Instruction/ maintenance manual of the product AP-5131 Symbol
Go to page of 578
AP-5131 Access Point Product Reference Guide.
.
AP-5131 Access Point Product Reference Guide 72E-94168-01 Revision A November 2006.
.
© 2006 by Symbol T echnologies, Inc. All rights reserved. No part of this publication may be reproduced or used in any form, or by any electrical or mechanical means , without permission in writing from Symbol. This includes electronic or mechanic al means, such as photocopying, recording, or information storage and retrieval systems.
.
Contents About This Guide Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AP-5131 Access Po int Product Re ference Guide iv Single or Dual Mode Radio Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Separate LAN and WAN Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
v MU Association Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22 Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23 Management Access Options .
AP-5131 Access Po int Product Re ference Guide vi Testing Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13 Where to Go from Here? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vii Setting the WLAN’s Radio Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-45 Configuring the 802.11a or 802.11b/g Radio . . . . . . . . . . . . . . . . . . . . . 5 -48 Configuring Bandwidth Management Settings . . . . . . .
AP-5131 Access Po int Product Re ference Guide viii Mapping Users to Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-71 Defining the User Access Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ix Network ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-80 Network Radio Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . 8-85 Network Quality of Service (QoS) Commands . . . . . . . . .
AP-5131 Access Po int Product Re ference Guide x Appendix A. Technical Specifications Physical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2 Electrical Characteristics . . . . . . . . .
About This Guide Introduction This guide p rovides configuration and setup in fo rmation for the AP-5131 mode l access point. Document Conventions The following docume nt conventions are used in this documen t: NOTE Indicate tips or special requirements.
AP-5131 Access Po int Product Re ference Guide viii Notational Conventions The following notational con ventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and rela ted documents.
AP-5131 Introduction The Symbol AP-5131 Access Point (AP) provides a bridge betwe en Ethernet wired LANs or W ANs and wireless networks. It provides connectivity be tween Ethernet wired networks and radio-equipped mobile units (MUs).
AP-5131 Access Po int Product Re ference Guide 1-2 1.1 New AP-5131 Features With this most recent 1.1 release of the AP-5131 firmware, the following new features have been introduced to the existing A.
AP-5131 Introd uction 1-3 Once the AP-5131 (in client bridge mode) esta blishes at least one wireles s connection, it establishes other wireless connections in th e background as they become available. In this way , the AP-51 31 is able to establish simultaneous redundant links.
AP-5131 Access Po int Product Re ference Guide 1-4 1.1.3 On-board Radius Server Authentication The AP-5131 now has the ability to work as a Radius Server to p rovide user datab ase information and user authenticatio n.
AP-5131 Introd uction 1-5 1.1.5 Routing Information Protocol (RIP) With the release of the 1.1 version AP-5131, Routing Inform ation Protocol (RIP) functionality has been added to the AP-5 131’ s existin g Router screen. RIP is an interior gateway protocol that specifies how routers exchange routing-table information .
AP-5131 Access Po int Product Re ference Guide 1-6 1.2 Feature Overview The Symbol AP-5131 has the follow ing existing features carried forward from its initial 1.0 release: • Single or Dual Mode Ra dio Options • Separate LAN an d W AN Ports • Multiple Mounting Options • Antenna Support for 2.
AP-5131 Introd uction 1-7 If the AP-5131 is manufactured as a dual-radio ac cess point, the AP-5131 enables you to configure one radio for 802.11a, and th e other 802.11b/g. For detailed information on conf iguring your AP-5131, see Setting the WL AN’ s Radio Configuration on page 5-45 .
AP-5131 Access Po int Product Re ference Guide 1-8 For an overview of the Radio 1 (2.4 GHz) and Radio 2 (5.2 GHz) antennas supported on the AP-5131’ s Reverse SMA (RSMA) connectors, see Antenn a Specifications on page A-4 .
AP-5131 Introd uction 1-9 1.2.7 Quality of Serv ice (QoS) Support The AP-5131 QoS implementation provides applications running on different wireless devices a variety of priority leve ls to transmit data to and from the AP-5131.
AP-5131 Access Po int Product Re ference Guide 1-10 • Content Filtering For an overview on the encryption and authentication schemes available on the AP-5131, refer to Configuring Access Point Se curity on page 6-1 . 1.2.8.1 Kerberos Authentication Authentication is a means of verifying informa t ion that is transmitted from a secure source.
AP-5131 Introd uction 1-11 An MU is not able to a ccess the network if not au thenticated. When con figured for EAP su pport, the access point disp lays the MU as an EAP station. EAP is only supported on mobile devices running Windows XP , Windows 2000 (using Service Pack #4) and Windows Mobile 2003.
AP-5131 Access Po int Product Re ference Guide 1-12 1.2.8.4 KeyGuard Encryption Use KeyGuard to shield the m aster encryption keys from be ing discovered through hacking. KeyGuard negotiation takes place betwe en the access point and MU upon association.
AP-5131 Introd uction 1-13 For detailed information on WP A2-CCMP configurations, see Configuring WP A2-C CMP (802.11i) on page 6-22 . 1.2.8.7 Firewall Security A firewall keeps person al data in and ha ckers out. Th e AP-5131 firewall prevents suspicio us Internet traffic from proliferating the AP-5131 managed network.
AP-5131 Access Po int Product Re ference Guide 1-14 assignment. In addition to thes e 16 VLANs, the AP-5131 supports dynamic, user -based, VLANs when using EA P authenti cation. VLANs enable organizations to sha re network res ourc es in various network segments within la rge areas (airports, shopping malls , etc.
AP-5131 Introd uction 1-15 SNMP allows a network administrato r to configure the AP-5131, manage ne twork performance, find and solve ne twork problems, and plan for network gro wth. The AP-5131 sup ports SNMP management functions for gath ering information from its network componen ts.
AP-5131 Access Po int Product Re ference Guide 1-16 1.2.15 V oice Prioritization Each AP-5131 WLAN has the c apability of having its QoS policy c onfigure d to prioritize the network traffic requirements for associated MUs . A WLAN QoS page is available for each enabled WLAN on either the AP-5131 802.
AP-5131 Introd uction 1-17 For detailed information on available AP-5131 statistic al displays and the values they represent, see Monitoring Statistics on pa ge 7-1 . 1.2.18 T ransmit Power Control The AP-5131 has a configurable pow er level for each radio.
AP-5131 Access Po int Product Re ference Guide 1-18 1.2.22 DHCP Support The AP-5131 can u se Dynamic Host Co nfiguration Protocol (DHCP) to ob tain a leased IP address and configuration information from a remote server . DH CP is based on the BOOTP protocol and can coexist or interoperate with BOOTP .
AP-5131 Introd uction 1-19 digital data signal is encoded onto the carriers using a DSSS chipping algo rithm . The AP-5131 radio signal propagates into the air as electromagnetic waves. A receiving anten na (on the MU) in the path of the waves absorbs the waves as electrical signals.
AP-5131 Access Po int Product Re ference Guide 1-20 different AP-5131. The roam occurs when the MU an alyzes the reception quality at a location an d determines a different AP-513 1 provides better signal strength and lower MU load distributio n. If the MU does not find an AP-5131 with a workable signal, it can perform a scan to find any AP .
AP-5131 Introd uction 1-21 1.3.3 Media T ypes The AP-5131 radio interface conf orms to IEEE 802.11a/b/g spec ifications. The inte rface operates at a maximum 54Mbps (802.11 a radio) using direct-s equence radio technolog y . The AP-5131 supports multiple-cell opera tions with fast roaming betw een cells.
AP-5131 Access Po int Product Re ference Guide 1-22 1.3.5 MU Association Process An AP-5131 recognize s MUs as they begin the as sociation process with the AP-5131.
AP-5131 Introd uction 1-23 1.3.6 Operating Modes The AP-5131 c an operate in a couple of configurations. • Access Point - As an Access Poin t , the AP-5131 functions as a layer 2 bridge (similar to Symbol’ s existing AP-4131 access point). The wired uplink can operate as a trunk and support multiple VLANs.
AP-5131 Access Po int Product Re ference Guide 1-24 • MIB (Management Information Base) ac cessing the AP-5131 SNMP fu nction using a MIB Browser . The AP-5131 CDROM con tains the following 2 MIB files: • Symbol-CC-WS2000-MIB-2.
Hardware Installation An AP-5131 installation includes mounting the AP-5131 on a table-top, wall, ceiling T - bar or above the ceiling (attic or plenum), connecting the AP -5131 to the network (LAN or W AN port connection), connecting ante nnae and applying power .
AP-5131 Access Po int Product Re ference Guide 2-2 2.1 Precautions Before installing the AP-5131 verify the following: • Do not install in wet or dusty areas without addition al protection. Contact a Symbol representative fo r more inform ation. • V erify the environment has a continuous tempera ture range between -20° C to 50° C.
Hardware Installation 2-3 V erify the model indicated on the bottom of the AP-5131 is correc t. Contact the Symbol Support Center to report missing or improperly functioning items. AP-5131- 13041-WWR AP-5131 802.11a+g Dual Ra dio Access Point AP-5131 Install Guide Power Inje ctor (Par t No.
AP-5131 Access Po int Product Re ference Guide 2-4 The Symbol power injector (Part No. AP-PSBIAS-1 P2-AFR) is included in certain orderable configurations, but can be adde d to any configuration. For more information on the Sy mbol power injector , see Symbo l Power Injector System o n page 2-8 .
Hardware Installation 2-5 metal, concrete, walls or floors block transmission. Install the AP-51 31 in open areas or add access points as needed to improve co verage. Antenna coverage is analogous to ligh ting. Users might find an area lit fro m far away to be not bright enough.
AP-5131 Access Po int Product Re ference Guide 2-6 suite supporting the 2.4 GHz band and anothe r antenna suite supporting the 5.2 GHz band. Select an antenna model b est suited to the inten ded operational en vironment of your AP-5131. Antenna connectors for Radio 1 are located in a different location fro m the Radio 2 antenna connectors.
Hardware Installation 2-7 The 5.2 GHz antenna suite includes the follo wing models: For detailed specifications on the 2.4 GHz and 5.2 GHz antennae ment ioned in this section, see section 2.4 GHz Antenna Matrix on page A-4 and sec tion 5.2 GHz Antenna Matrix on page A-4 .
AP-5131 Access Po int Product Re ference Guide 2-8 2.5 Power Options The power options fo r the AP-5131 include: • Symbol Power Injector (Part No. AP-PSBIAS-1P2-AFR) • Symbol 48-V olt Power Supply (Part No. 50-24000-05 0) • Any standard 802.3af comp liant device.
Hardware Installation 2-9 2.6.1 Installing the Power Inject or Refer to the following sections for information on planning, in stalling, and validating the power injector instal lation: • Preparing for Site Installa tion • Cabling the Powe r Injector • Power Injector LED Indicators 2.
AP-5131 Access Po int Product Re ference Guide 2-10 Ensure the cable length from the Ethernet sou rce (host) to the power injector and AP-5131 does not exceed 100 meters (333 ft.
Hardware Installation 2-11 2.7 Mounting the AP-5131 The AP-5131 can rest on a flat surface , attach to a wall, mount under a suspended T -Bar or above a ceiling (plenum or attic). Choose one of the following mounting options based on the physical environment of the cove rage area.
AP-5131 Access Po int Product Re ference Guide 2-12 4. Cable the AP-5131 using either the Symbol po we r injector solution or a n approved line cord and power supply . For Symbol power injector installations: a. Connect a RJ-45 Eth ernet cable between th e netwo rk data supply (host) and the p ower injector Data In connector .
Hardware Installation 2-13 5. V erify the behavior of the AP-5131 LEDs. F or more information, see LED Indicators on page 2-20 . 6. Return the AP-5131 to an upright position and pl ace it in the location you wish it to operate. Ensure the AP-5131 is sitting evenly on all four rubber feet.
AP-5131 Access Po int Product Re ference Guide 2-14 8. Cable the AP-5131 using either the Symbol po we r injector solution or a n approved line cord and power supply . For Symbol power injector installations: a. Connect a RJ-45 Eth ernet cable between th e netwo rk data supply (host) and the P ower Injector Data In connector .
Hardware Installation 2-15 e. Plug the power adapter into an outlet. 9. V erify the behavior of the AP-5131 LEDs. F or more information, see LED Indicators on page 2-20 . The AP-5131 is rea dy to configure. For information on an AP-5131 d efault configuration, see Getting Started on page 3-1 .
AP-5131 Access Po int Product Re ference Guide 2-16 4. Cable the AP-5131 using either the Symbol po we r injector solution or a n approved line cord and power supply . For Symbol power injector installations: a. Connect a RJ-45 Eth ernet cable between th e netwo rk data supply (host) and the P ower Injector Data In connector .
Hardware Installation 2-17 10. Rotate the AP-513 1 chassis 45 degrees c ounter -clockwise. The clips click as the y fasten to the T -bar . 11. The AP-5131 is rea dy to configure. For information on an AP-5131 d efault configuration, see Getting Started on page 3-1 .
AP-5131 Access Po int Product Re ference Guide 2-18 The mounting ha rdware required to in stall the AP-5131 a bove a ce iling consists of: • Light pipe • Badge for li ght pipe • Decal for badge • Safety wire (strongly recommended) • Security cable (optional) T o install the AP-5131 above a ceiling: 1.
Hardware Installation 2-19 9. Snap the clips of the light pipe into the bottom of the AP-5131. 10. Fit the light pipe into hole in the tile from its unfinished side. 11. Place the decal on the back of the badge and slide the badge onto the light pipe from the finished side of the tile.
AP-5131 Access Po int Product Re ference Guide 2-20 For Symbol power injector installations: a. Connect a RJ-45 Eth ernet cable between th e netwo rk data supply (host) and the P ower Injector Data In connector . b. Connect a RJ-45 Ethernet cable between the power injector Data & Power Out connector and the AP-5131 LAN port.
Hardware Installation 2-21 The five LEDs on the top housing of the AP-5131 are clearly visible in table-top, wall and below c eiling installations. The five AP-513 1 top housing LEDs have the followin.
AP-5131 Access Po int Product Re ference Guide 2-22 2.9 Setting Up MUs For a discussion of how to initially test the AP-5131 to ensure it can interoperate with the MUs intended for its op erational environment, s ee Basic Device Config uration on page 3-5 and specifically T esting Connectivity on page 3-13 .
Getting Started The AP-5131 should be installed in an area te sted for radio coverage us ing one of the site surv ey tools available to the Symbol field se rvice technician.
AP-5131 Access Po int Product Re ference Guide 3-2 • For instructions on in stalling the AP-5131 on a table top, see Desk Mounte d Installations on page 2-11 . • For instructions on AP-5131 wall mounting, see Wall Mounted Installations on page 2-13 .
Getting Star ted 3-3 3.3 Default Configuration Changes The following tab le illustrates the chang es made to th e AP-5131 version 1.1 configuration as compared to the 1.
AP-5131 Access Po int Product Re ference Guide 3-4 3.4.2 Connecting to the Access Point using the LAN Port T o initially connect to the AP-5131 using the acc ess point’ s LAN po rt: 1. The LAN port default is set to DHCP . Connect the AP -5131’ s LAN port to a DHCP server .
Getting Star ted 3-5 3.5 Basic Device Configuration For the basic setup described in this section, the Java-ba sed W eb UI will be used to configure the AP-5131. Use the AP-5131’ s LAN inte rface for establis hing a link with the AP-51 31. Configure the AP- 5131 as a DHCP client.
AP-5131 Access Po int Product Re ference Guide 3-6 Enter the current password and a new ad mi n password in fields provided, and click Apply . Once the admin password has b een updated, a warning message displays stating the AP- 5131 must be set to a country .
Getting Star ted 3-7 2. Enter a Sy stem Name for the AP-5131. The System Name is useful if multiple Symbol devices are being administered. 3. Select the Country for the AP-513 1’ s country of operation from the drop-d own menu The AP-5131 prompts the user fo r the correct country code on the first login.
AP-5131 Access Po int Product Re ference Guide 3-8 4. Optionally enter the IP address of the server used to provide syste m time to the AP-5131 within the T ime Server field. Once the IP address is entered, the AP-5131’ s Network T ime Pr otocol ( NTP) functionality is engaged automatic ally .
Getting Star ted 3-9 e. Define a Default Gateway address for the AP-5131’ s W AN connection. The ISP or a network administrator provides this addre ss. f. Specify the address of a Primary DNS Server . The ISP or a network administrator provides this address.
AP-5131 Access Po int Product Re ference Guide 3-10 c. If using the static or DHCP Server option, en ter the network-assigned IP Address of the AP-5131. d. The Subnet Mask defin es the size of the subnet. The first two sets of numbers specify the network domain, the next set s pecifies the subset of hosts within a larger network .
Getting Star ted 3-11 a. Enter the E xtended Services Set Identification (ESSID) and nam e associated with the WLAN. For additional inform ation on creating and editing up to 1 6 WLANs per AP-5131, see Creating/Editing Indiv idual WLANs on page 5-24 .
AP-5131 Access Po int Product Re ference Guide 3-12 Multiple WLANs can share the same security policy , so be careful not to name security policies after specific WLANs or risk defining a WLAN to single po licy . Symbol recomme nds naming the policy after the attributes of the au thentication or encryption type selected.
Getting Star ted 3-13 5. Click the Apply button to s ave the security policy and return to the AP-5131 Quick Setup screen. At this point, you can test the AP-5131 for MU interoperability . 3.5.2 T esting Connectivity V erify the AP-5131’ s link with an MU by sending Wireless Network Managemen t Protocol (WNMP) ping packets to the associated MU.
AP-5131 Access Po int Product Re ference Guide 3-14 4. Click the Ping button to begin transmittin g packets to the specified MU address. Refer to the Nu mber of Responses value to a ssess the number of responses from the MU versus the number of ping pack ets transmitted by the AP-5131.
Sy stem Configuration The Symbol AP-5131 contains a built-in brow ser interface for syste m configuration and remote management using a standard Web browser such as Microsoft Interne t Explorer , Netscape Navigator or Mozilla Firefox. The browser interface also allows for system mon itoring of the AP-5131.
AP-5131 Access Po int Product Re ference Guide 4-2 . System configuration topics includ e: • Configuring System Settings • Configuring Data Access • Managing Certificate Authority (CA) Ce rtific.
System Configur ation 4-3 2. Configure the AP-5131 Sy stem Settings field to assign a s ystem name and location, set th e country of operation and view de vice version information.
AP-5131 Access Po int Product Re ference Guide 4-4 3. Refer to the Factory Defaults field to restore either a full or partial de fault configuration. Country The AP-5131 prompts the user for the correct country code a fter the first login.
System Configur ation 4-5 4. Use the Restart AP-5131 field to restart the AP (if nec essary). 5. Click Apply to save any changes to the System Settings screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lo st.
AP-5131 Access Po int Product Re ference Guide 4-6 7. Click Logout to secu rely exit the AP-5131 Symbol Access Point apple t. A prompt displays confirming the logout before the applet is closed .
System Configur ation 4-7 3. Refer to the Applet T imeout field to set an HTTPS timeout interval. 4. Configure the Secure Shell field to set timeout values to reduce network inac tivity . 5. Use the Admin Authentication buttons to specify the authentication serv er connection method.
AP-5131 Access Po int Product Re ference Guide 4-8 6. Use the Radius Server if a Radius server has been selected as the authentica tion server , enter the required network add ress information. 7. Update the Administrator Access field to change the admin istrative password use d to access the AP-5131 config uration settings.
System Configur ation 4-9 4.3 Managing Certificate Aut hority (CA) Certificates Certificate management include s the following sections: • Importing a CA Certificate • Creating Self Certificates for Accessing the VPN 4.
AP-5131 Access Po int Product Re ference Guide 4-10 2. Copy the content of the CA Certificate message (using a text editor such as notepad) and then click on Paste from Clipboard . The content o f the certi ficate displa ys in the Import a root CA Certificate field.
System Configur ation 4-11 T o create a self certificate: 1. Select Sy stem Configuration -> Certificate Mgmt -> Self Certificates from the AP-5131 menu tree . 2. Click on the Add button to create the certificate request. The Certificate Request screen di splays .
AP-5131 Access Po int Product Re ference Guide 4-12 4. When the form is completed, click the Generate button. The Certificate Req uest screen disappea rs and the ID o f the generated ce rtificate request displays in the drop-down list of certifi cates within the Self Certificates screen.
System Configur ation 4-13 6. Click the Copy to Clipboard button. The content of certificate request is copied to the clipboard. Create an email to your CA, paste the content of the request into the body of the messag e and send it to the CA. The CA signs the c ertificate and will send it back.
AP-5131 Access Po int Product Re ference Guide 4-14 1. Select Sy stem Configuration -> Certificate Mgmt -> Self Certificates from the AP-5131 menu tree. 2. Click on the Add button to create the certificate request. The Certificate Request screen di splays .
System Configur ation 4-15 4. Complete as many of the option al values within the Certificate Request screen as possible. 5. When the form is completed, click the Generate button from within the Certificate Request screen.
AP-5131 Access Po int Product Re ference Guide 4-16 7. Click the Copy to clipboard button. Save the certificate content to a secure lo cation. 8. Connect to the Windows 2000 o r 2003 serv er used to sign th e certificate. 9. Select the Request a certificate option.
System Configur ation 4-17 A File Download screen displa ys prompting the use r to select the download location for the certificate. 14. Click the Save button and save the certifi cate to a secure location. 15. Load the certificates on the AP-5131 . 16.
AP-5131 Access Po int Product Re ference Guide 4-18 If using the Sy mbol-CC-WS2000-MIB-2.0 and/or Sy mbol-AP-51 31-MIB to configure the AP-5131 , use the table below to locate the MIB wh ere the feature can be configured. NOTE The Symbol-AP-5131-MIB contains th e majority of the information contained within the Symb ol-CC-WS200 0-MIB-2.
System Configur ation 4-19 SNMP allows a network administrator to manage network performa nce, find and solve network problems, and plan for network growth. The AP-5131 supports SNMP management functio ns for gathering information from its network components, communicating that informatio n to specified users and configuring the AP-5131 .
AP-5131 Access Po int Product Re ference Guide 4-20 community strings for read-o nly and read/write access. SNMP vers ion 3 (v3) further enhan ces protocol features, providing much improved security . SNMP v3 encrypts transmissions and provides authentication for users generatin g requests.
System Configur ation 4-21 3. Configure the SNMP v3 User Definitions field (if SNMP v3 is used) to add and configure SNMP v3 user defi nitions. SNMP v3 user definitions allo w read-only or read/write access to ma nagement informatio n as appropriate. Delete Select Delete to remove a SNMP v1/v2c community definition.
AP-5131 Access Po int Product Re ference Guide 4-22 4. Specify the users who can read and optionally modify the SNMP-capable client. 5. If configuring SNMP v3 user defin itions, set the SNMP v3 engine ID. 6. Click Apply to save a ny changes to the SNMP Access scre en.
System Configur ation 4-23 7. Click Undo Changes (if necessary) to undo any change s made. Undo Changes reverts the settings displayed on the SNMP Access screen to the last saved configuration. 8. Click Logout to secu rely exit the AP-5131 Symbol Access Point applet.
AP-5131 Access Po int Product Re ference Guide 4-24 2. Configure the SNMP Access Control screen to add the IP addre sses of those users receiving SNMP access. Access Control List Enter Start IP and End IP addresses (numerical address es only , no DNS names supported) to sp ecify a range of user that can acc ess the AP-5 131 SNMP interface.
System Configur ation 4-25 4.4.2 Enabling SNMP T raps SNMP provides the ability to send traps to notify the admin istrator that trap conditions are met. T raps are network packets con taining data relating to network devices, or SNMP agents, that sen d the traps.
AP-5131 Access Po int Product Re ference Guide 4-26 2. Configure the SNMP v1/v2c T rap Co nfiguration field (if SNMP v1/v2c T raps are used) to modify the following: 3. Configure the SNMP v3 T rap Configuration field (if SNMP v3 T rap s are used) to modify the following: Add Click Add to create a new SNMP v1/v2c T rap Configuration entry .
System Configur ation 4-27 4. Click Apply to save any changes to the SNMP T rap Configu ration screen. Nav igating away from the screen without clicking the Apply button results in all changes to the screen b eing lost. 5. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 4-28 4.4.3 Configuring S pecific SNMP T raps Use the SNMP T raps screen to enable s pecific traps on the AP-5131 . Symbol recommends defin ing traps to capture unauthorized devic es operating within the AP-5131 cov erage area.
System Configur ation 4-29 3. Configure the SNMP T raps field to generate traps when SNMP capable MUs are denie d authentication privileg es or are subject of an ACL violation. When a trap is ena bled, a trap is sent eve ry 5 seconds until th e condition no longer exists.
AP-5131 Access Po int Product Re ference Guide 4-30 6. Click Apply to save any changes to the SNMP T raps screen . Navigating away from the screen without clicking the Appl y button results in all chan ges to the screen being lost. 7. Click Undo Changes (if necessary) to undo any change s made.
System Configur ation 4-31 2. Configure the RF T rap Thresholds field to define device threshold va lues for SNMP traps. NOTE A verage Bit Speed,% of Non-Unicast, A verage Signal, Average Retries,% Dropped and % Undecrypta ble are not AP-5131 statistics.
AP-5131 Access Po int Product Re ference Guide 4-32 3. Configure the Minimum Packets field to define a minimum packet throughput value for trap generation. 4. Click Apply to save a ny changes to the SNMP RF T raps scree n. Navigating away fro m the screen without clicking the Appl y button results in all chan ges to the screen being lost.
System Configur ation 4-33 T o manage clock synchronizatio n on the AP-5131: 1. Select Sy stem Configuration - > Date/T ime from th e AP-5131 menu tree . 2. From within the Current T ime field, click the Refresh button to update the time since th e screen was displayed by the user .
AP-5131 Access Po int Product Re ference Guide 4-34 This option is disabled when the Enable NTP o n AP-5131 checkbox has been selec ted, and therefore should be viewed as a second mean s to define the AP-5131 syste m time.
System Configur ation 4-35 4.6 Logging Configuration The AP-5131 p rovides the capability fo r periodically logging system events that p rove useful in assessing the through put and performance of the AP-5131 or troubleshoo ting problems on the AP-5131 managed Local Area Network (LAN).
AP-5131 Access Po int Product Re ference Guide 4-36 3. Click Apply to save an y changes to the Logging C onfiguration screen. Navigating aw ay from the screen without clicking the Apply button resu lts in all changes to the screen being lost. Vie w L o g Click Vi ew to save a log of events retained on the AP-5131 .
System Configur ation 4-37 4. Click Undo Changes (if necessary) to undo any change s made. Undo Changes reverts the settings displayed on the Logg ing Configuration scre en to the last saved configuration. 5. Click Logout to securely exit the AP-5 131 Symbol Access Point applet.
AP-5131 Access Po int Product Re ference Guide 4-38 T o create an impo rtable/exportable AP-5131 configuration file: 1. Select Sy stem Configuration - > Config Import/Export from the AP-5131 menu tree. 2. Configure the F TP and TF TP Import/Export field to import/export configuration settings.
System Configur ation 4-39 3. Configure the HTTP Import/Export field to import/export AP-5 131 configuration settings using HTTP . Username Specify a username to be used when logging in to the F TP server . A username is not required for TF TP server logins.
AP-5131 Access Po int Product Re ference Guide 4-40 4. Refer to the Status field to assess the comp letion of the import/export operation . Status After executing an operation (by clicking any of the .
System Configur ation 4-41 5. Click Apply to save the filename and Server IP info rmation. The Apply button does not execute the import or export opera tion, only saves the settings ente red. 6. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 4-42 For detailed update scenarios inv olving both a Win dows DHCP and a Linux BootP server configuration, see Configuring Automatic Updates us ing a DHCP or Linux BootP Server Configuration on page B-1 .
System Configur ation 4-43 3. Configure the DHCP Options field to enable automatic firmwa re and/or con figuration file updates. DHCP options are used for out-of-the-b ox rapid deployment for Symbol wireless products.
AP-5131 Access Po int Product Re ference Guide 4-44 The DHCP Server need s to be configured with the above mentio ned vendor spe cific options and vendor class identifie r . The update is condu cted over the LAN or W AN port dep ending on which is the active port at the time the firmware update request is made.
System Configur ation 4-45 • Username - Specify a username for the F T P server login. • Password - Specify a password for F TP server login. Default is symbol. 9. Click the Perform Update button to initiate the update. Upon confirming the firmware update, the AP reboots and completes the update.
AP-5131 Access Po int Product Re ference Guide 4-46 11. Confirm the AP-51 31 configuration is the same as it wa s before the firmware u pdate. If they are not, restore the settings. Refer to Importing/Exporting Configu rations on pa ge 4-37 for instructions on exporting the configu ration back to the AP-5131 .
System Configur ation 4-47 NOTE For a discussion on the implications of replacin g an existing Symbol AP-4131 deploym ent with an AP-5131, see Replacing an AP-4131 with an AP-5131 on pa ge B-19 .
AP-5131 Access Po int Product Re ference Guide 4-48.
Network Management Configuring network manag ement includes confi guring network aspects in numerous areas. See the following sections for more information on AP-5131 network management: • Configuring the LAN Interface • Configuring W AN Settings • Enabling Wireless LANs (WLANs) • Configuring Router Settings 5.
AP-5131 Access Po int Product Re ference Guide 5-2 Use the LAN Configuration screen to enable one (or both) of an AP-5131’ s LAN interfaces, ass ign them names, define which LAN is currently active on the AP -5131 Ethernet po rt and assign a timeout value to disable the LAN connection if no data tra ffic is detected within a defined interval.
Network Mana gement 5-3 3. Click Apply to save a ny changes to the LAN Configuration screen. Navigating away from the screen without clicking the Apply button results in all cha nges to the screen being lost if the prompts are ignored. 4. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 5-4 5. Click Logout to secu rely exit the AP-5131 Symbol Access Point apple t. A prompt displays confirming the logout before the applet is closed .
Network Mana gement 5-5 AP-5131. The AP-5131 then maps the targe t WLAN for the assigned VLAN and traffic passes normally , allowing for the completion of the DHCP request and further traffic. T o create new VLANs or edit the properties of an existing VLAN: 1.
AP-5131 Access Po int Product Re ference Guide 5-6 T o create a new VLAN, click the Create b utton, to edit the properties of an existing VLAN, click the Ed it button.
Network Mana gement 5-7 8. Enter a Management VLAN T ag for LAN1 and LAN2. The Management VLAN uses a default tag value of 1. The Management VLAN is used to distinguish VLAN traffic flows for the LAN. The trunk port marks the frames with spec ial tags as they pass betwe en the AP-5131 and its destination , these tags help dis tinguish data traffic.
AP-5131 Access Po int Product Re ference Guide 5-8 arrives on the AP-5131, it queries the VMPS for the VLAN a ssignment based on the s ource MAC address of th e arriving frame. If statically mapping VLANs, leave the Dynamic checkbox spec ific to the target WLAN and its intended VLAN unselected.
Network Mana gement 5-9 2. Configure the DHCP Configuration field to define the DHCP setting s used for the L AN. NOTE Symbol recommends the W AN and LAN ports should not both be configured as DHCP clients. This interface is a DHCP Client Select this button to enable DHCP to set AP-5131 network address information via this LAN1 or LAN2 connection.
AP-5131 Access Po int Product Re ference Guide 5-10 This interface is a BOOTP Client Select this button to enable BOOTP to set AP-5131 network address information via this LAN1 or LAN2 connection. When selected, only BOOTP responses are accepted by the AP-5131 .
Network Mana gement 5-11 3. Click Apply to save any changes to the LAN1 or LAN2 screen. Navigating away from th e screen without clicking the App ly button results in all changes to the screen being lost if the prompts are ignored. 4. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 5-12 available IP addresses. Th is is useful, for example, in education an d customer environments where MU users change frequently . Use long er leases if there are fewer users. T o generate a list of client MAC address to IP address mappin gs for the AP-5131: 1.
Network Mana gement 5-13 7. Click Cancel to undo any changes made. Undo Ch anges reverts the settings display ed to the last saved configuration. 5.1.2.2 Setting the T ype Filter Configuration Each AP-5131 LAN (either LAN1 or LAN2) can keep a list of frame types that it forwards or discards.
AP-5131 Access Po int Product Re ference Guide 5-14 3. T o add an Et hernet type, click the Add button. The Add Etherne t T y pe screen disp lays. Use this sc reen to add one type filter option at a time, for a list of up to 16 entries.
Network Mana gement 5-15 T o configure W AN settings for the AP-5 131: 1. Select Network Configuration -> WA N from the AP-5131 menu tree. 2. Refer to the WAN IP Configuration field to enable the W AN interface, and set network address information for the W AN connection.
AP-5131 Access Po int Product Re ference Guide 5-16 This interface is a DHCP Client This checkbox enables DHCP for the AP-5131 W AN connection. This is useful, if the larger corporate network or Internet Service Provider (ISP) uses DHCP .
Network Mana gement 5-17 3. Configure the PPP over Ethernet field to ena ble high speed dial-up connectio ns to the AP-5131 W AN port. More IP Addresses Click the More IP Addresses button to specify additional static IP addresses for the AP-5131 .
AP-5131 Access Po int Product Re ference Guide 5-18 4. Click Apply to save a ny changes to the W AN screen. Navigating away from the scree n without clicking the Apply butt on results in all changes to the screen b eing lost. 5. Click Undo Changes (if necessary) to undo any change s made.
Network Mana gement 5-19 5.2.1 Configuring Network Addr ess T ranslation (NA T) Settings Network Address T ransla tion (NA T) co nverts an IP address in one ne twork to a different IP addre ss or set of IP addresses in anothe r network.
AP-5131 Access Po int Product Re ference Guide 5-20 2. Configure the Addres s Mappings fie ld to generate a W AN IP address, define the NA T type and set outbo und/inbound NA T mappings.
Network Mana gement 5-21 5. Click Logout to secu rely exit the AP-5131 Symbol Access Point applet. A prompt display s confirming the logout before the applet is closed . 5.2.1.1 Configuring Port Forwarding Use the Port Forwarding screen to configure port forwarding paramete rs for inbound traffic from the associated W AN IP address.
AP-5131 Access Po int Product Re ference Guide 5-22 5. Click Ok to return to the NA T screen. Within the NA T screen, click Apply to save an y changes made on the Port Forward ing screen. 6. Click Cancel to undo any changes mad e on Port Forwarding screen.
Network Mana gement 5-23 T o configure WLANs on the AP-5131: 1. Select Network Configuration -> Wireless from the AP-5131 menu tree. If a WLAN is defined, that WLAN displays w i thin the Wireless Configuration screen. When the AP-5131 is first booted, WLAN1 exists as a de fault WLAN available immediately for connection.
AP-5131 Access Po int Product Re ference Guide 5-24 3. Click the Create button (if necessary) to launch the New WLAN screen. Use the New WLAN screen to de fine the properties of a new WLAN that would displa y and be selectable within th e Wireless Configuration screen.
Network Mana gement 5-25 Use the New WLAN and Edit WLAN s creens as required to create/modify a WLAN. T o crea te a new WLAN or edit the propertie s of an existing WLAN: 1. Select Network Configuration -> Wireless from the AP-5131 menu tree. The Wireless Configuration screen displays.
AP-5131 Access Po int Product Re ference Guide 5-26 3. Set the parameters in the Configuration field as required for the WLAN. ESSID Enter the Extended Services Set Identification (ESSID) associated with the WLAN. The WLAN name is auto-generated using the ESSID until changed by the user .
Network Mana gement 5-27 Name Define or revise the name for the WLAN. The name should be logical representation of WL AN coverage area (engineering, marketing etc.
AP-5131 Access Po int Product Re ference Guide 5-28 4. Configure the Security field as required to set the data protection requirements for the WLAN. 5. Configure the Advanced field as required to set MU in teroperability permissions, secure beacon transmissions, broa dcast ESSID acceptance and Quality of Se rvice (QoS) policie s.
Network Mana gement 5-29 6. Click Apply to save any changes to the WLAN s creen. Navigatin g away from the sc reen without clicking Apply results in all change s to the screens being lost. 7. Click Cancel to securely exit the New WLAN or Edit WLAN screen and return to the Wireless Configuration screen.
AP-5131 Access Po int Product Re ference Guide 5-30 security requirements o f the WLAN. Once new policies are defined, they are available within the New WLAN or Edit WLAN screens and can be mapped to an y WLAN. A single security policy can be used by more than one WLAN if its logical to do so.
Network Mana gement 5-31 2. Click Logout to exit the Sec urity Configuration screen. 5.3.1.2 Configuring a WLAN Access Control List (ACL) An Access Control Lists (ACL) affords a system administrator t.
AP-5131 Access Po int Product Re ference Guide 5-32 The Mobile Unit Acce ss Control List Confi guration screen displays with existing ACL policies and their current WLAN (if mapped to a WLAN). 2. Click the Create button to configure a n ew ACL policy , or select a po licy and click the Edit button to modify an existing ACL policy .
Network Mana gement 5-33 Either the New MU ACL Policy or Edit MU ACL Policy screens display . 3. Assign a name to the new or edited ACL polic y th at represents an inclusion or exclusion policy specific to a particular type o f MU traffic you ma y want to u se with a single or g roup of WLANs.
AP-5131 Access Po int Product Re ference Guide 5-34 5. Click Apply to save any changes to the Ne w MU ACL Policy or E dit MU ACL Policy s creen and return to the Mobile Unit Access Control List Configuratio n screen. Navigating away from the screen without clicking Apply resu lts in all changes to the screens being lost.
Network Mana gement 5-35 2. Click the Create button to configure a new QoS policy , or select a policy and click the Edit button to modify an existing QoS policy .
AP-5131 Access Po int Product Re ference Guide 5-36 3. Assign a name to the new or edited QoS policy that makes sense to the AP-5131 traffic receiving priority . More than one WLAN can use the same QoS policy . 4. Select the Support V oice prioritization checkbox to allow legac y voice prioritization.
Network Mana gement 5-37 5. Use the two Multicast Address fields to specify one or two MAC addresses to be used for multicast application s. Some V oIP devices make use of multicast addresse s. Using this mechanism ensures that the multica st packets for these devices are not d elayed by the packet queue.
AP-5131 Access Po int Product Re ference Guide 5-38 8. Configure the CW min and CW max (contention windows), AIFSN ( Arbitrary Inter -Frame Space Number ) a nd TXOPs T ime (opportunity to transmit) fo r each Access Catego ry . Their values are explained as follows.
Network Mana gement 5-39 9. Click Apply to save any chan ges to the New QoS Policy or Edit QoS Polic y screen to return to the Quality of Service Configuration scr een. Navigating away from the screen without clicking Apply results in all cha nges to the screen s being lost.
AP-5131 Access Po int Product Re ference Guide 5-40 5.3.1.4 Configuring WLAN Hotspot Support The AP-5131 e nables hotspot operators to provide use r authentication a nd accountin g without a special clie nt application. Th e AP-5131 uses a tradi tional Inte rnet browser as a s ecure authentication device.
Network Mana gement 5-41 3. Refer to the HTTP Redirection field to specify how the Login, Welcome, and Fail pages are maintained for this specific WLAN. The pages can be hosted locally or remotely . . 4. Use the External URL field to sp ecify the location of the login pag e, welcome page and fa il page used for hotspot ac cess.
AP-5131 Access Po int Product Re ference Guide 5-42 5. Click the White List Entries button (within the WhiteList Configuration field) to create a set of allowed destination IP addresses. These allowed destination IP addresses are called a White List. T en configurable IP addresses are allowed for each WLAN.
Network Mana gement 5-43 8. Click OK to save any changes to the Hotspo t Configuration screen. Navigating away from the screen without clicking Apply results in all changes to the screens being lost. 9. Click Cancel (if necessary) to und o any changes made.
AP-5131 Access Po int Product Re ference Guide 5-44 When a client reque sts a URL from a Web server , the login ha ndler returns an HTTP re direction status code (for example, 301 Moved Permanently), which indicates to the browser it should look for the page at another URL.
Network Mana gement 5-45 5.3.2 Setting the WLAN’ s Radio Configuration Each AP-5131 WLAN ca n have a separate 802.11a or 802.11b/g radio configured and mapped to that WLAN. The first step is to enable the radio. One of two possible radio configura tion pages are available on the AP -5131 depending on whic h model SKU is purchased.
AP-5131 Access Po int Product Re ference Guide 5-46 2. Enable the radio(s) using the Enable checkbox(es). Refer to RF Band of Operation parameter to ensure you are ena bling the corre ct 802.11a or 802.11b/g ra dio. After the settings are applied within this Radio Configuration screen, the Radio Status and MUs connected values update .
Network Mana gement 5-47 The maximum number of client brid ge con nections per AP -5131 radio is 12, with 24 representing the maximum for dual-radio mo dels.
AP-5131 Access Po int Product Re ference Guide 5-48 within th e BBs Conn ected field. If this is an existing r adio within a mesh netw ork, these values update in real-time. 6. Click the Advanced button to define a prioritized list of access points to define Mesh Connection links .
Network Mana gement 5-49 On a single-radio AP-513 1, Radio1 could ei ther be an 802.11a or 802.11b/g radio depe nding on which radio has been ena bled. 2. Configure the Properties field to assign a name and placement designation for the radio . Placement Use the Placement drop-down menu to specify whether the radio is located outdoors or indoors.
AP-5131 Access Po int Product Re ference Guide 5-50 3. Configure the Radio Settings field to assign a channel, an tenna diversity s etting, radio transmit power lev el and data rate. ERP Protection Extended Rate PHY (ERP) allows 802.11g MUs to interoperate with 802.
Network Mana gement 5-51 4. Refer to the Beacon Settings field to se t the radio beacon and DTIM inte rvals. Set Rates Click the Set Rates button to display a window for selecting minimum and maximum data transmit rates for the radio. At least one Basic Rate must be selected as a minimum transmit rate value.
AP-5131 Access Po int Product Re ference Guide 5-52 5. Configure the Perfor mance field to set th e preamble, thres holds values, data rates and QoS values for the radio. Beacon Interval The beacon interval controls the performance of power save stations.
Network Mana gement 5-53 6. Select the Advanced Setting s tab to strategically map BSSIDs to WLANs in order to define them as primary WLANs. Set RF QoS Click the Set RF QoS button to display the Set RF QOS screen to set QoS parameters for the AP-5131 radio.
AP-5131 Access Po int Product Re ference Guide 5-54 Defining Primary WLANs allows an administrator to dedicate BSSIDs (4 BSSIDs are available for mapping) to WLANs. From that initial BSSID assignment, Primary WLANs can be defined from within the WLANs assigned to BSSID groups 1 through 4.
Network Mana gement 5-55 7. Use the Primary WLAN drop-down menu to select a WLAN from those WLANs sh aring the same BSSID. The s elected WLAN is the primary WLAN fo r the specified BSSID. 8. Click Apply to save a ny changes to the Radio Settings and Advanced Se ttings screens.
AP-5131 Access Po int Product Re ference Guide 5-56 2. Use the Bandwidth Share M ode drop-down menu to define the order enabled WLANs receive AP-5131 se rvices. Select one of the following three optio ns: 3. Configure the Bandwid th Share for Each WLAN field to set a raw weight (for WLANs using the Weighted Round-Robin option) for each WLAN.
Network Mana gement 5-57 4. Click Apply to save a ny changes to the Bandwidth Manage ment screen. Na vigating away from the screen without clicking Apply resu lts in all changes to the screens being lost. 5. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 5-58 2. Refer to the AP-5131 Router T able field to view existing routes. The AP-5131 Route r T able field displays a list of connec ted routes between an enabled subnet and the router . These ro utes can be chan ged by modifying the IP address and subnet masks of the enabled sub nets.
Network Mana gement 5-59 5. Use the User Defined Routes field to add or delete static routes. The User Defined Routes field allows th e administrator to view , add or delete internal static (dedicated) ro utes. a. Click the Add button to create a new table entry .
AP-5131 Access Po int Product Re ference Guide 5-60 2. Select a routing direction from the RIP Direction drop-down menu. Both (for both directions), Rx only (rec eive only), and TX only (transmit only) are availa ble options. 3. If RIP v2 o r RIP v2 (v1 c ompat) is the selected RIP type, the RIP v2 Authentication field becomes activ e.
Network Mana gement 5-61 4. If th e Simpl e authen tication method i s selecte d, speci fy a p assword o f up to 1 5 alphanumeric ch aracters in the Password (Simple Authentication) area. 5. If the MD 5 authenti cation me thod is sel ected, fill in the Key #1 field (Key #2 is optio nal).
AP-5131 Access Po int Product Re ference Guide 5-62.
Configuring Access Point Security Security measures fo r the AP-5131 and its WLANs are critical. Use the available AP-5131 se curity options to protect the AP-5131 LAN from wireless vu lnerabilities, and safeguard the transmission o f RF packets between the AP-5131 and its associated MUs.
AP-5131 Access Po int Product Re ference Guide 6-2 6.1 Configuring Security Options T o configure the data protection options a va ilable on the AP-5131, refer to the following: • T o set an administrative password for secure AP-5131 logins, see Setting Passw ords on page 6-3 .
Configur ing Access Po int Security 6-3 6.2 Setting Passwords Before setting the AP-5131 security parameters, ve rify an administrative password for the AP-5131 has been created to restrict access to the device before advanced device security is configu red.
AP-5131 Access Po int Product Re ference Guide 6-4 4. Log in using th e “ admin ” as the default User ID an d “ symbol ” as the default Passwor d. If the default login is successful, the Change Admin Password window displays. Change the default login and password to significantly dec rease the likelihood of hacking.
Configur ing Access Po int Security 6-5 4. Press <ESC> or <Enter> to access the AP-5131 CLI. A serial connection has now been estab lished and the use r should be able to view the serial connection window .
AP-5131 Access Po int Product Re ference Guide 6-6 Each WLAN (16 WLANs available in total to an AP-5131 re gardless of the mo del) can have a s eparate security policy . How ever , more than one WLAN can use the same security policy . Therefore , to avoid confusion, do not name secu rity policies the same name as WLANs.
Configur ing Access Po int Security 6-7 3. Use the Name field to define a logical secu rity policy name. Remember , multiple WLANs ca n share the same security policy , so be careful not to name security policies after specific WLANs or risk defin ing a WLAN to single policy .
AP-5131 Access Po int Product Re ference Guide 6-8 6. Click Apply to keep changes made within the New Security Policy screen (if any). Configure encryption or auth entication supported security polici.
Configur ing Access Po int Security 6-9 7. Click Cancel to return to the target WLAN screen w ithout keeping any of the cha nges made within the New Securi ty Policy screen.
AP-5131 Access Po int Product Re ference Guide 6-10 3. Select the Kerberos radio button. The Kerberos Co nfiguration field displays within the New Security Policy screen. 4. Ensure the Name of the security policy entered suits the intended configuration or function of the policy .
Configur ing Access Po int Security 6-11 6. Click the Apply button to return to the WLAN scree n to save any changes mad e within the Kerberos Configuration field of the New Security Policy scree n. 7. Click the Cancel button to undo any changes made within the Kerberos Configuration fie ld and return to the WLAN scre en.
AP-5131 Access Po int Product Re ference Guide 6-12 3. Select the 802.1x EAP radio button. The 802.1x EAP Settings field display s within the New Security Policy screen. 4. Ensure the Name of the security policy entered suits the intended configuration or function of the policy .
Configur ing Access Po int Security 6-13 Radius Server Address If using an External Radius Server , specify the numerical (non-DNS) IP address of a primary Remote Dial-In User Service (Radius) server . Optionally , specify the IP address of a secondary server .
AP-5131 Access Po int Product Re ference Guide 6-14 7. Select the Account ing tab as required to d efine a timeout pe riod and retry interval Syslog for MUs interoperating with the AP-5131 and EAP authentication server .
Configur ing Access Po int Security 6-15 9. Select the Advanced Settings tab as required to specify a MU quiet period, time out interval, transmit period, a nd retry period for MUs an d the authentication server .
AP-5131 Access Po int Product Re ference Guide 6-16 11. Click the Cancel button to undo any chang es made within the 802.1x EAP Settings field and return to the WLAN screen. This reverts all settings for the 802.1x E AP Settings field to the last saved configurat ion.
Configur ing Access Po int Security 6-17 5. Configure the WEP 64 Settings or WEP 128 Settings field as required to d efine the Pass Key used to genera te the WEP keys. These keys m ust be the same be tween the AP-5131 an d its MU to encrypt packets between the two devices.
AP-5131 Access Po int Product Re ference Guide 6-18 Default (hexadecimal) keys for WEP 128 include: 6. Click the Apply button to save any chan ges made within the WEP 64 Setting or WEP 128 Setting field of the New Security Policy scree n.
Configur ing Access Po int Security 6-19 3. Select the KeyGuard ra dio button. The KeyGuard Settings field displays within the New Security Policy screen. 4. Ensure the Name of the security policy entered suits the inten ded configuration or function of the policy .
AP-5131 Access Po int Product Re ference Guide 6-20 Default (hexadecimal) keys for KeyGuard include: 6. Select the Allow WEP128 Clients checkbox (from within the KeyGua rd Mixed Mo de field) to enab le WEP128 c lients to associate with an AP-5131’ s KeyGua rd supported WLAN.
Configur ing Access Po int Security 6-21 3. Select the WP A/TKIP radio button . The WP A/TKIP Settings field displays within the New Security Po licy screen. 4. Ensure the Name of the security policy entered suits the intended configuration or function of the policy .
AP-5131 Access Po int Product Re ference Guide 6-22 Default (hexadecimal) 256-bit keys for WP A/TKIP include: 1011121314151 617 18191A1B1C1D1E1F 2021222324252 627 28292A2B2C2D2E2F 7. Click the Apply button to save any changes made within the WP A/TKIP Se ttings field of the New Security Policy screen.
Configur ing Access Po int Security 6-23 If security policies supporting WP A2 -CCMP exist, they appear within the Security Configuration screen. These e xisting policies can be used as is, or the ir properties ed ited by clicking the Edit button. T o configu re a new security policy supporting WP A2-CCMP , continue to step 2.
AP-5131 Access Po int Product Re ference Guide 6-24 6. Configure the Key Settings area as needed to set an ASCII Pas sphrase and 128-bit key . Default (hexadecimal) 256-bit keys for WP2A/CCMP include: 1011121314151 617 18191A1B1C1D1E1F 2021222324252 627 28292A2B2C2D2E2F 7.
Configur ing Access Po int Security 6-25 8. Configure the Fast Roaming (802.1x only) field a s required to en able additional AP-5131 roaming and key caching options. This featur e is applicable only when using 802 .1x EAP authentication with WP A2/CCMP .
AP-5131 Access Po int Product Re ference Guide 6-26 2. Refer to the Global Firewall Disable field to enable or disable the AP-5131 firewa ll. 3. Refer to the T imeout Configuration field to define a timeout interval to terminate IP address translations.
Configur ing Access Po int Security 6-27 5. Click Apply to save a ny changes to the Firewall scree n. Navigating away from the scree n without clicking the Apply button results in all changes to the screens being lost. 6. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 6-28 6.10.1 Configuring LA N to W AN Access The AP-5131 LAN can be configu red to communicate with the W AN side of the AP-5131.
Configur ing Access Po int Security 6-29 3. Configure the Rules field as re quired to allow or deny access to selected (enabled) protocols. Allow or Deny all protocols, except Use the drop-down menu to select either Allow or Deny .
AP-5131 Access Po int Product Re ference Guide 6-30 Pre configured Rules The following protocols are preconfigured with the AP-5131 . T o enable a protocol, check the box next to the protocol name. • HTTP - Hypertext T ransfer Protocol is the protocol for transferring files on the W eb.
Configur ing Access Po int Security 6-31 4. Click Apply to save a ny changes to the Subnet Access screen. Naviga ting away from the screen without clicking the Apply button results in all changes to the screens being lost. 5. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 6-32 between two end points. ESP can also be used in tunnel mode, providing security like that of a V irtual Pr ivate Network (VPN). • GRE - General Routing Encapsulation suppo rts VPNs across the Internet.
Configur ing Access Po int Security 6-33 2. Configure the Settings field as neede d to override the settings in the Subn et Access screen and import firewall rule s into the Advanced Subnet Access screen. 3. Configure the Firewall Rules field as req uired add, insert or delete firewall rules into the list of advanced rules.
AP-5131 Access Po int Product Re ference Guide 6-34 4. Click Apply to save any changes to the Advanced Subn et Access screen. Navigating away from the screen without clicking Apply resu lts in all changes to the screens being lost. 5. Click Undo Changes (if necessary) to undo any cha nges made.
Configur ing Access Po int Security 6-35 Use the VPN screen to add and remove VPN tunnels. T o c onfigure an existing VP N tunnel, select it from the list in the VPN T unnels field. The selected tunnel’ s configuration displays in a VPN T unnel Config field.
AP-5131 Access Po int Product Re ference Guide 6-36 If AP-5131 #1 has the followin g values: • W AN IP address: 20.1.1.2 • LAN IP address: 10.1.1.1 • Subnet Mask: 255.0 .0.0 Then, the VPN value s for AP-5131 #2 should be : • Remote subnet: 10.
Configur ing Access Po int Security 6-37 Subnet name Use the drop-down menu to specify the LAN1 or LAN2 conne ction used for routing VPN traffic. Remember , only one LAN connection can be active on the AP-5131 Ethernet port at a time.
AP-5131 Access Po int Product Re ference Guide 6-38 4. Click Apply to save any changes to the VPN screen as well as changes mad e to the Auto Key Settings, IKE Settings an d Manual Key Settings screens . Navigating away from the screen without clicking the Appl y button results in all changes to the screens being lost.
Configur ing Access Po int Security 6-39 3. Configure the Manual Key Settings screen to modify the following: NOTE When entering Inbou nd or Outbound encryption or a uthentication keys, an error message could display stating the keys prov ided are “weak”.
AP-5131 Access Po int Product Re ference Guide 6-40 Inbound AH Authentication Key Configure a key for computing the integrity check on inbound traffic with the selected authentication algorithm. The key must be 32/40 (for MD5/SHA1) hexadecimal (0-9, A-F) characters in length.
Configur ing Access Po int Security 6-41 The Inbound an d Outbound SPI settin gs are required to be interpolated to functio n correctly . For example: AP1 Inbound SPI = 800 AP1 Outbound SPI = 801 Inbound ESP Encryption Key Enter a key for inbound traffic.
AP-5131 Access Po int Product Re ference Guide 6-42 AP2 Inbound SPI = 801 AP2 Outbound SPI = 800 4. Click Ok to return to the VPN screen. Click A pply to retain the settings made on the Manual Key Settings screen. 5. Click Cancel to return to the VPN screen without retaining the changes made to the Manual Key Settings screen.
Configur ing Access Po int Security 6-43 3. Configure the Auto Key Settings screen to modify the following : Use Perfect Forward Secrecy Forward secrecy is a key-establishment protocol guaranteeing the discovery of a session key or long-term priv ate key does not compromise the keys of other sessions.
AP-5131 Access Po int Product Re ference Guide 6-44 4. Click Ok to return to the VPN screen. Click Apply to retain the settings made on the Aut o Key Settings screen. 5. Click Cancel to return to the VPN screen without re ta ining the changes ma de to this screen.
Configur ing Access Po int Security 6-45 3. Configure the IKE Key Settings screen to modify the following: Operation Mode The Phase I protocols of IKE are based on the ISAKMP identity- protection and aggressive exchanges. IKE main mode refers to the identity-protection exchange, and IKE aggressive mode refers to the aggressive exchange.
AP-5131 Access Po int Product Re ference Guide 6-46 Local ID T ype Select the type of ID to be used for the AP-5131 end of the SA. • IP - Select IP if the local ID type is the IP address specified as part of the tunnel. • FQDN - Use FQDN if the local ID is a fully qualified domain name (such as sj.
Configur ing Access Po int Security 6-47 IKE Authentication Algorithm IKE provides data authentication and anti-replay services for the VPN tunnel. Select an authenticati on methods from the drop-down menu. • MD5 - Enables the Message Digest 5 algorithm.
AP-5131 Access Po int Product Re ference Guide 6-48 4. Click Ok to return to the VPN screen. Click Apply to retain the settings made on the IKE Settings screen. 5. Click Cancel to return to the VPN screen without retaining the changes made to the IKE Settings screen.
Configur ing Access Po int Security 6-49 2. Reference th e Security Associatio ns field to view the following: T unnel Name The T unnel Na me column lists the names of all the tunnels configured on the AP-5131 . For information on configuring a tunnel, see Configuring VPN T unnels on page 6-34 .
AP-5131 Access Po int Product Re ference Guide 6-50 3. Click the Reset VPNs button to reset active VPNs. Selecting Reset VPNs forces renegotiation of all the Security Associations and keys. Users could notice a s light pause in network performance. 4.
Configur ing Access Po int Security 6-51 T o configure conten t filtering for the AP -5131: 1. Select Network Configuration -> WAN -> Content Filtering from the AP-5131 menu tree. 2. Configure the HTTP field to conf igure block Web proxies and URL extensions.
AP-5131 Access Po int Product Re ference Guide 6-52 3. Configure the SMTP field to disable or restrict sp ecific kinds of network mail traffic. 4. Configure the FT P field to block or restrict vari ous F TP traffic on the network.
Configur ing Access Po int Security 6-53 5. Click Apply to save any changes to the Content Filtering scre en. Navigating away fro m the screen without clicking the Apply button results in all chan ges to the screens being lost. 6. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 6-54 The rogue detection interval is used in conjuncti on with Symbol MUs that identify themse lves as rogue detection capable to the AP-5131 . The detection interval defin es how ofte n the AP-5131 requests these MUs to s can for a rogue AP .
Configur ing Access Po int Security 6-55 3. Use the Allowed AP List field to restric t Symbol AP’ s from Rogue AP detection and create a list of device MAC addresses and ESSID’ s approved for interoperability with the AP-5131. RF Scan by MU Select the RF Scan by MU checkbox to enable MUs to scan for potential rogue APs within the network.
AP-5131 Access Po int Product Re ference Guide 6-56 4. Click Apply to save any ch anges to the Rogue AP Detection scree n. Navigating away fro m the screen without clicking Apply results in all changes to the screens being lost. 5. Click Undo Changes (if necessary) to undo any change s made.
Configur ing Access Po int Security 6-57 The Active APs screen displays with detected rogue devices displayed within the Rogue APs table. 2. Enter a value (in minu tes) in the Allowed APs Age Out T ime field to indicate the number of elapsed minutes before an AP will be remove d from the approved list and reevaluated.
AP-5131 Access Po int Product Re ference Guide 6-58 6. Highlight a rog ue AP and click the Details bu tton to display a screen with device and detection information sp ecific to that rogue device. This information is helpful in determining if a rogue AP should be moved to the Allowed APs table.
Configur ing Access Po int Security 6-59 3. Refer to the Rogue AP Detai l field for the following information: 4. Refer to the Rogue Detecto r Detail field for the fo llowing inform ation: BSSID/MAC Displays the MAC address of the rogue AP .
AP-5131 Access Po int Product Re ference Guide 6-60 5. Click OK to securely exit the Detail screen and return to t he Active APs screen. 6. Click Ca ncel (if necessary) to undo any changes ma de and return to the Active APs screen.
Configur ing Access Po int Security 6-61 2. Highli ght an M U from wi thin the Rogue AP enabled MUs field and click the scan butto n. The target MU begins scann ing for rogue devices using the detection parameters defined within the Rogue AP Detection scre en.
AP-5131 Access Po int Product Re ference Guide 6-62 6. Click Logout to return to the Rogue AP Detection screen. 6.14 Configuring User Authentication The AP-5131 can work with external RADIUS and LDAP Servers (AAA Servers) to provide user database inform ation and user authe ntication.
Configur ing Access Po int Security 6-63 3. Use the TTLS/PEAP Configuration field to specify the Radius Se rver default EAP type, EAP authentication type and a Server or CA certificate (if used). LDAP If LDAP is selected, the switch w ill use the data in an LDAP server .
AP-5131 Access Po int Product Re ference Guide 6-64 Default Authentication Ty p e Specify a PEAP and/or TTLS Authentication T ype for EAP to use from the drop-down menu to the right of each checkbox item.
Configur ing Access Po int Security 6-65 4. Use the Radius Client Authenti cation table to config ure multiple shared secrets based on the subnet or host attemptin g to authenticate with the Radius server . Use the Add b utton to add entries to the list.
AP-5131 Access Po int Product Re ference Guide 6-66 2. Enter the approp riate information within th e LDAP Configuration field to allow the AP-5131 to interoperate with the LDAP server . Co nsult with your LDAP server administrator for details on how to define the values in this screen.
Configur ing Access Po int Security 6-67 3. Click Apply to save a ny changes to the LDAP screen. Navigating away from the screen without clicking Apply results in all change s to the screen b eing lost. 4. Click Undo Changes (if necessary) to undo any change s made.
AP-5131 Access Po int Product Re ference Guide 6-68 2. Refer to the Proxy Configur ation field to define the proxy server’ s retry count and time out values.
Configur ing Access Po int Security 6-69 4. T o remove a row , select the row and click the Del (Delete) button. 5. Click Apply to save any changes to the Proxy screen. Navigating away fro m the screen without clicking Apply results in all change s to the screen b eing lost.
AP-5131 Access Po int Product Re ference Guide 6-70 Refer to the Groups field for a list of all groups in the loca l Radius databas e. The groups are listed in the order ad ded. Although group s can be added and deleted, there is n o capability to edit a group name.
Configur ing Access Po int Security 6-71 7. Click the List of Groups cell. A new screen displays enabling you to asso ciate groups with the user . For more information on mapping groups with a user , see Mapping Users to Groups on page 6-71 . 8. Click Apply to save a ny changes to the Users screen .
AP-5131 Access Po int Product Re ference Guide 6-72 3. T o add the user to a group, select the group in the Available list (on the right) and click the <-Add button. Assigned users will display within the Assigned table. Ma p one or mo re groups a s needed for group authentication acce ss for this particular user .
Configur ing Access Po int Security 6-73 WLAN or editing the properties of an existing WLAN, see Creating/Editing Individual WLANs on page 5-24 1. Select User Authentication -> Radius Server -> Access Policy from th e AP-5131 menu tree . 2. Click the WLANs button to the rig ht of a specific group name.
AP-5131 Access Po int Product Re ference Guide 6-74 7. Click Logout to secu rely exit the AP-5131 Symbol Access Point apple t. A prompt displays confirming the logout before the applet is closed .
Monitoring Statistics The AP-5131 has functionality to display robus t transmit and receive statistics for its W AN and LAN port. Wireless Local Area Network (WLAN) stats can also be displaye d collectively for each enabled WLAN as well as individually for up to 16 specific WLANs.
AP-5131 Access Po int Product Re ference Guide 7-2 See the followin g sections for more details on viewing statistics for the AP-5131: • V iewing W AN Statistics • V iewing LAN Statistics • V ie.
Monito ring Statist ics 7-3 2. Refer to the Information field to reference the following AP-5131 W AN data: Status The Status field display s Enabled if the W AN interface is enabled on the WAN screen. If the W AN interface is disab led on the W AN screen, the W AN Stats screen displays no connection information and statistics.
AP-5131 Access Po int Product Re ference Guide 7-4 3. Refer to the Received field to reference data received over the AP-5131 W AN port. 4. Refer to the T ransmitted field to reference data received over the AP-513 1 W AN port.
Monito ring Statist ics 7-5 5. Click the Clear WAN Stats button to reset each of the data collection counters to zero in order to begin new data collectio ns. The RX/TX Packets and RX/TX Bytes totals remain at their present values and are not cleared.
AP-5131 Access Po int Product Re ference Guide 7-6 7.2 V iewing LAN Statistics Use the LAN Stats screen to monitor the activity of the AP-51 31 LAN1 or LAN2 connection. The Information field of the LAN Stats screen displays netwo rk traffic informatio n as monitored over the AP-5131 LAN1 or LAN2 port.
Monito ring Statist ics 7-7 3. Refer to the Received field to view data received over the AP-5131 LAN port. 4. Refer to the T ransmitted field to view statistics transmitted over the AP-5131 LAN port. Network Mask The first two sets of numbers spec ify the network domain, the next set specifies the subset of hos ts within a larger network.
AP-5131 Access Po int Product Re ference Guide 7-8 5. Click the Clear LAN Stats button to reset each of the data collection counters to zero in order to begin new data collectio ns. The RX/TX Packets and RX/TX Bytes totals remain at their present values and are not cleared.
Monito ring Statist ics 7-9 7.2.1 V iewing a LAN’ s STP Statistics Each AP-5131 LAN ha s the ability to track its own unique STP statistics. Refer to the LAN STP Stats page when asse ssing mesh networking function ality for each o f the two AP-5131 LANs.
AP-5131 Access Po int Product Re ference Guide 7-10 3. Refer to the Port Interface T able to assess the state of the traffic over the ports listed within the table for the root and bridge and designated bridge s. Designated Root Displays the AP-5131 MAC address of the bridge defined as the root bridge in the Bridge STP Configuration screen.
Monito ring Statist ics 7-11 4. Click the Logout button to sec urely exit the AP-5131 Symbol Access Point applet. Th ere will be a prompt confirming logout before the applet is closed. 7.3 V iewing Wireless Statistics Use the WLAN Statistics Summary screen to view overview sta tistics for active (enabled) WLANs on the AP-5131.
AP-5131 Access Po int Product Re ference Guide 7-12 2. Refer to the WLAN Summary field to reference high-level da ta for each enabled WLAN. Name Displays the names of all the enabled WLANs on the AP-5131 . For information on enabling a WLAN, see Enabling Wireless LANs (WLANs) on page 5-22 .
Monito ring Statist ics 7-13 3. Refer to the T o tal AP RF T raffic field to view throughput information for the AP-5131 a nd WLAN. 4. Click the Clear RF Stats button to reset eac h of the data c ollection counters to zero in order to begin new data collection s.
AP-5131 Access Po int Product Re ference Guide 7-14 information. The T raffic field displays statistics on RF traffic and thro ughput. The RF Status field displays information on RF signal averag es from the associated MUs. The Error field displays RF traffic errors based o n retries, dropped p ackets, and undec ryptable packets.
Monito ring Statist ics 7-15 3. Refer to the T raffic field to view performance and thro ughput information for the WLAN selected from the AP-513 1 menu tree.
AP-5131 Access Po int Product Re ference Guide 7-16 4. Refer to the RF Status field to view the following MU signal, noise and performance information for the WLAN selected from the AP-51 31 menu tree. 5. Refer to the Errors field to view MU associa tion error st atistics for the WLAN selected from the AP-5131 menu tree.
Monito ring Statist ics 7-17 6. Click the Clear WLAN Stats button to reset each of the data collection counters to zero in order to begin new data colle ctions. Do not clear the WLAN stats if currently in an important data gathering activ ity or risk losing all data calculations to that point.
AP-5131 Access Po int Product Re ference Guide 7-18 3. Click the Clear All Radio Stats button to reset ea ch of the data collection counters to zero in order to begin new data co llections. Do not clear the radio stats if currently in an important dat a gatherin g activity or risk losing all data calculations to that point.
Monito ring Statist ics 7-19 dropped or could not dec rypt. The information within the 8 02.11a Radio Statistics s creen is view-only with no configurable data fields. T o view detailed radio statistics: 1. Select Status and Statistics -> Radio Stats -> Radio1(802.
AP-5131 Access Po int Product Re ference Guide 7-20 3. Refer to the T raffic field to view performan ce and thro ughput information for the target AP-5131 802.11a or 802 .11b/g radio. Placement Lists whether the AP-5131 radio is indoors or outdoors. T o change the placement setting, see Configuring the 802.
Monito ring Statist ics 7-21 4. Refer to the RF Status field to view the following MU signal, noise and performance information for the target AP-5131 8 02.11a or 802.11b /g radio. 5. Refer to the Errors field to reference retry information as well as data transmissions the target AP-5131 802.
AP-5131 Access Po int Product Re ference Guide 7-22 7.4.1.1 Retry Histogram Refer to the Retry Histro gram screen for an overview of the retries transmitted by an AP-5131 radio and whether those retries contained any data packets.
Monito ring Statist ics 7-23 2. Click Apply to save any changes to the Radio Histogram screen. Nav igating away fro m the screen without clicking Apply results in changes to the screens being lost. 3. Click Undo Changes (if necessary) to undo any changes mad e to the screen.
AP-5131 Access Po int Product Re ference Guide 7-24 2. Refer to the MU List field to reference associated MU address, through put and retry information. 3. Click the Refresh button to upda te the data collections displayed without resetting th e data collections to zero.
Monito ring Statist ics 7-25 8. Click the Logout button to secu rely exit the AP-5131 Sym bol Access Point applet. A prom pt displays confirming the logout before the applet is close d.
AP-5131 Access Po int Product Re ference Guide 7-26 5. Refer to the T raffic field to view individu al MU RF throughput information. QoS Client T ype Displays the data type transmitted by the mobile unit. Possible types include Legacy , Vo i c e , WMM Ba seline and Po wer Save .
Monito ring Statist ics 7-27 6. Refer to the RF Status field to view MU signal a nd signal disturba nce information. 7. Refer to the Errors field to view MU retry information and statis tics on packets not transmitted. 8. Click OK to exit the screen. 7.
AP-5131 Access Po int Product Re ference Guide 7-28 T o ping a specific MU to assess its conne ction with an AP-513 1: 1. Select Status and Statistics - > MU Stats from the AP-5131 menu tree. 2. Select the Echo T est button from within the MU Stat s Summary screen 3.
Monito ring Statist ics 7-29 7.6 V iewing the Mesh Statistics Summary The AP-5131 has the capability of de tecting and disp la ying the properties of other access points in mesh network (eith er base bridges or client bridge s) mode. This in form ation is us ed to create a list of known wireless bridge s.
AP-5131 Access Po int Product Re ference Guide 7-30 2. Click the Refresh button to update the display of the Mesh Statistics Summary screen to the latest values. 3. Click the Details button to disp lay address and radio informatio n for those AP-51 31s in a client bridge conf iguration with this detecting AP-5131.
Monito ring Statist ics 7-31 The Known AP Statistics screen displays the followin g information: 2. Click the Clear Known AP Stats button to reset each of the data collection counters to zero in order to begin new data co llections. 3. Click the Details button to display AP-5131 address and radio information.
AP-5131 Access Po int Product Re ference Guide 7-32 The Known AP Details screen displays the tar get AP’ s MAC addre ss, IP address, radio channel, numb er of associate d MUs, packet throughput per second, rad io type(s), model, firmware version, ESS and client bridges currently connected to the AP radio.
Monito ring Statist ics 7-33 5. Click the Send Cfg to APs button to send the your AP-513 1’ s configuration to other AP- 5131’ s. Recip ient AP-5131 must be the same single or dual-rad io model as the AP-5131 sending the configuration. The sending and re cipient AP-5131’ s must also be running the same major firmware version (i.
AP-5131 Access Po int Product Re ference Guide 7-34.
Command Line Interface Reference The AP-5131 Command Line Interface (CLI) is access ed through the serial port or a T eln et session. The AP-5131 CLI follows the same conventions as the Web-based user interface. The CLI do es, however , provide an “escape seq uence” to provide diagnost ics for problem identification and resolution.
AP-5131 Acce ss Point Produ ct Reference G uide 8-2 8.1.2 Accessing the CLI via T elnet T o connect to th e AP-5131 CLI through a T e lnet connection: 1. T elnet into the AP -5131 using an IP address of 192.168.0.1 2. Enter the default usern ame of admin and the defa ult password of symbol .
Command Line Interfa ce Reference 8-3 8.2 Admin and Common Commands AP5131>admin> Description: Displays admin configuration options. The items available under this command are shown below . Syntax: help Displays general user interface help. passwd Changes the admin password.
AP-5131 Acce ss Point Produ ct Reference G uide 8-4 AP5131>admin>help Description: Displays general CLI user interface help. Syntax: Example: admin> help ? : display command help - Eg. ?, show ?, s? * Restriction of “?”: : “?” after a function argument is tre ated : as an argument : Eg.
Command Line Interfa ce Reference 8-5 AP5131>admin>passwd Description: Changes the password for the admin log in. Syntax: Example: admin> passwd Old Admin Password:****** New Admin Password:*.
AP-5131 Acce ss Point Produ ct Reference G uide 8-6 AP5131>admin>summary Description: Displays the AP-5131’ s system sum mary . Syntax: Example: admin> summary AP-5131 firmware version 1.
Command Line Interfa ce Reference 8-7 AP5131>admin>.. Description: Displays the parent menu of the current men u. This command appea rs in all of the s ubmenus under admin . In each case, it has the same function, to move up one le vel in the directory structure.
AP-5131 Acce ss Point Produ ct Reference G uide 8-8 AP5131>admin> / Description: Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenu s under admin. In each case, it has the same function, to move up to the top level in the directory structure.
Command Line Interfa ce Reference 8-9 AP5131>admin>save Description: Saves the configuration to system flash. The save command appears in all of the submenus under admin. In each case , it has the same function, to save the current configuration.
AP-5131 Acce ss Point Produ ct Reference G uide 8-10 AP5131>admin>quit Description: Exits the command line interface session an d terminates the session. The quit command appears in all of the sub menus under admin. In each case, it has the same function, to exit out of the CLI.
Command Line Interfa ce Reference 8-11 8.3 Network Commands AP5131>admin(network)> Description: Displays the network submenu . The items available under this comman d are shown below . lan Goes to the LAN submenu. wan Goes to the W AN sub menu. wireless Goes to the Wireless Configuration submen u.
AP-5131 Acce ss Point Produ ct Reference G uide 8-12 8.3.1 Network LAN Commands AP5131>admin(network.lan)> Description: Displays the LAN submenu. The items availa ble under this command are shown below . For an overview of the AP-5131’ s LAN config uration options using the applet (GUI), see Configuring the LAN Interface on page 5-1 .
Command Line Interfa ce Reference 8-13 AP5131>admin(network.lan)> show Description: Displays the AP-5131 LAN settings. Syntax: Example: admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-14 Primary DNS Server : 192.168.0.2 Secondary DNS Server : 192.168.0. 3 WINS Server : 192.168.0.255 admin(network.lan)> For information on displaying LAN information using the applet (GUI), see Configuring the LAN Interface on page 5-1 .
Command Line Interfa ce Reference 8-15 AP5131>admin(network.lan)> set Description: Sets the LAN paramete rs for the LAN port. Syntax: Example: admin(network.lan)> admin(network.lan)> set lan 1 enable admin(network.lan)> set name 1 engineering admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-16 8.3.1.1 Network LAN, Bridge Commands AP5131>admin(network.lan.bridge)> Description: Displays the AP-5131 Bridge subm enu. For an overview of the AP-5131’ s mesh netwo rking option s using the applet (GUI), see Configuring Mesh Networking on page 9-1 .
Command Line Interfa ce Reference 8-17 AP5131>admin(network.lan.bridge)> show Description: Displays the mesh bridge co nfiguration parameters for the AP-5131’ s LANs.
AP-5131 Acce ss Point Produ ct Reference G uide 8-18 AP5131>admin(network.lan.bridge)> set Description: Sets the mesh co nfiguration para meters for the AP-5131’ s LANs. Syntax: Example: admin(network.lan.bridge)> set priority 2 32768 admin(network.
Command Line Interfa ce Reference 8-19 8.3.1.2 Network LAN, WLAN-Mapping Commands AP5131>admin(network.lan.wlan-mapping)> Description: Displays the WLAN/Lan/Vlan Map ping submenu. For an overview of the AP-5131’ s VLAN configuration options using the applet (GUI), see Configur ing VLAN Support on page 5-4 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-20 AP5131>admin(network.lan .wlan-mapping)> show Description: Displays the VLAN list currently defined for the AP-5131.. These parameters are defined with the set comma nd. Syntax: Example: admin(network.
Command Line Interfa ce Reference 8-21 admin(network.lan.wlan-mapping)> show wlan WLAN1: WLAN Name :WLAN1 ESSID :101 Radio : VLAN : Security Policy :Default QoS Policy :Default For information on displaying the AP-5131 VLAN screens u sing the applet (GUI), see Configuring VLAN Support on p age 5-4 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-22 AP5131>admin(network.lan.wlan-mapping)> set Description: Sets VLAN parameters for the AP-5131. Syntax: Example: admin(network.lan.wlan-mapping)> set mgmt-tag 1 admin(network.lan.wlan-mapping)> set native-tag 2 admin(network.
Command Line Interfa ce Reference 8-23 AP5131>admin(network.lan.wlan-mapping)> create Description: Creates a VLAN for the AP-5131. Syntax: Example: admin(network.lan.wlan-mapping)> admin(network.lan.wlan-mapping)> create 5 vlan-5 For information on creating VLANs using the applet (GUI), se e Configuring VLAN Support on p age 5-4 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-24 AP5131>admin(network.lan.wlan-mapping)> edit Description: Modifies a VLAN’ s name and ID. Syntax: For information on editing VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4 .
Command Line Interfa ce Reference 8-25 AP5131>admin(network.lan .wlan-mapping)> delete Description: Deletes a specific VLAN or all VLANs. Syntax: For information on deleting VLANs using the app let (GUI), see Configurin g VLAN Support on page 5-4 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-26 AP5131>admin(network.lan .wlan-mapping)> lan-map Description: Maps an AP-5131 VLAN to a WLAN. Syntax: .. admin(network.lan.wlan-mapping)> lan-map wlan1 lan1 For information on mapping VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4 .
Command Line Interfa ce Reference 8-27 AP5131>admin(network.lan .wlan-mapping)> vlan-map Description: Maps an AP-5131 VLAN to a WLAN. Syntax: admin(network.lan.wlan-mapping)> vlan-map wlan1 vlan1 For information on mapping VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-28 8.3.1.3 Network LAN, DHCP Commands AP5131>admin(network.lan.dhcp)> Description: Displays the AP-5131 DHCP submen u. The items available are displayed below . show Displays DHCP parameters. set Sets DHCP parameters.
Command Line Interfa ce Reference 8-29 AP5131>admin(network.lan.dhcp)> show Description: Shows DHCP parameter setting s. Syntax: Example: admin(network.lan.dhcp)> show **LAN1 DHCP Information** DHCP Address Assignment Range: Starting IP Address : 192.
AP-5131 Acce ss Point Produ ct Reference G uide 8-30 AP5131>admin(network.lan.dhcp)> set Description: Sets DHCP parameters for the LAN port. Syntax: Example: admin(network.lan.dhcp)> set range 1 192.168.0.100 192.168.0.254 admin(network.lan.dhcp)> set lease 1 86400 admin(network.
Command Line Interfa ce Reference 8-31 AP5131>admin(network.lan.dhcp)> add Description: Adds static DHCP address assignments. Syntax: Example: admin(network.lan.dhcp)> add 1 00A0F8112233 192.160.24.6 admin(network.lan.dhcp)> add 1 00A0F1112234 192.
AP-5131 Acce ss Point Produ ct Reference G uide 8-32 AP5131>admin(network.lan.dhcp)> delete Description: Deletes static DHCP address assignments.
Command Line Interfa ce Reference 8-33 AP5131>admin(network.lan.dhcp)> list Description: Lists static DHCP address assignments. Syntax: Example: admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-34 8.3.1.4 Network T ype Filter Commands AP5131>admin(network.lan.type-filter)> Description: Displays the AP-5131 T ype Filter submenu. The items availa ble under this command include: e show Displays the current Ethernet T ype exception list.
Command Line Interfa ce Reference 8-35 AP5131>admin(network.lan.type-filter)> show Description: Displays the AP-5131’ s current Ethernet T ype Filte r configuration.
AP-5131 Acce ss Point Produ ct Reference G uide 8-36 AP5131>admin(network.lan.type-filter)> set Description: Defines the AP-5131 Ethernet T ype Filter configuration.
Command Line Interfa ce Reference 8-37 AP5131>admin(network.lan.type-filter)> add Description: Adds an Ethernet T ype Filter entry . Syntax: Example: admin(network.lan.type-filter)> admin(network.wireless.type-filter)> add 1 8137 admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-38 AP5131>admin(network.l an.type-filter)> delete Description: Removes an Ethe rnet T ype Filter entry individually or the entire T y pe Filter list. Syntax: Example: admin(network.lan.type-filter)> delete 1 1 admin(network.
Command Line Interfa ce Reference 8-39 8.3.2 Network WAN Commands AP5131>admin(network.wan)> Description: Displays the W AN submenu. The items available under this command ar e shown below . For an overview of the AP-5131’ s W AN config uration options using the applet (GUI), see Config uring W AN Settings on page 5-14 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-40 AP5131>admin(network.wan)> show Description: Displays the AP-5131 W AN port parameters. Syntax: Example: admin(network.wan)> show Status : enable WAN DHCP Client Mode : disable IP address : 0.
Command Line Interfa ce Reference 8-41 AP5131>admin(network.wan)> set Description: Defines the configuration of the AP-5131 WAN port. Syntax: Example: admin(network.wan)> admin(network.wan)> set dhcp disable admin(network.wan)> set ipadr 157.
AP-5131 Acce ss Point Produ ct Reference G uide 8-42 8.3.2.1 Network W AN NA T Commands AP5131>admin(network.wan.nat)> Description: Displays the NA T submenu.
Command Line Interfa ce Reference 8-43 AP5131>admin(network.wan.nat)> show Description: Displays AP-5131 NA T parameters. Syntax: Example: admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-44 AP5131>admin(network.wan.nat)> set Description: Sets NA T inbound and outbound param eters. Syntax: Example: admin(network.wan.nat)> set type 1-to-many admin(network.wan.nat)> set ip 157.
Command Line Interfa ce Reference 8-45 AP5131>admin(network.wan.nat)> add Description: Adds NA T en tries. Syntax: Example: admin(network.wan.nat)> add 1 indoors udp 20 29 10.
AP-5131 Acce ss Point Produ ct Reference G uide 8-46 AP5131>admin(network.wan.nat)> delete Description: Deletes NA T entries. Syntax: Example: admin(network.
Command Line Interfa ce Reference 8-47 AP5131>admin(network.wan.nat)> list Description: Lists AP-5131 NA T entries for the specified inde x. Syntax: Example: admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-48 8.3.2.2 Network W AN, VPN Commands AP5131>admin(network.wan.vpn)> Description: Displays the VPN submenu. The items availab le under this command include: For an overview of the AP-5131 VPN options ava ilable using the app let (GUI), see Config uring VPN T unnels on page 6-34 .
Command Line Interfa ce Reference 8-49 AP5131>admin(netwo rk.wan.vpn)> add Description: Adds a VPN tunnel entry . Syntax: Example: admin(network.wan.vpn)> add 2 SJSharkey 209.235.44.31 206.107.22.46 255.255.255.224 206.107.22.1 If tunnel type is Manual, proper SPI values and Keys must be configured after adding the tunnel admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-50 AP5131>admin(netwo rk.wan.vpn)> set Description: Sets VPN entry parameters. Syntax: set type <nam e> <tunnel type> Sets the tunnel type <name> to Auto or Manual for the specified tunnel name.
Command Line Interfa ce Reference 8-51 For information on configuring VPN using the applet (GUI), see Configuring VPN T unnels on p age 6-34 . salife <name> <lifetime> Defines the name of the tunnnel <name> the Security Association Life T ime <300-65535> applies to in seconds.
AP-5131 Acce ss Point Produ ct Reference G uide 8-52 AP5131>admin(network .wan.vpn)> delete Description: Deletes VPN tunnel entries. Syntax: Example: admin(network.
Command Line Interfa ce Reference 8-53 AP5131>admin(network.wan.vpn)> list Description: Lists VPN tunnel entries. Syntax: Example: admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-54 AP5131>admin(network .wan.vpn)> reset Description: Resets all of the AP-5131’ s VPN tunnels.
Command Line Interfa ce Reference 8-55 AP5131>admin(network.wan.vpn)> stats Description: Lists statistics for all active tunnels. Syntax: Example: admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-56 AP5131>admin(network .wan.vpn)> ikestate Description: Displays statistics for all active tunnels using Internet Key Exchange (IKE).
Command Line Interfa ce Reference 8-57 8.3.3 Network Wireless Commands AP5131>admin(network.wireless) Description: Displays the AP-5131 wireless submen u. The items available under this command include : wlan Displays the WLAN submenu used to create and configure up to 16 WLANs per AP-5131.
AP-5131 Acce ss Point Produ ct Reference G uide 8-58 8.3.3.1 Network WLAN Commands AP5131>admin(network.wireless.wlan)> Description: Displays the AP-5131 wireless LAN (WLAN) submenu .
Command Line Interfa ce Reference 8-59 AP5131>admin(network.wireless.wlan)> show Description: Displays the AP-5131’ s current WL AN configuration. Syntax: Example: admin(network.wireless.wlan)> show summary WLAN1 WLAN Name : Lobby ESSID : 101 Radio : 11a, 11b/g VLAN : Security Policy : Default QoS Policy : Default admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-60 AP5131>admin(network.wireless.wlan)> create Description: Defines the parameters of a new AP -5131 WLAN. Syntax: sh Example: admin(network.wireless.wlan.create)> show wlan ESS Identifier : WLAN Name : 802.
Command Line Interfa ce Reference 8-61 Accept Broadcast ESSID : disable QoS Policy : Default admin(network.wireless.wlan.create)> show security -----------------------------------------------------.
AP-5131 Acce ss Point Produ ct Reference G uide 8-62 AP5131>admin(network.wireless.wlan)> edit Description: Edits the properties of an existing WLAN policy . Syntax: For information on editing a WLAN using the applet (GUI), see Creating/Editing Individual WLANs on page 5-24 .
Command Line Interfa ce Reference 8-63 AP5131>admin(network.wireless.wlan)> delete Description: Deletes an existing WLAN. Syntax: For information on deleting a WLAN using the applet (GUI), see Creating/Editing Ind ividual WLANs on page 5-24 . delete <wlan-name> Deletes a target WLAN by name supplied.
AP-5131 Acce ss Point Produ ct Reference G uide 8-64 AP5131>admin(network.w ireless.wlan.hotspot)> Description: Displays the Hotspot submenu. The items av ailable under this command include: e F.
Command Line Interfa ce Reference 8-65 AP5131>admin(network.wireless.wlan.hotspot)> show Description: Displays the current AP -5131 Rogue AP detection configuration . Syntax: Example: admin(network.wireless.wlan.hotspot)> show hotspot 1 WLAN1 Hotspot Mode : enable Hotspot Page Location : default External Login URL : www.
AP-5131 Acce ss Point Produ ct Reference G uide 8-66 AP5131>admin(network.wireless. wlan.hotspot)> redirection Description: Goes to the hotspot redirection menu. Syntax: Example: admin(network.wireless.wlan.hotspot)> set page-loc 1 www.sjsharkey.
Command Line Interfa ce Reference 8-67 AP5131>admin(network.wirel ess.wlan.hotspot)> radius Description: Goes to the hotspot Radius menu. Syntax: For information on configuring the Hotspot options a v ailable to the AP-5131 using the applet (GUI), see Configuring WLAN Hotspot Support on page 5-40 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-68 AP5131>admin(network.wireles s.wlan.hotspot.radius)> set Description: Sets the Radius hotspot configura tion. Syntax: Example: admin(network.wireless.wlan.hotspot.radius)> set server 1 primary 157.
Command Line Interfa ce Reference 8-69 AP5131>admin(network.wireles s.wlan.hotspot.radius)> show Description: Shows Radius hotspot server details. Syntax: Example: admin(network.wireless.wlan.hotspot.radius)> show radius 1 Primary Server Ip adr : 157.
AP-5131 Acce ss Point Produ ct Reference G uide 8-70 AP5131>admin(network.wireles s.wlan.hotspot)> white-list Description: Goes to the hotspot white-list menu. Syntax: Example: admin(network.wireless.wlan.hotspot.whitelist)> add rule 1 157.235.
Command Line Interfa ce Reference 8-71 8.3.3.2 Network Security Commands AP5131>admin(network.wireless.security)> Description: Displays the AP-5131 wireless security submenu.
AP-5131 Acce ss Point Produ ct Reference G uide 8-72 AP5131>admin(network.wir eless.security)> show Description: Displays the AP-5131’ s current security configuration.
Command Line Interfa ce Reference 8-73 AP5131>admin(network.wir eless.security)> create Description: Defines the parameter of AP -5131 security policies.
AP-5131 Acce ss Point Produ ct Reference G uide 8-74 Syntax: create Defines the parameters of a security policy . show Displays new or existing security policy parameters.
Command Line Interfa ce Reference 8-75 retry <number> Sets the maximum number of reauthentica tion retries <retry> ( 1 - 99 ). accounting mode <mode> Ena ble or disable Radius accounting. server <ip> Set external Radius server IP address .
AP-5131 Acce ss Point Produ ct Reference G uide 8-76 wep- keyguard passkey <passkey> The passkey used as a text abbreviation for the entire key length ( 4-32 ). index <key index> Selects the WEP/KeyGuard key (from one of the four potential values of <key index> ( 1 - 4 ).
Command Line Interfa ce Reference 8-77 For information on configuring the encryption and authentication options availab le to the AP-5131 u sing the applet (GUI), se e Configuring Security Options on page 6-2 . preauth <mode> Enables or disables preauthentication (fast roaming).
AP-5131 Acce ss Point Produ ct Reference G uide 8-78 AP5131>admin(network.wireless.security .edit)> Description: Edits the properties of a specific security policy . Syntax: Example: admin(network.wireless.security)> edit 1 admin(network.wireless.
Command Line Interfa ce Reference 8-79 AP5131>admin(network.wir eless.security)> delete Description: Deletes a specific security policy . Syntax: For information on configuring the encryption and authentication options availab le to the AP-5131 u sing the applet (GUI), se e Configuring Security Options on page 6-2 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-80 8.3.3.3 Network ACL Commands AP5131>admin(network.wireless.acl)> Description: Displays the AP-5131 Mobile Unit Access Control List (ACL ) submenu. The items available under this command in clude: show Displays the AP-5131’ s current ACL c onfiguration.
Command Line Interfa ce Reference 8-81 AP5131>admin(network.wireless.acl)> show Description: Displays the AP-5131’ s current ACL co nfiguration.
AP-5131 Acce ss Point Produ ct Reference G uide 8-82 AP5131>admin(network.wireless.acl)> create Description: Creates a n MU ACL po licy . Syntax: Example: admin(network.
Command Line Interfa ce Reference 8-83 AP5131>admin(network.wireless.acl.edit)> Description: Edits the properties of an existing MU ACL policy . Syntax: For information on configuring the ACL options avai lable to the AP-5131 using the applet (GUI), see Co nfiguring a WLAN Access Control List (ACL) on page 5-31 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-84 AP5131>admin(network.wireless.acl)> delete Description: Removes an MU ACL policy . Syntax: For information on configuring the ACL options avai lable to the AP-5131 using the applet (GUI), see Configuring a WLAN Access Control List (ACL) on page 5-31 .
Command Line Interfa ce Reference 8-85 8.3.3.4 Network Radio Co nfiguration Commands AP5131>admin(network.wireless.radio)> Description: Displays the AP-5131 Radio subm enu. The items available under this co mmand include: e show Summarizes AP -5131 radio para meters at a high-l evel.
AP-5131 Acce ss Point Produ ct Reference G uide 8-86 AP5131>admin(network.wireless.radio)> show Description: Displays the AP-5131’ s current radio con figuration. Syntax: Example: admin(network.wireless.radio)> show Radio Configuration Radio 1 Name : Radio 1 Radio Mode : enable RF Band of Operation : 802.
Command Line Interfa ce Reference 8-87 AP5131>admin(network.wireless.radio)> set Description: Enables an AP-5131 Radio and defines the RF band of operation. Syntax: Example: admin(network.wireless.radio)> set 11a disable admin(network.wireless.
AP-5131 Acce ss Point Produ ct Reference G uide 8-88 AP5131>admin(network.wireless.radio.radio1)> Description: Displays a specific 802.11b/g radio submenu.
Command Line Interfa ce Reference 8-89 AP5131>admin(network.wirel ess.radio.radio1)> show Description: Displays specific 802.11b/g radio settings. Syntax: Example: admin(network.wireless.radio.radio1)> show radio Radio Setting Information Placement : indoor MAC Address : 00A0F8715920 Radio Type : 802.
AP-5131 Acce ss Point Produ ct Reference G uide 8-90 admin(network.wireless.radio.radio1)> show qos Radio QOS Parameter Set 11g-default -------------------------------------------------------------.
Command Line Interfa ce Reference 8-91 AP5131>admin(network.wireless.radio.802-11bg)> set Description: Defines specific 802.11b/g radio param eters. Syntax: Example: admin(network.wireless.radio.802-11bg)> set placement indoor admin(network.wireless.
AP-5131 Acce ss Point Produ ct Reference G uide 8-92 AP5131>admin(network.wireless.radio.802-11bg.advanced)> Description: Displays the advanced sub menu for the 802.11b/g radio. The items availab le under this command include: Syntax: show Displays advanced ra dio setting s for the 80 2.
Command Line Interfa ce Reference 8-93 AP5131>admin(network.wireless. radio.802-11bg.advanced)> show Description: Displays the BSSID to WLAN mapping for the 802 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-94 AP5131>admin(network.wireless. radio.802-11bg.advanced)> set Description: Defines advanced parameters for the targe t 802.11b/g radio. Syntax: Example: admin(network.wireless.radio.802-11bg.advanced)> set wlan demoroom 1 admin(network.
Command Line Interfa ce Reference 8-95 AP5131>admin(network.wireless.radio.radio2)> Description: Displays a specific 802.11a rad io submenu. The items available under this comma nd include: Syntax: show Displays 802.11a radio s ettings set Defines specific 802.
AP-5131 Acce ss Point Produ ct Reference G uide 8-96 AP5131>admin(network.wireless.radio.802-11a)> show Description: Displays specific 802.11a rad io settings. Syntax: Example: admin(network.wireless.radio.802-11a)> show radio Radio Setting Information Placement : indoor MAC Address : 00A0F8715920 Radio Type : 802.
Command Line Interfa ce Reference 8-97 admin(network.wireless.radio.802-11a)> show qos Radio QOS Parameter Set: 11a default -------------------------------------------------------------------------.
AP-5131 Acce ss Point Produ ct Reference G uide 8-98 AP5131>admin(network.wirel ess.radio.802-11a)> set Description: Defines sp ecific 802.11 a radio para meters. Syntax: Example: admin(network.wireless.radio.802-11a)> admin(network.wireless.
Command Line Interfa ce Reference 8-99 AP5131>admin(network.wirel ess.radio.802-11a.advanced)> Description: Displays the advanced sub menu for the 802-11a radio. The items available under this comm and include: Syntax: show Displays advanced radio settings for th e 802-11a radio.
AP-5131 Acce ss Point Produ ct Reference G uide 8-100 AP5131>admin(network.wireless. radio.802-11a.advanced)> show Description: Displays the BSSID to WLAN mapping for the 802 .
Command Line Interfa ce Reference 8-101 AP5131>admin(network.wireless. radio.802-11a.advanced)> set Description: Defines advanced parameters for the targe t 802..11a radio. Syntax: Example: admin(network.wireless.radio.802-11a.advanced)> set wlan demoroom 1 admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-102 8.3.3.5 Network Quality of Service (QoS) Commands AP5131>admin(network.wireless.qos)> Description: Displays the AP-5131 Quality of Service (QoS) submenu. The items available under this command inclu de: e show Displays AP-5131 QoS policy inform ation.
Command Line Interfa ce Reference 8-103 AP5131>admin(network.wireless.qos)> show Description: Displays the AP-5131’ s current QoS po licy by summary or individual policy .
AP-5131 Acce ss Point Produ ct Reference G uide 8-104 AP5131>admin(network.wireless.qos.create)> Description: Defines an AP-5131 QoS policy . Syntax: For information on configuring the WLAN QoS options a v ailable to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page 5-34 .
Command Line Interfa ce Reference 8-105 AP5131>admin(network.wireless.qos.edit)> Descripton: Edits the properties of an existing QoS policy . Syntax: For information on configuring the WLAN QoS options a v ailable to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page 5-34 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-106 AP5131>admin(network.wireless.qos)> delete Description: Removes a QoS policy . Syntax: For information on configuring the WLAN QoS options a v ailable to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page 5-34 .
Command Line Interfa ce Reference 8-107 8.3.3.6 Network Bandwith Management Commands AP5131>admin(network.wireless.bandwidth)> Description: Displays the AP-5131 Bandwidth Management submenu. The items av ailable under this command include: e show Displays Bandwidth Management information for how data is processed by the AP-5131.
AP-5131 Acce ss Point Produ ct Reference G uide 8-108 AP5131>admin(network.wireless.bandwidth)> show Description: Displays the AP-5131’ s current Ba ndwidth Management configuration.
Command Line Interfa ce Reference 8-109 AP5131>admin(network.wireless.bandwidth)> set Description: Defines the AP-5131 Bandwidth Management configuration. Syntax: For information on configuring the Bandwidth Management op ti ons available to the AP-5131 using the applet (GUI), see Configuring Bandwidth Manageme nt Settings on page 5-55 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-110 8.3.3.7 Network Rogue-AP Commands AP5131>admin(network .wireless.rogue-ap)> Description: Displays the Rogue AP submenu. The ite ms available under this command include: e show Displays the current AP-5131 Rogue AP detection config uration.
Command Line Interfa ce Reference 8-111 AP5131>admin(network.w ireless.rogue-ap)> show Description: Displays the current AP -5131 Rogue AP detection configuration .
AP-5131 Acce ss Point Produ ct Reference G uide 8-112 AP5131>admin(network.w ireless.rogue-ap)> set Description: Defines the AP-5131 ACL rogue AP method. Syntax: Example: admin(network.wireless.rogue-ap)> admin(network.wireless.rogue-ap)> set mu-scan enable admin(network.
Command Line Interfa ce Reference 8-113 AP5131>admin(network.wir eless.rogue-ap.mu-scan)> Description: Displays the Rogue-AP mu-sca n submenu. Syntax: show Displays all APs located by the MU scan. start Initiates scan immediately by the MU. .. Goes to the parent menu.
AP-5131 Acce ss Point Produ ct Reference G uide 8-114 AP5131>admin(network.wireles s.rogue-ap.mu-scan)> start Description: Initiates an MU scan from a user provided MAC address. Syntax: For information on configuring the Rogue AP options available to the AP-513 1 us ing the applet (GUI), see Configuring Rogue AP Detection on page 6-53 .
Command Line Interfa ce Reference 8-115 AP5131>admin(network.wirel ess.rogue-ap.mu-scan)> show Description: Displays the results of an MU scan. Syntax: For information on configuring the Rogue AP options available to the AP-5131 using the ap plet (GUI), see Configuring Rogue AP Detection on pag e 6-53 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-116 AP5131>admin(network.wirel ess.rogue-ap.allowed-list)> Description: Displays the Rogue-AP allowed-lis t submenu. show Displays the rogue AP allowed list add Adds an AP MAC address and ESSID to the allowed list.
Command Line Interfa ce Reference 8-117 AP5131>admin(network.wireless. rogue-ap.allowed-list)> show Description: Displays the Rogue AP allowed List.
AP-5131 Acce ss Point Produ ct Reference G uide 8-118 AP5131>admin(network.wireless. rogue-ap.allowed-list)> add Description: Adds an AP MAC address and ESSID to existing allowed list. Syntax: Example: admin(network.wireless.rogue-ap.allowed-list)> add 00A0F83161BB 103 admin(network.
Command Line Interfa ce Reference 8-119 AP5131>admin(network.wireless. rogue-ap.allowed-list)> delete Description: Deletes an AP MAC address and ESSID to existing allowed list. Syntax: For information on configuring the Rogue AP options available to the AP-5131 using the ap plet (GUI), see Configuring Rogue AP Detection on pag e 6-53 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-120 8.3.4 Network Firewall Commands AP5131>admin(network.firewall)> Description: Displays the AP-5131 firewall su bmenu. The items available under this command include: show Displays the AP-5131’ s curre nt firewall configuration.
Command Line Interfa ce Reference 8-121 AP5131>admin(network.firewall)> show Description: Displays the AP-5131 fi rewall parameters. Syntax: Example: admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-122 AP5131>admin(network.firewall)> set Description: Defines the AP-5131 firewall parameters. Syntax: Example: admin(network.firewall)> set mode enable admin(network.firewall)> set ftp enable admin(network.
Command Line Interfa ce Reference 8-123 AP5131>admin(network.firewall)> access Description: Enables or disables firewa ll permissions through L AN to W AN ports. Syntax: Example: admin(network.firewall)> set override disable admin(network.firewall)> access admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-124 AP5131>admin(network.firewall)> advanced Description: Displays whether an AP-5131 fire wall rule is intended for inbo und traffic to an interface or outboun d traffic from that interfa ce.. Syntax: Example: admin(network.
Command Line Interfa ce Reference 8-125 8.3.5 Network Router Commands AP5131>admin(network.router)> Description: Displays the router submenu. The items ava ilable under this command are: show Displays the existing AP-5131 router configuration. set Sets the RIP parameters.
AP-5131 Acce ss Point Produ ct Reference G uide 8-126 AP5131>admin(netwo rk.router)> show Description: Shows the AP-5131 route table. Syntax: Example: admin(network.
Command Line Interfa ce Reference 8-127 AP5131>admin(network.router)> set Description: Shows the AP-5131 route table. Syntax: For information on configuring the Router options availab le to the AP-5131 usin g the applet (GUI), se e Configuring Router Settings on pa ge 5-57 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-128 AP5131>admin(network.router)> add Description: Adds user -defined routes. Syntax: Example: admin(network.
Command Line Interfa ce Reference 8-129 AP5131>admin(netwo rk.router)> delete Description: Deletes user -defined routes. Syntax: Example: admin(network.
AP-5131 Acce ss Point Produ ct Reference G uide 8-130 AP5131>admin(network.router)> list Description: Lists user -defined routes. Syntax: Example: admin(network.
Command Line Interfa ce Reference 8-131 8.4 Sy stem Commands AP5131>admin(sy s tem)> Description: Displays the System submenu. The ite ms ava ilable under this command are shown below . restart Restarts the AP-5131. show Shows AP -5131 system parameter settings.
AP-5131 Acce ss Point Produ ct Reference G uide 8-132 AP5131>admin(sy s tem)>restart Description: Restarts the AP-5131 access poin t. Syntax: Example: admin(system)> restart ********************************WARNING*********************************** ** Unsaved configuration changes will be lost when the AP-5131 is reset.
Command Line Interfa ce Reference 8-133 AP5131>admin(sy s tem)>show Description: Displays high-level AP-5131 sys tem information. Syntax: Example: admin(system)> show system name : BldgC system location : Atlanta Field Office admin email address : johndoe@mycompany.
AP-5131 Acce ss Point Produ ct Reference G uide 8-134 AP5131>admin(sy s tem)>set Description: Sets AP-5131 s ystem parameters. Syntax: ? Example: admin(system)> show system name : AP5131 system location : San Jose Engineering admin email address : SJSharkey@symbol.
Command Line Interfa ce Reference 8-135 8.4.1 Sy stem Debug and Last Password Commands AP5131>admin(sy s tem)>debug Description: Accesses AP-5131 debug information. This informatio n is designed for field service use only , and should not be used by unqualif ied personnel.
AP-5131 Acce ss Point Produ ct Reference G uide 8-136 8.4.2 Sy stem Access Commands AP5131>admin(sy s tem)>access Description: Displays the AP-5131 access su bmenu. show Displays AP-5131 system access capa bilities. set Goes to the AP-5131 system access submenu.
Command Line Interfa ce Reference 8-137 AP5131>admin(sy s tem.access)>set Description: Defines the permissions to access the AP-5131 ap plet, CL I, SNMP as well as defining their timeout values. Syntax: For information on configuring AP-5131 access settings using the applet (GUI), see Configuring Data Access on p age 4-6 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-138 AP5131>admin(sy s tem.access)>show Description: Displays the current AP -5131 access permissions and timeout values.
Command Line Interfa ce Reference 8-139 8.4.3 Sy stem Certificat e Management Commands AP5131>admin(sy s tem)>cmgr Description: Displays the Certificate Manager submenu . The items available under th is command include: genreq Generates a Certificate Request.
AP-5131 Acce ss Point Produ ct Reference G uide 8-140 AP5131>admin(sy s tem.cmgr)> genreq Description: Generates a certificate request. Syntax: Note: The parameters in [square brackets] are op tional. Check with the CA to de termine what fields are necessary .
Command Line Interfa ce Reference 8-141 AP5131>admin(sy s tem.cmgr)> delself Description: ) Deletes a self certificate. Syntax: Example: admin(system.cmgr)> delself MyCert2 For information on configuring self certif icate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on pag e 4-10 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-142 AP5131>admin(sy s te m.cmgr)> loadself Description: Loads a self certificate signed by the Certificate Authority . Syntax: For information on configuring self certif icate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on pag e 4-10 .
Command Line Interfa ce Reference 8-143 AP5131>admin(sy s tem.cmgr)> listself Description: Lists the loaded self certificates. Syntax: For information on configuring self certif icate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on pag e 4-10 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-144 AP5131>admin(sy s tem.cmgr)> loadca Description: Loads a trusted certificate fro m the Certificate Authority . Syntax: For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-9 .
Command Line Interfa ce Reference 8-145 AP5131>admin(sy s tem.cmgr)> delca Description: Deletes a trusted certificate. Syntax: For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-9 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-146 AP5131>admin(sy s tem.cmgr)> listca Description: Lists the loaded trusted certificate. Syntax: For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-9 .
Command Line Interfa ce Reference 8-147 AP5131>admin(sy s te m.cmgr)> showreq Description: Displays a certificate request in PEM format. Syntax: For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-9 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-148 AP5131>admin(sy s tem. cmgr)> delprivkey Description: Deletes a private key . Syntax: For information on configuring certificate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on page 4-10 .
Command Line Interfa ce Reference 8-149 AP5131>admin(sy s tem. cmgr)> listprivkey Description: Lists the names of private keys. Syntax: For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-9 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-150 AP5131>admin(sy s te m.cmgr)> expcert Description: Exports the certificaqte file. Syntax: For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-9 .
Command Line Interfa ce Reference 8-151 AP5131>admin(sy s tem.cmgr)> impcert Description: Imports the target certificate file. Syntax: For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-9 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-152 8.4.4 Sy stem SNMP Commands AP5131>admin(sy s tem)> snmp Description: Displays the SNMP submenu. Th e items available under this comman d are shown below . access Goes to the SNMP access submenu.
Command Line Interfa ce Reference 8-153 8.4.4.1 Sy stem SNMP Access Commands AP5131>admin(sy s tem.snmp.access) Description: Displays the SNMP Access menu. The items available under this command are shown below . show Shows SNMP v3 engine ID. add Adds SNMP access entries.
AP-5131 Acce ss Point Produ ct Reference G uide 8-154 AP5131>admin(sy s tem. snmp.access)> show Description: Shows the SNMP v3 engine ID. Syntax: Example: admin(system.snmp.access)> show eid AP-5131 snmp v3 engine id : 000001846B8B4567F871AC68 admin(system.
Command Line Interfa ce Reference 8-155 AP5131>admin(sy s tem. snmp.access)> add Description: Adds SNMP access entries for specific v1v2 and v3 user definitions. Syntax: For information on configuring SNMP access settings using the applet (GUI), see Configuring SNMP Access Control on page 4-23 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-156 AP5131>admin(sy s tem. snmp.access)> delete Description: Deletes SNMP access entries for specific v1v2 and v3 user de finitions.
Command Line Interfa ce Reference 8-157 AP5131>admin(sy s tem. snmp.access)> list Description: Lists SNMP access entries. Syntax: Example: admin(system.snmp.access)> list acl ---------------------------------------------------------------- index start ip end ip ---------------------------------------------------------------- 1 209.
AP-5131 Acce ss Point Produ ct Reference G uide 8-158 8.4.4.2 Sy stem SNMP T raps Commands AP5131>admin(sy s tem.snmp.traps) Description: Displays the SNMP traps submenu. The ite ms available under this command are shown belo w . show Shows SNMP trap parameters.
Command Line Interfa ce Reference 8-159 AP5131>admin(sy s tem. snmp.traps)> show Description: Shows SNMP trap parameters. Syntax: Example: admin(system.
AP-5131 Acce ss Point Produ ct Reference G uide 8-160 AP5131>admin(sy s tem.snmp.traps)> set Description: Sets SNMP trap parameters. Syntax: For information on configuring SNMP traps using the applet (GUI), s ee Configuring Specific SNMP T raps on pag e 4-28 .
Command Line Interfa ce Reference 8-161 AP5131>admin(sy s tem. snmp.traps)> add Description: Adds SNMP trap entries. Syntax: Example: admin(system.
AP-5131 Acce ss Point Produ ct Reference G uide 8-162 AP5131>admin(sy s tem.snmp.traps)> delete Description: Deletes SNMP trap entries. Syntax: Example: admin(system.snmp.traps)> delete v1v2 all For information on configuring SNMP traps using the applet (GUI), s ee Configuring SNMP Se ttings on page 4-17 .
Command Line Interfa ce Reference 8-163 AP5131>admin(sy s tem. snmp.traps)> list Description: Lists SNMP trap entries. Syntax: Example: admin(system.
AP-5131 Acce ss Point Produ ct Reference G uide 8-164 8.4.5 Sy stem Network T ime Protocol (NTP) Commands AP5131>admin(sy s tem)> ntp Description: Displays the NTP menu. The corre ct network time is required for numerous functions to be configured accua retly on the AP-5131.
Command Line Interfa ce Reference 8-165 AP5131>admin(sy s tem.ntp)> show Description: Displays the NTP server configuratio n. Syntax: Example: admin(system.ntp)> show current time (UTC) : 2006-07-31 14:35:20 Time Zone: ntp mode : enable preferred Time server ip : 203.
AP-5131 Acce ss Point Produ ct Reference G uide 8-166 AP5131>admin(sy stem.ntp)> date-zone Description: Show date, time and time zone. Syntax: Example: admin(system.ntp)> date-zone Date/Time : Sat 1970-Jan-03 20:06:22 +0000 UTC Time Zone : date-zone Show date, time and time zone.
Command Line Interfa ce Reference 8-167 AP5131>admin(sy s te m.ntp)> zone-list Description: Displays an ex tensive list of time zones for countries around the world. Syntax: Example: admin(system.ntp)> zone-list zone-list Displays list of time zones for every known zone.
AP-5131 Acce ss Point Produ ct Reference G uide 8-168 AP5131>admin(sy s tem.ntp)> set Description: Sets NTP parameters for AP-5131 clo ck synchronization. Syntax: Example: admin(system.ntp)> set mode enable admin(system.ntp)> set server 1 203.
Command Line Interfa ce Reference 8-169 8.4.6 Sy stem Log Commands AP5131>admin(sy s tem)> logs Description: Displays the AP-5131 log submenu . Logging options inclu de: Syntax: show Shows logging options. set Sets log options and parameters. view V iews system log.
AP-5131 Acce ss Point Produ ct Reference G uide 8-170 AP5131>admin(sy s tem.logs)> show Description: Displays the current AP -5131 logging settings. Syntax: Example: admin(system.logs)> show log level : L6 Info syslog server logging : enable syslog server ip address : 192.
Command Line Interfa ce Reference 8-171 AP5131>admin(sy s tem.logs)> set Description: Sets log options and parameters. Syntax: For information on configuring logging settings usin g the applet (GUI), se e Loggin g Configuration on page 4-35 . set level <level> Sets the level of the eve nts that will be logged.
AP-5131 Acce ss Point Produ ct Reference G uide 8-172 AP5131>admin(sy s tem.logs)> view Description: Displays the AP-5131 syste m log file. Syntax: Example: admin(system.logs)> view Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception).
Command Line Interfa ce Reference 8-173 AP5131>admin(sy s tem.logs)> delete Description: Deletes the log files. Syntax: Example: admin(system.logs)> delete For information on configuring logging settings usin g the applet (GUI), se e Loggin g Configuration on page 4-35 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-174 AP5131>admin(sy s tem.logs)> send Description: Sends log and core file to an F TP Server . Syntax: Example: admin(system.logs)> send File transfer : [ In progress ] File transfer : [ Done ] admin(system.
Command Line Interfa ce Reference 8-175 8.4.7 Sy stem Configuration-Update Comm ands AP5131>admin(sy s tem.config)> Description: Displays the AP-5131 config uration update submenu. Syntax: default Restores the default AP-5131 configuration. partial Restores a partia l default AP-5131 config uration.
AP-5131 Acce ss Point Produ ct Reference G uide 8-176 AP5131>admin(sy s tem. config)> default Description: Restores the full AP-5131 factory default configuration.
Command Line Interfa ce Reference 8-177 AP5131>admin(sy s tem. config)> partial Description: Restores a partial factory default configuratio n. The AP-5131’ s LAN, W AN and SNMP settings are uneffected by the partial restor e. Syntax: Example: admin(system.
AP-5131 Acce ss Point Produ ct Reference G uide 8-178 AP5131>admin(sy s te m.config)> show Description: Displays import/export param eters for the AP-5131 configuration file. Syntax: Example: admin(system.config)> show cfg filename : cfg.txt cfg filepath : ftp/tftp server ip address : 192.
Command Line Interfa ce Reference 8-179 AP5131>admin(sy s tem.config)> set Description: Sets the import/export parameters. Syntax: Example: admin(system.config)> set server 192.168.22.12 admin(system.config)> set user myadmin admin(system.
AP-5131 Acce ss Point Produ ct Reference G uide 8-180 AP5131>admin(sy s te m.config)> export Description: Exports the configuration from the syste m. Syntax: Example: Export F TP E xample: admin(system.config)> set server 192.168.22.12 admin(system.
Command Line Interfa ce Reference 8-181 AP5131>admin(sy s te m.config)> import Description: Imports the AP-5131 configuration to the AP-51 31. Errors could di splay as a result of invaid configura tion parameters. Correct the sepcified lines and import the file aga in until the import operation is error free.
AP-5131 Acce ss Point Produ ct Reference G uide 8-182 8.4.8 Firmware Update Commands AP5131>admin(sy s tem)>fw-update Description: Displays the firmware update sub menu.
Command Line Interfa ce Reference 8-183 AP5131>admin(sy s te m.fw-update)>show Description: Displays the current AP -5131 firmware update settings. Syntax: Example: admin(system.fw-update)> show automatic firmware upgrade : enable automatic config upgrade : enable automatic upgrade interface : WAN firmware filename : APFW.
AP-5131 Acce ss Point Produ ct Reference G uide 8-184 AP5131>admin(sy s te m.fw-update)>set Description: Defines AP-5131 firmware update settings and user permissions. Syntax: For information on upda ting AP-5131 device firm ware using the applet (GUI), see Updating Device Firmware on page 4 -41 .
Command Line Interfa ce Reference 8-185 AP5131>admin(sy s te m.fw-update)>update Description: Executes the AP-5131 firmware update over t he W AN or LAN port using either ftp or tftp. Syntax: For information on updating AP-5131 device firm ware using the applet (GUI), see Updating Device Firmware on page 4-41 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-186 8.5 Statistics Commands AP5131>admin(stats) Description: Displays the AP-5131 statistics submenu . The items available under this command are: show Displays AP-5131 WLAN, MU, LAN an d W AN statistics.
Command Line Interfa ce Reference 8-187 AP5131>admin(stats)> show Description: Displays AP-5131 system inform ation. Syntax: For information on displaying W AN port statistics using the applet (GUI), see Viewing W AN Statistics on page 7-2 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-188 AP5131>admin(sta ts)> send-cfg-ap Description: Copies the AP-5131’ s configuration to anothe r AP-5131 within the known AP table.
Command Line Interfa ce Reference 8-189 AP5131>admin(stats )> send-cfg-all Description: Copies the AP-5131’ s configuration to all of the AP-5131 s within the known AP table.
AP-5131 Acce ss Point Produ ct Reference G uide 8-190 AP5131>admin(stats)> clear Description: Clears the specified statistics counters to zero to begin new data calculations. Syntax: clear wan Clears W AN statistics counters. lan Clears LAN statistics counters.
Command Line Interfa ce Reference 8-191 AP5131>admin(stats)> flash-all-leds Description: Starts and stops the illumination of a specified access point’ s LE Ds.
AP-5131 Acce ss Point Produ ct Reference G uide 8-192 AP5131>admin(stats)> echo Description: Defines the echo test values used to condu ct a ping test to an associated MU. Syntax: For information on MU Echo and Ping tests using the app let (GUI), see Pinging Individua l MUs on page 7-27 .
Command Line Interfa ce Reference 8-193 AP5131>admin.stats.echo)> show Description: Shows Mobile Unit Statistics Summary . Syntax: Example: admin(stats.
AP-5131 Acce ss Point Produ ct Reference G uide 8-194 AP5131>admin.stats.echo)> list Description: Lists echo test parameters and results. Syntax: Example: admin(stats.echo)> list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 admin(stats.
Command Line Interfa ce Reference 8-195 AP5131>admin.stats.echo)>set Description: Defines the parameters of the echo test. Syntax: For information on MU Echo and Ping tests usin g the apple t (GUI), see Pinging Individual MUs on page 7-2 7 . set station <mac> Defines MU target MAC address.
AP-5131 Acce ss Point Produ ct Reference G uide 8-196 AP5131>admin.stats.echo)> start Description: Initiates the echo test. Syntax: Example: admin(stats.
Command Line Interfa ce Reference 8-197 AP5131>admin(stats)> ping Description: Defines the ping test values used to conduct a ping test to an AP with th e same ESSID. Syntax: For information on Known AP tests using the applet (GUI), see Pinging Ind ividual MUs on page 7-27 .
AP-5131 Acce ss Point Produ ct Reference G uide 8-198 AP5131>admin.stats.ping)> show Description: Shows Known AP Summary Details. Syntax: Example: admin(stats.
Command Line Interfa ce Reference 8-199 AP5131>admin.stats.ping)> list Description: Lists ping test parameters and results. Syntax: Example: admin(stats.ping)> list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 admin(stats.
AP-5131 Acce ss Point Produ ct Reference G uide 8-200 AP5131>admin.stats.ping)> set Description: Defines the parameters of the ping test. Syntax: Example: admin(stats.ping)> set station 00A0F843AABB admin(stats.ping)> set request 10 admin(stats.
Command Line Interfa ce Reference 8-201 AP5131>admin.stats.echo)> start Description: Initiates the pin g test. Syntax: Example: admin(stats.ping)> start admin(stats.
AP-5131 Acce ss Point Produ ct Reference G uide 8-202.
Configuring Mesh Networking 9.1 Mesh Networking Overview An AP-5131 can be configured in two modes to support the new mesh networking fun ctionality . The AP-5131 can be se t to a client bridge mode and/or a base bridge mode (which accepts conn ections from client bridges).
AP-5131 Access Po int Product Re ference Guide 9-2 AP-5131s configured as both a base and a client bridge fun ction as repeaters to transmit data with associated MUs in their coverage area (client br idge mode) as well as forward traffic to other AP- 5131s in the mesh network (base brid ge mode).
Configurin g Mesh Netwo rking 9-3 If an AP-5131 is configured as a base bridge (but not as a client bridge) it operates normally at b oot time. The base brid ge AP-5131 supports connec tions made by other client brid ge AP-5131s.
AP-5131 Access Po int Product Re ference Guide 9-4 The dual-radio model AP-5131 affords users better optimization of the mesh networking feature by allowing the AP-5131 to tra nsmit to other AP-5131s (in base or client bridge mod e) using one independent radio and transmit with its associ ated MUs using the seco nd independent radio.
Configurin g Mesh Netwo rking 9-5 Limit the wireless client’ s connections to reduc e the to tal numbe r of hops requ ired to get to the wired network. Use each radio’ s "preferred" b ase bridge list to define which AP-5131s th e client bridge is allowed to connect to.
AP-5131 Access Po int Product Re ference Guide 9-6 However , if using the Known AP Statistics screen’ s Send Cfg to APs fu nctionality , “auto-select” and preferred list” settings do not get imported.
Configurin g Mesh Netwo rking 9-7 V erify the enabled LAN is named appro priately in respect to its intended function in supporting the mesh network. 3. Selec t Network Configur ation -> LAN -> LAN1 or LAN2 from the AP-5131 menu tree. 4. Click the Mesh STP Configuration button on the bottom off the screen.
AP-5131 Access Po int Product Re ference Guide 9-8 6. Click OK to return to either the LAN1 or LAN2 screen where updates to the Mesh STP Configuration can be saved by clicking the Apply button. 7. Click Canc el to discard the changes made to the Mesh STP Configuratio n and return to the LAN1 or LAN2 screen.
Configurin g Mesh Netwo rking 9-9 The Wireless Configuration screen displays with those e xisting WLANs displayed within the table. 2. Select the Create button to co nfigure a new WLAN specifically to support mesh networking.
AP-5131 Access Po int Product Re ference Guide 9-10 Symbol recommends assigning a unique name to a WLAN sup porting a mesh network to differentiate it from WLANs define d for non mesh support. The name as signed to the WLAN is w hat is sele cted from the Radio Configurat ion screen for use within the mesh network.
Configurin g Mesh Netwo rking 9-11 are typically not guest network s, wherein public assess is more important than data protection. Symbol also discourages use r -based auth entication schemes such as Kerberos and 802 .1x EAP , as these au thentication schemes are not supported with in a mesh network.
AP-5131 Access Po int Product Re ference Guide 9-12 10. Select the Use Secure Be acon checkbox to not transmit the AP- 5131’ s ESSID amongst the AP-5131s and d evices within the mesh network. If a hacker tries to find an ESSID via an MU, the AP- 5131’ s ESSID does not display since the ESSID is not in the beacon.
Configurin g Mesh Netwo rking 9-13 1. Select Network Configura tion -> Wireless -> Radio Configuration from the AP-5131 menu tree . 2. Enable the radio(s) using the Enable checkbox(es) for both Radio 1 and Radio 2. Refer to RF Band of Operation parameter to ensure you are ena bling the corre ct 802.
AP-5131 Access Po int Product Re ference Guide 9-14 mesh network data from th ose client bridges within the mesh netw ork and never the initiator . 4. If the Base Bridge checkbox has be en selected, use the Max# Client Brid ges parameter to define the client bridge load on a particular base bridge.
Configurin g Mesh Netwo rking 9-15 If the Client Bridge check box has been selected, u se the Mesh Network Name drop-down menu to select the WLAN (ESS) the client bridge uses to establish a wireless link.
AP-5131 Access Po int Product Re ference Guide 9-16 the user from selecting the o rder base bridges are added to the mesh ne twork when one of the three associated bas e bridges becomes unavaila ble. 8. Refer to the Av ailable Base Bridge List to view devices lo cated by the AP-5131 using the WLAN selected from the Radio Configuration sc reen.
Configurin g Mesh Netwo rking 9-17 If a MAC address is not desirable as others but still worthy of bein g on the preferred list, select it, and click the Down button to decrease its likelihood of bein g selected as a member of the mesh network.
AP-5131 Access Po int Product Re ference Guide 9-18 9.3 Usage Scenario - T rion Enterprises T rion Enterprises is a new sh ipping and receiving company . T rion wants to create an outdoor wireless coverage area (in addition to its indoor wireless in frastructure) that can expand as they gro w their business.
Configurin g Mesh Netwo rking 9-19 1. The T rion IT department verifies connectivity with both of th e AP-5131s following the instructions in T esting Connectivity on page 3-13 . 2. The T rion IT De partment installs the AP1 on a wall with the ante nnas orienting outward into the shipping and receivin g yard.
AP-5131 Access Po int Product Re ference Guide 9-20 3. The T rion IT dep artment selects Network Configuration -> LAN from the AP-5131 menu tree. 4. The T rion IT department verifies the LAN used to support the mesh netwo rk is enabled for both AP1 and AP2, (by selecting the Enable checkbox).
Configurin g Mesh Netwo rking 9-21 6. The IT team s elects the Mesh STP Configuration button on the bottom off the screen. 7. The T rion IT de partment sets the Priority setting to 1 (for AP1) in orde.
AP-5131 Access Po int Product Re ference Guide 9-22 The Wireless Configuration screen displays with those existing WLANs displa yed within the table. This is T rion’ s first deployment fo r this new.
Configurin g Mesh Netwo rking 9-23 12. The team assigns the name of “ trion me sh ” to the WLAN so it will not be confused with other WLANs use d in other areas of th e T r ion facility . This name also serves to associa te the name of the WLAN with its intended mesh network utilization of data.
AP-5131 Access Po int Product Re ference Guide 9-24 19. The Broadcast Key Rotation checkbox is selected, as th e IT team plans to chang e the keys from time to time (for security purpose s) and wants these keys to be broadcas ted using the default interval 86400 secon ds.
Configurin g Mesh Netwo rking 9-25 23. The IT team a ssigns the name of “ trion mesh network ” to the ACL to eliminat e any confusion with the ACLs intended function 24.
AP-5131 Access Po int Product Re ference Guide 9-26 26. The team decides to leave the Disallow MU to MU Communication checkbox u nselected for the WLAN, as the team considers all MU traf fic within the secure shippin g and receiving yard known and not a threat to the initial 2 AP mesh network deployment.
Configurin g Mesh Netwo rking 9-27 31. The IT T eam does not plan on suppo rting any legacy 802.11 b voice enabled devices, so they leave th e Support V oice prioritization checkbox unselected. 32. The IT T eam selects 11ag-defa ult from the drop-down menu to best describe the type of data proliferating th e mesh network.
AP-5131 Access Po int Product Re ference Guide 9-28 37. For AP2, the IT T eam enables both Radio 1 and Radio 2 and defines radio 1 as a client bridg e. 38. The IT T eam leaves each radio’ s Max # Client Bridge setting at the default setting of 12. This ensures as client bridges are added to the gro wing mesh network they can be accounted for .
Configurin g Mesh Netwo rking 9-29 For the next six months , T rion Enterprises’ mesh network only consists of AP 1 and AP2. AP1 has already been defined as the root bridge in the mesh network when it was assigned a Priority value of 1 within th e Bridge STP Configuration screen.
AP-5131 Access Po int Product Re ference Guide 9-30 broadcast range (see the illustration below). The T rion IT de partment follows the instructions in Wall Mounted Installations on page 2-13 to install AP3 and AP4. 3. The T rion IT dep artment selects Network Configuration -> LAN from the AP-5131 menu tree.
Configurin g Mesh Netwo rking 9-31 5. The T rion IT department then selects Network C onfiguration -> LAN -> trion from the AP-5131 menu tree. 6.
AP-5131 Access Po int Product Re ference Guide 9-32 9. The team selects the Edit button to revise (and rename) the existing defa ult WLAN to support mesh networking. 10. The T rion IT team a ssigns AP3 and AP4 an ES SID of 103. Therefor e, AP1 and AP2 should be able to “see” AP3 and AP4 as soon as they are deploye d.
Configurin g Mesh Netwo rking 9-33 13. The team does not want any MUs connecting to the mesh WLAN, only th e devices comprising the mesh network. There fore, the team leaves the Maximum MUs field as is, and will use the Radio Con figuration page to contro l the number of client bridge connections.
AP-5131 Access Po int Product Re ference Guide 9-34 21. Now a QoS policy needs to be defin ed for the shipping and receiving mesh WLAN. The IT T eam still envisions little (if any) video or voic e traffic within the shippi ng as the MUs within primarily scan bar codes and up load data.
Configurin g Mesh Netwo rking 9-35 25. For both AP3 and AP4, the IT T eam uses the Mesh Network Name drop-down menu to assign the “ trion mesh ” WLAN to radio 1. This is the WL AN the AP3 and AP4 radios will use to interoperate with the MUs populating the shipping yard.
AP-5131 Access Po int Product Re ference Guide 9-36 9.3.3 Adding 2 More Client Br idges to the T rion Network After an additional six months with their existing 4 AP-5131 mes h network, T r ion Enterprises needs and approves the addition o f two additional AP -5131s (AP5 and AP6) to be con figured as client bridges.
Configurin g Mesh Netwo rking 9-37 3. The T rion IT dep artment selects Network Configuration -> LAN from the AP-5131 menu tree. 4. The T rion IT department verifies the LAN used to support the me sh network is enabled for both AP5 and AP6, (by selecting the Enable checkbox).
AP-5131 Access Po int Product Re ference Guide 9-38 7. The T rion IT departm ent leaves the Priority setting to at 32768 for AP5 and AP 6 for both to defer to AP1 (which was assigned a priority of 1 for root des ignation) as the AP-5131 defining the mesh network con figuration.
Configurin g Mesh Netwo rking 9-39 9. The team selects the Edit button to revise (and rena me) the existing default WLAN to support mesh networking. 10. The T rion IT team assigns the WLAN an ESSID of 103 to be consistent with the trion mesh WLAN ESSID of the other four AP-5131s within the mesh network.
AP-5131 Access Po int Product Re ference Guide 9-40 13. The team still d oes not want any MUs connecting to the mesh WLAN, only the devices comprising the mesh network. The refore, the team leaves the Maxim um MUs field as is, and will use th e Radio Configuratio n page to control the number o f client bridge conne ctions within the mesh WLAN.
Configurin g Mesh Netwo rking 9-41 22. The IT team s elects Network Configuration -> Wireless -> Radio Con figuration from the AP-5131 menu tree. The Radio Configuration screen d isplays. 23. For both AP5 and AP6, the IT T eam enables Radi o 1 and define s the radio as a client b ridge.
AP-5131 Access Po int Product Re ference Guide 9-42.
T echnical Specifications This appendix provides technical specifications in the following areas: • Physical Characteris tics • Electrical Characteristics • Radio Cha racteristi cs • Antenna S.
AP-5131 Access Po int Product Re ference Guide A-2 A.1 P hy sical Characteristics The AP-5131 has the followin g physical characte ristics: A.2 E lectrical Characteristics The AP-5131 has the following electrical chara cteristics: Dimensions 5.32 inches long x 9.
Technical Specifications A-3 A.3 R adio Characteristics The AP-5131 has the followin g radio characteristics: Operating Channels 802.11a radio - Channels 34-161 (5170-5825 MHz) 802.
AP-5131 Access Po int Product Re ference Guide A-4 A.4 Antenna Specifications The AP-5131 antenna suite has the following specific ations: A.4.1 2.4 GHz Antenna Matrix The following tab le describes each 2.4 GHz antenna app roved for us e with the AP-5131 .
Technical Specifications A-5 A.4.3 Additional Antenna Components The following table lists the Symbol part number fo r various antenna acces sories. This table also includes the loss for each access ory at both 2.
AP-5131 Access Po int Product Re ference Guide A-6 A.5 C ountry Codes The following list o f countries and their c ountry codes is usefu l when using the AP -5131 configuratio n file, CLI or the MIB t.
Technical Specifications A-7 Germany DE T urkey TR Greece GR Ukraine UA Hong Kong HK UAE A E Hungary HU United Kingdom UK Iceland IS USA US India IN Uruguay UY Indonesia ID Vietnam VN Ireland IE V ene.
AP-5131 Access Po int Product Re ference Guide A-8.
AP-5131 Usage Scenarios This appendix provides prac tical usage scenarios for many of the AP -5131’ s key features. This information should be referenced as a su pplement to the information contained within this AP-5131 Product Reference Guide.
AP-5131 Access Po int Product Re ference Guide B-2 The firmware is auto matically updated each time firmware versions are foun d to be different between the AP-5131 and the firmwa re file located on the DHCP/BootP server . The configuration file is automatically app lied only if the filename is different than what resides on the AP-5131 .
AP-5131 Us age Scenar ios B- 3 e. Add the following 3 new options under AP 5131 Options class: f. Highlight Scop e Options from the tree and select Configure Options . g. Go to the Advanc ed tab. From under the V endor Class AP5 131 Options, check all three options mentioned in the table abov e and enter a value for each option.
AP-5131 Access Po int Product Re ference Guide B-4 B.1.1.2 Global Options - Using Extended/Standard Options The following are instructions for automatic firmwa re and configurat ion file updates via DHCP using extended options or standard optio ns configured globally .
AP-5131 Us age Scenar ios B- 5 d. Under the General tab, che ck all 3 options mentioned within the Extended Options table and enter a value for each option. 3. Copy both th e firmware and con figuration files to the appropria te directory on the TF TP Server .
AP-5131 Access Po int Product Re ference Guide B-6 If the DHCP Server is configured for options 186 and 66 (to as sign TF TP Server IP addresses) the AP-5131 uses the IP address configured for option 1 86.
AP-5131 Us age Scenar ios B- 7 B.1.2.1 BootP Options This section contains instructions for the automatic update of the AP -5131 firmware and configura tion file us ing a BootP Se rver . The setup example described in this section includes: • 1 AP-5131 • 1 Linux/Unix BOOTP Server • 1 TF TP Se rver .
AP-5131 Access Po int Product Re ference Guide B-8 Using options sa, b f and 136: 3. Copy the firmware and configura tion files to the appropriate directory on the TF TP Server . By default, auto update is enabled on the AP-513 1 (since the LAN Port is a DHCP Client, out-of-the-box auto upd ate support is on the LAN Port).
AP-5131 Us age Scenar ios B- 9 B.1.2.2 BootP Priorities The following flowchart displays the priorities used by the AP-513 1 when the BootP server is configured for multiple options: If the BootP Server is configured for options 186 and 66 (to assign TF TP server IP addresses) the AP-5131 uses the IP address configured for option 186.
AP-5131 Access Po int Product Re ference Guide B-10 B.2.1 Configuring a VPN T un nel Between T wo AP-5131s The AP-5131 can connect to a non-AP device supporting IPSec, such as a Cisco VPN device - labeled as "Device #2".
AP-5131 Us age Scenar ios B- 11 8. Click Apply to save the changes. 9. Select the Auto (IKE) Ke y Exchang e checkbox. 10. Select the Auto Key Settings button. 11. For the ESP T ype, select ESP with Authentication and use AES 12 8-bit as the ESP Encryption Algorithm.
AP-5131 Access Po int Product Re ference Guide B-12 13. Select Pre Shared Key (PSK) from the IKE Authentication Mode dr op-down menu. 14. Enter a Passphrase . Passphrases must match on both VPN devices. 15. Select AES 128-bit as the IKE Enc ryption Algorithm.
AP-5131 Us age Scenar ios B- 13 19. On AP-5131 #2/ Device #2, repe at the same procedure. How ever , replace AP-5131 #2 information with AP-5131 #1 information. 20. Once both tu nnels are establishe d, ping each side of the tunnel to ensure connectivity .
AP-5131 Access Po int Product Re ference Guide B-14 B.2.3 Frequently Asked VPN Questions The following are common question s that arise w hen configuring a VPN tunnel using the AP -5131. • Question 1: Does the AP- 5131 IPSec tunnel support mu ltiple subnets on the other end of a VPN concentrator? Ye s .
AP-5131 Us age Scenar ios B- 15 • Question 2: Even if a wildcard entry o f "0.0 .0.0" is ent ered in the Remote Subnet field in the VPN configuration page, can the AP access multip le subnets on the other end of a VPN conc entrator for th e APs LAN/W AN side? No.
AP-5131 Access Po int Product Re ference Guide B-16 Ye s . • Question 6: Can an IPSec tunnel over a PPPoE co nnection be estab lished - such as a PPPoE en abled DSL link? Ye s . The AP -5131 suppo rts tunneling when using a PPPoE username and password.
AP-5131 Us age Scenar ios B- 17 • UFQDN - tries to match the user entered remote ID data string to the email address field of the received certificate.
AP-5131 Access Po int Product Re ference Guide B-18 • Question 11: I still can't get my tunnel to work after attempting to initiate traffic between the two subnets. Wh at now? T ry the following troublesh ooting tips: • V erify you can ping each of the remote Gateway IP addresses from clients on either side.
AP-5131 Us age Scenar ios B- 19 These three rules should be config ured above all other rules (defa ult or user defined). When Advanced LAN Access is used, certain in bound/outbound rules need to be con figured to control incomin g/outgoing packet flow for IPSec to work properly (with Adva nced LAN Access).
AP-5131 Access Po int Product Re ference Guide B-20 • The interface parameter has b een removed from the Auto Update conf iguration feature. • The W AN interface now has http/telnet/https/ssh connectivity en abled by default.
Customer Support Symbol T echnologies provides its customers with promp t and accurate customer support. Use the Symbol Support Center as the primary contact fo r a ny technical problem, que stion or supp ort issue involving Symbol produ cts.
AP-5131 Access Po int Product Re ference Guide C-2 North American Contacts Inside North America: Symbol T echnologies, In c. One Symbol Plaza Holtsville, New Y ork 11742-1300 T elephone: 1-631-738-2 4.
Customer Suppor t C-3 W eb Support Sites MySymbol Care http://www .symbol.com/service s/msc /msc.html Symbol Services Homepage http://symbol.com/serv ices Symbol Software Updates http://symbol.com/serv ices/downloads Symbol Developer Program http:// devzone .
AP-5131 Access Po int Product Re ference Guide C-4.
A access options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23 access point CAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16 encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 PSP .
AP-5131 Access Po int Product Re ference Guide IN-6 CAM stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16 PSP stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-16 BSSID . . . . . . . . . . . . . . . . . . . . . .
IN-7 I importing certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 importing/e xporting co nfiguratio ns . . . . . . . . . . . . . . . 4-37 installation, ceiling . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17 installation, ceiling T-Bar .
AP-5131 Access Po int Product Re ference Guide IN-8 R radio options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 radio, retry histogram . . . . . . . . . . . . . . . . . . . . . . . . . . 7-22 radio, statistics . . . . . . .
IN-9 WAN, statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2 WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11 WEP encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9, 1-11 Wi-Fi Protected Access (WPA) .
AP-5131 Access Po int Product Re ference Guide IN-10.
.
Symbol T echnologies, Inc. One Symbol Plaza Holtsville, New Y ork 11742-1300 72E-94168-01 Revision A - November 2006.
An important point after buying a device Symbol AP-5131 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Symbol AP-5131 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Symbol AP-5131 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Symbol AP-5131 you will learn all the available features of the product, as well as information on its operation. The information that you get Symbol AP-5131 will certainly help you make a decision on the purchase.
If you already are a holder of Symbol AP-5131, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Symbol AP-5131.
However, one of the most important roles played by the user manual is to help in solving problems with Symbol AP-5131. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Symbol AP-5131 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
