Instruction/ maintenance manual of the product WA6202A EU Edge-Core
Go to page of 332
www .edge-core.com User G uide P owered by Accton W A 6202A W A 6202AM 2.4 GH z / 5 G Hz Dual Ba nd Outdoor Access Point / Bridge.
.
User Guide 2.4 GHz / 5 GHz Wireless Access Point/Bridge WA6202 A IEEE 8 02.11g and 8 02.11a Dual-band A ccess Point / Bridge with Integ rated 5 GHz High-Gain An tenna and Ex ternal Anten na Option s WA6202 AM IEEE 8 02.
WA6202A WA6202AM F4.3.3.6 E1 12006-DT-R01 1491000 34900 E.
i Compliances Federal Communication Commission Interference Statement This equipment has been tested and found t o comply with the limits for a Class B digital device, pursuant to P art 15 of the FCC Ru les. These limits are d esigned to provide reasonable protection against harmful interfer ence in a residential installation.
ii VCCI No tice This is a c lass A product based on the standard of the V oluntary Control Council for Interference by Information T echnology Equipment (VCCI). If t his equipment is used in a domestic environment, radio disturbance may aris e. When such trouble occurs, the user may be required to t ake corrective act ions.
iii • This device employs a radar detection f eature required for European Community operation in the 5 GHz band. T his feature is automatically enabled when the country of operation is correctly configured for any Eu ropean Community country.
iv Safe ty Co mpl ianc e Power Cord Safety Please read the following safety information carefully bef ore installing the device: Wa r n i n g : Installation and removal of the unit must be carried out by qualif ied personnel only . • The unit must be connected to an earthed (grounded) outlet to comply with international safety standards .
v Veuillez lire à fond l'informatio n de la sécurité su ivante avant d'inst aller l’appareil: A VERTI SSEME NT : L ’instal lation et la dépose de ce groupe doivent ê tre confiés à un personnel qualifié.
vi • L’appareil fonctionne à une tension extrêmem ent basse de sécurité qui es t conforme à la norme IEC 60950. Ces conditions ne s ont maintenues que si l’équipement auquel il est raccordé fonctionne dans les mêmes conditions.
vii Bitte unb edingt vor dem Einbauen de s Geräts die folgenden Sicherheitsanweisungen durchlesen (Germany ) : W ARNUNG: Die Installation und der Ausbau des Geräts darf nu r durch Fachpersonal erfolgen. • Das Gerät sollte nicht an eine ungeerdete Wechs elstromsteckdose angeschlossen werden.
viii Stromka bel . Dies muss von dem Land, in dem es b enutzt wird gepr üft werden: U.S.A und Canada Der Cord m uß das UL gepruft und war das CSA beglaubigt. Das Minimum spezifikation fur d er Cord sind: - Nu. 18 AWG - nich t mehr als 2 meter, oder 16 AWG.
ix Table of Contents Chapter 1: Introduction 1-1 Radi o Chara cter istic s 1-1 Packag e Checkli st 1-2 Hardware Description 1-2 LED In dicat ors 1-3 Integrate d High-Gai n Antenna 1-5 External Antenna.
x Contents Mount ing to a Wall 4-4 Conne ct Externa l Antennas 4-5 Conne ct Cabl es to the Unit 4-6 Connect the Power Injector 4-7 Align An tennas 4-8 Chapter 5: Initi al Configuration 5-1 Init ial Se.
xi Contents Chap ter 7: Com mand L ine I nterf ac e 7-1 Usin g the Comm and Li ne Interfac e 7-1 Accessi ng the CLI 7-1 Consol e Connecti on 7-1 Telnet C onnectio n 7-1 Entering Commands 7-2 Keywords .
xii Contents show v ersion 7-24 show c onfig 7-24 show ha rdware 7-28 System Logging Comman ds 7-28 logg ing on 7-29 logg ing ho st 7-29 logg ing co nsol e 7-30 logging l evel 7-30 lo gging facil ity .
xiii Contents delete 7-5 7 dir 7-58 show bo otfile 7-58 RADIUS Client 7-59 radius-se rver ad dress 7-59 radius-se rver po rt 7-60 radius-se rver ke y 7-60 radius-se rver ret ransmit 7-61 radius-se rve.
xiv Contents bridge stp forwardi ng-delay 7-84 bridge stp hello -time 7-84 bridge stp max-age 7-85 bridge stp priority 7-85 bridge-lin k path -cost 7-86 bridge-lin k port-prio rity 7-86 show bri dge s.
xv Contents rogue-ap au thenti cate 7-11 5 rogue-ap du ration 7-11 6 rogue-ap i nterval 7 -116 rogue-ap s can 7-11 7 show rog ue-ap 7 -118 Wireles s Security Comm ands 7-11 8 auth 7 -119 encryptio n 7.
xvi Contents Appendi x C: Speci fications C-1 Genera l Specific ations C-1 Sensi tivit y C- 4 Transmit Power C-5 Antenna Spec ificatio ns C-6 18 dBi High Gain Directiona l Panel (2.4 GHz) C-6 8 dBi Om nidirectio nal (2 .4 GHz) C- 7 10 dBi Sector (2.4 GHz) C-8 8 dBi Om nidirectio nal (2 .
1-1 Chapter 1: Intr oduction The Dual- band Outdoor Acc ess Point / Bri dge system consists of two mode ls that provide poi nt-to-poi nt or point-to -multipoin t bridge link s between remote Ether net.
Introduction 1-2 1 Package Checklist The Dual- band Outdoor Acc ess Point / Bridge package incl udes: • One W ireless Du al-band Acc ess Point (WA6 202A or WA 6202AM) • One C ategory 5e network PoE ca ble, length 98 ft (30 m) • One po wer inje ctor m odule a nd powe r cord 5.
LED Indicators 1-3 1 LED Indicators The access point includ es eight status LED indica tors, as indi cated in the fo llowing fig ure. The follow ing table desc ribes the syst em status LEDs . LED Status Descripti on Powe r On G reen Indi cat es th at t he sys tem is wor kin g nor mally .
Introduction 1-4 1 The 1 1a and 1 1b/ g LEDs opera te in two display m odes, wh ich are config urable through th e manage ment interfa ce. The RSSI m ode is for aligning antennas in a bridge link . The AP mode is fo r indicating data traffic rate s. The follow ing table describe s the wireless status LEDs in AP m ode.
Integrated Hi gh-Gain Antenna 1-5 1 Integrated High-Gain Ante nna The WA6202A unit inc ludes an integ rated high-g ain (17 dB i) flat-panel antenna for 5 GHz oper ation. The ant enna can pr ovide a direc t line-of-sight link up to 15.4 km (9.6 miles ) with a 6 Mbps data rate.
Introduction 1-6 1 Ethernet Port The wireless bridge has one 10BASE-T /100BASE-TX 8-p in DIN port that connects to the pow er injector modul e using the included Etherne t cable. The Ethernet port connect ion provid es power to th e wireless bridge as wel l as a data link to the loca l network .
Grounding Point 1-7 1 The powe r injector mod ule autom atically ad justs to any AC voltage be tween 100-240 volts at 50 or 60 Hz . No voltage range se ttings are re quired. Warning : Th e po wer i nje ctor modu le i s de si gned f or i ndoo r us e on ly .
Introduction 1-8 1 System Configuration At each loca tion where a un it is installed, it mus t be conne cted to the loc al network using the po wer inject or module . The following f igure illustrat es the sy stem compon ent conne ctions. Features and Benefits • W A6202A u nits suppo rt a 5 GHz point-to- point wirel ess link up 15.
2-1 Chapte r 2: Network Co nfigur ation The Dual- band Outdoor Acc ess Point / Bri dge system provides ac cess point and bridging services thro ugh either the 5 GHz or 2.4 G Hz radio inte rfaces. The wireles s bridge uni ts can be used jus t as normal 80 2.
Network Configur ation 2-2 2 Infrastr ucture Wireless LAN The access point func tion of the wirel ess bridge p rovides acc ess to a wired L AN for 802.1 1a/b/g wireles s workstatio ns. An integra ted wired/ wireless LA N is called an Infrastru cture configur ation.
Access Point T o pologies 2-3 2 Infrastr ucture Wireless LAN fo r Roaming Wireless PCs The B asic Ser vice Set (BSS) de fines t he comm unications domain for eac h acces s point and i t s ass ociated wirele ss clients.
Network Configur ation 2-4 2 Bridge Link Topologies The IEEE 802 .1 1 s t andard defines a W Ireless Distributio n System (WDS) for bridge connect ions betwee n BSS areas ( access po ints). The outdoor wir eless bridge uses WDS to fo rward traffic on lin ks betwee n units.
Bridge Link T opologies 2-5 2 Point-to- Multipoint Configurati on A W A6202 AM wireless br idge can use an omnidirec tional or sec tor antenn a to connect to as many as 6 b ridges in a po int-to-m ultipoint con figuratio n. There can only be on e “Master” un it in the wirele ss bridge ne twork, all other bridges m ust be “Sla ve” units .
Network Configur ation 2-6 2.
3-1 Chapter 3: Bridge Link Planning The Dual- band Outdoor Acc ess Point / Bri dge supports fix ed point-to-po int or point-to- multipoint wireless lin ks. A single link between tw o points can be us ed to connect a remote si te to larger core networ k.
Bridge Link Planni ng 3-2 3 If there are ob stacles in the ra dio path, there may still be a rad io link but the qua lity and stre ngth of the sig nal will be affected. Calculating the maxim um clearanc e from objects on a path is imp ortant as it direc tly affects the decisi on on a ntenna placemen t and h eight.
Radio Path Planni ng 3-3 3 . Note that t o avoid any obs truction al ong the path, the he ight of the obj ect must be added to the m inimum cl earance re quired for a cle ar radio line-o f-sight. Con sider the following s imple example, illustrated in the fi gure below .
Bridge Link Planni ng 3-4 3 (7.5 ft) mast or po le must be c ontructed on its roof to achiev e the required antenna height. Bu ilding B is only three s tories high, or 9 m (30 ft), but is located at an elevatio n that is 12 m (39 ft) highe r than bulding A.
Ethernet Cabling 3-5 3 Radio Int erference The avoid ance of radio i nterferenc e is an important part of wireless link pl anning. Interfe rence is caus ed by othe r radio transmi ssions usi ng the sa me or an adjacen t channel frequency .
Bridge Link Planni ng 3-6 3 • Deter mine if cond uits, bracing , or other stru ctures are required for safety or protection of the cab le • For lig htning pro tection at the po wer inject or end o.
4-1 4-1 Chapte r 4: Hardwa re Inst allati on Before mou nting ant ennas to set u p your wirel ess bridge lin ks, be sure yo u have selected appropriat e locations for each ante nna. Follo w the guidanc e and informat ion in Chapter 3: "Bridge Link Plan ning.
Hard war e Ins talla tion 4-2 4 The bridge’s mou nting brac ket has four part s. On e rectangular plat e that is used fo r pole and wa ll mountin g, one square plate that at taches directly t o the bridge, and two plates that form an ad justable V -shaped clamp for pol e mounting.
Mount the Unit 4-3 4 4. Attach the bridge wi th its mount ing plate to the br acket al ready fixed to th e pole. 5. Use the in cluded nuts to sec ure the wi reless bridg e to the pole b racket. Not e that the wi reless bridg e tilt angle ma y need to be ad justed duri ng the antenn a alignme nt process.
Hard war e Ins talla tion 4-4 4 Be sure to t ake ac count of the ant enna pol arization dir ection; all anten nas in a link must be mounted with the same polariza tion.
Connect Exter nal Antennas 4-5 4 Connect External Antenna s When dep loying a WA6202A M unit for a brid ge link or acces s point oper ation, you need to m ount externa l antennas and connect them to the b ridge. T ypicall y , a bridge link re quires a 5 GH z ante nna, an d acces s point operation a 2 .
Hard war e Ins talla tion 4-6 4 Connect Cables to the Un it Warning : Do not conn ect or disco nnect ca bles or othe rwise work w ith the bridge dur ing pe riod s of li ghtn in g activ ity . 1. Attach the Ether net cable to th e Ethernet p ort on the wireles s bridge.
Connect the Power Injector 4-7 4 Connect the Power Injec tor T o connec t the wireless br idge to a power source: Cauti on: Do not install the pow er injector outdoors.
Hard war e Ins talla tion 4-8 4 1. Insert the po wer cable plug directly i nto the standard AC receptacle on the power injector . 2. Plug the other end of the power c able into a ground ed, 3-pin s ocket, AC power source. Note: For International use, you may need to change the AC line cord.
Align Antennas 4-9 4 The signa l strength LED s indicate the received r adio signal st rength for a parti cular bridge link . The more LEDs that turn on, the stronger the si gnal. Alter natively , you can monit or the Recei ve Signal St rengt h Indicator (RSSI ) value direc tly from the manage ment inter face.
Hard war e Ins talla tion 4-10 4 1. Pan the anten na horiz ontally back and forth while ch ecking the LE Ds. If usin g the pole-m ounting bracket with t he unit, you must rotate the m ounting brack et around t he pole. Oth er external an tenna brack ets may require a different horizontal adj ustment .
5-1 Chapter 5: Init ial Configuration The Dual- band Outdoor Acc ess Point / Bri dge offers a variety of managemen t options, including a w eb-base d interface, a direct conne ction to th e console por t, T e lnet, Secure Shell (SSH), or using SN MP software.
Initial C onfig uration 5-2 5 For a des cription o f how to use the C LI, see “ Using the Comma nd Line Interface” on page 7-1. For a lis t of all the CLI com mands and d etailed inform ation on using the CLI, ref er to “ Comm and Grou ps” on pag e 7-6.
Logging In 5-3 5 Setting the Country Code – Units sold in the Un ited S tates are con figured by default to us e only radio channels 1- 1 1 in 802 .1 1b or 802 .1 1g mod e as defined by FCC re gul ation s. Un it s sol d in othe r coun tri es ar e conf igur ed by de faul t wit hout a country code (i.
Initial C onfig uration 5-4 5 The hom e page displays the M ain Me nu..
6-1 Chapter 6: Syst em Config uration Before cont inuing wi th advance d config uration, first complete t he initial con figuratio n steps descr ibed in Chap ter 5 to set up an IP addre ss for the acces s point. The access point can be m anaged b y any comp uter using a web browser (Internet Explorer 5 .
System Configurati on 6-2 6 Advanced Configuration The Adv anced Conf iguration page s include the f ollowing o ptions. T able 6- 1. Me nu Menu Descrip tion Page System Configur es bas ic administ rat.
Advanced Configur ation 6-3 6 System Identification The syste m name for th e access po int can be left at its default setting. How ever , modi fyi ng thi s pa rame ter ca n help you to m ore easi ly dist ingu ish di ff eren t devi ces i n your n etwork.
System Configurati on 6-4 6 CLI Command s for Syst em Id enti fic ati on – En ter th e gl obal conf igur ati on mode , and use the sy stem name command to specify a n ew system name. Then return t o the Exec mode, and use the show syst em command to di splay the changes to the system identificat ion setting s .
Advanced Configur ation 6-5 6 TCP / IP Se ttings Configu ring the acc ess p oint with an IP address expands your abili ty to manag e the access po int.
System Configurati on 6-6 6 • IP Ad dress: The IP addr ess of the access point. Valid IP add resses consist o f four decimal numb ers, 0 t o 255, separat ed by periods. • Sub net Mask: The mask tha t identifies the host addr ess bits use d for routing to specific subnets .
Advanced Configur ation 6-7 6 RADIUS Remote Authenticat ion Dial-in User Service (RADI US) is an aut hentication pr otocol that uses so ftware run ning on a cent ral server to c ontrol acc ess to RADIU S-awar e devices on the networ k.
System Configurati on 6-8 6.
Advanced Configur ation 6-9 6 MAC Addres s Format – MAC a ddresse s can be spec ified in one of four forma ts, using no d elimeter, with a sing le dash deli meter , with multip le dash delim eters, an d with multip le colon delimet ers.
System Configurati on 6-10 6 CLI Commands for RADIUS – From the global co nfigurati on mode, use the radius-server address command t o specify the address of the primary or secondar y RA DIUS s ervers. (The fol lowing example confi gures the settin gs for the primary RADIUS server .
Advanced Configur ation 6-11 6 SSH Settings T e lnet is a remo te mana gement tool that can be use d to configu re the acces s point from anyw here in the ne twork. Ho wever, T elnet is not sec ure from host ile attacks. The Secure Shell (SSH) can ac t as a secure repl acement for T e lnet.
System Configurati on 6-12 6 CLI Commands for SSH – T o enable the SSH serv er , use the ip ssh -server enable comm and from the CLI Ethernet interface con figuration m ode.
Advanced Configur ation 6-13 6 MAC Authentication – Y ou can configu re a list of the M AC address es for wirel ess clients that are au thorized to access the network. This provide s a basic leve l of aut hent icat ion f or wir eles s cli ent s att empt ing to gain ac ces s to the ne two rk.
System Configurati on 6-14 6 802.1X Su pplicant – The ac cess point can also oper ate in a 802.1X su pplicant mode . Th is en abl es th e acce ss p oint it se lf t o be au then ti cate d wi th a RA DIUS serv er using a co nfigured MD5 user nam e and password .
Advanced Configur ation 6-15 6 CLI Commands for Local MAC Authentication – Use the mac-authen tication serve r comm and from the global conf iguration m ode to ena ble local MA C authenti cation. Us e the mac-auth entication se ssion-tim eout command to set the authenti cation in terval to enabl e web- based a uthentic ation for service billing.
System Configurati on 6-16 6 CLI Commands for RADIUS MAC Authentication – Us e th e mac-au thenticati on serve r comm and from the global conf iguration m ode to enabl e remote M AC authenti cation. Set the timeout value f or re-authen tication us ing the mac- aut henti cat ion se ssio n-t imeou t command.
Advanced Configur ation 6-17 6 Filter Control The access point can em ploy netwo rk traffic frame fil tering to con trol access to network resour ces and increase security . Y ou can p revent communi cations between wireless clients and prevent acc ess point mana gement from wirel ess clients.
System Configurati on 6-18 6 Uplink Port M AC Address Filter ing St atus – Prevents traffic with spe cified sour ce MAC ad dresses fr om being forwa rded to wire less clients thro ugh the ac cess point. Y ou can ad d a maximu m of four MAC ad dresses to the filter table.
Advanced Configur ation 6-19 6 VLAN The acc ess poi nt ca n emplo y VLAN tagging s upport t o contr ol access to n etwork resources and increase securi ty . VLANs separate traf fic pa ssing between the access po int, assoc iated clients, and t he wired net work.
System Configurati on 6-20 6 When setting u p VLAN IDs for eac h user on th e RADIUS server , be sure to use t he RADIUS attributes an d values as indicated i n the followi ng table. VLAN IDs on the RAD IUS server ca n be entered as hexadeci mal digits or a string (see “radi us-server vlan-form at” on page 7- 63).
Advanced Configur ation 6-21 6 WDS Settings Each acces s point rad io interface can be configur ed to operat e in a bridge or repeat er mode, which allows it to fo rward traffic direc tly to other ac cess poi nt units.
System Configurati on 6-22 6 • Br idge: Oper ates as a bridge to other acc ess poin ts. The “Par ent” link to th e root bridge mu st be confi gured.
Advanced Configur ation 6-23 6 Sp anni ng T r ee Pro toc ol – STP uses a distribut ed algorith m to select a bridg ing device (S TP-compl iant switch , bridge or rou ter) that ser ves as the roo t of the spanning tre e network .
System Configurati on 6-24 6 the root dev ice. All ports conn ected to des ignated brid ging devic es are assign ed as designa ted ports. After determining the lo west co st spanning tree, it enab les all root ports and de signated po rts, and disabl es all other ports.
Advanced Configur ation 6-25 6 • Link Path Cost – Th is paramete r is used by the STP to determin e the best path between devices . Therefor e, lower v alues shoul d be assig ned to por ts attached to faster m edia, and high er values ass igned to por ts with slow er media.
System Configurati on 6-26 6 CLI Commands for STP Settings – If the role of a ra dio interface i s set to Repea ter , Bridge or Roo t Bridge, STP can be enable d on the access point to maintain a va lid network topology . T o glob ally enable STP , use the bridge st p enable co mmand from the CLI configurati on mode.
Advanced Configur ation 6-27 6 AP Management The Web, T e lnet, a nd SNMP manag ement int erfaces are en abled and open to all I P address es by defa ult.
System Configurati on 6-28 6 • Mult iple IP: Specif ies an add ress range a s defined by the entered IP address an d subnet m ask. For exa mple, IP addr ess 192. 168.1.6 and subnet mas k 255.255 .255.0, de fines all IP addr esses from 192.16 8.1.6 to 192.
Advanced Configur ation 6-29 6 Setting the T imeout Interva l Y ou can set the timeout interval fo r web access to the unit, a fter whi ch the user will have to re -enter the use rname a nd password. Session T imeout for WEB – Sets the time li mit for an id le web interfa ce session.
System Configurati on 6-30 6 Before up gradin g new s oftware, v erify tha t the a ccess p oint is c onnect ed to the net work an d has been conf ig ured with a co mpa tibl e IP add ress and su bnet mask.
Advanced Configur ation 6-31 6 Firmware Upgrade Lo cal – Downl oads an oper ation cod e image file from the web mana geme nt st at ion to the acc ess po int usin g HTTP . Use the Br ows e butt on t o locate the image file loc ally on the ma nageme nt station and clic k S tart Upgrade to proceed .
System Configurati on 6-32 6 Upon uplo ading a new configura tion file you w ill be prompte d to either resto re factory se ttings, or r eboot the un it. CLI Commands for Download ing Software from a TFT P Server – Use th e copy tf tp file command from the Exec mod e and then specify the file ty pe, name, and IP address of the TFTP server .
Advanced Configur ation 6-33 6 System Log The access point can be co nfigured to send even t and error mes sages to a Syst em Log Ser ver . The s ystem c lock can also be syn chronized with a time s erver , so t hat all the mess ages se nt to t he Sysl og serve r are stamped w ith the corre ct time and date.
System Configurati on 6-34 6 Logging Level – Set s th e min imu m sev erit y l evel for even t lo ggi ng. (Default: Informatio nal) The syste m allows yo u to limit the me ssages th at are logged by specifyi ng a mini mum se veri ty le vel.
Advanced Configur ation 6-35 6 CLI Commands for System Logging – T o enable logging on th e access po int, use the logging on com mand from the global configuratio n mode. The logging level comm and sets the minim um level of mes sage to log. Use the logging co nsole comm and to e nable lo gging to the c onsole .
System Configurati on 6-36 6 Note: The access point also allows you t o disable SNTP and set the syst em clock manually. Set Time Zone – S NTP us es Co ordinated Univers al T ime (or UT C, former ly Greenw ich Mean Time, or GMT) based on the tim e at the Earth’s prime meridian, zero degr ees longitude .
Advanced Configur ation 6-37 6 CLI Comm ands fo r the System Cl ock – The followi ng exampl e shows how to manu ally set the sys tem t ime w hen S NTP serv er su ppor t i s dis abl ed o n the acce ss point. RSSI The RSSI value displayed on the RSSI page rep resents a signal to noise ratio.
System Configurati on 6-38 6 The RSSI co ntrols allo w the extern al connect or to be disabl ed and the r eceive sig nal for ea ch WDS port displaye d.
Advanced Configur ation 6-39 6 RSSI: • Auto Re fresh – En ables or disable s the refreshi ng of RSSI inform ation. • RSSI Valu e – The display ed RSSI value for a selected po rt. •P o r t N u m b e r : Select s a specifi c WDS p ort for which to display the RSSI output val ue.
System Configurati on 6-40 6 SNMP Simp le Ne twor k Mana gemen t Prot oco l (SNMP ) is a communi cat ion pr otoc ol designe d specifical ly for manag ing device s on a networ k. Equipm ent comm only manage d with SNM P includes s witches, rout ers and ho st computer s.
SNMP 6-41 6 Configuring SNMP and T rap Message Parameters The access point SNM P agent must be enabled to function (for ve rsions 1, 2c , and 3 clients). Mana gement access usin g SNMP v1 and v2c also requ ires comm unity strings t o be configu red for authen tication.
System Configurati on 6-42 6 Commu nity Name ( Read/W rite) – Defines th e SNMP community access s tring that has read/ write acce ss. Authoriz ed managem ent stations a re able to both r etrieve and modif y MIB objects.
SNMP 6-43 6 T rap C onfigurat ion – Allows selectio n of specific SNMP noti fications to s end. The following i tems are av ailable: • sysSy stemUp - The access poi nt is up and runn ing. • sysSy stemDo wn - The acces s point is abou t to shutdow n and reboo t.
System Configurati on 6-44 6 • dot1 1StationD isassociat e - A client station n o longer a ssociates with the networ k. • dot1 1StationAut henticateFa il - A client station ha s tried and fai led to authentic ate to the netwo rk. • Enable All Traps - Click the bu tton to enable all the availa ble traps.
SNMP 6-45 6 T o vi ew the current SNMP sett ings, use the show snmp command. Enterprise AP#show snmp 7-54 SNMP Information ========================================= ===== Service State : Enable Commun.
System Configurati on 6-46 6 Configuring SNMPv3 Users The access point allows up to 10 SNMP v3 users to be co nfigured . Each user mu st be defined by a uni que name , assigned to one of three pre-def ined security groups, and config ured with spe cific authe ntication an d encryp tion settin gs.
SNMP 6-47 6 CLI Commands for Configuring SNMPv3 Users – Us e t he snmp-ser ver engi ne-id comm and to define th e SNMP v3 eng ine before assigning use rs to groups. Us e the snmp-s erver user co mmand to assign use rs to one of the th ree groups and set the appropr iate authent ication and encryptio n types to be us ed.
System Configurati on 6-48 6 Configuring SNMPv3 T rap Filters SNMP v3 user s can b e configu red to r eceive notification messag es from the ac cess point. An SNM P T arget ID is creat ed that spec ifies the SNM P v3 user , IP address , and UDP po rt.
SNMP 6-49 6 T o add more subtree IDs to the filt er , retu rn to the SNMP T rap Filters p age and click the Edit butto n. In the Edit p age, cli ck the New button to access the Add SNMP Notificat ion Subtree page and config ure a new subtr ee ID to be filter ed.
System Configurati on 6-50 6 CLI Commands for Conf igur ing SNMP v3 T rap Filt er s – T o cr eate a n oti fica tio n fi lter, use the snmp -server filter com mand from th e CLI config uration mod e. Use t he comm and more th an once with t he same filter ID to build a filter that include s or exclude s multiple M IB objects.
SNMP 6-51 6 When you click on the Ne w or Edit butto n in the SNMP T argets page, a ne w page opens w here the target param eters are co nfigured . Define the parame ters and select a fil ter , if required . Note that the SNMP v3 u ser name mu st first be de fined (See “Con figuring SNMPv 3 Users” on page 6-46).
System Configurati on 6-52 6 Radio Interface The IEEE 802.1 1a an d 802.1 1g interfac es include conf iguration options for ra dio signal cha racterist ics and wirele ss secu rity features . The config uration option s are near ly id enti ca l, and ar e ther ef ore bo th cov ered i n thi s sect ion of t he manu al.
Radio Interface 6-53 6 Radio Settings A (802.1 1a) The IEEE 802.1 1a i nterface operates with in the 5 GHz ba nd, at up to 54 Mbps in normal m ode or up to 108 Mbps in T urbo mo de.
System Configurati on 6-54 6 Configuring VAP Ra dio Settings T o configure V AP radi o settings, se lect the Rad io Settings page ..
Radio Interface 6-55 6 Default VLAN ID – The VLAN ID as signed to wireless clie nts associated to t he V AP interface t hat are not assi gned to a spec ific VLAN by RA DIUS ser ver configur ation. (Default : 1) Closed Sy stem – When enabled, the V AP interface does not inclu de its SSID in beacon m essages .
System Configurati on 6-56 6 CLI Comm ands fo r the Configurin g the V APs – From the globa l configuration mode, enter the in terface wi reless a com mand to acc ess the 80 2.1 1a radio interfac e. From the 80 2.1 1a interface m ode, you can ac cess radio s ettings that apply to all V AP inter faces.
Radio Interface 6-57 6 The access point can be c onfigured to periodica lly scan all radio c hannels and find other access po ints within range. A database of n earby acc ess poi nts is mai ntained where any r ogue APs can be identified.
System Configurati on 6-58 6 using the ro gue-ap scan com mand . T o view the databa se of detect ed access points, use the s how rogue-ap command from the Ex ec level. Enterprise AP(config)#interface wireless g 7-88 Enter Wireless configuration commands, on e per line.
Radio Interface 6-59 6 Configuring Com mon Radio Settin gs T o confi gure comm on ra dio settings, selec t the Rad io Setting s page, an d scroll d own to below the V AP radi o settings. Tu r b o M o d e – The no rmal 802.1 1a/b/g wirele ss operati on mode prov ides connect ions up to 54 M bps.
System Configurati on 6-60 6 Radi o Ch annel – The radi o channe l that the ac cess point uses to commu nicate with wireless clients. Wh en multiple ac cess poi nt s ar e depl oy ed i n th e sam e area , se t t he cha nne l on neighbo ring acce ss poin t s at l east fou r channe ls apart to av oid int erf eren ce with each oth er .
Radio Interface 6-61 6 are within regulatory p ower limits for the c ountry of op eration. (De fault: Integr ated antenna ; ID: 0 000. If t here is no inte grated a ntenna, "id=0x0 000, mod ule=NA" is displaye d in the list.) Se e “External Ant enna Opt ions” on page 1-5 for a list of availabl e antennas.
System Configurati on 6-62 6 Ant enna Lo cati on – Selects the mou nting locatio n of the anten na in use; eith er “Indoo r” or “Outdoor .” Selectin g the correc t location ens ures that the access point only use s radio chann els that are pe rmitted in th e country of operation.
Radio Interface 6-63 6 try sett ing the fragmen t size to send smaller fragments . This will spe ed up the retransmissi on of smaller f rames. However, it is more efficient to set the fr agment size large r if very little or no interferen ce is present because it requires ov erhead to send mul tipl e f rames .
System Configurati on 6-64 6 CLI Comm ands fo r the Common Radio Setti ngs – From the gl obal con figu rat ion mode, enter the inte rface wire less a comm and to access the 8 02.1 1 a radio interface. From the 802. 1 1a i nterface mode, y ou can access r adio set tings th at apply to all V AP inte rfaces.
Radio Interface 6-65 6 types of tr affic, WMM allo ws the priority l evels to be co nfigured to match an y network -wide QoS policy . WMM als o specifies a protocol that acce ss points can use to c ommun icat e t he co nfi gur ed tr af fi c pri ori ty l evel s to QoS- enab led wire less cli ent s.
System Configurati on 6-66 6 Figure 6-1. WMM Backoff Wait Times For high-p riority traffic, the AIFSN an d CW value s are smal ler . The smaller val ues equate to l ess backoff and wa it time, an d therefore m ore transmi t opportu nities.
Radio Interface 6-67 6 WMM – Sets the WM M opera tional mode on the access p oint. Whe n enabled , the parameter s for each AC queu e will be em ployed on th e access po int and QoS capabilities ar e advertis ed to WMM -enabled c lients. (Defaul t: Support) • Disab le: WMM i s disabled.
System Configurati on 6-68 6 CLI Commands for WMM – Ente r interfa ce wirele ss mode and t ype wmm require d for clients that want to associ ate with the ac cess poi nt. The wmm-acknowledge-policy comma nd is use d to enable or disabl e a policy fo r each access ca tegory .
Radio Interface 6-69 6 T o view the cu rrent 802.1 1a radio settin gs for the V AP interface, use th e show interf ace wirel ess a [0-3 ] comman d. Enterprise AP#show interface wireless a 0 7-111 Wire.
System Configurati on 6-70 6 Radio Settings G (802.1 1g) The IEEE 802.1 1g standard operate s within the 2.4 GHz band a t up to 54 Mbps. Also note that becau se t he IEEE 802.1 1g stan dard is an e xtension of the IEEE 802.1 1b standard, it allow s clients with 80 2.
Radio Interface 6-71 6 Most of the 802.1 1g comm ands are identical to those u sed by the 802.1 1a interfac e. For inf ormat ion on t he t hese comma nds, ref er t o th e fo llow ing sect ions : • .
System Configurati on 6-72 6 Radio C hannel – The radio channel tha t the access point uses to commun icate with wireless clients. Wh en mult iple acce ss points are deploye d in the s ame ar ea, set the channel on neighb oring acces s points at least five channels apart to avoid interfere nce with each other.
Radio Interface 6-73 6 CLI Comm ands fo r the 802.1 1g Wireless Interface – Fr om the global configur ation mode, enter the inte rface wire less g command to access the 802.1 1 g radio interface. The 802.1 1g radio can be forced to an 8 02.1 1g -only , 802 .
System Configurati on 6-74 6 A summa ry of wireles s security con sideration s is listed in th e following table. Note: You must enable data encryption through the web or CLI in order to enable all types of encryption (WEP, TKIP, or AES) in the access point.
Radio Interface 6-75 6 The ac ces s poin t can si mult an eousl y sup port clie nt s usin g vari ous d iff er ent se curi ty mech ani sms. T he conf igur ati on f or th ese s ecu rit y co mbina tio ns ar e ou tli ned in th e following table .
System Configurati on 6-76 6 Dynamic W EP an d 802.1x W P A Interface D etail S ettings: Authentica tion: W P A Encryption : Enab le WP A Configur ation: Sup ported Cipher Suite: WE P 802.1x: Re quired Set 802.1x key re fresh and reauthent ication rat es Local or D isabl ed Y es Static and dynam ic (802.
Radio Interface 6-77 6 Note: If you choose to configure RADIUS MA C authentication together with 802. 1X, the RADIUS MAC addres s authentication occurs prior to 802.1 X authentication. Only when RADIUS MAC authentication succeeds is 802.1X authentication performed.
System Configurati on 6-78 6 Enable – Enable s radio com municatio ns on the V AP i nterface. (D efault: Disabl ed) Note: You must first enable VAP interface 0 before you can enable other VAP interfaces. SSID – The na me of the ba si c servi ce se t prov ided by a V AP int erfa ce.
Radio Interface 6-79 6 • Alpha numeric : Enter keys as 5 al phanumer ic charact ers for 64 bit key s, 13 alphanu meric cha racters for 128 bit keys, or 16 alphanum eric chara cters for 152 bit keys (8 02.11a radi o only). Key Numb er – Selects the key numbe r to use for encryp tion for eac h V AP interface.
System Configurati on 6-80 6 Note: To use 802.1X on wireless clients requi res a network card driver and 802.1X client software that supports the EAP authentication type t hat you want to use. Windows 2000 S P3 or later and W indows XP provide 8 02.1X client support.
Radio Interface 6-81 6 Enterprise AP(config)#interface wireless g 7-88 Enter Wireless configuration commands, on e per line. Enterprise AP(if-wireless g)#key 1 128 as cii abcdeabcdeabc 7-122 Enterprise AP(if-wireless g)#vap 0 7-95 Enterprise AP(if-wireless g: VAP[0])#auth shared-key 7-122 Data Encryption is set to enabled.
System Configurati on 6-82 6 CLI Comm ands for W EP over 802.1X Security – Us e the vap comm and to ac cess each V AP interface to conf igure the sec urity setting s. First set 802.1X to required using the 80 2.1x comm and and set the 802.1X key refre sh rates.
Radio Interface 6-83 6 to enable da ta encryptio n. T o vi ew the curre nt security settings, us e the show interf ace wirel ess a [0-3 ] or sho w inte rfac e wir eles s g [0 -3] co mmand (n ot shown in ex ample). Wi-Fi Pro tected Access (WPA) WP A employs a com bination of sev eral techn ologies to pro vide an enhan ced security solution for 802.
System Configurati on 6-84 6 the acces s point and all wir eless clients. The PSK mode u ses the sam e TKIP packet encrypt ion and key m anagem ent as WP A in the enterpr ise, providi ng a robust a nd manage able alterna tive for sma ll networks.
Radio Interface 6-85 6 inf orma tion for m a Secu rit y Asso ci atio n th at t he a cces s poi nt name s and hold s i n a cache. • Prea uthen ti cati on : Each time a client roams to an other acces s point it has to be fully re-au thentica ted.
System Configurati on 6-86 6 The WP A co nfig urat io n par amet ers ar e desc ribe d belo w: Encr ypti on – Y o u must enab le d at a en cryp tion in o rde r to ena ble a ll t ypes of encryption (W EP , TKIP , or AES) in the acc ess point. Pre-Authenticatio n – Whe n using W P A2 over 802.
Radio Interface 6-87 6 The configu ration sett ings for WP A are summariz ed below: CLI Commands for WP A Using P re-shared Key Se curity – From th e V AP interface configur ation m ode, u se the auth wpa-p sk requir ed command to enable WP A Pre- shar ed Ke y se curit y .
System Configurati on 6-88 6 CLI Commands for WP A Over 802.1X Secur ity – From t he V AP int erf ace configur ation m ode, u se the auth w p a required com mand to sele ct WP A o ver 802.
Radio Interface 6-89 6 Open the Sec urity page, and c lick More for on e of the V AP int erfaces. Y ou can en able 802.1X as optional ly supported or as require d to enhan ce the secu rit y of th e wire less networ k. (Defa ult: Disabl e) • Disab le: The acc ess poi nt does not support 80 2.
System Configurati on 6-90 6 CLI Commands for 802.1X Au thentication – Us e th e 802.1X supported command from the V AP interface m ode to enabl e 802.1X auth entication. Se t the session a nd broadca st key refresh r ate, and the re-au thentica tion tim eout.
Status Information 6-91 6 AP S yste m Conf ig urati on – Th e AP Syst em Con fig urat ion t abl e dis play s the ba sic system configurat ion setting s: • Sys tem Up Time: Length of time t he manag ement agen t has been up. • Ether net MAC : The physica l layer address f or the Etherne t port.
System Configurati on 6-92 6 • Boo trom Version: Show the boo trom version nu mber. • Hard war e Vers ion: Show s the ha rdwar e vers io n numb er. AP Wirele ss Configur ation – The AP Wireless Conf iguration tables display th e radio and V AP interface sett ings listed b elow .
Status Information 6-93 6 St a tion S t atus The S tation S tatus window shows th e wireless clients currently as sociated w ith the access po int. The S tation Conf iguration page displays ba sic connect ion inform ation for all associa ted stations as described be low .
System Configurati on 6-94 6 • St atic – The clie nt is using static WEP keys for en cryption . CLI Comm ands fo r Displaying Station S t atus – T o view status of clients curr ently associa ted with the ac cess poin t, use the show station comma nd from the Exec mode.
Status Information 6-95 6 Event Logs The E vent Logs window shows the l og messa ges gene rated by the access point a nd stored in mem ory . The E vent Logs table di splays t he fo llowing in formatio n: • Log Ti me: The tim e the log messag e was gen erated.
System Configurati on 6-96 6 CLI Commands for Displa ying the Logg ing St atus – From the gl obal conf igu rati on mode , use the show logging command. CLI Commands for Displa ying Event Logs – T o view the acce ss point log entries, use the show even t-log comma nd from the Exec mode.
Status Information 6-97 6 STP Status The STP St atus wind ow shows the STP status for each p ort. • ID: Dis play s th e por t ID num ber. • Pri ori ty: Th e pri orit y desi gna ted t o the sp ecifi ed port. • Path C ost: Disp lays the path c ost value fo r the specified port.
System Configurati on 6-98 6.
7-1 Chapter 7 : Co mmand Line Interface Using the Command Line Interface Acces sing the C LI When acc essing the managem ent interface for the over a direct con nection to th e console port, or via a T elnet con nection, the access poi nt can be ma naged by entering comma nd keyword s and paramete rs at the prom pt.
Command Li ne Interface 7-2 7 If your cor porate net work is conne cted to anot her netwo rk outside your office or to the Int ernet, y ou need to a pply for a regi stered IP addr ess. Ho wever , if y ou are attached to an isolated net work, then yo u can use any IP addres s that matche s the network segment to which you are a ttached.
Entering Comman ds 7-3 7 Command Com pletion If you termi nate input w ith a T ab key , the C LI will print the remaining ch aracte rs of a partial keyw ord up to the poi nt of ambiguit y . I the “con figure” exam ple, typin g con followed by a tab will result in printin g the command up t o “ configure .
Command Li ne Interface 7-4 7 Partial Keyword L ookup If you termi nate a partial keyw ord with a question mar k, alternat ives that ma tch the initial lette rs are provide d. (Rem ember not to leav e a space betw een the com mand and quest ion mark.) For exampl e “ s? ” shows all the keyw ords starti ng with “s.
Entering Comman ds 7-5 7 Exec Comm ands When yo u open a new cons ole ses sion on an a ccess po int, the system e nters Exec comm and mod e. Only a l imited nu mber of the comm ands are available in this mod e. Y ou can ac cess all other commands only from the configur ation mod e.
Command Li ne Interface 7-6 7 Command Li ne Processing Comma nds are not ca se sens itive. Y ou can ab breviate commands and parameter s as long as they contain enoug h letters to differentiate them from any oth er current ly availabl e comman ds or paramete rs.
General Commands 7-7 7 The access mode sho wn in the follo wing tables is indi cated by the se abbrev iations: Exec (Executive Mode ), GC (Globa l Conf iguration), IC-E (Interface-E therne t Conf ig urat ion), IC- W (Inte rface-Wirel ess Config uration) , and IC-W-V AP (Interfac e-Wireles s V AP Con figuration).
Command Li ne Interface 7-8 7 configure This c ommand activat es Glob al Configu ration m ode. Y ou mus t enter t his mo de to modify mo st of the sett ings on the access poin t. Y ou must also enter Gl obal Configu ration mode prior to enabl ing the contex t modes fo r Interface Co nfigurati on.
General Commands 7-9 7 Example This examp le shows ho w to return to t he Exec mode f rom the Inte rface Configu ration mode , and then qui t the CLI sessi on: ping This comm and sends ICMP echo request packets to another no de on the netwo rk. Syntax ping < host_na me | ip_a ddre ss > • ho st_name - Alias of the host.
Command Li ne Interface 7-10 7 reset This comm and restarts the sy stem or re stores the factory defau lt settings . Syntax reset < board | configurat ion > • board - Reboots the s ystem. • conf igur at ion - Re sets t he con figuratio n settings to the fact ory defau lts, and then r eboots the s ystem.
System Management C ommands 7-11 7 show lin e This comm and disp lays the con sole port’s confi guration set tings. Command Mode Exec Example The consol e port setting s are fixed at the values shown belo w .
Command Li ne Interface 7-12 7 country This comm and conf igures the acc ess point’s cou ntry code, which ident ifies the coun try of oper ati on and se ts the aut hor ize d radi o chan nels . Syntax country < countr y_cod e > country_code - A two character code that identifies the cou ntry of operation.
System Management C ommands 7-13 7 Default Sett ing US - for units sold in the United S tates 99 (no coun try set) - for uni ts sold in other co untries Command Mode Exec Command Usage • If you p urchase d an acces s point out side of the U nited Stat es, the cou ntry code mus t be set befo re radio funct ions are ena bled.
Command Li ne Interface 7-14 7 • The available Co untry Co de settin gs can be d isplayed by using the country ? comm and. Example prompt This comm and cust omizes the C LI promp t. Use the no form to restor e the defaul t prompt. Syntax prompt < string > no prompt string - Any alphanum eric string to use for the C LI prompt.
System Management C ommands 7-15 7 Command Mode Global Co nfigurati on Example username Thi s com mand conf igu res the user n ame f or manage ment acc ess.
Command Li ne Interface 7-16 7 ip ssh-se rver enabl e This comm and enable s the Secure She ll server. Use the no form t o disa ble t he serv er . Syntax ip ssh- server enable no ip ssh-s erver Default Sett ing Interface en abled Command Mode Interface C onfigurat ion (Ether net) Command Usage • The access point supports Se cure Shell version 2.
System Management C ommands 7-17 7 ip telnet-se rver enab le This comm and enable s the T elnet server . Use the no form to disa ble the se rver . Syntax ip te lnet -ser ver enabl e no i p tel net -se.
Command Li ne Interface 7-18 7 ip http serv er This c ommand allows this d evice to be mon itored o r conf igured fr om a browser. Use the no form to disable this functio n.
System Management C ommands 7-19 7 ip https port Use this c ommand to specif y the UDP port n umber use d for HTTPS/ SSL conn ection to the acces s point’s Web interfa ce. Use the no form to restore the default p ort. Syntax ip h ttps po rt < port_num ber> no ip http s port port_number – The UDP port used for HTTPS/SSL.
Command Li ne Interface 7-20 7 Syntax ip htt ps server no ip https server Default Sett ing Enabled Command Mode Global Co nfigurati on Command Usage • Both HTTP and HTTPS s ervice can be enabled indepe ndently.
System Management C ommands 7-21 7 APmgmtIP This comm and speci fies the clien t IP address es that are a llowed man agemen t access t o the access po int throu gh various pr otocols. Cauti on: Secure Web (HTTPS) c onnections are not a ffected by the UI Management or IP Management set tings.
Command Li ne Interface 7-22 7 APmgmtUI This comm and enabl es and disab les manage ment ac cess to the ac cess poi nt through SN MP , T elnet and we b interfaces . Cauti on: Secure Web (HTTPS) connect ions are not a ffected by the UI M anagement or IP Management set tings.
System Management C ommands 7-23 7 show sy stem Thi s command displa ys basi c syst em conf ig urat ion set ting s. Default Sett ing None Command Mode Exec Example Enterprise AP#show system System Inf.
Command Li ne Interface 7-24 7 show ve rsion This com mand disp lays the softw are vers ion for the system. Command Mode Exec Example show co nfig This c ommand displays detailed configurat ion info rmation for th e system .
System Management C ommands 7-25 7 Hardware Version Information ========================================= == Hardware version R01A ========================================= == Ethernet Interface Information ======================================== IP Address : 192.
Command Li ne Interface 7-26 7 Logging Information ========================================= ============ Syslog State : Disabled Logging Console State : Disabled Logging Level : Informationa l Logging Facility Type : 16 Servers 1: 0.0.0.0 , UDP Port: 514, St ate: Disabled 2: 0.
System Management C ommands 7-27 7 dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot 11StationAuthentication Enabled dot11StationReAssociation Enabled dot11S.
Command Li ne Interface 7-28 7 show hard ware Thi s comma nd dis play s the ha rdwar e vers io n of the sy stem. Command Mode Exec Example System Logging Comman ds Thes e comma nds ar e used to conf igur e syst em log gin g on the acces s poin t.
System Logging C ommands 7-29 7 logging on This comm and cont rols loggin g of error mess ages; i.e., sen ding debu g or error message s to memor y . The no form disabl es the logg ing process .
Command Li ne Interface 7-30 7 Example logging co nsole This comm and initia tes logging of error mess ages to the co nsole. Use t he no form to d isa ble l ogg ing t o t he co nsol e.
System Logging C ommands 7-31 7 Command Usage Messag es sent includ e the select ed level down to Emergenc y level. Example logging fac ility-type This comm and sets the fa cility type fo r remote log ging of syslog message s.
Command Li ne Interface 7-32 7 Command Usage The comm and spec ifies the facilit y type tag sent in sys log messag es. (See RFC 3164. ) This type has no effect on the kind of messag es reporte d by the acce ss poi nt. How ever , it may b e used by the sy slog server to sort message s or to store m essages in the corresp onding database.
Syst em C lock C omm and s 7-33 7 show ev ent-log This comm and disp lays log mess ages sto red in the acc ess point’s memor y . Syntax show event -lo g Command Mode Exec Example System Clock Command s Thes e co mmand s ar e used to conf igur e SN TP a nd s yste m clo ck s etti ngs o n th e access po int.
Command Li ne Interface 7-34 7 sntp-ser ver ip This comm and sets the IP address of the se rvers to whi ch SNTP time requests are issued. U se the this com mand wit h no argumen ts to clear all time servers from the current l ist. Syntax sntp-ser ver ip < 1 | 2 > < ip> • 1 - First time s erver.
Syst em C lock C omm and s 7-35 7 Command Mode Global Co nfigurati on Command Usage The time ac quired from time server s is used to rec ord accurat e dates and times for log ev ents. Without SN TP , the ac cess point only records th e time starting fr om the factory default s et at t he last bootup (i.
Command Li ne Interface 7-36 7 sntp-ser ver daylight-savi ng This comm and sets the start an d end date s for daylight sa vings time. Use the no form to disa ble dayli ght savings time.
Syst em C lock C omm and s 7-37 7 Command Usage This command sets the local time zone relative to the Coordinated Universal T im e (UTC , for merly Gree nwic h Mean T i me or GMT), ba sed on t he ear th’ s prime m eridian, zero degrees l ongitude .
Command Li ne Interface 7-38 7 DHCP Relay Commands Dynami c Host Confi guration Protoc ol (DHC P) can dynam ically alloca te an IP addr ess an d othe r conf ig urat ion i nfor mati on to ne twor k clie nt s that broa dcast a request. T o receive the broadcast reque st, the DHCP server would normally have to be on the same subnet as the client.
DHC P Rel ay Com ma nds 7-39 7 dhcp-re lay This c ommand configur es the prima ry and seconda ry DH CP serv er addr esses. Syntax dhcp-relay < primary | sec ondary > < ip_addre ss > • prima ry - The primary DHCP s erver. • second ary - The se condary D HCP serve r.
Command Li ne Interface 7-40 7 SNMP Command s Controls a ccess to this access po int from m anagement stations using the Simple Network M anagemen t Protocol (S NMP), as w ell as the hosts that will rec eive trap messag es.
SNMP Commands 7-41 7 snmp- server com munity This comm and define s the comm unity acce ss string for the Simple Net work Manage ment Protoc ol. Use the no form to remo ve the spe cified communit y strin g.
Command Li ne Interface 7-42 7 Command Mode Global Co nfigurati on Example Related Commands snmp -serve r locatio n (7-4 2) snmp- server loc ation This comm and sets the sys tem loca tion string .
SNMP Commands 7-43 7 Command Mode Global Co nfigurati on Command Usage • This command en ables both a uthentic ation failure notificatio ns and link-up-do wn notifi cations. •T h e snmp-s erve r hos t command specifi es the host device that will receive SNMP notificatio ns.
Command Li ne Interface 7-44 7 Command Usage The snmp-s erve r host com mand i s u sed i n co njun cti on wi th t he snmp-s erver enabl e server co mmand to en able SNM P notificatio ns. Example Related Commands snmp- server enabl e server (7 -42) snmp- server trap This comm and enable s the acces s point to send s pecific SNMP traps (i.
SNMP Commands 7-45 7 - iappStationR oamedTo - A client st ation has r oamed to a nother acc ess point (ident ified by its IP address) . - loc alMa cAd drA uthF ai l - A client s tation has faile d authe ntication with the local MAC addres s databa se on the acces s point.
Command Li ne Interface 7-46 7 Command Mode Global Co nfigurati on Command Usage • Thi s comma nd is used in co njun ctio n wit h the snmp-server user command. • Enter ing this c omman d invalida tes all e ngine IDs that have been previously configur ed.
SNMP Commands 7-47 7 - RWAuth - A read/wr ite group usin g authentica tion, but no da ta encrypt ion. User s in this g roup se nd SNM P mess ages tha t use a n MD5 key /pa sswor d for aut hen tic atio n, bu t no t a D ES k ey/p ass word f or encrypt ion.
Command Li ne Interface 7-48 7 snmp- server targe ts This c ommand configur es SN MP v3 notificati on targets. Us e the no fo rm to d ele te an SNMP v3 target .
SNMP Commands 7-49 7 snmp- server filte r This comm and confi gures SNMP v3 notificat ion filters. U se the no f orm to delet e an SNMP v3 filter or remove a subtree from a filter .
Command Li ne Interface 7-50 7 snmp- server filte r-assignments This comm and assign s SNMP v3 notificatio n filters to targets. Use t he no form to remove an SNMP v3 fil ter assi gnment .
SNMP Commands 7-51 7 Example show sn mp users This c ommand displays the SNMP v3 users and se ttings. Syntax show s nmp us ers Command Mode Exec Example show sn mp group-a ssignments This comm and displ ays the SNMP v3 user grou p assignme nts.
Command Li ne Interface 7-52 7 Example show sn mp target This comm and disp lays the SNM P v3 noti fication target settings. Syntax show snmp targ et Command Mode Exec Example show sn mp filter Thi s com mand d is play s th e SNMP v 3 no tif icat ion fil ter sett in gs.
SNMP Commands 7-53 7 show sn mp filter-a ssignments This comm and displ ays the SNM P v3 notifica tion filter assign ments. Syntax show snmp fi lter -ass ignm ent s Command Mode Exec Example Enterpris.
Command Li ne Interface 7-54 7 show sn mp This comm and displ ays the SNM P configurat ion setting s. Command Mode Exec Example Enterprise AP#show snmp SNMP Information ===============================.
Flash/File Comman ds 7-55 7 Flash/File Commands These c omman ds are used to mana ge the system code or conf iguration files. bootfile This comm and speci fies the imag e used to start up the system . Syntax bootfile < filena me > filename - Name of the i mage file.
Command Li ne Interface 7-56 7 copy This comm and copi es a boot file, co de image, or configurat ion file betwee n the access po int’s flash memor y and a FTP/TF TP server. When yo u save the configur ation setting s to a file on a FTP/TFT P server , that file can la ter be downloa ded to t he access point to re store syst em ope ration.
Flash/File Comman ds 7-57 7 The follow ing exampl e shows how t o downloa d a configur ation file: delete This comm and delete s a file or image . Syntax delete < filename > filename - Name of the configurati on file or image name. Default Sett ing None Command Mode Exec Cauti on: Beware of deleting application images from flash memory.
Command Li ne Interface 7-58 7 dir This command dis plays a list o f files in flash memory . Command Mode Exec Command Usage File info rmation is show n below : Example The follow ing exampl e shows h.
RADIUS Client 7-59 7 RADIUS Client Remote Authenticat ion Dial-in User Service (RADI US) is a logo n authenticati on protoc ol that uses softw are runnin g on a central ser ver to cont rol access f or RADIUS -aware dev ices to the network.
Command Li ne Interface 7-60 7 Command Mode Global Co nfigurati on Example radius- server por t This comm and sets the R ADIUS se rver networ k port. Syntax radius-server [ secon dary ] port < port_nu mber > • second ary - Sec ondar y se rve r.
RADIUS Client 7-61 7 radius- server r etransmi t This c ommand sets the number of ret ries. Syntax radius-server [ secon dary ] retransmit n umber_of _retries • second ary - Sec ondar y se rve r. • num ber_of_re tries - Number of times t he access p oint will tr y to authenti cate logon access vi a the RADIUS server.
Command Li ne Interface 7-62 7 radius- server port-a ccountin g This comm and sets the RA DIUS Accou nting serv er network po rt. Syntax radius-server [ secon dary ] por t-accounting < port_number > • second ary - Secondary serve r.
RADIUS Client 7-63 7 Example radius- server radiu s-mac-fo rmat This comm and sets the f ormat for sp ecifying MAC addre sses on th e RADIUS server . Syntax radius-server radius-mac-for mat < multi-colon | multi -dash | no-delimi ter | single-da sh > • multi-colon - Enter MAC addresses in t he form xx:x x:xx:xx:xx:x x.
Command Li ne Interface 7-64 7 show radi us This comm and disp lays the curr ent settings for the RADIU S server . Default Sett ing None Command Mode Exec Example Enterprise AP#show radius Radius Server Information ======================================== IP : 0.
802.1X Authentication 7-65 7 802.1X Authentication The access point suppo rts IEEE 802.1 X access con trol for wirel ess clients. This contro l feature prevents una uthorize d access to the n etwork by requ iring an 80 2.1X client ap plication to su bmit user cr edential s for authentica tion.
Command Li ne Interface 7-66 7 Command Mode Global Co nfigurati on Command Usage • Whe n 802. 1X i s dis abl ed, t he a cce ss poi nt does not supp ort 802. 1X authenti cation for an y station. Af ter success ful 802.1 1 association , each client is a llowed to access the network.
802.1X Authentication 7-67 7 802.1x-s upplicant use r This comm and sets the user nam e and passwo rd used fo r authentic ation of the access po int when op erating as a 802 .1X suppli cant. Use the no form to cl ear the supplica nt user na me and passwo rd.
Command Li ne Interface 7-68 7 show au thenticati on This co mmand sh ows all 80 2.1X aut henticati on settings , as well as the add ress f ilter table.
MAC Address Authentication 7-69 7 MAC Address Authenticati on Use these comma nds to define M AC authenti cation on the ac cess poi nt. For local MAC au thentication , first define th e default filter ing policy us ing the addr ess filter default c ommand.
Command Li ne Interface 7-70 7 Related Commands address filter entry (7-7 0) 802. 1x- suppl ic ant us er (7- 67) addres s filter en try This comm and ente rs a MAC add ress in the filter table. Syntax address f ilter entry < mac- addre ss> < allowed | den ied > • mac -addres s - P hysi cal addr ess o f cl ien t.
MAC Address Authentication 7-71 7 Command Mode Global Co nfigurati on Example Related Commands 802. 1x- suppl ic ant us er (7- 67) mac-authe ntication ser ver This comm and sets add ress filtering t o be performe d with local or remote opt ions. Use t he no form to disa ble MAC ad dress aut henticati on.
Command Li ne Interface 7-72 7 Default 0 (disable d) Command Mode Global Co nfigurati on Example Filtering Commands The com mands described in this section are use d to filter communi cations between wireless clients, control access to th e manage ment interfac e from wirel ess clients, and filter tra ffic using specif ic Etherne t protocol types .
Filtering C ommands 7-73 7 filter lo cal-bridge This c ommand disables comm unication betwee n wire less clien ts. Use the no form to d isa ble t hi s fil ter in g.
Command Li ne Interface 7-74 7 filter uplink enable This c ommand enable s filterin g of MA C add resses from the Ether net po rt. Syntax [ no ] fil te r upli nk en able Default Disabled Command Mode Global Co nfigurati on Example filter uplink This comm and adds o r deletes MA C address es from the up link filtering table.
Filtering C ommands 7-75 7 Global Co nfigurati on Command Usage Thi s com mand i s us ed i n co njun cti on w ith t he filter ethern et-type protoc ol comm and to determin e which Eth ernet protoco l types are to be filtered.
Command Li ne Interface 7-76 7 show filte rs This comm and show s the filter op tions and prot ocol entrie s in the filter table. Command Mode Exec Example WDS Bridge Commands The com mands descr ibed.
WDS Bridge Comman ds 7-77 7 bridge mode This c ommand selects be tween Master and S lave mo de. Syntax bridge mode < master | slave > • master - Opera tes as a mast er enabli ng up to five sla ve links. • slav e - O perat es a s a s lav e wi th on ly o ne l ink t o t he m aste r.
Command Li ne Interface 7-78 7 configur ed as the “roo t bridge” in the wi reless netw ork. The ro ot bridge is the unit co nnected to the m ain core of the wired LAN. Other bridges need to spec ify one “Parent” link to the root b ridge or to a bridg e connec ted to the root bridge.
WDS Bridge Comman ds 7-79 7 Default Sett ing None Command Mode Interfa ce Configur ation (Wirel ess) Command Usage Every brid ge (except th e root bridge) in the wireles s bridge netw ork must specify t he MAC add ress of the parent bridg e that is linked to the root brid ge, or th e root brid ge it sel f.
Command Li ne Interface 7-80 7 bridge dynamic -entry age-time This comm and sets the time f or aging out dyn amic en tries in the WDS f orwarding table. Syntax bridge dynam ic-entry age -time < seconds > seconds - The time to age out an address entry .
WDS Bridge Comman ds 7-81 7 show bridg e filter-entry This comm and displ ays current ent ries in the W DS forwardi ng table. Command Mode Exec Example show bridg e link Thi s com mand dis play s WDS brid ge li nk and s p anni ng t ree se tti ngs for s pec ifi ed int erfa ces .
Command Li ne Interface 7-82 7 Example Enterprise AP#show bridge link wireless a Interface Wireless A WDS Information ==================================== AP Role: Bridge Channel Auto Sync: Disable Pa.
Spanning Tree Commands 7-83 7 Spanning Tree Command s The comm ands des cribed in this se ction are us ed to set the MAC addre ss table aging time a nd spanning tre e parameters fo r both the Etherne t and wirel ess int erfa ces . bridge stp enable This comm and enable s the S panning Tree Protocol.
Command Li ne Interface 7-84 7 bridge stp forwarding-d elay Use t his co mmand to conf igur e th e span nin g tree br id ge for war d time globa lly f or the wir eles s bri dge. Use the no form to restor e the defaul t. Syntax bridge stp forwa rding-delay < secon ds > no bridge stp forw ardin g-delay seconds - T ime in seconds.
Spanning Tree Commands 7-85 7 Example bridge stp max-age Use this command to con figure th e spanning tree br idge maxi mum age gl obally for the wir eles s br idge . Us e th e no f orm t o restore the de fault. Syntax bridge stp m ax-age < seconds > no bridge stp max -age seconds - T ime in seconds.
Command Li ne Interface 7-86 7 Command Mode Global Co nfigurati on Command Usage Bridge prior ity is used in se lecting the root device, root port, and des ignated port.
Spanning Tree Commands 7-87 7 Default Sett ing 128 Command Mode Interface Conf iguration Command Usage • This command de fines the pri ority for the us e of a port in the Span ning Tree Protoco l.
Command Li ne Interface 7-88 7 Ethernet Interface Comm ands The comm ands des cribed in this se ction conf igure conn ection param eters for th e Ethernet p ort and wirele ss interface. interfac e etherne t This comm and ente rs Ethernet int erface conf iguration mode.
Ethernet Interfac e Commands 7-89 7 dns se rver Thi s com mand s pec ifie s th e ad dres s fo r th e pr imary or s eco ndar y dom ain name ser ver to b e used for nam e-t o-ad dres s re solu tion .
Command Li ne Interface 7-90 7 Command Mode Interface C onfigurat ion (Ether net) Command Usage • DHCP is enabled by default. To manually configure a new IP address, you must fi rst disable th e DHCP client with the no ip dhcp co mmand .
Ethernet Interfac e Commands 7-91 7 • When you use this command, the access p oint will b egin broadcasting DHCP client request s. The current IP addr ess (i.e., default or manually configur ed addres s) will continu e to be effective until a DHC P reply is rec eive d.
Command Li ne Interface 7-92 7 shutdown This comm and disabl es the Etherne t interface . T o res tart a disabled inte rface, use the no form. Syntax sh ut dow n no shutdown Default Sett ing Interface.
Wireless Interface Comman ds 7-93 7 Example Wireless Interface Com mands The comm ands des cribed in this se ction conf igure conn ection param eters for th e wir eles s int erfa ces . Enterprise AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.
Command Li ne Interface 7-94 7 beacon-in terval Configu res the rat e at which beacon s ignals are transmit ted fro m the acce ss point IC-W 7-103 dtim-perio d Con figures the rate at wh ich station s.
Wireless Interface Comman ds 7-95 7 interfac e wirel ess This comm and enters wireless int erface configu ration mo de. Syntax inte rfac e wire less < a | g > • a - 802. 11a radio int erface. • g - 802. 11g radio int erface. Default Sett ing None Command Mode Global Co nfigurati on Example T o speci fy the 8 02.
Command Li ne Interface 7-96 7 speed This comm and conf igures the ma ximum da ta rate at which th e access po int transmi ts unicast packe ts. Syntax speed < speed> speed - Maximum access speed allowed for wireless client s. (Options f or 802.1 1a: 6, 9, 12, 18, 24, 36, 48, 54 M bps) (Options f or 802.
Wireless Interface Comman ds 7-97 7 Command Usage • The normal 802 .11a wireles s operatio n mode provi des conne ctions up to 54 Mbps. Tur bo Mode is an enhanced mode (not regu lated in IEEE 802.11a ) that provide s a highe r data rate of up to 108 M bps.
Command Li ne Interface 7-98 7 chan nel This c ommand configur es the radio channel through which the ac cess p oint comm unicates wi th wirele ss clients. Syntax channel < channe l | auto > • ch annel - Man ually sets th e radio chann el used for co mmunic ations with wireless clients.
Wireless Interface Comman ds 7-99 7 Default Sett ing ful l Command Mode Interfa ce Configur ation (Wirel ess) Command Usage • The “min” keywor d indicat es minimum power. • The longer the trans mission distance, th e higher the transmission power required .
Command Li ne Interface 7-100 7 Example preamble This comm and sets the lengt h of the signal preambl e that is used at the start of a 802.1 1b/g data tr ansmiss ion. Syntax preamb le [ long | short-or -long ] • lo ng - S ets the pream ble to long (192 microsec onds).
Wireless Interface Comman ds 7-101 7 antenna c ontrol This comm and sele cts the use of two di versity ant ennas or a sing le antenna for the radio inter face. Syntax antenna co ntrol < diversity | left | right > • diversity - The ra dio uses two ide ntical anten nas in a diver sity mod e.
Command Li ne Interface 7-102 7 Command Mode Interfa ce Configur ation (Wirel ess) Command Usage • See “External Ant enna Option s” on page 1- 5 for a list of the ava ilable antenna options and t heir pa rt numb ers.
Wireless Interface Comman ds 7-103 7 beacon-int erval This comm and con figures the rate at w hich beac on signa ls are trans mitted from the access po int. Syntax beacon-int erval < inte rval> interv al - The rate for transmitting beacon si gnals.
Command Li ne Interface 7-104 7 will save all broadcast /multicast fr ames for the Bas ic Service Set (BSS) and forwar d them after e very second be acon. • Using smalle r DTIM i ntervals delivers b roadcast/ multicas t frames i n a mo re timely ma nner, causin g stations in Power Save m ode to wake up more often and d rain pow er faster .
Wireless Interface Comman ds 7-105 7 rts-threshold This comm and sets the packe t size thresho ld at which a Re quest to S end (RTS) signal mu st be sent to the receivin g station prior to the sending station starting comm unicatio ns. Syntax rts-thre shold < thre shol d> threshold - Threshold packet size for which to s end an RTS.
Command Li ne Interface 7-106 7 super-a Thi s com mand enab les A the ros prop riet ary Supe r A pe rfor man ce en han cemen ts . Use t he no form to disable th is function. Syntax [ no ] super-a Default Sett ing Disabled Command Mode Interfa ce Configur ation (Wirel ess - 802.
Wireless Interface Comman ds 7-107 7 descri ption This comm and adds a description to a the wireles s interface. Use the no form to remov e the descri ption. Syntax description < string > no description string - Comment or a description for this interface.
Command Li ne Interface 7-108 7 clos ed-s ystem Thi s com mand p rohi bit s a ccess to c li ent s wit hout a pr e-co nfi gur ed SS ID. Us e th e no form to disa ble this featur e.
Wireless Interface Comman ds 7-109 7 assoc-tim eout-interv al This comm and conf igures the id le time interval (when no fram es are se nt) after whi ch t he cl ien t is dis assoc iat ed f rom t he V AP int erf ace. Syntax assoc-time out-interva l < minutes > minutes - The number of minutes of inactivity before disassociation.
Command Li ne Interface 7-110 7 Default Sett ing Interface en abled Command Mode Interface C onfigurat ion (Wireles s-V AP) Command Usage Y ou must first ena ble V A P interface 0 befo re you can enable V AP inter faces 1, 2, 3, 4 , 5, 6, or 7.
Wireless Interface Comman ds 7-111 7 show inte rface wireless This comm and disp lays the status for the wirele ss interface . Syntax show i nterface wireless < a | g > vap-id • a - 802. 11a radio int erface. • g - 802. 11g radio int erface.
Command Li ne Interface 7-112 7 ----------------802.1x------------------- -------------------------------- 802.1x : DISABLE D Broadcast Key Refresh Rate : 30 min Session Key Refresh Rate : 30 min 802.
Wireless Interface Comman ds 7-113 7 show sta tion Thi s comma nd show s the wi rele ss cli ent s asso cia ted wi th th e acces s poin t. Command Mode Exec Example Enterprise AP#show station Station Table Information ========================================= =============== if-wireless A VAP [0] : 802.
Command Li ne Interface 7-114 7 Rogue AP Detection Comm ands A “rogue AP ” is either an acce ss point tha t is not authori zed to participate in the wireless network, or an access po int that do es not have the correct se curity configur ation. Rog ue APs can poten tially allow un author ized users ac cess to the net work.
Rogue AP Detection C ommands 7-115 7 • A “rog ue AP” is either an access po int that is not a uthorized to participate in the wire less netw ork, or an acc ess point that does not have the corr ect security configura tion. Ro gue acces s points can be identified by unknow n BSSI D (MA C addre ss) or SSI D conf igur at ion.
Command Li ne Interface 7-116 7 rogu e-ap durat ion This comm and sets the sca n duration for detect ing access po ints. Syntax rogue-ap d uration <milliseconds> milliseconds - The duration of the scan.
Rogue AP Detection C ommands 7-117 7 Example Related Commands rogue-a p duration (7- 1 16) rogue-a p scan This comm and starts an immed iate sca n for access points on the radi o interface.
Command Li ne Interface 7-118 7 show rogu e-ap This comm and disp lays the curr ent rogue AP database. Command Mode Exec Example Wireless Security Comm ands The comm ands des cribed in this se ction co nfigure param eters for wir eless secur ity on the 802 .
Wireless Security Commands 7-119 7 auth This c ommand configur es authe ntication for the V AP interface. Syntax auth < open -system | shared-key | wp a | wp a-ps k | wp a2 | wp a2-p sk | wpa-wpa2-.
Command Li ne Interface 7-120 7 • To u se WEP shared -key authen tication, set the authent ication type t o “share d-key” and de fine at leas t one static W EP key w ith the key comma nd.
Wireless Security Commands 7-121 7 Example Related Commands encrypt ion (7- 121) key (7 -122) encryp tion This comm and enabl es data encryp tion for wire less commu nication s.
Command Li ne Interface 7-122 7 key This comm and sets the key s used for WE P encrypti on. Use the no form to d elete a configur ed key . Syntax key < index > < size > < type > < value > no key in dex • in de x - Key index. (Range: 1-4) • size - Key size.
Wireless Security Commands 7-123 7 transmit-ke y This comm and sets the in dex of the key to be used for encrypting data fra mes for broadca st or multicas t traffic transmi tted from the V AP to wireless clients. Syntax transm it-key < index> index - Key index.
Command Li ne Interface 7-124 7 ciph er-s uite This comm and define s the cipher algorithm used to encry pt the global key for broadca st and multi cast traffic when us ing Wi-Fi Prot ected Acces s (WP A) security .
Wireless Security Commands 7-125 7 • AES -CCMP (Advan ced Encrypt ion Standard Cou nter-Mode /CBCMAC Protocol): W PA2 is backward compatible wit h WPA, including the same 802.
Command Li ne Interface 7-126 7 Example wpa-pr e-shared-key This comm and define s a Wi-Fi Protec ted Access (W P A/W P A2) Pr e-shared- key . Syntax wpa-pre-shared- key < hex | p assph rase-ke y > < val ue> • hex - Spe cifies he xadecima l digits as the ke y input form at.
Wireless Security Commands 7-127 7 Command Mode Interface C onfigurat ion (Wireles s-V AP) Command Usage • WPA2 provides fast roam ing for authen ticated clients by re taining keys and other se curity inform ation in a cac he, so th at if a client roam s away fro m an access po int and then returns reaut henticati on is not requi red.
Command Li ne Interface 7-128 7 know n to be al read y aut hent ica ted, so it pr oceed s dir ect ly t o ke y exch ange and assoc iation. • To s upport pre -authentic ation, both clients and ac cess poi nts in the net work must be WP A2 enabled . • Pre- authenti cation requi res all acce ss points in t he network to be on the same IP subnet.
Link Integri ty Commands 7-129 7 link-int egrity ping-det ect This comm and enable s link integr ity detection . Use the no form to disable link inte gri ty de tect ion.
Command Li ne Interface 7-130 7 link-integrity ping-inte rval This c ommand configur es the t ime be tween e ach Ping sent to the l ink hos t. Syntax li nk- int egr ity ping -int e rval < in terval > interv al - The time between Pings.
Link Integri ty Commands 7-131 7 Command Mode Global Co nfigurati on Example show lin k-integrity This comm and disp lays the curr ent link integr ity configu ration.
Command Li ne Interface 7-132 7 IAPP Commands The comm and desc ribed in this sec tion enabl es the protoco l signaling required to ensure t he succes sful handov er of wireles s clients roamin g between di fferent 802.1 1f-complian t access points. In other w ords, the 80 2.
VLAN Commands 7-133 7 VLAN Commands The access point can ena ble the supp ort of VLAN -tagged traffic passing be tween wireless clients and the wired network. U p to 64 VLAN I Ds can be ma pped to specific wi reless client s, allo wing users to remain within the same VLAN as they move ar ound a cam pus site.
Command Li ne Interface 7-134 7 • Traf fic entering the Et hernet por t must be tagg ed with a VLAN ID that matches the access point’s nat ive VLAN ID, or with a VLAN tag that match es one of the wi reless clie nts currentl y associat ed with the ac cess point.
WMM Commands 7-135 7 Default Sett ing 1 Command Mode Interface C onfigurat ion (Wireles s-V AP) Command Usage • To impl ement the def ault VLAN ID set ting for VAP interfac e, the access point mus t enable VLAN support using the vl an command.
Command Li ne Interface 7-136 7 wmm This comm and sets the WM M operat ional mode on the acces s point. Use the no form to disa ble WMM . Syntax [ no ] wmm < s upported | required > • sup ported - WM M will b e used f or any associat ed device that s upports thi s feature.
WMM Commands 7-137 7 interpreta bility with o ther wired network QoS p olicies. While the four ACs are specifie d for specif ic types of tr affic, WMM allo ws the priority levels to be conf igured to match an y network- wide QoS p olicy.
Command Li ne Interface 7-138 7 • ad mission_co ntrol - The admis si on cont rol mode f or the ac ces s cate gory . When en able d, cl ien ts ar e bloc ked from us ing th e acce ss cat egory .
A-1 Appendix A: Tr oubleshoo ting Check the following items bef ore you co ntact local T echnica l Support. 1. If wireless clients canno t access the network, check the fo llowing: • Be sure the a ccess po int and t he wirel ess clien ts are con figured with the s ame Service Set ID (SSID).
T roubleshooti ng A-2 A 3. If you canno t access t he on-boa rd configu ration progr am via a ser ial port connect ion: • Be sur e you h ave set the te rmin al em ulat or pro gram to VT10 0 comp atibl e, 8 data bits , 1 stop bit, no parit y and 9600 bp s.
B-1 Appe ndix B: Ca bles an d Pi nouts Twisted-Pair Cable Assignments For 10/100 BASE-T X connecti ons, a twi sted-pair cab le must ha ve two pairs of wires. Each wire pair is identified by two different colors. Fo r example, on e wire might be green and the other , green with white strip es.
Cables and Pino uts B-2 B Straight- Through Wiring Beca use the 10/10 0 Mbp s port on t he ac cess poi nt u ses an MDI pin conf igur at ion, you must use “straigh t-throu gh” cable fo r network con nections t o hubs or swit ches that only h ave MDI- X ports.
T wisted-Pair Cable Assignments B-3 B Crossover Wiring Beca use the 10/10 0 Mbp s port on t he ac cess poi nt u ses an MDI pin conf igur at ion, you must use “crosso ver” cab le for network connectio ns to PCs, serv ers or other end nodes that only hav e MDI ports.
Cables and Pino uts B-4 B 8-Pin DIN to RJ-45 Cable Wirin g T o constr uct an exte nded E the rnet cabl e to c onn ect f rom t he po wer injec tor’s RJ- 45 Outp ut p ort to t he wi rel ess brid ge’ s 8 -pin DIN conn ect or , foll ow t he w iri ng di agr am below .
C-1 Appendix C: Spe cification s General Specif ications Maximu m Channels 802.1 1a: US & Canada : 13 (norm al mode), 5 (turbo mode) Jap an: 4 (n orm al mo de), 1 (t ur bo mode ) ETSI: 1 1 channels (nor mal mode ), 4 (turbo mode ) T a iwan: 8 (n ormal mode ), 3 (turbo mo de) 802.
Specifications C-2 C Operating Frequ ency 802.1 1a: 5.15 ~ 5.25 G Hz (lower band) US/ Canada, Ja pan 5.25 ~ 5.35 GHz (m iddle ba nd) US/ Canada 5.725 ~ 5.82 5 GHz (upp er band) US /Canada 5.50~ 5.70 G Hz Europ e 5.25 ~ 5.35 GHz (m iddle ba nd) T aiwan 5.
General Specificati ons C-3 C Wireless Radio/Regulatory Certification ETSI 300 32 8 (1 1b/g) , 301 893 (1 1 a Full range ), 301 489 (DC po wer) FCC Part 15C 15.
Specifications C-4 C Sensi tivity Table C -1 Se nsitivity 8 02.11a IEEE 802. 1 1a Sensi ti vity (GHz - dBm) Modulatio n/Rate s 5.15- 5.250 5.25-5.350 5.
Transmit Power C-5 C Transmit P ower Table C- 4 Tran smit Pow er 802.11 a IEEE 802 .1 1a Max imum Out put Power (GHz - dBm) Data Rate 5.15-5.2 50 5.25-5. 350 5.50-5 .700 5.725-5. 825 6 Mbps 18 18 18 18 9 Mbps 18 18 18 17 12 Mbps 18 18 18 17 8 Mbps 18 18 18 17 24 Mbps 18 18 18 17 36 Mbps 18 18 18 17 48 Mbps 17.
Specifications C-6 C Antenna Specifications 18 dBi High Gain Directional Panel (2.4GHz) Model Num ber ACC04- 050090 Frequenc y Range 2.4 - 2.5 GH z Gain 18 dB i VSWR 1.
Antenna Specificati ons C-7 C 8 dBi Omnidirectional (2.4 GHz) Model Num ber ACC04- 05028A Frequenc y Range 2.400~2 .500 GHz Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Ho.
Specifications C-8 C 10 dBi Sector (2.4 GHz) Model Num ber ACC04- 053830A Frequenc y range 2.4~2.5 G Hz Gain 10 dB i VSWR 1.5 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Linear: 12 0° Ve r .
Antenna Specificati ons C-9 C 8 dBi Omnidirectional (2.4 GHz) Model Num ber ACC04- 05427A Frequenc y range 2.4~2.5 G Hz Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori z.
Specifications C-10 C 8 dBi Omnidirectional (5 GHz) Model Num ber ACC04- 090380 Frequenc y range 5.47~5.875 GHz Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori zo nt al:.
Antenna Specificati ons C-11 C 12.5~13.5 dBi 60-Degree Sect or (5 GHz ) Model Num ber ACC04- 200010 Frequenc y range 4.9~5.875 GH z Gain 12. 5~13. 5 dBi VSWR 2.
Specifications C-12 C 8 dBi Omnidirectional (5 GHz) Model Num ber ACC04- 200180 Frequenc y Range 5.5~5.825 GH z Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori zo nt al:.
Antenna Specificati ons C-13 C 23 dBi High-Gain Panel (5 GHz) Model Num ber ACC04- 20212A Frequenc y range 5.725 ~5.87 5 GHz Gain 23 dB i VSWR 1.5 : 1 max Po l a r i z a t i o n Linear, vertica l/hori.
Specifications C-14 C 8 dBi Omnidirectional (5 GHz) Model Num ber ACC04- 202130 Frequenc y range 5.15~ 5.35 G Hz Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori zo nt al.
Antenna Specificati ons C-15 C 8 dBi Omnidirectional (5 GHz) Model Num ber ACC04- 200180 Frequenc y range 4.9~5.35 G Hz Gain 8 dBi VSWR 2.0 : 1 max Po l a r i z a t i o n Linear, vertica l HPBW Hori z.
Specifications C-16 C.
D-1 D-1 Appendix D: Montie ren der Bridge Die Bridge k ann auf folgend en Ober flächentyp en montie rt werden: •M a s t • Wand oder elektris cher Kasten (NEMA Enclos ure) Achtun g: Die Bridge darf nur im Freien verw endet werden . Installieren Sie die Bridge n icht in I nnenräum en.
Montieren d er Bridge D-2 D 3. S tecken Sie die Rä nder der V-förmigen Halte rung in die Ausspar ungen in der rechtecki gen Platte un d ziehen Sie di e Muttern f est an. 4. Befestigen Si e die verstell bare, rech teckige Platte mit den beige fügten Schr aube n an de r Bri dge.
V erwenden der Halter ung für Wandmontage D-3 D 5. Befestigen Si e die Bridge m it Halter an der am Mast ange brachten Plat te. Befestig en Sie die drahtlo se Bridge mit de n beigefügt en Muttern an der Halterung .
Montieren d er Bridge D-4 D 2. Halten Sie die Halterung an der gewüns chten S telle an und markieren Si e die Position en der drei Löch er für die Monta geschrau ben. 3. Bohren Sie dr ei Löcher in di e W and, passe nd zu den Schrau ben und den Dübe ln, die der Halt eru ng be igel egt sin d, u nd be fest ige n Si e di e Hal ter ung an der Wand.
Anschließen der externen Antennen D-5 D 5. V erbinden S ie das Ether net-Kabel (und das Netzk abel, fall s erforderlich ) mit den Anschl üssen au f der V o rderseit e der Bridge. Anschließen der extern en Antennen Die in der Bridge ei ngebaute An tenne ist ihre H auptantenne.
Montieren d er Bridge D-6 D Anschließen der Kabel an das Gerät 1. V erbinden S ie das Ethernet -Kabel m it dem Ethern et-Port de r drah tlosen Bridge. 2. Umwick eln Sie als zusä tzlichen Schutz gegen Regen ode r Feuchtig keit den Ethernet -Anschluss mit wasserdi chtem Klebe band (nicht mitgeliefert) .
Anschließen des PoE Injectors D-7 D Anschließen des PoE In jectors So schließe n Sie die drahtlo se Bridge an eine S tromquelle an: Achtun g: In st al lier en Si e den P oE I njec tor n ic ht im Fr eien . Da s Ger ät d arf nur in Innenräumen ins talliert werden.
Montieren d er Bridge D-8 D 1. S tecken Sie de n Netzleitun gssteck er direkt in den sta ndardmäßi gen Netzans chluss de s Injecto r-Moduls. 2. V erbinden Sie das andere En de der Netzleitun g mit einer ge erdeten, 3-po ligen Netzst romquelle . Hinweis: Bei internati onaler V erwen dung müssen Sie event uell die Netzle itung austausch en.
Glossary-1 Glossary 10BASE-T IEEE 802. 3 specific ation for 10 Mbps Ether net over two pai rs of Cate gory 3 or be tter UTP cable. 100BASE- TX IEEE 802. 3u specifica tion for 100 Mbps Fas t Ethernet ove r two pairs of Categ ory 5 or better UTP ca ble.
Glossary-2 Glossar y Broadcast Key Broadca st keys are sen t to stations us ing 802.1X dy namic keyin g. Dynam ic broadcas t key rotation is often used to allow the access po int to gener ate a random group ke y and periodic ally update al l key-manag ement capable wireless clients.
Glos sary- 3 Glossar y IEEE 802 .11b A wireless s tandard that supports wirele ss commun ications in the 2.4 GHz ba nd using Direct Seq uence Spread S pectrum (DS SS). The s tandard prov ides for data rate s of 1, 2, 5.5, and 1 1 Mbps. IEEE 802 .11g A wireless s tandard that supports wirele ss commun ications in the 2.
Glossary-4 Glossar y Power over Ether net (PoE) A specificat ion for provi ding both po wer and data to low- power net work devices using a single Cat egory 5 Ethe rnet cabl e. PoE provides greater fle xibility in the lo cating of acc ess point’s and netw ork dev ices, and sign ificantly decrease d installation c osts.
Glos sary- 5 Glossar y Temporal Key Integrity Pr otocol (TKIP) A data encryptio n method designed as a replaceme nt for WEP . TKIP avoids the problem s of WEP static key s by dynam ically chan ging data encry ption keys . Trivial File Tra nsfer Protocol (TFTP) A TCP/IP pr otocol comm only used f or software downl oads.
Glossary-6 Glossar y.
Index-1 Numerics 802.11g 7-95 A AES 6-84 auth entic ati on 6-12 cipher s uite 6-86, 7-120 closed system 7-108 configu ring 6-12 MAC ad dress 6-13, 7-69, 7- 70 type 6-73, 7-108 web redire ct 6-14 B Bas.
Index Index-2 firmware displa ying vers ion 6-30, 7-24 upgradin g 6-29, 6-31, 7-56 frag menta tion 7 -104 G gatewa y addres s 5-2, 6-6, 7-1, 7-89 H hard ware ve rsio n, di splay ing 7- 24 HTTP, se cure server 7 -20 HTTPS 7-19 I IAPP 7-132 IEEE 802 .
Index Index-3 RSSI BNC 1-7 RTS threshol d 6-63, 7-105 S Secure Sock et Layer See SSL securit y, options 6-73 sessio n ke y 6-8 8 shared k ey 6-79, 7-122 Simp le Netw ork Ti me Proto col See SNTP SNMP .
Index Index-4.
.
Model Number: WA6202 A / WA6202AM Pub. Nu mber: 14910003 4900E E1 12006-DT-R01.
An important point after buying a device Edge-Core WA6202A EU (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Edge-Core WA6202A EU yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Edge-Core WA6202A EU - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Edge-Core WA6202A EU you will learn all the available features of the product, as well as information on its operation. The information that you get Edge-Core WA6202A EU will certainly help you make a decision on the purchase.
If you already are a holder of Edge-Core WA6202A EU, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Edge-Core WA6202A EU.
However, one of the most important roles played by the user manual is to help in solving problems with Edge-Core WA6202A EU. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Edge-Core WA6202A EU along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center