User's Manual Part 2
Table Of Contents
- Monitoring Clients and System Operations
- Services, Password, Config, and Firmware Web Pages
- Diagnostics Web Screen and Help
- Configuration Using The Command Line Interface
- Command Levels
- Connections and Terminal Settings
- Accessing the CLI
- Configuration Example
- Navigating the CLI
- Read Level Command Descriptions
- enable
- exit
- Ping
- Show Commands
- show arp
- show cpu
- show dhcp-server interface bridge <0-4094>
- show dhcp-server interface ethernet <0>
- show dhcp-server interface wireless <0-1>
- show eap
- show http-server
- show iccf
- show interfaces
- show interfaces bridge [0-4094]
- show interfaces bridge <0-4094> fdb
- show interfaces bridge <0-4094> stp
- show interfaces ethernet [0]
- show interfaces wireless [associations]
- show interfaces wireless <0-1> associations
- show interfaces wireless <0-1>
- show interfaces wireless < 0-1> wds <1-6>
- show ip domainname
- show ip host
- show ip hostname
- show ip nameserver
- show ip route
- show ip ssh
- show logging
- show memory
- show serial
- show snmp-server
- show uptime
- show version
- show wds
- show flash:
- show running-config
- traceroute
- Enable Level Command Descriptions
- configure [terminal]
- Commands for Managing Configuration Files
- Configure Crypto (Generate Keys) Commands
- Configure Enable Secret Commands
- Configure HTTP-Server Commands
- Configure Interface Commands
- interface bridge <0-4094>
- add interface ethernet <0>
- no add interface ethernet <0>
- add interface wireless < 0-1>
- no add interface wireless < 0-1>
- add interface wireless < 0-1> wds <1-6>
- aging-time <10-1000000 seconds>
- dhcp-server
- dhcp-server broadcast-address
- no dhcp-server broadcast-address
- dhcp-server domain-name
- no dhcp-server domain-name
- dhcp-server gateway
- no dhcp-server gateway
- dhcp-server ip-pool
- no dhcp-server ip-pool
- dhcp-server lease <1-4294967295>
- no dhcp-server lease <1-4294967295>
- dhcp-server name-server
- no dhcp-server name-server
- dhcp-server ntp-server
- no dhcp-server ntp-server
- dhcp-server wins
- no dhcp-server wins
- exit
- forward-time <4-200 seconds>
- no forward-time
- hello-time <1-10 seconds>
- no hello-time
- iccf
- no iccf
- ip address
[secondary] - no ip address
[secondary] - ip address dhcp
- no ip address dhcp
- ip address dhcp release
- ip address dhcp renew
- ip broadcast-address
[secondary] - ip routing
- no ip routing
- max-age <6-200 seconds>
- no max-age
- path-cost interface
<0-65535> - path-cost interface
wds <1-6> <0-65535> - priority <0-65535>
- shutdown
- no shutdown
- stp
- no stp
- show
- shutdown
- source-nat interface
|ethernet <0>|wireless < 0-1>|wireless <0-1> wds <1-6>>
- interface ethernet 0
- interface wireless < 0-1|all>
- beacon-interval <0-8191>
- channel <1-11>
- DHCP Server Operation
- disable beacon-essid
- no disable beacon-essid
- EAP Commands (802.1x security)
- eap
- eap secret <1-2>
- eap rekey-interval <60-1800>
- eap server <1-2>
- no eap
- no eap server
- essid
- exit
- iccf
- no iccf
- ip address
- ip address
secondary - no ip address
[secondary] - ip address dhcp
- no ip address dhcp
- ip address dhcp renew
- ip address dhcp release
- ip broadcast
[secondary] - no ip broadcast-address [secondary]
- ip routing
- no ip routing
- key
<1-4> - sensitivity <1-3>
- show
- shutdown
- no shutdown
- source-nat interface
|ethernet <0>|wireless < 0-1>> - wds
- wep <1-4>
- no wep
- interface bridge <0-4094>
- Configure No Interface Commands
- Configure IP Commands
- Configure Log Commands
- Configure Multicast/Broadcast Rate Limiting
- Configure SNMP-Server Commands
- snmp-server
- snmp-server bind interface (wireless < 0-1>|ethernet 0|bridge <0-4094>)
- snmp-server community
RO|RW [ ] - snmp-server contact
- snmp-server engineID
- snmp-server host
- snmp-server host
- snmp-server host
[auth MD5|SHA [priv DES ]] - snmp-server location
- snmp-server name
- snmp-server user
[auth MD5|SHA [priv DES [ ]]]
- Configure No SNMP-Server Commands
- Configure Username Admin (Read Level) Secret
- Configure WDS (Wireless Distribution System)
- disable
- edit flash:
- exit
- no
- reboot
- support
- Network Monitoring
- Verifying Wi-Fi Operation
- Verification Process
- Wireless Client Does Not “Find” the Vivato Wi-Fi AP/Bridge
- Wireless Client Can’t Access Wi-Fi AP/Bridge Configuration Web Page
- Wireless Client Cannot Access the Local Wired Network
- Wireless Client Cannot Access an Outside Network
- Unauthorized Clients Are Able to Associate With The Wi-Fi AP/Bridge
- Connecting Through a WDS Connection
- Verification Process
- Dynamic Assignment of Client IP Addresses
- Updating AP/Bridge Firmware
- Index
Copyright © 2004, Vivato, Inc. Vivato Wi-Fi AP/Bridge User Guide 129
Enable Level Command Descriptions
Configuration Using The Command Line Interface
Windows 2000 Internet Access Server Setup
Use the following guidelines when configuring EAP/TLS/PEAP on your Windows 2000
IAS to work with the Vivato Wi-Fi AP/Bridge. For more information on configuring
Microsoft® Windows® XP clients and a Windows 2000® Internet Access Server (Win2K
IAS) for EAP or PEAP security, see Windows XP Win2kIAS Deployment.pdf© on the
Vivato 2.4 GHz Wi-Fi AP/Bridge CD.
To work with Win2K IAS, users should be grouped based on the VLAN ID in the Active
Directory. A policy for each user group must be added by, 1) setting the “Windows Group”
as the “condition to match” and selecting the user group.
(1) Encryption Key Length - Set by Profile>Encryption: Use either (a) Basic : 64 bit key,
or (b) Strongest: 128 bit key. Regardless of the type of RADIUS server used, encryption
must conform to RFC 2548 MS-MPPE-Encryption-Types.
(2) Session Timeout - Set by Profile>Dial-in Constraint>Restrict Maximum Session To:
Value: session timeout period (minutes). When a client reaches session timeout, the Wi-Fi
AP/Bridge forces the client to re-authenticate and deliver new session key. Regardless of the
type of RADIUS server used, operation must conform to RFC 2865 Attribute Type 27.
(3) Key Refresh Timeout - Set by Profile>Advanced>Vendor Specific Attribute: Vendor
code: 14615 Confirm to RADIUS RFC: Yes. Vendor Type: 60. Attribute format: Decimal.
Attribute value: key refresh period (minute). When a client reaches key refresh timeout, the
Wi-Fi AP/Bridge delivers a new session key to the client.
The administrator may configure: (a) Key refresh and session timeout. (b) Key refresh only.
(c) Session timeout only. If Key Refresh Timeout >= Session Timeout, the Key Refresh
Timeout is ignored.
If item 1 is changed on the Windows 2000 IAS, then the Wi-Fi AP/Bridge needs to be
rebooted in order to force all clients to re-authenticate using the new policy. Items 2 and 3
can be changed and applied to the next authenticated client without system reboot.
Wi-Fi AP/Bridge EAP Configuration Example
The following example shows how EAP may be configured on the Wi-Fi AP/Bridge to
work with Windows 2000 IAS:
Note: When making changes to an existing EAP configuration, you should disable
EAP before making the changes, and then re-enable EAP after making the
changes to re-initialize EAP using the new configuration.
vivato (config)# no eap
vivato (config)# eap server 1 191.173.0.149 1812
vivato (config)# eap secret 1 eapsecretforpeap
vivato (config)# eap server 2 191.173.0.150 1812
vivato (config)# eap secret 2 secondaryeapsecret
vivato (config)# eap