SMC 2552W-G manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation SMC 2552W-G. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel SMC 2552W-G ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation SMC 2552W-G décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation SMC 2552W-G devrait contenir:
- informations sur les caractéristiques techniques du dispositif SMC 2552W-G
- nom du fabricant et année de fabrication SMC 2552W-G
- instructions d'utilisation, de réglage et d’entretien de l'équipement SMC 2552W-G
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage SMC 2552W-G ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles SMC 2552W-G et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service SMC en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées SMC 2552W-G, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif SMC 2552W-G, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation SMC 2552W-G. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    SMC2552W-G[...]

  • Page 2

    [...]

  • Page 3

    38 T esla Irvine, CA 92618 Phone: (949) 679 -8000 EliteConnect ™ 2.4GHz 802.11g Wireless Access P oint User Guide The easy w a y to mak e all y our netwo rk connections April 2004 Revision Number: R01, F2.0.22[...]

  • Page 4

    Copyright Inf ormation furnished by SMC Networks, Inc. (S MC) is believ ed to be accurate and reliab le. Howe ver , no responsibility is assumed by SMC for its use , nor f or any infringements of patents or other rights of third parties which ma y result from it s use. No license is gr anted b y implication or otherwise under an y patent or patent [...]

  • Page 5

    i L IMITED W ARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) w arrants its products to be free from defects in w orkmanship and mater ials, under normal use and ser vice, f or the applicable w arranty term. All SMC products carr y a standard 90-day limited warr anty from the date of purchase from SMC or its Authorized Reseller . [...]

  • Page 6

    L IMITED W ARRANTY ii Customers are responsible f or all shipping charges from their fa cility to SMC . SMC is responsible f or retur n shippi ng charges from SMC to customer . W ARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NO T OPERA TE AS W ARRANTED ABOVE, CUST OMER’S SOLE REMED Y SHALL BE REP AIR OR REPLACEMENT OF THE PR ODUCT IN QUESTION, A T [...]

  • Page 7

    iii C OMPLIANCES Federal Comm unication Co mmission Interference Statement This equipment has been tested and found to co mply with the limits f or a Class B digital device , pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against ha rmful interference in a residential installation. This equipment ge[...]

  • Page 8

    C OMPLIANCES iv The term “IC:” b efore the radio certificat ion number only signifies that Industry Canada technical specifications were met. Industry Canada - Class B This digital apparatus does not e xceed the Class B limits f or r adio noise emissions from digital apparatus as set out in the interference-causing equipment standard entitled ?[...]

  • Page 9

    C OMPLIANCES v EC Conf ormance Declaration SMC contact for these products in Europe is: SMC Networks Europe, Edificio Conata II, Calle F ructuós Gelaber t 6-8, 2 o , 4 a , 08970 - Sant Joan Despí, Barcelona, Spain. Marking by the above symbol indicates compliance with the Essential Require- ments of the R&TTE Directive of the European Union ([...]

  • Page 10

    C OMPLIANCES vi Safety Compliance P ower Cord Safety Please read the following safety informati on carefully before installing the switch: W ARNING: Insta llation and remov al of the unit must be carried out by qualified personnel only . • The unit must be connected to an earthed (grounded) outlet to comply with international safety standards. ?[...]

  • Page 11

    C OMPLIANCES vii Switzerland The supply plug must comply with SEV/ASE 1011. U.K. The supply plug must comply with BS1363 (3-pin 1 3 A) and be fitted with a 5 A fuse which complies with BS1362. The mains cord must be <HAR> or <BASEC> marked and be of type HO3VVF3GO.75 (minimum). Europe The supply plug must comply with CEE7/7 (“SCHUKO?[...]

  • Page 12

    C OMPLIANCES viii Veuillez lire à fond l 'information de la sécurité sui vante avant d'installer le Switch: A VERTISSEMENT : L ’installation et la dépose de ce groupe doiv ent être confiés à un personnel qualifié. • Ne branchez pas votre appareil sur une pr ise secteur (alimentation électrique ) lorsqu'il n'y a pas [...]

  • Page 13

    C OMPLIANCES ix Bitte unbeding t vor dem Einbau en des Switches die folgenden Sicherheitsa nweisungen durc hlesen (Germany) : W ARNUNG: Die Installation und der Ausbau des Geräts darf nur durch F ach personal erf olgen. • Das Gerät sollte nicht an eine ungeerdete Wechselstromsteckdose angeschlossen werden. • Das Gerät muß an eine ge erdete [...]

  • Page 14

    C OMPLIANCES x gegeben, wenn auch die an das Gerät angeschlossenen Geräte unter SELV-Bedingungen betrieben werden. • • Stromkabel . Dies muss von dem Land, in dem es benutzt wird geprüft werden: U.S.A und Canada Der Cord muß das UL gepruft und war das CSA beglaubigt. Das Minimum spezifikation fur der Cord sind: - Nu. 18 AWG - nicht mehr als[...]

  • Page 15

    xi T ABLE OF C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Package Che cklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Hardware Desc ription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Component Description . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 16

    T AB LE OF C ONTENTS xii Event Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-66 6 Command Line Interface . . . . . . . . . . . . . . . . . . . 6-1 Using the Co mmand Line I nterface . . . . . . . . . . . . . . . . . . . . . 6-1 Accessing th e CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 Consol[...]

  • Page 17

    T ABLE OF C ONTENTS xiii logging con sole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25 logging leve l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26 logging facility-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27 show loggin g . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 18

    T AB LE OF C ONTENTS xiv address filt er delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6- 56 mac-authen tication serve r . . . . . . . . . . . . . . . . . . . . . . . . 6-57 mac-authen tication session -timeout . . . . . . . . . . . . . . . . 6-58 show authe ntication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-59[...]

  • Page 19

    T ABLE OF C ONTENTS xv wpa-psk-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-93 shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-94 show interf ace wireles s . . . . . . . . . . . . . . . . . . . . . . . . . 6- 95 show sta tion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .[...]

  • Page 20

    T AB LE OF C ONTENTS xvi[...]

  • Page 21

    1-1 Chapter 1 Introduction SMC’ s EliteConnect 2.4GHz 802.11g Wirele ss Access P oint (SMC2552W -G) is an IEEE 802.11b/ g access point that provides transpar ent, wireless hig h-speed data comm unications betw een the wired LAN and fix ed, por table or mobile de vices equipped with a 802.11b , or 802.11g wireless adap ter . This solution o ff e r[...]

  • Page 22

    Introduction 1-2 Package Checklist The EliteConnect 2.4GHz 802.11 g Wireless Access P oint pack age includes: • One 2.4GHz 802.11 g Wireless Access P oint (SMC2552W -G) • One Category 5 network cable • One RS-232 console cab le • One A C power adapter a nd po wer cord • One mounting br ac ket • Four rubber feet • Three wall- mount scr[...]

  • Page 23

    Hardware Description 1-3 Hardware Description Front P anel Rear Pa nel Antennas LED Indicator Security Slot Console Port RJ-45 Port, PoE Connector Reset Button 3.3V/4A Power Socke t[...]

  • Page 24

    Introduction 1-4 Component Description Antennas The access point includes two antennas f or wireless communication s. The sign al transmitted f rom both antennas is identical, b ut only the best signal receiv ed on one of the antennas is used. The antennas tr ansmit the outgoing signal as a tor oidal sphere, so the antenn as should be adjuste d to [...]

  • Page 25

    Hardware Description 1-5 Security Slot The access point includes a K ensington security slot on the rear panel. Y ou can pre vent una uthorized re mov al of the access point by wrapping the K ensington secur ity cab le (not pro vided) around an unmov able object, inser ting the loc k into the slot, and turning the ke y . Console Port This por t is [...]

  • Page 26

    Introduction 1-6 How e ver , when connecting the access p oint to a workstation or other de vice that does not ha v e MDI-X por ts , y ou must use crosso v er twisted-pair ca b le. The access point appea rs as an Ethernet node and perf or ms a bridg ing function by moving pack ets from the w ired LAN to remote w orkstations on the wireless infr ast[...]

  • Page 27

    F eatures and Benefits 1-7 Features and Benefits • Local network connection via 10/100 Mbps Ethernet por ts or 54 Mbps wireless int erf ace (suppor ting up to 64 mobile users) • IEEE 802.11b , 802.11g and 80 2.3af compliant • Antennas with SMA conne ctors f or optional e xter nal 2.4 GHz high-gain ante nna to e xtend range and co v erage • [...]

  • Page 28

    Introduction 1-8 Applications The Wireless products of f er a high speed, reliab le, cost-eff ective solution f or 10/100 Mbps wireless Ethernet client access to the network in applications such as: • Remote access to corpo rate netw ork information E-mail, file tra nsf er , and terminal emulation. • Difficult- to-wire en vironments Historical [...]

  • Page 29

    System Def aults 1-9 System Defaults The f ollowing table lists so me of the access point’ s basic system def aults. To reset th e access poin t defaults, use the CLI command “reset conf iguration” fro m the Exec level prompt. Feature Parameter Default Identification System Name Enterprise AP Administration User Name admin Password smcadmin G[...]

  • Page 30

    Introduction 1-10 MAC Authentication MAC Local MAC A uthentication Session Timeout 0 seconds (disab led) Local MA C System Def ault Allow ed Local MA C P er mission Allow ed 802.1x A uthentication Status Disabled Broadcast Key Refresh 0 minutes (disabled) Session Key Refresh 0 minutes (disabled) Reauthentication Refresh Rate 0 seconds (disabled) VL[...]

  • Page 31

    System Def aults 1-11 System Logging Syslog Disab led Logging Host Disab led Logging Conso le Disab led IP Address / Host Name 0.0.0.0 Logging Le vel Inf or mational Logging F acility T ype 16 Ethernet Interface Speed and Duple x Auto Wireless Interface 802.11b/g IAPP Enabled SSID SMC Status En abled Auto Channel Select Enabled SSID Broadcast Disab[...]

  • Page 32

    Introduction 1-12 Wireless Security 802.11b/g Authentication Type Open System WEP Encryption Disabled WEP Key Length 128 bits WEP Key Type Hexadecimal WEP Transmit Key Number 1 WEP Keys null WPA Configuration Mode All clients WPA Key Management WPA authentication over 802.1x Multicast Cipher WEP Feature Parameter Default[...]

  • Page 33

    2-1 Chapter 2 Hardware Installation 1. Select a Site – Ch oose a pro per place f or the access point. In general, the best location is at the center of y our wireless cov erage area, within line of sight o f all wireless de vices. T ry to place the access point in a posit ion that can best cov er its Basic Ser vice Set (ref er to “Infrastructur[...]

  • Page 34

    Hardware Installation 2-2 Set the f our 5/8-inch number 12 w ood scre ws in the holes, leaving about 3 mm clearence from the wall. P osition the mounting brac ket ov er the wall scre ws, slide the brac ket onto th e screws , and then tighten do wn the scre ws. 3. Attaching the Bracket – Line up t he three m ounting point s on the bra c ket with t[...]

  • Page 35

    Hardware Installation 2-3 Attachin g the Mount ing Brac ket 4. Lock the Access P oint in Place – T o pre v ent unauth orized remov al of the acce ss point, you can us e a K ensington Slim MicroSav er security cable (not included) to attach the access point to a f ix ed object. Mounting points Mounting slots Bracket Back of Access Point[...]

  • Page 36

    Hardware Installation 2-4 5. Connect the Po wer Cord – Connect the po wer adapter to the access point, an d the pow er cord to an AC pow er outlet. Otherwise, the access point can der ive its operating pow er directly from t he RJ-45 por t when connected to a de vice that provides I EEE 802.3af compliant P ower o ver Ethernet (P oE). Note: If the[...]

  • Page 37

    Hardware Installation 2-5 position the antenn as around 45 to 90 deg rees from each other . The access point also compares the stren gth of an incoming signal on both ante nnas, and uses the antenn a receiving the stronger signal to communicate with a wireless client. 9. Connect the Console P ort – Connect the console cab le (included) to the RS-[...]

  • Page 38

    Hardware Installation 2-6[...]

  • Page 39

    3-1 Chapter 3 Network Configuration The wireless solution su ppor ts a stand-alone wireless netwo rk configuration as w ell as an integrated configur ation with 10/100 Mbps Ethernet LANs. Wireless network cards , adapters , and access points can be configured as: • Ad hoc f or depar tmental, or enterprise LANs • Infrastru cture for wireless LAN[...]

  • Page 40

    Network Configuration 3-2 Network Topologies Ad Hoc Wireless LAN (no AP or Bridge) An ad hoc wireless LAN consists of a g roup of computers, ea ch equipped with a wireless adapter , connected via radio signals as an independent wirele ss LAN. Computers in a specific ad hoc wireless LAN must therefore be configured to the same radio channel. Ad Hoc [...]

  • Page 41

    Network T opologies 3-3 Infrastructure Wireless LAN The access point also pro vides access to a wired LAN f or wireless workstations. An integr ated wired/wireless LAN is called an Infrastructure configuratio n. A Basic Ser vice Set (BSS) consists of a group of wireless PC users, and an access point that is direc tly connected t o the wired LAN. Ea[...]

  • Page 42

    Network Configuration 3-4 Infrastructure Wireless L AN for Roaming Wireless PCs The Basic Ser vice Set (BSS) defi nes the communications domain f or each access point and its a ssociated wireless clients. The BSS ID is a 48-bit binar y number based on the access point’ s wireless MA C address, and is set automatically and transpare ntly as client[...]

  • Page 43

    Network T opologies 3-5 A wireless infra structure can also suppor t roaming f or mobile worker s. Mo re than one a ccess point can be configu red to crea te an Extended Ser vice Set (ESS). By placing the access points so that a continuous co verage are a is created, wireless users within this ESS can roam freely . All SMC wireless network cards an[...]

  • Page 44

    Network Configuration 3-6[...]

  • Page 45

    4-1 Chapter 4 Initial Configuration The EliteConnect 2.4GHz 8 02.11g Wireless Access P oint SMC2552W -G off ers a variety of managemen t options , including a web-based interface , a direct c onnection to the console por t, or using SNMP softw are such as SMC’ s EliteView . The initial configur ation steps can be made thr ough the web browse r in[...]

  • Page 46

    Initial Configuration 4-2 T o connect to the console port, complete the f ollowing steps: 1. Connect the console cab le to the serial por t on a ter minal, or a PC running terminal emulat ion softw are, and ti ghten the captiv e retaining scre ws on the DB-9 connector . 2. Connect the other end of the cab le to the RS-232 serial port on the access [...]

  • Page 47

    Initial Setup through the CLI 4-3 Initial Configuration Steps Loggin g In – Enter “admin” f or the user name . The def ault pass word is “ smcadmin”. The CLI prompt ap pears displa ying “SMC Enter prise AP#. ” Setting the IP Address – By def ault, the access point is configured to obta in IP address settin gs from a DHCP ser v er . [...]

  • Page 48

    Initial Configuration 4-4 accessed us ing T elnet from any computer atta ched to the network. Setting the Country Co de – Units sold in the United States are configured b y default to use on ly radio chan nels 1-11 as defined by FCC regulations. Units sold in other countries are configured by def ault without a country code (i.e., 99) . Y ou must[...]

  • Page 49

    Using W eb-based Management 4-5 Loggin g In – Enter the username “admin, ” the pass word “smcadmi n, ” and click LOGIN. Fo r inf or mation on configuring a user name and pa ss word, ref er to page 5-28. The home page di spla ys the Main Menu.[...]

  • Page 50

    Initial Configuration 4-6 Launching the Setup Wizar d – T o perf or m initial configuration, click Setu p Wizard on the home page , then click on the [Ne xt] but ton to start the process. 1. Service S et ID – Enter the ser vice set identifier in th e SSID bo x which all wireless clients mu st use to associate with the access point. The SSID is [...]

  • Page 51

    Using W eb-based Management 4-7 2. Radio Channel – Y ou must enab le radio communica tions f or 802.11b and 802 .11b/g, and set the oper ating radio channel. A uto Channel Select – Select Enable for automatic radio channel detection. (De f ault: Enab le) 802.11g Radio Channel: Set the o perat ing radio channel number. (Range: 1-11) Note: Availa[...]

  • Page 52

    Initial Configuration 4-8 3. IP Configuration – Either enable or disab le (Dynamic Host Configuration Pr otocol (DHCP) f or automatic IP configura tion. If yo u disab le DHCP , then man ually enter the IP addr ess and subnet mask. If a managemen t station e xists on another network segment, then y ou must enter the I P address f or a gatewa y tha[...]

  • Page 53

    Using W eb-based Management 4-9 4. Click Finish. 5. Click the OK button to restart the access point.[...]

  • Page 54

    Initial Configuration 4-10[...]

  • Page 55

    5-1 Chapter 5 System Configuration Bef ore continuing with adv anced configuration, f irst complete the initial configur ation steps described in Chapter 4 to set up an IP address f or the SMC2552W -G. The SMC2552W -G can be managed b y any comput er using a web bro wser (Internet Explorer 5.0 or abo v e, or Netscape Navig ator 6.2 or abo ve). The [...]

  • Page 56

    System Configuration 5-2 The inf or mation in this chapter is organiz ed to reflect the structure of the web scr eens f or easy ref erence. How ev er , we recomm end that y ou configur e a user name an d pass word as the first step under adv anced configuration t o control managemen t access to this de vice (page 5-28). Advanced Configuration The A[...]

  • Page 57

    Adv anced Configuration 5-3 802.11b/g Interface Configures the IEEE 802 .11b/g interface 5-40 Radio Settings Configures radio signal parameters, such as radio channel, transmission rate, and beacon settings 5-41 Security Con figures data encryption with Wired Equivalent Protection (WEP) 5-47 WPA Configures advanced encryptio n and authentication wi[...]

  • Page 58

    System Configuration 5-4 System Identification The system inf or mation parameters f or the SMC2552W -G can be left at their de f ault settings. Howe ver , modif ying these pa rameters can help yo u to more easily distinguish diff erent device s in yo ur networ k. Y ou sh ould set a Ser vice Set Identific ation (SSID) to ide ntify the wireless netw[...]

  • Page 59

    Adv anced Configuration 5-5 CLI Commands f or System Identifica tion – Enter the glob al configuratio n mode, a nd use the system na me command t o specify a new system name. Enter the wireless configuration mode (11g), an d use the ssid command to set the service set identifier . Th en retur n to the Exec mode, and use the show system command to[...]

  • Page 60

    System Configuration 5-6 TCP / IP Settings Configuring the SMC2552W -G with an IP address e xpands your ability to manage the access point. A number of acces s point f eatures depend on IP addressin g to operat e. Note: You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reachable[...]

  • Page 61

    Adv anced Configuration 5-7 DHCP Client (Enable) – Select this option to obtain the IP settings for the access poi nt from a DHCP (Dynamic Host Configuratio n Protocol) server . The IP address, subnet ma sk, def ault gatew a y , and Domain Name Server (DNS) addres s are dynamically assigned to the access point by th e network DHCP ser v er . (Def[...]

  • Page 62

    System Configuration 5-8 CLI Commands for TCP/IP Settings – F rom the global configuration m ode, enter the int erface configuration mode wit h the interface ethernet comman d. Use the ip dhcp command to enable the DHCP client, or no ip dhcp to disab le it. T o manually configure an address , specify the new IP addres s, subnet mask, and def ault[...]

  • Page 63

    Adv anced Configuration 5-9 Radius Remote Authentication D ial-in User Ser vice (RADIUS) is an authentica tion protocol that uses softw are running on a centr al ser v er to control a ccess to RA DIUS-aw a re de v ices on the network. An authent ication server contains a dat abase of user credentials f or each user that requires access t o the netw[...]

  • Page 64

    System Configuration 5-10 Primar y Radius Ser ver Setup – Configure the following settings to use RADIUS authenti cation on the acce ss point. • IP Address: Specifies the I P address or host name of the RADIUS ser ver . • P or t: The UDP por t number used by the RADIUS ser v er f or authentication messag es. (Ran ge: 1024-65535 ; Def ault: 18[...]

  • Page 65

    Adv anced Configuration 5-11 CLI Commands f or RADIUS – F rom the global configuration mode, use th e radius-s erver ad dress command to sp ecify the address of the primar y or secondary RADIUS ser ver s. ( The f o llowing e xample configures the se ttings f or the primar y RADIUS server .) Configure the other parame ters f or the RADIUS server .[...]

  • Page 66

    System Configuration 5-12 Authentication Wireless clients can be authenticated f or network access by chec king their MA C address against the local database configured on the access po int, or b y looking up their MA C addresses on a RADIUS server . The 802.1x protocol can also b e configured to chec k other user credentials such as a user name an[...]

  • Page 67

    Adv anced Configuration 5-13 MA C A uthentication – Y ou can config ure a list of the MAC addresses f or wireless clients th at are au thorized to access th e network. This pro vides a basic le vel of au thentication f or wireless clients attem pting to ga in access to the networ k. A data base of authorized MA C addresses can be stored locally o[...]

  • Page 68

    System Configuration 5-14 • MAC A uthenticat ion Settin gs: Enters specified MA C addresses and per missions in to the local MAC database. - MAC Address: Physical address of a client. Enter six pa irs of hexadecim al digits separated by hyp hens; for example , 00-90-D1 -12-AB-89 . - Permission: Select Allow to permit access or Deny to block acces[...]

  • Page 69

    Adv anced Configuration 5-15 The 802.1x EAP pack e ts are also used to pass dynamic unicast session ke ys and static broadcast ke ys to wireless clients . Session ke ys are unique to each client and are used to encr ypt and correlate tr affic passing between a specific client and the access point. Y ou can also enab le broadcast k ey rotation, so t[...]

  • Page 70

    System Configuration 5-16 • Session K ey Refresh Ra te: The interval at which the access point refreshes un icast session ke ys for associate d clients . (Range: 0-1440 minutes; Def ault: 0 means disab led) • 802.1x Re-authent ication Refresh Rate: The time period after which a connected client m ust be re-authenticated. During the re-authentic[...]

  • Page 71

    Adv anced Configuration 5-17 CLI Commands f or Local MA C A uthentication – Use the mac-authenti cation server co mmand from th e global configuration mo de to enable local MAC authenticat ion. Set the def ault for MA C addresses not in the local tab le using the address filt er defau lt command, then enter MA C addresses in the local table using[...]

  • Page 72

    System Configuration 5-18 CLI Commands f or RADIUS MA C A uthentication – Use the mac-authenti cation server co mmand from th e global configura tion mode to enab le remote MAC auth entication. Set the timeout v alue f or re-authenticat ion using the ma c-authenticat ion session-ti meout command. Be s ure to also co nfigure connection settin gs f[...]

  • Page 73

    Adv anced Configuration 5-19 CLI Commands f or 802.1x A uthentication – Use the 802.1x supported command from the globa l configurat ion mode to enab le 802.1x authentication . Set the session and broadca st ke y refresh r ate , and the re-authe ntication ti meout. T o di spla y the current settin gs, use the show au thenticati on command from th[...]

  • Page 74

    System Configuration 5-20 Filter Control The access point can empl o y VLAN ID and network traf fic frame filtering to control access to network resource s and increase security . Nativ e VLAN ID – The VLAN ID assigned to wireless clients that are not assigned to a specific VLAN by RADIUS server configuration. VLAN – Enable s or disab les VLAN [...]

  • Page 75

    Adv anced Configuration 5-21 VLAN IDs can be mapped to spec ific wireless c lients, allowing users to remain within t he same VLAN as the y move arou nd a campus site . This f e ature can also be used to control access to network resources from wirele ss clients , thereb y improv ing security . A VLAN ID (1-4095) is assigned to a client aft er succ[...]

  • Page 76

    System Configuration 5-22 When VLAN filtering is enab led, the access p oint must also ha v e 802.1x authenticat ion enab led and a RADIUS server config ured. Wireless clients must also support 802.1x client so ftwa re to be assigned to a specific VLAN. When VLAN filtering is disabled, the access point ignores the VLAN tags on any re ceiv ed frames[...]

  • Page 77

    Adv anced Configuration 5-23 CLI Commands f or VLAN Suppor t – F rom the global configuration mod e use the native-v lanid command to s et the def ault VLAN ID for the Et hernet interf ace, th en enab le VLANs using the vlan enabl e command. When y ou change the access point’ s VLAN support setting, y ou must r eboot the access point to impleme[...]

  • Page 78

    System Configuration 5-24 CLI Commands f or Bridge Filter ing – Use th e filter local-bridge command from the global configur ation mode to pre v ent wireless-to-wireless communicati ons through the access poin t. Use the filter ap-manage command to restrict management access from wireless clients . T o configure Eth ernet protocol filtering, use[...]

  • Page 79

    Adv anced Configuration 5-25 SNMP Y ou can use a network management app lication such as SMC’ s EliteVie w to manage the SMC2552W -G via the Simple Network Management Protocol ( SNMP) from a netwo rk management station. T o implement SNMP management, the SMC2552W -G must ha ve an I P address and sub net mask, con figured eith er manually or dynam[...]

  • Page 80

    System Configuration 5-26 SNMP – Enab les or disab les SNMP management acce ss and also enab les the access point to send SNMP t raps (notification s). SNMP management is enab led by def ault. Location – A text string that d escrib es the syste m location. (Maximum lengt h: 20 char acters) Contact – A text st ring that describes the system co[...]

  • Page 81

    Adv anced Configuration 5-27 CLI Commands f or SNMP – Use the snmp- server enab le serve r command from the globa l configur ation mode . T o set read/write and re ad-only comm unity name s, u se the snmp-server community command . Use the snmp-server location and sn mp-server cont act commands to ind icate the ph ysical location of the access po[...]

  • Page 82

    System Configuration 5-28 Administration Changing the Password Management access t o the web an d CLI interf ace on the SMC2552W -G is controlled through a single user nam e and passw ord. Y o u can also gain add i tional access security by using control filters (see “Filter Control” on p age 5-20). T o protec t access to the management int erf[...]

  • Page 83

    Adv anced Configuration 5-29 Confirm New P a ss word – Enter the pass word aga in f or v erification. CLI Commands f or the User Name and P asswo rd – Use the username and pass word command s from the CLI configur ation mode. SMC-AP(config)#username bob 6-21 SMC-AP(config)#password smcadmin 6-22 SMC-AP#[...]

  • Page 84

    System Configuration 5-30 Upgrading Firmware Y ou can upgr ade new SMC2552W -G software f rom a loca l file on the management w orkstation, or from an FTP or TFTP ser v er . New sof tware ma y be provided periodically on SMC’ s web site (http://www .smc.com). After upg rading ne w software, y ou must reboot the SMC2552W -G to implement the ne w c[...]

  • Page 85

    Adv anced Configuration 5-31 If you need to do wnload from an FTP or TFTP ser ver , take the f ollowing additional steps: • Obtain the IP add ress of the FTP or TFTP server wh ere the access point softwa re is stored. • If upgr ading from an FTP server , be sure that y ou ha v e an account configur ed on the server with a user name and passw or[...]

  • Page 86

    System Configuration 5-32 server is 255 chara cters or 32 charact ers f or files on the access point . (V a lid characters: A- Z, a-z, 0-9, “. ”, “- ”, “_”) • IP Address: IP addr ess or host name of FTP or TF TP ser v er . • Username: The user ID used f or login on an FTP server . • P asswor d: The pass word used f or login on an [...]

  • Page 87

    Adv anced Configuration 5-33 CLI Commands f or Downloading Soft w are from a TFTP Server – Use the copy tftp file command from th e Ex ec mode and t hen specify the file type , name, and IP address of the TFTP server . When the do wnload is complete , the dir command can be used to check t hat the ne w file is present in the access point file sys[...]

  • Page 88

    System Configuration 5-34 System Log The SMC2552W -G can be configured to se nd e v ent and err or messages to a System Log Server . The system clock can also be synchroniz ed with a time server , so that all the messages sent t o the Syslog server a re stamped with the corr ect time a nd date . Enabling System Logging The SMC2552W -G suppor ts a l[...]

  • Page 89

    Adv anced Configuration 5-35 Logging Lev e l – Sets the m inimum se verity le vel f or e v ent logging. The system allo ws you to limit the messages that are logged by specifying a minimum se v erity lev el. The follo wing table lists the error mess age lev els from the mos t sev ere ( Aler t) to least sev e re (Deb ug). The message le vels t hat[...]

  • Page 90

    System Configuration 5-36 CLI Commands f or System Logging – T o enable logging on th e access point, use the logging on comm and from the globa l configuration m ode. The logging le vel command sets the minimum lev el of message to lo g. Use the l ogging con sole command to enab le logging to the console. Use the logging host command to specify [...]

  • Page 91

    Adv anced Configuration 5-37 Configuring SNTP Simple Network Time Protocol (SNTP) allo ws the SMC2552W -G to set its internal clock based on periodic updates from a time server (SNTP or NTP). Mainta ining an accurate time on the access point enab les the system log to record mea ningful dates and times f or e v ent entries. If the cloc k is not set[...]

  • Page 92

    System Configuration 5-38 changes . T o use this f eature you must defin e the month a nd date to begin and to en d the change fro m standard t ime. During this perio d the system clock is set back by one hour . CLI Commands f or SNTP – T o enab le SNTP support on the access point, from th e global configuration mo de specify SNTP ser v er IP add[...]

  • Page 93

    Adv anced Configuration 5-39 CLI Comman ds f or the System Clock – The f ollowing ex ample shows how to manually set the sys tem time when SNTP ser ver suppor t is disable d on the access point. SMC-AP(config)#no sntp-server enable 6-29 SMC-AP(config)#sntp-server date-time 6-30 Enter Year<1970-2100>: 2004 Enter Month<1-12>: 10 Enter D[...]

  • Page 94

    System Configuration 5-40 Radio Interface The IEEE 802.11b and 802.11g in terface includes configur ation options f or radio signal characteristics and wireless secu rity f eatures . The access point can operate in three modes , I EEE 802.11b only , 802.11g only , or a mix ed 802.11b/g mode . Also note that 802.11g is bac kward comp atib le with 80[...]

  • Page 95

    Radio Interf ace 5-41 Radio Settings (802.11g) The IEEE 802.11g standard operates within the 2.4 GHz band at up to 54 Mbps. Also note that because th e IEEE 802.11g standard is an e xtension of the IEEE 802.11b standa rd, it allows clients with 802.11b wireless n etwork cards to associate to an 802.11g access point. Enable – Enab les radio commun[...]

  • Page 96

    System Configuration 5-42 Radio Channel – The radio channel that the ac cess point uses to communica te with wirel ess clients . When multiple access points are deplo yed in the same area, set t he channel on neighboring access points at lea st f our channels apar t to a v oid interf erence with each other . For e x ample, in the United States y [...]

  • Page 97

    Radio Interf ace 5-43 interfere with the operation of other radio devices in the ser vice area. (Option s: 100%, 50%, 25%, 12 %, minimum; Default: 100%) Maximum Station Data Rate – The maximu m data ra te at which a client can connect to the acce ss point. The maximum tr ansmission distance is af f ected by the data rate. The lo wer the data rate[...]

  • Page 98

    System Configuration 5-44 sending of a data fr ame. After receivi ng an R TS frame, the stat ion sends a C TS (clear to send) frame to no tify the send ing station that it can start sending data. If the RTS threshold is set to 0, the access point nev er sends RTS signals. If set to 2347, the access point alw ays sends R TS signals. If set to an y o[...]

  • Page 99

    Radio Interf ace 5-45 CLI Commands f or the 802.11g Wireless Int erf ace – F rom the global configur ation mode, ent er the inter face wireless g command to access the 802.11g r adio interfa ce. Set th e interf ace SSID using the ssid command and, if req uired, configure a name f or the interf ace using the descrip tion command. Y ou can also use[...]

  • Page 100

    System Configuration 5-46 SMC-AP#show interface wireless g 6-95 Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : r&d Channel : 11 (AUTO) Status : Enable ----------------802.11 Parameters-----[...]

  • Page 101

    Radio Interf ace 5-47 Security The SMC2552W -G is configured b y def ault as an “open system, ” which broadcasts a beacon signa l including the configur ed SSID . Wireless clients can read the SSI D from the beacon, a nd automatically r eset their SSID to allow immediate connect ion to the nearest a ccess po int. T o impro ve wireless net work [...]

  • Page 102

    System Configuration 5-48 The security mechanisms that ma y be emplo y ed depend on the le vel of security required, the netw ork and management resources a v ailab le , and the softw are support provided on wireless clients. A summa ry of wireless secu rity co nsiderations is listed in the f ollowing tab le. Note: Although a WEP static key is not [...]

  • Page 103

    Radio Interf ace 5-49 Wired Equivalent Privacy (WEP) WEP provides a basic le ve l of security , prev enting unauthorized access to the netwo rk and encrypting data transmitted be tween wireless clients and the access point. WEP uses static shared ke ys (fixed -length he xadecimal or alphanum eric strings) that are manually distrib uted to all clien[...]

  • Page 104

    System Configuration 5-50 Setting up shared k eys enab les the basic I EEE 802.11 Wired Equivalent Privacy (WEP) on the access point to prev ent unauthorized access to t he network. If y ou choose to u se WEP shared k eys instead of an open system, be sure to define at least one static WEP k ey f or user authentica tion and data encryption. Also , [...]

  • Page 105

    Radio Interf ace 5-51 Shared Ke y Set up – Select 64 Bit, 128 Bit, or 15 2 Bit ke y length. Note that the same size of encr yption k ey must be supported on all wireless clients . (Def ault: 128 Bit) Ke y T y p e – Select t he pref erred method o f entering WEP encr yption k eys on the access point and enter up to f our ke ys: • He xadecimal:[...]

  • Page 106

    System Configuration 5-52 CLI Commands f or WEP Shared K ey Security – F rom the 802.11g inter f ace configuration mode , use the au thenticati on command to enab le WEP shared-ke y authentication and the encr yption command to enab l e WEP encryption. Use the m ulticast-cipher command to s elect WEP cipher type . T o enter WEP k e ys, use the ke[...]

  • Page 107

    Radio Interf ace 5-53 Note: The index and length values used in the key command must be the same values used in the encryption and transmit-key commands. CLI Commands f or WEP ov er 802.1x Security – F rom the 802.11g inter f ace configuration mode , use the au thenticati on command to select open system authentica tion. Use the mu lticast-ci phe[...]

  • Page 108

    System Configuration 5-54 Wi-Fi Protected Access (WPA) WP A emplo ys a combination of se v eral techn ologies to pro vide an enhanced se curity solution f or 802.11 wireless networks. The SMC2552W -G suppor ts the f ollowin g WP A components and f eatures: IEEE 802.1x and the Extensib le A uthentication Protocol (EAP): WP A emplo ys 802.1x as its b[...]

  • Page 109

    Radio Interf ace 5-55 pre vents users from accide ntally joining a rogue netw or k. Only when a RADIUS ser ver has authent icated a user’ s credentials will encr yption k e ys be sent to the access point and client. Note: To implement WPA on wireless clients requi res a WPA-enabled network card driver and 802.1x c lient software that supports the[...]

  • Page 110

    System Configuration 5-56 WP A security and which are using legacy WEP . The acce ss point uses TKIP unicast data encryption ke ys for WP A clients an d WEP unicast ke ys for WEP clients. The glo bal encr yption k ey f or multicast and broa dcast traffic must be the same for all clients, therefore it restri cts encr yption to a WEP key . When acces[...]

  • Page 111

    Radio Interf ace 5-57 WP A K ey Management – WP A can be configured to work in an enter prise environment using I EEE 802.1x and a RADIUS ser v er f or user authentication. F or smaller netw orks, WP A can be enab led using a common pre- shared k ey f or client authenticati on with the access point. • WP A authentication over 802.1x: The WP A e[...]

  • Page 112

    System Configuration 5-58 WP A Pre-Shar ed K ey T ype – If the WP A pre- shared-k ey mode is used, all wireless clients must be configured with the same k e y to communicate with the access point. • Hexadecimal: Enter a key as a strin g of 64 hexadecimal numb er s. • Alphanumeric: Enter a k e y as an easy-to- remember f or m of letters and n [...]

  • Page 113

    Radio Interf ace 5-59 CLI Commands f or WP A Pre-shared K ey Security – F rom the 802.11g inter f ace configuration mode , use the au thenticati on command to set the access poin t to “ Open System . ” Use the WEP encryption command to enable all types o f encr yption. T o enab le WP A to be required f or all clients , use the wpa-c lients co[...]

  • Page 114

    System Configuration 5-60 CLI Commands f or WP A ov er 802.1x Security – F rom the 802.11g inter f ace configuration mode , use the au thenticati on command to set the access poin t to “ Open System . ” Use the WEP encr yption command to enab le all types of encr yption. Use the wpa-clients command to set WP A to be required or suppor ted f o[...]

  • Page 115

    Status Inf or mation 5-61 Status Information The Status page includes in f ormation on the follo wing items: Access Point Status The AP Status window displa ys basic system configuration settings, as well as th e settings for the wirele ss interface. AP System Configura tion – The AP System Configuration t abl e displays the basic system configur[...]

  • Page 116

    System Configuration 5-62 • System Up Time: Len gth of time the man agement agent h as been up . • MA C Address: The ph ysical lay er address f o r this de vice. • System Name : Name assigned to this system . • System Contact: Admin istrato r responsib le for the system. • IP Address: IP addr ess of the management int erf ace for this de [...]

  • Page 117

    Status Inf or mation 5-63 CLI Commands f or Displaying Syst em Settings – T o vie w the current acces s point system settin gs, use the show syst em command from the Ex ec mode. T o vie w the current radio interf ace settings , use the sho w interface wireless g command (see page 6-95 ). SMC-AP#show system 6-33 System Information ================[...]

  • Page 118

    System Configuration 5-64 Station Status The Station St atus window sho ws the wireless clients currently associated w ith the SMC25 52W -G. The Station Configur ation page displays ba sic connection inf ormation f or all associated stations as described belo w . Note that this page is automat ically refreshed every five seconds. • Station Addres[...]

  • Page 119

    Status Inf or mation 5-65 procedure allo ws the wireless system to tra ck the loca tion of each mobile clie nt, and ensure that frames destin ed for each client are f orwarded to the app ropriate access point. • F orw arding Allo wed: Shows if the station has passed 802. 1x authenticat ion and is n ow allowed to f or ward traffic to the access po[...]

  • Page 120

    System Configuration 5-66 Event Logs The Ev ent Logs windo w shows the log messages generated b y the acces s point and stored in m emor y . The Ev ent Logs tab le displays the f ollowing inf or mation: • Log Time: The time the log message was gen erated. • Ev ent Le v el: The logging le v el associated with this message. F or a description of [...]

  • Page 121

    Status Inf or mation 5-67 • WEP ke ys do not match: When t he access point uses “Shared K ey Authentication, ” but the ke y used by client and access point are not the same, the fram e will be decrypted incorrectly , using the wrong alg orithm and sequence nu mber . CLI Commands f or Displaying the Ev ent Logs – F rom the global configurati[...]

  • Page 122

    System Configuration 5-68[...]

  • Page 123

    6- 1 Chapter 6 Command Line Interface Using the Command Line Interface Accessing the CLI When accessing the manageme nt interf ace for the SMC2552W -G ov er a direct connecti on to the console port, or via a T elnet connect ion, the access point can be mana ged by entering command k eyw ords and par ameters at t he prompt. Using the access point’[...]

  • Page 124

    Command Line Interf ace 6-2 After connecti ng to the system th rough the con sole por t, the login screen displa ys : Note: Command examples shown l ater in this chapter abbre viate the console prompt to “SMC-AP” for simplicity. Telnet Connection T elnet operates over the IP transpor t protocol. In this envir onment, y our manage ment station a[...]

  • Page 125

    Entering Commands 6-3 After y ou configure t he access point with an IP address , you can open a T elnet session by performing the se steps. 1. F rom the remote host, enter the T elnet command and the IP address of the de vice you wa nt to access. 2. At the prompt, ent er the user name and system pass word. The CLI will displa y the “SMC Enter pr[...]

  • Page 126

    Command Line Interf ace 6-4 Y ou can enter commands as f ollows: • T o enter a sim ple command, enter t he command k eyw ord. • T o enter commands that require par ameters , enter the required par ameters after t he command k eyw ord. For e xample, to set a pass word f or the administrator , enter : SMC Enterprise AP(config)# username smith Min[...]

  • Page 127

    Entering Commands 6-5 list of valid ke ywor ds f or a specif ic command. For example, the command “ show ? ” displa ys a list of possible sho w commands: The command “ sho w interface? ” will displa y the f ollowing inf orm ation: Partial Keyword Lookup If yo u terminate a par tial ke yword with a question ma rk, alternatives that match the[...]

  • Page 128

    Command Line Interf ace 6-6 Negating the Effe ct of Commands F or man y configurat ion commands y ou can enter the prefix ke yword “ no ” to cancel the eff ect of a comman d or reset the configuratio n to the def ault value . For e xample, the logging command will log system messages to a host ser ver . T o disable logging, specify the no log g[...]

  • Page 129

    Entering Commands 6-7 Exec Commands When you open a new console session on access point , the system enters Ex e c command mode. Only a limited number of the commands are a vailab le in this mode. Y ou can access all other comm ands only f rom the co nfiguration mode. T o acc ess Ex ec mode, open a new co nsole session with the user name “admin. [...]

  • Page 130

    Command Line Interf ace 6-8 T o enter th e Global Configur ation mode , enter the command configure in Ex ec mode. The system pro mpt will change to “SMC Enter prise AP(config)#” which gives yo u access privilege to all Global Configur ation commands . T o ente r Interf ace mode, y ou must enter the “ interface ethernet ,” or “ interface [...]

  • Page 131

    Entering Commands 6-9 Ctrl-N Enters the next command l ine in the history buffer. Ctrl-P Shows the last command. Ctrl-R Repeats current command l ine on a new line . Ctrl-U Deletes the en tire line. Ctrl-W Deletes the last word typed. Esc-B Moves the cursor backward one word. Esc-D Deletes from the cursor to the end of the word. Esc-F Moves the cur[...]

  • Page 132

    Command Line Interf ace 6-10 Command Groups The system commands can be brok en down into the functi onal groups sho wn below . The access mode shown in the f o llowing tab les is indicated b y these abbreviations: GC (Global Configur ation), and IC (Int erf ace Configuration. Command Group Description Page General Basic commands for entering config[...]

  • Page 133

    General Commands 6-11 General Commands configure This command activ ates Global Configuration mo de. Y ou must enter this m ode to modif y most of the settings o n the acces s point. Y ou must also enter Glob al Configuratio n mode prior to enab ling the conte xt modes f or Interf ace Configuration. see “Using the Command Li ne Interf ace” on p[...]

  • Page 134

    Command Line Interf ace 6-12 end This command returns to the pre vious configuration mode . Default Setting None Command Mode Global Configur ation, Inter f ace Configuration Example This e xample shows how to retur n to the Configu ration mode from the Inter f ace Configur ation mode: exit This command returns to the Ex ec mode or e xits the confi[...]

  • Page 135

    General Commands 6-13 ping This command sends ICMP echo re quest pac kets to another node on the netw or k. Syntax ping < host_name | ip_address > • host_name - Alias of the host. • ip_address - IP add ress of the host. Default Setting None Command Mode Ex ec Command Usage • Use the ping command to see if another site on th e network ca[...]

  • Page 136

    Command Line Interf ace 6-14 reset This command r estar ts th e system or restor es the factory def ault settings. Syntax reset < boar d | configurat ion > • board - Reboots the system. • configur ation - Resets the conf iguration settin gs to the factory default s, and then reb oots the system. Default Setting None Command Mode Ex ec Com[...]

  • Page 137

    General Commands 6-15 Command Usage • The history bu ffer size is fixed at 10 comma nds. • Use the up or do wn arrow keys to scr oll through th e commands in the histo ry buffer. Example In this e xample, the show hi story command lists the contents of the command history buff er: show line This command displa ys the console por t’ s configur[...]

  • Page 138

    Command Line Interf ace 6-16 System Management Commands These commands are use d to configure the use r name, pass word, system logs, bro wser management options, cloc k settings , and a variety of other system inf or mation. Command Function Mode Page Country Setting Sets the co untry code for correct radi o operation country Sets the access point[...]

  • Page 139

    System Management Commands 6-17 logging console I nitiates logging of error messages to the console GC 6-25 logging l evel Defines the minimum severi ty level for event logging GC 6-26 logging facility-type Sets the facility type for remote logging of syslog messages GC 6-27 show logging Displays the state of l ogging Exec 6-27 System Clock Sets th[...]

  • Page 140

    Command Line Interf ace 6-18 country This command configures the access point’ s countr y code, which identifies the co untry of operation and sets t he authorized r adio channels. Syntax country < countr y_code > country_code - A two character code that identifies the country of operatio n. See the f ollowing tab le for a full list of code[...]

  • Page 141

    System Management Commands 6-19 Default Setting US - f or units sold in the United States 99 (no countr y set) - f o r units sold in other co untrie s Command Mode Ex ec Command Usage • If you purchased an access point outside of the United States, the coun try code must be set before radio func tions are enabled. • The available Country Co de [...]

  • Page 142

    Command Line Interf ace 6-20 prompt This command customiz es the CLI prompt. Use the no f or m to restore the def ault prompt. Syntax prompt str ing no pr ompt string - Any alphanum eric string to use f or the CLI pro mpt. (Maximum length : 255 chara cters) Default Setting SMC Enter prise AP Command Mode Global Configuration Example system name Thi[...]

  • Page 143

    System Management Commands 6-21 Command Mode Global Configuration Example username This command configu res the user name f or management access. Syntax username name name - The name of t he user . (Length: 3-16 cha racters , case sensitive) Default Setting admin Command Mode Global Configuration Example SMC-AP(config)#system name SMC-AP SMC-AP(con[...]

  • Page 144

    Command Line Interf ace 6-22 password After initially loggin g onto the system, y ou should set the passw ord. Remem ber to record it in a safe place. Use the no f or m to reset the def ault pass word. Syntax passw ord password no pass w ord passw ord - P asswor d f or manageme nt access . (Length: 3-16 cha racters , case sensitive) Default Setting[...]

  • Page 145

    System Management Commands 6-23 Command Mode Global Configuration Example Related Commands ip http se r v er (page 6-23) ip http server This command allows t his de vice to be monitored or configured from a bro wser . Use the no form to disable this fu nction. Syntax ip http server n o i p h t t p s e r v e r Default Setting Enabled Command Mode Gl[...]

  • Page 146

    Command Line Interf ace 6-24 logging on This command controls lo gging of error messages; i.e., sendin g debug or error me ssages to m emor y . T he no form disables the logging process . Syntax logging on no logging on Default Setting None Command Mode Global Configuration Command Usage The logging process con trols error messa ges sa v ed to memo[...]

  • Page 147

    System Management Commands 6-25 Default Setting None Command Mode Global Configuration Example logging console This command initiat es logging of error messages to the console . Use the no f or m to disable logging to th e console. Syntax logging console no logging cons ole Default Setting Disabled Command Mode Global Configuration Example SMC-AP(c[...]

  • Page 148

    Command Line Interf ace 6-26 logging level This command sets the minim um se verity le v el for e vent logging. Syntax logging level < Aler t | Critical | Er r or | War n i n g | Notice | Informational | Deb u g > Default Setting Error Command Mode Global Configuration Command Usage Messages sent include th e selected le vel do wn to Aler t l[...]

  • Page 149

    System Management Commands 6-27 logging facility-type This command sets the facility type f or remote logging of syslog messages . Syntax logging facil ity-type < type> type - A number that indicates th e f acility used by the syslog ser v er to dispatch log messages to a n appropriate ser vice. (Range: 16 -23) Default Setting 16 Command Mode[...]

  • Page 150

    Command Line Interf ace 6-28 Example sntp-server ip This command sets the IP add ress of the servers to which SNTP time requests ar e issued. Use th e this command with no arguments to clear all t ime ser vers from the cu rrent list. Syntax sntp-ser ver ip < 1 | 2 > < ip> • 1 - First time server. • 2 - Second time server. • ip - I[...]

  • Page 151

    System Management Commands 6-29 Command Usage When SNTP client m ode is enab led using the sntp-s erver enable command, the sntp-server ip command specifies the time ser vers from which the access point polls f or time updates. The access point will poll the time ser vers in the order specified until a resp onse is receiv ed. Example Related Comman[...]

  • Page 152

    Command Line Interf ace 6-30 Example Related Commands sntp-server ip (page 6-28) show sntp (page 6-32) sntp-server date-time This command sets the system cloc k. Default Setting 00:14:00, J anuary 1, 1970 Command Mode Global Configuration Example This e x ample sets the system cloc k to 17:37 J a nuary 10, 2004. Related Commands sntp-server enab le[...]

  • Page 153

    System Management Commands 6-31 sntp-server daylight-saving This command sets the sta r t and end dates f or da ylight sa vings time. Use the no f o rm t o disable daylight sa vings time. Syntax sntp-ser ver daylight-saving no sntp-server da ylight-saving Default Setting Disabled Command Mode Global Configuration Command Usage The command sets the [...]

  • Page 154

    Command Line Interf ace 6-32 sntp-server timezone This command sets the t ime zone f or the access point ’ s internal clock. Syntax sntp-ser ver timezone < hours> hours - Number of hours bef ore/after UTC . (Range: -12 to +12 hours) Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone re[...]

  • Page 155

    System Management Commands 6-33 Example show system This command displays basic system configuration settings. Default Setting None Command Mode Ex ec SMC-AP#show sntp SNTP Information ========================================================= Service State : Enabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.18 Current Time [...]

  • Page 156

    Command Line Interf ace 6-34 Example show version This command displa ys the software v ersion for the system. Default Setting None Command Mode Ex ec Example SMC-AP#show system System Information =========================================================== Serial Number : A341042933 System Up time : 0 days, 1 hours, 8 minutes, 9 seconds System Name[...]

  • Page 157

    SNMP Commands 6-35 SNMP Commands Controls access to th is access point from management stat ions using the Simple Network Management Prot ocol (SNMP), as well as the hosts that will receive trap messages . snmp-server community This command def ines the com munity a ccess string f or the Simple Network Management Protocol. Use the no f orm to remov[...]

  • Page 158

    Command Line Interf ace 6-36 • ro - Specifies read-only access. Aut horized management stations are only able t o retrieve MIB objects. • rw - Specifies read/write access. Aut horized management stations are able to bot h retrieve and modify MIB obje cts. Default Setting • public - Read-only acce ss. Authorized ma nagement stations are only a[...]

  • Page 159

    SNMP Commands 6-37 Command Mode Global Configuration Example Related Commands snmp-ser ver location (page 6-39) snmp-server enable server This command ena ble s SNMP management access and al so enables this de vice to send SNMP traps (i.e., notifications). Use the no form to disable SNMP ser vic e and trap messages. Syntax snmp-serv er enable serve[...]

  • Page 160

    Command Line Interf ace 6-38 Related Commands snmp-ser ver host (page 6-38) snmp-server host This command specif ies the recipient of an SNMP noti fication. Use the no f or m to remove the specified h ost. Syntax snmp-server host < host_ip_address | host_name > <community-string> no snmp-server host • host_ip_ address - IP o f the hos[...]

  • Page 161

    SNMP Commands 6-39 Example Related Commands snmp-ser ver enable ser ver (page 6-37) snmp-server location This command sets the system loca tion string. Use the no for m to remove the location str ing. Syntax snmp-server loca tion text no snmp-server location te xt - String that describes the system location. (Maximum length : 20 character s) Defaul[...]

  • Page 162

    Command Line Interf ace 6-40 show snmp This command displa ys the SNMP configuration settings . Command Mode Ex ec Example Flash/File Commands These commands are use d to manage the syste m code or configuration files. SMC-AP#show snmp SNMP Information ============================================ Service State : Enable Community (ro) : ***** Commun[...]

  • Page 163

    Flash/File Commands 6-41 bootfile This command specifies the image used to star t up the system. Syntax bootfile < filename > filename - Name of the ima ge file. Default Setting None Command Mode Ex ec Command Usage • The file name shou ld not contain slashes ( or /), the lea ding letter of the file name should not b e a perio d (.), an d [...]

  • Page 164

    Command Line Interf ace 6-42 copy This command copies a boot file , code image , or configuration fi le between t he access point’ s flash memor y and a FTP/TFTP server . When you sav e the configuration se ttings to a file on a FTP/TFTP server , that file can later be downloade d to the access point to restore system operation. The success of t [...]

  • Page 165

    Flash/File Commands 6-43 server is 255 characters or 32 chara cters for files on the access point. (V alid characters : A-Z, a-z, 0-9, “.”, “-”, “_”) • Due to the size limit of the flash mem ory, the access po int supports only two opera tion code files. • The system configu ration file must be named “syscfg” in all copy command[...]

  • Page 166

    Command Line Interf ace 6-44 Command Mode Ex ec Note: Beware of deleting application images from flash memory. At leas t one application image is required in order to boot the access point. If there are multiple image files in flash memory, and the one used to boot the access p oint is deleted, be sure you first use the bootfile command to update t[...]

  • Page 167

    RADIUS Client 6-45 Example The f ollowing ex ample shows ho w to display all file inf or mation: RADIUS Client Remote Authentication D ial-in Us er Ser vice (RADIUS) is a logon authentica tion protocol that uses softw are running on a centr al ser v er to control a ccess for RADIUS-aw are devices to the network. An authent ication server contains a[...]

  • Page 168

    Command Line Interf ace 6-46 radius-server address This command specif ies the pr imar y and secondar y RADIUS ser v ers. Syntax radius-server address [ secondary ] < host_ip_address | host_name> • secondar y - Secondary server. • host_ip_ address - IP address of server. • host_name - Host name of server. (R ange: 1-20 characters ) Defa[...]

  • Page 169

    RADIUS Client 6-47 Example radius-server key This command sets the RADIUS encryption ke y . Syntax radius-server [ secondary ] key < key_string> • secondar y - Secondary server. • key_string - Encryption key used to authe nticate logon access for c lient. Do no t use blank spaces in th e string. (Maximum length: 20 ch aracters) Default Se[...]

  • Page 170

    Command Line Interf ace 6-48 Default Setting 3 Command Mode Global Configuration Example radius-server timeout This command sets the int erval betwee n transmitt ing authenti cation reque sts to the RADI US ser v er . Syntax radius-server [ secondary ] timeout number _of_seconds • secondar y - Secondary server. • number_of_ seconds - Number of [...]

  • Page 171

    RADIUS Client 6-49 show radius This command displa ys the current settings f or the RADIUS ser v er . Default Setting None Command Mode Ex ec Example SMC-AP#show radius Radius Server Information ======================================== IP : 192.168.1.25 Port : 1812 Key : ***** Retransmit : 5 Timeout : 10 ======================================== Rad[...]

  • Page 172

    Command Line Interf ace 6-50 802.1x Port Authentication The access point supports IEEE 802.1x access control f or wireless clients. Th is control f eature prev ents unauthorized access to the networ k by requirin g a 802.1x client applica tion to submit user credentials f or authentication. Cl ient authenticat ion is then v erified via by a RADIUS [...]

  • Page 173

    802.1x P or t Authentication 6-51 802.1x This command co nfigures 802.1x a s optionally sup por ted or as required f or wireless clients. Use the no f orm to disable 802.1x suppor t. Syntax 802.1x < supported | required > no 802.1x • supported - Aut henticates clients th at initiate the 802.1x authentication pr ocess. Uses standard 802.1 1 [...]

  • Page 174

    Command Line Interf ace 6-52 authentication process (i.e ., the access point does NOT initiate 802.1x authentication). For stations init iating 802.1x, only those stations successfully au thenticated ar e allowed to access the networ k. For those stations not initiatin g 802.1x, access to the network is allowed af ter successful 802.11 as sociation[...]

  • Page 175

    802.1x P or t Authentication 6-53 Command Usage • The access point uses EAPOL (Extensible Authentication Protocol Over LANs) packets to pass dynamic unicast session and broadcast keys to wireless clients. Th e 802.1x broadcast-key -refresh-ra te command specif ies the interval after which the broadcast keys are chan ged. The 802.1x ses sion-key-r[...]

  • Page 176

    Command Line Interf ace 6-54 Example 802.1x session-timeout This command sets the time perio d after which a connecte d client must be re-auth enticated. Use th e no f or m to disable 802.1x re-authenticat ion. Syntax 802.1x sess ion-timeout < seconds> no 802.1x se ssion-time out seconds - The number of seconds. (Range: 0-655 35) Default 0 (D[...]

  • Page 177

    802.1x P or t Authentication 6-55 Default allowed Command Mode Global Configuration Example Related Commands address filter en try (page 6-55) show a uthentica tion (page 6- 59) address filter entry This command enter s a MA C address in the f ilter tab le. Syntax addres s filter ent ry < mac-addr ess> < allowed | denie d > • mac-addr[...]

  • Page 178

    Command Line Interf ace 6-56 • An entry in the ad dress table may be allowe d or denied access depending on the global sett ing configured for the address entry def ault command. Example Related Commands address filter def ault (page 6-54) show a uthentica tion (page 6- 59) address filter delete This command deletes a MA C address from the filter[...]

  • Page 179

    802.1x P or t Authentication 6-57 mac-authentication server This command sets add ress filtering to be pe rf or med with local or remote opt ions . Use the no f or m to disab le MA C address authenti cation. Syntax mac-authenti cation server [ local | remote ] • local - Authenticate the MAC address of wireless clients with the local authenticat i[...]

  • Page 180

    Command Line Interf ace 6-58 mac-authenticati on session-timeout This command sets the inter val at which associated clients will be re-authenticat ed with the RADIUS server authenticatio n database. Use th e no form to disable re authentication . Syntax mac-authen tication sess ion-timeout < seconds> seconds - Re-authentica tion interval. (R[...]

  • Page 181

    802.1x P or t Authentication 6-59 show authentication This command sho ws all 802.1x authenticat ion settings, as well as the address filter tab le. Command Mode Ex ec Example SMC-AP#show authentication Authentication Information ========================================================= MAC Authentication Server : REMOTE MAC Auth Session Timeout Va[...]

  • Page 182

    Command Line Interf ace 6-60 Filtering Commands The commands described in this se ction are used to filte r communication s between wire less clients, control access to th e management int erf ace from wireless clients, and f ilter tr affic using specific Eth er net protocol t ypes. filter local-bridge This command disab les communication betwe en [...]

  • Page 183

    Filtering Commands 6-61 Command Usage This command can disab le wireless-to-wireless communication s between client s via the access point. Howe ve r , it does not aff ect communications betw een wireless clients and the wired network . Example filter ap-manage This command pre vents wireless cl ients from accessing the management inter f ace on th[...]

  • Page 184

    Command Line Interf ace 6-62 filter ethern et-type enable This command chec ks the Ethernet type on all incoming and outgoing Ethernet pac ket s against the protocol filt ering table . Use the no form to disable this feature. Syntax filter ethern et-type enab le no filter etherne t-type enab le Default Disabled Command Mode Global Configuration Com[...]

  • Page 185

    Filtering Commands 6-63 filter ethern et-type protocol This command sets a filter f or a specific Ethernet type. Use the no f orm to disable filterin g f or a specific Et her net type. Syntax filter ethernet-t ype pr otocol < protocol> no filter ethernet-ty pe pr otocol < protocol> protocol - An Ether net protocol typ e. (Options: ARP ,[...]

  • Page 186

    Command Line Interf ace 6-64 show filters This command sho ws the filter op tions and protocol entries in the filter table . Command Mode Ex ec Example SMC-AP#show filters Protocol Filter Information ========================================================= Local Bridge :ENABLED AP Management :ENABLED Ethernet Type Filter :ENABLED Enabled Protocol [...]

  • Page 187

    Interf ace Commands 6-65 Interface Commands The commands described in this se ction configu re connection parameters for the Ether net por t and wireless interface. Command Function Mode Pa ge General Interface interface Enters specified interface configura tion mode GC 6-68 Ethernet Interface dns primary-server Specifies the primary name server IC[...]

  • Page 188

    Command Line Interf ace 6-66 speed Configures the maximum data rate at which a station can connect to the access point IC-W 6-76 channel Configures the radio channel IC-W 6-7 7 ssid Configures the service set identifier IC-W 6-78 beacon-interval Con figures the rate at which beacon signals are transmitted from the access point IC-W 6-78 dtim-period[...]

  • Page 189

    Interf ace Commands 6-67 transmit-key Sets the index of the key to be used for encryp ting data frames sent between the access point and wireless clients IC-W 6-85 transmit-power Adjusts the power of the radio signals transmitted from the access point IC-W 6-86 max-association Con figures the maximum number of clients that can be associated with th[...]

  • Page 190

    Command Line Interf ace 6-68 interface This command configures an interf ace type and enters interf ace configuration m ode. Syntax interface < ethernet | wireles s < g >> • ethernet - Interf ace for w ired network . • wireless - Interface for wireless clients. • g - 802.11g radio interface. Default Setting None Command Mode Globa[...]

  • Page 191

    Interf ace Commands 6-69 Default Setting None Command Mode Global Configuration Command Usage The primar y and secondar y name servers are queried in sequence. Example This e xample specif ies two domain-name ser vers. Related Commands show in terf ace ether net (page 6 -72) ip address This command sets the IP address f or the (10/100Base-TX) Ether[...]

  • Page 192

    Command Line Interf ace 6-70 Default Setting IP address: 19 2.168.2.2 Netmask: 255.255. 255.0 Command Mode Interf ace Configuration (Et hernet) Command Usage • DHCP is enabled by default. To manua lly configure a n ew IP address, you must first disable the DHCP client with the no ip dhcp comma nd. • You must assign an IP addr ess to this device[...]

  • Page 193

    Interf ace Commands 6-71 ip dhcp This command sets the IP addr ess f or the currently select ed ether net i nterface. Use the no f orm to restore the def ault IP address . Syntax ip dhcp no ip dhcp Default Setting Enabled Command Mode Interf ace Configuration (Et hernet) Command Usage • You must assign an IP address to this device to gain managem[...]

  • Page 194

    Command Line Interf ace 6-72 Related Commands ip address (p age 6-69) shutdown This command disab les the Ethernet interf ace. T o restart a disab led interf ace, use the no for m . Syntax shutdown no shutdo wn Default Setting Interface enabled Command Mode Interf ace Configuration (Et hernet) Command Usage This command allo ws you to disab le the [...]

  • Page 195

    Interf ace Commands 6-73 Default Setting Ether net interface Command Mode Ex ec Example radio-mode This command sets the wo rking mode f or the wireless interf ace. Syntax radio-mode < b | g | b+g > • b - b-only mode: Both 802.11b and 80 2.11g clients can communicate with th e access point, but 802.11g clients ca n only transfer data at 802[...]

  • Page 196

    Command Line Interf ace 6-74 Command Mode Interf ace Configuration (Wireless g ) Example select-antenna-mode This command selects the b uilt-in antennas or an optional high-gain an tenna attach ed to the soc ket on the right ante nna. Syntax select-antenna -mode < diversity | right antenna > • diver sity - Selects the built-in antenn as. Th[...]

  • Page 197

    Interf ace Commands 6-75 description This command adds a description to a the wireless interf ace. Use the no form to remove the description. Syntax description < str ing > no description string - Comment or a description f or this interf ace. (Range: 1- 80 characters) Default Setting None Command Mode Interf ace Configuration (Wireless) Exam[...]

  • Page 198

    Command Line Interf ace 6-76 Command Usage When SSID broadcast is disa bled, the access point will not include its SSID in beacon messages. No r will it respond to probe request s from clients that do not include a fix ed SSID . Example speed This command configures t he maximu m data rate at which a station can connect to the access point. Syntax [...]

  • Page 199

    Interf ace Commands 6-77 channel This command configures the r adio channel through which the access point communicates with wireless clients. Syntax channel < channel | auto > • channel - Manuall y sets the radio ch annel used for communications with wireless clients. ( Range: 802.1 1g - 1 to 11 for US & Cana da, 10 to 13 f or France, [...]

  • Page 200

    Command Line Interf ace 6-78 ssid This command configures the service set identifier (SSID). Syntax ssid string string - The name of a basic service set suppor ted by the access point. (Range: 1 - 32 ch aracters ) Default Setting smc Command Mode Interf ace Configuration (Wireless) Command Usage Clients that want to connect to the wireless network [...]

  • Page 201

    Interf ace Commands 6-79 Command Mode Interf ace Configuration (Wireless) Command Usage The beacon signal s allow wireless clients to maintain contact with the access point. They ma y also carr y pow er-managem ent inf or mation. Example dtim-period This command configures the r ate at which stations in sleep mode must wake up to receive broadcas t[...]

  • Page 202

    Command Line Interf ace 6-80 indicates that the access point will save all broadcast/ multicast fram es for the Basic Service Set (BSS) and forward th em after every seco nd beacon. • Using smaller DTIM inter vals delivers broadcast/ multicast frames in a more timely manner, causing stations in Power Save mode to wake up more ofte n and drain pow[...]

  • Page 203

    Interf ace Commands 6-81 collisions due to high network utilization, try setting the fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to s et the fragm ent size larg er if very little o r no interferen ce is present becau se it requires overhead to send multiple frames. [...]

  • Page 204

    Command Line Interf ace 6-82 RTS frame, the station sends a CT S frame to notify the sending station that it can start se nding data. • Access p oints contending for the wirele ss medium may not be aware of each other. The RTS/CTS mechanism can solve this “Hidden Node” problem. Example authentication This command def ines the 80 2.11 auth ent[...]

  • Page 205

    Interf ace Commands 6-83 Example Related Commands encr yption (page 6-83) ke y (page 6-84) encryption This command def ines whether or not WEP encryption is used to provide p rivacy f or wireless communications. Use t he no f or m to disable encr yption. Syntax encryption < ke y-length> no encryptio n ke y-length - Size of encr yp tion ke y .[...]

  • Page 206

    Command Line Interf ace 6-84 • Note that WEP pro tects data tran smitted between wireless nodes, but does not protect any transmissions over your wired network or over the I nternet. Example Related Commands ke y (page 6-84) key This command sets the k eys used f or WEP encr yption. Use the no f or m to delete a configured k e y . Syntax key <[...]

  • Page 207

    Interf ace Commands 6-85 specify the key lengt h, and use the key co mmand to configure at l east one key. • If WEP is enabled, all wireless clients must b e configured with the same shared keys to communicate with the access point. • The encrypti on length specified in the encrypt ion command and t he key com mand must matc h. • The encrypt [...]

  • Page 208

    Command Line Interf ace 6-86 Command Usage • If you use WEP key encryptio n, the access point us es the transmit key to en crypt multicas t and broadcas t data signals that it sends to client device s. Other keys can be used for decryption of data from clients. • When using IEEE 802.1x, t he access point uses a dynamic WEP key to encrypt unicas[...]

  • Page 209

    Interf ace Commands 6-87 number of users in an are a, you must k eep the power as low as possible. Power selection is no t just a trade off between coverage area and ma ximum supported clie nts. You also have to ensure that hig h strength signals do n ot interfere with the operation of other radio device s in your area. Example max-association This[...]

  • Page 210

    Command Line Interf ace 6-88 multicast-cipher This command def ines the cipher algorithm used f or broadcasting and multicasting when using Wi -Fi Protected Access (WP A) security . Syntax mu lticast-ci pher < AES | TKIP | WEP > • AES - Advanced Encr yption Standar d • TKIP - Temporal Key Integr ity Protocol • WEP - Wired Equivalent Pri[...]

  • Page 211

    Interf ace Commands 6-89 • TKIP defends aga inst attacks on WEP in which the unencrypted initialization vect or in encrypte d packets is used to calculate t he WEP key. TKIP changes the encryption key on each packet , and rotates not just the unicast keys, but the broadcas t keys as well. TKIP is a replacement for WEP that remo ves the predictabi[...]

  • Page 212

    Command Line Interf ace 6-90 Command Usage Wi-Fi Protected Access (WP A) pro vides improve d data encr yption, which w as weak in WEP , and user authentication, which was largely missing in WEP . WP A uses the f ollowing security mechanisms. Enhanced D ata Encr ypti on through TKIP WP A uses T emporal Ke y I ntegrity Pr otocol (TKIP ). TKIP prov id[...]

  • Page 213

    Interf ace Commands 6-91 wpa-mode This command specifies whethe r Wi-Fi Protected Access (W P A) is to use 802.1x dyn amic ke ys or a pre-shared ke y . Syntax wpa-mode < dyna mi c | pre-sh ared-key > • dynamic - WPA with 802.1x dynamic keys. • pre-shar ed-key - WPA with a pre-share d key. Default Setting dynamic Command Mode Interf ace Co[...]

  • Page 214

    Command Line Interf ace 6-92 wpa-preshared-key This command define s a Wi-Fi Pr otected Access (WP A) preshar ed-ke y . Syntax wpa-preshared-ke y < type> < va l u e > • type - Input format. (Options : ASCII, HEX) • value - The key string. For ASCII input, use 5/13 alphanumeric charact ers for 64/128 bit strings. For HEX input, use 1[...]

  • Page 215

    Interf ace Commands 6-93 wpa-psk-type This command define s the Wi-Fi Pr otected Access ( WP A) preshared -ke y type. Syntax wpa-psk-type < type> type - Input format. (Optio ns: Alphanumer ic, HEX) Default Setting HEX Command Mode Interf ace Configuration (Wireless) Example Related Commands wpa-presha red-key (page 6-92) SMC-AP(if-wireless g)[...]

  • Page 216

    Command Line Interf ace 6-94 shutdown This command disab les the wireless interf ace. Use the no fo r m t o restart the interf ace . Syntax shutdown no shutdo wn Default Setting Interface enabled Command Mode Interf ace Configuration (Wireless) Example SMC-AP(if-wireless g)#shutdown SMC-AP(if-wireless g)#[...]

  • Page 217

    Interf ace Commands 6-95 show interface wireless This command displa ys the status for the wireless inter f ace. Syntax show i nterface wi reless < g > • g - 802.11g radio interface. Command Mode Ex ec Example SMC-AP#show interface wireless g Wireless Interface Information ========================================================= ----------[...]

  • Page 218

    Command Line Interf ace 6-96 show station This command sho ws the wireless clients associated with the access point. Command Mode Ex ec Example SMC-AP#show station 802.11g Station Table Station Address : 00-04-E2-41-C2-9D Authenticated : TRUE Associated : TRUE Forwarding Allowed : TRUE SMC-AP#[...]

  • Page 219

    IAPP Commands 6-97 IAPP Commands The command described in this section enab les the protocol signaling required to ensu re the successful han dov er of wireless clients roaming between different 802.11f-co mpliant access points . In other w ords, the 802.11f pr otocol can ensure successful roam ing between access po ints in a multi-vendor envir onm[...]

  • Page 220

    Command Line Interf ace 6-98 VLAN Commands The access point can en able th e suppor t of VLAN-tagged tr affic passing betwe en wireless clients and the wired network. Up to 16 VLAN IDs can be mapped to spec ific wireless c lients, allowing users to remain within t he same VLAN as the y move arou nd a campus site. When VLAN is enab led on the access[...]

  • Page 221

    VLAN Commands 6-99 vlan This command enab les VLANs f or all traffic. Use the no form to disable VLANs. Syntax vlan enable no vlan Default Disabled Command Mode Global Configuration Command Description • When VLANs are en abled, the access point tags frames received from wireless clients with th e VLAN ID configured for each client on the RADIUS [...]

  • Page 222

    Command Line Interf ace 6-100 native-vlanid This command configures t he nativ e VLAN ID for the acce ss point. Syntax native-vla nid < vlan-id> vlan-id - Native VLAN ID . (Ran ge: 1-16) Default Setting 1 Command Mode Global Configuration Command Usage When VLANs are en abled on the access point, a VLAN ID (a number betw een 1 and 4095) can b[...]

  • Page 223

    A-1 Appendix A Troubleshooting Check the f ollowing items bef o re you contact local T echnical Suppor t. 1. If wireless clients cannot access the ne twork, check the f ollowing: • Be sure the access point and th e wireless clients are configured with the sa me Service Set ID (SSID). • If authen tication or encryption are ena bled, ensure that [...]

  • Page 224

    T roubleshooting A-2 2. If the access point cannot be configured using the T elnet, a web bro wser , or SNMP software: • Be sure to have configur ed the access point with a valid IP address, subn et mask and default gateway. • If VLANs are ena bled on the access point, the management st ation should be configured to send ta gged frames with a V[...]

  • Page 225

    T roubleshooting A-3 4. If yo u f orgot or lost th e pass word: • Set the access point to its def ault configuration by pressing the reset button on the back panel for 5 seconds or more. Then use the def ault user name “ admin” with the password “smcadmin ” to access the manag ement interface. 5. If all other recov er y measure f a il, an[...]

  • Page 226

    T roubleshooting A-4 Maximum Distance Table Important Notice Maximum distances post ed below are actual tested distance thresholds . Howe ver , there are many va riables such as barrier composition and construction and local environ mental inte rf erence that ma y impact your actual distances and cause y ou to experience distance th resholds f ar l[...]

  • Page 227

    B-1 Appendix B Cables and Pinouts Twisted-Pair Cable Assignments Caution: DO NOT plug a phone jack connector into the RJ-45 port. Use only twisted-pair cables with RJ-45 connectors that conform with FCC standards. F or 10/100BASE-TX conn ections , a twisted-pair cab le must ha v e two pairs of wires. Each wire pair is identified by two different co[...]

  • Page 228

    Cables and Pinouts B-2 10/100BASE-TX Pin Assignments Use unshielded twiste d-pair (UTP) or shielded twisted-pair (STP) cabl e f or RJ-45 conn ections: 100-ohm Ca tegory 3 or better cable f or 10 Mbps connec tions, or 100-ohm Cate gor y 5 or better cable f or 100 Mbps conne ctions. Also be sure that the length of any twisted-pair connection does not[...]

  • Page 229

    T wisted-P air Cab le Assignments B-3 Straight-Through Wiring Because the 10/100 Mb ps por t on the access point uses an MDI pin configur ation, you must use “st raight -through” cab le fo r network connections to hub s or s witches that only ha ve MDI-X por ts. Ho we ver , if the device to which y ou are connecting suppor ts auto-MDIX oper ati[...]

  • Page 230

    Cables and Pinouts B-4 Console Port Pin Assignments The DB-9 DCE serial por t on the front pan el of the SMC255 2W -G is used to connect to the access point f or out-of-band console configuratio n. The command-line config uration pr ogr am can be accessed from a termin al, or a PC runnin g a ter minal emulation progr am. The pin assignment s used t[...]

  • Page 231

    Console P or t Pin Assignments B-5 Serial Cable Signal Dir ections for DB-9 Ports DB-9 to DB-9 AP Terminal or PC 1 2 3 4 5 6 7 8 9 5 4 3 2 1 9 8 7 6 Reserved Reserved Reserved Reserved[...]

  • Page 232

    Cables and Pinouts B-6[...]

  • Page 233

    C-1 Appendix C Specifications General Specifications Maxim um Channels 802.11b/g: FCC/IC: 1-11, ETS I: 1-13, France : 10-13, MKK: 1-14 Maxim um Clients 64 Operating Range See “Maximu m Distance T able” on page A-4 Data Rate 802.11g: 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps pe r channel 802.11b: 1, 2, 5.5, 11 Mbps per ch annel Modulation T ype 802.[...]

  • Page 234

    Specifications C-2 P ower supply Input: 100-24 0 A C , 50-60 Hz Output: 3.3 VDC, 4A P ower consumption: 13 .2 watts P oE (DC) Input v oltage: 48 vo lts , 0.27A, 12.96 w atts Note: Power can also be provided to the access point through the Ethernet port based on IEEE 802. 3af Power over Ethernet (PoE) specifications. When both PoE is provided and th[...]

  • Page 235

    General Specifications C-3 EMC Compliance (Cla ss B) FCC Class B (US) ICES-003 (Canad a) VCCI (Japan) RCR STD-33A Radio Signal Certification FCC P ar t 15.247 (2.4GHz) FCC par t 15 15.407(b), CISPR 22 -96 RSS-210 (Canada) EN 55022, EN55024, EN 300.328 EN 300 826, EN 61000- 3-2, EN61000-3-3 ETSI300.328; ETS 300 82 6 (802.11b) MPT RCR std.33 (D33 1~1[...]

  • Page 236

    Specifications C-4 Sensitivity IEEE 802.11g Data Rate Sensitivity (dBm) 6 Mbps -88 9 Mbps -87 12 Mbps -86 17 Mbps -85 24 Mbps -81 36 Mbps -77 48 Mbps -72 54 Mbps -70 IEEE 802.11b Data Rate Sensitivity (dBm) 1 Mbps -93 2 Mbps -90 5.5 Mbps -90 11 Mbps -87[...]

  • Page 237

    General Specifications C-5 Transmit Power IEEE 802.11g Maximum Outp ut Power (GHz - dBm) Data Rate 2 .412 2.417~2.467 2.472 6 Mbps 20 20 18 9 Mbps 20 20 18 12 Mbps 20 20 18 18 Mbps 20 20 18 24 Mbps 20 20 18 36 Mbps 18 19 17 48 Mbps 17 16 15 54 Mbps 15 14 13 IEEE 802.11b Maximum Outp ut Power (GHz - dBm) Data Rate 2 .412 2.417~2.467 2.472 1 Mbps 15 [...]

  • Page 238

    Specifications C-6[...]

  • Page 239

    Glossary-1 Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet ov er two pairs of Category 3 or better UTP cable . 100BASE-TX IEEE 802.3u specificat ion fo r 100 Mbps F ast Ether net ov er two pairs of Cate gory 5 or better UTP cable . Access Poin t A networking de vice that seamle ssly conn ects wired an d wireless networ ks. Access po[...]

  • Page 240

    Glossar y Glossary-2 Backbone The core infr astructure of a network. The portion of the network that tran spor ts inf or mation from one centra l location to anothe r central location where it is unloa ded onto a local system. Basic Service Set (BSS) A set of 802.11-comp liant stations and an access point th at operat e as a fully-connected wire le[...]

  • Page 241

    Glossar y Glossary-3 Extended Service Set (ESS) More than one wi reless cell can be configur ed with the same Service Set Identifier to allo w mobile users can roam between diff erent cells with the Extended Service Set. Extensible Au thentication Protocol (EAP) An authentication pr otocol used to authenticat e networ k clients. EAP is combined wit[...]

  • Page 242

    Glossar y Glossary-4 IEEE 802.11g A wireless standard that supports wireless communications in the 2.4 GHz band using Or thogonal F requency Division Multiple xing (OFDM). The stan dard provides for data rates of 6, 9, 11, 12, 18 , 24, 36, 48, 54 Mbps. IEEE 802.11g is also backw ard compatible with IEEE 802.11b . IEEE 802.1x P or t A uthentication [...]

  • Page 243

    Glossar y Glossary-5 Open System A security option which broadcasts a beacon sig nal including the access point’ s configured SSID . Wireless clients can read the SSID from the beacon, and automatica lly reset their SSID to allow immediate connectio n to the nearest acc ess point. Orthogonal Frequency Division Multiplexing (O DFM) OFDM/ allows mu[...]

  • Page 244

    Glossar y Glossary-6 Session Key Session ke ys are unique to each client, and are used to authentica te a client connection, an d correlate tr affic passing between a specific client and t he access point. Shared Key A shared k e y can be used to authe nticate each client attached to a wireless network. Shared K e y authenticatio n must be used alo[...]

  • Page 245

    Glossar y Glossary-7 Wi-Fi Protected Access WP A emplo ys 802.1x as its basic fr ame work f or user authentica tion and dynamic k ey management to prov ide an enhanced security solution f or 802.11 wirele ss netw orks. Wired Equivalent Priv acy ( WEP) WEP is based on the use of secu rity keys and the popular RC4 encr yption algorithm. Wireless devi[...]

  • Page 246

    Glossar y Glossary-8[...]

  • Page 247

    Index-1 A Advanced Encrypti on Standard See AES AES 5-56 antennas, positioning 2 -4 authentication 5-12, 6 -82 configuring 5-12, 6 -82 MAC address 5-13, 6-54, 6-5 5 type 5-47, 6-76 B Basic Service Set See BSS beacon interval 5-43, 6-78 rate 5-43, 6-79 BOOTP 6-69, 6-71 BSS 3-3 C cable assignments B-1 crossover B-3 straight-through B-3 channel 5-42, [...]

  • Page 248

    Index Index-2 filter 5-20, 6-54 address 5-12, 6-54 between wireless clients 5-22, 6-60 local bridge 5-22, 6-60 local or remote 5-12, 6-57 management access 5-22, 6-61 protocol types 5-22, 6-62 VLANs 5-20, 6-98 firmware displaying version 5-31, 6-34 upgrading 5-30 , 5-31, 6-42 fragmentation 6-80 G gateway address 4-3, 5-7, 6-2, 6-69 H hardware versi[...]

  • Page 249

    Index Index-3 O OFDM 1-1 open system 5-47 operating frequency C-1 P package checklist 1-2 password configuring 5-28, 6 -22 management 5-28, 6-22 pin assignments console port B-4 DB-9 port B-4 PoE 1-6 specifications C-2 power connection 2-4 Power over Ethernet See PoE power supply, specification s C-2 PSK 5-55, 6-91 R radio channel 802.11a interface[...]

  • Page 250

    Index Index-4 T Telnet for managenet access 6-2 Temporal Key Integrity Protocol See TKIP time zone 5-37, 6-32 TKIP 5-55, 6-88 transmit power, configuring 5-42 , 6-86 trap destination 5-26, 6-38 trap manager 5-26, 6-38 troubleshooting A -1 U upgrading software 5-30, 6-42 user name, manager 5-28 , 6-21 user password 5-28, 6-21, 6-22 V VLAN configurat[...]

  • Page 251

    [...]

  • Page 252

    38 T esla Irvine, CA 92618 Phone: (949) 679-8000 FOR TECH NICAL SUPPOR T , CALL: From U.S.A. and Canada (24 hours a day , 7 days a week) (800) SMC-4-YOU; Phn: (949) 679-8000; Fax: (949) 679-1481 From Europe: C o ntact details can be found on www .smc-europe .com or www.smc .com INTERNET E-mail addresses: techsupport@smc.com european.techsupport@smc[...]