.1p values on a VAP interface. Syntax qos 802.1d-802.1p enable - Enables the mapping of WMM 802.1d to 802.1p priority values. disable - Disables the feature. Default Disabled Command Mode Interface Configuration (Wireless-VAP) Command Usage This QoS feature requires a QoS mapping template to be configured using the qos qos-template qos-template-priority command.
Chapter 31 | QoS Commands Command Usage ◆ The AP supports eight QoS priority mapping templates, each identified by an ID number (1 to 8). The templates also have user-defined name that can be configured using the qos qos-template qos-template-name command. ◆ The QoS priority mapping templates can be configured using the qos qostemplate qos-template-priority command. Example AP(if-wireless 0: VAP[0])# qos 802.1d-802.
Chapter 31 | QoS Commands AP(if-wireless 0: VAP[0])# qos 802.1d-dscp This command sets the mapping template to use for the WMM 802.1d to DSCP mapping-template priority mapping on a VAP interface. Syntax qos 802.1d-dscp mapping-template template-id - The identifying number of a QoS mapping template. (Range: 1-8) Default 1 Command Mode Interface Configuration (Wireless-VAP) Command Usage The AP supports eight QoS priority mapping templates, each identified by an ID number (1 to 8).
Chapter 31 | QoS Commands qos qos-template qos- This command sets the name of a QoS priority mapping template. template-name Syntax qos qos-template qos-template-name template-id - The identifying number of a QoS mapping template. (Range: 1-8) template-name - The user-defined name of a QoS mapping template.
Chapter 31 | QoS Commands Example AP(if-wireless 0: VAP[0])# qos qos-template qos-template-priority 1 10234765 AP(if-wireless 0: VAP[0])# qos qos-template qos- This command displays the user-defined QoS priority mapping templates and their template-show priority mapping configuration.
Chapter 31 | QoS Commands – 272 –
Section IV Appendices This section provides additional information and includes these items: ◆ “Troubleshooting” on page 274 – 273 –
A Troubleshooting Problems Accessing the Management Interface Table 30: Troubleshooting Chart Symptom Action Cannot connect using Telnet, web browser, or SNMP software ◆ ◆ ◆ ◆ ◆ ◆ ◆ Cannot access the CLI through a serial port connection ◆ ◆ Forgot or lost the password ◆ Be sure the AP is powered up. Check network cabling between the management station and the AP. Check that you have a valid network connection to the AP and that intermediate switch ports have not been disabled.
Appendix A | Troubleshooting Using System Logs 5. Designate the SNMP host that is to receive the error messages. 6. Repeat the sequence of commands or other actions that lead up to the error. 7. Make a list of the commands or circumstances that led to the fault. Also make a list of any error messages displayed. 8. Set up your terminal emulation software so that it can capture all console output to a file. Then enter the “show config” command to record all system settings in this file. 9.
Index of CLI Commands 802.1x enable 173 802.
Index of CLI Commands port-priority (STP Interface) 191 preamble 213 prompt 121 qos 802.1d-802.1p 267 qos 802.1d-802.1p mapping-template 267 qos 802.1d-dscp 268 qos 802.1d-dscp mapping-template 269 qos qos-template qos-template-name 270 qos qos-template qos-template-priority 270 qos qos-template qos-template-show 271 qos vap-802.1p 265 qos vap-802.
Index A F authentication cipher suite 236 closed system 217 MAC address 176 type 217 filter address 176 between wireless clients 179 local bridge 179 local or remote 175 management access 180 protocol types 182 VLANs 256 firmware displaying version 132 upgrading 165 B beacon interval 214 rate 215 BOOTP 200, 201, 202, 203 C channel 210 channel coexistance, disable 212 closed system 217 community name, configuring 152 community string 152 configuration settings, saving or restoring 165 console port, req
Index O T open system 217 time zone 147 transmit power, configuring 211 trap destination 154 trap manager 154 P password configuring 123 management 123 port priority STA 189 U R V radio channel 802.11a interface 210 802.
Headquarters No. 1, Creation Rd. III Hsinchu Science Park Taiwan 30077 Tel: +886 3 5638888 Fax: +886 3 6686111 (for Asia-Pacific): Technical Support information at www.smc-asia.com www.smcnetworks.co.kr WAP5110 www.smc.