Edge-CoreメーカーWA6202AMの使用説明書/サービス説明書
ページ先へ移動 of 332
www .edge-core.com User G uide P owered by Accton W A 6202A W A 6202AM 2.4 GH z / 5 G Hz Dual Ba nd Outdoor Access Point / Bridge.
.
User Guide 2.4 GHz / 5 GHz Wireless Access Point/Bridge WA6202 A IEEE 8 02.11g and 8 02.11a Dual-band A ccess Point / Bridge with Integ rated 5 GHz High-Gain An tenna and Ex ternal Anten na Option s WA6202 AM IEEE 8 02.
WA6202A WA6202AM F4.3.3.6 E1 12006-DT-R01 1491000 34900 E.
i Compliances Federal Communication Commission Interference Statement This equipment has been tested and found t o comply with the limits for a Class B digital device, pursuant to P art 15 of the FCC Ru les. These limits are d esigned to provide reasonable protection against harmful interfer ence in a residential installation.
ii VCCI No tice This is a c lass A product based on the standard of the V oluntary Control Council for Interference by Information T echnology Equipment (VCCI). If t his equipment is used in a domestic environment, radio disturbance may aris e. When such trouble occurs, the user may be required to t ake corrective act ions.
iii • This device employs a radar detection f eature required for European Community operation in the 5 GHz band. T his feature is automatically enabled when the country of operation is correctly configured for any Eu ropean Community country.
iv Safe ty Co mpl ianc e Power Cord Safety Please read the following safety information carefully bef ore installing the device: Wa r n i n g : Installation and removal of the unit must be carried out by qualif ied personnel only . • The unit must be connected to an earthed (grounded) outlet to comply with international safety standards .
v Veuillez lire à fond l'informatio n de la sécurité su ivante avant d'inst aller l’appareil: A VERTI SSEME NT : L ’instal lation et la dépose de ce groupe doivent ê tre confiés à un personnel qualifié.
vi • L’appareil fonctionne à une tension extrêmem ent basse de sécurité qui es t conforme à la norme IEC 60950. Ces conditions ne s ont maintenues que si l’équipement auquel il est raccordé fonctionne dans les mêmes conditions.
vii Bitte unb edingt vor dem Einbauen de s Gerä t s di e folgende n Sicherheitsanweisungen durchlesen (Ger many) : W ARNUNG: Die Installation und der Ausbau des Geräts darf nu r durch Fachpersonal erfolgen. • Das Gerät sollte nicht an eine ungeerdete Wechs elstromsteck dose a ngeschlos sen werden.
viii Stromka bel . Dies muss von dem Land, in dem es b enutzt wird gepr üft werden: U.S.A und Canada Der Cord m uß das UL gepruft und war das CSA beglaubigt. Das Minimum spezifikation fur d er Cord sind: - Nu. 18 AWG - nich t mehr als 2 meter, oder 16 AWG.
ix Table of Contents Chapter 1: Introduction 1-1 Radi o Chara cter istic s 1-1 Packag e Checkli st 1-2 Hardware Description 1-2 LED In dicat ors 1-3 Integrate d High-Gai n Antenna 1-5 External Antenna.
x Contents Mount ing to a Wall 4-4 Conne ct Externa l Antennas 4-5 Conne ct Cabl es to the Unit 4-6 Connect the Power Injector 4-7 Align An tennas 4-8 Chapter 5: Initi al Configuration 5-1 Init ial Se.
xi Contents Chap ter 7: Com mand L ine I nterf ac e 7-1 Usin g the Comm and Li ne Interfac e 7-1 Accessi ng the CLI 7-1 Consol e Connecti on 7-1 Telnet C onnectio n 7 -1 Entering Commands 7 -2 Keyword.
xii Contents show v ersion 7-24 show c onfig 7-24 show ha rdware 7-28 System Logging Comman ds 7-28 logg ing on 7-29 logg ing ho st 7-29 logg ing co nsol e 7-30 logging l evel 7-30 lo gg ing fa cil it.
xiii Contents delete 7-5 7 dir 7-58 show bo otfile 7-58 RADIUS Client 7-59 radius-se rver ad dress 7-59 radius-se rver po rt 7-60 radius-se rver ke y 7-60 radius-se rver ret ransmit 7-61 radius-se rve.
xiv Contents bridge stp forwardi ng-delay 7-84 bridge stp hello -time 7-84 bridge stp max-age 7-85 bridge stp priority 7-85 bridge-lin k path -cost 7-86 bridge-lin k port-prio rity 7-86 show bri dge s.
xv Contents rogue-ap au thenti cate 7-11 5 rogue-ap du ration 7-11 6 rogue-ap i nterval 7 -116 rogue-ap s can 7-11 7 show rog ue-ap 7 -118 Wireles s Secu rity Comm and s 7-11 8 auth 7 -119 encryptio n.
xvi Contents Appendi x C: Speci fications C-1 Genera l Specific ations C-1 Sensi tivit y C- 4 Transmit Power C-5 Antenna Spec ifi ca tio ns C -6 18 dBi High Gain Directi onal Panel (2.4 GHz) C-6 8 dBi Om nidirectio nal (2 .4 GHz) C- 7 10 dBi Sector (2.
1-1 Chapter 1: Intr oduction The Dual- ban d Outdoor Acc ess P oint / Bri dge system con sists of two mode ls th at provide poi n t-to-point or point - to -m u ltipoint bridge links betwe en remo te E.
Introduction 1-2 1 Package Checklist The Dual- ban d Outdoor Acc ess Point / Bridge packag e includes : • One W i re le ss Du al-b an d Access Poi nt (W A6 20 2A or WA620 2AM) • One C a te gor y 5e network Po E ca ble, length 98 ft (3 0 m ) • One po wer inje ctor m odule a nd powe r cord 5.
LED Indicators 1-3 1 LED Indicators The access point includ es eight status LED indica to rs , a s in di ca te d i n th e fo l low i ng fig ure. The follow ing table desc ribe s th e sy stem status LEDs . LED Status Descripti on Powe r On G r een Indi cat es th at t he sys tem is wor kin g nor mally .
Introduction 1-4 1 The 1 1a and 1 1b/ g LEDs operate in two di s pl ay m o des, whic h ar e co nf ig ur ab le through th e m an agement i nt er fa ce. The RSSI mode is for alig ni ng ant en nas in a bridge link . Th e AP m od e is for indicat in g data traffic rate s.
Integrated Hi gh-Gain Antenna 1-5 1 Integrated High-Gain Ante nna The WA6202A unit inc lude s an integra te d hi gh -g ain (17 dB i) flat- panel ant en na for 5 GHz operat i on. Th e ant en na can prov i de a d irect line-of -s ight lin k up to 15.4 km (9.
Introduction 1-6 1 Ethernet Port The wireless bridge has one 1 0BAS E-T/100BASE -TX 8-p in DIN por t that conne cts to the pow er injec tor mo dul e u sing the inclu de d Et her ne t cable. The Ether ne t port connect i on pr ov ides powe r to the wire less bridge as wel l as a data link t o th e l oca l network .
Grounding Point 1-7 1 The powe r inj ec to r m od ule autom at i call y ad justs to any AC vo ltage between 100-240 volts at 50 or 60 Hz . No v ol tage ran ge setting s ar e re qu ired. Warning : Th e po wer i nje ctor modu le i s de si gned f or i ndoo r us e on ly .
Introduction 1-8 1 System Configuration At each loca tion where a un it is installed, it mus t be conne ct ed t o t he loc al network using the po wer inject or mo du le. The follo w ing f ig ur e i llus trat e s the system compon ent conne ct i ons .
2-1 Chapte r 2: Network Co nfigur ation The Dual- ban d Outdoor Acc ess P oint / Bri dge system pro vide s access po int and bridging ser vi ce s t hro ug h either th e 5 G Hz or 2. 4 G H z radio interfac es. The wireles s bridge uni ts ca n be us ed just as nor m al 80 2.
Network Configur ation 2-2 2 Infrastr ucture Wireless LAN The access point func tion of the wireles s bridge prov i des access to a wired L AN for 802.1 1a/b/g wireles s workstatio ns. An int eg rated wi re d/ wi rele ss LAN is cal l ed an Infrastru ctur e co nfiguratio n.
Access Point T o p ologies 2-3 2 Infrastr ucture Wireless LAN fo r Roami ng Wirele ss PCs The B asic Ser vice Set (BSS) de fines t he comm unications domain for eac h acces s point and i ts associ ate d wireless cl i en ts.
Network Configur ation 2-4 2 Bridge Link Topologies The IEEE 802 .1 1 s t andard defines a WIreless Distribution System (W DS) for bridge connect i ons between BSS areas (acc es s points). The outdo or wir el es s br id ge uses WDS to fo rward traffic on lin ks betwee n units.
Bridge Link T opologies 2-5 2 Point-to- Multipoint Configurati on A W A6202 AM w i rele ss br i dg e can use an om n idirectional or sec tor antenn a to connect to as m an y as 6 bridg es i n a po in t -to- m ultipoint con fig uration.
Network Configur ation 2-6 2.
3-1 Chapter 3: Bridge Link Planning The Dual- ban d Outdoor Acc ess P oint / Bri dge supports fixed po in t -to- po int or point-to- m ultipoint wir el es s l in ks. A sing le link betw ee n t w o poi n ts can be us ed to connect a remote si te to larger core networ k.
Bridge Link Planni ng 3-2 3 If there are ob stacles in the ra di o path , the re may sti ll be a rad io link but th e qua lity and stre ngt h of the s ignal will be affecte d. C al cula ting the m axi m um c learance f ro m objects on a path is imp ortant as it direc tly affects the decisi on on a ntenna placemen t and h eight.
Radio Path Planni ng 3-3 3 . Note that t o avo id any obs truc tion along th e path , the he ight of the obj ec t mu st be added to the m inimum cl earance re quired for a cle ar radio line-o f-sight. Con sider the following s imple example, illustrated in the fi gure below .
Bridge Link Planni ng 3-4 3 (7.5 ft) mast or po le m ust be c ontructed on its roof to achiev e the requ ired antenna height. Bu ild ing B is only t hr ee s to ries high, or 9 m (30 ft), but is lo cat ed at an elevatio n that is 12 m (3 9 ft) highe r t han bul di ng A.
Ethernet Cabling 3-5 3 Radio Int erference The avoid an ce of radio int er fe re nc e is an important part of wir eles s link plan ni ng. Interfe re nce is caused by ot he r radio transm i s sions usin g the sam e or an adj a cent channel freq uency .
Bridge Link Planni ng 3-6 3 • Deter m i ne i f cond ui t s, bra cing , or other stru ctures are req uired for saf et y or protection of the cab le • For lig ht ni ng p rotection at th e po wer inj.
4-1 4-1 Chapte r 4: Hardwa re Inst allati on Before mou nting ant enn as to set up you r wireless brid ge links, be sur e yo u have selected appropriat e l oc at io ns for each ante nn a. Follow th e gu idance an d informat ion i n Chap ter 3: "Bridge Li nk Plan ning.
Hard war e Ins talla tion 4-2 4 The bridge’s mou nting brac ket has four parts. One re ctang ul ar pl at e th at is use d for pole and wa ll mountin g, one square plat e th at at tach es dir ectly to the br idge , and two plates that form an ad justable V -shaped cl am p f or pol e m ou nting.
Mount the Unit 4-3 4 4. Attach the bridge wi th its mount ing plate to the br acket al ready fixed to th e pole. 5. Use the in cl ud ed nuts to secur e th e w i re le ss b ri dg e to th e pol e b racket. N ot e that the wi re le ss bridg e tilt angle ma y need to be ad justed dur i ng t he antenna alignme nt pro ce ss.
Hard war e Ins talla tion 4-4 4 Be sure to take accou nt of the ant en na p olarizat ion di r ect i on ; all antenna s in a link must be mounted with the same polariza tio n .
Connect Exter nal Antennas 4-5 4 Connect External Antenna s When dep loying a WA6202A M uni t for a br id ge li nk or ac cess poin t op er at ion, yo u need to m ount externa l antennas and connect them to the b ridge. T ypically , a bridge link re quires a 5 GH z ante nna, an d acces s point operation a 2 .
Hard war e Ins talla tion 4-6 4 Connect Cables to the Un it Warning : Do not conn ect or disconn ect ca bles or othe rwi s e work with the br id ge dur i n g peri ods of li gh tni n g acti v ity . 1. Attach the Ether net ca ble to the Ether ne t port on the w ireles s bridge.
Connect the Power Injector 4-7 4 Connect the Power Injec tor T o connec t the wi r el ess br id ge t o a po wer sourc e: Cauti on: Do not install the pow er injector outdoors.
Hard war e Ins talla tion 4-8 4 1. Insert the po wer cable plu g di r ect ly i nt o th e stan dar d AC receptacle on t he power injector . 2. Plug the other end of the power c able into a ground ed, 3-pin s ocket, AC power source. Note: For International use, you may need to change the AC line cord.
Align Antennas 4-9 4 The signa l str en gt h LED s indica te the re ceive d radio sig nal st re ng th for a particular bridge link . Th e m or e LED s that turn on, the stron ger the sig nal . A lter na tiv ely , you can monit or th e Rec eive Signal Strength Indica to r (R SSI ) v alue d irectly from the manage m ent interfa ce.
Hard war e Ins talla tion 4-10 4 1. Pan the anten na horiz on tally back and for t h whi l e ch eck ing the LE D s. If usin g the pole-m o unting bra ck et with the un i t, you must rotate th e m oun ting brack et around t he po l e. Oth er external an tenna bra ck ets m ay req ui re a di fferent horizontal adj us tment.
5-1 Chapter 5: Init ial Configuration The Dual- ban d Outdoor Acc ess P oint / Bri dge offers a variety of man agemen t options, in cl ud in g a w eb -based i nt er fa ce, a dir ect co nnecti on t o th e co ns ole port, T e lnet, Se cu re Shell (SSH ), or using SN MP software.
Initial C onfig uration 5-2 5 For a des cription o f how to use the C LI, see “ Using the Comma nd Line Interface” on page 7-1. For a lis t of al l the C LI com m an ds and detailed inf or m at ion on using the CLI, ref er to “ Comm and Grou ps” on pag e 7-6.
Logging In 5-3 5 Setting the Country Code – Units sold in the Un ited S tates are con fig ure d by default to us e only radio cha nnels 1-1 1 in 802.1 1b or 802.1 1g m od e as defined by FCC re g ulat i on s . Unit s sol d in ot her co untr ie s ar e conf ig ur ed by de faul t wit hou t a country code (i.
Initial C onfig uration 5-4 5 The hom e page displays the M ain Me nu..
6-1 Chapter 6: Syst em Config uration Before cont inuing wi th advance d config uration, first complete t he initial con figuratio n steps descr ibed in Chap te r 5 to se t up an IP add re ss for the acc es s point. The access point can be m a naged b y any com puter usi ng a web brow ser (Int er ne t Explorer 5 .
System Configurati on 6-2 6 Advanced Configuration The Adv anc ed C o nfigurat ion page s include th e f ol low i ng o ptions. T able 6-1. Menu Menu Desc ription Page System Configur es bas ic adminis.
Advanced Configur ation 6-3 6 System Identification The syste m nam e for the acces s po int can be le ft at its default set tin g. Ho w ev er, modi fy i ng t hi s pa ra me te r ca n hel p you t o mor e easi l y dist in gu is h di f f er en t de vi ces i n your n etwork.
System Configurati on 6-4 6 CLI Comma nd s for Syst em Id ent i fi cat i on – En te r th e gl ob al co nf ig ur at ion mod e, and use the sy st em nam e command to sp ecify a new syst em name. Then retu rn to the Exec mode, an d use th e show system command to display the changes to t he system iden tification s ettings .
Advanced Configur ation 6-5 6 TCP / IP Se ttings Configu ring the acc ess p oint with an IP address expands your abili ty to manag e the access po int.
System Configurati on 6-6 6 • IP Ad dress: The IP addr ess of the access point. Valid IP add resses consist o f four decimal numb ers, 0 t o 255, separat ed by periods. • Sub ne t Mask: The ma sk t ha t identifies t he host addr ess bits used fo r rout i ng to specific sub nets.
Advanced Configur ation 6-7 6 RADIUS Remote Aut he ntication Di al- in User Ser vi ce (RAD I US ) is an authen tication prot oc ol that uses so ftware run ning o n a centra l se rv er to c ont r ol acc ess to RA DIU S-awar e devices on t he n etwork.
System Configurati on 6-8 6.
Advanced Configur ation 6-9 6 MAC Addres s Format – MAC a ddresse s can be spec ified in one of four forma ts, using no d el ime ter , with a single dash delimet er, with m ult ip l e das h de limete rs , an d with multip le colon delimet ers.
System Configurati on 6-10 6 CLI Commands for RADIUS – From the global co nfigurati on m od e, use the radius-server address command t o sp ecify the addr es s of the prima ry or secondar y RA DIUS s ervers. (The fol lowing example confi gures the settin gs for the primary RADIUS server .
Advanced Configur ation 6-11 6 SSH Settings T e lnet is a remo te mana gem e nt to ol tha t c an be use d to configu re the acces s point from anyw h ere in the ne two rk. Howev er , T el net is not sec ur e fro m hostile at tack s. The Secure She ll (SSH) can act as a se cure repla cem e nt fo r T elnet.
System Configurati on 6-12 6 CLI Commands for SSH – T o ena ble the SSH server , use the ip ssh -server enable comm and fr om th e CLI Et her ne t interface con figuratio n m ode . T o set the SSH server U DP port, use the ip ssh-se rver por t com mand.
Advanced Configur ation 6-13 6 MAC Authentication – Y ou can configu re a list of the M A C ad dresses for wirele ss clients that are au thorized to access the net w or k. Thi s pro vides a ba si c leve l of aut he nti c ati on for wirel es s cl ie nt s at t emp t i n g to gai n acce ss to t h e netw o rk.
System Configurati on 6-14 6 802.1X Su ppli ca nt – The ac cess point can also operat e i n a 802 .1X suppli ca nt mode . Th is en abl es th e ac ces s poi nt it s elf t o be auth enti ca ted wi th a RADI US se rve r using a co nf igur ed MD5 use r na m e and password.
Advanced Configur ation 6-15 6 CLI Commands for Local MAC Authentication – Use the mac-authen tication serve r comm an d from the glo bal co nf ig ur at i on m od e to enable l oca l MAC authenti ca tion.
System Configurati on 6-16 6 CLI Commands for RADIUS MAC Authentication – Us e th e mac-au thenticati on serve r comm an d from the glo bal co nf ig ur at i on m od e to enable r em ote MAC authenti ca tion . Set the timeou t value for re-au thentic at ion us ing the mac- aut h enti cati on se ss ion -ti me out comm an d.
Advanced Configur ation 6-17 6 Filter Control The access point can em pl o y network traffic fra m e fil t erin g to control acc ess to network resour ces and increase security . Y ou can p revent communi cations between wireless clients and pre ve nt acc ess point m ana gement from w i r el ess cl ie nt s.
System Configurati on 6-18 6 Uplink Port M AC Ad dress Filterin g Status – Prev en ts traffic wit h spe ci f ie d so ur ce MAC ad dr ess es from being forward ed t o w ire less clients thro ug h the acces s po int. Y ou can ad d a m ax imum of fou r MAC addr ess es to the filter table.
Advanced Configur ation 6-19 6 VLAN The acc ess poi nt ca n emplo y VLAN tagging s upport t o contr ol access to n etwork resources and increase securi ty . VLANs separate traf fic pa ssing between the access po int, assoc iat ed cl ien ts, and the wired ne twork.
System Configurati on 6-20 6 When setting u p VLAN IDs for eac h user on th e RADIUS server , be sure to use t he RADIUS at tri bu t es an d values as in di ca ted in the fol lo wi ng tab le . VLAN IDs on t he R AD IUS ser ver ca n be en tered as hex ade cimal digi t s or a stri ng (see “radi us -s erver vlan -for mat” on pag e 7- 63).
Advanced Configur ation 6-21 6 WDS Settings Each acces s point rad io inte rf ac e can be configur ed to operat e i n a br i dge or repeat er mo de, w hich allows it to fo rw ard traffic direc tly to othe r access point units.
System Configurati on 6-22 6 • Br idge: Oper ates as a bridge to other acc ess poin ts. The “Par ent” link to th e root bridge mu st be confi gur ed .
Advanced Configur ation 6-23 6 Sp anni ng T r ee Pro toc ol – STP uses a distribut e d algorithm to selec t a bridging device (S TP -compli ant sw i t ch , bridge or rou ter) that ser ves as t he root of the spanning tre e network .
System Configurati on 6-24 6 the root dev i ce. All po rts conn ected to des ignated br id gi ng devices a re a ssi gn ed as designa ted ports. After determining the lo west co st spanning tree, it enab les all root ports and de signa ted ports, an d di sa bles all other por ts.
Advanced Configur ation 6-25 6 • Link P ath Cos t – This par am e te r is us ed b y the STP to de te rmin e the best pat h between devices . Therefor e, lower v alues shoul d be assig ned to por ts attached to faster m edia, an d higher values assigne d to por t s w ith slo w er m edi a.
System Configurati on 6-26 6 CLI Commands for STP Settings – If the role of a ra dio i nt er fa ce i s se t to R ep eater , Bridge or Roo t Bridge, STP can be enable d on t he acce ss point to ma intain a va lid network top olog y . T o globally ena ble STP , use the bridge stp en able co m mand from the CLI c onf igu ration mo de.
Advanced Configur ation 6-27 6 AP Management The Web, T e lnet, a nd SNMP manag ement int erfaces are en abled and open to all I P address es b y defaul t.
System Configurati on 6-28 6 • Mult iple IP: Specif ies an add ress range a s defined by the entered IP address an d subnet m as k. For exa mple, IP addr es s 192.16 8. 1. 6 and subnet m as k 255.255 .2 55 .0, defines al l IP addr es ses from 19 2.168.
Advanced Configur ation 6-29 6 Setting the T imeout Interva l Y ou can set the timeout interval fo r web access to the unit, a fter whi ch the user will have to re -e nt er th e use rname a nd pass word. Session T imeout for WEB – Sets the time li mit for an id le web interfa ce session.
System Configurati on 6-30 6 Before up gradin g new s oftware, v erify tha t the a ccess p oint is c onnect ed to the net w ork an d ha s bee n co nfi gur ed wit h a co mpa t i ble IP add r e ss and su bnet mask.
Advanced Configur ation 6-31 6 Firmware U pgr ad e Local – Dow nloads an operation cod e image file from th e w eb mana g emen t st ati o n to th e acc es s poi n t usi ng HTT P . Us e the Br ows e bu tt on to locate the ima ge file local ly on the mana gem e nt station and cl ic k Start Upgrade to proceed .
System Configurati on 6-32 6 Upon uplo ading a new configura tion file you will be pr om p ted to either res to re factory se ttings, or r ebo ot the unit.
Advanced Configur ation 6-33 6 System Log The access point can be co nfigured to se nd event and er ro r mes sages to a Sy st em Log Ser ver . The s ystem c lock can also be syn chronized with a time s erver , so t hat all the mess ages se nt to t he Sysl og serve r are stamped w ith the corre ct time and date.
System Configurati on 6-34 6 Logging Level – Set s th e min imu m sev erit y l evel for even t lo ggi ng. (Default: Info rmational) The syste m al low s yo u to limit the me ssa ges that ar e logge d by spe cify i ng a mini mum se veri t y le ve l.
Advanced Configur ation 6-35 6 CLI Commands for System Log ging – T o enable loggi ng on the acces s po int, use the logging on com m a nd from th e gl ob al con figuratio n m ode . The logging level comm and sets the minimum l ev el of messa ge t o log.
System Configurati on 6-36 6 Note: The access point also allows y ou to disable SN TP and set the s ystem clock manually. Set Time Zone – S NTP us es Co ordinated Univers al T ime (or UT C, form erly Greenw ic h M ea n Time, or GM T) base d on the time at th e Ear t h’s prime me rid ian, zero degr ees longitude .
Advanced Configur ation 6-37 6 CLI Comm a nds for the Sy st em C l ock – The following exa m pl e sh ows how t o manu ally set the sys tem t ime w hen S NTP serv er su ppor t i s dis abl ed o n the acce ss point. RSSI The RSSI value displayed on th e RS S I page represen ts a signa l to nois e r atio .
System Configurati on 6-38 6 The RSSI co ntrols allo w the extern al connect or to be disabl ed and the r eceive sig nal for ea ch WDS port displaye d.
Advanced Configur ation 6-39 6 RSSI: • Auto Re fresh – En ables or disable s the re fres hing of RS SI infor mation. • RSSI Valu e – The display ed RSSI value for a sel e ct ed po rt. •P o r t N u m b e r : Select s a specific WDS p ort for which to display the RSSI output val ue.
System Configurati on 6-40 6 SNMP Simp le Ne twor k Mana ge ment Pr ot oc ol ( SN M P ) is a com m u nica tio n pr ot oc ol designe d sp ecificall y f or ma nag ing device s on a networ k. Equipm en t commonl y manage d w i th SN M P in cl ud es switches , routers and ho st comput er s.
SNMP 6-41 6 Configuring SNMP and T rap Message Parameters The access point SNM P age nt must be en abled to fun ct ion ( for versions 1, 2c, and 3 clients). Mana gement acc es s using SNM P v1 and v2c als o re qu ires comm u ni ty strings t o be conf i gu red for auth en tication.
System Configurati on 6-42 6 Commu ni ty N am e ( Rea d/Writ e) – Defines the SNMP community access str ing that has read/ wr ite access. Au th or iz ed managem e nt statio ns a re able to both r et riev e and modif y M I B obj ec ts.
SNMP 6-43 6 T rap C on figuratio n – Allows selection of speci fic SNMP notificatio ns to send. The following i te m s ar e av ailable: • sysSy stemUp - The acc ess point is up an d ru nn ing. • sysSy stemDo w n - Th e ac ces s point is abou t to shutdow n and reboo t.
System Configurati on 6-44 6 • dot1 1St at i onD isassoc ia te - A cli ent st at ion n o longer a sso ci at es with the netw or k. • dot1 1St at ionA uthent icat eFa il - A client station ha s tried and fai led to aut he nticate to the netwo rk. • Enable All Traps - Click the button to enable all t he available tr aps.
SNMP 6-45 6 T o view the current SNMP sett ings, use the show snmp command. Enterprise AP#show snmp 7-54 SNMP Information ========================================= ===== Service State : Enable Communi.
System Configurati on 6-46 6 Configuring SNMPv3 Users The access point allows up to 10 SNMP v3 us ers to be co nfig ur ed . Each user mu st be defined by a uni q ue name, assi gn ed to one of three pre -de f in ed se cur ity groups, and config ured with spe cific authe ntication an d encryp tion settin gs.
SNMP 6-47 6 CLI Commands for Configuring SNMPv3 Users – Us e t he snmp-ser ve r engine- i d comm and to define the SNM P v3 engine be fore assig ni ng use rs to groups. Us e th e snmp-s erver user co mmand to assign use rs to one of the th ree groups and set the appropr i at e auth entica tion and encryptio n types to be us ed.
System Configurati on 6-48 6 Configuring SNMPv3 T rap Filters SNMP v3 user s can b e configu red to r eceive notification messag es from the ac cess point. An SNM P T arget ID is created t ha t sp ec ifies the SN M P v3 us er, IP address, and UDP po rt.
SNMP 6-49 6 T o add more subtree IDs to the filt e r , return to the SNMP T rap Filt er s p age and click the Edit butto n. In the Edit p age, cli ck the New button to access the Add SNMP Notificat io n Sub tree page and con figure a new subtree ID to be f ilt er ed.
System Configurati on 6-50 6 CLI Commands for Conf igur ing SNMP v3 T rap Filt er s – T o cr eate a n oti fica tio n fi lter, use the snmp -server fil te r co m mand from th e C LI co nfigurat i on m od e. Use t he comm and more than on ce with the sa me filter ID to bui l d a f ilter th at inc lude s or exclude s m ul t ipl e M IB obj ec ts.
SNMP 6-51 6 When you click on the Ne w or Edi t bu tto n in th e SN M P T argets page, a ne w page opens w her e t he targe t parameters ar e co nfigured . Define the parame ters and select a fil te r , if required . Note tha t the SN M P v3 u ser name mu st first be de fine d (See “Con figu ring SN MP v 3 Use rs” on page 6 -4 6) .
System Configurati on 6-52 6 Radio Interface The IEEE 802 .1 1a an d 80 2.1 1g interfaces i nc lude configur ation opt ions for radio signal cha racterist ic s an d wireless se curity fe atur es. The co nf ig ur at ion op tions are near ly id enti ca l , an d are t h eref ore bo th cov ered in thi s sect ion of t h e manu al.
Radio Interface 6-53 6 Radio Settings A (802.1 1a) The IEEE 802 .1 1a int er fa ce operates w ith in the 5 GHz ba nd, at up t o 54 Mbps in normal m od e or up to 108 Mb ps in Turbo mode.
System Configurati on 6-54 6 Configuring VAP Ra dio Settings T o configure V AP radio settin gs , select the Rad io Settings page ..
Radio Interface 6-55 6 Default VLAN ID – The VLAN ID as si gn ed to wirel ess cl ie nts assoc iated to the V AP interface t ha t are not assign ed to a spec ific VL AN by RAD IUS server conf ig ur at i on. (Default : 1) Closed Sy st em – W hen enabl ed, the V AP interface doe s not inclu de its SSID in beacon m essages .
System Configurati on 6-56 6 CLI Comm ands fo r the Configurin g the V APs – From the globa l configuration mode, enter the in t er fac e w i re le ss a comman d t o acc ess the 80 2. 1 1a radio inte rfac e. From the 80 2.1 1a inter f ac e mode, you ca n acces s r adio s ettings that app ly to all V AP inter fa ce s.
Radio Interface 6-57 6 The access point can be c onfigured to per io di ca lly scan all radio c han nels and fi nd other access po ints within range. A database of n earby acc ess poi nts is mai ntained where any r og ue APs can be i den tified.
System Configurati on 6-58 6 using the ro gue -ap scan comm and. T o view the da tabase of de te ct ed access points, use the s how ro gue -ap command from the Exec lev el. Enterprise AP(config)#interface wireless g 7-88 Enter Wireless configuration commands, on e per line.
Radio Interface 6-59 6 Configuring Com mon Radio Settin gs T o confi gure comm on ra dio settings, selec t the Rad io Setting s page, an d scroll d own to below the V AP radio setti ngs . Tu r b o M o d e – The no rma l 802.1 1a /b/g wirele ss operat i on m od e provides connect i ons up to 54 Mbps.
System Configurati on 6-60 6 Radi o C han n el – The radio cha nnel that th e access p oint uses to commu nicate w ith wi re l ess clients. Wh en mu ltiple acce ss poi nt s ar e depl oy ed i n th e sam e area , se t t he cha nne l on neighbo ring acce ss poin t s at l east fou r channe ls apart to av oid int er f er enc e wi th ea ch o th er .
Radio Interface 6-61 6 are within re gul at or y p ower limits for the c ountry of op er at io n. (De fault: Integr at ed antenna ; ID: 0 000. If t here is no inte grated a ntenna, "id=0x0 000, mod ule=NA" is displaye d in the list.) Se e “E xt er nal Ant e nna Optio ns” on page 1-5 for a list of availabl e an te nn as.
System Configurati on 6-62 6 Ant e nna Lo c ati on – Selects the m ou nting loca tio n of the anten na in use; either “Indoo r” or “ Outdo or.” Selecting the co rr ec t loca tion ensur es that the acc ess point only use s ra di o ch ann els that ar e pe rmitted in th e cou ntry of oper at i on .
Radio Interface 6-63 6 try sett ing the fragmen t size to send smaller fragments . This will spe ed up the retransmissi on of smaller f rames. However, it is more efficient to set the fr agment size large r if ver y lit t le or no in te rfer en ce is pres ent be cau se it requi re s ov erhead to send mul tipl e f rames .
System Configurati on 6-64 6 CLI Comm a nds for the Common Radio Settings – From th e gl obal conf igu rat i o n mode, enter the inte rface wire le ss a com mand to acce ss the 8 02.1 1 a radi o interface. From the 802. 1 1a interface mode, y ou can access r adio s ettings th at apply to all V AP inte rfaces.
Radio Interface 6-65 6 types of tr affic, W M M allo ws the prior ity l ev els to be conf i gur ed to match an y network -wide QoS policy . WMM als o specifi es a protoc ol that acce ss points can use to c ommun icat e t he co nfi gur ed tr af fi c pri ori ty l evel s to QoS- enab led wire less cli ent s.
System Configurati on 6-66 6 Figure 6-1. WMM Backoff Wait Times For high-p rior i ty tr affic, the AI FSN an d CW value s ar e sm a ller . The smaller value s equate to l ess backoff and wa it tim e, an d therefor e m or e t ra nsm i t opp ortunitie s.
Radio Interface 6-67 6 WMM – Sets the WM M operation al m ode on the acce ss p oint. Whe n en abled, the parameter s fo r ea ch AC queu e will be em ploy ed on the acc es s point and Q oS capabilities ar e advertis ed to WMM-e na bled clien ts. (Defau lt: Suppor t ) • Disab le: WMM i s di sa bled.
System Configurati on 6-68 6 CLI Commands for WMM – Ente r interfa ce wirele ss mode and t ype wmm require d for clients that w ant to ass ociate wit h t he ac ce ss point . The wmm-acknowledge-policy comma nd is use d to enable or disabl e a policy fo r each access ca tegory .
Radio Interface 6-69 6 T o view the cu rrent 80 2.1 1a radio settings f or th e V AP interface, us e the show interf ac e wireles s a [0-3] com mand. Enterprise AP#show interface wireless a 0 7-111 Wi.
System Configurati on 6-70 6 Radio Settings G (802.1 1g) The IEEE 802 .1 1g standa rd operate s within the 2. 4 G H z ba nd a t up to 54 Mbps. Also note that becau se t he IEEE 802.1 1g standard is an e xtension of the IEEE 802.1 1b standard, it allow s clients with 80 2.
Radio Interface 6-71 6 Most of the 802.1 1g comman ds are iden tical to t hose use d by the 802 .1 1a i nterface. For inf ormat ion on t he t hese comma nds, ref er t o th e fo llow ing sect ions : .
System Configurati on 6-72 6 Radio C hannel – The radio channel tha t the access point uses to commun icate with wireless clients. Wh en mult iple acce ss points are deploye d in the s ame ar ea, set the channel on ne ighbor ing ac cess po ints at lea st five cha nnels apart to avo id interfere nce with each other.
Radio Interface 6-73 6 CLI Comm a nds for the 80 2.1 1g Wi r el ess In te rfac e – From the gl ob al con figuratio n mode, enter the inte rface wire le ss g comma nd to access the 802.1 1 g radio interface. The 802.1 1 g radio can be forced to an 8 02.
System Configurati on 6-74 6 A summa ry of wirel es s security con sideration s is listed in th e fo llow ing table. Note: You must enable data encryption through the web or CLI in order to enable all types of encryption (WEP, TKIP, or AES) in the access point.
Radio Interface 6-75 6 The ac ces s po int ca n sim ul t aneousl y sup po rt cl i e nt s usi n g vari ous d i ff eren t sec urit y mech ani sms. T he conf igur ati on f or th ese s ecu rit y co mbina tio ns ar e ou tli ned in th e following table .
System Configurati on 6-76 6 Dynamic W EP an d 802.1x W P A Interface Deta il Settings : Authentica tion: W P A Encryption : Enab le WP A Configur ation: Sup ported Cipher Suite: WE P 802.1x: Re quired Set 802.1x key re fresh and reauthent ication rat es Local or D isabl ed Y es Static and dynam ic (802.
Radio Interface 6-77 6 Note: If you choose to configure RADIUS MA C authentication together wit h 802.1X, the RADIUS MAC addres s authentication occurs prior to 802.1 X authentication. Only when RADIUS MAC authentication succeeds is 802.1X authentication performed.
System Configurati on 6-78 6 Enable – Enable s ra di o co mmunica t io ns on th e V AP interface . (D efaul t : Dis abl ed ) Note: You must first enable VAP interface 0 before you can enable ot her VAP interfaces. SSID – The na me of th e basi c serv ice se t prov id ed by a V AP int er fa ce .
Radio Interface 6-79 6 • Alpha nu meric: En te r k eys as 5 al ph anumer ic ch aracters f or 64 bit key s, 13 alphanu m er ic cha racters f or 128 bit key s, or 16 alph anu meric cha racters fo r 1 52 bit keys (8 02. 11 a radio only ). Key Numb er – Selects the key numbe r to use for encryp tion for eac h V AP interface.
System Configurati on 6-80 6 Note: To use 802. 1X on wireless c lients requi res a network card driver and 802.1X client software that supports the EAP authentication type t hat you want to use. Windows 2000 S P3 or later and W indows XP provide 8 02.
Radio Interface 6-81 6 Enterprise AP(config)#interface wireless g 7-88 Enter Wireless configuration commands, on e per line. Enterprise AP(if-wireless g)#key 1 128 as cii abcdeabcdeabc 7-122 Enterprise AP(if-wireless g)#vap 0 7-95 Enterprise AP(if-wireless g: VAP[0])#auth shared-key 7-122 Data Encryption is set to enabled.
System Configurati on 6-82 6 CLI Comm a nds for WEP ov er 802. 1X Security – U s e th e va p comma nd t o ac cess each V AP interface to conf igu re the secur ity s et ting s. First set 802. 1X to required using the 80 2.1x comm an d and set t he 80 2.
Radio Interface 6-83 6 to enable da ta encryptio n. T o view the cur re nt sec urity settin gs, use the sho w interf ac e wireles s a [0-3] or sh ow in te rf ace w ir eles s g [0 -3] co m m and (not shown in ex ample).
System Configurati on 6-84 6 the acces s point and all wir eless clients. The PSK mode u ses the sam e TKIP packet encrypt ion a nd key man agemen t as WP A in the enter pr is e, pro vidi ng a robust a nd manage able alterna tive for sma l l ne tw ork s.
Radio Interface 6-85 6 inf orma tion for m a Secu rit y Asso ci atio n th at t he a cces s poi nt name s and hold s i n a cache. • Pre aut henti cat ion : Each time a cl i ent ro am s to another acc ess poin t it has to be fully re-au th en ticated.
System Configurati on 6-86 6 The WP A co n fig urat ion p ara met er s are de scri bed below : Encr ypti on – Y o u must enab le d at a en cryp tion in o rde r to ena ble a ll t ypes of encryption (W EP , TKIP , or AES) in the access po int. Pre-Authenticatio n – Whe n using W P A2 over 802.
Radio Interface 6-87 6 The configu ra tion settings for WP A are summariz ed be low: CLI Commands for WP A Using P re-shared Key Se curity – From th e V AP interface configur ation m ode, u se the auth wpa-psk requir ed com mand to enab le WP A Pre- shar ed Ke y se curit y .
System Configurati on 6-88 6 CLI Commands for WP A Over 802.1X Secur i ty – From the V AP i nter f ace configur ation m ode, u se the auth w pa required com m an d t o sel e ct WP A o ver 802.1X se cu rity . Th en s et the 802.1 X key re fr es h ra te s.
Radio Interface 6-89 6 Open the Sec urity page, and c lick M ore fo r on e of th e V AP interfaces . Y ou can en abl e 8 02.1X as op tion ally suppo rted or as req ui re d t o enh ance the secu rit y of th e wi rel e ss net wor k. (Def a ult : Di sabl e) • Disab le: The acc ess poi nt does not support 80 2.
System Configurati on 6-90 6 CLI Commands for 802.1X Au th ent ica tion – Use the 802.1X s upported command from the V AP interface m od e to enable 802 . 1X au thentica tion . Se t the ses si on a nd broadca st key refresh r ate, and the re-au thentica tion tim eout.
Status Information 6-91 6 AP S yste m Conf ig urati on – Th e AP Syst em Con fig ur at i o n ta ble di spl ays th e basi c system co nf ig ur at i on se ttings: • Sys t em Up Ti m e: Len gth of time the managem e nt agent has be en up. • Ether ne t MAC: The phy sical lay er add res s f or the Eth er ne t port.
System Configurati on 6-92 6 • Boo trom Ve rsion: Sho w th e boo trom vers ion nu mber. • Hard war e Vers ion: Show s the har d war e ve rsi o n numb er. AP Wirele ss Configur ation – The AP Wireless Conf iguration tables display th e radio and V AP interface sett ings listed b elow .
Status Information 6-93 6 St a tion S t atus The S tation S tatus window shows th e wi re le ss clients currentl y as sociated w it h th e access po int. The S tation Conf igur at i on page displays ba sic conn ect i on in for mation for al l associa t ed sta tion s as describ ed be l ow.
System Configurati on 6-94 6 • St at ic – The client is usi ng static WEP keys for en cryption . CLI Comm a nds for Di spla ying S tation St atus – T o view status of cl ients cu rr en tly associa t ed wi t h th e ac cess poin t, us e th e sho w station com mand f rom th e Exec mode.
Status Information 6-95 6 Event Logs The E vent Logs window shows the l og messa ges gene rated by the access point a nd stored in mem ory . The E vent Logs table di splays t he fo llowing in formatio n: • Log Ti m e: The t i m e the lo g m es sage was gen erated.
System Configurati on 6-96 6 CLI Commands for Displa yi ng the Logging Status – From th e gl ob al conf i gu r a tio n mode , us e the show logging command . CLI Commands for Displa ying Ev ent Logs – T o view the access point log en tries, use the show even t-log comma nd from the Exec mode.
Status Information 6-97 6 STP Status The STP St atus wind ow sh ows the STP status for each por t. • ID: Dis play s th e por t ID num ber. • Pri ori t y : The pr io r i t y de si gna ted t o t h e spec i fi ed port . • Path C o st : Di sp lays the pat h c ost value fo r the s pecified por t.
System Configurati on 6-98 6.
7-1 Chapter 7 : Co mmand Line Interface Using the Command Line Interface Acces sing the C LI When acc essing the managem en t interface fo r the ov er a direct con nection to th e console por t , or vi a a T elnet con nec tion, th e acc es s point can be managed by entering com mand ke yw o rds and param e te rs at the pro mpt.
Command Li ne Interface 7-2 7 If your cor por at e n etwork is con nected to an other ne two rk outside you r office or to the Int ernet, y ou need to a pply for a regi stered IP addr ess.
Entering Comman ds 7-3 7 Command Com pletion If you termi na te input with a T ab key , the CLI will pri nt the rema ining char acters of a partial keyw or d up t o the po int of amb igui t y . I the “configu re ” ex am p le, typing con followed by a tab will result in printin g the command up t o “ configure .
Command Li ne Interface 7-4 7 Partial Keyword L ookup If you termi na t e a part ial keyw ord with a ques t io n m ar k, al te rn at ives that matc h th e initial lette rs are pro vi de d. (Rem em be r not to leave a space between t he c omman d and quest i on m ar k.
Entering Comman ds 7-5 7 Exec Comm ands When yo u open a new cons ole ses sion on an a ccess po int, the system e nters Exec comm and mod e. Only a l imited nu mber of the comm ands are available in this mod e. Y ou can ac ces s all other com m a nds only f ro m th e con figuratio n m od e.
Command Li ne Interface 7-6 7 Command Li ne Processing Comma nds are not ca se sens itive . Y ou can abbr eviate com m a nds and paramet er s as long as the y co ntain en ough lette rs to different i at e th em f rom a ny other c ur re nt ly availabl e co mman ds or parame ters.
General Commands 7-7 7 The access mode sho wn in the follo w ing table s is indicate d by these ab br ev iations: Exec (Executive Mode ), GC (Globa l Conf iguration), IC-E (Interface-E therne t Conf ig urat ion), IC- W (Inte rfac e-Wireles s Config ur at io n) , an d I C-W-V AP (Interfac e- Wir eless V AP Configuratio n) .
Command Li ne Interface 7-8 7 configure This c ommand activat es Glob al Configu ration m ode. Y ou mus t enter t his mo de to modify mo st of the sett ings on the access poin t. Y ou must also enter Gl obal Configu ra tio n m ode prior to ena bling the c ont ex t modes fo r Int er fa ce C o nfigurati on.
General Commands 7-9 7 Example This examp le shows ho w to return to t he Ex ec mode fro m the In te rfac e Configu ra tio n m ode, and then quit the CLI ses si on : ping This comm an d sends ICM P echo reque st packets to an ot he r node on the net w o rk.
Command Li ne Interface 7-10 7 reset This comm an d restarts the syst em or restores t he factory def au lt se ttings. Syntax reset < board | configuration > • board - Rebo ot s t he s ystem. • co nfig ura tio n - Rese ts the configu ration settings t o the f actory defaults , and then r ebo ot s t he s ystem.
System Management C ommands 7-11 7 show lin e This comm an d displays the conso le port’s configur at i on s et ting s. Command Mode Exec Example The consol e port setting s ar e fix ed at the val ues shown be lo w.
Command Li ne Interface 7-12 7 country This comm an d config ur es the access poi nt’s cou nt r y cod e, which ide nt ifies the coun try of op erat io n an d set s the autho riz e d radi o chan nels . Syntax country < countr y_cod e > country_code - A two character code that identifies the cou ntry of operation.
System Management C ommands 7-13 7 Default Sett in g US - for units sold in the United S tates 99 (no coun t ry set ) - for units sold in othe r countries Command Mode Exec Command Usage • If you p urchase d an acces s point out side of the U nited Stat es, the cou ntry code mus t be set be fore radio fu nct i on s ar e enabled .
Command Li ne Interface 7-14 7 • The available Co untry Co de settin gs can be d isplayed by using the country ? comm and . Example prompt This comm an d custom i ze s th e C LI pr om p t. Use the no form to rest or e t he de fault prompt. Syntax prompt < string > no prompt string - Any alphanum eric string to use for the C LI prompt.
System Management C ommands 7-15 7 Command Mode Global Co nfiguration Example username Thi s com mand conf igu res the user n ame f or manage ment acc ess.
Command Li ne Interface 7-16 7 ip ssh-se rver enabl e This comm an d enable s th e Sec ur e She ll server. Use the no form t o di sa bl e th e serv er .
System Management C ommands 7-17 7 ip telnet-se rver enab le This comm an d enable s th e T elnet ser ve r . Use the no form to disa ble the serv er. Syntax ip te lnet -ser ver enabl e no i p tel net .
Command Li ne Interface 7-18 7 ip http serv er This c ommand allows this d evice to be mon itored o r conf igured fr om a browser. Use the no form to disable this functio n .
System Management C ommands 7-19 7 ip https port Use this c ommand to specif y the UDP port n umber use d for HTTPS/ SSL conn ection to the acces s point’s Web interfa ce . Use the no form to restor e the defaul t port. Syntax ip h ttps po rt < port_n umber> no ip http s port port_number – The UDP port used for HTTPS/SSL.
Command Li ne Interface 7-20 7 Syntax ip htt p s serv er no ip https server Default Sett in g Enabled Command Mode Global Co nfiguration Command Usage • Both HTTP and HTTPS s er vi ce c an be enabled ind epe ndently.
System Management C ommands 7-21 7 APmgmtIP This comm an d specifi es t he client IP addr esses tha t a re a llow ed manage ment access t o th e ac cess poin t thr ou gh variou s pr ot oc ols. Cauti on: Secure Web (HTTPS) c onnections are not a ffected by the UI Management or IP Management set tings.
Command Li ne Interface 7-22 7 APmgmtUI This comm an d enable s and disab le s m an age ment ac ce ss to the acce ss point through SN M P , T elne t and web inte rfac es. Cauti on: Secure Web (HTTPS) connect ions are not a ffected by the UI M anagement or IP Management set tings.
System Management C ommands 7-23 7 show sy stem Thi s co mmand di s play s basi c syst em co nfi g urat ion se ttin gs. Default Sett in g None Command Mode Exec Example Enterprise AP#show system Syste.
Command Li ne Interface 7-24 7 show ve rsion This com m an d displays the software ve rs ion for the system . Command Mode Exec Example show co nfig This c ommand displays detailed configurat ion info rmation for th e system .
System Management C ommands 7-25 7 Hardware Version Information ========================================= == Hardware version R01A ========================================= == Ethernet Interface Information ======================================== IP Address : 192.
Command Li ne Interface 7-26 7 Logging Information ========================================= ============ Syslog State : Disabled Logging Console State : Disabled Logging Level : Informationa l Logging Facility Type : 16 Servers 1: 0.0.0.0 , UDP Port: 514, St ate: Disabled 2: 0.
System Management C ommands 7-27 7 dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot 11StationAuthentication Enabled dot11StationReAssociation Enabled dot11S.
Command Li ne Interface 7-28 7 show hard ware Thi s co mmand dis pl a ys th e hard w are ve r s ion of the sy st em. Command Mode Exec Example System Logging Comman ds Thes e comma nds ar e used t o co nfi gur e sy stem l og gin g on the acces s poin t.
System Logging C ommands 7-29 7 logging on This comm an d contro ls loggi n g of error mess ages; i.e ., sen ding debu g or error message s to memor y .
Command Li ne Interface 7-30 7 Example logging co nsole This comm an d initiate s lo gg ing of error m ess ages to the co nsole. U se t he no form to d isa ble l ogg ing t o t he co nsol e.
System Logging C ommands 7-31 7 Command Usage Messag es sent in clude the se lected level down to Emerg ency level. Example logging fac ility-type This comm an d sets the faci lity t yp e for remot e log ging of sy slog message s.
Command Li ne Interface 7-32 7 Command Usage The comm and spec ifies the facilit y type tag sent in sys log messag es. (See RFC 3164. ) This type has no ef fect on the kind of mes sages reported by t he acce ss poi nt. How ever , it may b e used by the sy slog server to sort message s or to store me ssages in the corre sponding database.
Syst em C lock C omm and s 7-33 7 show ev ent-log This comm an d displays log mess ag es stored in the acc ess point’s mem or y . Syntax show event -lo g Command Mode Exec Example System Clock Command s Thes e co mmand s ar e used to conf igur e SN TP a nd s yste m clo ck s etti ngs o n th e access po int.
Command Li ne Interface 7-34 7 sntp-ser ver ip This comm an d sets the IP addr es s of th e se rvers to whi ch SN TP time req ues ts are issued. U se th e th is com m a nd with no arg um en ts to clear all time ser ve rs from the current l ist. Syntax sntp-ser ver ip < 1 | 2 > < ip> • 1 - First t ime server.
Syst em C lock C omm and s 7-35 7 Command Mode Global Co nfiguration Command Usage The time ac quired from time se rvers is used to record acc urate dates and times for log ev ent s. With out SNTP , the access point onl y records the tim e starting fr om the f actory def ault set at the last bootup (i .
Command Li ne Interface 7-36 7 sntp-ser ver dayl ight-s avi ng This comm an d sets the start and en d dates fo r da yli ght sa vings time. U se the no form to disa ble dayli ght sa vi ngs time.
Syst em C lock C omm and s 7-37 7 Command Usage This command sets the local time zone relative to the Coordinated Universal T im e (UTC , for merly Gree nwic h Mean T i me or GMT), ba sed on t he ear th’ s prime m eridian, z ero degre es longitude .
Command Li ne Interface 7-38 7 DHCP Relay Commands Dynami c Hos t Configur at ion Pr ot oc ol (DHC P) c an dy na mically allo ca te an IP addr ess an d othe r conf ig ur ati on inf orm at io n t o netw o rk cl i e nt s that br oad cast a request.
DHC P Rel ay Com ma nd s 7-39 7 dhcp-re lay This c ommand configur es the prima ry and seconda ry DH CP serv er addr esses. Syntax dhcp-relay < primary | seconda ry > < ip_addre ss > • primary - The primary DHCP server. • secondar y - The secon dary DHC P server.
Command Li ne Interface 7-40 7 SNMP Command s Controls a ccess to this ac cess po int from manage m ent stati ons using the Si m pl e Network M a nagemen t Proto col (SNMP) , as well as the hos ts that will rec ei ve trap messag es.
SNMP Commands 7-41 7 snmp- server com munity This comm an d define s the co mmun ity a ccess stri ng f or th e Si m pl e Net w or k Manage m ent Pr ot oc ol.
Command Li ne Interface 7-42 7 Command Mode Global Co nfiguration Example Related Commands snmp -serve r locatio n (7-42) snmp- server loc ation This comm an d sets the sys t em loca tion string .
SNMP Commands 7-43 7 Command Mode Global Co nfiguration Command Usage • This com m an d enable s both authen tication f ai lure not i fica tions and link-up-do wn notifi cat i ons . •T h e snmp-s erver h o st c ommand specifi es the host device that will receive SNMP notificatio ns.
Command Li ne Interface 7-44 7 Command Usage The snmp-s erve r host com mand i s u sed i n co njun cti on wi th t he snmp-s erver enabl e server command to enab le SNMP noti fications . Example Related Commands snmp- server enabl e server (7 -42) snmp- server trap This comm an d enable s th e ac ces s point to se nd s pecific SNMP traps (i.
SNMP Commands 7-45 7 - iappStationR oamedTo - A client st ation has roa med to a nother acc ess point (ident i f ie d by its IP addre ss) . - loc alMa cAd drA uthF ai l - A client s tation has faile d authe ntication with the local MAC address da tabase on the acces s poin t.
Command Li ne Interface 7-46 7 Command Mode Global Co nfiguration Command Usage • Thi s command i s used in conj unctio n wit h the snmp-server user command. • Enter ing this c omman d invalida tes all e ngine IDs that have been previously configur ed.
SNMP Commands 7-47 7 - RWAuth - A rea d/ wr ite group us in g au th ent i ca tion , but no da ta encrypt ion. User s in this g roup se nd SNM P mess ages tha t use a n MD5 key /pa sswor d for aut hen tic atio n, bu t no t a D ES k ey/p ass word f or encrypt ion.
Command Li ne Interface 7-48 7 snmp- server targe ts This c ommand configur es SN MP v3 notificati on targets. Us e the no fo rm to d ele te an SNMP v3 target .
SNMP Commands 7-49 7 snmp- server filte r This comm and confi gures SNMP v3 notificat ion filters. U se the no f orm to delet e an SNMP v3 filte r or re move a sub tree from a filter.
Command Li ne Interface 7-50 7 snmp- server filte r-assignments This comm an d assign s SN M P v3 not i fica tion filter s to targets. Use t he no form to remove an SNMP v3 fil ter assi gnment .
SNMP Commands 7-51 7 Example show sn mp users This c ommand displays the SNMP v3 users and se ttings. Syntax show s nmp user s Command Mode Exec Example show sn mp group-a ssignments This comm an d displays the SNMP v3 user group ass ignme nts.
Command Li ne Interface 7-52 7 Example show sn mp target This comm and disp l ays the SNMP v3 notifica tio n targ et set t in gs. Syntax show snmp targ et Command Mode Exec Example show sn mp filter Thi s com mand d is play s th e SNMP v 3 no tif icat ion fil ter sett in gs.
SNMP Commands 7-53 7 show sn mp filter-a ssignments This comm an d displays the SNMP v3 notificatio n fil te r as sign ments. Syntax show snmp fi lter -ass ignm ent s Command Mode Exec Example Enterpr.
Command Li ne Interface 7-54 7 show sn mp This comm an d displays the SNMP co nfigurati on se ttings. Command Mode Exec Example Enterprise AP#show snmp SNMP Information ===============================.
Flash/File Comman ds 7-55 7 Flash/File Commands These c omman ds are used to mana ge the system code or conf iguration files. bootfile This comm an d specif ie s the image us ed t o start up th e sy stem. Syntax bootfile < filename > filename - Name of the i mage file.
Command Li ne Interface 7-56 7 copy This comm an d copies a boot f ile, co de i m age , or confi gur at ion f i le bet wee n the access po int’s flash memor y and a FTP/TF T P se rv er.
Flash/File Comman ds 7-57 7 The follow in g ex ample show s how to dow nl oa d a co nfigurat ion f ile: delete This comm an d deletes a f ile or image. Syntax delete < filename > filename - Name of the configurati on file or image name. Default Sett in g None Command Mode Exec Cauti on: Beware of deleting application images from flash memory.
Command Li ne Interface 7-58 7 dir This command dis plays a list o f files in flash memory . Command Mode Exec Command Usage File info rmation is s hown bel ow: Example The follow ing exampl e sh ows .
RADIUS Client 7-59 7 RADIUS Client Remote Aut he ntication Di al- in User Ser vi ce (RAD I US ) is a logon aut he nt i cati on protoc ol tha t uses software runn ing on a centr al ser ve r to contro l ac ce ss for RADIUS - awa re devic es to the network.
Command Li ne Interface 7-60 7 Command Mode Global Co nfiguration Example radius- server por t This comm an d sets the RAD I US se rver netw or k po rt. Syntax radius-server [ secondar y ] port < port_n umbe r> • secondar y - S econd ary serv er.
RADIUS Client 7-61 7 radius- server r etransmi t This c ommand sets the number of ret ries. Syntax radius-server [ secondar y ] retransmi t number _of_retrie s • secondar y - S econd ary serv er. • number _of_retries - Number of t imes the acc ess point will try to authenti ca te logon acce ss via the RAD I US se rver.
Command Li ne Interface 7-62 7 radius- server port-a ccountin g This comm an d sets the RADI U S Ac counting se rver netw or k po rt . Syntax radius-server [ secondar y ] port-accoun ting < port_num ber> • secondar y - Secondary server.
RADIUS Client 7-63 7 Example radius- server radiu s-mac-fo rmat This comm and sets the f ormat for sp ecifying MAC addre sses on th e RADIUS server . Syntax radius-server radius- m ac -format < mu lti- colon | multi -dash | no-delimi ter | single-da sh > • multi-colon - Ente r MAC addresses in the form xx:xx:xx:x x:xx:xx.
Command Li ne Interface 7-64 7 show radi us This comm an d displays the current set t i ngs for th e R AD I U S server . Default Sett in g None Command Mode Exec Example Enterprise AP#show radius Radius Server Information ======================================== IP : 0.
802.1X Authentication 7-65 7 802.1X Authentication The access point suppo rts IEEE 802.1 X acc ess control for wi r el ess cl ie nts. This contro l feature prevents una uthorize d access to the n etwork by requ iring an 80 2.1X client ap pl icat i on t o su bmit user cr ede ntials for au thentica t io n.
Command Li ne Interface 7-66 7 Command Mode Global Co nfiguration Command Usage • Whe n 802. 1X i s dis abl ed, t he a cce ss poi nt does not supp ort 802. 1X authenti ca tion for an y stat i on. Af te r su cc essful 802. 1 1 associa tion , each client is a llowed to access the network.
802.1X Authentication 7-67 7 802.1x-s upplicant use r This comm an d sets th e use r na me and pas sw o rd used fo r au t hen tic ation of the access po int when op er at ing as a 802.1X su ppl i ca nt . Us e the no form to clear the supplica nt user na m e and password.
Command Li ne Interface 7-68 7 show au thenticati on This co mmand sh ows all 80 2.1X aut henticati on settings , as well as the add ress f ilter table.
MAC Address Authentication 7-69 7 MAC Address Authenticati on Use these comma nds to d ef in e M AC au thentica tion on t he ac cess poi nt . Fo r loc al MAC au th ent ica tion, first de fin e th e de fault filteri ng po licy using th e ad dress filte r default c ommand.
Command Li ne Interface 7-70 7 Related Commands address filter entr y (7-70) 802. 1x- suppl ic ant us er (7- 67) addres s filter en try This comm an d enters a MA C add ress in the fi lter table. Syntax address f ilter entry < mac- addre ss> < allowed | den ied > • mac-a ddress - Physi cal addr ess of c lie nt.
MAC Address Authentication 7-71 7 Command Mode Global Co nfiguration Example Related Commands 802. 1x- suppl ic ant us er (7- 67) mac-authe ntication ser ver This comm an d sets addre ss f ilter i ng t o be performe d w ith loc al or remo te options .
Command Li ne Interface 7-72 7 Default 0 (disable d) Command Mode Global Co nfiguration Example Filtering Commands The com mands described in this section are use d to filter communi cations between w.
Filtering C ommands 7-73 7 filter lo cal-bridge This c ommand disables comm unication betwee n wire less clien ts. Use the no form to d isa ble t hi s fil ter in g.
Command Li ne Interface 7-74 7 filter uplink enable This c ommand enable s filterin g of MA C add resses from the Ether net po rt. Syntax [ no ] filte r upli nk e nabl e Default Disabled Command Mode Global Co nfiguration Example filter uplink This comm an d adds o r de lete s M A C ad dr ess es from th e up link filtering table.
Filtering C ommands 7-75 7 Global Co nfiguration Command Usage Thi s com mand i s us ed i n co njun cti on w ith t he filter ethern et-type protoc ol comm and to determin e which Ethernet pr otocol types ar e to be filtered .
Command Li ne Interface 7-76 7 show filte rs This comm an d shows the fil te r op tion s an d protoc ol entrie s in the filter tab le. Command Mode Exec Example WDS Bridge Commands The com mands descr.
WDS Bridge Comman ds 7-77 7 bridge mode This c ommand selects be tween Master and S lave mo de. Syntax bridge mode < master | slave > • maste r - Operates as a master ena bling up to five slave links . • slave - Oper ates as a sla ve wi th only one l in k to the maste r.
Command Li ne Interface 7-78 7 configur ed a s the “root bri dg e” in the wirel es s net w o rk. The root bridg e i s the unit co nne cted to the ma in core of th e wi re d LAN . O t her br idges need to spec ify one “Parent” link to the root b ridge or to a bridg e connec ted to the root bridge.
WDS Bridge Comman ds 7-79 7 Default Sett in g None Command Mode Interfa ce Configur ation (Wirel ess) Command Usage Every brid ge ( exc ept the root brid ge) in the wireless brid ge network m ust specify t he MAC add ress of the parent br idge that is linked to the root brid ge, or th e root brid ge it sel f.
Command Li ne Interface 7-80 7 bridge dynamic -entry age-time This comm an d sets the time for agi ng out dynami c en tries in the W DS f or w ar di ng table. Syntax bridge dynam ic-entry age-time < seconds > seconds - The ti me to a ge out an address entry .
WDS Bridge Comman ds 7-81 7 show bridg e filter-entry This comm an d displays current entr ie s in th e W DS forward i ng table . Command Mode Exec Example show bridg e link Thi s com mand dis play s WDS brid ge li nk and s p anni ng t ree se tti ngs for s pec ifi ed int erfa ces .
Command Li ne Interface 7-82 7 Example Enterprise AP#show bridge link wireless a Interface Wireless A WDS Information ==================================== AP Role: Bridge Channel Auto Sync: Disable Pa.
Spanning Tree Commands 7-83 7 Spanning Tree Command s The comm a nds descr ib ed in this secti on ar e us ed to set the MA C address tab le aging time a nd spanning tre e para m et er s fo r bo t h the Et her ne t and wirel ess int erfa ces . bridge stp enable This comm an d enable s th e Sp anning Tree Protocol .
Command Li ne Interface 7-84 7 bridge stp forwarding-d elay Use t his comm and to co nfigur e the sp anni ng tree br idge for ward t ime glo ball y for the wir eles s bri d ge. Us e the no form to re st or e th e de fault. Syntax bridge stp forwa r ding-delay < secon ds > no bridge stp forw arding-delay seconds - T ime in seconds.
Spanning Tree Commands 7-85 7 Example bridge stp max-age Use this com m an d to config ur e th e spann ing tree br idge maximum ag e globally fo r the wir eles s br idge . Us e th e no f orm t o re st or e t he de fault. Syntax bridge stp m ax-age < seconds > no bridge stp max - age seconds - T ime in seconds.
Command Li ne Interface 7-86 7 Command Mode Global Co nfiguration Command Usage Bridge prior i ty is used in selecti ng the root devi ce, root port, an d designated port.
Spanning Tree Commands 7-87 7 Default Sett in g 128 Command Mode Interface Configuratio n Command Usage • This com m an d defines t he pr i or ity for th e us e of a port in the Sp an ning Tree Protoco l.
Command Li ne Interface 7-88 7 Ethernet Interface Comm ands The comm a nds descr ib ed in this secti on co nf i gur e co nnection parameters f or th e Ethernet p or t an d w ire le ss inter f ace . interfac e etherne t This comm an d enters Eth er net int er fa ce c onfigurati on mode.
Ethernet Interfac e Commands 7-89 7 dns se rver Thi s com mand s pec ifie s th e ad dres s fo r th e pr imary or s eco ndar y dom ain name ser ver to b e used for nam e-t o-ad dres s re solu tion .
Command Li ne Interface 7-90 7 Command Mode Interface C onfigurat i on (Eth ernet) Command Usage • DHCP is enabled by default. To manually configure a new IP address, you must fi rst disable th e DHCP client with the no ip dhcp co mmand .
Ethernet Interfac e Commands 7-91 7 • When you use this command, the access p oint will b egin broadcasting DHCP client request s. The current IP addr ess (i.e., default or manually configur ed a ddress) w ill con tinue to be eff ec tive until a DHC P rep l y is rec ei ve d.
Command Li ne Interface 7-92 7 shutdown This comm an d disables the Etherne t int er face . T o res tart a disa bled inte rfac e, use the no form. Syntax sh ut dow n no shutdown Default Sett in g Inte.
Wireless Interface Comman ds 7-93 7 Example Wireless Interface Com mands The comm a nds descr ib ed in this secti on co nf i gur e co nnection parameters f or th e wir eles s int e rfa c es. Enterprise AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.
Command Li ne Interface 7-94 7 beacon-in terval Configu res the rat e at which beacon s ignals are transmit ted fro m the acce ss point IC-W 7-10 3 dtim-perio d Con figures the rate at wh ich station .
Wireless Interface Comman ds 7-95 7 interfac e wirel ess This comm an d enters w irel es s i nt er face c onfigura tion mode. Syntax inte rfac e wireless < a | g > • a - 802.11 a ra dio i nt er fa ce . • g - 802.11 g ra dio i nt er fa ce. Default Sett in g None Command Mode Global Co nfiguration Example T o speci fy the 8 02.
Command Li ne Interface 7-96 7 speed This comm an d config ur es the maximu m da ta ra te at wh ic h th e ac cess poi nt transmi ts un ic ast packe ts. Syntax speed < speed> speed - Maximum access speed allowed for wireless client s. (Options for 802.
Wireless Interface Comman ds 7-97 7 Command Usage • The nor m al 802 .11a wirel es s op eration m od e provide s co nnections up to 54 Mbps. Tur bo Mode is an enh anced mo de (not regula ted i n IE EE 802.11a ) that provide s a highe r data rate of up to 108 M bps.
Command Li ne Interface 7-98 7 chan nel This c ommand configur es the radio channel through which the ac cess p oint comm uni ca tes with w i rele ss clients. Syntax channel < channe l | auto > • channel - Manually se ts the radi o ch ann el used fo r co m m un ications w ith wireless clients.
Wireless Interface Comman ds 7-99 7 Default Sett in g ful l Command Mode Interfa ce Configur ation (Wirel ess) Command Usage • The “mi n” key word indica tes minim um power. • The longe r the trans m is sion distance, th e hi gh er the trans m issi on power required .
Command Li ne Interface 7-100 7 Example preamble This comm an d sets the length of the signal pr ea mble that is use d at the start of a 802.1 1b/g data tr ansmiss ion. Syntax preamb le [ long | short-or -long ] • lon g - Sets the pr eamble to lo ng ( 192 microsec on ds).
Wireless Interface Comman ds 7-101 7 antenna c ontrol This comm an d selects the u se of two dive rsity antenn as or a sing le ant en na for the radio inter fa ce . Syntax antenna co nt rol < dive rsity | lef t | right > • diversity - The radio us es two identic al ant en nas in a diver si t y m od e.
Command Li ne Interface 7-102 7 Command Mode Interfa ce Configur ation (Wirel ess) Command Usage • See “Ex te rn al Ant en na Option s” on pa ge 1-5 for a list of th e ava i la ble antenna options and t heir pa rt numb ers.
Wireless Interface Comman ds 7-103 7 beacon-int erval This comm and con figures the rate at w hich beac on signa ls are trans mitted from the access po int. Syntax beacon-int erval < inte rval> interv al - The r ate for transmitting bea con signals.
Command Li ne Interface 7-104 7 will save all broadcast /multicast fr ames for the Bas ic Service Set (BSS) and forwar d th em af t er e ver y se cond beac on.
Wireless Interface Comman ds 7-105 7 rts-threshold This comm an d sets the packet siz e threshol d at w hich a R e quest to S end (RTS) signal mu st be s ent to the re ceivi n g station prior to the send ing station starting comm unicatio ns. Syntax rts-thre shold < thre shol d> threshold - Threshold packet size for which to s end an RTS.
Command Li ne Interface 7-106 7 super-a Thi s com mand enab les A the ros prop riet ary Supe r A pe rfor man ce en han cemen ts . Use t h e no form to disable this function. Syntax [ no ] super-a Default Sett in g Disabled Command Mode Interfa ce Configur ation (Wirel ess - 802.
Wireless Interface Comman ds 7-107 7 descri ption This comm an d adds a desc ript i on to a the wireles s interface. U se the no form to remov e th e de scription. Syntax description < string > no description string - Comment or a description for this interface.
Command Li ne Interface 7-108 7 clos ed-s ystem Thi s com mand prohi bit s a cce ss t o cli ent s w itho ut a pre- conf ig ured SSID . Use the no form to disa ble this featur e.
Wireless Interface Comman ds 7-109 7 assoc-tim eout-interv al This comm an d config ur es the id le tim e int er val (w hen no frame s are sent) a fter whi ch t he cl ien t is dis assoc iat ed f rom t he V AP int erf ace. Syntax assoc-time out-interva l < minutes > minutes - The number of minutes of inactivity before disassociation.
Command Li ne Interface 7-110 7 Default Sett in g Interface en abled Command Mode Interface C onfigurat ion (Wireles s-V AP) Command Usage Y ou must f i rst ena ble V A P interf ace 0 before yo u can ena ble V AP interfaces 1, 2, 3, 4 , 5, 6, o r 7.
Wireless Interface Comman ds 7-111 7 show inte rface wireless This comm an d displ ays the status for the wire le ss int er face. Syntax show i nterface wi reless < a | g > vap- id • a - 802.11 a ra dio i nt er fa ce . • g - 802.11 g ra dio i nt er fa ce.
Command Li ne Interface 7-112 7 ----------------802.1x------------------- -------------------------------- 802.1x : DISABLE D Broadcast Key Refresh Rate : 30 min Session Key Refresh Rate : 30 min 802.
Wireless Interface Comman ds 7-113 7 show sta tion Thi s co mmand shows t h e wire less clie nt s assoc ia t ed with t h e acce s s poin t. Command Mode Exec Example Enterprise AP#show station Station Table Information ========================================= =============== if-wireless A VAP [0] : 802.
Command Li ne Interface 7-114 7 Rogue AP Detection Comm ands A “rogue AP ” is ei ther an ac cess po int tha t is no t a ut hor i zed to participat e in th e wireless network, or an acc ess poin t that do es not have the correct se curity configur at io n.
Rogue AP Detection C ommands 7-115 7 • A “rog ue AP ” is either an ac ce ss point that is no t authorized to particip at e in the wire le ss n etwork, or a n acc ess poin t that do es not have the correct security con figuratio n. R o gue acces s points can be identifie d by unknow n BSSI D (MAC addr ess) or S SID conf igurat ion.
Command Li ne Interface 7-116 7 rogu e-ap durat ion This comm an d sets the sca n du ration fo r de te ct ing ac cess po in ts. Syntax rogue-ap d uration <milliseconds> milliseconds - The duration of the scan.
Rogue AP Detection C ommands 7-117 7 Example Related Commands rogue-a p duration (7- 1 16) rogue-a p scan This comm an d starts an immed ia t e sca n for acce ss poi nts on th e ra di o in terf a ce.
Command Li ne Interface 7-118 7 show rogu e-ap This comm an d displays the current ro gue AP database. Command Mode Exec Example Wireless Security Comm ands The comm a nds descr ib ed in this secti on co nfigure para m et er s f or wir el es s se curity on the 802 .
Wireless Security Commands 7-119 7 auth This c ommand configur es authe ntication for the V AP interface. Syntax auth < open -system | shared-key | wp a | wp a-ps k | wp a2 | wp a2-p sk | wpa-wpa2-.
Command Li ne Interface 7-120 7 • To u se W EP sh ared-k ey au th en tication, set th e aut h entication typ e t o “share d-key” and de fine at leas t one static W EP key w ith the key comma nd. Encrypti on i s au to m at i call y en abled by the comman d.
Wireless Security Commands 7-121 7 Example Related Commands encrypt ion (7-121 ) key (7 -122) encryp tion This comm an d enable s data e ncr yp tion for wire less comm u nication s.
Command Li ne Interface 7-122 7 key This comm an d sets the keys us ed for WE P enc ryption. U se the no form to d elete a configur ed k ey . Syntax key < index > < size > < type > < value > no key in dex • ind ex - Ke y inde x.
Wireless Security Commands 7-123 7 transmit-ke y This comm an d sets the index of the key to be used f or encr yp ting data fram es for broadca st or multicas t traffic transmi t te d f rom t he V AP to wirel es s clients. Syntax transm it-key < index> index - Key index.
Command Li ne Interface 7-124 7 ciph er-s uite This comm an d define s the ci p her algori thm used to enc ry pt th e gl ob al key for broadca st and multicast traffic wh en us ing Wi-Fi Pr ot ec ted Acces s (W P A) security .
Wireless Security Commands 7-125 7 • AES -CCM P (Advanced Enc ryption Stan dar d Cou nter-Mode /CBCMAC Protocol): W PA2 is backward compatible wit h WPA, including the same 802.
Command Li ne Interface 7-126 7 Example wpa-pr e-shared-key This comm an d defines a W i -Fi Pr ot ec te d Acc ess (WP A/WP A2 ) Pre-share d- ke y . Syntax wpa-pre-shared- key < hex | p assph rase-ke y > < value> • hex - Specif ie s he xadecima l digits as th e ke y input form at.
Wireless Security Commands 7-127 7 Command Mode Interface C onfigurat ion (Wireles s-V AP) Command Usage • WPA2 provides fast roam ing for authen ticated clients by re taining keys and other se curity inform ation in a cac he, so th at if a client roam s away fro m an access po int and then retu rns reauthe ntication is not require d.
Command Li ne Interface 7-128 7 know n to be a lread y au the ntica ted, so i t pr oce eds direc tl y to k ey e xchan ge and assoc iation. • To s upport pre -authentic ation, both clients and ac cess poi nts in the net work must be WP A2 enabled .
Link Integri ty Commands 7-129 7 link-int egrity ping-det ect This comm an d enable s link in te gr ity detection . Us e th e no form to di sable link inte gri t y det e cti o n.
Command Li ne Interface 7-130 7 link-integrity ping-inte rval This c ommand configur es the t ime be tween e ach Ping sent to the l ink hos t. Syntax li nk- int egr ity ping -int e rval < in terval > interv al - The time between Pings.
Link Integri ty Commands 7-131 7 Command Mode Global Co nfiguration Example show lin k-integrity This comm an d displays the current link in te gr ity configura tion .
Command Li ne Interface 7-132 7 IAPP Commands The comm a nd describe d in this sec tio n ena bles the pro tocol sig nali ng required to ensure t he s ucc essful han dover of wi r el es s cl ie nts roam i n g between di ffere nt 802.1 1f-complian t access poi nts.
VLAN Commands 7-133 7 VLAN Commands The access point can ena ble the supp ort of VLAN -tagge d traffic passing bet w een wireless clien ts and the wired net wor k. Up to 64 VLAN I Ds ca n be mappe d to specific wi reless client s, allo wing users to remain within the same VLAN as they move ar oun d a campus si te .
Command Li ne Interface 7-134 7 • Traf fic ent er ing t he Et he rnet port mu st be ta gg ed with a VLA N ID that matches the access point’s nat ive VLAN ID, or with a VLAN tag that match es o ne of the wire le ss clients cu rrent l y as sociated with the acce ss point.
WMM Commands 7-135 7 Default Sett in g 1 Command Mode Interface C onfigurat ion (Wireles s-V AP) Command Usage • To impl em e nt the defaul t VL AN ID s et ting fo r VAP interf ac e, the access point mus t enab le VLAN supp or t using the vlan co mmand.
Command Li ne Interface 7-136 7 wmm This comm an d sets the WMM o perationa l mo de on the acces s po int. Use the no form to disa ble WMM . Syntax [ no ] wmm < supported | requi red > • supported - WMM will be u sed for any as sociated device t hat supp orts this feature.
WMM Commands 7-137 7 interpreta bility with o ther wired network QoS p olicies. While the four ACs are specifie d for specif ic types of tr affic, WMM allo ws the priority levels to be conf igured to match an y network- wide QoS p olicy.
Command Li ne Interface 7-138 7 • admissi on_cont rol - The adm i s si on contr ol mo de for th e ac ces s cate gory . When en able d, cl ien ts ar e bloc ked fr om usi n g the ac cess ca tego ry .
A-1 Appendix A: Tr oubleshoo ting Check the following items bef or e yo u contact loca l T echni ca l Support . 1. If wireless clients canno t ac ce ss the net wor k, check the fo llow ing: • Be sure the a ccess po int and t he wirel ess clien ts are con figured with the s ame Service Set ID (SSID).
T roubleshooti ng A-2 A 3. If you canno t access t he on-board con figuratio n pr ogram via a ser ial port connect ion: • Be sur e you h ave set the te rmin al em ul at or progr am to VT100 co mpat ibl e, 8 data bits , 1 stop bit, no parity an d 9600 bp s.
B-1 Appe ndix B: Ca bles an d Pi nouts Twisted-Pair Cable Assignments For 10/100 BASE-T X connecti ons, a twi sted-pair cab le must ha ve two pairs of wires. Each wire pair is iden t ified b y two different co lors . Fo r ex am p le, one wire mig ht be green and the other , green with w hi te st r ip es.
Cables and Pino uts B-2 B Straight- Through Wiring Beca use the 10/10 0 Mbp s port on t he ac cess poi nt u ses an MDI pin conf igur at ion, you must us e “s traight-t hr ou gh” cable fo r ne two rk connect io ns t o hu bs or switch es that only h ave MDI-X po rts.
T wisted-Pair Cable Assignments B-3 B Crossover Wiring Beca use the 10/10 0 Mbp s port on t he ac cess poi nt u ses an MDI pin conf igur at ion, you must us e “c ro ssover” cab le for netwo rk con nections t o PC s , se rv er s or other end nodes that only hav e M D I por ts.
Cables and Pino uts B-4 B 8-Pin DIN to RJ-45 Cable Wirin g T o constr uct an ex tend ed Et her n et ca ble t o co nnec t f ro m t h e po w er in j ecto r’s RJ- 45 Outp ut p ort to t he wi rel ess brid ge’ s 8 -pin DIN conn ect or , foll ow t he w iri ng di agr am below .
C-1 Appendix C: Spe cification s General Specif ications Maximu m Channels 802.1 1a: US & Canada : 13 (norm al mo de ), 5 (turbo mo de) Jap an: 4 (n orm al mo de), 1 (t ur bo mode ) ETSI: 1 1 channels (nor m al m ode ), 4 (turbo m ode ) T a iwan: 8 (n or m al mo de), 3 (turbo mode) 802.
Specifications C-2 C Operating Frequ enc y 802.1 1a: 5.15 ~ 5.25 G H z (lower band) US/Cana da , Japan 5.25 ~ 5.35 GHz (m iddle ba nd) US/ Canada 5.725 ~ 5.82 5 GHz (upp er band) US /Canada 5.50~ 5.70 G H z Eur op e 5.25 ~ 5.35 GHz (m iddle ba nd) T aiwan 5.
General Specificati ons C-3 C Wireless Radio/Regulatory Certification ETSI 300 32 8 (1 1b/g) , 30 1 89 3 (1 1a Fu ll range), 30 1 489 (DC power ) FCC Part 15C 15.
Specifications C-4 C Sensi tivity Table C -1 Se nsitivity 8 02.11a IEEE 802. 1 1a Sensi ti vity (GHz - dBm) Modulatio n/Rate s 5.15- 5.250 5.25-5 .350 5.
Transmit Power C-5 C Transmit P ower Table C- 4 Tran smit Pow er 802.11 a IEEE 802 .1 1a M aximum O utput Po wer (GHz - dBm) Data Rate 5.15 -5.250 5.2 5-5.350 5.5 0-5.700 5. 725-5.825 6 Mbps 18 18 18 18 9 Mbps 18 18 18 17 12 Mbps 1 8 18 18 17 8 Mbps 18 18 18 17 24 Mbps 1 8 18 18 17 36 Mbps 1 8 18 18 17 48 Mbps 1 7.
Specifications C-6 C Antenna Specifications 18 dBi High Gain Directional Panel (2.4GHz) Model Num ber ACC04- 050090 Frequenc y Range 2.4 - 2.5 GH z Gain 18 dB i VSWR 1.
Antenna Specificati ons C-7 C 8 dBi Omnidirectional (2.4 GHz) Model Num ber ACC04- 05028A Frequenc y Range 2.400~2 .500 GHz Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Ho.
Specifications C-8 C 10 dBi Sector (2.4 GHz) Model Num ber ACC04- 053830A Frequenc y range 2.4~2.5 G H z Gain 10 dB i VSWR 1.5 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Linear: 12 0° Ve r.
Antenna Specificati ons C-9 C 8 dBi Omnidirectional (2.4 GHz) Model Num ber ACC04- 05427A Frequenc y range 2.4~2.5 G H z Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori .
Specifications C-10 C 8 dBi Omnidirectional (5 GHz) Model Num ber ACC04- 090380 Frequenc y range 5.47~5.875 GHz Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori zo nt al:.
Antenna Specificati ons C-11 C 12.5~13.5 dBi 60-Degree Sect or (5 GHz ) Model Num ber ACC04- 200010 Frequenc y range 4.9~5.875 GH z Gain 12. 5~ 13. 5 dBi VSWR 2.
Specifications C-12 C 8 dBi Omnidirectional (5 GHz) Model Num ber ACC04- 200180 Frequenc y Range 5.5~5.825 GH z Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori zo nt al:.
Antenna Specificati ons C-13 C 23 dBi High-Gain Panel (5 GHz) Model Num ber ACC04- 20212A Frequenc y range 5.725 ~5.87 5 GHz Gain 23 dB i VSWR 1.5 : 1 max Po l a r i z a t i o n Linear, vertica l/ho r.
Specifications C-14 C 8 dBi Omnidirectional (5 GHz) Model Num ber ACC04- 202130 Frequenc y range 5.15~ 5.35 G H z Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori zo nt a.
Antenna Specificati ons C-15 C 8 dBi Omnidirectional (5 GHz) Model Num ber ACC04- 200180 Frequenc y range 4.9~5.35 G H z Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori .
Specifications C-16 C.
D-1 D-1 Appendix D: Montie ren der Bridge Die Bridge k ann auf folgend en Oberfläche ntypen m on tie rt werden : •M a s t • Wand oder elektris che r Kasten (NEM A En closure) Achtun g: Die Bridge darf nur im Fr ei en v erwendet wer den . Installieren Sie die Bridge n icht in I nnenräum en.
Montieren d er Bridge D-2 D 3. S tecken Sie die Rä nder der V-förmigen Halte ru ng i n die Au ssparungen in der rechtecki g en Platte un d zi eh en Sie die Mu tter n f est an . 4. Befestigen Si e d ie verstellbar e, re ch teckige Pl atte mit den beigefügten Schr aube n an de r Br id ge.
V erwenden der Halter ung für Wandmontage D-3 D 5. Befestigen Si e d ie Bridge mit Hal t er an de r am M as t a nge brachten Pl at t e. Befestig en Sie d ie drahtlose B ridg e m it de n beigefügt en Muttern an de r Halterung .
Montieren d er Bridge D-4 D 2. Halten Sie die Hal te ru ng an der gew ü nschte n S telle an und markieren Si e di e Position en d er drei Löcher für di e M onta ges chraube n.
Anschließen der externen Antennen D-5 D 5. V erbinden S ie das Ethernet - Kab el (und da s Net zk abel, fall s er fo rd er lich ) mit den Anschl ü sse n auf der V order sei te de r Bridge. Anschließen der extern en Antennen Die in der Bridge ei ng ebaute An te nn e is t ihre H au ptan tenne .
Montieren d er Bridge D-6 D Anschließen der Kabel an das Gerät 1. V erbinden S ie das Ethernet -Kabel m it dem Ethern et-Port de r drah tlosen Bridge. 2. Umwick el n Si e als zu sätzlic hen Schutz geg en Regen ode r Fe uch tigkeit den Ethernet -An sc hluss mit was serdicht em Kl ebe band (nicht m itg el ief ert) .
Anschließen des PoE Injectors D-7 D Anschließen des PoE In jectors So schließe n Si e die dr ah tlose Bridge an eine S tromqu el le an: Achtun g: In st al lier en Si e den P oE I njec tor n ic ht im Fr eien . Da s Ger ät d arf nur in Innenräumen ins talliert werden.
Montieren d er Bridge D-8 D 1. S tecken Sie de n N et zle itungsst eck er direkt in d en sta nda rdmäßige n Netzans chluss de s I nj ect o r-Modul s. 2. V erbinden Sie das an dere Ende de r Net z leitung mit ei ne r ge erd eten, 3-po lig en Netzst romquelle .
Glossary-1 Glossary 10BASE-T IEEE 802. 3 specific ation for 10 Mbps Ether net over two pai rs of Cate gory 3 or be tter UTP cable. 100BASE- TX IEEE 802. 3u s pec ification fo r 10 0 M bps Fas t Ethe rnet over t wo pairs of Cat eg ory 5 or better UTP ca ble.
Glossary-2 Glossar y Broadcast Key Broadca st key s are sent to station s us ing 802.1X dy namic keyi n g. Dy na mic broad cas t key rotation is often use d to allow th e ac cess poin t to ge nerate a ran dom gr ou p key an d periodic al ly upd ate all key -ma nageme nt capable wir el ess cl ie nts.
Glos sary- 3 Glossar y IEEE 802 .11b A wireless s tandard that supp or ts wirel e ss comm un ic at i ons in the 2.4 G Hz ba nd using Direct Seq uence Spread S pectrum (DS SS). The s tandard prov ides for data rate s of 1, 2, 5.5, and 1 1 Mbps. IEEE 802 .
Glossary-4 Glossar y Power over Ether net (PoE) A specificat i on f or pro vi ding both power and data to low-powe r networ k dev i ces usi ng a single Cat egory 5 Ethe rnet cabl e. PoE provides greater fle xibility in the lo cating of acc ess point’s and netw o rk devices, an d significa ntly dec re ase d installation c osts.
Glos sary- 5 Glossar y Temporal Key Integrity Pr otocol (TKIP) A data encryptio n method des ig ne d as a replacem e nt for WEP . TKIP avoids the problem s of WEP static key s by dynam i call y ch anging da ta enc ry pt i on ke ys . Trivial File Tra nsfer Protocol (TFTP) A TCP/IP pr otoc ol common l y use d for software dow nloads.
Glossary-6 Glossar y.
Index-1 Numerics 802.11g 7- 95 A AES 6-84 auth entic ati on 6-12 cipher s uite 6-86, 7-120 closed system 7- 108 configu ring 6 -12 MAC ad dress 6-13, 7-69 , 7-70 type 6-73, 7-108 web redire ct 6-14 B .
Index Index-2 firmware displa ying vers ion 6-30, 7-2 4 upgradin g 6-29, 6-31, 7-56 frag menta tion 7 -104 G gatewa y addres s 5-2, 6-6, 7-1, 7-8 9 H hard ware ve rsio n, di splay ing 7-24 HTTP, se cure server 7-20 HTTPS 7-19 I IAPP 7- 132 IEEE 802 .
Index Index-3 RSSI BNC 1-7 RTS threshol d 6-63, 7-105 S Secure Sock et Layer See SSL securit y, options 6-73 sessio n ke y 6- 88 shared k ey 6-79, 7-1 22 Simp le Netw ork Ti me Proto col See SNTP SNMP.
Index Index-4.
.
Model Number: WA6202 A / WA6202AM Pub. Nu mber: 14910003 4900E E1 12006-DT-R01.
デバイスEdge-Core WA6202AMの購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Edge-Core WA6202AMをまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはEdge-Core WA6202AMの技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Edge-Core WA6202AMの取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Edge-Core WA6202AMで得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Edge-Core WA6202AMを既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はEdge-Core WA6202AMの不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Edge-Core WA6202AMに関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちEdge-Core WA6202AMデバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。