Instruction/ maintenance manual of the product SMC2552W-G2 SMC Networks
Go to page of 296
.
38 T esla Irvine, CA 92618 Phone: (9 49) 679-8000 EliteConnec t ™ SM C2552W -G2 2.4G Hz Wire less Acce ss Poi nt The eas y way to mak e all yo ur network connections May 2006 Revisi on Num b er: R01 F4.
Copyright Informati on furni shed by SMC Networks, I nc. (SMC) is believed to be accura te and re liable. However , no responsibility is assumed by SMC for its u se, nor for any infringements of p atents or other rights of third parties which may result from its use.
i C OMPLIA NCES Federal Communica tion Commission Interference St ateme nt This equipment has been tested and found to c omply with the limits for a Class B digital device, pursuant to Part 15 of th e FCC Rules. These limits are designed to provide reasonable pr otection against harmf ul interference in a residential installation.
C OMP LIANCE S ii aux appareils numériques de Classe B prescr ites dans la norme sur le matérial brouilleur: “Appareils Numériques,” NMB-003 édictée par l’Industrie.
C OMPL IA NCES iii • This de vice will automati cally limi t the allo wable channel s determine d by the c urrent cou ntry of operation . Incorrectly ent ering the country of oper ation may resu lt in i llega l opera tion and may cause h armful inter ference to other systems.
C OMP LIANCE S iv Declaration of Conformity in Language s of the European Community English Hereby, SMC, d eclares that this Radio LA N device is in compliance with the es sential requirements and other relevant provisions of Directive 1999/5/EC.
C OMPL IA NCES v Safety Compliance Power Cor d Safety Please read the following safety information carefully before installing the access point: W ARNING: Installation and removal of the unit must be c arried out by qualified personnel only .
C OMP LIANCE S vi Important! Before making connections, make sure you have the correct cord set. Check it (read the label on the cable) against the following: Powe r Cord S et U.S.A. and Canada The cord set must be UL-approved and CSA certified. The minimum specifications for the flexible cord are: - No.
C OMPL IA NCES vii Veuillez l ire à fond l'informati on de la sécurité sui vante avant d'installe r le acce ss poin t: A VERTISS EMENT : L ’installation et la dépose de ce groupe doivent être confiés à un personnel qualifié.
C OMP LIANCE S viii Bitte unbedin gt vor dem Einbauen de s Access Point die folg enden Sicherheitsa nweisungen durchle sen (Germany) : W ARNUNG: Die Installation und der Ausbau des Geräts darf nur durch Fachpersonal erfolgen. • Das Gerät sollte nicht an ei ne ungeerdete Wechselstromst eckdose angeschlossen werden.
C OMPL IA NCES ix Stromkabe l . Dies muss von dem Land, in dem e s benutzt wird geprüft w erden: U.S.A und Kanada Der Cord muß das UL gepruft und war das CSA beglaubigt. Das Minimum spezifikation fur der Cord sind: - Nu. 18 AWG - nicht m ehr als 2 meter, oder 16 AWG .
C OMP LIANCE S x.
xi Table of Contents Chapter 1: Introduction 1-1 Packag e Checklist 1-2 Hardware Description 1-2 Component Description 1-3 Feat ures and Be nefits 1-5 System Default s 1-6 Chap ter 2: Hard ware In sta.
xii Contents VLAN 6-19 WDS Settings 6-21 AP Managem ent 6-27 Administ ration 6-28 System L og 6-32 SNMP 6-36 Configu ring SNMP and Tra p Message Param eters 6-37 Configu ring SNMPv3 Users 6-42 Configu.
xiii Contents countr y 7-12 prompt 7-1 4 system nam e 7-14 username 7-15 password 7-1 5 ip ssh-serv er enable 7-16 ip ssh-server port 7-16 ip telnet-serv er enable 7-17 ip http port 7-17 ip http serve.
xiv Contents snmp-se rver host 7-43 snmp -serve r trap 7-44 snmp-se rver engine-id 7-4 6 snmp-se rver user 7-46 snmp-server targ ets 7-48 snmp -serve r filter 7-49 snmp-serve r filter-assig nments 7-5.
xv Contents Filt ering Co mmands 7-73 filter loc al-bridge 7-73 filter ap-m anage 7-74 filter upli nk enable 7-7 4 filter upli nk 7-75 filter ethe rnet-type enab le 7-75 filter ethe rnet-type proto co.
xvi Contents beacon-in terval 7-10 1 dtim-perio d 7-102 fragmenta tion-length 7 -102 rts-thresho ld 7-103 super-g 7 -104 descripti on 7-104 ssid 7 -105 closed-s ystem 7-105 max -associ atio n 7-106 as.
xvii Contents wmm 7-131 wmm-ac knowle dge-policy 7 -131 wmmp aram 7-1 32 Appendix A: T r ouble s hooting A-1 Appendix B: Ca bles and Pinouts B-1 Twis ted-Pair Ca ble Assignmen ts B-1 10/100BASE-TX Pi .
xviii Contents.
1-1 Chapter 1: Introd uction The 2.4 GHz Wir eless Acce ss Point is an IEEE 8 02.1 1 b/g access point that provides transparent , wireles s high-s peed da ta commu nications between the w ired LAN and fixed or mobi le device s equipped wi th an 802.1 1b, or 802 .
Introduction 1-2 1 Package Checklist The 2.4 GH z Wirele ss Access Po int package includ es: • One 2.4 GHz W ireless Acce ss Point • O ne Cate gory 5 networ k cable • O ne RS-23 2 consol e cable.
Hardware Desc ription 1-3 1 Rear Panel Component Descript ion Antennas The access point includ es integrat ed diversity antennas fo r wireless comm unications . A diver sity antenna system us es two iden tical anten nas to recei ve and tran smit signals , helping to avoi d multipath fading effects.
Introduction 1-4 1 Security Slot The access point includ es a Kensingt on security s lot on the rear panel. Y ou can prevent una uthorize d removal of the access point by wrap ping the Kens ington sec urit y cable (not pr ovided) aro und an unm ovable o bject, i nser ting th e lock in to the slot, and turnin g the key .
Features and Bene fits 1-5 1 Reset Button This button is used to r e set the access point o r res tore the fa ctory defaul t configur ation. If you hol d down the button for less t han 5 second s, the acces s point will perfor m a hardware reset.
Introduction 1-6 1 System Defaults The follow ing table lists some of the access point ’s basic system def aults. To reset the acce ss point defau lts, use the CLI command “reset confi guration” fro m the Exec lev el pr omp t.
System Defaults 1-7 1 MAC Auth entication MAC Disabled Authen tication Se ssion Timeout 0 minutes (disabled ) Local M AC System Defa ult Allowed Local M AC Permis sion Allowe d 802.
Introduction 1-8 1 System L ogging S yslog Disab led Loggi ng Host Disa bled Logging Console Disab led IP Addr ess / H ost Name 0.0.0.0 Loggi ng Level Infor mat i onal Loggi ng Faci lity T ype 16 System C lock SNTP S erver Stat us Enabled SNTP S erver 1 IP 13 7.
System Defaults 1-9 1 Wireless I nterface 802.1 1 b/g (cont d.) Antenn a ID 0x0000 Antenn a Location Indoor Wireless S ecurity 802.1 1 b/g Authen tication Type Op en System Data En cryption Disabled W.
Introduction 1-10 1.
2-1 Chapte r 2: Hard ware Install a tion 1. Select a Site – Cho ose a proper place fo r the access point . In general, the best location is at the c enter of y our wireles s covera ge area, wi thin line of sight of al l wir eless de vices.
Hard ware Ins tallat i on 2-2 2 3. Connect th e Pow e r C or d – C onnect the power adap ter to the acces s point, and the po wer cord to an AC po wer outlet. Othe rwise, the acc ess point can der ive it s operat ing po wer dire ctl y from the RJ-45 port when co nnected to a device that provide s IEEE 802.
3-1 Chapter 3: Exte rnal Ant en nas The SMC2 552W-G2 pr ovides a va riety of ex ternal an tenna option s for extend ing the radio rang e and shaping the coverge ar ea. Thes e antennas offer a nu mber of different mou nting locatio ns, includi ng indoor or outdo or , wall, ceil ing, or radio ma st.
External Antennas 3-2 3 • Omnidirectional Antenn as - Consid er these factors when selecting a location for these ante nnas: • Always moun t the antenna i n a vertical ori entation so that the radio coverag e pattern fills t he intended horizontal space.
Installati on Procedures 3-3 3 T o connect pigta il cables to the ac cess point , follow thes e steps: 1. Di sable the acces s point radio using the web brow ser interfac e, CLI, or SNM P . 2. Rem ove power to the acces s point. 3. Rem ove both of the access poi nt’s antennas by unscrewing them at their bas e.
External Antennas 3-4 3 5. Rec onnect po wer to the acc ess point. Note: Before enabling the radio with an external antenna attached, be sure to first configure the acces s point’s antenna mode.
4-1 Chapter 4: Netwo rk Con figuration Wireles s networks su pport a stand- alone config uration as w ell as an integra ted configur ation with 10/100 Mbps Etherne t LANs. The 2.4 GHz Wireles s Access Point also provi des repeat er and bridgin g services t hat can be conf igured indep endently on 2.
Network Configur ation 4-2 4 Network Topologies Ad Hoc Wirele ss LAN (no Access Point) An ad hoc w ireless LAN cons ists of a group of com puters, each equipped w ith a wireless adapter , connected via radio sign als as an inde pendent wir eless LAN .
Network T opo logies 4-3 4 Infrastr ucture Wireless LAN The a ccess po int also provid es acces s to a wi red LAN fo r wir eless work stat ions. An integrated wired/wirel ess LAN is cal led an Infrastr ucture confi guration.
Network Configur ation 4-4 4 Infrastr ucture Wireless LAN for Roaming Wireless PCs The B asic Servi ce Set ( BSS) define s the commun ications d omain for each ac cess point and i t s associate d wireless clien ts.
Network T opo logies 4-5 4 Infrastr ucture Wireless Bridge The IEEE 802 .1 1 s t andard defines a W Ireless Distribution Sy stem (WDS) for bridge connect ions betwee n BSS areas (acc ess poin t s ). The access point uses W DS to forwar d traffic on links betw een units.
Network Configur ation 4-6 4 Infrastr ucture Wireless Repeater The access point can al so operate in a br idge “repeat er” mode to ex tend the ran ge of links to wir eless clien t s. The ac cess point uses WDS to for ward traffic betwe en the repeat er bridge an d the root bridge.
5-1 Chapter 5: Init ial Configuration The 2.4 GH z Wireless Ac cess Point offers a vari ety of manage ment option s, includin g a web-bas ed interface , a direct conn ection to the console port, T elne t, Secure Shell (SSH), or using SNMP s oft ware. The initia l conf igurati on ste ps ca n be made through the we b brows er i nte rface or CLI.
Initial C onfiguratio n 5-2 5 Note: When using Hy perTerminal with Micros oft ® Windows ® 2000, make sure t hat you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s V T100 emulation.
Logging In 5-3 5 After configu ring the acce ss point’s IP param eters, you can acces s the mana gement interface f rom anywhe re within the at tached networ k. The comma nd line inter face can also be accessed using T elnet from any comput er attached to th e network.
Initial C onfiguratio n 5-4 5 The hom e page displays the Ma in Menu ..
6-1 Chapter 6: System Co nfigur ation Before cont inuing wi th advance d configur ation, first co mplete the ini tial configu ration steps descr ibed in Chap ter 4 to set up an I P address for the acces s point. The access point can be m anaged b y any comput er using a web br owser (Int ernet Explorer 5.
System Configurati on 6-2 6 Advanced Configuration The Adv anced Config uration pages in clude the fol lowing optio ns. T able 6- 2. Menu Menu Desc ription Page System Configur es bas ic administ rati.
Advanced Configur ation 6-3 6 System Identification The syste m name for th e access poin t can be left at its default set ting. Howev er , modi fying t his p aramet er ca n help you to m ore easil y distin guish di ffer ent device s in your n etwork.
System Configurati on 6-4 6 CLI Comma nds for Sy stem Iden tific ation – Ente r the gl obal co nfigur ation mod e, and use the sy st em nam e comman d to specif y a new system name. Then r eturn to the Exec mode , and use th e s how system command to display th e changes to t h e system identificati on settings .
Advanced Configur ation 6-5 6 TCP / IP Se ttings Configu ring the acc ess poi nt with an I P address expands yo ur ability to m anage the access po int.
System Configurati on 6-6 6 • S ubnet Mas k: The mask tha t identifies t he host addr ess bits use d for routing to specific subnets . • D efault G ateway: Th e defau lt gatewa y is the I P addres s of the router for the acce ss point, w hich is u sed if the request ed desti nation addr ess is no t on the local sub net.
Advanced Configur ation 6-7 6 RADIUS Remote Authenticati on Dial-in User Service (RADIUS ) is an authen tication protoc ol that uses so ftware runni ng on a centra l server to cont rol access to RADIUS -aware devices on the networ k.
System Configurati on 6-8 6.
Advanced Configur ation 6-9 6 MAC A ddress Format – MAC a ddresse s can be spec ified in one of four fo rmats, using no d elimeter , with a sing le dash delimet er , with mul tiple dash de limeters , and with multip le c olon delimeters.
System Configurati on 6-10 6 CLI Commands for RADIUS – From the global co nfigurati on mode, use the radius-server address com mand to sp ecify the address of the pr imary or secondar y RA DIUS ser vers. ( The follow ing exa mple co nfigures the set tings for the primary RADIUS server .
Advanced Configur ation 6-11 6 SSH Settings T e lnet is a remo te managem ent tool that c an be used to con figure the acc ess poin t from anyw here in the ne twork. Ho wever , T elnet is not secure f rom hostile at t acks. The Secure Shell (SSH) can ac t as a secure repla cement fo r T elnet.
System Configurati on 6-12 6 CLI Commands for SSH – T o enable the SSH serv er , use the ip ssh-serv er enabl e comm and from the CLI Ethernet inter face config uration mode .
Advanced Configur ation 6-13 6 MAC Authentication – Y ou can con figure a list of th e MAC addr esses for wirel ess clients that are au thorized to access the network. Thi s provide s a basic level of aut hentic ati on for wir eless cl ients att empting to gai n acces s to the ne twork .
System Configurati on 6-14 6 802.1X Su ppli ca nt – The ac cess poi nt can also oper ate in a 802.1X su pplicant mode . This enabl es the access p oint it self to b e authen ticate d with a RADI US serve r using a co nfigured MD5 user name and password.
Advanced Configur ation 6-15 6 CLI Commands for Local MAC Authentication – Use the ma c-authen tication serve r comm and from the global config uration mod e to enable loca l MAC authenti cation.
System Configurati on 6-16 6 CLI Commands for RADIUS MAC Authentication – U se t he mac-authenti cation serve r comm and from the global config uration mod e to enable r emote MAC authenti cation. Set the timeout value for re-authentic ation using th e mac- aut h enticat i on sessi o n-time ou t comm and.
Advanced Configur ation 6-17 6 Filter Control The access point can em ploy netwo rk traffic frame filt ering to control access to network resource s and in crease security . Y ou can pre vent com municat ions betwe en wireless clients and pre vent access point mana gement from wireless cl ients.
System Configurati on 6-18 6 • M AC Address : Specifi es a MAC addr ess to filte r, in the form xx -xx-xx -xx-xx -xx. • P ermissio n: Adds or delet es a M AC addr ess fro m the f iltering t able.
Advanced Configur ation 6-19 6 VLAN The acc ess poi nt can employ VLAN taggi ng sup port to co ntrol a ccess to networ k resources and increase security . VLANs separa te traf fic passing betwe en the access po int, associ ated clients, and the w ired netw ork.
System Configurati on 6-20 6 When setting u p VLAN IDs fo r each user on the RADIUS server , be sure to u se the RADIUS attributes an d values as indicated in th e following table . VLAN IDs on the RADIUS server ca n be entered as hexadecim al digits or a string (see “radi us-server vl an-format ” on page 7-63 ).
Advanced Configur ation 6-21 6 WDS Settings Each acces s point rad io interface can be configured to operate in a br idge or repeat er mode, which allows it to forw ard traffic direc tly to other acce ss point uni ts.
System Configurati on 6-22 6 • Br idge: Oper ates as a bridge to other acc ess points. The “Paren t” link to the root bridge mu st be confi gured.
Advanced Configur ation 6-23 6 Sp anning T ree Pro tocol – STP uses a d istributed algor ithm to selec t a bridging device (S TP-compl iant switch , bridge or rou ter) that serves as the root of the spanning tre e network .
System Configurati on 6-24 6 designa ted ports. After de termining the lowes t cost spann ing tree , it enable s all root ports and de signated po rts, and disables al l other ports. Net work packets are the refore only f orwar ded betw een r oot po rts and de signa ted po rts, el iminat ing any possible networ k loops.
Advanced Configur ation 6-25 6 • Link P ath Cos t – This param eter is used b y the STP to determi ne the best path between devices . Therefore, lower values should be assigned to ports a ttached to faster m edia, and high er values ass igned to port s with slower m edia.
System Configurati on 6-26 6 CLI Commands for STP Settings – I f the role of a radio i nterface is se t to Repeate r , Bridge or Roo t Bridge, STP can be enabled on t he access poi nt to maintain a valid network topology . T o globally ena ble STP , us e the bridge stp en able co mmand from the CLI configurati on mode.
Advanced Configur ation 6-27 6 AP Management The Web, T e lnet, and SNMP m anageme nt interf aces are enabled and o pen to all IP address es by defa ult.
System Configurati on 6-28 6 CLI Comm ands for AP Man agement feat ures. Administration Chan g ing t h e Pass word Manage ment acces s to the web and CLI interf ace on the acce ss point is cont rolled throug h a single user na me and passwo rd.
Advanced Configur ation 6-29 6 Upgrading Firm ware Y ou can up grade new ac cess poi nt software from a l ocal file on the manageme nt work stat ion, or from an FTP or T FTP serv er . New softwa re may be provi ded period ically from your distributo r .
System Configurati on 6-30 6 Before up grading new s oftware, ver ify that t he acc ess point is con nected t o the net work and has bee n config ured wit h a compat ibl e IP ad dress and subn et mask.
Advanced Configur ation 6-31 6 CLI Commands for Download ing Software from a TFTP Ser ve r – Use the cop y tf tp file command from the Exec mod e and then spec ify the file type , name, and IP address of the TFTP server .
System Configurati on 6-32 6 System Log The access point can be co nfigured to send event an d error messa ges to a System Log Ser ver . The syste m clock can a lso be s ynchroniz ed with a time s erver , so tha t all the message s sent to the Syslo g server are s t amped with t he cor rect time and date.
Advanced Configur ation 6-33 6 Logging Level – Set s the mi nimum s everity level for ev ent lo ggin g. (Default: Info rmational) The syste m allows you t o limit the messa ges that ar e logged by spe cifying a mini mum sever it y leve l.
System Configurati on 6-34 6 CLI Commands for System Log ging – T o enable logging on the ac cess poin t, use the logging on com mand from the global con figuration m ode. The logging lev el comm and sets the minim um level of mes sage to log. U se the logging co nso le comm and to e nable lo gging to the con sole.
Advanced Configur ation 6-35 6 Note: The access point also allows you t o disable SNTP and set the system clock manually. Set Time Zone – S NTP us es Coor dinated Universal T im e (or UT C, form erly Greenw ich Mean Time, or GMT) based on the time at the Earth’s prime me ridian, zero degr ees longitude .
System Configurati on 6-36 6 CLI Comm ands for the Sy stem Clock – The following exa mple sh ows how to manu ally s et t he sy stem ti me when SNT P ser ver suppor t is dis abled o n the ac cess point. SNMP Simp le Networ k Manage ment Pr otoco l ( SNMP) i s a communic ation pr otoco l designe d specifical ly for manag ing device s on a network.
SNMP 6-37 6 Configuring SNMP and T rap Message Parameters The access point SNMP agent must be en abled to fun ction (for vers ions 1, 2c, and 3 clients). Mana gement acc ess usin g SNMP v1 and v2c also requires commu nity strings t o be configure d for authen tication.
System Configurati on 6-38 6 Commu ni ty N am e ( Rea d/Write) – Defi n es the SNMP community access s t ring t h at has read/ write access . Authorized managem ent stations are a ble to both retriev e and modif y MIB objects.
SNMP 6-39 6 T ra p C on figuratio n – Allows selection of speci fic SNMP notificat ion s to s end. The following i tems are av ailable: • sy sSystemUp - The access point is up and runn ing. • sy sSystemDo wn - The acces s point is abou t to shutdow n and reboo t.
System Configurati on 6-40 6 • do t11StationA uthenticat eFail - A client stati on has tried and fai led to authentic ate to the netwo rk. • Enable All Traps - Click th e butto n to enable a ll t h e availab le traps. • Disable All Traps - Click the but ton to d isable all t he avai lable t raps.
SNMP 6-41 6 T o view the current SNMP sett ing s, us e the show snm p command. Enterprise AP#show snmp 7-54 SNMP Information ========================================= ===== Service State : Enable Comm.
System Configurati on 6-42 6 Configuring SNMPv3 Users The access point allows up to 10 SNMP v3 users to be conf igured. Each us er must be defined by a uni que name, assigned to one of three pre-defin ed security gro ups, and config ured with spe cific authe ntication an d encryp tion settings.
SNMP 6-43 6 CLI Commands for Configuring SNMPv3 Users – Us e the snmp - ser ve r engine- id comm and to define the SN MP v3 eng ine before ass igning use rs to groups. Use the snmp-s erver user co mmand to as sign users to one of the three gr oups and set the appropr iate authent ication and encryptio n types to be us ed.
System Configurati on 6-44 6 Configuring SNMPv3 T rap Filters SNMP v3 users can be c onfigure d to rece ive no tification m essages from the access point.
SNMP 6-45 6 Note: Only the Ne w Filter page allows the Filter ID to be configured. Filter ID – A us er-d efined name t hat id enti fies t he fil ter . (Ma ximum leng th: 32 charact ers) Subt ree OID – Sp ecifies MIB su btre e to be fil tered . Th e MIB subtr ee mu st be defined in the form “.
System Configurati on 6-46 6 Configuring SNMP v3 T arget s An SNMP v3 notification T arget ID is specified b y the SNMP v3 use r , IP address, and UDP po rt. A user-def ined filter ca n also be assign ed to specif ic targets to limit the notific ations receive d to specif ic MIB objects.
SNMP 6-47 6 Ta r g e t I D – A user-defined name that ident ifies a receiver of no tifications . The access po int suppor t s up to 10 targe t IDs. (Maxi mum length : 32 charact ers) IP Addr ess – S peci fies t he IP ad dress o f the r eceivin g manage ment st atio n.
System Configurati on 6-48 6 Radio Interface The IEEE 802.1 1b/g inter face include s configur ation options f or radio sign al charact eristics an d wireless security featu res. The IEEE 802.1 1g standard operates with in the 2.4 GHz ba nd at up to 54 M bps.
Radio Interface 6-49 6 Radio C hannel – The radio cha nnel that the access point uses to com municate w ith wireless clients. Wh en multip le access points are deployed i n the sam e area, s et the channel on neighbor ing access po ints at least five cha nnels apart to avo id interfere nce with ea ch other.
System Configurati on 6-50 6 Maximum S tation Dat a Rate – The maximum data rate at which the a ccess point transm its unicast pack ets on the wireles s interface . The maximu m transmi ssion distance is affected by the data ra te. The lowe r the data rate, the longer the transmi ssion distance .
Radio Interface 6-51 6 Super G – The Atheros pr oprietary Super G performanc e enhancem ents are suppo rted by the ac cess point. Th ese enhan cements inclu de bursting, compr ession, fast frames and dynamic turbo. M aximum th roughpu t ranges be tween 40 to 60 Mb ps for connections to Atheros- compatible clients .
System Configurati on 6-52 6 Fragme ntation Le ngth – Con fig ure s the mi nimum p acket s ize tha t ca n be fra gmented when pass ing thr ough th e acces s poi nt.
Radio Interface 6-53 6 CLI Commands for Radi o Sett i n g s – Fr om the global co nfigurati on mode, enter the interfa ce wirele ss g command to access the 802.1 1g radio int erface. From the 802.1 1g inter face mode , you can acces s radio set tings that apply to all V AP interfaces .
System Configurati on 6-54 6 Configuring VAP Ra dio Settings T o configure V AP radi o settings, sel ect the Radi o Settings page. Default VLAN ID – The VLAN ID as signed to wi reless clients as sociated to the V AP interface t hat are not assign ed to a spec ific VLAN by RAD IUS serve r configurati on.
Radio Interface 6-55 6 WP A2 PMKSA Life Time – WP A2 prov ides fast roa ming for authen ticated clien ts by retaining ke ys an d other s ecurity se ttings in a cach e for e ach V AP . In this w ay , when clients roam back into a V A P they had pr eviously bee n using, re-au thentica tion is not required .
System Configurati on 6-56 6 Rogue AP – A “rogu e AP” is either an acc ess poin t that is not author ized to participate in th e wireless net work, or an access p oint that doe s not have t he correct security configur ation.
Radio Interface 6-57 6 rogue-ap scan c ommand. T o view th e database o f detect ed acce ss points, u se the show r ogue-ap comman d from the E xec level. Configuring Wi -Fi Multimedia Wireles s networks offer a n equal oppor tunity for all dev ices to trans mit data from any typ e of applica tion.
System Configurati on 6-58 6 WMM Operat ion — WMM use s traffic priority bas ed on the four ACs; V oice, V i deo, Best Effort, and Back ground. The higher the AC priority , t he higher the pr obability that data is transm itted.
Radio Interface 6-59 6 Figure 6-1. WMM Backoff Wait Times For high-p riority traffic, the AIFSN an d CW value s are smaller . The smaller values equate to l ess backoff and wa it time, and th erefore mor e transmit opp ortunitie s. T o confi gur e WMM, select the R adio Set tin gs pa ge, and scr oll down t o the WMM configur ation setting s.
System Configurati on 6-60 6 WMM – Sets the WMM operational mode on the ac cess point . When enabl ed, the parameter s for each AC queu e will be empl oyed on the acc ess point an d QoS capabilities ar e advertis ed to WMM-e nabled clien ts. (Default: Sup port) • D isable: WMM is disabled.
Radio Interface 6-61 6 CLI Commands for WMM – Enter inte rface wireless mo de and type wmm requ ired for clients that want to associa te with the ac cess point . The wmm-acknowledge-policy comma nd is use d to enable or disable a policy for e ach access ca tegory .
System Configurati on 6-62 6 Securit y The access point is con figured by def ault as an “ope n system, ” which broad casts a beacon si gnal includin g the config ured SSID.
Radio Interface 6-63 6 • Wi-F i Pr otecte d Acces s (WPA o r WPA2 )page 6- 73 Bot h WEP and WP A secu rity se ttings are conf igurab le sep arate ly f or e ach virt ual access po int (V AP) interfac e. MAC addre ss filtering, an d RADIUS se rver settin gs are global and apply to all V AP interfa ces.
System Configurati on 6-64 6 Note: You must enable data encryption through the web or CLI in order to enable all types of encryption (WEP, TKIP, or AES) in the access point. The ac cess poin t can simul tane ously sup port cli ents us ing vari ous dif fer ent secur ity mech anisms.
Radio Interface 6-65 6 802.1x W P A onl y Inte rface Deta il Settings : Authentica tion: WPA Encryption : Enable WP A Clie nts: Re quired Cipher Suite: TKI P 802.
System Configurati on 6-66 6 Note: If you choose to configure RADIUS MA C authentication together wit h 802.1X, the RADIUS MAC addres s authentication occurs prior to 802.1X aut hentication. Only when RADIUS MAC authentication succeeds is 802.1X authentication performed.
Radio Interface 6-67 6 Before enab ling the radi o service for any V AP , first config ure the WEP , WP A, and 802.1X se curity setti ngs describ ed in the followi ng section s.
System Configurati on 6-68 6 Enable – Enable s radio comm unications on the V AP i nterface. (D efault: Disabled ) Note: You must first enable VAP interface 0 before you can enable ot her VAP interfaces. SSID – The na me of the bas ic servic e set prov ided by a V AP int erface.
Radio Interface 6-69 6 • Al phanumer ic: Enter keys as 5 alphanum eric charact ers for 64 bit key s, 13 alphanu meric chara cters for 128 bi t keys, or 16 al phanumer ic character s for 152 bit keys . Key Numb er – Selects the ke y numbe r to use for en cryption for each V AP interface.
System Configurati on 6-70 6 Note: To use 802. 1X on wireless cl ients requi res a network card driver and 802.1X client software that supports the EAP authentication type t hat you want to use. Windows 2000 S P3 or later and Windows XP provide 802.1X client support.
Radio Interface 6-71 6 Enterprise AP(config)#interface wireless g 7-88 Enter Wireless configuration commands, on e per line. Enterprise AP(if-wireless g)#key 1 128 as cii abcdeabcdeabc 7-117 Enterprise AP(if-wireless g)#vap 0 7-95 Enterprise AP(if-wireless g: VAP[0])#no 8 02.
System Configurati on 6-72 6 ----------------Security----------------- ------------------------------- Closed System : Disable d Multicast cipher : WEP Unicast cipher : TKIP an d AES WPA clients : DIS.
Radio Interface 6-73 6 CLI Comm ands for WEP ov er 802.1X Security – Use th e vap comma nd to acces s each V AP interface to confi gure the sec urity setting s. First set 802.1X to required using the 80 2.1x comm and and set t he 802.1X key refresh r ates.
System Configurati on 6-74 6 WP A Pre-Shar ed Ke y Mode (WP A-PSK, WP A2-PSK): F or enterprise de ployment, WP A requires a R ADIUS authenticati on server to be co nfigured o n the wired network .
Radio Interface 6-75 6 the cipher used for broadc ast frames i s always TKIP. W EP encryption i s not allowed. • Key Caching : WPA 2 provides f ast roaming for authenti cated client s by retainin g .
System Configurati on 6-76 6 T o configure WP A, cli ck Security und er Radio A or Rad io G . Se lect one of the V AP interfaces by clicking Mor e. Select one of th e WP A opt ions in the Authe ntication Setup table, and then config ure the paramet ers displaye d beneath the table.
Radio Interface 6-77 6 • W PA: Clients usin g WPA ove r 802.1X are acc epted for au thentication . • W PA-PSK: Clients using WPA with a Pre-shared Key are accepted for authenti cation. • W PA2: Clients us ing WPA2 ove r 802.1X are acce pted for authe ntication.
System Configurati on 6-78 6 CLI Commands for WP A Using Pre-shar ed Key Security – Be su re to first disabl e 802.1X port authenticat ion using the 802.
Radio Interface 6-79 6 CLI Commands for WP A Over 80 2.1X Se curity – First se t 802.1X to requ ired using the 802.1X comm and and set th e 802.1X key re fresh rates. The n 802.1 1g inte rface configur ation m ode, use the vap com mand to acces s each V AP interface to configur e other secur ity settings .
System Configurati on 6-80 6 Open the Sec urity page, and c lick More for one of the V AP int erfaces. Y ou can en able 802.1X as optional ly supported or as require d to enhance t he secu rity of th e wirele ss networ k. (Defa ult : Disa ble) • D isable: The access po int does n ot support 80 2.
Radio Interface 6-81 6 • 802.1X Reauthentication Refre sh Rate: The time p e riod after which a co nnected client mus t be re-auth enticated. D uring the re- authenticati on process of verifying the clien t’s credential s on the RADI US server , the client rema ins conne cted the network .
System Configurati on 6-82 6 Status Information The S tatus page includes information on the following i tems: Access Point St atus The AP St a tus window displays b asic system c onfigurati on settings, as well as the settings for the wireless interface.
Status Information 6-83 6 AP S yste m Confi gurati on – The AP Syst em Config uratio n table dis plays th e basic system configurat ion setting s: • Sys tem Up Tim e: Length of tim e the manag ement agen t has been up. • MAC Ad dress: T he phys ical la yer addr ess fo r thi s devi ce.
System Configurati on 6-84 6 CLI Comm ands for Displ aying System Settings – T o view the current ac cess point system settings, use the show syst em command from t h e Exec mo de. T o view the current ra dio interface settings, us e the show in terf ace wireless g 0 co mmand (see page 7-108 ).
Status Information 6-85 6 St a tion S t atus The S tation S tatus w indow show s the wireless clients currently as sociated w ith the access po int. The S tation Configurat ion page display s basic conn ection infor mation for al l associa ted stations as described be low .
System Configurati on 6-86 6 shared- key app roach uses Wired Equivalent Privacy (W EP) to ver ify client identity by distribu ting a share d key to statio ns before atte mpting auth enticatio n. • A ssociated: Shows if t he station ha s been suc cessfully a ssociate d with the a ccess point.
Status Information 6-87 6 CLI Comm ands fo r Displaying Station S tatus – T o view status of clients curren tly associa ted with the ac cess point, us e the show station c ommand from th e Exec mode. Enterprise AP#show station 7-109 Station Table Information ========================================= ================== if-wireless G VAP [0] : 802.
System Configurati on 6-88 6 Event Logs The E vent Logs window shows the log messages genera ted by t he acce ss point and stored in memo ry . The E vent Logs table disp lays the follow ing inform ation: • Lo g Time: The ti me the log mes sage was gen erated.
Status Information 6-89 6 CLI Commands for Displayi ng Ev en t Logs – T o view the access point log en tries, use the show event-lo g command f rom the Exec mode. T o clear all log entr ies from the acces s point, use t he logging clear comm and from th e Global Conf iguration mode.
System Configurati on 6-90 6.
7-1 Chapter 7: Command Line Interf ace Using the Command Line Interface Acces sing the CLI When acc essing the managemen t interface for the over a dire ct connec tion to the console port, or via a T elnet con nection, the access poin t can be ma naged by entering command ke ywords an d parameters at the prompt .
Command Line In terface 7-2 7 If your cor porate netw ork is conne cted to anothe r network outside your office or to the Int ernet, you need to apply for a register ed IP ad dress. However, if you a re attached to an isolated net work, then yo u can use any IP address th at matches t he network segment to w hich you are a ttached.
Entering Comman ds 7-3 7 Command Com pletion If you termi nate input wi th a T ab key , th e CLI will print the remaini ng characte rs of a partial keyw ord up to the poi nt of ambiguity . In the “configure” example, ty ping con followed by a tab will res ult in pri n ting t h e command u p to “ configure .
Command Line In terface 7-4 7 Partial Keyword L ookup If you termi nate a partial keyw ord with a ques tion mark, alternatives that match th e initial lette rs are provide d. (Remem ber not to leav e a space betwe en the comman d and quest ion mark.) For example “ s? ” shows all the keyw ords starting wi th “s.
Entering Comman ds 7-5 7 Exec Comm ands When yo u open a n ew cons ole session on an a ccess poin t, the syst em enter s Exec comm and mode. Only a limi ted num ber of the co mmand s are avai lable in th is mode. Y ou can ac cess all ot her commands only from the configur ation mode.
Command Line In terface 7-6 7 Command Li ne Processing Comma nds are not ca se sensiti ve. Y ou can ab breviate commands and parameters as long as they contain enoug h letters to diff e rentiate th em from any ot her curre ntly availabl e comman ds or paramete rs.
General Commands 7-7 7 The access mode sho wn in the follow ing tables is indicat ed by these ab breviation s: Exec (Executive Mode ), GC (Globa l Config uration), IC-E (Interface-Eth ernet Conf igurat ion), IC-W (In terface-W ireless Con figuration) , and IC-W-V AP (Interfac e-Wireless V AP Con figuratio n).
Command Line In terface 7-8 7 configure This c ommand activates Global C onfigu ration mo de. Y ou must e nter this mode to modify mo st of the settings o n the a ccess po int. Y ou must also enter Global Configu ration mode prior to enabli ng the contex t modes for Int erface Conf iguration.
General Commands 7-9 7 Example This examp le shows ho w to return to the Ex ec mode fro m the Interfac e Configu ration mode , and then quit the CLI session : ping This comm and sends ICMP echo request packets to an other node on the network . Syntax ping < host _name | ip_a ddress > • host_na me - Alias of th e host.
Command Line In terface 7-10 7 reset This comm and restarts the sy stem or rest ores the fac tory default se ttings. Syntax reset < bo ard | c onfiguration > • board - Rebo ots the system . • co nfi gur ation - Rese ts the configura tion se ttings to the fac tory def aults, and then r eboots the s ystem.
System Management C ommands 7-11 7 show lin e This comm and displ ays the conso le port’s configur ation setting s. Command Mode Exec Example The consol e port setting s are fixed at t he values sho wn below .
Command Line In terface 7-12 7 country This comm and conf igures the acc ess point’s count ry code, whi ch identifies the coun try of oper atio n and set s the aut horize d radio ch annels. Syntax country < countr y_cod e > country_code - A two character code that identifies the cou ntry of operation.
System Management C ommands 7-13 7 Default Sett in g US - for units so ld in the Un ited S tates 99 (no coun try set) - for uni t s sold in ot her countrie s Command Mode Exec Belarus BY Gree ce GR M .
Command Line In terface 7-14 7 Command Usage • If y ou purcha sed an acc ess point out side of the U nited States , the count ry code mus t be set befo re radio functi ons are enabl ed. • The availabl e Country C ode sett ings can be d isplayed by using th e country ? comm and.
System Management C ommands 7-15 7 Command Mode Global Co nfiguration Example username Thi s command confi gures t he us er name for ma nagem ent acc ess.
Command Line In terface 7-16 7 ip ssh-se r ver enable This comm and enable s the Secure She ll server . Use the no form to di sable th e serv er . Syntax ip ssh- server e nable no ip ssh-s erver Defau.
System Management C ommands 7-17 7 ip telnet-se rver enable This comm and enable s the T e lnet serve r . U se the no form to disable t he server . Syntax ip te lnet-s erver ena ble no i p t eln et-se.
Command Line In terface 7-18 7 ip http serv er This c ommand allows t his devic e to b e mon itored or configured from a brows er . Us e the no form to d isabl e this function.
System Management C ommands 7-19 7 Example ip https se rver Use this com mand to ena ble the secu re hypertext trans fer protocol (HTTPS) over the Secur e Socket Laye r (SSL), pro viding sec ure access (i .e., an encr ypted connect ion) to the acc ess point’s Web inter face.
Command Line In terface 7-20 7 web-red irect Use this command to ena ble web-b ased authen tication of cl ients. Use the no form to disabl e this function .
System Management C ommands 7-21 7 APmgmtIP This comm and specif ies the clien t IP addresses that are allow ed manage ment access t o the access po int through va rious prot ocols. Cauti on: Secure Web (HT TPS) connections are not affected by the UI Management or IP Management set tings.
Command Line In terface 7-22 7 APmgmtUI This comm and enabl es and disab les manage ment acce ss to the acce ss point through SN MP , T elnet and we b interfaces . Cauti on: Secure Web (HTT PS) connections are not affected by the UI Management or IP Management set tings.
System Management C ommands 7-23 7 show sy stem Thi s command dis plays basi c system conf igurat ion setti ngs. Default Sett in g None Command Mode Exec Example Enterprise AP#show system System Infor.
Command Line In terface 7-24 7 show ve rsion This com mand disp lays the softw are vers ion for the sys tem. Command Mode Exec Example show co nfig This c ommand displays detailed c onfigurati on info rmation for the sy stem.
System Management C ommands 7-25 7 Hardware Version Information ========================================= == Hardware version R01A ========================================= == Ethernet Interface Information ======================================== IP Address : 192.
Command Line In terface 7-26 7 Logging Information ========================================= ============ Syslog State : Disabled Logging Console State : Disabled Logging Level : Informationa l Logging Facility Type : 16 Servers 1: 0.0.0.0 , UDP Port: 514, St ate: Disabled 2: 0.
System Management C ommands 7-27 7 dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot 11StationAuthentication Enabled dot11StationReAssociation Enabled dot11S.
Command Line In terface 7-28 7 show hard ware Thi s command di spla ys the har dwar e versio n of the syst em. Command Mode Exec Example System Logging Comman ds Thes e command s are us ed to confi gure syst em loggin g on the acc ess poi nt.
System Logging C ommands 7-29 7 logging on This comm and contro ls logging of error messag es; i.e., sen ding debug or error message s to me mory . The no form disable s the loggin g process.
Command Line In terface 7-30 7 Example logging co nsole This comm and initia tes logging of error messag es to the cons ole. Use the no form to d isable loggi ng t o the co nsole.
System Logging C ommands 7-31 7 Command Usage Messag es sent includ e the select ed level down to Emergency l evel. Example logging fac ility-type This comm and sets the fa cility type for r emote loggi ng of syslog messages.
Command Line In terface 7-32 7 Command Usage The comm and spec ifies the facility ty pe tag sent in syslog m essages . (See RFC 3164. ) This type has no effect on the kind of m essages reported by the acce ss point. Howeve r , it may be use d by the sysl og server to so rt mes sages or to store me ssages in the c orresp onding da tabase.
Syst em Cl ock C omma nds 7-33 7 show ev ent-log This comm and displ ays log mess ages stored in the acces s point’s memory . Syntax show event-l og Command Mode Exec Example System Clock Command s Thes e comma nds are used to config ure SNTP and system c lock s ettings on the access po int.
Command Line In terface 7-34 7 sntp-ser ver ip This comm and sets the IP addr ess of the se rvers to which SN TP time reques ts are issued. U se the this com mand with no argumen t s to clear all time serve rs from the current l ist. Syntax sntp -server ip < 1 | 2 > < ip> • 1 - Firs t time s e rver.
Syst em Cl ock C omma nds 7-35 7 Command Mode Global Co nfiguration Command Usage The time ac quired from time server s is used to recor d accurate da tes and times for log ev ents. Without SNTP , the acces s point only re cords the time starting fr om the factory d efault s et at the last b ootup (i.
Command Line In terface 7-36 7 sntp-ser ver dayl ight-s avi ng This comm and sets the start an d end dates fo r daylight sa vings time. Use the no form to disa ble daylight savings tim e.
Syst em Cl ock C omma nds 7-37 7 Command Usage This c ommand sets the loc al time zone r elative t o the C oordinated Univer sal T ime (UT C, for merly Greenw ich Mean Ti me or GMT), based on th e earth’ s prime m eridian, zero de grees lon gitude.
Command Line In terface 7-38 7 DHCP Relay Commands Dynami c Host Configur ation Protoc ol (DHCP) can dy namical ly allocate an IP addr ess and ot her confi gurati on infor mation t o netw ork cli ent s that br oadcast a request. T o receive the broadcast reque s t, the DHCP server would normally have to be on the same subnet as the client.
DHC P Relay Co mmands 7-39 7 dhcp-re lay This c ommand configur es the p rimary and se condary D HCP server a ddresse s. Syntax dhcp-relay < primary | seconda ry > < ip_addre ss > • primary - The primary DHCP server. • secondar y - The secon dary DHC P server.
Command Line In terface 7-40 7 SNMP Command s Controls a ccess to thi s access po int from mana gement stati ons using the Si mple Network M anagemen t Protocol (S NMP), as well as the hosts that will receive trap messag es.
SNMP Commands 7-41 7 snmp- server com munity This comm and define s the comm unity acce ss string for th e Simple Networ k Manage ment Protoc ol. Use the no form to remo ve the speci fied co mmunity string.
Command Line In terface 7-42 7 Command Mode Global Co nfiguration Example Related Commands snmp -server l ocatio n (7-43) snmp- server loc ation This comm and sets the sys tem loca tion string.
SNMP Commands 7-43 7 Command Mode Global Co nfiguration Command Usage • Thi s comman d enable s both authen tication failu re notificatio ns and link-up-do wn notifi cations. •T h e snmp-s erver h o st command specifi es the host devic e that will receive SNMP notificatio ns.
Command Line In terface 7-44 7 Command Usage The snmp- ser ver hos t comman d is us ed in c onj unctio n wi th t he snmp-s erver enabl e server com mand to enab le SNMP not ifications . Example Related Commands snmp- server enable server (7-4 3) snmp- server tr ap This comm and enable s the access po int to send spec ific SNMP traps (i.
SNMP Commands 7-45 7 - dot1xAuthFa il - A 802.1X c lien t s tation has failed RA DIUS authenti cation. - dot1xSupp Authenticate d - A supplicant station has bee n success fully authenticated by the RA.
Command Line In terface 7-46 7 snmp- server eng ine-id This command is u sed for SNMP v3 . It is u sed to unique ly identi fy the access p oint among all access points in the network.
SNMP Commands 7-47 7 • The SNM P engi ne ID is used to compu te the a uthentic ation/privac y dige sts from th e pass ph rase. You s hould theref ore config ure the eng ine ID wit h the snmp-s er ver eng ine-id c ommand be fore using this c onfigurati on comm and.
Command Line In terface 7-48 7 Example snmp- server tar gets This c ommand configur es SNM P v3 no tification targets. Use the no form to del ete an SNMP v3 target .
SNMP Commands 7-49 7 snmp- server filte r This comm and confi gures SNMP v 3 notificati on filters. Use the no form to delete an SNMP v3 filter or remove a subtree from a filter .
Command Line In terface 7-50 7 snmp- server filte r-assignments This comm and assign s SNMP v3 notification fil ters to targets. Use the no form to remove an SNMP v3 filte r assign ment.
SNMP Commands 7-51 7 Example show sn mp users This c ommand displays the SNM P v3 u sers a nd setting s. Syntax show s nmp user s Command Mode Exec Example show sn mp group-assignme nts This comm and displ ays the SNMP v3 user group ass ignments.
Command Line In terface 7-52 7 Example show sn mp target This command dis plays the SNMP v3 notif ication target setti n gs. Syntax show snmp t arget Command Mode Exec Example show sn mp filter Thi s command displa ys the S NMP v3 no tific ation f ilter settin gs.
SNMP Commands 7-53 7 show sn mp filter-assignme nts This comm and displ ays the SNMP v3 notificatio n filter assign ments. Syntax show snmp fi lter-a ssignmen ts Command Mode Exec Example Enterprise A.
Command Line In terface 7-54 7 show sn mp This comm and displ ays the SNMP co nfigurati on settings. Command Mode Exec Example Enterprise AP#show snmp SNMP Information ================================.
Flash/File Comman ds 7-55 7 Flash/File Commands These c omman ds are u sed to mana ge the s ystem c ode or configurat ion file s. bootfile This comm and specif ies the imag e used to start up th e system. Syntax bootfile < filename > filename - Name of the i mage file.
Command Line In terface 7-56 7 copy This comm and copies a boot file, co de image, or co nfiguration f ile between th e access po int’s flash memor y and a FTP/TF TP server . W hen you save t he configur ation setting s to a file on a FTP/TFT P server , that file can later be downloa ded to the a ccess po int to rest ore system operation .
Flash/File Comman ds 7-57 7 The follow ing example sh ows how t o download a co nfiguratio n file: delete This comm and delete s a file or image . Syntax delete < filena me > filename - Name of the configurati on file or image name. Default Sett in g None Command Mode Exec Cauti on: Beware of deleting app lication images from flash memory.
Command Line In terface 7-58 7 dir This command dis p lays a list of files in fl a sh memory . Command Mode Exec Command Usage File info rmation is shown below: Example The follow ing example sh ows h.
RADIUS Client 7-59 7 RADIUS Client Remote Authenticati on Dial-in User Service (RADIUS ) is a logon authe ntication protoc ol that uses softwar e running on a central serve r to contro l access for RADIUS -aware dev ices to the net work.
Command Line In terface 7-60 7 Command Mode Global Co nfiguration Example radius- server port This command set s the RADIUS server network port. Syntax radius-server [ secondar y ] por t < port _num ber> • secondar y - S econdar y ser ver. • port_n umber - R ADIUS server UD P port u sed fo r authenti cation mes sages.
RADIUS Client 7-61 7 radius- server retransmi t This c ommand sets the number o f retrie s. Syntax radius-server [ secondar y ] retransmi t num ber_of_ret ries • secondar y - S econdar y ser ver. • number _of_retries - Number o f times t he access poi n t will try to authenti cate logon access via th e RADIUS se rver.
Command Line In terface 7-62 7 radius- server port-accountin g This comm and sets the RAD IUS Accou nting server network port. Syntax radius-server [ secondar y ] port-accoun ting < port _number> • secondar y - Secondary s erver.
RADIUS Client 7-63 7 Example radius- server radius-mac-fo r mat This comm and sets the f ormat for sp ecifying M AC address es on the RAD IUS server. Syntax radius-server radius- m ac -format < mu lti- colon | multi -dash | no-delimiter | single-da sh > • multi-colon - Ente r MAC address e s in t h e form x x:xx: x x:xx: x x:xx.
Command Line In terface 7-64 7 show radi us This comm and displ ays the curr ent settings for the RADIUS server . Default Sett in g None Command Mode Exec Example Enterprise AP#show radius Radius Server Information ======================================== Status : Disabled IP : 0.
802.1X Authentication 7-65 7 802.1X Authentication The access point suppo rts IEEE 802.1X access con trol for wireless clients. This contro l feature prevents una uthorized a ccess t o the net work by requiring an 802.1X client ap plication to su bmit user cr edentials for au thentica tion.
Command Line In terface 7-66 7 Command Mode Global Co nfiguration Command Usage • When 802. 1X is di sa bled , the a ccess point does no t suppo rt 802. 1X authenti cation for an y station. Afte r successf ul 802.11 ass ociation, each client is a llowed to acc e ss the network.
802.1X Authentication 7-67 7 comm and specifie s the interval after which un icast sess ion keys are changed. • D ynamic broa dcast key rotation allo ws the acce ss point to gene rate a random group key and pe riodically up date all ke y-manage ment capab le wir eless cl ients.
Command Line In terface 7-68 7 Command Mode Global Co nfiguration Example 802.1x-s upplicant enable This comm and enable s the access po int to operat e as an 802.1X su pplicant for authenti cation. Use th e no form to di sable 802 .1X auth enti cation of th e access point.
802.1X Authentication 7-69 7 Command Mode Global Co nfiguration Command Usage The access point currently on ly supports EAP-MD 5 CHAP for 802. 1X supplicant authe ntication. Example show au thentication This co mmand sh ows all 80 2.1X authe ntication settings, as well as the addre ss filter table.
Command Line In terface 7-70 7 MAC Address Authenticati on Use these commands to define MAC authentica tion on the acce ss point. Fo r local MAC au thentication , first define th e default filteri ng policy usin g the address filter default c ommand. Then enter the MAC addre sses to be filtered, indica ting if they are allowed or denied.
MAC Address Authentication 7-71 7 Related Commands address filter entry (7-7 2) 802. 1x-sup plican t user (7- 69) addres s filter en try This comm and enters a MAC addre ss in the filter table. Syntax address f ilter entry < ma c-addre ss> < allowed | denie d > • mac-a ddress - Physi cal ad dress o f clien t.
Command Line In terface 7-72 7 Command Mode Global Co nfiguration Example Related Commands 802. 1x-sup plican t user (7- 69) mac- auth entica tio n serve r Thi s command sets address filte ring to be perf ormed w it h lo cal or remot e optio ns. Use t he no form to disa ble MAC ad dress authe ntication .
Filtering C ommands 7-73 7 Default 0 (disable d) Command Mode Global Co nfiguration Example Filtering Commands The com mands described in this s ection ar e used to filter co mmunicat ions betwe en wireless clients, control acc ess to the m anagem ent interface f rom wireles s clients, and filter tra ffic using specif ic Ethernet pr otocol types .
Command Line In terface 7-74 7 Global Co nfiguration Command Usage This comm and can di sable wirele ss-to-wirel ess comm unications between cli ent s via th e acces s point. Howe ver , it doe s not af fect commu nicati ons between wireless cl ients and the wired net work.
Filtering C ommands 7-75 7 filter uplink This comm and adds o r deletes MAC addresses from the uplink filtering table. Syntax filter uplink < add | delete > MAC address MAC address - S pecifies a MAC address in the form xx-xx- xx-xx-xx-xx. A maximum of eight addresses can b e added to the filtering table.
Command Line In terface 7-76 7 Example Related Commands filter e thernet-type proto col (7-77) filter et hernet-type proto col Thi s command set s a f ilter for a sp ecifi c Ether net type. Use the no form to dis able filtering for a s pecific Ethern et type.
WDS Bridge Comman ds 7-77 7 show filte rs This comm and shows the filter option s and protoc ol entries in the filter table. Command Mode Exec Example WDS Bridge Commands The com mands describ ed in t.
Command Line In terface 7-78 7 bridge role (WDS) This comm and selects the b ridge ope ration mode for the radio inter face. Syntax bridge role < ap | repeater | bridge | r oot-bridge > • ap - O perates only as an access po int for wirele ss clients .
WDS Bridge Comman ds 7-79 7 Default Sett in g None Command Mode Interfa ce Configurat ion (Wireles s) Command Usage Every brid ge (except th e root bridge) in the wireless br idge networ k must specify t he MAC add ress of the parent bridge th at is linked to the root brid ge, or th e root bri dge it self .
Command Line In terface 7-80 7 bridge dynamic -entry age-time This comm and sets the time f or aging out dyn amic entri es in the WDS for warding table. Syntax bridge dynam ic-entry age-time < seconds > seconds - The time to age out an address entry .
WDS Bridge Comman ds 7-81 7 show bridg e filter-entry This comm and displ ays current entr ies in the WDS fo rwarding table . Command Mode Exec Example show bridg e link Thi s command displa ys WDS br idge l ink and sp anning tree se tting s fo r speci fied int erfa ces .
Command Line In terface 7-82 7 Example Enterprise AP#show bridge link wireless a Interface Wireless A WDS Information ==================================== AP Role: Bridge Parent: 00-12-34-56-78-9a Chi.
Spanning Tree Commands 7-83 7 Spanning Tree Command s The comm ands des cribed in this se ction are used to set the MA C address table aging time a nd spanning tre e parameters for bo th the Etherne t and wireless int erfa ces . bridge stp enable This comm and enable s the S panning T r ee Protocol.
Command Line In terface 7-84 7 bridge stp forwarding-d elay Use t his co mmand to co nfigur e the span ning tre e bridge forw ard time gl oball y for t he wir eless br idge . Use the no form to re store the defa ult. Syntax bridge stp forwa r ding -delay < secon ds > no bridge stp forw arding-delay seconds - T ime in seconds.
Spanning Tree Commands 7-85 7 Example bridge stp max-age Use this command to con figure the spann ing tree br idge maxim um age glob ally for the wirel ess brid ge. Use the no f o rm to restor e the default . Syntax bridge stp m ax-age < seco nds > no bridge stp max - age seconds - T ime in seconds.
Command Line In terface 7-86 7 Command Mode Global Co nfiguration Command Usage Bridge prior ity is used in sele cting the root de vice, root por t, and designa ted port.
Spanning Tree Commands 7-87 7 Default Sett in g 128 Command Mode Interface Config uration Command Usage • Thi s comman d defines the pr iority for the us e of a port in the Span ning Tree Protoco l.
Command Line In terface 7-88 7 Ethernet Interface Comm ands The comm ands des cribed in this se ction confi gure connect ion parameter s for the Ethernet p ort and wireless interface. interfac e ethernet This comm and enters Ethernet int erface configu ration mode.
Ethernet Interfac e Commands 7-89 7 dns se rver Thi s command specif ies th e ad dre ss fo r the prim ary or s econdar y domai n name ser ver to b e used f or name -to-ad dress re soluti on.
Command Line In terface 7-90 7 Command Mode Interface C onfigurat ion (Ethernet ) Command Usage • DHCP is enabled by default. To manually configure a new IP address, you must fi rst disable th e DHCP cl ie nt with the no ip dhcp com mand.
Ethernet Interfac e Commands 7-91 7 • When you use this command, the access point will begin broadc asting DHCP client request s. The current IP ad d ress (i. e ., default or manually configur ed address) will continue t o be effective until a DHCP rep ly is rec eived.
Command Line In terface 7-92 7 shutdown This comm and disabl es the Etherne t interface. T o restart a disa bled interfac e, use the no form. Syntax sh ut down no shutdown Default Sett in g Interface .
Wireless Interface Comman ds 7-93 7 Example Wireless Interface Com mands The comm ands des cribed in this se ction confi gure connect ion parameter s for the wir eless in terfac es. Enterprise AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.
Command Line In terface 7-94 7 beacon-in terval Con figures the rate at wh ich beaco n signals are transmit ted from th e access point IC-W 7-10 2 dtim-perio d Configures the rate a t which sta tions .
Wireless Interface Comman ds 7-95 7 interfac e wireless This comm and enters wireless inter face configu ration mode . Syntax inte rfac e wireless < g > • g - 802.11 g radio interfa ce. Default Sett in g None Command Mode Global Co nfiguration Example T o spe cif y th e 802.
Command Line In terface 7-96 7 speed This comm and conf igures the ma ximum data ra te at which the ac cess point transmi ts unicast packets. Syntax speed < s peed> speed - Maximum access speed allowed for wireless client s. (Options for 802.1 1b/g: 1, 2, 5.
Wireless Interface Comman ds 7-97 7 chan nel This c ommand configur es the r adio cha nnel thr ough wh ich the access point comm unicates wi th wireless c lients. Syntax channel < c hannel | aut o > • channel - Manually se ts the radio ch annel use d for commun ications w ith wireless clients.
Command Line In terface 7-98 7 Default Sett in g ful l Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • The “min” key word indica tes minimum power. • The longer the tra nsmission distance, the higher the transmission power required .
Wireless Interface Comman ds 7-99 7 Example preamble This comm and sets the lengt h of the signal pr eamble that is used at the start of a 802.1 1b/g data tran smission. Syntax preamb le [ long | s hort ] • lon g - Sets the pr eamble to lo ng (192 micro seconds) .
Command Line In terface 7-100 7 to the acces s point LEDs) . Select this m ethod when usi ng an option al external antenna tha t is connected to the right anten na connec tor .
Wireless Interface Comman ds 7-101 7 Example antenna lo cation This comm and selects the a ntenna m ounting loca tion for the radi o interface . Syntax antenna l ocation < indoor | out door > • indoor - The an tenna is mount ed indoors. • outdoor - The an tenna is mo unted outd oors.
Command Line In terface 7-102 7 The bea con si gnals allo w wireles s clients to maintain c ontact with the ac cess point. The y may also carr y power-ma nagement information. Example dtim-per iod Thi s command co nfigur es the ra te at whic h st ations in sl eep mode m ust wake up to rece ive broadca st/multica st transm issions.
Wireless Interface Comman ds 7-103 7 Syntax fragmentation-lengt h < length> length - Minimum packet size for which fragmentation i s allowed. (Range: 256-2346 bytes) Default Sett in g 2346 Comma.
Command Line In terface 7-104 7 to 2347, t he acces s point ne ver send s RTS sign als. If set to any oth er value, and the pa cket size equ als or exceeds the RTS thresh old, the RTS/ CTS (Request to Send / Clear to Send) mechanism will b e enable d .
Wireless Interface Comman ds 7-105 7 Default Sett in g None Command Mode Interface C onfiguratio n (Wireless- V AP) Example ssid This c ommand configures the ser vice set identifier (SSID). Syntax ssid < str ing > string - The name of a basic service set sup ported by the access point.
Command Line In terface 7-106 7 Command Usage When closed system is enabled, the access point will not incl u de its SSID in beacon m essages. Nor will it respo nd to probe req uests from clien t s that do not includ e a fixed SSID.
Wireless Interface Comman ds 7-107 7 Command Mode Interface C onfiguratio n (Wireless- V AP) Example auth-timeou t-value This comm and config ures the time i nterval with in which clients m ust complet e authenti cation to the V AP interface. Syntax auth-timeout-value < minutes> minutes - The numb er of minutes before re-aut hentication.
Command Line In terface 7-108 7 Example show inte rface wirele ss This comm and disp lays the status for the wireless i nterface. Syntax show i nterface wi reless < a | g > vap- id • g - 802.11 g radio interfa ce. • vap-id - Th e number that id en tifie s the VAP interface.
Rogue AP Detection C ommands 7-109 7 show sta tion Thi s command sho ws the wire less clie nts as soci ated wit h the ac cess poin t. Command Mode Exec Example Rogue AP Detection Comm ands A “rogue .
Command Line In terface 7-110 7 rogue-a p enable This comm and enable s the period ic detection of nearby acces s points. Use the no form to disa ble period ic detection.
Rogue AP Detection C ommands 7-111 7 Example rogue-a p authent icate This comm and forces the unit to authen ticate all acc ess points on the net work.
Command Line In terface 7-112 7 Default Sett in g 350 millisec onds Command Mode Interfa ce Configurat ion (Wireles s) Command Usage • D uring a scan, cl ient acce ss may b e disrupt ed and new clie nts may not be able to asso ciate to the ac cess poin t.
Rogue AP Detection C ommands 7-113 7 rogue-a p scan This comm and starts an immed iate scan f or access poi nts on the radio int erface. Default Sett in g Disabled Command Mode Interfa ce Configurat i.
Command Line In terface 7-114 7 Wireless Security Comm ands The comm ands des cribed in this se ction conf igure parameter s for wireles s security on th e 802.1 1g int erf ace. auth Thi s command define s the 80 2.1 1 a uthe nticat ion typ e allowe d by the V AP int erface .
Wireless Security Commands 7-115 7 • wp a 2-p sk - Clients usi ng WPA2 wit h a Pre-shared Key are accep ted for authenti cation. • wpa-wpa2-mixed - Clie nts using W PA or WPA2 are ac cepted for authenti cation.
Command Line In terface 7-116 7 associ ation request to the acces s point. For mixed- mode op eration, the cipher use d for broadca st frames is al ways TKIP. WE P encryption i s not allowed. • The “required” op tion places the VA P into TKIP onl y mode.
Wireless Security Commands 7-117 7 Example Related Commands key (7 -1 1 8) key This comm and sets the key s used for WE P encryption. Use the no for m to del ete a configur ed key . Syntax key < inde x > < size > < type > < value > no key in dex • index - Key in dex.
Command Line In terface 7-118 7 matc h those co nfig ured in t he cli ents. Example Related Commands key (7 -1 1 8) encrypt ion (7-1 17 ) transmi t-key (7- 1 19 ) transmit-ke y This command set s the index of the key to be used for e ncrypt in g dat a frames for broadca st or multicas t traffic transmit ted from the V AP to wir eless clients.
Wireless Security Commands 7-119 7 ciph er-su ite This comm and define s the cipher al gorithm use d to encrypt th e global key for broadca st and multica st traffic when usin g Wi-Fi Protec ted Access (W P A) security .
Command Line In terface 7-120 7 • AES -CCMP (Ad vanced Enc ryption Standard C ounter-Mode /CBCMAC Protocol): W PA2 is backward compatible with WPA, including the same 802.
Wireless Security Commands 7-121 7 Example wpa-pr e-shared-key This comm and define s a Wi-Fi Protec ted Access (WP A/ WP A2) pres hared-key . Syntax wpa-pre-shared- key < hex | passphra se-key > < value> • hex - Specif ies hexadec imal digits as the key input f ormat.
Command Line In terface 7-122 7 Command Mode Interface C onfiguratio n (Wireless- V AP) Command Usage • W PA2 provides fa st roaming for authen ticated client s by retaining keys and other se curity informa tion in a cac he, so that if a client roams aw ay from a n access po int and then returns reauthe ntication is not required.
Link Integri ty Commands 7-123 7 know n to be a lready auth entica ted, so it pr oceeds directl y to ke y exchan ge and assoc iation. • To s upport p re-authent ication, both clients and ac cess poi nts in the netw ork must be WP A2 enabled . • P re-authent ication req uires all acce ss points in the ne twork to be on the same IP subnet.
Command Line In terface 7-124 7 link-int egrity pin g-detect This comm and enable s link integrity detection . Use the no form to disable lin k inte grity de tectio n.
Link Integri ty Commands 7-125 7 link-integrity ping-interval This c ommand configures the tim e betw een eac h Ping se nt to t he link h ost. Syntax li nk-in tegrit y ping- inte rval < in terval > interv al - The time between Pings.
Command Line In terface 7-126 7 Command Mode Global Co nfiguration Example show lin k-integrity This comm and displ ays the current link integrity configura tion.
IAPP Commands 7-127 7 IAPP Commands The comm and desc ribed in this sec tion enables the protoco l signaling req uired to ensure t he successf ul handover of wireless cl ients roaming bet ween different 802.1 1f-co mpliant a ccess points. In o ther words, th e 802.
Command Line In terface 7-128 7 VLAN Commands The access point can ena ble the supp ort of VLAN-tagge d traffic passing betw een wireless clients and the wired network. Up t o 64 VLAN IDs ca n be mappe d to specific wi reless clients, allowing user s to remain w ithin the same VLAN as th ey move ar ound a campus site.
VLAN Commands 7-129 7 • Tr affic enterin g the Ethernet por t must be tagg ed with a VLAN ID that matches the access point’s n ative VLAN ID, or with a VLAN ta g that match es one of the wi reless client s currently as sociated with the acce ss point.
Command Line In terface 7-130 7 Default Sett in g 1 Command Mode Interface C onfiguratio n (Wireless- V AP) Command Usage • To i mplement th e default VLAN ID s etting for VAP interf ace, the access point mus t enable VLAN support using the vl an comman d.
WMM Commands 7-131 7 wmm This comm and sets the WM M operati onal mode on the access po int. Use the no form to disa ble WMM . Syntax [ no ] wmm < s upported | required > • supported - WMM will be u sed for a ny assoc iated de vice that s upports t his feature.
Command Line In terface 7-132 7 interpreta bility with other wired network QoS polici es. While the fo ur ACs are specifie d for specif ic types of traffic , WMM allows the priority levels t o be conf igured to m atch any ne twork-w ide QoS p olicy.
WMM Commands 7-133 7 • admissi on_contro l - The ad mis sion con trol mo de for the ac cess cat egory . When en abled, cli ents ar e blocked fr om using th e acce ss categ ory .
Command Line In terface 7-134 7.
A-1 Appendix A: Tr oubleshooting Check the following items befor e you contact lo cal T echnical Su pport. 1. If wi reless clie nts cannot acce ss the networ k, check the following: • B e sure th e access point an d the wire less clien ts are con figured w ith the sam e Service Set ID (SSID).
T r oubleshooting A-2 A 3. If yo u cannot acce ss the on- board configu ration pr ogram via a ser ial port connect ion: • Be sur e you hav e set the t ermi nal emul ator pro gram to VT 100 com patibl e, 8 data bits , 1 stop bit, no parit y and 9600 bp s.
B-1 Appe ndix B: C ables and Pinouts Twisted-Pair Cable Assignments For 10/100 BASE-TX connection s, a twisted -pair cable m ust have t wo pairs of wires. Each wire pair is identified by two different colors. For ex ample, one w ire might be green and the other , green with whit e stripes.
Cables and Pino uts B-2 B Straight- Through Wiring Beca use the 10/100 Mbps po rt on t he acce ss p oint uses an MDI pi n co nfi gur ati on, you must use “straigh t-through” cable for ne twork connec tions to hu bs or switch es that only h ave MDI-X po rts.
Console Port Pin Assignments B-3 B Crossover Wiring Beca use the 10/100 Mbps po rt on t he acce ss p oint uses an MDI pi n co nfi gur ati on, you must use “crosso ver” cable for network con nections t o PCs, server s or other end nodes that only hav e MDI ports.
Cables and Pino uts B-4 B Wiring Map for Serial Cable T abl e B-2 . Wiri ng Map for Se rial C able DB9 Male (AP Cons ole) DB9 Mal e (PC DTE ) Pin Func tion Pin Function 1 GND (ground) 5 GND (ground) 2.
C-1 Appendix C: S pecific ations General Specif ications Maximu m Channels 802.1 1g: US & Canada : 13 (normal mode), 5 (turbo mode) Japa n : 4 (normal mo de), 1 (t urbo mode) ETSI: 1 1 chann els (normal mode), 4 (turb o mode) T a iwan: 8 (nor mal mode), 3 (t urbo mode) 802.
Specifications C-2 C AC Power Adapter Input: 100 -240 AC, 50-6 0 Hz Output: 5.1 VDC, 3A Power cons umption: 13 .2 watts Unit Power Supply DC Input: 5 VDC, 2 A ma ximum PoE i nput: - 48 VDC , 0.2 A maxi mum Power cons umption: 9.6 W maximu m PoE (DC) Input voltage: 48 volts, 0.
General Specificati ons C-3 C MPT RCR st d.33 (D33 1~13 Channel, T66 Channel 14) Safety cCSAus (CSA 22.2 N o. 60950-1 & UL60950-1 ) EN6095 0-1 (T Ü V/GS), IEC60950-1 (CB) St anda rds IEEE 802.
Specifications C-4 C Sensi tivity Transmit P o wer IEEE 802.1 1g Data Rate Sensitiv ity (dBm) 6 Mbps -88 9 Mbps -87 12 Mbps -86 17 Mbps -85 24 Mbps -81 36 Mbps -77 48 Mbps -72 54 Mbps -70 IEEE 802.1 1b Data Rate Sensitiv ity (dBm) 1 Mbps -93 2 Mbps -90 5.
Transmit Power C-5 C IEEE 802 .1 1 b Maxi mum Outp ut Power (GHz - dB m) Data Rate 2 .412 2 .417~2.467 2.472 1 Mbps 15 16 15 2 Mbps 15 16 15 5.5 M bps 15 16 15 1 1 Mbps 15 16 15.
Specifications C-6 C Operating Range Important N otice Maximu m distances post ed below are actual teste d distance thres holds. Ho wever , there are m any variab les such as bar rier comp osition and.
Glossary-1 Glossary 10BASE-T IEEE 802. 3 specificat ion for 10 M bps Ethernet ov er two pairs of Category 3 or better U TP cable. 100BASE- TX IEEE 802. 3u specification for 100 Mbps Fas t Ethernet over tw o pairs of Category 5 or better UTP ca ble. Access Point An intern etworking device that seaml essly co nnects wired and wir eless net works.
Glossary-2 Glossar y Broadcast Key Broadca st keys are sen t to stations usin g 802.1X dynam ic keying. Dynamic bro adcast key rotation is often used to allow the access po int to generat e a random gr oup key an d periodic ally update all key-manag ement capable w ireless cl ients.
Glos sary- 3 Glossar y IEEE 802 .11g A wireless s tandard that supp orts wireless co mmunic ations in the 2 .4 GHz band us ing using Ortho gonal Frequ ency Divis ion Multiple xing (OFDM) . The standard provides for data rates of 6, 9, 1 1, 12, 18 , 24, 36, 48, 54 M bps.
Glossary-4 Glossar y RADIUS A logon authe ntication protocol that us es software run ning on a cent ral server to contr ol access t o the network . Roaming A wireless L AN mobile us er moves aroun d an ESS and maintains a continu ous connection to the infrastructure network.
Glos sary- 5 Glossar y Virtua l Access P oint (VAP) Virtual AP techno logy multiplies the number of Ac cess Points present within the RF footprint of a single physic al access dev ice.
Glossary-6 Glossar y.
Index-1 Numerics 802.11g 7- 95 A AES 6-75 ante nnas, posit ionin g 2 -2 auth entic ati on 6-12 , 7-11 4 cipher s uite 6-78, 7-115 closed system 7-106 configu ring 6-12, 7-1 14 MAC ad dress 6-13, 7-70 .
Index Index-2 filt er 6-17 , 7-70 address 6-12, 7-70 betwee n wireless clie nts 6-17, 7-7 3 local bridg e 6 -17, 7-73 local or re mote 6-1 2, 7-72 manage ment access 6-17, 7- 74 protocol types 6-18, 7.
Index Index-3 PoE 1-4 specif ications C-2 port prior ity STA 7-86 power con nection 2-2 Power over Ethernet See PoE powe r suppl y, spec ifica tion s C -2 PSK 6-75 R radio ch annel 802.
Index Index-4 V VLAN confi gura tion 6- 54, 7-1 28 native ID 6-54 W WEP 6-6 9 confi guri ng 6-69 shared k ey 6-70, 7-1 17 Wi-Fi Mul timedia See WMM Wi- Fi Prot ected A ccess See WPA Wired Equiv alent .
.
Model Number: SM C2552W-G2- 17 Pub. Nu mber: 150 00003050 0E E05200 6-DT -R01.
38 T esla Irvine, CA 92618 Phone: (949) 679-8000 TECHNIC AL SUPPORT F rom U .S.A. and Canada (2 4 hours a day , 7 days a w eek) (800) SMC -4- Y OU Phn: (94 9) 67 9-8000 F ax: (949) 6 79- 1481 ENGLISH T echnical Support inf ormation available at www .smc.
An important point after buying a device SMC Networks SMC2552W-G2 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought SMC Networks SMC2552W-G2 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data SMC Networks SMC2552W-G2 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, SMC Networks SMC2552W-G2 you will learn all the available features of the product, as well as information on its operation. The information that you get SMC Networks SMC2552W-G2 will certainly help you make a decision on the purchase.
If you already are a holder of SMC Networks SMC2552W-G2, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime SMC Networks SMC2552W-G2.
However, one of the most important roles played by the user manual is to help in solving problems with SMC Networks SMC2552W-G2. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device SMC Networks SMC2552W-G2 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
