SMC Networks SMC2555W-AG manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of SMC Networks SMC2555W-AG, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of SMC Networks SMC2555W-AG one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of SMC Networks SMC2555W-AG. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of SMC Networks SMC2555W-AG should contain:
- informations concerning technical data of SMC Networks SMC2555W-AG
- name of the manufacturer and a year of construction of the SMC Networks SMC2555W-AG item
- rules of operation, control and maintenance of the SMC Networks SMC2555W-AG item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of SMC Networks SMC2555W-AG alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of SMC Networks SMC2555W-AG, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the SMC Networks service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of SMC Networks SMC2555W-AG.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the SMC Networks SMC2555W-AG item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    SMC2555W-A G[...]

  • Page 2

    [...]

  • Page 3

    38 T esla Irvine, CA 92618 Phone: (949) 679 -8000 EliteConnect ™ Univer sal 2.4GHz/5GHz Wireless Access P oint User Guide The easy w a y to mak e all y our netwo rk connections April 2004 Revision Number: R02, F3.0.02[...]

  • Page 4

    Copyright Inf ormation furnished by SMC Networks, Inc. (S MC) is believ ed to be accurate and reliab le. Howe ver , no responsibility is assumed b y SMC for its use , nor f or any infringements of patents or other rights of third parties which ma y result from it s use. No license is gr anted b y implication or otherwise under an y patent or pate n[...]

  • Page 5

    i L IMITED W ARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) w arrants its products to be free from defects in w orkmanship and mater ials, under normal use and ser vice, f or the applicable w arranty term. All SMC products carr y a standard 90-day limited warr anty from the date of purchase from SMC or its Authorized Reseller . [...]

  • Page 6

    L IMITED W ARRANTY ii Customers are responsible f or all shipping charges from their f a cility to SMC. SMC is responsible f or return shippi ng charge s from SMC to customer . W ARRANTIES EXCLU SIVE: IF AN SMC PRODUCT DOES NO T OPERA TE AS W ARRANTED ABOVE, CUST OMER’S SOLE REMED Y SHALL BE REP AIR OR REPLACEMENT OF THE PR OD UCT IN QUESTION, A [...]

  • Page 7

    iii C OMPLIANCES Federal Comm unication Co mmission Interference Statement This equipment has been tested and found to co mply with the limits f or a Class B digital device , pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against ha rmful interference in a residential installation. This equipment ge[...]

  • Page 8

    C OMPLIANCES iv High power radars are allocated as primar y users (meaning they ha v e prior ity) of the 5250-5350 MHz and 56 50-5850 MHz bands. These radars could cause interference and/or damage to the access point when used in Canada. The ter m “IC:” befo re the radio cer tif ication nu mber only signif ies that Industr y Canada technical sp[...]

  • Page 9

    C OMPLIANCES v EC Conf ormance Declaration SMC contact for these products in Europe is: SMC Networks Europe, Edificio Conata II, Calle F ructuós Gelaber t 6-8, 2 o , 4 a , 08970 - Sant Joan Despí, Barcelona, Spain. Marking by the abov e symbol indicates compliance with the Esse ntial Requirements of the R&TTE Directi ve of the European Union [...]

  • Page 10

    C OMPLIANCES vi European Community country. The pr esence of nearby radar operatio n may result in temporary i nterruption of operation of this device. The radar detection feature wil l automatica lly restart operati on on a channel free of ra dar. • The 5 GHz Turbo Mode feature is not allowed for operatio n in any European Community country. The[...]

  • Page 11

    C OMPLIANCES vii Operation Using 5 GHz Channels in the Eur opean Community The user/installer must use the provid ed config uration utility to check the current channel of operation and ma ke necessar y configuration change s to ensure operation occurs in conformance with European National spec- trum usage laws as descr ibed below and elsewhere in [...]

  • Page 12

    C OMPLIANCES viii Community English Hereby, SMC Networks, declares that this Radio LAN device is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC. Finnish Valmistaja SMC Networks vakuuttaa tä ten että Radio LAN device tyyppinen laite on direktiivin 1999/ 5/EY oleellisten vaatimusten ja sitä koske[...]

  • Page 13

    C OMPLIANCES ix Safety Compliance P ower Cord Safety Please read the following safety informati on carefully before installing the switch: W ARNING: Insta llation and removal of the unit m ust be carried out by qualified personnel only . • The unit must be connected to an earth ed (grounded) outlet to co mply with international safety standards. [...]

  • Page 14

    C OMPLIANCES x Importan t! Bef ore making connections, mak e sure you ha v e the correct cord set. Check it (read the label on the cable) against the f ollowing: Power Cord Set U.S.A. and Canada The cord set must be UL-approved and CSA certified. The minimum specifications for the flexible cord are: - No. 18 AWG - not longer than 2 meters, or 16 AW[...]

  • Page 15

    C OMPLIANCES xi Veuillez lire à fond l 'information de la sécurité suivan te avant d'installer le Switch: A VERTISSEMENT : L ’installation et la dépose de ce groupe doiv ent être confiés à un personnel qualifié. • Ne branchez pas votre appareil sur une pr ise secteur (aliment ation électrique) lorsqu'il n'y a pas de[...]

  • Page 16

    C OMPLIANCES xii Bitte unbeding t vor dem Einbau en des Switches die folgenden Sicherheitsanweisunge n durc hlesen (Germany) : W ARNUNG: Die Installation und der Ausbau des Geräts darf nur durch F ach personal erfolgen. • Das Gerät sollte nicht an eine ungeerdet e Wechselstromsteckdose angeschlossen werden. • Das Gerät muß an eine geerdete [...]

  • Page 17

    C OMPLIANCES xiii gegeben, wenn auch die an das Gerät angeschlossenen Geräte unter SELV-Bedingungen betrieben werden. • Stromkabel . Dies muss von dem Land, in dem es benutzt wird geprüft werden: U.S.A und Kanada Der Cord muß das UL gepruft und war das CSA beglaubigt. Das Minimum spezifikation fur der Cord sind: - Nu. 18 AWG - nicht mehr als [...]

  • Page 18

    C OMPLIANCES xiv[...]

  • Page 19

    T ABLE OF C ONTENTS xv T ABLE OF C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Package Che cklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Hardware Desc ription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 Component De scription . . . . . . . . . . . . . . . [...]

  • Page 20

    T AB LE OF C ONTENTS xvi Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-50 Wi-Fi Protected Access (WPA) . . . . . . . . . . . . . . . . . . 5-57 Status Infor mation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-63 Access Point Sta tus . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6[...]

  • Page 21

    T ABLE OF C ONTENTS xvii password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 ip http por t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 ip http serv er . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23 logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 22

    T AB LE OF C ONTENTS xviii 802.1x broa dcast-key-re fresh-rate . . . . . . . . . . . . . . . . 6-52 802.1x sess ion-key-refr esh-rate . . . . . . . . . . . . . . . . . . 6-53 802.1x sess ion-timeout . . . . . . . . . . . . . . . . . . . . . . . . 6-54 address filter default . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-54 address filter e[...]

  • Page 23

    T ABLE OF C ONTENTS xix transmit-pow er . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-87 max-associatio n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-88 multicast-ci pher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-89 wpa-clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-90[...]

  • Page 24

    T AB LE OF C ONTENTS xx[...]

  • Page 25

    1-1 Chapter 1 Introduction SMC’ s EliteConnect Universal 2. 4GHz/5GHz Wireless Access P oint (SMC2555W -A G) is an IEEE 802.11a/g access point that provides t ranspar ent, wireless high-speed d ata communica tions between t he wired LAN and fix ed, por table or mobile de vices equipped with a n 802.11a, 802. 11b , or 802.11g wireless ad apter . T[...]

  • Page 26

    Introduction 1-2 The access point also suppor ts a 54 Mbps half-duple x connection to Ethernet networks f or each active chan nel (up to 108 Mbps in turbo mode on th e 802.11a int erf ace). Package Checklist The EliteConnect Univ ersal 2.4G Hz/5GHz Wireless Access P o int pack age includes: • One Wireless Dual-band Access P oint (SMC2555W -AG) ?[...]

  • Page 27

    Hardware Description 1-3 Hardware Description Front P anel Rear Pa nel Antennas Indicator Panel Security Slot Console Port RJ-45 Port, PoE Connector Reset Button 5 VDC Power Socke t[...]

  • Page 28

    Introduction 1-4 Component Description Antennas The access point includes two antennas f or wireless communication s. The sign al transmitted f rom both antennas is identical, b ut only the best signal receiv ed on one of the antennas is used. The antennas t ransmi t the outgoing sig nal along a horizontal pla ne perpendicular to the antenna (in th[...]

  • Page 29

    Hardware Description 1-5 Security Slot The access point includes a K ensington security slot on the rear panel. Y ou can pre vent unauthorized remo v al of the access p oint by wrapping the K ensington security cabl e (not pro vided) around an unmov able object, inserting the lock into the slot, and turning the ke y . Ethernet Link On Indicates a v[...]

  • Page 30

    Introduction 1-6 Console Port This por t is us ed to connect a co nsole device to the access point through a serial cab le. This connection is described unde r “Console P or t Pin Assignments” on p age B-4. The co nsole de vice can be a PC or workstation running a VT -100 terminal emulator , or a VT -1 00 ter minal. Ethernet Port The access poi[...]

  • Page 31

    F eatures and Benefits 1-7 changes y ou ma y ha v e made are remo ved, and the f actor y default configuration is r estored to th e access poin t. Power Connector The access point does not ha ve a po wer s witch. It is po wered on when connected to the A C power adapt er , and the po wer adapter is connected to a power sourc e. The access po int au[...]

  • Page 32

    Introduction 1-8 • Scans all a v ailab le channels and se lects the best channe l f or each client based on the sign al-to-noise rati o Applications The Wireless products of f er a high speed, re liabl e, cost-e ff ectiv e solution f or 10/100 Mbps wireless Ethernet client access to the network in applications such as: • Remote access to corpo [...]

  • Page 33

    System Def aults 1-9 System Defaults The f ollowing table lists some o f the access point’ s basic system def aults. To reset th e access poin t defaults, use the CLI command “reset conf iguration” fro m the Exec level prompt. Feature Parameter Default Identification System Name Enterprise AP Administration User Name admin Password smcadmin G[...]

  • Page 34

    Introduction 1-10 MAC Authentication MAC Local MAC A uthentication Session Timeout 0 seconds (disab led) Local MA C System Def ault Allow ed Local MA C P er mission Allow ed 802.1x A uthentication Status Disabled Broadcast Key Refresh 0 minutes (disabled) Session Key Refresh 0 minutes (disabled) Reauthentication Refresh Rate 0 seconds (disabled) VL[...]

  • Page 35

    System Def aults 1-11 System Logging Syslog Disab led Logging Host Disab led Logging Conso le Disab led IP Address / Host Name 0.0.0.0 Logging Le vel Inf ormational Logging F acility T ype 16 Ethernet Interface Speed and Duple x Auto Feature Parameter Default[...]

  • Page 36

    Introduction 1-12 Wireless Interface 802.11a IAPP Enabled SSID SMC Status Enable d Turbo Mode Disabled Radio Channel Default to first channel Auto Channel Select Enabled SSID Broadcast Enabled Transmit Power Full Maximum Data Rate 54 Mbps Beacon Interval 100 TUs Data Beacon Rate (DTIM Interval) 2 beacons RTS Threshold 2347 bytes Wireless Security 8[...]

  • Page 37

    System Def aults 1-13 Wireless Interface 802.11b/g IAPP Enabled SSID SMC Status Enable d Channel Default to first channel Auto Channel Select Enabled SSID Broadcast Enabled Antenna Mode Diversity Radio Mode 11b and 11g mixed mo de Transmit Power Full Maximum Data Rate 54 Mbps Beacon Interval 100 TUs Data Beacon Rate (DTIM Interval) 2 beacons RTS Th[...]

  • Page 38

    Introduction 1-14[...]

  • Page 39

    2-1 Chapter 2 Hardware Installation 1. Select a Site – Choose a proper pl ace f or the access point. In general, the best location is at the center of y our wireless cov erage area, within line of sight of all wirel ess de vices . T r y to place the access point in a posit ion that can best cov er its Basic Ser vice Set. (Ref er to “Infrastruct[...]

  • Page 40

    Hardware Installation 2-2 brac ket, slide it into position so t hat the two r etaining latches slip into place ov er the back of the ac cess point . Attachin g the Mount ing Brac ket 4. Lock the Access P oint in Place – T o prev ent unauthorized remov al of the acce ss point, you can us e a K ensington Slim MicroSav er secur ity cable (not includ[...]

  • Page 41

    Hardware Installation 2-3 Otherwise, the access point can der ive its operating pow er directly from the RJ-45 por t when connected to a de vice that provides I EEE 802.3af compliant P o wer o v er Ethernet (P oE). Note: If the access point is connected to both a PoE source device and an AC power source, PoE will be disabled. Wa r n i n g : Use ONL[...]

  • Page 42

    Hardware Installation 2-4 The access point also compares the stren gth of an incoming signal on both ante nnas, and uses the antenn a receiving the stronger signal to commu nicate with a wireless client. 9. Connect the Console P ort – Connect the console cab le (included) to the RS-232 co nsole por t f or accessing the command-line interf ace. Y [...]

  • Page 43

    3-1 Chapter 3 Network Configuration The wireless solution su ppor ts a stand-alone wireless netwo rk configuration as w ell as an integrated configur ation with 10/100 Mbps Ethernet LANs. Wireless network cards , adapters , and access points can be configured as: • Ad hoc f or departmental, SOHO , or enterprise LANs • Infrastru cture for wirele[...]

  • Page 44

    Network Configuration 3-2 Network Topologies Ad Hoc Wireless LAN (no AP or Bridge) An ad hoc wireless LAN consists of a g roup of compu ters , each equipped with a wireless adapter , connected via r adio signals as an independent wirele ss LAN. Computers in a specific ad hoc wireless LAN must therefore be configured to the same radio channel. Ad Ho[...]

  • Page 45

    Network T opologies 3-3 Infrastructure Wireless LAN The access point also pro vides access to a wir ed LAN f or wireless workstations. An integr ated wired/wireless LAN is called an Infrastructure configuratio n. A Basic Ser vice Set (BSS) consists of a group of wireless PC users, and an access point that is direc tly connected t o the wired LAN. E[...]

  • Page 46

    Network Configuration 3-4 Infrastructure Wireless L AN for Roaming Wireless PCs The Basic Ser vice Set (BSS) defi nes the communications domain f or each access point and its a ssociated wireless clients. The BSS ID is a 48-bit binar y number based on the access point’ s wireless MA C address, and is set au tomatically and transparent ly as clien[...]

  • Page 47

    Network T opologies 3-5 A wireless infra structure can also suppor t roaming f or mobile worker s. Mo re than one a ccess point can be configu red to crea te an Extended Ser vice Set (ESS). By placing the access points so that a continuous co verage area is cre ated, wireless users within this ESS can roam freely . A ll SMC wireless netw ork card a[...]

  • Page 48

    Network Configuration 3-6[...]

  • Page 49

    4-1 Chapter 4 Initial Configuration The EliteConnect Univ ersal 2.4GHz/5GHz Wireless Access P oint SMC2555W -AG off ers a v ariety of management opti ons, including a web-based interface , a direct c onnection to the console por t, or using SNMP softw are such as SMC’ s EliteVie w . The initial configur ation steps can be made thr ough the web br[...]

  • Page 50

    Initial Configuration 4-2 T o conne ct to the console por t, complete the f ollowing steps: 1. Connect the console cable to the serial por t on a ter minal, or a PC running terminal emulat ion softw are, and tigh ten the captiv e retaining scre ws on the DB-9 connector . 2. Connect the other end of the cab le to the RS-232 serial port on the access[...]

  • Page 51

    Initial Setup through the CLI 4-3 Initial Configuration Steps Loggin g In – Enter “admin” f or the user name and “smcadmin” f or the pass word. The CLI pr ompt appears d ispla ying the access point’ s m odel number . Setting the IP Address – By def ault, the access point is configured to obta in IP address settin gs from a DHCP ser v [...]

  • Page 52

    Initial Configuration 4-4 accessed us ing T elnet from any comp uter attach ed to the network. Setting the Country Co de – Units sold in the United States are configured b y def ault to use only radio channels 1-11 as defined by FCC regulations. Units sold in other countries are configured by def ault withou t a country code (i.e. , 99). Y ou mus[...]

  • Page 53

    Using the W eb-based Management Setup Wizard 4-5 Loggin g In – Enter the username “admin, ” the pass word “smcadmi n, ” and click LOGIN. F o r inf ormation on configuring a user name and pa ss word, ref er to page 5-27. The home page di spla ys the Main Men u.[...]

  • Page 54

    Initial Configuration 4-6 Launching the Setup Wizar d – T o perform initial configuration, click Setu p Wizard on the home page , then click on the [Ne xt] but ton to start the process. 1. Serv ice Set ID – Enter the service set identifier in the SSID bo x which all wireless clients mu st use to associate with the access point. The SSID is cas [...]

  • Page 55

    Using the W eb-based Management Setup Wizard 4-7 2. Radio Channel – Y ou must enab le rad io commun ications f or 802.11a and 802 .11b/g, and set the oper ating radio channel. • 802.11a T urbo Mode – If you select Enable, the access point will operate in turbo mode with a data r ate of up to 108 Mbp s. Normal mode suppor t 13 channels , T urb[...]

  • Page 56

    Initial Configuration 4-8 • 802.11b/g 802.11g Radio Channel: Set the o perat ing radio channel number . (Range: 1-11; Default: 11) Note: Available channe l settings are limited by local regulations which determine which chan nels are available. (See “Maximum Cha nnels” on page C-1.) 3. IP Configuration – Either enable or disab le Dynamic Ho[...]

  • Page 57

    Using the W eb-based Management Setup Wizard 4-9 assigned to the access po int by the networ k DHCP ser ver . (Def ault: Enable) Note: If there is no DHCP server on your network, then the access point will automatically start u p with its default IP address, 192.168.2.2. 4. Click Finish. 5. Click the OK button to restart the access point.[...]

  • Page 58

    Initial Configuration 4-10[...]

  • Page 59

    5-1 Chapter 5 System Configuration Bef ore contin uing with adv anced configuration, first complete th e initial configur ation steps described in Chapter 4 to set up an IP address f or the SMC2555W -AG. The SMC2555W -A G can be managed b y any co mputer using a web br owse r . Enter the def ault I P address: h ttp://192 .168.2.2 T o log into the S[...]

  • Page 60

    System Configuration 5-2 The inf or mation in this chapter is organiz ed to refle ct the structure of the web scr eens f or easy ref erence. How e ver , we recommend that y ou configur e a user name an d pass word as the first st ep under adv anced configuration to cont rol management access to this de vice (page 5-29). Advanced Configuration The A[...]

  • Page 61

    Adv anced Configuration 5-3 Radio Interface 1 Configures the IEEE 802.11a interface 5-40 Radio Settings Configures ra dio signal parameters, such as radio channel, transmission rate, and beacon settings 5-41 Security Configures data encryption with Wired Equivalent Protection (WEP) or Wi-Fi Protected Access (WPA) 5-50 WPA Configures advanced encryp[...]

  • Page 62

    System Configuration 5-4 System Identification The system inf or mation parameters f or the SMC2555W -AG can be left at their def ault settings . How e v er , modifying these parameter s can help y ou to more easily distinguish diff erent devices in y our network . Y ou should se t a Ser vice Se t Identification (SSID) to ident ify the wireless net[...]

  • Page 63

    Adv anced Configuration 5-5 CLI Commands f or System Identificatio n – Enter the glob al configuratio n mode, a nd use the system na me command t o specify a new system name. Enter the wireless configuration mode (eithe r 11a or 11g), and use the ssid command to set the service set identifier . Then return to the Exec mode , and use the sho w sys[...]

  • Page 64

    System Configuration 5-6 TCP / IP Settings Configuring the SMC2555W -A G with an IP address e xpands your ability to manage the access point. A number of acces s point f eature s depend on IP addre ssing to oper ate . Note: You can use the web browser interface to access IP addressing only if the access point already has an IP address that is reach[...]

  • Page 65

    Adv anced Configuration 5-7 DHCP Client (Enable) – Select this option to obtain the IP settings for the access poi nt from a DHCP (Dynamic Host Configuratio n Protocol) server . The IP address , subnet mask, def ault gatew a y , and Domain Name Server (DNS) ad dress are dynamically assigned to the access point by th e network DHCP ser v er . (Def[...]

  • Page 66

    System Configuration 5-8 If yo u ha v e management stat ions, DNS , RADIUS, or other network ser v ers located on anot her subnet, t ype the IP address of the d ef ault gate wa y router in the te xt field provided. Otherwise, leav e the address as all zeros (0.0.0 .0). • Primar y and Secondary DNS Address: The IP address of Domain Name Servers on[...]

  • Page 67

    Adv anced Configuration 5-9 CLI Commands for TCP/IP Settings – F rom the global configuration m ode, enter the int erface configuration mode wit h the interface ethernet comman d. Use the ip dhcp command to enable the DHCP client, or no ip dhcp to disab le it. T o manually configure an address , specify the new IP address , subnet mask, and def a[...]

  • Page 68

    System Configuration 5-10 Radius Remote Authentication D ial-in User Ser vice (RADIUS) is an authentica tion protocol that uses softw are running on a centr al ser v er to control access to RAD IUS-a ware de vices on the network. An authent ication server contains a dat abase of user credentials f or each user that requires access to t he network. [...]

  • Page 69

    Adv anced Configuration 5-11 Primar y Radius Ser ver Setup – Config ure the following settings to use RADIUS authenti cation on the acce ss point. • IP Address: Specifies the I P address of the RADIUS server . • P or t: The UDP por t number used by the RADIUS ser ver f or authentication messag es. (Ran ge: 1024-65535 ; Def ault: 1812) • K e[...]

  • Page 70

    System Configuration 5-12 authentication f ails. (Range: 1-30; Def ault: 3) Note: For the Timeout and Retransmit attempts fields, accep t the default values unless you experience problems con necting to the RADIUS server over the network. Secondary Radius Ser ver Setup – Configure a secondar y RADIUS ser ver to provide a bac k up in case the prim[...]

  • Page 71

    Adv anced Configuration 5-13 CLI Commands f or RADIUS – F rom the global configurat ion mode, use th e radius-s erver ad dress command to sp ecify the address of the primar y or secondary RADIUS ser ver s. ( The f ollowing e xample configures the se ttings f or the pr imar y RADIUS server .) Configure the other par ameters for t he RADIUS ser v e[...]

  • Page 72

    System Configuration 5-14 Authentication Wireless clients can be authenticated f or network access by chec king their MA C address against the local database configured on the access poin t, or by using the IEEE 802.1x network access authentication pr otocol to look up their MA C addresses on a RADIUS server . The 80 2.1x protocol can also be confi[...]

  • Page 73

    Adv anced Configuration 5-15 point. The Lo cal MA C Authen ticati on section enables the local database t o be set up . • Radius MA C: The MAC addr ess of the associating station is sent to a co nfigured RADIUS server f or authentication . When using a RADIUS authenticati on ser ve r f or MA C address authenticat ion, the ser v er must first be c[...]

  • Page 74

    System Configuration 5-16 • MA C A uthentication T a bl e: Displa ys current entries in the local MA C database . 802.1x Setup – IEEE 8 02.1x is a standard f rame work f or network access contr ol that uses a central RADIUS se r ver f or user authentica tion. This cont rol f eature prev ents unauthorized access to the network b y requiring an 8[...]

  • Page 75

    Adv anced Configuration 5-17 all associated wireless clie nts. If 802.1x auth entication is not initiated by a client, the access poi nt will initiate authentication. Only those clients successfully authenticated with 802.1x are allowed to access the network. When 802.1x is enab led, the broa dcast and session k e y rotation intervals can also be c[...]

  • Page 76

    System Configuration 5-18 remov e an entry from the table , use the address filt er delete command. T o display the current settings, u se the show authenti cation command fro m the Exec mode. CLI Commands f or RADIUS MA C A uthenticat ion – Use the mac-authenti cation server co mmand from th e global configura tion mode to enab le remote MA C au[...]

  • Page 77

    Adv anced Configuration 5-19 connection settin gs f or the RADIUS ser ver (not shown in the f ollowing e xample). T o display t he current settings , use the show authenti cation command fro m the Exec mode. SMC-AP(config)#mac-authentication server remote 6-57 SMC-AP(config)#mac-authentication session-timeout 300 6-58 SMC-AP(config)#exit SMC-AP#sho[...]

  • Page 78

    System Configuration 5-20 CLI Commands f or 802.1x A uthenti cation – Use the 802.1x supported command from the globa l configurat ion mode to enab le 802.1x authentication . Set the session and broadca st ke y refresh r ate , and the re-authe ntication ti meout. T o display th e current settin gs, use the show au thenticati on command fr om the [...]

  • Page 79

    Adv anced Configuration 5-21 Filter Control The access point can empl o y VLAN ID and network traf fic frame filtering to control access to network resources a nd increase security . Nativ e VLAN ID – The VLAN ID assigned to wireless clients that are not assigned to a specific VLAN by RADIUS server configuration. VLAN – Enable s or disab les VL[...]

  • Page 80

    System Configuration 5-22 A VLAN ID (1-4095) is assigned to a client aft er successful authentication using IEEE 802.1x and a central RADIUS server . The user VLAN IDs must be configured on the RADIUS server f or each user authorized to access the netw ork. If a user does not hav e a configured VLAN ID , the acces s point assigns the us er to its o[...]

  • Page 81

    Adv anced Configuration 5-23 When VLAN filtering is enab led, the access p oint must also ha v e 802.1x authenticat ion enab led and a RADIUS server configure d. Wireless clients must also support 802.1x client software t o be assigned to a specific VLAN. When VLAN filtering is disabled, the access point ignores the VLAN tags on any re ceiv ed fram[...]

  • Page 82

    System Configuration 5-24 CLI Commands f or VLAN Suppor t – F rom the global configuration mod e use the native-v lanid command to s et the def ault VLAN ID f or the Ether net interf ace, then enab le VLANs using the vlan enabl e command. When y ou change the access point’ s VLAN support setting, you must rebo ot the access point t o implement [...]

  • Page 83

    Adv anced Configuration 5-25 CLI Commands f or Bridge Filter ing – Use th e filter local-bridge command from the global configur ation mode to pre v ent wireless-to-wireless communicati ons through the access poin t. Use the filter ap-manage command to restrict management access from wireless clients . T o configure Ether net protocol filtering, [...]

  • Page 84

    System Configuration 5-26 SNMP Y ou can use a network manageme nt application such as SM C’ s EliteVie w to manage the SMC2555W -A G via the Simple Network Management Protocol ( SNMP) from a netwo rk management station. T o implement SNMP management, the SMC2555W -AG must ha ve an IP address and subne t mask, conf igured either manually or dynami[...]

  • Page 85

    Adv anced Configuration 5-27 SNMP – Enab les or disab les SNMP management acce ss and also enab les the access point to send SNMP tr aps (notifications) . SNMP management is enab led b y default. Location – A text string that d escrib es the syste m location. (Maximum lengt h: 20 char acters) Contact – A text st ring that describes the system[...]

  • Page 86

    System Configuration 5-28 CLI Commands f or SNMP – Use the snmp-serve r enabl e server command fr om the global configur ation mode. T o set read/write and re ad-only comm unity name s, u se the snmp-server community command. Use the snmp-ser ver location and sn mp-server cont act commands to ind icate the ph ysical locatio n of the access point [...]

  • Page 87

    Adv anced Configuration 5-29 Administration Changing the Password Management access t o the web an d CLI interf ace on the SMC2555W -AG i s controlled th rough a single user name and passw ord. Y ou can als o gain addi tional access secur ity by using control filters . (See “Filter Cont rol” on page 5-21.) T o pro tect access to the manageme nt[...]

  • Page 88

    System Configuration 5-30 CLI Commands f or the User Name and P ass word – Use the username and pass word commands f rom the CLI configur ation mode. SMC-AP(config)#username bob 6-21 SMC-AP(config)#password smcadmin 6-22 SMC-AP#[...]

  • Page 89

    Adv anced Configuration 5-31 Upgrading Firmware Y ou can upgr ade ne w SMC2555W -AG so ftware from a local file on the managem ent workstation, or f rom an FTP or TFTP serve r . New sof tware ma y be provided periodically on SMC’ s web site (http://www .smc.com). After upg rading ne w software, y ou must reboot the SMC2555W -AG to implem ent the [...]

  • Page 90

    System Configuration 5-32 • Obtain the IP add ress of the FTP or TFTP server wh ere the access point softwa re is stored. • If upgr ading from an FTP server , be sure th at y ou ha v e an account configur ed on the server with a user name and passw o rd. • If VLANs are configur ed on the access point, determine the VLAN ID with which the FTP [...]

  • Page 91

    Adv anced Configuration 5-33 Firmware Upgrade Remote – Do wnloads an operation code image file from a specified re mote FTP or TFTP ser ver . After filling in the follo w ing fields, clic k Star t Upgrade to proceed. • New firmware file: Specifies the name of the code file on the ser v er . The new fir mware file name sh ould not con tain slas [...]

  • Page 92

    System Configuration 5-34 CLI Commands f or Downloading Soft w are fr om a TFTP Server – Use the copy tftp file command from th e Ex ec mode and t hen specify the file type , name , and IP addr ess of the TFTP server . When the do wnload is complete , the dir co mmand can be used to check t hat the ne w file is present in the access point fil e s[...]

  • Page 93

    Adv anced Configuration 5-35 System Log The SMC25 55W - A G can be c onfigured t o send ev ent and error messages to a System Log Server . The system cloc k can also be synchroniz ed with a time server , so that all the messages sent t o the Syslog server a re stamped with the corr ect time a nd date . Enabling System Logging The SMC2555W -AG sup p[...]

  • Page 94

    System Configuration 5-36 Logging Console – Enables the logging of error messages to the console. Logging Lev el – Sets the minimum se verity le vel f or ev ent logging. The system allo ws you to limit the messages that are logged by specifying a minimum se ve rity lev el. The following table lists the error mess age lev els from the m ost sev [...]

  • Page 95

    Adv anced Configuration 5-37 number t o use on the Syslog server . T o vie w the current logging settings , use the sho w logging command. Configuring SNTP Simple Network Time Protocol (SNTP) allo ws the SMC2555W -AG to set its internal clock based on pe riodic updates from a time server (SNTP or NTP). Ma intaining an accurate time on t he access p[...]

  • Page 96

    System Configuration 5-38 SNTP Ser ver – Configures the access po int to operate as an SNTP client. When enab led, at least one time server IP add ress must be specified. • Primar y Server : The IP addres s of an SNTP or NTP tim e ser v er that the access point atte mpts to poll f or a time update. • Secondary Ser ver: The IP address of a sec[...]

  • Page 97

    Adv anced Configuration 5-39 da ylight sa vings . T o view the current SNTP setti ngs, u se the show sntp command. CLI Comman ds f or the System Clock – The f ollowing exa mple shows how to manually set the sys tem time when SNTP ser ver suppor t is disable d on the access point. SMC-AP(config)#sntp-server ip 10.1.0.19 6-28 SMC-AP(config)#sntp-se[...]

  • Page 98

    System Configuration 5-40 Radio Interface The IEEE 802.11a and 802.11g interf aces include configurat ion options f or radio signal chara cteristics and wireless security f eatures . The configur ation options are nearly identical, and are theref ore both cov ered in this section of the manual. The access point can oper ate in se veral dif f erent [...]

  • Page 99

    Radio Interf ace 5-41 Radio Settings (802.11a) The IEEE 802.11a inter f ace oper ates within the 5 GHz band , at up to 54 Mb ps in nor mal mode or up to 108 Mbps in T urbo mode. Enable – Enab les radio communications on the SMC2555 W -AG. (Def ault: Enabled) T urbo Mode – The normal 802.11a wireless opera tion mode provides conn ections up to 5[...]

  • Page 100

    System Configuration 5-42 40 MHz to support the increase d data rate. However, this redu ces the number of channels supported (e.g., 5 channels for the United States). Radio Channel – The r adio channel tha t the access point uses to c ommunicate with wireless clients. When multiple access points are deplo yed in the same area, set the channel on[...]

  • Page 101

    Radio Interf ace 5-43 Maximum Supported Rate – The maximum data r ate at which a client can co nnect to the access point. The maximum transmission dist ance is affected by the data rate. The lower the data rate, the longer the transmission distance. (Options: 54, 48, 36, 24 Mbps; Def ault: 54 Mbps) Beacon Interval – The rate at which beac on si[...]

  • Page 102

    System Configuration 5-44 If the RTS threshold is set to 0, the access point nev er sends RTS signals. If set to 2347, the access point alw a ys sends RTS signals. If set to an y other v alue, and the pac k et size e quals or e xceeds the R TS threshold, the R TS/CTS (Request to Send / Clear to Send) mechanism will be enabled. The access points con[...]

  • Page 103

    Radio Interf ace 5-45 SMC-AP#show interface wireless a 6-95 Wireless Interface 802.11a Information ========================================================== ----------------Identification---------------------------- Description : Enterprise 802.11a Access Point SSID : r&d Turbo Mode : ON Channel : 42 (AUTO) Status : Enable ----------------802.[...]

  • Page 104

    System Configuration 5-46 Radio Settings (802.11g) The IEEE 802.11g standard operates within the 2.4 GHz band at up to 54 Mbps. Also note that because th e IEEE 802.11g standard is an e xtension of the IEEE 802.11b standa rd, it allows clients with 802.11b wireless n etwork cards to associate to an 802.11g access point. Enable – Enab les radio co[...]

  • Page 105

    Radio Interf ace 5-47 set to the same as that used by the access point to which it is link ed. (Range: 1-11 ; Def ault: 1) A uto Channel Select – Enables the access point to automatically select an unoccupied r adio channel. ( Def ault: Enab led) SSID Broadcast – The SS ID broadcas t can be dis abled to pre v ent acce ss to clients without a pr[...]

  • Page 106

    System Configuration 5-48 CLI Commands f or the 802.11a Wireless Inter f ace – F rom the global configur ation mode, enter the interfa ce wireless g command to access the 802.1 1g radio inter f ace . Set the interf ace SSID using the ssid command and, if req uired, configure a name f or the interf ace using the desc ription command. Y ou can also[...]

  • Page 107

    Radio Interf ace 5-49 SMC-AP#show interface wireless g 6-95 Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : r&d Turbo Mode : OFF Channel : 11 (AUTO) Status : Enable ----------------802.11 Pa[...]

  • Page 108

    System Configuration 5-50 Security The SMC2555W -A G is configured b y default as an “open system, ” which broadcasts a beacon signal including the configured SSID . Wireless clients can read the SSID from the beacon, and automat ically reset the ir SSID to allo w immediate connection to t he nearest access point. T o i mpro ve wireless netw or[...]

  • Page 109

    Radio Interf ace 5-51 The security mechanisms that ma y be emplo yed depend on the le v el of security required, the net work and management resources a v ailab le , and the softw are support provided on wireless clients. A summa ry of wireless secu rity co nsiderations is listed in the f ollowing tab le. Note: Although a WEP static key is not need[...]

  • Page 110

    System Configuration 5-52 Wired Equivalent Privacy (WEP) WEP provides a basic le vel of security , pre venting unaut horized access to the netwo rk and encrypting data transmitted be tween wireless clients and the access point. WEP uses static shared ke ys (fixed -length he xadecimal or alphanumeric strings) that are manually distrib uted to all cl[...]

  • Page 111

    Radio Interf ace 5-53 Setting up shared k eys enab les the basic I EEE 802.11 Wired Equiv alent Priv acy (WEP) on t he access point to pr e v ent unauthorized access to t he network. If y ou choose to u se WEP shared k e ys instead of an ope n system, be sure to define at least one static WEP ke y for user authentica tion and data encryption. Also [...]

  • Page 112

    System Configuration 5-54 Shared Ke y S etup – Selec t 64 Bit, 128 Bit, o r 152 Bit key length. Note that the same size of encr yption ke y must be suppor ted on all wireless clients . (11b/g: 64/ 128 Bits; 11a: 64/128/152 Bit s; Def ault: 12 8 Bit) Ke y T y p e – Select the preferred method of enter ing WEP encr yption k eys on the access poin[...]

  • Page 113

    Radio Interf ace 5-55 encr yption command to enab le WEP encryption. Use the m ulticast-cipher command to select WEP cipher type . T o enter WEP k e ys, use the key command, and th en set one k ey as the transmit key using the transmit-ke y comman d. Then disab le 802.1x port authentication with the 802.1x command. T o view the current security set[...]

  • Page 114

    System Configuration 5-56 Note: The index and length values used in the key command must be the same values used in the encryption and transmit-key commands. CLI Commands f or WEP ov er 802.1x Security – F rom the 802.11a or 802.1 1g interf ace configuration mode , use the authenti cation command to select open system authentication. Use the m ul[...]

  • Page 115

    Radio Interf ace 5-57 Wi-Fi Protected Access (WPA) WP A emplo ys a combination of sev eral technologies to pro vide an enhanced se curity solution f or 802.11 wireless networks. The SMC2555W -AG sup por ts the f ollowin g WP A components and f eatures: IEEE 802.1x and the Extensib le Authentication Pr otocol (EAP): WP A employs 80 2.1x as its basic[...]

  • Page 116

    System Configuration 5-58 Note: To implement WPA on wireless clients requi res a WPA-enabled network card driver and 802.1x c lient software that supports the EAP authentication type that you want to use. Windows XP provides native WPA support, other systems require additional software. T empora l Key Integr ity Protocol ( TKIP) : WP A specifi es T[...]

  • Page 117

    Radio Interf ace 5-59 multicast and broa dcast traffic must be the same for all clients, therefore it restri cts encr yption to a WEP key . When access is opened to both WP A and WEP clients, no authenti cation is pro vided f or the WEP clients through sh ared ke ys. T o suppo r t authentication f or WEP clients in this mixe d mode configur ation, [...]

  • Page 118

    System Configuration 5-60 WP A Ke y Management – WP A can be configured to work in an enter prise environment using I EEE 802.1x and a RADIUS ser v er f or user authenti cation. For smaller networks, WP A can be enab led using a common pre- shared k ey f or client authentication with the access point. • WP A authentication ov er 802.1x: The WP [...]

  • Page 119

    Radio Interf ace 5-61 WP A Pre-Shared K ey T ype – If the WP A pre-shared-k e y mode is used, all wireless clients must be configured with the same k e y to communicate with the access point. • Hexadecimal: Enter a key as a strin g of 64 hexadecimal numb er s. • Alphanumeric: Enter a k e y as an easy-to- remember f or m of letters and n umber[...]

  • Page 120

    System Configuration 5-62 authentica tion. T o view the current 802 .11g security settings , use the show interfa ce wireless a or show interface wirel ess g command (not sho wn in e xample). CLI Commands f or WP A ov er 802.1x Security – F rom the 802.11a or 802.1 1g interf ace configuration mode , use the authenti cation command to s et the acc[...]

  • Page 121

    Status Inf ormation 5-63 Status Information The Status page includes in f ormation on the follo wing items: Access Point Status The AP Status window displa ys basic system configuration settings, as well as th e settings for the wirele ss interface. Menu Description Page AP Status Displays configuration settings fo r the basic system and the wirele[...]

  • Page 122

    System Configuration 5-64 AP System Configura tio n – The AP System Configuration t able displays the basic system configur ation settings: • System Up Time: Len gth of time the man agement agent h as been up . • MA C Address: The ph ysical lay er address f or this de vice. • System Name : Name assigned to this system . • System Contact: [...]

  • Page 123

    Status Inf ormation 5-65 CLI Commands f or Displaying System Set tings – T o view the current acces s point system settin gs, use the show syst em command from the Ex ec mode. T o view the current ra dio interf ace settings , use the sho w interface w ireless a or sh ow int erface wireless g command (see page 6- 95). SMC-AP#show system 6-33 Syste[...]

  • Page 124

    System Configuration 5-66 Station Status The Station St atus window sho ws the wireless clients currently associated w ith the SMC25 55W -A G. The Station Configur ation page displa ys basic connection inf ormation f or all associated stations as described belo w . Note that this page is automat ically refreshed every five seconds. • Station Addr[...]

  • Page 125

    Status Inf ormation 5-67 associated w ith the ac cess point. O nce authentic ation is completed, stations can associat e with the current access point, or reas sociate with a new access point . The associatio n procedure allo ws the wireless system to tra ck the loca tion of each mobile clie nt, and ensure that frames destin ed for each client are [...]

  • Page 126

    System Configuration 5-68 Event Logs The Ev ent Logs windo w shows the log messages generated b y the acces s point and stored in m emor y . The Ev ent Logs tab le displa ys the f ollowing inf or mation: • Log Time: The time the log message was gen erated. • Ev ent Le v el: The logging le v el associated with this message. F or a description of[...]

  • Page 127

    Status Inf ormation 5-69 • Access point was set to “Shared Ke y A uthentication, ” but a client sent a n authentic ation frame for “Open System . ” • WEP ke ys do not match: When the access point uses “Shared K ey Authentication, ” but the ke y used by client and access point are not the same, the fram e will be decrypted incorrectl[...]

  • Page 128

    System Configuration 5-70[...]

  • Page 129

    6-1 Chapter 6 Command Line Interface Using the Command Line Interface Accessing the CLI When accessing the manageme nt interf ace for the SMC2555W-A G ov er a direct conn ection to th e console p or t, or via a T elnet connection, the access point can be managed b y entering command k eywor ds and para meters at the p rompt. Using the access point?[...]

  • Page 130

    Command Line Interf ace 6-2 After connecti ng to the system th rough the con sole por t, the login screen displa ys: Note: Command examples show n later in this chapter abbreviate the console prompt to “SMC-AP” for simplicity. Telnet Connection T elnet operates over the IP transpor t protocol. In this envir onment, y our manage ment station and[...]

  • Page 131

    Entering Commands 6-3 After y ou configure t he access point with an IP address , y ou can open a T elnet session by perf or ming these step s. 1. F rom the remote host, ent er the T elnet command and t he IP address of the de vice you want to access. 2. At the prompt, ent er the user name and system pass word. The CLI will displa y the “SMC Ente[...]

  • Page 132

    Command Line Interf ace 6-4 Y ou can enter commands a s f ollo ws: • T o enter a simple comm and, enter the command k eyw ord. • T o enter commands that requir e parame ters , enter the required par ameters after t he command k eyw ord. For e xample , to set a pass word f or the administrator , enter: SMC Enterprise AP(config)# username smith M[...]

  • Page 133

    Entering Commands 6-5 list of valid ke ywords f or a specific c ommand. For e xample, the command “ show ? ” displa ys a list of possible sho w commands: The command “ sho w int erface ? ” will displa y the following inf orm ation: Partial Keyword Lookup If yo u terminate a par tial ke yword with a question ma rk, alternatives that match th[...]

  • Page 134

    Command Line Interf ace 6-6 Negating the Effe ct of Commands F or man y configur ation commands y ou can enter the prefix ke yword “ no ” to cancel t he eff ect of a command or reset the configuratio n to the def ault value . F or example , the logging command will log system messages to a host ser ver . T o disabl e logging, specify the no log[...]

  • Page 135

    Entering Commands 6-7 Exec Commands When you open a new console session on the access p oint, the system enters Ex ec command mode. Only a limited number of the commands are a vailab le in th is mode. Y ou can access all other comm ands only f rom the co nfiguration mode. T o access Ex ec mode, open a ne w console session with the user nam e “adm[...]

  • Page 136

    Command Line Interf ace 6-8 T o enter the Glob al Configur ation mode , enter the comm and configure in Ex ec mode. The system prompt will change to “SMC Enter prise AP(config)#” which gives yo u access privilege to all Global Configur ation commands . T o enter Interf ace mode, y ou must e nter the “ interface ethernet ,” or “ interface [...]

  • Page 137

    Entering Commands 6-9 Ctrl-N Enters the next command l ine in the history buffer. Ctrl-P Shows the last command. Ctrl-R Repeats current command l ine on a new line . Ctrl-U Deletes the en tire line. Ctrl-W Deletes the last word typed. Esc-B Moves the cursor backward one word. Esc-D Deletes from the cursor to the end of the word. Esc-F Moves the cur[...]

  • Page 138

    Command Line Interf ace 6-10 Command Groups The system commands can be brok en down into the functi onal groups sho wn below . The access mode shown in the f o llowing tab les is indicated b y these abbreviations: Exec (Ex ecutiv e mode ), GC (Global Configuratio n), and IC (Interface Configuration). Command Group Description Page General Basic com[...]

  • Page 139

    General Commands 6-11 General Commands configure This command activ ates Gl obal Configur ation mode . Y ou must enter this m ode to modif y most of the settings o n the acces s point. Y ou must also ent er Global Configur ation mode prior to enab ling the cont e xt modes f or Interf ace Configuration. See “Using the Command Li ne Interf ace” o[...]

  • Page 140

    Command Line Interf ace 6-12 end This command returns to the pre vious configuration mode . Default Setting None Command Mode Global Configur ation, Inter f ace Configuration Example This e xample shows how to retur n to the Configu ration mode from the Inter f ace Configur ation mode: exit This command returns to the Ex ec mode or e xits the confi[...]

  • Page 141

    General Commands 6-13 ping This command sends ICMP echo re quest pac kets to another node on the netw ork. Syntax ping < host_name | ip_ad dress > • host_name - Alias of the host. • ip_address - IP addre ss of the host. Default Setting None Command Mode Ex ec Command Usage • Use the ping command to see if another site on the network can[...]

  • Page 142

    Command Line Interf ace 6-14 reset This command r estar ts th e system or restor es the factory def ault settings. Syntax reset < boar d | configuration > • board - Reboots the system. • configurat ion - Resets the co nfiguration se ttings to the factory default s, and then reb oots the system. Default Setting None Command Mode Ex ec Comm[...]

  • Page 143

    General Commands 6-15 Command Usage • The history bu ffer size is fixed at 10 comma nds. • Use the up or do wn arrow keys to scr oll through the commands in the histo ry buffer. Example In this e xample , the sho w history command lists the contents of the command history buff er: show line This command displa ys the console port’ s configur [...]

  • Page 144

    Command Line Interf ace 6-16 System Management Commands These commands are use d to configure the use r name, pass word, system logs, bro wser management options, cloc k settings , and a v ar iety of other system inf or mation. Command Function Mode Page Country Setting Sets the co untry code for correct radi o operation country Sets the access poi[...]

  • Page 145

    System Management Commands 6-17 logging console I nitiates logging of error messages to the console GC 6-25 logging l evel Defines the minimum severi ty level for event logging GC 6-26 logging facility-type Sets the facility type for remote logging of syslog messages GC 6-27 show logging Displays the state of l ogging Exec 6-27 System Clock Sets th[...]

  • Page 146

    Command Line Interf ace 6-18 country This command configures the access point’ s countr y code, which identifies the co untry of operation and sets t he authorized r adio channels. Syntax country < country_code > country_code - A two character code that identifies the country of operatio n. See the f ollowing tab le f or a full list of code[...]

  • Page 147

    System Management Commands 6-19 Default Setting US - f or units sold in the United States 99 (no countr y set) - f o r units sold in other co untrie s Command Mode Ex ec Command Usage • If you purchased an access point outside of the United States, the coun try code must be set before radio func tions are enabled. • If you purchased an access p[...]

  • Page 148

    Command Line Interf ace 6-20 prompt This command customiz es the CLI prompt. Use the no f orm to restore the def ault prompt. Syntax prompt string no pr ompt string - Any alphanum eric string to use f or the CLI pro mpt. (Maximum length : 255 chara cters) Default Setting SMC Enter prise AP Command Mode Global Configuration Example system name This [...]

  • Page 149

    System Management Commands 6-21 Command Mode Global Configuration Example username This command configu res the user name f or management access. Syntax username name name - The name of t he user . (Length: 3-16 cha racters , case sensitive) Default Setting admin Command Mode Global Configuration Example SMC-AP(config)#system name SMC-AP SMC-AP(con[...]

  • Page 150

    Command Line Interf ace 6-22 password After initially loggin g onto the system, y ou should set the passw ord. Remem ber to record it in a safe place. Use the no f orm to reset the def ault pass word. Syntax passw ord password no pass w ord passw ord - P ass word f or manageme nt access . (Length: 3-16 cha racters , case sensitive) Default Setting [...]

  • Page 151

    System Management Commands 6-23 Command Mode Global Configuration Example Related Commands ip http server (page 6- 23) ip http server This command allows t his de vice to be monitored or configured from a bro wser . Use the no form to disa ble this function. Syntax ip http server n o i p h t t p s e r v e r Default Setting Enabled Command Mode Glob[...]

  • Page 152

    Command Line Interf ace 6-24 logging on This command controls lo gging of error messages; i.e., sendin g debug or error me ssages to m emor y . The no form disables th e logging process . Syntax logging on no logging on Default Setting None Command Mode Global Configuration Command Usage The logging process con trols error messa ges sa v ed to memo[...]

  • Page 153

    System Management Commands 6-25 Default Setting None Command Mode Global Configuration Example logging console This command initiat es logging of error messages to the console . Use the no f or m to disable logging to the console . Syntax logging console no logging cons ole Default Setting Disabled Command Mode Global Configuration Example SMC-AP(c[...]

  • Page 154

    Command Line Interf ace 6-26 logging level This command sets the minim um se verity le v el f or e vent logging. Syntax logging level < Alert | Critical | Er ro r | War n i n g | Notice | Informational | Deb ug > Default Setting Error Command Mode Global Configuration Command Usage Messages sent include th e selected le vel down to Aler t lev[...]

  • Page 155

    System Management Commands 6-27 logging facility-type This command sets the facility type f or remote logging of s yslog messages . Syntax logging facil ity-type < type> type - A number that indicates th e f acility used by the syslog ser v er to dispatch log messages to a n appropriate ser vice. (Range: 16 -23) Default Setting 16 Command Mod[...]

  • Page 156

    Command Line Interf ace 6-28 Example sntp-server ip This command sets the IP add ress of the servers to which SNTP time requests ar e issued. Use th e this command with no arguments to clear all t ime ser vers from the cu rrent list. Syntax sntp-ser ver ip < 1 | 2 > < ip> • 1 - First time server. • 2 - Second time server. • ip - I[...]

  • Page 157

    System Management Commands 6-29 Command Usage When SNTP client m ode is enab led using the sntp-server enable command, the sntp-server ip comm and specifies the time ser vers from which the access point polls f or time updates. The access point will poll the time ser vers in the order specified until a resp onse is receiv ed. Example Related Comman[...]

  • Page 158

    Command Line Interf ace 6-30 Example Related Commands sntp-server ip (page 6-28) show sntp (page 6-32) sntp-server date-time This command sets the system cloc k. Default Setting 00:14:00, J anuary 1, 1970 Command Mode Global Configuration Example This e xample sets the system cloc k to 17:37 June 19, 2004 . Related Commands sntp-server enab le (pag[...]

  • Page 159

    System Management Commands 6-31 sntp-server daylight-saving This command sets the sta r t and end dates f or daylight sa vings time. Use the no f o rm to disable daylight sa vings time. Syntax sntp-ser ver da ylight-s aving no sntp-server da ylight-saving Default Setting Disabled Command Mode Global Configuration Command Usage The command sets the [...]

  • Page 160

    Command Line Interf ace 6-32 sntp-server timezone This command sets the t ime zone f or the access point’ s internal clock. Syntax sntp-ser ver timezone < hours> hours - Number of hours bef ore/after UTC . (Range: -12 to +12 hours) Default Setting None Command Mode Global Configuration Command Usage This command sets the local time zone rel[...]

  • Page 161

    System Management Commands 6-33 Example show system This command displays basic system configuration settings. Default Setting None Command Mode Ex ec SMC-AP#show sntp SNTP Information ========================================================= Service State : Enabled SNTP (server 1) IP : 137.92.140.80 SNTP (server 2) IP : 192.43.244.18 Current Time [...]

  • Page 162

    Command Line Interf ace 6-34 Example show version This command displa ys the software v ersion for th e system. Default Setting None Command Mode Ex ec Example SMC-AP#show system System Information =========================================================== Serial Number : A252014354 System Up time : 0 days, 1 hours, 28 minutes, 9 seconds System Na[...]

  • Page 163

    SNMP Commands 6-35 SNMP Commands Controls access to th is access point from management stat ions using the Simple Network Management Prot ocol (SNMP), as well as the hosts that will receive trap messages . snmp-server community This command def ines the com munity a ccess string f or the Simple Network Management Protocol. Use the no f orm to remov[...]

  • Page 164

    Command Line Interf ace 6-36 • ro - Specifies read-only access. Author ized management stations are only able t o retrieve MIB objects. • rw - Specifies read/write access. Authorized management stations are able to bot h retrieve and modify MIB obje cts. Default Setting • public - Read-only acce ss. Authorized ma nagement stations are only ab[...]

  • Page 165

    SNMP Commands 6-37 Command Mode Global Configuration Example Related Commands snmp-ser ver location (page 6-39) snmp-server enable server This command ena ble s SNMP management access and al so enables this de vice to send SNMP traps (i.e., notifications). Use the no form to disable SNMP ser vic e and trap messages. Syntax snmp-serv er enable serve[...]

  • Page 166

    Command Line Interf ace 6-38 Related Commands snmp-ser ver host (page 6-38) snmp-server host This command specif ies the recipient of an SNMP noti fication. Use the no f o r m to remove the specified h ost. Syntax snmp-server host < host_ip_ad dress | host_name > <community-string> no snmp-server host • host_ip_add ress - IP of the ho[...]

  • Page 167

    SNMP Commands 6-39 Example Related Commands snmp-ser ver enable ser ver (page 6-37) snmp-server location This command sets the system loca tion string. Use the no for m to remove the location str ing. Syntax snmp-server loca tion te xt no snmp-server location te xt - String that describes the system location. (Maximum length : 20 characters) Defaul[...]

  • Page 168

    Command Line Interf ace 6-40 show snmp This command displa ys the SNMP configuration settings . Command Mode Ex ec Example Flash/File Commands These commands are use d to manage the syste m code or configuration files. SMC-AP#show snmp SNMP Information ============================================ Service State : Enable Community (ro) : ***** Commun[...]

  • Page 169

    Flash/File Commands 6-41 bootfile This command specifies the image used to star t up the system. Syntax bootfile < filename > filename - Name of the ima ge file. Default Setting None Command Mode Ex ec Command Usage • The file name shou ld not contain slashes ( or /), the lea ding letter of the file name should not b e a perio d (.), an d[...]

  • Page 170

    Command Line Interf ace 6-42 copy This command copies a boot file , code image , or conf iguration file between t he access point’ s flash memory and a FTP/TFTP server . When you sa ve the configur ation setting s to a file on a FTP/TFTP server , that file can later be do wnloaded to the access point to restore system operation. The success of t [...]

  • Page 171

    Flash/File Commands 6-43 server is 255 characters or 32 chara cters for files on the access point. (V alid characters : A-Z, a-z, 0-9, “.”, “-”, “_”) • Due to the size limit of the flash m emory, the access po int supports only two opera tion code files. • The system configu ration file must be named “syscfg” in all copy command[...]

  • Page 172

    Command Line Interf ace 6-44 Command Mode Ex ec Caution: Beware of deleting application imag es from flash memory. At least one application image is required in ord er to boot the access point. If the re are multiple image fi les in flash memory, and the one used to boot the access point is deleted, be sure you first use the bootfile command to upd[...]

  • Page 173

    RADIUS Client 6-45 Example The f ollowing exa mple shows ho w to displa y all file information: RADIUS Client Remote Authentication D ial-in Us er Ser vice (RADIUS) is a logon authentica tion protocol that uses softw are running on a centr al ser v er to control a ccess for RADIUS-aw are devices to the network. An authent ication server contains a [...]

  • Page 174

    Command Line Interf ace 6-46 radius-server address This command specif ies the pr imar y and secondar y RADIUS ser v ers. Syntax radius-server address [ secondary ] < host _ip_address | host_name > • secondary - Secondary server. • host_ip_add ress - IP address of server. • host_name - Host name of server . (Range: 1- 20 characte rs) De[...]

  • Page 175

    RADIUS Client 6-47 Example radius-server key This command sets the RADIUS encryption ke y . Syntax radius-server [ secondary ] key < k e y_string> • secondary - Secondary server. • key_string - Encryption key used to authent icate logon access for c lient. Do no t use blank spaces in th e string. (Maximum length: 20 ch aracters) Default S[...]

  • Page 176

    Command Line Interf ace 6-48 Default Setting 3 Command Mode Global Configuration Example radius-server timeout This command sets the int erval betwee n transmitt ing authenti cation reque sts to the RADI US ser v er . Syntax radius-server [ secondary ] timeout number_of_seconds • secondary - Secondary server. • number_o f_seconds - Number of se[...]

  • Page 177

    RADIUS Client 6-49 show radius This command displa ys the current settings f or the RADIUS ser v er . Default Setting None Command Mode Ex ec Example SMC-AP#show radius Radius Server Information ======================================== IP : 192.168.1.25 Port : 181 Key : ***** Retransmit : 5 Timeout : 10 ======================================== Radi[...]

  • Page 178

    Command Line Interf ace 6-50 802.1x Port Authentication The access point supports IEEE 802.1x access control f or wireless clients. Th is control f eature prev ents unauthorized access to the networ k by requirin g a 802.1x client applica tion to submit user credentials f or authentication. Client authenticati on is then v erified via by a RADIUS s[...]

  • Page 179

    802.1x P or t A uthentication 6-51 802.1x This command co nfigures 802.1x a s optionally sup por ted or as required f or wireless clients. Use the no f orm to disable 802.1x suppor t. Syntax 802.1x < supported | required > no 802.1x • supported - Authen ticates clients that init iate the 802.1x authentication process. • required - Requir [...]

  • Page 180

    Command Line Interf ace 6-52 initiate 802.1x authentication). For stations init iating 802.1x, only those stations successfully au thenticated ar e allowed to access the networ k. For those stations not initiatin g 802.1x, access to the network is allowed af ter successful 802.11 as sociation. • When 802.1x is re quired, the acce ss point enforce[...]

  • Page 181

    802.1x P or t A uthentication 6-53 broadcast-key -refresh-ra te command specif ies the interval after which the broadcast keys are chan ged. The 802.1x ses sion-key-r efresh-rate command specif ies the interval after which unic ast session keys are changed. • Dynamic broadcast key rotation allows the access point to generate a random gro up key a[...]

  • Page 182

    Command Line Interf ace 6-54 802.1x session-timeout This command sets the time perio d after which a connecte d client must be re-auth enticated. Use th e no f orm to disable 802.1x re-authenticat ion. Syntax 802.1x sess ion-timeout < seconds> no 802.1x se ssion-time out seconds - The number of seconds. (Range: 0-655 35) Default 0 (Disabled) [...]

  • Page 183

    802.1x P or t A uthentication 6-55 Command Mode Global Configuration Example Related Commands address filter entry (page 6-55) show a uthentica tion (page 6- 59) address filter entry This command enter s a MA C address in the f ilter tab le . Syntax addres s filter ent ry < mac-address> < allowed | den ied > • mac-address - Physical a[...]

  • Page 184

    Command Line Interf ace 6-56 Example Related Commands address filter de f ault (pag e 6-54) show a uthentica tion (page 6- 59) address filter delete This command deletes a MA C address from the filter tab le. Syntax addres s filter del ete < mac-addres s> mac-address - Ph ysical address of cli ent. (Enter six pair s of he xadecimal digits se [...]

  • Page 185

    802.1x P or t A uthentication 6-57 mac-authentication server This command sets add ress filtering to be pe rf ormed with local or remote opt ions . Use the no f or m to disab le M A C addr ess authenti cation. Syntax mac-authenti cation server [ local | remote ] • local - Authenticate the MAC addres s of wireless clients with the local authentica[...]

  • Page 186

    Command Line Interf ace 6-58 mac-authenticati on session-timeout This command sets the inter val at which associated clients will be re-authenticat ed with the RADIUS server authenticatio n database. Use th e no form to disable re authentication . Syntax mac-authen tication sess ion-timeout < seconds> seconds - Re-authentica tion interval. (R[...]

  • Page 187

    802.1x P or t A uthentication 6-59 show authentication This command sho ws all 802.1x authenticat ion settings, as well as the address filter tab le. Command Mode Ex ec Example SMC-AP#show authentication Authentication Information ========================================================= MAC Authentication Server : REMOTE MAC Auth Session Timeout V[...]

  • Page 188

    Command Line Interf ace 6-60 Filtering Commands The commands described in this se ction are used to filte r communication s between wire less clients, control access to th e management int erf ace from wireless clien ts, and filter tr affic using specific Eth er net protocol t ypes. filter local-bridge This command disab les communication between w[...]

  • Page 189

    Filtering Commands 6-61 Command Usage This command can disab le wireless-to-wireless communication s between client s via the access point. Howe ver , it does n ot aff ect communications between wireless clients and the wired network . Example filter ap-manage This command pre vents wireless cl ients from accessing the management inter f ace on the[...]

  • Page 190

    Command Line Interf ace 6-62 filter ethern et-type enable This command chec ks the Ethernet type on all incoming and outgoing Ethernet pac ket s against the protocol filt ering table . Use the no form to disable this feature. Syntax filter ethern et-type enab le no filter etherne t-type enab le Default Disabled Command Mode Global Configuration Com[...]

  • Page 191

    Filtering Commands 6-63 filter ethern et-type protocol This command sets a filter f or a specific Ethernet type. Use the no f orm to disable filterin g f or a specific Et her net type. Syntax filter ethernet-t ype pr otocol < protocol> no filter ethernet-ty pe pr otocol < protocol> protocol - An Ether net protocol typ e. (Options: ARP ,[...]

  • Page 192

    Command Line Interf ace 6-64 show filters This command sho ws the filter op tions and protocol entries in the filter table . Command Mode Ex ec Example Interface Commands The commands described in this se ction configu re connection parameters for the Ether net por t and wireless interface. SMC-AP#show filters Protocol Filter Information ==========[...]

  • Page 193

    Interf ace Commands 6-65 Ethernet Interface dns primary-server Specifies the primary name server IC-E 6-68 dns secondary-server Specifies the secondary name se rver IC-E 6-68 ip address Sets the IP address for the Ethernet interface IC-E 6-69 ip dhcp Submits a DHCP request for an IP address IC-E 6-71 shutdown Disables the Ethernet interface IC-E 6-[...]

  • Page 194

    Command Line Interf ace 6-66 ssid Configures the service set identifier IC-W 6-79 beacon-interval Configures the rate at which beacon signals are transmitted from the access point IC-W 6-79 dtim-period Confi gures the rate at which stations in sleep mode must wake up to receive broadcast/multicast transmissions IC-W 6-80 fragmentation-length Con fi[...]

  • Page 195

    Interf ace Commands 6-67 transmit-power Adjusts the power of the radio signals transmitted from the access point IC-W 6-87 max-association Configures the maximum number of clients that can be associated with the access point at the same time IC-W 6-88 multicast-cipher Defines the cipher algorithm used for multicasting IC-W 6-89 wpa-clients Defines [...]

  • Page 196

    Command Line Interf ace 6-68 interface This command configures an interf ace type and enters interf ace configuration m ode. Syntax interface < ethernet | wireless < a | g >> • ethernet - Inte rface for w ired netwo rk. • wireless - Interface for wireless clients. • a - 802.11a rad io interface. • g - 802.11g radio inte rface. D[...]

  • Page 197

    Interf ace Commands 6-69 Default Setting None Command Mode Global Configuration Command Usage The primar y and secondar y name servers are queried in sequence. Example This e xample specif ies two domain-name ser vers. Related Commands show in terf ace ether net (page 6-72) ip address This command sets the IP address f or the (10/ 100Base-TX) Ether[...]

  • Page 198

    Command Line Interf ace 6-70 Default Setting IP address: 19 2.168.2.2 Netmask: 255.255. 255.0 Command Mode Interf ace Configuration (Ethe rnet) Command Usage • DHCP is enable d by defaul t. To manua lly configure a new IP address, you must first disable the DHCP client with the no ip dhcp comma nd. • You must assign an IP address to this device[...]

  • Page 199

    Interf ace Commands 6-71 ip dhcp This command sets the IP addr ess f or the currently select ed VLAN interface. Use the no form to restore the d ef ault IP address . Syntax ip dhcp no ip dhcp Default Setting Enabled Command Mode Interf ace Configuration (Ethe rnet) Command Usage • You must assign an IP address to this device to gain management ac[...]

  • Page 200

    Command Line Interf ace 6-72 Related Commands ip address (p age 6-69) shutdown This command disab les the Ethernet interf ace. T o restar t a disab led interf ace, use the no for m . Syntax shutdown no shutdo wn Default Setting Interface enabled Command Mode Interf ace Configuration (Ethe rnet) Command Usage This command allo ws y ou to disab le th[...]

  • Page 201

    Interf ace Commands 6-73 Default Setting Ether net interface Command Mode Ex ec Example radio-mode This command sets the wo rking mode f or the wireless interf ace. Syntax radio-mode < b | g | b+g > • b - b-only mode: Both 802.11b and 80 2.11g clients can communicate with th e access point, but 802.11g clients ca n only transfer data at 802[...]

  • Page 202

    Command Line Interf ace 6-74 Command Mode Interf ace Configuration (Wireless g) Example select-antenna-mode This command selects the b uilt-in antennas or an optional high-gain an tenna attach ed to the soc ket on the right antenna . Syntax select-antenna -mode < diver sity | right antenna > • diversity - Selects t he built-in antennas. The[...]

  • Page 203

    Interf ace Commands 6-75 description This command adds a description to a the wireless interf ace. Use the no form to remove the description. Syntax description < string > no description string - Comment or a description f or this interf ace. (Range: 1- 80 characters) Default Setting None Command Mode Interf ace Configuration (Wireless) Examp[...]

  • Page 204

    Command Line Interf ace 6-76 Command Usage When SSID broadcast is disa bled, the access point will not include its SSID in beacon messages. No r will it respond to probe request s from clients that do not include a fix ed SSID . Example speed This command configures t he maximu m data rate at which a station can connect to the access point. Syntax [...]

  • Page 205

    Interf ace Commands 6-77 Example channel This command configures the r adio channe l through which the access point communicates with wireless clients. Syntax channel < channel | auto > • channel - Manuall y sets the radio ch annel used for communications with wireless clien ts. (Range: 802.11a - 36, 40, 44, 48, 52, 56, 60, 6 4, 149, 153, 1[...]

  • Page 206

    Command Line Interf ace 6-78 • For most wireless adapter s, the channel for wir eless clients is automatica lly set to the s ame as that used by the a ccess point to which it is linked. Example turbo This command sets the access point to an enhanced mode (not regulated in IEEE 802.11 a) that provides a hi gher data rate of up to 108 Mb ps. Defaul[...]

  • Page 207

    Interf ace Commands 6-79 ssid This command configures the service set identifier (SSID). Syntax ssid string string - The name of a basic service set suppor ted by the access point. (Range: 1 - 32 ch aracters ) Default Setting SMC Command Mode Interf ace Configuration (Wireless) Command Usage Clients that want to connect to the wireless network via [...]

  • Page 208

    Command Line Interf ace 6-80 Command Mode Interf ace Configuration (Wireless) Command Usage The beacon signal s allow wireless clients to mainta in contact with the access point. They ma y also carr y pow er-managem ent inf or mation. Example dtim-period This command configures t he rate at which stati ons in sleep mode must wake up to receive broa[...]

  • Page 209

    Interf ace Commands 6-81 indicates that the access point will save all broadcast/ multicast fram es for the Basic Service Set (BSS) and forward th em after every seco nd beacon. • Using smaller DTIM inter vals delivers broadcast/ multicast frames in a more timely manner, causing stations in Power Save mode to wake up more ofte n and drain power f[...]

  • Page 210

    Command Line Interf ace 6-82 collisions due to high network utilization, try setting the fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to s et the fragm ent size larg er if very little o r no interferen ce is present becau se it requires overhead to send multiple fram[...]

  • Page 211

    Interf ace Commands 6-83 RTS frame, the station sends a CT S frame to notify the sending station that it can start se nding data. • Access point s contending for the wirele ss medium may not be aware of each other. The RTS/CTS mechanism can solve this “Hidden Node” problem. Example authentication This command def ines the 802.11 auth enticati[...]

  • Page 212

    Command Line Interf ace 6-84 Example Related Commands encr yption (page 6-84) ke y (page 6-85) encryption This command def ines whether or not WEP encryption is used to provide p rivacy f or wireless communications. Use the no f orm to disable encr yption. Syntax encryption < k ey-length> no encryptio n ke y-length - Size of encr yption ke y [...]

  • Page 213

    Interf ace Commands 6-85 • Note that WEP pro tects data tran smitted between wireless nodes, but does not protect any transmissions over your wired network or over the I nternet. • Although WEP keys ar e not needed for WPA, you must enable WEP encrypti on in order to enable all types of encryption in the acce ss point. Example Related Commands [...]

  • Page 214

    Command Line Interf ace 6-86 Command Usage • To enable Wired Equi valent Privacy (WEP), use th e authenti cation command to select the “shared key” authenti cation type, us e the encryption comma nd to specify the key lengt h, and use the key co mmand to configure at l east one key. • If WEP is enabled, all wireless clients must be co nfigu[...]

  • Page 215

    Interf ace Commands 6-87 Command Mode Interf ace Configuration (Wireless) Command Usage • If you use WEP key encryptio n, the access point uses the transmit key to en crypt multicas t and broadcas t data signals that it sends to client device s. Other keys can be used for decryption of data from clients. • When using IEEE 802.1x, t he access po[...]

  • Page 216

    Command Line Interf ace 6-88 Command Usage • The “min” ke yword indicates minimum powe r. • The longer th e transmissio n distance, the higher the transmission power require d. But to support t he maximum number of users in an are a, you must k eep the power as low as possible. Power selection is no t just a trade off between coverage area [...]

  • Page 217

    Interf ace Commands 6-89 multicast-cipher This command def ines the cipher algorithm used f or broadcasting and multicasting when using Wi -Fi Protected Access (WP A) security . Syntax mu lticast-ci pher < AES | TKIP | WEP > • AES - Advanced En cryption St andard • TKIP - Temporal Key Integrity Prot ocol • WEP - Wired Equivalent Priv ac[...]

  • Page 218

    Command Line Interf ace 6-90 • TKIP defends against a ttacks on WEP in which the unencrypted initialization vect or in encr ypted packets is used to calculate t he WEP key. TKIP changes the encryption key on each packet , and rotates not just the unicast keys, but the broadcas t keys as well. TKIP is a replacement for WEP that remo ves the predic[...]

  • Page 219

    Interf ace Commands 6-91 Command Usage Wi-Fi Protected Access (WP A) provides improv ed data encr yption, which w as weak in WEP , and user authentication, which was largely missing in WEP . WP A uses the f ollowing security mechanisms. Enhanced D a ta Encr yption throug h TKIP WP A uses T emporal K ey Integr ity Protocol (TKIP). TKIP prov ides dat[...]

  • Page 220

    Command Line Interf ace 6-92 wpa-mode This command specifies whethe r Wi-Fi Protected Access (W P A) is to use 80 2.1x dynam ic ke ys or a pre-sh ared key . Syntax wpa-mode < dyn ami c | pre- shared-key > • dynamic - WPA with 802.1x dynamic keys. • pre-shared- key - WPA with a pre-shared key. Default Setting dynamic Command Mode Interf ac[...]

  • Page 221

    Interf ace Commands 6-93 wpa-preshared-key This command define s a Wi-Fi Pr otected Access (WP A) preshar ed-ke y . Syntax wpa-preshared-ke y < ty pe> < val u e > • type - Inpu t format. (Op tions: ASCII, HEX ) • value - The key string. For ASCII input, use 5/13 alphanumeric charact ers for 64/128 bit strings. For HEX input, use 1 0[...]

  • Page 222

    Command Line Interf ace 6-94 wpa-psk-type This command define s the Wi-Fi Protect ed Access (WP A) preshar ed-ke y type. Syntax wpa-psk-ty pe < ty pe> type - Input format. (Optio ns: Alphanumer ic, HEX) Default Setting HEX Command Mode Interf ace Configuration (Wireless) Example Related Commands wpa-presha red-key (page 6-93) shutdown This co[...]

  • Page 223

    Interf ace Commands 6-95 Example show interface wireless This command displa ys the status f or the wireless interfa ce. Syntax show i nterface wi reless < a | g > • a - 802.11a rad io interface. • g - 802.11g radio inte rface. Command Mode Ex ec SMC-AP(if-wireless g)#shutdown SMC-AP(if-wireless g)#[...]

  • Page 224

    Command Line Interf ace 6-96 Example SMC-AP#show interface wireless g Wireless Interface Information ========================================================= ----------------Identification--------------------------- Description : Enterprise 802.1 1g Access Point SSID : SMC Turbo Mode : OFF Channel : 0 (AUTO) Status : Enable ----------------802.11 [...]

  • Page 225

    Interf ace Commands 6-97 show station This command sho ws the wireless clients associ ated with the access point. Command Mode Ex ec Example SMC-AP#show station 802.11g Station Table Station Address : 00-04-E2-41-C2-9D Authenticated : TRUE Associated : TRUE Forwarding Allowed : TRUE SMC-AP#[...]

  • Page 226

    Command Line Interf ace 6-98 IAPP Commands The command described in this section enab les the protocol signaling required to ensu re the successful han dov er of wireless clients roaming between different 802.11f-co mpliant access points . In other w ords, the 802.11f pr otocol can ensure successful ro aming between access points in a multi-vendor [...]

  • Page 227

    VLAN Commands 6-99 VLAN Commands The access point can en able th e suppor t of VLAN-tagged tr affic passing betwee n wireless clients and the wired network. Up to 64 VLAN IDs can be mapped to spec ific wireless c lients, allowing users to remain within t he same VLAN as the y mo v e around a campus site. When VLAN is enab led on the access point , [...]

  • Page 228

    Command Line Interf ace 6-100 vlan This command enab les VLANs f or all traffic. Use the no f or m to disable VLANs. Syntax vlan enable no vlan Default Disabled Command Mode Global Configuration Command Description • When VLANs are en abled, the access point tags frames received from wireless clients with th e VLAN ID configured for each client o[...]

  • Page 229

    VLAN Commands 6-101 native-vlanid This command configures t he nativ e VLAN ID f or the access point. Syntax native-vlanid < vlan-id> vlan-id - Native VLAN ID . (Range: 1-64) Default Setting 1 Command Mode Global Configuration Command Usage When VLANs are en abled on the access point, a VLAN ID (a number betw een 1 and 4095) can be assigned t[...]

  • Page 230

    Command Line Interf ace 6-102[...]

  • Page 231

    A-1 Appendix A Troubleshooting Check the f ollowing items before you contact technica l suppor t. 1. If wireless clients cannot access the ne twork, check the f ollowing: • Be sure the access point and th e wireless clients are configured with the sa me Service Set ID (SSID). • If authen tication or encryption are ena bled, ensure that the wire[...]

  • Page 232

    T roub leshooting A-2 2. If the access point cannot be configured u sing T elnet, a web browser , or SN MP software: • Be sure to have configur ed the access point with a valid IP address, subn et mask and default gateway. • If VLANs are ena bled on the access point, the management st ation should be configured to send ta gged frames with a VLA[...]

  • Page 233

    T roubleshooting A-3 4. If yo u f orgot or lost the pass word: • Set the access point to its def ault configuration by pressing the reset button on the back panel for 5 seconds or more. Then use the def ault user name “ admin” with the password “smcadmin ” to access the manag ement interface. 5. If all other recov er y measures fa il, and[...]

  • Page 234

    T roub leshooting A-4 Maximum Distance Table Important Notice Maximum distances post ed below are actual tested distance thresholds . Ho we ver , there are many v ariables su ch as barrier composition and construction and local environ mental inte rf erence that ma y impact your actual distances and cause y ou to e xper ience distance th resholds f[...]

  • Page 235

    B-1 Appendix B Cables and Pinouts Twisted-Pair Cable Assignments Caution: DO NOT plug a phone jack connector into the RJ-45 port. Use only twisted-pair cables with RJ-45 connectors that conform with FCC standards. F or 10/100BASE-TX conn ections , a twisted-pair cab le must ha v e two pairs of wires. Each wire pair is identified by two different co[...]

  • Page 236

    Cables and Pinouts B-2 10/100BASE-TX Pin Assignments Use unshielded twiste d-pair (UTP) or shielded twisted-pair (STP) cabl e f or RJ-45 conn ections: 100-ohm Ca tegory 3 or better cable f or 10 Mbps connec tions, or 100-ohm Cate gor y 5 or better cable f or 100 Mbps conne ctions. Also be sure that the length of any twisted-pair connection does not[...]

  • Page 237

    T wisted-P air Cable Assignments B-3 Straight-Through Wiring Because the 10/100 Mb ps por t on the access point uses an MDI pin configur ation, y ou must use “straight -through” cab le for network connections to hub s or s witches that only ha ve MDI-X por ts. Ho we ver , if the de vice to which you are conn ecting suppor ts auto-MDIX oper atio[...]

  • Page 238

    Cables and Pinouts B-4 Console Port Pin Assignments The DB-9 DCE serial por t on the front panel of the SMC2555W -AG i s used to connect to t he access point f or out-of-ba nd console configur ation. Th e on-board men u-driv en configuratio n progr am can be accessed from a terminal, or a PC running a term inal emulatio n progr am. The pin assignme[...]

  • Page 239

    Console P or t Pin Assignments B-5 Serial Cable Signal Dir ections for DB-9 Ports Serial Cable Signal Dir ections for DB-25 Ports DB-9 to DB-9 AP Terminal or PC 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 DB-9 to DB-25 AP Terminal or PC 1 2 3 4 5 6 7 8 9 8 3 2 20 7 6 4 5 22 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved[...]

  • Page 240

    Cables and Pinouts B-6[...]

  • Page 241

    C-1 Appendix C Specifications General Specifications Maxim um Channels 802.11a: US & Canada: 13 (normal mode), 5 (tur bo mode) Ja pan: 4 ( normal mode), 1 (t urbo mode ) ETSI: 11 cha nnels (nor mal m ode), 4 (t urbo mode) 802.11b/g: FCC/IC: 1-11, ETS I: 1-13, France : 10-13, MKK: 1-14 Maxim um Clients 64 Operating Range See “Maximu m Distance[...]

  • Page 242

    Specifications C-2 Operating Frequenc y 802.11a: 5.15 ~ 5.25 GHz ( low er band) US/Canada, J apan 5.25 ~ 5.35 GHz ( middle band) US/Canada 5.725 ~ 5.825 GHz (u pper band) US/Can ada 5.50~ 5.70 GHz Eur ope 802.11b/g: 2.4 ~ 2.4835 GHz (US , Canada, ETSI) 2.4 ~ 2.497 GHz (J apan) P ower supply Input: 100-24 0 A C , 50-60 Hz Output: 3.3 VDC, 4A P ower [...]

  • Page 243

    General Specifications C-3 Humidity 15% to 95% (non-condensin g) Compliances IEC 61000-4- 2/3/4/6/11 EMC Compliance (Cla ss B) FCC Class B (US) ICES-003 (Canad a) VCCI (Japan) RCR STD-33A Radio Signal Certification FCC P a r t 15.247 (2.4GHz) FCC par t 15 15.407(b), CISPR 22 -96 RSS-210 (Canada) EN 55022, EN55024, EN 300.328 EN 300 826, EN 61000- 3[...]

  • Page 244

    Specifications C-4 Sensitivity IEEE 802.11a Sensitivity (GHz - dBm) Modulation/Rates 5.15-5.250 5. 25-5.350 5.50-5.700 5.725-5 .825 BPSK (6 Mbps) -88 -88 -88 -88 BPSK (9 Mbps) -87 -87 -87 -87 QPSK (12 Mbps) -86 -86 -86 -86 QPSK (18 Mbps) -84 -84 -84 -84 16 QAM (24 Mbps) -82 -81 -81 -81 16 QAM (36 Mbps) -80 -79 -78 -78 64 QAM (48 Mbps) -73 -73 -73 -[...]

  • Page 245

    General Specifications C-5 Transmit Power IEEE 802.11a Maximu m Output Power (GHz - dBm) Data Rate 5.15-5.2 50 5.2 5-5 .350 5.50 -5.700 5.725-5.825 6 Mbps 17 1 7 17 17 9 Mbps 17 1 7 17 17 12 Mbps 17 17 17 17 8 Mbps 17 1 7 17 17 24 Mbps 17 17 17 17 36 Mbps 17 17 17 17 48 Mbps 17 17 17 17 54 Mbps 12 17 17 16 IEEE 802.11g Maximum Outp ut Power (GHz - [...]

  • Page 246

    Specifications C-6[...]

  • Page 247

    Glossary-1 Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet ov er two pairs of Category 3 or better UTP cable . 100BASE-TX IEEE 802.3u specificat ion fo r 100 Mbps F ast Ether net ov er two pairs of Cate gory 5 or better UTP cable . Access Poin t An internetworking de vice that seamlessly connect s wired and wireless networ ks. Acces[...]

  • Page 248

    Glossar y Glossary-2 Backbone The core infr astructure of a network. The portion of the network that tran spor ts inf or mation from one central locat ion to another central location where it is unloa ded onto a local system. Basic Service Set (BSS) A set of 802.11-comp liant stations and an access point th at operat e as a fully-connected wire les[...]

  • Page 249

    Glossar y Glossary-3 Extended Service Set (ESS) More than one wi reless cell can be configur ed with the same Service Set Identifier to allo w mobile users can roam between diff erent cells with the Extended Service Set. Extensible Au thentication Protocol (EAP) An authentication pr otocol used to authenticat e networ k clients. EAP is combined wit[...]

  • Page 250

    Glossar y Glossary-4 IEEE 802.11b A wireless standard that supports wireless communications in the 2.4 GHz band using Direct Seque nce Spread Spectr um (DSSS). The standard pro vides for data rat es of 1, 2, 5.5 , and 11 Mbps . IEEE 802.11g A wireless standard that supports wireless communications in the 2.4 GHz band using Or thogonal F requency Di[...]

  • Page 251

    Glossar y Glossary-5 Network Time Protocol (NTP) NTP provides the mecha nisms to synchronize tim e across the network. The time server s operate in a hierar chical-maste r-sla v e configuration in or der to synchroniz e local clocks wit hin the subnet and to nat ional time sta ndards via wi re or radi o . Open System A security option which broadca[...]

  • Page 252

    Glossar y Glossary-6 Prob lem. ” If the pac ket size is smal ler than the pr eset R TS Threshold size, the R TS/CTS mechanism will NO T be enabled. Service Set Iden ti fie r (SSID) An identifier that is atta ched to pac kets sent ov er the wireless LAN and functions as a pass word f or joining a particular radio cell; i.e., Basic Service Set (BSS[...]

  • Page 253

    Glossar y Glossary-7 Trivial File Transf er Protocol (TFTP) A TCP/IP protocol commonly us ed f or softw are do wnloads . Virtual LAN (VLAN) A Vir tual LAN is a collection of network nodes that share the same collision domain regardless of their ph y sical location or connection point in the net work. A VLAN ser ves as a logica l workgroup with no p[...]

  • Page 254

    Glossar y Glossary-8[...]

  • Page 255

    Index-1 A Advanced Encrypti on Standard See AES AES 5-59 antennas, positioning 2-3 authentication 5-14, 6-83 configuring 5-14, 6-83 MAC address 5-14, 6-54, 6-55 type 5-50, 6-76 B Basic Service Set See BSS beacon interval 5-43, 6-79 rate 5-43 , 6-80 BOOTP 6-6 9, 6-71 BSS 3-3 C cable assignments B-1 crossover B-3 straight-through B-3 channel 5-42, 6-[...]

  • Page 256

    Index Index-2 filter 5-21, 6-54 address 5-14, 6-54 between wireless clients 5-23, 6-60 local bridge 5-23, 6-60 local or remote 5-14, 6- 57 management access 5-23, 6-61 protocol types 5-23, 6-62 VLANs 5-21, 6-99 firmware displaying version 5-32, 6-34 upgrading 5-31, 5-32, 6-42 fragmentation 6-81 G gateway address 4-3, 5-7, 6-2, 6-69 H hardware versi[...]

  • Page 257

    Index Index-3 O OFDM 1-1 open system 5-50 operating frequency C-2 P package checklist 1-2 password configuring 5-29, 6-22 management 5-29, 6-22 pin assignments console port B-4 DB-9 port B -4 PoE 1-6 specifications C-2 power connection 2-2 Power over Ethernet See PoE power supply, specification s C -2 PSK 5-58, 6-92 R radio channel 802.11a interfac[...]

  • Page 258

    Index Index-4 T Telnet for managenet access 6-2 Temporal Key Integrity Protocol See TKIP time zone 5-38, 6-32 TKIP 5-58 , 6-89 transmit power, configuring 5-42, 6-87 trap destination 5-27, 6-38 trap manager 5-27, 6-38 troubleshooting A-1 U upgrading software 5-31, 6-42 user name, manager 5-29, 6-21 user password 5-29, 6-21, 6-22 V VLAN configuratio[...]

  • Page 259

    [...]

  • Page 260

    38 T esla Irvine, CA 92618 Phone: (949) 679-8000 FOR TECH NICAL SUPPOR T , CALL : From U.S.A. and Canada (24 hours a day , 7 days a week) (800) SMC-4-YOU; Phn: (949) 679-8000; Fax: (949) 679-1481 From Europe: C ontact details can be found on www .smc-europe .com or www .smc.com INTERNET E-mail addresses: techsupport@smc.com european.techsupport@smc[...]