Edge-Core EAP8518 UK manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Edge-Core EAP8518 UK, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Edge-Core EAP8518 UK one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Edge-Core EAP8518 UK. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Edge-Core EAP8518 UK should contain:
- informations concerning technical data of Edge-Core EAP8518 UK
- name of the manufacturer and a year of construction of the Edge-Core EAP8518 UK item
- rules of operation, control and maintenance of the Edge-Core EAP8518 UK item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Edge-Core EAP8518 UK alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Edge-Core EAP8518 UK, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Edge-Core service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Edge-Core EAP8518 UK.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Edge-Core EAP8518 UK item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    User Guide www .edge-core .com EAP8518 802.11n Access Point[...]

  • Page 2

    U SER G UIDE EAP8518 IEEE 802.11n Access Point EAP8518 E092009-D T -R01 149100000037A[...]

  • Page 3

    – 3 – C OMPLIANCES F EDERAL C OMM UNICA TION C OMMISSIO N I NTERF ERENCE S TATEMENT This equipment has been tested and found to compl y with the limits for a Class B digital device, p ursuant to P art 15 of the FCC Rules. These limit s are designed to provi de reasonable protection against harmful interference in a residential install ation. Th[...]

  • Page 4

    C OMPLIANCES – 4 – IMPOR T ANT NO TE: FCC R ADIATION E XPOSURE S TATEMENT This equipment complies with FC C radiat ion exposure limits set forth for an uncontrolled environment. This eq uipment should be installed and operated with minimum distance 20 cm bet ween the radiator & y our body . IC S TAT EMENT : This Class B digital apparatus c [...]

  • Page 5

    C OMPLIANCES – 5 – A USTRALI A /N EW Z EALAND AS/NZS 4771 T AIWAN NCC 根據交通部低功率管理辦法規定: 第十二條  經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更 頻率、加大功率或變更原設計之特性及功能。 第十四條  低功率射頻電機之?[...]

  • Page 6

    C OMPLIANCES – 6 – N OTE : The user must use the configurat ion utility provided wi th this product to ensure the channels of op eration are in conformance with the spectrum usage rules for European Communit y countries as described below . ◆ This devi ce requir es that the user or installer pr operly enter the current country of operation in[...]

  • Page 7

    C OMPLIANCES – 7 – O PERATION U SING 5 GH Z C HANNELS IN THE E UROPEAN C OMM UNI TY The user/installer must use the provided configur ation utility to check the current channel of operation and mak e necessary configurat ion changes to ensure operation occurs in conformance with European National spectrum usage laws as described below and els e[...]

  • Page 8

    C OMPLIANCES – 8 – Hungarian Magyar Alulírott, Edgecore nyilatkozom, hogy a Radi o LAN device megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. Italian Italiano Con la presente Edgecore dichiara che questo Radio LAN device è c onforme ai requisiti essenziali ed alle altre di sposizioni perti[...]

  • Page 9

    – 9 – A BOUT T HIS G UIDE P URPOSE This guide gi ves specific information on how to insta ll the 11n wirel ess access point and its ph ysical and perf ormance related char acteristics. It also gives information on how t o operat e and use the management functions of the access point. A UDIENCE This guide is intended for use by network administr[...]

  • Page 10

    – 10 – C ONTENTS C OMPLIANCES 3 A BOUT T HIS G UIDE 9 C ONTENTS 10 F IGURES 15 T ABLES 18 I NDEX OF CLI C OMMANDS 21 S ECTION I G ETTING S TARTED 24 1I NTRODUCTION 25 Key Hardware Features 25 Description of Capabilities 25 Package Contents 26 Hardware Description 27 Antennas 28 External Antenna Connectors 28 LED Indicators 30 Console Port 31 Et[...]

  • Page 11

    C ONTENTS – 11 – Location Selection 36 Mounting on a Horizontal Surface 37 Mounting on a Wall 38 Connecting and Powering On 39 4I NITIAL C ONFIGURATION 40 Connecting to the Login Page 40 Home Page and Main Menu 41 Common Web P age Buttons 42 Quick Start 43 Step 1 43 Step 2 44 Step 3 46 Main Menu Item s 47 S ECTION II W EB C ONFIGURATION 48 5S Y[...]

  • Page 12

    C ONTENTS – 12 – SNMP Trap Settings 65 View Access Control Model 66 SNMPv3 Users 67 SNMPv3 Targets 68 SNMPv3 Notification Filters 69 7A DVANCED S ETTINGS 71 Local Bridge Filter 71 Link Layer Discovery Protocol 72 Access Con trol Lists 74 Source Address Settings 74 Destination Address Settings 75 Ethernet Type 76 8W IRELESS S ETTINGS 77 Spanning[...]

  • Page 13

    C ONTENTS – 13 – AP Wireless Configuration 105 Station Status 105 Event Logs 106 S ECTION III C OMMAND L INE I NTERFACE 108 11 U SING THE C OMMAND L INE I NTERFACE 110 Console Connection 110 Telnet Connection 111 Entering Commands 112 Keywords and Arguments 112 Minimum Abbreviation 112 Command Completion 112 Getting Help on C ommands 112 Showin[...]

  • Page 14

    C ONTENTS – 14 – 22 F ILTERING C OMMANDS 175 23 S PANNING T REE C OMMANDS 180 24 WDS B RIDGE C OMMANDS 191 25 E THERNET I NTERFACE C OMMANDS 193 26 W IRELESS I NTERFACE C OMMAND S 198 27 W IRELESS S ECURITY C OMMANDS 212 28 L INK L AYER D ISCOVERY C OMMAND S 222 29 VLAN C OMMANDS 226 30 WMM C OMMANDS 229 S ECTION IV A PPENDICES 234 AT ROUBLESHO[...]

  • Page 15

    – 15 – F IGURES Figure 1: Top Panel 27 Figure 2: Rear Panel 27 Figure 3: Ports 28 Figure 4: External Antenna Connectors 29 Figure 5: Screw-off Exte rnal Antenna Connector - Close Up 29 Figure 6: LEDs 30 Figure 7: Infrastructure Wireless LAN 33 Figure 8: Infrastructure Wireless LAN for Ro aming Wireless PCs 34 Figure 9: Bridging Mo de 35 Figure [...]

  • Page 16

    F IGURES – 16 – Figure 32: SNMPv3 Targets 69 Figure 33: SNMP Notification F ilter 69 Figure 34: Local Bridge Filter 71 Figure 35: LLDP Settings 72 Figure 36: Source ACLs 74 Figure 37: Destination ACLs 75 Figure 38: Ethernet Type Filter 76 Figure 39: Spanning Tree Protoc ol 78 Figure 40: Local Authentication 81 Figure 41: RADIUS Authentication 8[...]

  • Page 17

    F IGURES – 17 – Figure 68: Straight Throug h Wiring 251 Figure 69: Crossover Wiring 252 Figure 70: RJ-45 Console 254[...]

  • Page 18

    – 18 – T ABLES Table 1: Key Hardware Features 25 Table 2: LED Behavior 30 Table 3: Logging Levels 59 Table 4: WMM Access Categories 94 Table 5: Command Modes 114 Table 6: Keystroke Commands 115 Table 7: General Commands 116 Table 8: System Management Commands 120 Table 9: Country Codes 121 Table 10: System Management Commands 135 Table 11: Logg[...]

  • Page 19

    T ABLES – 19 – Table 32: 1000BASE-T MDI and MDI-X Port Pinouts 253 Table 33: Console Port Pinouts 254[...]

  • Page 20

    T ABLES – 20 –[...]

  • Page 21

    – 21 – I NDE X OF CLI C OMMANDS N UMERICS 802.1x enable 169 802.1x session-timeout 170 A address filter default 171 address filter delete 172 address filt er entry 172 a-mpdu 199 a-msdu 200 apmgmgtui ssh enable 123 apmgmtip 128 apmgmtui http port 125 apmgmtui http server 125 apmgmtui http session-timeout 126 apmgmtui https port 126 apmgmtui htt[...]

  • Page 22

    I NDEX OF CLI C OMMANDS – 22 – M mac-authentication server 173 mac-authentication session-timeout 173 make-radius-effective 167 make-rf-setting-effective 203 make-security-effective 219 management-vlanid 227 P password 123 path-cost (STP Interface) 185 ping 118 pmksa-lifetime 219 port-priority (STP Interface) 186 preamble 203 prompt 122 R radiu[...]

  • Page 23

    I NDEX OF CLI C OMMANDS – 23 –[...]

  • Page 24

    – 24 – S ECTION I G ETTING S TAR TED This section provides an overview of the access point, and introduces some basic concepts about wireless networ ki ng. It also describes the basic settings required to acce ss the management interface. This section includes these chapters: ◆ “Introduction” on page 25 ◆ “Network T opologies” on pa[...]

  • Page 25

    – 25 – 1 I NTR ODUCTION The EAP8518 is an IEEE 802.11n access point (AP) that meets dr aft 2.0 standards. It is fully interoper able with older 802.11a/b/ g standards, providing a tr ansparent, wireles s high speed data communication between the wired LAN and fixed or mobile devices. The unit inc ludes three detachable dual-band 2.4/5 GHz ante [...]

  • Page 26

    C HAPTER 1 | Introduction Package Contents – 26 – initial configur ation and troubleshoot ing, and support for Simple Network Management tools. The EAP8518 utilises MIMO technology and Spatial Multiplexing to achiev e the highest possible data r ate and throughput on the 802.11n frequency . The unit’ s P oE RJ-45 port provides a 1 Gbps full-d[...]

  • Page 27

    C HAPTER 1 | Introduction Hardware Description – 27 – H AR D WARE D ESCRIPTION Figure 1: Top Panel Figure 2: Rear Panel LED Indicators Antennas DC Power Socket RJ-45 PoE Port Reset Button RJ-45 Console Port[...]

  • Page 28

    C HAPTER 1 | Introduction Hardware Description – 28 – Figure 3: Ports A NTENNAS The access point includes three integr ated external MIMO (multiple-in put and multiple-output) antennas. MI MO uses mul tiple antennas for transmit ting and receiving radio sign als to improv e data throughput and link r ange. Each antenna transmits th e outgoing s[...]

  • Page 29

    C HAPTER 1 | Introduction Hardware Description – 29 – Figure 4: External Antenna Conne ctors Figure 5: Screw-off Exte rnal Antenna Connector - Close Up[...]

  • Page 30

    C HAPTER 1 | Introduction Hardware Description – 30 – LED I NDICATOR S The access point includes four status LED indicators, as described i n the following figure and table. Figure 6: LEDs Table 2: LED Behavior LED Status Description LAN Off Ethernet RJ-45 has no valid link. Blue Ethernet RJ-45 has a 1000 Mbps link. Blinking indicates network a[...]

  • Page 31

    C HAPTER 1 | Introduction Hardware Description – 31 – C ONSOLE P ORT This port is used to connect a console device to the access point through a serial cable. The console device can be a PC or workstation running a VT - 100 terminal emulator , or a VT -100 terminal. A crossover RJ-45 to DB-9 cable is supplied with the unit for connecting to the[...]

  • Page 32

    – 32 – 2 N ETW ORK T OPOLOGIES Wireless ne tworks sup port a stand alone config uration as well as an integrated configur ation with 10/100/1000 Mbps Ethernet LANs. The EAP8518 also provides bri dging se rvices that can be configured independently on on any of the virtual AP (V AP) interfaces. Access points can be deplo yed to support wireless [...]

  • Page 33

    C HAPTER 2 | Network Topo logies Infrastructure Wireless LA N for Roaming Wireless PCs – 33 – The infrastructure configur ation extends the accessibilit y of wireless PCs to the wired LAN. A wireless infr astructure can be used for access to a centr al database, or for connection between mobile workers, as shown in the following figure. Figure [...]

  • Page 34

    C HAPTER 2 | Network Topo logies Infrastructure Wireless Bridge – 34 – wireless network cards and adapters an d wi reless access points within a specific ES S must be configured with the same S SID . Figure 8: Infrastructure Wirel ess LAN for Roaming Wireless PCs I NFRASTRUCTURE W IRELESS B RIDGE The IEEE 802.11 standard defines a Wireless Dist[...]

  • Page 35

    C HAPTER 2 | Network Topo logies Infrastructure Wireless Bridge – 35 – Figure 9: Bridging Mode WDS Links Between Access Points VA P 2 AP Mode VA P 1 AP Mode VA P 2 AP Mode VA P 1 AP Mode Network Core VA P 0 WDS-AP Mode VA P 1 WDS-AP Mode VA P 0 WDS-ST A Mode VA P 0 WDS-ST A Mode VA P 1 WDS-AP Mode VA P 0 WDS-ST A Mode[...]

  • Page 36

    – 36 – 3 I NSTALLING THE A CCESS P OINT This chapter describes how to install the access point. L OCATION S ELECTIO N Choose a proper place for t he access point. In gener al, the best location is at the center of your wirel ess cov era ge area, within line of sight of all wireless devices. T ry to place the acce ss point in a position that can[...]

  • Page 37

    C HAPTER 3 | Installing the Access Point Mounting on a Horizontal Surface – 37 – M OUNTING ON A H ORIZONTAL S URFACE T o keep the access point from slid ing on the surface, attach the four rubber feet provided in t he accessory kit to the mark ed circles on the bottom of the access point. Figure 10: Attach Feet[...]

  • Page 38

    C HAPTER 3 | Installing the Access Point Mounting on a Wall – 38 – M OUNTING ON A W ALL T o mount on a wall follow the instructions below . Figure 11: Wall Mounting The access point should be mounted onl y to a wall or wood surface that is at least 1/2-inch plywood or its equi valent. T o mount the access point on a wall, alwa ys use its wall-m[...]

  • Page 39

    C HAPTER 3 | Installing the Access Point Connecting and Powering On – 39 – C ONNECTING AND P OW E R I N G O N Connect the power adapter to t he access point, and the power cord to an AC power outlet. Otherwise, the access point can derive its oper ating power directl y from the RJ-45 port when connected to a device that provides IEEE 802.3af co[...]

  • Page 40

    – 40 – 4 I NITIAL C ONFIGURATION The EAP8518 offers a user-friendly we b-based management interface for the configurati on of all the uni t’s features. Any PC directly attached to the unit can ac cess the ma nagement inte rface using a web browser , such as Internet Explorer (version 6.0 or abov e) or Firefox (v ersion 2.0 or abov e). C ONNEC[...]

  • Page 41

    C HAPTER 4 | Initial Configuration Home Page and Main Menu – 41 – H OME P AGE AND M AIN M ENU After logging in to the web interfac e, the Home page displays. The Home page shows some basic settings for th e AP , including Coun try Code and the management access password. Figure 13: Home Page The web inte rface Main Menu menu prov ides acce ss t[...]

  • Page 42

    C HAPTER 4 | Initial Configuration Common Web Page Buttons – 42 – C AUTION : Y ou must set the country code t o the country of operation. Setting the country code restri cts operation of the access point to the r adio channels and tr ansmit power levels permitted for wireless networks in t he specif ied coun try . C OMMON W EB P AG E B UTTONS T[...]

  • Page 43

    C HAPTER 4 | Initial Configuration Quick Start – 43 – ◆ Logout – Ends the web management session. ◆ Save Config – Saves the current configur ation so that i t is retained after a restart. Q UIC K S TAR T The Quick Start menu is designed to he lp you configure the basic settings required to get the access point up an d running. Click ‘[...]

  • Page 44

    C HAPTER 4 | Initial Configuration Quick Start – 44 – ◆ Old Password — If the unit has b een configured with a password already , enter that password, otherwise enter the default password “admin. ” ◆ New Password — The password for management access. (Length: 5-32 char acters, case sensitive) ◆ Confirm New Password — Enter the p[...]

  • Page 45

    C HAPTER 4 | Initial Configuration Quick Start – 45 – The following items are displa yed on this page: DHCP ◆ DHCP Status — Enables/disables DHCP on the access point. (Default: disabled) ◆ IP Address — Specifies an IP address for management of t he access point. V alid IP addresses consist of four decimal numbers, 0 to 255, separated by[...]

  • Page 46

    C HAPTER 4 | Initial Configuration Quick Start – 46 – S TEP 3 The Step 3 page of the Quick Start configures radio interface settings. Figure 18: Quick Start - Step 3 The following items are displa yed on this page: I NTERFACE S ETTING ◆ WiFi Mode — Sets the mode of oper ation of the radio chip to 802.11n/g (2.4 GHz) or 802.11n/a (5 GHz). (D[...]

  • Page 47

    C HAPTER 4 | Initial Configuration Main Menu Items – 47 – ■ TKIP: TKIP is used as the multicast enc ryption cipher . ■ AES-CCMP: AES-CCMP is used as the multicast encryption cipher . AES-CCMP is the standard encrypti on cipher required for WP A2. A UTHENTI CATION ◆ 802.1x — Enables 802.1X authentication. (Default: Disabl ed) ◆ 802.1x [...]

  • Page 48

    – 48 – S ECTION II W EB C ONFIGURATION This section provides details on conf iguring the access point using the web browser interface. This section includes these chapters: ◆ “System Settings” on page 49 ◆ “Management Settings” on page 60 ◆ “ Advanced Settings” on page 71 ◆ “Wireless Settings” on page 77 ◆ “Maintenan[...]

  • Page 49

    – 49 – 5 S YSTEM S ETTINGS This chapter describes basic system setti ngs on the access point. It includes the following sections: ◆ “ Administration Settings” on page 50 ◆ “IP Address” on page 51 ◆ “RADIUS Settings” on page 52 ◆ “System Time” on page 54 ◆ “SpectraLi nk V oice Priorit y” on page 56 ◆ “VLAN Confi[...]

  • Page 50

    C HAPTER 5 | System Settings Administration Settings – 50 – A DMINISTRATION S ETTINGS The Administration Sett ings page config ures some b asic setti ngs for the AP , such as the system identifi cation name, the management access password, and the wireless operation Country Code. Figure 19: Administration The following items are displa yed on t[...]

  • Page 51

    C HAPTER 5 | System Settings IP Address – 51 – C AUTION : Y ou must set the country code t o the country of operation. Setting the country code restri cts operation of the access point to the r adio channels and tr ansmit power levels permitted for wireless networks in t he specif ied coun try . IP A DDRE SS Configuring the access po int with a[...]

  • Page 52

    C HAPTER 5 | System Settings RADIUS Settings – 52 – ◆ Default Gateway — The default g ateway is the IP address of the router for the access point, which is used if the request ed destination address is not on the local subnet. If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP addre[...]

  • Page 53

    C HAPTER 5 | System Settings RADIUS Settings – 53 – Figure 21: RADIUS Settings The following items are displa yed on the RADIUS Setti ngs page: ◆ RADIUS Status — Enables/disables the primary RADIUS server . ◆ IP Address — Specifies the IP addres s or host name of the RADIUS server . ◆ Port (1024-6553 5) — The UDP port number used by[...]

  • Page 54

    C HAPTER 5 | System Settings System Time – 54 – ◆ Port (1024-6553 5) — The UDP port number used by the RADIUS accounting server for authenti cation messages. (R ange: 1024-65535; Default: 1813) ◆ Key — A shared text st ring used to encrypt messages between t he access point and the RADIUS accounti ng server . Be sure that t he same text[...]

  • Page 55

    C HAPTER 5 | System Settings System Time – 55 – SNTP S ERVER S ETTINGS Configures the access poin t to oper ate as an SNTP client. When enabled, at least one time server IP address must be specified. ◆ SNTP Status — Enables/disables SNTP . (Default: enabled) ◆ Primary Server — The IP address of an SNTP or NTP time serv er that the acces[...]

  • Page 56

    C HAPTER 5 | System Settings SpectraLink Voice Priority – 56 – S PECTRA L INK V OICE P RIORITY SpectraLink V oice Priority (SVP) is a voice priori ty mechanism for WLANs. SVP is an open, str aightforward QoS approach that has been adopted by most leading vendors of WLAN APs. SVP favors isochronous voice packets over asynchronous d ata packets w[...]

  • Page 57

    C HAPTER 5 | System Settings VLAN Configuration – 57 – ◆ When VLAN support is enab led on th e access point, traff ic passed to the wired network is tagged with the appropriate VLAN ID , either a V AP default VLAN ID, or the management VLAN ID . T raffic receiv ed from the wired network must also be tagged wi th one of these known VLAN IDs. R[...]

  • Page 58

    C HAPTER 5 | System Settings System Logs – 58 – S YSTEM L OGS The access point can be configured to send ev ent and error messages to a System Log Serv er . The system clock can also be synchronized with a time server , so that all the messages sent to the Sy slog server are stamped with the correct time and date. Figure 25: System Log Settings[...]

  • Page 59

    C HAPTER 5 | System Settings Quick Star t Wizard – 59 – ◆ Logging Level — Sets the minimum severity lev el for event logging. (Default: Debug) The system allows you to l imit the messages that are logg ed by specifying a minimum severity level. The following table lists the error message levels from the most seve re (Emergency) to least sev[...]

  • Page 60

    – 60 – 6 M ANA G EMENT S ETTINGS This chapter describes management acce ss settings on the access point. It includes the following sections: ◆ “Remot e Management Settings” on page 60 ◆ “ Access Limitation” on page 62 ◆ “Simple Network Management Protocol” on page 63 R EMOTE M ANAGEMENT S ETTINGS The W eb, T elnet, and SNMP ma[...]

  • Page 61

    C HAPTER 6 | Management Settings Remote Management Settings – 61 – ◆ The client and serv er generate session keys for encrypting and decrypting data. ◆ The client and serv er establish a secure encrypted connection. ◆ A padlock icon should appear in th e status bar for Internet Expl orer . Figure 26: Remote Management The following items [...]

  • Page 62

    C HAPTER 6 | Management Settings Access Limitation – 62 – ◆ HTTPS Server — Enables/disables management access fr om a HT TPS server . (Default: enabled) ◆ HTTPS Port — Specifies the HT TPS port for secure IP connectivity . (Default: 443; R ange 1024-65535) ◆ SNMP Access — Enables/disables manage ment acc ess from SNMP interfaces. (D[...]

  • Page 63

    C HAPTER 6 | Management Settings Simple Network Management Protocol – 63 – ◆ Subnet Mask — Specifies the subnet mask in the form 255.255.255.x R ESTRICT M ANA GEMENT ◆ Enable/Disable — Enables/disables manage ment of the device by a wireless client. (Default: disabled) S IMPLE N ETWORK M ANA GEMENT P RO T O C O L Simple Network Manageme[...]

  • Page 64

    C HAPTER 6 | Management Settings Simple Network Management Protocol – 64 – Figure 28: SNMP Basic Set tings The following items are displa yed on this page: ◆ SNMP — Enables or disables SNMP management access and also enables the access point to s end SNMP traps ( notifications). (Default: Disable) ◆ System Location — A text string that [...]

  • Page 65

    C HAPTER 6 | Management Settings Simple Network Management Protocol – 65 – SNMP T RAP S ETTINGS T r aps indicating status changes are issued by the AP to speci fied trap managers. Y ou must specify tr ap managers so that ke y events are reported by the AP to your management station (using network management platforms). Figure 29: SNMP Trap Set [...]

  • Page 66

    C HAPTER 6 | Management Settings Simple Network Management Protocol – 66 – V IEW A CCESS C ONTR OL M ODEL T o configure SNMPv3 management access to the AP , follow these st eps: 1. Specify read and write access views for the AP MIB tree. 2. Configure SNMP user groups with th e required security model (that is, SNMP v1, v2c, or v3) and security [...]

  • Page 67

    C HAPTER 6 | Management Settings Simple Network Management Protocol – 67 – to the subtree “1.3.6.1.2.1.2.2.1.1.2 3, ” the zero corresponds to the 10th subtree ID. When there are more subtree IDs than bits in the mask, the mask is padded with ones. ◆ View List – Shows the currently config ured object identifiers of branches within the MI[...]

  • Page 68

    C HAPTER 6 | Management Settings Simple Network Management Protocol – 68 – The following items are displa yed on this page: ◆ User Name — The SNMPv3 user name. (32 char acters maximu m) ◆ Group — The SNMPv3 group name. ◆ Auth Type — The au thentication type us ed for the SNMP user ; either MD5 or none. When MD5 is sele cted, enter a[...]

  • Page 69

    C HAPTER 6 | Management Settings Simple Network Management Protocol – 69 – Figure 32: SNMPv3 Targets The following items are displa yed on this page: ◆ Target ID — A user-defined name that identifies a receiver of notifications. (Maxi mum length: 32 char acters) ◆ IP Address — Specifies the IP address of the receiving management station[...]

  • Page 70

    C HAPTER 6 | Management Settings Simple Network Management Protocol – 70 – The following items are displa yed on this page: ◆ Filter ID — A user -defined name that identifies the filter . (Maximum length: 32 characters) ◆ Subtree — Specifies MIB subtree to be fi ltered. The MIB subtree must be defined in th e form “.1.3.6. 1” and al[...]

  • Page 71

    – 71 – 7 A D V ANCED S ETTINGS This chapter describes adv anced settings on the access point. It includes the following sections: ◆ “Local Bridge Filter” on page 71 ◆ “Link Layer Discovery Protocol” on page 72 ◆ “ Access Control Lists” on page 74 L OCAL B RIDGE F ILTER The access point can employ network tr affic frame filteri[...]

  • Page 72

    C HAPTER 7 | Advanced Settings Link Layer Discovery Protocol – 72 – ◆ Prevent Inter and Intra VAP client communication — Whe n enabled, c lients can not estab lish wire less com municatio ns with any other client, either thos e associated to the same V AP interface or any other V AP interface. L INK L AYE R D ISCOVERY P RO T O C O L This pa[...]

  • Page 73

    C HAPTER 7 | Advanced Setting s Link Layer Discovery Protocol – 73 – ◆ Message Transmission Interval (seconds) — Configures the periodic tr ansmit interv al for LLDP advertisement s. (Range: 5-32768 seconds; Default: 30 seconds) This attribute must comply with t he following rule: (T ransmission Interval * Hold Time) ≤ 65536, and T ransmi[...]

  • Page 74

    C HAPTER 7 | Advanced Settings Access Control Lists – 74 – A CCESS C ONTR OL L ISTS Access Control Lists allow you to configure a list of wireless clie nt MAC addresses that are not authorized to access the network. A database of MAC addresses can be conf igured locally on the access point. S OUR CE A DDR ES S S ETTINGS The ACL Source Address S[...]

  • Page 75

    C HAPTER 7 | Advanced Setting s Access Control Lists – 75 – D ESTINATION A DDR ES S S ETTINGS The ACL Destination Address Settings page enables tr affic filtering b ased on the destination MAC address i n the data frame. Figure 37: Destination ACLs The following items are displa yed on this page: ◆ DA Status — Enables network traff ic with [...]

  • Page 76

    C HAPTER 7 | Advanced Settings Access Control Lists – 76 – E THERNET T YPE The Ether net T ype Filter controls ch ecks on the Ethernet type of all incoming and outgoing Ethernet pack ets against the protocol filtering table. (Default: Disabled) Figure 38: Ethernet Type Filter The following items are displa yed on this page: ◆ Disabled — Acc[...]

  • Page 77

    – 77 – 8 W IRELESS S ETTINGS This chapter describes wireless settings on the access point. It includes the following sections: ◆ “Spanning T ree Protocol (STP)” on page 77 ◆ “ Authentication” on page 80 ◆ “Radio Settings” on page 84 ◆ “Virtual Access P oints (V APs)” on page 87 ◆ “Quality of Service (QoS)” on page [...]

  • Page 78

    C HAPTER 8 | Wireless Settings Spanning Tree Protocol (STP) – 78 – Figure 39: Spanning Tree Protocol B RIDGE Sets STP bridge link par ameters. The following items are displa yed on the STP page: ◆ Spanning Tree Protcol — Enables/disables STP on the AP . (Default: Enabled) ◆ Priority — Used in selecti ng the root device, root port , and [...]

  • Page 79

    C HAPTER 8 | Wireless Settings Spanning Tree Protocol (STP) – 79 – from among the device ports attached to t he network. (Default: 20 seconds; R ange: 6-40 seconds) Minimum: The higher of 6 or [2 x ( Hello Time + 1)]. Maximum: The lower of 40 or [2 x (F orward Delay - 1)] ◆ Hello Time — Interval ( in seconds) at which the root device t rans[...]

  • Page 80

    C HAPTER 8 | Wireless Settings Authentication – 80 – ◆ Link Port Priority — Defines the priorit y used for this port in the Spanning T ree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e. , lowest value) will be configured as an active link in th e spanning tree. This make s a port [...]

  • Page 81

    C HAPTER 8 | Wireless Settings Authentication – 81 – Figure 40: Local Authen tication The following items are displa yed on Authentication page: MAC Authentication — Sel ects between, disabled , Local MAC authentication and RA DIUS authentication. ◆ Local MAC — The MAC address of the asso ci ating station is compared against the local dat[...]

  • Page 82

    C HAPTER 8 | Wireless Settings Authentication – 82 – ◆ MAC Authentication Table — Displa ys current entries in the local MAC database. RADIUS MA C A UTHENTIC ATION The MAC address of the associat ing station is sent to a config ured RADIUS server for authentication. When using a RADIUS auth entication s erver for MAC address authentication,[...]

  • Page 83

    C HAPTER 8 | Wireless Settings Interface Mode – 83 – I NTERFACE M OD E The access point can operate in tw o modes, IEEE 80 2.11a/n only , or 802.11g/n only . Also note that 802.11g is backw ard compatible with 802.11b, oper ating in the 2.4 GHz b and. The 802.11a/n mode oper ates in the 5 GHz band. N OTE : The EAP8518 radio can oper ate in 2.4 [...]

  • Page 84

    C HAPTER 8 | Wireless Settings Radio Settings – 84 – R ADIO S ETTINGS The IEEE 802.11n interfaces include configur ation options for r adio signal characteristics and wirel ess security features. The access point can oper ate in two modes, mix ed 802.11g/n (2.4 GHz), or mixed 802.11a/n (5 GHz). Note that the r adio cannot not oper ate at 2.4 GH[...]

  • Page 85

    C HAPTER 8 | Wireless Settings Radio Settings – 85 – The following items are displa yed on this page: ◆ High Throug hput Mode — The access point provides a channel bandwidth of 20 MHz by default giving an 802.11g connection speed of 54 Mbps and a 802.11n connection speed of up to 108 Mbps, and ensures backward compliance for slower 802. 11b[...]

  • Page 86

    C HAPTER 8 | Wireless Settings Radio Settings – 86 – ◆ Preamble Length — The r adio preamble (som etimes called a header ) is a section of data at the head of a packet that contains information that the wireles s device and clie nt devi ces need when sending and receiving packets. Y ou can set the radio preamble to l ong or short. A short p[...]

  • Page 87

    C HAPTER 8 | Wireless Settings Virtual Access Points (VAPs) – 87 – ◆ Aggregate MAC Protocol Data Unit (A-MPDU) — Enables / disables the sending of this four fr ame packet header for statistical purposes. (Default: Enabled) ◆ A-MPDU Length Limit (1024-65535) — Defines the A-MPDU length. (Default: 65535 bytes; Range: 1024-65535 bytes) ◆[...]

  • Page 88

    C HAPTER 8 | Wireless Settings Virtual Access Points (VAPs) – 88 – The following items are displa yed on this page: ◆ VAP Number — The number associated with the VAP , 0-7. ◆ SSID — The name of the basic service set provid ed by a V AP interface. Clients that wa nt to connect to th e network through the access point must set thei r SSID[...]

  • Page 89

    C HAPTER 8 | Wireless Settings Virtual Access Points (VAPs) – 89 – ◆ Mode — Selects the mode in wh ich the V AP will function. ■ AP Mode : The V AP provides services to client s as a normal access point. ■ WDS-AP Mode : The V AP oper ates as an access point in WDS mode, which accepts connections from client stations in WDS-ST A mode. ?[...]

  • Page 90

    C HAPTER 8 | Wireless Settings Virtual Access Points (VAPs) – 90 – The following items are displa yed in the V AP Basic Settings when WDS-AP mode is selected: ◆ WDS-AP (Parent) SSID — The SSID of the VAP on the connecting access point that is set to WDS- AP mode. ◆ WDS-AP (Parent) MAC — The MAC addr ess of the VAP on the connecting acce[...]

  • Page 91

    C HAPTER 8 | Wireless Settings Virtual Access Points (VAPs) – 91 – to configure and maintain a RADIUS server , WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared K ey mode uses a common password for user authen tication that is manu ally entered on the access point and all wireless clien[...]

  • Page 92

    C HAPTER 8 | Wireless Settings Virtual Access Points (VAPs) – 92 – RADIUS server , the client remains co nnected the network. Only if re- authentication fails is networ k access block ed. (R ange: 0-65535 seconds; Default: 0 means disabled) W IRED E QUIVALENT P RIVACY (WEP) WEP provides a basic lev el of security , preventing unauthorized acces[...]

  • Page 93

    C HAPTER 8 | Wireless Settings Quality of Service (QoS) – 93 – The following items are on this page for WEP configurat ion: ◆ Default WEP Key Index – Selects the key number to use for encryption for the V AP interface. If the clients have all four WEP k eys configured to the same values, y ou can change the encryption k ey to any of the set[...]

  • Page 94

    C HAPTER 8 | Wireless Settings Quality of Service (QoS) – 94 – 802.1D priorities is speci fically intended to facilitate inter oper ability with other wired network QoS policies. Whil e the four ACs are specified for specific ty pes of traff ic, WMM allows th e priority levels to be configured to match any network -wide QoS policy . WMM also sp[...]

  • Page 95

    C HAPTER 8 | Wireless Settings Quality of Service (QoS) – 95 – Figure 49: WMM Backoff Wait Times For high-priority tr affic, the AIFSN an d CW v alues are smaller . The smaller va lues equate to less bac koff and wa it time, and therefore more t ransmit opportunities. Figure 50: QoS AIFS Random Backoff AIFS Random Backoff CWMin CWM ax CWMin CWM[...]

  • Page 96

    C HAPTER 8 | Wireless Settings Quality of Service (QoS) – 96 – The following items are displa yed on this page: ◆ WMM — Sets the WMM operational mode on the access point. When enabled, the parameters for each AC queue will be employed on the access point and QoS capabi lities are advertised to WMM-enabled clients. (Default: Dis abled) ■ D[...]

  • Page 97

    C HAPTER 8 | Wireless Settings Quality of Service (QoS) – 97 – ■ Admission Control : The admission control mode for the access category . When enabled, clients are blocked from using the access category . (Default: Disabled) ◆ Set WMM — Applies the new parameters and sa ves them to RAM memory . Also prompts a screen to inform you when it [...]

  • Page 98

    – 98 – 9 M AINTENANCE S ETTINGS Maintenance settings incl udes the following sections: ◆ “Upgrading Firmw are” on page 98 ◆ “Runni ng Configur ation” on page 101 ◆ “Resetti ng the Access Poi nt” on page 102 U PGRADING F IRMWARE Y ou can upgrade new access point soft ware from a local fil e on the management workstation, or fro[...]

  • Page 99

    C HAPTER 9 | Maintenance Settings Upgrading Firmware – 99 – Figure 51: Firmware The following items are displa yed on this page: ◆ Firmware Version — Di splays what ve rsion of software is being used as a runtime image - “ Active” , and what version is a backup image - “Backup” . Y ou may specify up to two images. ◆ Next Boot Imag[...]

  • Page 100

    C HAPTER 9 | Maintenance Settings Upgrading Firmware – 100 – ◆ Remote — Downloads an operation code image file from a specified remote FTP or TF TP server . After filling in the following fields, click Start Upgrade to proc eed. ■ New Firmware File : Specifies the name of the code file on t he server . The new firmware file name should no[...]

  • Page 101

    C HAPTER 9 | Maintenance Settings Running Config uration – 101 – R UNNING C ONFIGURATION A copy of a previous running configur ation ma y be uploaded to the access point as a sav ed file from a remote location, or the current configur ation saved and stored f or restoration purposes at a later point. A configur ation file may be sav ed or downl[...]

  • Page 102

    C HAPTER 9 | Maintenance Settings Resetting the Access Point – 102 – ◆ IP Address — IP address or host name of FTP or TFTP server . ◆ Username — The user ID used for login on an FTP server . ◆ Password — The password used for logi n on an FTP server . ◆ Start Import/Export — Initiates the selected backup or restore. ◆ Restore [...]

  • Page 103

    – 103 – 10 S TATUS I NF ORMATION The Information menu displays in formation on the current system configurati on, the wireless interface, the st ation status and system logs. Status Information includes t he following sections: ◆ “ AP Status” on page 103 ◆ “Station Status” on page 105 ◆ “Event Logs” on page 106 AP S TATUS The [...]

  • Page 104

    C HAPTER 10 | Status Information AP Status – 104 – The following items are displa yed on this page: ◆ Serial Number — The serial number of the ph ysical access point. ◆ System Up Time — Length of time the management agent has been up. ◆ Ethernet MAC Address — The physical layer address for the Ethernet port. ◆ Radio 0 MAC Address [...]

  • Page 105

    C HAPTER 10 | Status Information Station Status – 105 – AP W IRELESS C ONFIGURATION The AP Wireless Configur ation displays the V AP interface settings. Figure 55: AP Wir eless Configur ation The following items are displa yed on this page: ◆ VAP — Displays the V AP numb er . ◆ SSID — The service set identifier fo r the VAP interface. ?[...]

  • Page 106

    C HAPTER 10 | Status Information Event Logs – 106 – E VENT L OGS The Event Logs wi ndow shows the lo g messages gener ated by the access point and stored in memory . Figure 57: Event Logs The following items are displa yed on this page: ◆ Display Event Log — Selects the log entries to disp lay . Up to 20 log messages can be displayed at one[...]

  • Page 107

    C HAPTER 10 | Status Information Event Logs – 107 –[...]

  • Page 108

    – 108 – S ECTION III C OMMAND L INE I NTERFACE This section provides a d etailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: ◆ “Using the Command Line Interface” on page 110 ◆ “General Commands” on page 116 ◆ “System Management Commands” on page [...]

  • Page 109

    S ECTION | Command Line Interface – 109 – ◆ “VLAN Commands” on page 226 ◆ “WMM Commands” on page 229[...]

  • Page 110

    – 110 – 11 U SING THE C OMMAND L INE I NTERFACE When accessing the management interfac e for the over a direct connection to the console port, or via a T elnet connection, the access point can be managed by enteri ng command ke ywor ds and par ameters at the prompt. Using the access point’ s command-line i nterface (CLI) is very similar to en[...]

  • Page 111

    C HAPTER 11 | Using the Command Line Interface Telnet Connection – 111 – T ELNET C ONNECTION T elnet operates over the IP transport protocol. In this en vironment, your management station and any network device y ou want to manage o ver the network must have a valid IP address. V alid IP addresse s consist of four numbers, 0 to 255, separ ated [...]

  • Page 112

    C HAPTER 11 | Using the Command L ine Interface Entering Commands – 112 – E NTERING C OMMANDS This section describes how t o enter CLI commands. K EYWO RDS AND A RGU M E NT S A CLI command is a series of keywords and arguments. K eywords identify a command, and arguments specify configurati on parameters. F or example, in the command “s how i[...]

  • Page 113

    C HAPTER 11 | Using the Command Line Interface Entering Commands – 113 – filters Show filters. interface Show interface information. line TTY line information. lldp Show lldp parameters. logging Show the logging buffers. radius Show radius server. snmp Show snmp configuration. sntp Show sntp configuration. station Show 802.11 station table. svp[...]

  • Page 114

    C HAPTER 11 | Using the Command L ine Interface Entering Commands – 114 – list of the commands av ailable for th e current mode. The command classes and associated modes are disp layed in the foll owing table: E XEC C OMMANDS When you open a new console session on an access point, the system enters Exec command mode. Onl y a lim ited number of [...]

  • Page 115

    C HAPTER 11 | Using the Command Line Interface Entering Commands – 115 – T o enter Interface mode, you must enter the “ interface ethernet ” while in Global Configur ation mode. The system prompt will change t o “ AP(if-ethernet)#, ” or “ AP(if -wireless 0)” indicating that you hav e access privileges to the associated commands . Y [...]

  • Page 116

    – 116 – 12 G ENERAL C OMMANDS This chapter details gener al commands that apply t o the CLI. configure This command activ ates Global Configur ation mode. Y ou must enter this mode to modify most of the settings on the access point. Y ou must also enter Global Configurati on mode prio r to enabling the context modes for Interface Configuration.[...]

  • Page 117

    C HAPTER 12 | General Commands – 117 – end This command returns to the previous configur ation mode. D EFAULT S ETTING None C OMMAND M ODE Global Configuration, Interface Configur ation E XAMPLE This example shows how to return to the Configuration mode from the Interface Configuration mode: AP(if-ethernet)#end AP(config)# exit This command ret[...]

  • Page 118

    C HAPTER 12 | General Commands – 118 – C OMMAND M ODE Exec E XAMPLE The following example di sables th e CLI timeout. AP(config)# cli-session-timeout disable AP(config)# ping This command sends ICMP echo request packets to another node on the network. S YNTAX ping < host_name | ip_address > host_name - Alias of t he host. ip_address - IP [...]

  • Page 119

    C HAPTER 12 | General Commands – 119 – reset This command restarts the system or restores the factory default s ettings. S YNTAX reset < board | configuration > board - Reboots the system. configuration - R esets the configur ation settings to the fac tory defaults, and then reboots the system. D EFAULT S ETTING None C OMMAND M ODE Exec C[...]

  • Page 120

    – 120 – 13 S YSTEM M ANA G EMENT C OMMANDS These commands are used to configure the password, system logs, browser management options, clock sett ings, and a variety of other system information. Table 8: System Management Commands Command Function Mode Page country Sets the access poin t country code Exec 121 prompt Customizes the command line [...]

  • Page 121

    C HAPTER 13 | System Management Commands – 121 – country This command configures the access point’ s country code, whi ch identifies the country of operation and sets the authorized radio channels. S YNTAX country < countr y_code > country_code - A two char acter code that identifies the country of operation. See t he following table fo[...]

  • Page 122

    C HAPTER 13 | System Management Commands – 122 – D EFAULT S ETTING US - for units s old in th e United States 99 (no country set) - for unit s sold in other countries C OMMAND M ODE Exec C OMMAND U SAGE ◆ If you purchased an access point ou tside of the United States, the country code must be s et before radi o functions are enabled. ◆ The [...]

  • Page 123

    C HAPTER 13 | System Management Commands – 123 – D EFAULT S ETTING Enterprise AP C OMMAND M ODE Global Configuration E XAMPLE AP(config)#system name AP AP(config)# passw or d After initially logging onto the sy stem, y ou should set the pa ssword. Remember to record it in a safe place. S YNTAX password < password > password - P assword fo[...]

  • Page 124

    C HAPTER 13 | System Management Commands – 124 – ◆ After boot up, the S SH server need s about two minutes to ge nerate host encryption keys. The SSH server is disabled while the keys are being generated. The show sys tem command displays the status of the SSH server . E XAMPLE AP(config)# apmgmtui ssh enable AP(config)# apmgmtui ssh port Thi[...]

  • Page 125

    C HAPTER 13 | System Management Commands – 125 – apmgmtui http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. S YNTAX apmgmtui http port < port-number > no apmgmtui http po rt port-number - The TCP port to be used by the browser interface. (Rang e: 80 or 1024-655[...]

  • Page 126

    C HAPTER 13 | System Management Commands – 126 – apmgmtui http session-timeout This command sets the web browser timeout limit. S YNTAX apmgmtui http session-timeout < seco nds > seconds - The web session timeout. (R ange: 0-1800 seconds, 0 means disabled) D EFAULT S ETTING 1800 seconds C OMMAND M ODE Global Configuration E XAMPLE AP(conf[...]

  • Page 127

    C HAPTER 13 | System Management Commands – 127 – E XAMPLE AP(config)# apmgmtui https port 1234 AP(config)# apmgmtui https server Use this co mmand to enab le the se cure hypertext tr ansfer protocol (HT TPS) over the Secure Socket Layer ( SSL), prov iding secure access (that is, an encrypted connecti on) to the access point’ s web interf ace.[...]

  • Page 128

    C HAPTER 13 | System Management Commands – 128 – apmgmtui snmp This command enables and disables SNMP management access to the AP . S YNTAX apmgmt ui snmp [ enable | disable ] enable - Enables SNMP management access. disable - Disabl es SNMP mana gement acce ss. D EFAULT S ETTING Enabled C OMMAND M ODE Global Configuration E XAMPLE AP(config)# [...]

  • Page 129

    C HAPTER 13 | System Management Commands – 129 – C OMMAND U SAGE ◆ If anyone trie s to access a manageme nt interface on the access point from an inv alid address, the unit w ill reject t he conn ection, enter an event message in the system log, an d send a trap message to the tr ap manager . ◆ Management access applies to SNMP , HTT P (web[...]

  • Page 130

    C HAPTER 13 | System Management Commands – 130 – System Contact : System Country Code : US - United States MAC Address : 00:22:2d:4d:7b:80 Radio 0 MAC Address : 00:22:2d:4d:7b:81: IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.254 VLAN Status : Disable Management VLAN ID(AP): 1 DHCP Client : static HTTP Access [...]

  • Page 131

    C HAPTER 13 | System Management Commands – 131 – Address Filtering : ALLOWED System Default : ALLOW addresses not found in filter table. Filter Table ----------------------------------------------------------- No Filter Entries. Bootfile Information =================================== Bootfile : ec-img.bin =================================== Pr[...]

  • Page 132

    C HAPTER 13 | System Management Commands – 132 – Key 1: EMPTY Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Key Length : Key 1: ZERO Key 2: ZERO Key 3: ZERO Key 4: ZERO Authentication Type : OPEN Rogue AP Detection : Disabled Rogue AP Scan Interval : 720 minutes Rogue AP Scan Duration : 350 milliseconds ================================================[...]

  • Page 133

    C HAPTER 13 | System Management Commands – 133 – 2: 0.0.0.0, Community: *****, State: Disabled 3: 0.0.0.0, Community: *****, State: Disabled 4: 0.0.0.0, Community: *****, State: Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled d[...]

  • Page 134

    C HAPTER 13 | System Management Commands – 134 – Boot Rom Version : v3.0.7 Software Version : v4.3.2.2 SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLED WEB Redirect : DISABLED DHCP Relay : DISABLED ============================================================== Version Information ========================================= Versio[...]

  • Page 135

    – 135 – 14 S YSTEM L OG GING C OMMANDS These commands are used to configure sys tem logging on the access point. logging on This command controls loggi ng of e rror messages; i.e. , sending debug or error messages to me mory . The no form disables the logging process. S YNTAX [ no ] logging on D EFAULT S ETTING Disabled C OMMAND M ODE Global Co[...]

  • Page 136

    C HAPTER 14 | System Logging Comman ds – 136 – logging host This command specifies syslog servers host that will receive logging messages. Use the no form to remove syslog server host. S YNTAX logging host < 1 | 2 | 3 | 4 > < host_name | host _ip_address > [ udp_port ] no logging host < 1 | 2 | 3 | 4 > 1 - First syslog server [...]

  • Page 137

    C HAPTER 14 | System Logging Commands – 137 – logging le vel This command sets the minimum sev erity level for ev ent logging. S YNTAX logging level < Emerge ncy | Alert | Critical | Error | Warnin g | Notice | Informational | Debug > D EFAULT S ETTING Informational C OMMAND M ODE Global Configuration C OMMAND U SAGE Messages sent include[...]

  • Page 138

    C HAPTER 14 | System Logging Comman ds – 138 – show log ging This command displays t he logging configur ation. S YNTAX show logging C OMMAND M ODE Exec E XAMPLE AP#show logging Logging Information ===================================================== Syslog State : ENABLE Logging Console State : DISABLE Logging Level : Debug Servers 1: 10.7.16[...]

  • Page 139

    – 139 – 15 S YSTEM C LOC K C OMMANDS These commands are used to configure SNTP and system clock settings on the access point. sntp-server ip This command sets the IP address of the servers to which SNTP time requests are issued. Use the this command with no arguments t o clear all time servers from the current list. S YNTAX sntp-server ip < [...]

  • Page 140

    C HAPTER 15 | System Clock Commands – 140 – E XAMPLE AP(config)#sntp-server ip 1 10.1.0.19 AP# R ELATED C OMMANDS sntp-server enabled show sntp sntp-server enabled This co mmand ena bles SNTP client request s for time syn chronization with NTP or SNTP time servers sp ecified by the sntp-server ip command. Use the no form to disable SNTP client [...]

  • Page 141

    C HAPTER 15 | System Clock Commands – 141 – minute - Sets the mi nute. (R ange: 0-59) D EFAULT S ETTING 00:14:00, January 1, 1970 C OMMAND M ODE Global Configuration E XAMPLE This example sets the system clock to 12:10 April 27, 2009. AP(config)# sntp-server date-time 2009 4 27 12 10 AP(config)# R ELATED C OMMANDS sntp-server enabled sntp-serve[...]

  • Page 142

    C HAPTER 15 | System Clock Commands – 142 – E XAMPLE This sets daylig ht savings time to be used from the Sunday in the fourth week of April, to the Sunday in the fourt h week of October . AP(config)# sntp-server daylight-saving date-week 4 4 0 10 4 0 AP(config)# sntp-server timezone This command sets the time zone fo r the access point’s int[...]

  • Page 143

    C HAPTER 15 | System Clock Commands – 143 – Time Zone : (GMT+08) Hong Kong, Perth, Singapore, Taipei Daylight Saving : DISABLED Daylight Saving Time : From MAR, Fourth Week, Wednesday To NOV, Last Week, Sunday =========================================================== AP#[...]

  • Page 144

    – 144 – 16 DHCP R ELA Y C OMMANDS Dynamic Host Configuration Protocol (D HCP) can dynamically allocate an IP address and other configuration in formation to network clients that broadcast a request. T o receive the broadcast request, the DHCP server would normally have to be on the same subnet as the client. Howev er , when the access point’ [...]

  • Page 145

    C HAPTER 16 | DHCP Relay C ommands – 145 – R ELATED C OMMANDS show interface wireless[...]

  • Page 146

    – 146 – 17 SNMP C OMMANDS Controls access to this access point from management stations using the Simple Network M anagement Protocol (SNMP), as well as the hosts that will receive tr ap messages. Table 14: SNMP Commands Command Function Mode Page snmp-server community Sets up the co mmunity access string to permit access to SNMP comm ands GC 1[...]

  • Page 147

    C HAPTER 17 | SNMP Commands – 147 – snmp-server comm unity This command defines the communit y a ccess string for the Simple Network Management Protocol. Use the no form to remove the s pecifie d commun ity string. S YNTAX snmp-server community string [ ro | rw ] no snmp-server commun ity string string - Community string that acts like a passwo[...]

  • Page 148

    C HAPTER 17 | SNMP Comm ands – 148 – C OMMAND M ODE Global Configuration E XAMPLE AP(config)#snmp-server contact Paul AP(config)# R ELATED C OMMANDS snmp-server location snmp-server location This command sets the system location st ring. Use the no form t o re move the location string. S YNTAX snmp-server location < text > no snmp-server [...]

  • Page 149

    C HAPTER 17 | SNMP Commands – 149 – C OMMAND U SAGE ◆ This command enables both authenti cation failure notifications and link -up-down notifications. ◆ The snmp-server host command specifies the host device that will receive SNMP notificati ons. E XAMPLE AP(config)#snmp-server enable server AP(config)# R ELATED C OMMANDS snmp-server host s[...]

  • Page 150

    C HAPTER 17 | SNMP Comm ands – 150 – snmp-server trap This command enabl es the access poin t to send sp ecific SNMP tr aps (i.e. , notifications). Use t he no form to disable specific trap messages. S YNTAX snmp-server trap < trap> no snmp-server trap < trap> trap - One of the following SNMP trap messages: dot11InterfaceAGFail - Th[...]

  • Page 151

    C HAPTER 17 | SNMP Commands – 151 – sntpServerFail - The access p oint has failed to set the time from the configured SNTP server . sysConfigFileVersionChanged - The access point’s configur ation file has been changed . sysRadiusServerChanged - The access point has changed from the primary RADIUS se rver to the second ary , or from the second[...]

  • Page 152

    C HAPTER 17 | SNMP Comm ands – 152 – C OMMAND M ODE Global Configuration C OMMAND U SAGE ◆ The access point allows multiple noti fi cation filters to b e created. Each filter can be defined by up to 20 MIB subtree ID entries. ◆ Use the command more than once with the same filter ID to build a fi l te r t h at i n cl u d e s o r e xc l u de [...]

  • Page 153

    C HAPTER 17 | SNMP Commands – 153 – password for authentication and a DES key/ password for encryption. read-view - The name of a defined S N MPv3 view for read access. write-view - The name of a defined SNMPv 3 view for write access. D EFAULT S ETTING None C OMMAND M ODE Global Configuration C OMMAND U SAGE ◆ The access point allows multiple[...]

  • Page 154

    C HAPTER 17 | SNMP Comm ands – 154 – D EFAULT S ETTING None C OMMAND M ODE Global Configuration C OMMAND U SAGE ◆ Multiple SNMPv3 users can be configured on the access point. ◆ Users must be assigned to groups that have the same securit y levels. If a user who has “A uthPriv” secu rity (use s authentica tion and encryption) is assigned [...]

  • Page 155

    C HAPTER 17 | SNMP Commands – 155 – ◆ The SNMP v3 user name that is spec ified in th e target must firs t be configured using the snmp-server user command. E XAMPLE AP(config)#snmp-server target tarname 192.168.1.33 chris 1234 AP(config)# snmp-server filter This command configures SNMP v3 notification filters . Use the no form to delete an SN[...]

  • Page 156

    C HAPTER 17 | SNMP Comm ands – 156 – show snmp user s This command displa ys the SNMP v3 users and settings. S YNTAX show snmp users C OMMAND M ODE Exec E XAMPLE AP# show snmp users User List: ================================== UserName : chris GroupName : testgroup AuthType : None PrivType : None UserName : david GroupName : group2 AuthType : [...]

  • Page 157

    C HAPTER 17 | SNMP Commands – 157 – show snmp filter T his command displays t he SNMP v3 notification fil ter settings. S YNTAX show snmp filter [ filter-id ] filter-id - A user -defined name that ident ifies an SNMP v3 notificat ion filter . (Maxim um length : 32 characters) C OMMAND M ODE Exec E XAMPLE AP# show snmp filter Filter List: ======[...]

  • Page 158

    C HAPTER 17 | SNMP Comm ands – 158 – systemUp: Disabled systemDown: Disabled ========================================================================== AP# show snmp v acm vie w This command displa ys the configured SNMP v3 views. S YNTAX show snmp vacm view [ view-nam e ] view-name - The name of a user-defined SNMPv3 view. C OMMAND M ODE Exec [...]

  • Page 159

    C HAPTER 17 | SNMP Commands – 159 – ================================== Group Name : testgroup Security Level : NoAuthNoPriv Read-View : defaultview Write-View : defaultview Group Name : group2 Security Level : AuthPriv Read-View : defaultview Write-View : defaultview ================================== AP#[...]

  • Page 160

    – 160 – 18 F LASH /F ILE C OMMANDS These commands are used to manage the system code or configur ation files. dual-image This command specifies the image used to start up the system. S YNTAX dual-image boot image [ a | b ] a - Selects image file A as the startup software. b - Selects image file B as the start up software. D EFAULT S ETTING None[...]

  • Page 161

    C HAPTER 18 | Flash/File Commands – 161 – E XAMPLE AP# dual-image boot-image A Change image to A AP# copy This command copies a boot file, c ode image, or configuration fi le between the access point’ s flash memory and a FTP/TF TP server . When you save the configuration s ettings to a fi le on a F TP/T FTP server , that f ile can later be d[...]

  • Page 162

    C HAPTER 18 | Flash/File Commands – 162 – characters for files on the access point. (V alid char acters: A -Z, a- z, 0-9, “. ” , “-” , “_”) ◆ Due to the size limit of the flash memory , the access point supports only two operation code files. ◆ The system configur ation file must b e named “syscfg” in all copy commands. E XA[...]

  • Page 163

    – 163 – 19 RADIUS C LIENT C OMMANDS Remote A uthentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses soft ware running on a central se rver to control access for RADIUS- aware devic e s to the ne twork. An aut henticatio n server contains a d atabase of credentials, such as users names and passwords, for each wi[...]

  • Page 164

    C HAPTER 19 | RADIUS Client Com mands – 164 – E XAMPLE AP(config)# radius-server primary enable This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server address This command specifies the primar y and secondary RADIUS serv er address. S YNTAX radius-server { primary |[...]

  • Page 165

    C HAPTER 19 | RADI US Client Comm ands – 165 – If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server key This command sets the RADIUS encryption key . S YNTAX radius-server { primary | secondary ] key < key_string> key_string - Encryption key used to authenti cate logon access for client. Do not [...]

  • Page 166

    C HAPTER 19 | RADIUS Client Com mands – 166 – This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server accounting port This command sets the RADIUS Account ing port. S YNTAX radius-server accounting port < port> port - The port used by the RADIUS Accounting serv[...]

  • Page 167

    C HAPTER 19 | RADI US Client Comm ands – 167 – E XAMPLE AP(config)# radius-server accounting key green This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server accounting timeout-interim This command sets the interval betw een tr ansmitting accounting updates to the R[...]

  • Page 168

    C HAPTER 19 | RADIUS Client Com mands – 168 – Please wait a while... AP(config)# show radius This command displays the current settings f or the RADIUS server . D EFAULT S ETTING None C OMMAND M ODE Exec E XAMPLE AP#show radius Radius Accounting Information ============================================== IP : 10.7.16.96 Key : ********* Port : 18[...]

  • Page 169

    – 169 – 20 802.1X A UTHENTICATION C OMMANDS The access point supports IEEE 802.1X access control for wireless clients. This control feature prevents unau thorized access t o the network by requiring an 802.1X client application to submit user credentials for authentication. Client authentication is then verified by a RADIUS server using EAP (Ex[...]

  • Page 170

    C HAPTER 20 | 802.1X Authentication Commands – 170 – E XAMPLE AP(if-wireless 0: VAP[0])# 802.1x enable This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# R ELATED C OMMANDS show interface wireless 802.1x session- timeout This command sets the time period af t[...]

  • Page 171

    – 171 – 21 MA C A DDRESS A UTHENTICATION C OMMANDS Use these commands to define MAC authen tication on the access point. F or local MAC authentication, first define the default fi ltering policy using the address filter default command. T hen enter the MAC addr esses to be filtered, indicating if they are allowed or denied. F or RADIUS MAC auth[...]

  • Page 172

    C HAPTER 21 | MAC Address Authentication Commands – 172 – R ELATED C OMMANDS address filter entry address filter entry This command enters a MAC address i n the filter table. S YNTAX address filter entry < allowed | denied > < mac-address> allowed - Entry is allowed access. denied - Entry is denied access. mac-address - Ph ysical ad[...]

  • Page 173

    C HAPTER 21 | MAC Address Authentication Commands – 173 – D EFAULT None C OMMAND M ODE Global Configuration E XAMPLE AP(config)#address filter delete allowed 00-70-50-cc-99-1b AP(config)# mac-authentication server This command sets address fil tering to be performed wit h local or remote options. Use the no form to disable MAC address authentic[...]

  • Page 174

    C HAPTER 21 | MAC Address Authentication Commands – 174 – D EFAULT 0 (disabled) C OMMAND M ODE Global Configuration E XAMPLE AP(config)#mac-authentication session-timeout 300 AP(config)# show authentication This command shows all authenticat ion settings, as well as the address filter table. C OMMAND M ODE Exec E XAMPLE AP# show authentication [...]

  • Page 175

    – 175 – 22 F ILTERING C OMMANDS The commands described in this sec tion are used to filter communications between wireless clients, cont rol acce ss to the management interface from wireless clients, and filter traffi c using specific Ethernet protocol types. filter local-bridge This command disables communication b etween wireless clients. Use[...]

  • Page 176

    C HAPTER 22 | Filtering Commands – 176 – C OMMAND U SAGE This command can disable wireless-to- wireless communications between clients via the access poi nt. However , it does not affect communi cations between wireless cl ients and the wired network. E XAMPLE AP(config)#filter local-bridge all-vap AP(config)# filter ap-manage This command prev[...]

  • Page 177

    C HAPTER 22 | Filtering Commands – 177 – C OMMAND M ODE Global Configuration C OMMAND U SAGE Y ou can add up to 128 MAC addresses to the fi ltering table. E XAMPLE AP(config)#filter acl-source-address add 00-12-34-56-78-9a AP(config)#filter acl-source-address enable AP(config)# filter acl- destination-address This command configures ACL fil ter[...]

  • Page 178

    C HAPTER 22 | Filtering Commands – 178 – C OMMAND M ODE Global Configuration C OMMAND U SAGE This command is used in conjunction with the filter ethernet-t ype protocol command to determine which Ethernet protocol types are to be filtered. E XAMPLE AP(config)#filter ethernet-type enabled AP(config)# R ELATED C OMMANDS filter ethernet-type proto[...]

  • Page 179

    C HAPTER 22 | Filtering Commands – 179 – show filter s This command shows the filter options and protocol entries i n the filter table. S YNTAX show filters [ acl-source-address | acl-destination-address ] C OMMAND M ODE Exec E XAMPLE AP#show filters Protocol Filter Information ===================================================================[...]

  • Page 180

    – 180 – 23 S PANNING T REE C OMMANDS The commands described in this section are used to set the MAC address table aging time and spanning tree p arameters f or both the Ethernet and wireless interfaces. Table 20: Spanning Tree Commands Command Function Mode Page bridge stp service Enables th e Spanni ng T ree feature GC 181 bridge stp br-conf f[...]

  • Page 181

    C HAPTER 23 | Spanning Tree Comman ds – 181 – bridge stp service This command enables the Span ning T ree Protocol. Use the no form to disable the Spanning T ree Protocol. S YNTAX [ no ] bridge stp service D EFAULT S ETTING Enabled C OMMAND M ODE Global Configuration E XAMPLE This example globally enables the Spanning T ree Protocol. AP(config)[...]

  • Page 182

    C HAPTER 23 | Spanning Tree Commands – 182 – bridge stp br-conf hello-time Use this command to configure the spanning tree brid ge hello time global ly for the wireless bridge. S YNTAX bridge stp br-conf hello-time < time > time - Time in sec onds. (R ange: 1-10 seconds). The maximum v alue is the lower of 10 or [( max- age / 2) -1]. D EF[...]

  • Page 183

    C HAPTER 23 | Spanning Tree Comman ds – 183 – E XAMPLE AP(config)#bridge stp max-age 40 AP(config)# bridge stp br-conf priority Use this command to configure the span ning tree priority globall y for the wireless bridge. S YNTAX bridge stp br-conf priority < priority> priority - Priorit y of the bridge. (R ange: 0 - 65535) D EFAULT S ETTI[...]

  • Page 184

    C HAPTER 23 | Spanning Tree Commands – 184 – E XAMPLE AP(config)# bridge stp port-conf interface wireless 0 Enter Wireless configuration commands, one per line. AP(stp-if-wireless 0)# bridge-lin k path- cost Use this command to configure the spanning tree path cost for the Ethernet port. S YNTAX bridge-link path-cost < cost> cost - The pa[...]

  • Page 185

    C HAPTER 23 | Spanning Tree Comman ds – 185 – C OMMAND U SAGE ◆ This command defines the priority for the use of a port in the Spanning T ree Protocol. If the path cost for a ll ports on a wi reless bridge are the same, the port with the highest priority (that i s, lowest v alue) will be configured as an active link in the spanning tree. ◆ [...]

  • Page 186

    C HAPTER 23 | Spanning Tree Commands – 186 – E XAMPLE AP(stp-if-wireless 0: VAP[0])# path-cost 512 AP(stp-if-wireless 0: VAP[0])# por t-priority (STP Interface) This command sets the spanning tree path cost for the V AP interface. S YNTAX port-priority < priority > priority - The priority for the V AP interface. (R ange: 0-63) C OMMAND M [...]

  • Page 187

    C HAPTER 23 | Spanning Tree Comman ds – 187 – ================================== AP# show bridge br -conf This command displa ys spanning tree settings for a specified VLAN. S YNTAX show bridge br-conf < all | vlan-id> all - K eyword to show t he STP configuration for all VLANs. vlan-id - Specifies a VLAN ID . (Range: 0-4095) C OMMAND M O[...]

  • Page 188

    C HAPTER 23 | Spanning Tree Commands – 188 – Link Port Priority : 32 Link Path Cost : 4 ======================================== ATH0 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH1 configuration ======================================== Link Port Pr[...]

  • Page 189

    C HAPTER 23 | Spanning Tree Comman ds – 189 – vlan-id - Specifies a VLAN ID. (R ange: 0-4095) C OMMAND M ODE Exec E XAMPLE AP# show bridge status all br0 status ===================================================== Bridge ID : 8000.0012cfa25430 Designated Root ID : 8000.0012cfa25430 Root Port : 0 ath0 --- port 0x2 Port ID : 0x8002 Designated Ro[...]

  • Page 190

    C HAPTER 23 | Spanning Tree Commands – 190 – C OMMAND M ODE Exec E XAMPLE AP# show bridge forward-addr interface wireless 0 vap 0 MAC ADDRESS INTERFACE VLAN AGE ===================================================== 02:12:cf:a2:54:30 ath0 0 0 ===================================================== AP#[...]

  • Page 191

    – 191 – 24 WDS B RIDGE C OMMANDS The commands described in this sec tion are used to set the operati on mode for each access poi nt interface and configure Wireless Dis tribution System (WDS) forw arding table settings. wds ap This command enables the bridge oper ation mode for the r adio interface. S YNTAX wds ap D EFAULT S ETTING Disabled C O[...]

  • Page 192

    C HAPTER 24 | WDS Bridge Commands – 192 – D EFAULT S ETTING None C OMMAND M ODE Interface Configuration (Wireless) V AP C OMMAND U SAGE In WDS-ST A mode, the V AP oper ates as a cli ent station in WDS mode, which connects to an access poi nt in WDS- AP mode. The user needs to specify the S SID and MAC address of the VA P to which it intends to [...]

  • Page 193

    – 193 – 25 E THERNET I NTERFACE C OMMANDS The commands described in this sec tion configure connection par ameters for the Ethernet port and wireless interface. interface ethernet This command enters Ethernet interface configur ation mode. D EFAULT S ETTING None C OMMAND M ODE Global Configuration E XAMPLE T o specify the 1000BASE- T network in[...]

  • Page 194

    C HAPTER 25 | Ethernet Interface Commands – 194 – dns This command specifies the address f o r the primary or secondary domain name server to be used for name-to-address resolution. S YNTAX dns { primary-server | secondary-server } < server-address > primary-server - Primary server used for name resolution. secondary-server - Secondary se[...]

  • Page 195

    C HAPTER 25 | Ethernet Interface Commands – 195 – C OMMAND M ODE Interface Configurat ion (Ethernet) C OMMAND U SAGE ◆ DHCP is enabled by default. T o m a nually configure a new IP address, you must f irst disable the DHCP client wit h the no ip dhcp command. ◆ Y ou must assign an IP address to this device to gain management access over the[...]

  • Page 196

    C HAPTER 25 | Ethernet Interface Commands – 196 – E XAMPLE AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. AP(if-ethernet)#ip dhcp AP(if-ethernet)# R ELATED C OMMANDS ip address shutdown This command disables the Ethernet interface. T o restart a disabled interface, use the no form. S YNTAX [ no ] shutdown D E[...]

  • Page 197

    C HAPTER 25 | Ethernet Interface Commands – 197 – E XAMPLE AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.254 Admin status : Up Operational status : Up ======================================== AP#[...]

  • Page 198

    – 198 – 26 W IRELESS I NTERFACE C OMMANDS The commands described in this sec tion configure connection par ameters for the wireless interfaces. Table 23: Wireless Int erface Commands Command Function Mode Page interface wireless Enters wireless interface configur ation m ode GC 199 vap Provides access to the VAP interface configuration mode IC [...]

  • Page 199

    C HAPTER 26 | Wireless Interface Commands – 199 – interface wireless This command enters wireless interface configuration mode. S YNTAX interface wireless < index > index - The index of the wirele ss interfa ce. (Range: 0) D EFAULT S ETTING None C OMMAND M ODE Global Configuration E XAMPLE AP(config)# interface wireless 0 Enter Wireless c[...]

  • Page 200

    C HAPTER 26 | Wireless Interface Commands – 200 – D EFAULT S ETTING Disabled C OMMAND M ODE Interface Configuration (Wireless) E XAMPLE AP(if-wireless 0)#a-mpdu enable AP(if-wireless 0)# a-msdu This command enables and sets the Aggregate MAC Service Data Unit (A -MSDU). S YNTAX a-msdu { enable | disable | length < length> } enable - Enabl[...]

  • Page 201

    C HAPTER 26 | Wireless Interface Commands – 201 – ht40-channel - The 802.11n 40 MHz channel number: 11ng mode: 01Plus, 02Plus, 03Pl us, 04Plus, 05Plus, 05Minus, 06Plus, 06Minus, 07Plus, 07Minus, 08Minus, 09Minus, 10Minus, 11Minus 11na mode: 36Plus, 40Minus, 44Plus, 48Mi nus, 52Plus, 56Minus, 60Plus, 64Minus, 100Pl us, 104Minus, 108Plus, 112Minu[...]

  • Page 202

    C HAPTER 26 | Wireless Interface Commands – 202 – transmit-po wer This command adjusts the power of the radi o signals transmi tted from the access point. S YNTAX transmit-power < signal-stren gth> signal-st rength - Signal strength tr ansmit ted from the access point. (Options: full, half , quarter , eighth, min) D EFAULT S ETTING Full C[...]

  • Page 203

    C HAPTER 26 | Wireless Interface Commands – 203 – C OMMAND U SAGE Both the 802.11g and 802.11b stand ards oper ate within the 2.4 GHz band. If you are oper ating in 11ng mode, an y 802.11b devices in t he service area will contribute to the r adio fr equency noise and affect network performance. E XAMPLE AP(if-wireless 0)#interface-radio-mode 1[...]

  • Page 204

    C HAPTER 26 | Wireless Interface Commands – 204 – C OMMAND U SAGE ◆ Using a sh ort preamble instead of a lo ng pream ble can incr ease data throughput on the access point, but re quires that all clients can support a short preamble. ◆ Set the preamble to l ong to ensu re t he access point can support all 802.11b and 802.11g clients. E XAMPL[...]

  • Page 205

    C HAPTER 26 | Wireless Interface Commands – 205 – beacon-interval Th is co m ma n d c o nf ig ur e s t he ra te at which beacon signals are transmitted from the access point. S YNTAX beacon-interval < inte rval> interval - The ra te for transmi tting beacon signals. (Rang e: 20-1000 milli seconds) D EFAULT S ETTING 100 C OMMAND M ODE Inte[...]

  • Page 206

    C HAPTER 26 | Wireless Interface Commands – 206 – the access point will sa ve all broadc ast/multicast frames for the Basic Service Set (BSS) and forward them after every b eacon. ◆ Using smaller D TIM intervals delivers broadcast/multicast frames in a more timely manner , causing stations in P ower Sav e mode to wake up more often and drain [...]

  • Page 207

    C HAPTER 26 | Wireless Interface Commands – 207 – E XAMPLE AP(if-wireless 0)# rts-threshold 0 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# ssid This command configures the service set identifier (SSID) of the V AP . S YNTAX ssid < string > string - The [...]

  • Page 208

    C HAPTER 26 | Wireless Interface Commands – 208 – C OMMAND U SAGE When closed system is enabled, the a ccess point will not include its SSID i n beacon messages. Nor will it resp ond to probe requests from client s that do not include a fixed SSID . E XAMPLE AP(if-wireless g: VAP[0])#closed-system This setting has not been effective ! If want t[...]

  • Page 209

    C HAPTER 26 | Wireless Interface Commands – 209 – C OMMAND M ODE Interface Configuration (Wireless- V AP) E XAMPLE AP(if-wireless 0: VAP[0])# auth-timeout-interval 10 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# shutdown This command disables th e V AP [...]

  • Page 210

    C HAPTER 26 | Wireless Interface Commands – 210 – E XAMPLE AP# show interface wireless 0 vap 0 ----------------------------------Basic Setting---------------------------- SSID : Edgecore_VAP_0 Interface Radio Mode : 11ng Auto Channel Select : DISABLE Channel : 11 High Throughput Mode : HT20 Status : ENABLE VLAN-ID : 1 Dhcp-Relay Server Ip : 0.0[...]

  • Page 211

    C HAPTER 26 | Wireless Interface Commands – 211 – show station This command shows the wireless client s associated with t he access point. C OMMAND M ODE Exec E XAMPLE AP#show station Station Table Information ======================================== Wireless Interface 0 VAPs List: if-wireless 0 VAP [0] : if-wireless 0 VAP [1] : if-wireless 0 V[...]

  • Page 212

    – 212 – 27 W IRELESS S ECURITY C OMMANDS The commands described in this sec tion configure parameters f or wireless security on the V AP interfaces. auth This command configures authen tication for the V AP interface. S YNTAX auth < open-sys tem | shared-k ey | wpa | wpa-psk | wpa2 | wpa2-psk | wpa-wpa2-mixed | wpa-wpa2-psk-mixed > open-s[...]

  • Page 213

    C HAPTER 27 | Wireless Security Commands – 213 – wpa-wpa2-mixed - Clients using WPA or WP A2 are accepted for authentication. wpa-wpa2-psk-mixed - Clients using WPA or WP A2 with a Pre- shared K ey are accept ed for authentica tion D EFAULT S ETTING open-system C OMMAND M ODE Interface Configuration (Wireless- V AP) C OMMAND U SAGE ◆ The auth[...]

  • Page 214

    C HAPTER 27 | Wireless Security Commands – 214 – encryption cipher suite is set to TKIP , the unicast encryption ci pher (TKIP or AES-CCMP) is negotiated for each client. The access point advertises it’ s supported encrypti on ciphers in beacon frames and probe responses. WP A and WP A2 client s select the cipher they support and return the c[...]

  • Page 215

    C HAPTER 27 | Wireless Security Commands – 215 – E XAMPLE AP(if-wireless 0: VAP[0])# encryption This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# R ELATED C OMMANDS key key This command sets the keys us ed for WEP encryption. Use the no form to delete a conf[...]

  • Page 216

    C HAPTER 27 | Wireless Security Commands – 216 – E XAMPLE AP(if-wireless 0: VAP[0])# key 1 64 hex 1234512345 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# R ELATED C OMMANDS key encryption transmit -key transmit-key This command sets the index of the WEP[...]

  • Page 217

    C HAPTER 27 | Wireless Security Commands – 217 – cipher-suite This command defines the cipher algori thm used to encrypt the global k ey for broadcast and multicas t traf fic when using WP A or WP A2 security . S YNTAX multicast-cipher < aes-ccmp | tkip > aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher . tkip - Use[...]

  • Page 218

    C HAPTER 27 | Wireless Security Commands – 218 – E XAMPLE AP(if-wireless 0: VAP[0])# cipher-suite tkip This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# wpa-pre-shared-key This command defines a Wi-Fi Protect ed Access (WP A/WP A2) Pre-shared- key . S YNTAX [...]

  • Page 219

    C HAPTER 27 | Wireless Security Commands – 219 – pmksa-lifetime This command sets the time for agin g out cached WP A2 P airwise Master K ey Security Association (PMKSA) informat ion for fast roaming. S YNTAX pmksa-lifetime < minutes> minutes - The time for agi ng out PMKSA information. (Rang e: 0 - 14400 minut es) D EFAULT S ETTING 720 m[...]

  • Page 220

    C HAPTER 27 | Wireless Security Commands – 220 – E XAMPLE AP(if-wireless 0: VAP[0])# make-security-effective It will take several minutes ! Please wait a while... Args: 1 lo no wireless extensions. eth0 no wireless extensions. br0 no wireless extensions. wifi0 no wireless extensions. lo no wireless extensions. eth0 no wireless extensions. br0 n[...]

  • Page 221

    C HAPTER 27 | Wireless Security Commands – 221 – lo no wireless extensions. eth0 no wireless extensions. br0 no wireless extensions. wifi0 no wireless extensions. Error for wireless request "Set Fragmentation Threshold" (8B24) : SET failed on device ath0 ; Invalid argument. [: Added ath0 mode master Created ath0 mode ap for Edgecore_V[...]

  • Page 222

    – 222 – 28 L INK L AYE R D ISCO VER Y C OMMANDS LLDP allow s devices i n the local br oadcast domain to share information about themselves. LLDP-capable devices periodic ally transmit information in messages called T ype Length V alue ( TL V) fields to neighbor devices. Advertised in formation is represented in T ype Length V alue (TL V) format[...]

  • Page 223

    C HAPTER 28 | Link Layer Discovery C ommands – 223 – lldp-transmit hold- mu l i p l i e r This command configures the time-to-liv e (T TL) v alue sent in LLDP advertisements. S YNTAX lldp transmit hold-multiplier < multip lier > multiplier - The hold multiplier number . (Range: 2-10) D EFAULT S ETTING 4 C OMMAND M ODE Global Configuration[...]

  • Page 224

    C HAPTER 28 | Link Layer Discovery Commands – 224 – E XAMPLE AP(config)# lldp transmit interval 30 AP(config)# lldp transmit re-init- dela y This command configures the del ay befo re attempti ng to re-initial ize after LLDP ports are disabled or t he link goes down. S YNTAX lldp transmit re-init-delay < seconds > seconds - Time in second[...]

  • Page 225

    C HAPTER 28 | Link Layer Discovery C ommands – 225 – objects, and to increase the probabilit y that multiple, r ather than single changes, are reported in each tr ansmission. ◆ This attribute must comply with the rule: (4 * Dela y Interval) ≤ T ransmission Interv al E XAMPLE AP(config)# lldp transmit delay-to-local-change 10 txDelay range i[...]

  • Page 226

    – 226 – 29 VLAN C OMMANDS The access point can enable the support of VLAN-tagged traffic passi ng between wireless cl ients and the wire d network. VLAN IDs can be mapped to specific V AP interfaces, allowing us ers to remain within the same VLAN as they move around a campus site. C AUTION : When VLANs are enabled, the a ccess point’ s Ethern[...]

  • Page 227

    C HAPTER 29 | VLAN Commands – 227 – ◆ T raffic enteri ng the Ethernet port mu st be tagged wi th a VLAN ID that matches the access point’ s management VLAN ID , or with a VLAN tag that matches one of th e V AP default VLAN IDs. E XAMPLE AP(config)# vlan enabled Warning! VLAN's status has been changed now ! It will take several seconds [...]

  • Page 228

    C HAPTER 29 | VLAN Commands – 228 – vlan-id This com mand configu res the defa ult VLAN ID for th e VAP interface. S YNTAX vlan-id < vlan-id> vlan-id - Default VLAN ID. (R ange: 1-4094) D EFAULT S ETTING 1 C OMMAND M ODE Interface Configuration (Wireless- V AP) C OMMAND U SAGE ◆ T o implement the default VLAN ID setting for VAP interf a[...]

  • Page 229

    – 229 – 30 WMM C OMMANDS The access point implements QoS using the Wi-Fi Multimedia (WMM) standard. Using WMM, the access point is able to priorit ize traffi c and optimize performance when multiple applications compete for wireless network bandwidth at the same ti me. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard an[...]

  • Page 230

    C HAPTER 30 | WMM Commands – 230 – wmm-ac knowledge- policy This command allows the acknowledgem ent wait time to be enabled or disabled for each Access Cate gory (AC). S YNTAX wmm-acknowledge-policy < ac_number > < ack | no ack > ac_number - Access c ategorie s. (Range: 0-3) ack - Re quire the sender to wait for an acknowledgement [...]

  • Page 231

    C HAPTER 30 | WMM Commands – 231 – BSS - Wireless client ac_number - Access categories ( ACs) – voice, video, bes t effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802. 1D priority tags as shown in T able 4 on page 94 . (R ange: 0- 3) LogCwMin - Minimum log val ue of the contenti on window[...]

  • Page 232

    C HAPTER 30 | WMM Commands – 232 – C OMMAND M ODE Interface Configuration (Wireless) E XAMPLE AP(if-wireless 0)# wmmparam ap 0 5 10 3 64 1 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# A I F S 3711 T X O P L i m i t 009 4 4 7 Admission Control Disabled Disable[...]

  • Page 233

    C HAPTER 30 | WMM Commands – 233 –[...]

  • Page 234

    – 234 – S ECTION IV A PPENDICES This section provi des additional information and includes t hese items: ◆ “T roubleshooting” on page 235 ◆ “WDS Setup Examples” on pag e 238 ◆ “Hardware Specifications ” on page 247 ◆ “Cables and Pinouts” on page 250 ◆ “Glossary” on page 255 ◆ “Index” on page 259[...]

  • Page 235

    – 235 – A T R OUBLESHOOTING D IAGNOSING LED I NDICATORS B EF ORE C ONTACTING T ECHNIC AL S UPPOR T Check the following items before you contact local T echnical Support. 1. If wirel ess clients cannot acc ess the network, check the followi ng: ■ Be sure the access point V AP and th e wireless clients a re configured with the same Service Set [...]

  • Page 236

    A PPENDIX A | Troubleshooting Before Contacting Technical Support – 236 – ■ If authentication is being performed through IEEE 802.1X, be sure the wireless users have installed and properl y configured 802.1X client softw are. ■ If MAC address filtering is enabled, be sure the client’ s address is included in the local filtering database o[...]

  • Page 237

    A PPENDIX A | Troubleshooting Before Contacting Technical Support – 237 – 5. If all other reco very measure fail, and the access poi nt is still not functioning properl y , take any of these steps: ■ Re set the access point’s hardw are using the console interface, web interface, or through a power reset. ■ Reset the access point to its de[...]

  • Page 238

    – 238 – B WDS S ETUP E XA MPLES The EAP8518 can use the IEEE 802.11 Wireless Dist ribution Syst em (WDS) to set up links between APs independen tly on any of the unit’ s eight VAP interfaces. This enables the configuratio n of multiple li nks between multiple APs. N OTE : The EAP8518 radio can oper ate in 2.4 GHz mode or 5 GHz mode. It does n[...]

  • Page 239

    A PPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs – 239 – B ASIC WDS L INK B ETWEEN T WO AP S Consider the example illustr ated in Figure 58 . In this example, an EAP8518 connected to the main wired LAN n eeds to connect to another EAP8518 using a WDS link on V AP interface 0. Figure 58: Basic WDS L ink Between Two APs The followi[...]

  • Page 240

    A PPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs – 240 – Figure 59: WDS Exampl e — Access Point A VAP Setting 2. In the V AP Basic Settings, select WDS- AP for the Mode. 3. F or security on the WDS link, select WP A -PSK or WP A2-PSK, set the encryption type, then enter the security key . 4. Click Set to con firm the new se tti[...]

  • Page 241

    A PPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs – 241 – Figure 61: WDS Example — Acce ss Point A WDS-AP VAP Setting 6. Click the Sa ve Config button to reta in the configuration set up when the AP is restarted. A CCESS P OINT B C ONFIG URATION 1. Go to the Wireless>V A P Settings page and click Edit to configure V AP 0. 2. [...]

  • Page 242

    A PPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs – 242 – 5. Click Set to con firm the new se ttings. Figure 63: WDS Example — Access Point B VAP Details 6. On the V AP Settings page, enable V A P 0 (i f not already enabled) and then clic k Set t o implemen t the ne w settin gs. Figure 64: WDS Exampl e — Access Point B WDS-STA[...]

  • Page 243

    A PPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs – 243 – C HEC KING THE WDS L INK S TATUS When you have configured both access point VAPs, you can check the status of the link from Acc ess P oint A. Go to the Information>Station Status page. F or the V AP 0 interface, the Access P oint B MAC address displa ys as a connected st[...]

  • Page 244

    A PPENDIX B | WDS Setup Examples WDS Links Between Three or More APs – 244 – WDS L INKS B ETWEEN T HREE OR M ORE AP S Consider the example illustr ated in Figure 66 . In this example, an EAP8518 connected to the main wired LAN conn ects to two other units using a WDS links. One of the connected units al so connects to another EAP8518. In additi[...]

  • Page 245

    A PPENDIX B | WDS Setup Examples WDS Links Between Three or More APs – 245 – A CCESS P OINT A C ONFIG URATION 1. Configure V AP 0 settings: a. Set V AP 0 to WDS- AP mode. b. Set security to WP A -PSK or WP A2-PSK and conf igure a key . c. Set the S SID and enable the V AP . 2. Configure V AP 1 settings: a. Set V AP 1 to WDS- AP Mode. b. Set sec[...]

  • Page 246

    A PPENDIX B | WDS Setup Examples WDS Links Between Three or More APs – 246 – 2. Configure V AP 1 settings: a. Set V AP 1 to AP Mode. b. Set the required securit y for wireless clients. c. Set the S SID and enable the V AP . A CCESS P OINT D C ONFIG URATION 1. Configure V AP 0 settings: a. Set V AP 0 to WDS-ST A mode. b. Configure the WDS P aren[...]

  • Page 247

    – 247 – C H AR D W ARE S PECIFICATIONS W IRELESS T RANSMIT P OWER (M AXI MUM ) 802.11b/g/n : 802.11b: 21 dBm (typ ical) 802.11g: 16 dBm 802.11n HT20 (20MHz, MCS): 20.5 dBm 802.11n HT40 (40MHz, MCS): 21 dBm 802.11a/n : 802.11a: 16 dBm 802.11n HT20 (20MHz, MCS): 18 dBm 802.11n HT40 (40 MHz, MCS) : 16 dBm W IRELESS R ECEI VE S ENSITIVITY (M AXIMUM[...]

  • Page 248

    A PPENDIX C | Hardware Specifications – 248 – D ATA R ATE 802.11b : 1, 2, 5.5, 11 Mbps per channel 802.11g : 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel 802.11n : 27, 54, 81, 108, 162, 216, 243, 270, 300 Mbps per channel (40MHz) 802.11a : Normal Mode: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel T urbo Mode: 12, 18, 24, 36, 48, 54, 96, 108 M[...]

  • Page 249

    A PPENDIX C | Hardware Specifications – 249 – T EMPERATURE Operating: 0 to 40 °C (32 to 104 °F) Stor age: -20 to 70 °C (32 to 158 °F) H UMIDITY 15% to 95% (non-condensing) C OMPLIANCES FCC P art 15B Class B EN 55022B EN 55024 EN 61000-3-2 EN 61000-3-3 R ADIO S IGNAL C ERTIFICATION FCC P art 15C 15.247, 15.207 (2. 4 GHz) EN 300 328 EN 301 48[...]

  • Page 250

    – 250 – D C ABLES AND P INOUTS T WISTED -P AIR C ABLE A SSIGNMENTS For 1 0/100BASE- TX connections, a twisted-pair cable must hav e two pairs of wires. F o r 1000BASE- T connections the twisted-pair cable must ha ve four pairs of wires. Each wire pai r is identified by two di fferent colors. F or example, one wire might be g reen and the other [...]

  • Page 251

    A PPENDIX D | Cables and Pinouts Twisted-Pair Cable Assignments – 251 – S TRAIGHT -T HR OUGH W IRING If the twisted-pair cable is to join two ports and only one of the ports has an internal crossover ( MDI- X), the two pairs of wires must be straig ht- through. (When auto-negotiation is enabled for any RJ-45 port on this switch, you can use eit[...]

  • Page 252

    A PPENDIX D | Cables and Pinouts Twisted-Pair Cable Assignments – 252 – C RO S SO VE R W IRING If the twisted-pair cable is to join two ports and either both ports are labeled wit h an “X” (MDI- X) or neither port is labeled wit h an “X” (MDI), a crossover must be implemented in th e wiring. (When auto-negotiation is enabled for any R J[...]

  • Page 253

    A PPENDIX D | Cables and Pinouts Twisted-Pair Cable Assignments – 253 – C ABLE T ESTING FOR E XIST ING C ATEGORY 5 C ABLE Installed Category 5 cabling must pass tests for A ttenuation, Near-End Crosstalk (NEXT), and F ar-End Crosstalk (FEXT) . This cable testing information is specifi ed in the ANSI/TIA/EIA - TSB-67 standard. Additionall y , ca[...]

  • Page 254

    A PPENDIX D | Cables and Pinouts Console Port Pin Assignments – 254 – C ONSOLE P OR T P IN A SSIGNMENTS The RJ-45 console port on the front pa nel of the access point is used to connect to the access point for out -of -band console configur ation to a DB-9 connector on a PC. The command-lin e configurati on program can be accessed from a termin[...]

  • Page 255

    – 255 – G LOSSARY 10B ASE-T IEEE 802.3-2005 specification for 10 Mbps Ethernet over two pairs of Category 3 or better UTP cable. 100B ASE-TX IEEE 802.3-2005 specificat ion for 100 Mbps F ast Ethernet over two pairs of Category 5 or better UTP cable. 1000B ASE-T IEEE 802.3ab specification for 1000 Mbps Gigabit Ethernet o ver four pairs of Catego[...]

  • Page 256

    G LOSSARY – 256 – D YNAMIC H OST C ONFIGURATION P RO TO C O L (DHCP) Provides a framework for passing conf iguration information to hosts on a TCP/IP network. DHCP is based on th e Bootstrap Protocol (BOO TP), adding the capability of automatic allocation of reusable network addresses and additional configur ation options. E NCRYPTION Data pass[...]

  • Page 257

    G LOSSARY – 257 – MA C A DDRE SS The physical la yer address used to uniquely iden tify network nodes. N ETW ORK T IME P ROT O C O L (NTP) NTP provides the mechanisms to synchroniz e time across the network. The time servers oper ate in a hierarchical-master-slav e configuration in order to synchronize local cl ocks within the subnet and to nat[...]

  • Page 258

    G LOSSARY – 258 – V IRTUAL A CCESS P OINT (V AP) Virtual AP technology mult iplies the nu mber of Access P oints present wi thin the RF footprint of a si ngle physical access device. With Virtual AP technology , WLAN users within the de vice.s footprint can associate with what appears to be different access points and their ass ociated network [...]

  • Page 259

    – 259 – I NDE X A antennas 28 authentication cipher suite 214 closed system 208 MAC address 171 , 172 type 208 B beacon interval 205 rate 205 BOOTP 194 , 195 bridge 34 C channel 200 closed system 207 community name, configuring 147 community string 147 configuration settings, saving or restoring 161 connect console port 39 connect Ethernet cabl[...]

  • Page 260

    I NDEX – 260 – location selection 36 log messages 136 server 136 M MAC address, authentication 171 , 172 mounting on a horizontal surface 37 mounting on a wall 38 N network configuration 32 O open system 207 P package contents 26 password configuring 123 management 123 port priority STA 184 position antennas 39 power connector 31 R radio channe[...]

  • Page 261

    EAP8518 E092009-D T -R01 149100000037A[...]