MANAGEMENT GUIDE 802.11a/b/g/n Dual Band 802.
Outdoor Access Point Management Guide No. 1, Creation Road III, Hsinchu Science Park, 30077, Taiwan, R.O.C. Tel: +886 3 5638888 Fax: +886 3 6686111 January 2013 Pub.
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice. Copyright © 2013 by SMC Networks, Inc. No.
Warranty and Product Registration To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http://www.smc.com.
How to Use This Guide This guide includes detailed information on the access point (AP) software, including how to operate and use the management functions of the AP. To deploy this AP effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all its software features. Who Should Read This This guide is for network administrators who are responsible for operating and Guide? maintaining network equipment.
How to Use This Guide Conventions The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions. Caution: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment. Warning: Alerts you to a potential hazard that could cause personal injury. Revision History This section summarizes the changes in each revision of this guide.
Contents Section I Warranty and Product Registration 4 How to Use This Guide 5 Contents 7 Figures 12 Tables 14 Getting Started 17 1 Introduction 18 Configuration Options 18 Console Port Connection 19 Console Login 19 Network Connections 20 Connecting to the Web Interface 20 Home Page and Main Menu 21 Common Web Page Buttons 22 2 Initial Configuration 24 CLI Initial Configuration Steps 24 Setting an IP Address 24 Setting a Password 25 Setting the Country Code 25 Web Qu
Contents Section II Web Configuration 3 System Settings 32 33 Administration Settings 34 IPv4 Address 35 IPv6 Address 36 RADIUS Settings 37 Primary and Secondary RADIUS Server Setup 37 RADIUS Accounting 38 System Time 39 SNTP Server Settings 40 Time Zone Setting 40 Daylight Saving Settings 40 VLAN Configuration 40 System Logs 42 Quick Start Wizard 43 System Resource 44 Bridge STP Configuration 45 Spanning Tree Protocol (STP) 45 Bridge Configuration 48 4 Management Setti
Contents Link Layer Discovery Protocol 61 Access Control Lists 63 Source Address Settings 63 Destination Address Settings 64 Ethernet Type 65 Link Integrity 66 6 Wireless Settings 67 Authentication 68 Local MAC Authentication 68 RADIUS MAC Authentication 69 Radio Settings 71 Virtual Access Points (VAPs) 75 VAP Basic Settings 76 WDS-STA Mode 78 Wireless Security Settings 78 Wired Equivalent Privacy (WEP) 80 VAP QoS Settings 82 VAP Bandwidth Settings 84 Rogue AP Detection
Contents Section III Command Line Interface 9 Using the Command Line Interface 107 109 Console Connection 109 Telnet Connection 110 Entering Commands 111 Keywords and Arguments 111 Minimum Abbreviation 111 Command Completion 111 Getting Help on Commands 111 Showing Commands 111 Negating the Effect of Commands 112 Using Command History 112 Understanding Command Modes 112 Command Line Processing 114 10 General Commands 115 11 System Management Commands 119 12 System Logging Com
Contents Section IV 22 WDS Bridge Commands 197 23 Ethernet Interface Commands 199 24 Wireless Interface Commands 206 25 Wireless Security Commands 232 26 Rogue AP Detection Commands 241 27 Link Integrity Commands 247 28 Link Layer Discovery Commands 250 29 VLAN Commands 254 30 WMM Commands 258 31 QoS Commands 263 Appendices 271 A Troubleshooting 272 Problems Accessing the Management Interface 272 Using System Logs 272 Index of CLI Commands 274 Index 276 – 11 –
Figures Figure 1: Login Page 21 Figure 2: The Home Page 21 Figure 3: Set Configuration Changes 22 Figure 4: Help Menu 23 Figure 5: Quick Start - Step 1 27 Figure 6: Quick Start - Step 2 28 Figure 7: Quick Start - Step 3 29 Figure 8: Quick Start - Step 4 31 Figure 9: Administration 34 Figure 10: IPv4 Configuration 35 Figure 11: IPv6 Configuration 36 Figure 12: RADIUS Settings 38 Figure 13: SNTP Settings 39 Figure 14: Setting the VLAN Identity 41 Figure 15: System Log Settings 42
Figures Figure 30: Destination ACLs 64 Figure 31: Ethernet Type Filter 65 Figure 32: Link Integrity 66 Figure 33: Local Authentication 68 Figure 34: RADIUS Authentication 69 Figure 35: Radio Settings 71 Figure 36: VAP Settings 75 Figure 37: VAP Basic Settings 76 Figure 38: WDS-STA Mode 78 Figure 39: Configuring VAPs - Security Settings 78 Figure 40: WEP Configuration 81 Figure 41: QoS Settings 82 Figure 42: QoS Template Setting 83 Figure 43: Bandwidth Settings 84 Figure 44: Rogu
Tables Table 1: Logging Levels 43 Table 2: WMM Access Categories 87 Table 3: Command Modes 113 Table 4: General Commands 115 Table 5: System Management Commands 119 Table 6: Country Codes 120 Table 7: System Management Commands 139 Table 8: Logging Levels 141 Table 9: System Clock Commands 144 Table 10: DHCP Relay Commands 149 Table 11: SNMP Commands 151 Table 12: Flash/File Commands 164 Table 13: RADIUS Client Commands 167 Table 14: 802.
Tables Table 30: Troubleshooting Chart 272 – 15 –
Tables – 16 –
Section I Getting Started This section provides an overview of the access point, and introduces some basic concepts about wireless networking. It also describes the basic settings required to access the management interface.
1 Introduction The access point (AP) runs software that includes a network management agent. The agent offers a variety of management options, including SNMP and a webbased interface. A PC may also be connected directly to the AP’s console port for configuration using a command line interface (CLI). Configuration Options The AP’s HTTP web agent allows you to configure AP parameters, monitor wireless connections, and display statistics using a standard web browser such as Internet Explorer 6.
Chapter 1 | Introduction Console Port Connection Console Port Connection The AP provides an RS-232 serial console port that enables a connection to a PC or terminal for monitoring and configuring the AP. A null-modem console cable is provided with the AP. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the AP. You can use the console cable provided with this package, or use a nullmodem cable that complies with the wiring assignments shown in the Installation Guide.
Chapter 1 | Introduction Network Connections 2. At the login prompt, enter “admin.” 3. At the Password prompt, press . There is no default password. 4. The session is opened and the CLI displays the “Accton#” prompt indicating you have access to the CLI commands.
Chapter 1 | Introduction Connecting to the Web Interface 2. Log into the interface by entering the default username “admin” with no password, then click Login. Note: It is strongly recommended to change the default user name and password the first time you access the web interface. For information on changing user names and passwords, See “Administration Settings” on page 34. Figure 1: Login Page Home Page and Main After logging in to the web interface, the home page displays.
Chapter 1 | Introduction Connecting to the Web Interface The web interface Main Menu menu provides access to all the configuration settings available for the AP. To configure settings, click the relevant Main Menu item. Each Main Menu item is sumarized below with links to the relevant section in this guide where configuration parameters are described in detail: ◆ System — Configures Management IP, WAN, LAN and QoS settings. See “System Settings” on page 33.
Chapter 1 | Introduction Connecting to the Web Interface Figure 4: Help Menu ◆ Logout – Ends the web management session. ◆ Save Config – Saves the current configuration so that it is retained after a restart.
2 Initial Configuration The AP’s initial configuration steps can be made through the CLI or web browser interface. If the AP is not configured with an IP address that is compatible with your network. You can first use the command line interface (CLI) as described below to configure a valid IP address. CLI Initial Configuration Steps First connect to the AP’s console port and log in to the CLI, as described in “Console Port Connection” on page 19. Then proceed with the required configuration.
Chapter 2 | Initial Configuration CLI Initial Configuration Steps Setting a Password If you are logging in to the CLI for the fist time, you should define management access passwords for an administrator and guest (used for CLI and web management), record them, and then keep them in a safe place. Note: If you loose your management access passwords, you will need to use the Reset button on the AP to set the configuration back to factory default values.
Chapter 2 | Initial Configuration Web Quick Start BA-BOSNIA, BR-BRAZIL, BN-BRUNEI_DARUSSALAM, BG-BULGARIA, CA-CANADA, CL-CHILE, CN-CHINA, CO-COLOMBIA, CR-COSTA_RICA, HR-CROATIA, CY-CYPRUS, CZ-CZECH_REPUBLIC, DK-DENMARK, DK-DENMARK, DO-DOMINICAN_REPUBLIC, EC-ECUADOR, EG-EGYPT, EE-ESTONIA, FI-FINLAND, FO-FAROE_ISLANDS, FR-FRANCE, F2-FRANCE2, GE-GEORGIA, DE-GERMANY, GR-GREECE, GT-GUATEMALA, HK-HONG_KONG, HN-HONDURAS, HU-HUNGARY, IS-ICELAND, IN-INDIA, ID-INDONESIA, IR-IRAN, IQ-IRAQ, IE-IRELAND, IL-ISRAEL, IT-I
Chapter 2 | Initial Configuration Web Quick Start Figure 5: Quick Start - Step 1 The following items are displayed on the first page of the Quick Start wizard: Identification ◆ System Name — The name assigned to the access point. (Default: SMC2890W-AN or SMC2891W-AN) Change Password ◆ Username/Guest Username — The name of the user is fixed as either “admin” or “guest” and is not configurable.
Chapter 2 | Initial Configuration Web Quick Start Caution: You must set the country code to the country of operation. Setting the country code restricts operation of the access point to the radio channels and transmit power levels permitted for wireless networks in the specified country. ◆ Cancel — Cancels the newly entered settings and restores the orignals. ◆ Next — Proceeds to the next page. Step 2 The Step 2 page of the Quick Start configures IP settings and DHCP client status.
Chapter 2 | Initial Configuration Web Quick Start ◆ Primary and Secondary DNS Address — The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses. (The default Primary and Secondary DNS addresses are null values.) ◆ Management IP — The IPv4 address of the AP through which you can access management interfaces.
Chapter 2 | Initial Configuration Web Quick Start Security ◆ ◆ Association Mode — Defines the mode with which the VAP will associate with clients. (For more information on security modes, see “Wireless Security Settings” on page 78.) ■ Open System: The VAP is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID.
Chapter 2 | Initial Configuration Web Quick Start Authentication ◆ 802.1X — The access point supports 802.1X authentication only for clients initiating the 802.1X authentication process (i.e., the access point does not initiate 802.1X authentication). For clients initiating 802.1X, only those successfully authenticated are allowed to access the network. For those clients not initiating 802.1X, access to the network is allowed after successful wireless association with the access point. The 802.
Section II Web Configuration This section provides details on configuring the access point using the web browser interface.
3 System Settings This chapter describes basic system settings on the access point.
Chapter 3 | System Settings Administration Settings Administration Settings The Administration Settings page configures some basic settings for the AP, such as the system identification name, the management access passwords, and the wireless operation Country Code. Figure 9: Administration The following items are displayed on this page: ◆ System Name — An alias for the AP, enabling the device to be uniquely identified on the network.
Chapter 3 | System Settings IPv4 Address Caution: You must set the country code to the country of operation. Setting the country code restricts operation of the AP to the radio channels and transmit power levels permitted for wireless networks in the specified country. IPv4 Address Configuring the AP with an IPv4 address expands your ability to manage the AP. A number of the AP’s features depend on IPv4 addressing to operate.
Chapter 3 | System Settings IPv6 Address If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided. ◆ Primary and Secondary DNS Address — The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.
Chapter 3 | System Settings RADIUS Settings ◆ DHCP Status — Enables/disables DHCPv6 on the access point. ◆ IP Address — Specifies an IPv6 address for management of the access point. (Default: 2001:db8::1) ◆ Subnet Mask — Indicates the local subnet mask. (Default: 64) ◆ Default Gateway — The default gateway is the IPv6 address of the router for the access point, which is used if the requested destination address is not on the local subnet.
Chapter 3 | System Settings RADIUS Settings Figure 12: RADIUS Settings The following items are displayed on the RADIUS Settings page: ◆ RADIUS Status — Enables/disables the primary RADIUS server. ◆ IP Address — Specifies the IP address or host name of the RADIUS server. ◆ Port (1024-65535) — The UDP port number used by the RADIUS server for authentication messages.
Chapter 3 | System Settings System Time ◆ Port (1024-65535) — The UDP port number used by the RADIUS accounting server for authentication messages. (Range: 1024-65535; Default: 1813) ◆ Key — A shared text string used to encrypt messages between the access point and the RADIUS accounting server. Be sure that the same text string is specified on the RADIUS server. Do not use blank spaces in the string.
Chapter 3 | System Settings VLAN Configuration SNTP Server Settings Configures the access point to operate as an SNTP client. When enabled, at least one time server IP address must be specified. ◆ SNTP Status — Enables/disables SNTP. (Default: enabled) ◆ Primary Server — The IP address of an SNTP or NTP time server that the access point attempts to poll for a time update. ◆ Secondary Server — The IP address of a secondary SNTP or NTP time server.
Chapter 3 | System Settings VLAN Configuration Note the following points about the access point’s VLAN support: ◆ The management VLAN is for managing the access point through remote management tools, such as the web interface, SSH, SNMP, or Telnet. The access point only accepts management traffic that is tagged with the specified management VLAN ID. ◆ All wireless clients associated to the access point are assigned to a VLAN.
Chapter 3 | System Settings System Logs System Logs The access point can be configured to send event and error messages to a System Log Server. The system clock can also be synchronized with a time server, so that all the messages sent to the Syslog server are stamped with the correct time and date. Figure 15: System Log Settings The following items are displayed on this page: ◆ Syslog Status — Enables/disables the logging of error messages.
Chapter 3 | System Settings Quick Start Wizard ◆ Logging Level — Sets the minimum severity level for event logging. (Default: Debug) The system allows you to limit the messages that are logged by specifying a minimum severity level. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug). The message levels that are logged include the specified minimum level up to the Emergency level.
Chapter 3 | System Settings System Resource System Resource The System Resource page displays information on the AP’s current CPU and memory utilization. This page also allows you to set thresholds for the CPU and memory usage, where an SNMP trap can be sent as an alert. Figure 16: System Resource The following items are displayed on this page: ◆ CPU Rising Threshold — A high CPU utilization percentage above which a “CPU Busy” SNMP trap message is sent (only sent once).
Chapter 3 | System Settings Bridge STP Configuration ◆ Memory Status — Displays detailed information on the current memory utilization. Bridge STP Configuration The Bridge menu enables configuration of the Spanning Tree Protocol (STP) and the address table aging time. Spanning Tree The Spanning Tree Protocol (STP) can be used to detect and disable network loops, Protocol (STP) and to provide backup links between switches, bridges or routers.
Chapter 3 | System Settings Bridge STP Configuration Figure 17: Spanning Tree Protocol Bridge Sets STP bridge link parameters. The following items are displayed on the STP page: ◆ Spanning Tree Protcol — Enables/disables STP on the AP. (Default: Disabled) ◆ Priority — Used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STP root device.
Chapter 3 | System Settings Bridge STP Configuration to the network. (Default: 20 seconds; Range: 6-40 seconds) Minimum: The higher of 6 or [2 x (Hello Time + 1)]. Maximum: The lower of 40 or [2 x (Forward Delay - 1)] ◆ Hello Time — Interval (in seconds) at which the root device transmits a configuration message. (Default: 2 seconds; Range: 1-10 seconds) Minimum: 1 Maximum: The lower of 10 or [(Max.
Chapter 3 | System Settings Bridge STP Configuration ◆ Link Port Priority — Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the spanning tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops.
4 Management Settings This chapter describes management access settings on the access point. It includes the following sections: ◆ “Remote Management Settings” on page 49 ◆ “Access Limitation” on page 51 ◆ “Simple Network Management Protocol” on page 52 Remote Management Settings The Web, Telnet, and SNMP management interfaces are enabled and open to all IP addresses by default.
Chapter 4 | Management Settings Remote Management Settings ◆ The client and server generate session keys for encrypting and decrypting data. ◆ The client and server establish a secure encrypted connection. ◆ A padlock icon should appear in the status bar for Internet Explorer. Figure 19: Remote Management The following items are displayed on Admin Interface page: ◆ Telnet Access — Enables/disables management access from Telnet interfaces.
Chapter 4 | Management Settings Access Limitation ◆ HTTP Port — Specifies the HTTP port for IP connectivity. (Default: 80; Range 1024-65535) ◆ HTTPS Server — Enables/disables management access from a HTTPS server. (Default: enabled) ◆ HTTPS Port — Specifies the HTTPS port for secure IP connectivity. (Default: 443; Range 1024-65535) ◆ SNMP Access — Enables management access through SNMP. For more information on SNMP access, see “Simple Network Management Protocol” on page 52.
Chapter 4 | Management Settings Simple Network Management Protocol ◆ IP Address — Specifies the IP address. ◆ Subnet Mask — Specifies the subnet mask in the form 255.255.255.x Restrict Management ◆ Enable/Disable — Enables/disables management of the device by a wireless client. (Default: disabled) DHCP Filter ◆ Enable/Disable — Enables/disables the AP and wireless clients from obtaining an IP address from a DHCP server installed on wireless client.
Chapter 4 | Management Settings Simple Network Management Protocol strings to be configured for authentication. Trap notifications can be enabled and sent to up to four management stations. Figure 21: SNMP Basic Settings The following items are displayed on this page: ◆ SNMP — Enables or disables SNMP management access and also enables the access point to send SNMP traps (notifications). (Default: Disable) ◆ System Location — A text string that describes the system location.
Chapter 4 | Management Settings Simple Network Management Protocol SNMP Trap Settings Traps indicating status changes are issued by the AP to specified trap managers. You must specify trap managers so that key events are reported by the AP to your management station (using network management platforms). Figure 22: SNMP Trap Settings The following items are displayed on this page: ◆ Trap Destination — Specifies the recipient of SNMP notifications. Enter the IP address or the host name.
Chapter 4 | Management Settings Simple Network Management Protocol View Access Control To configure SNMPv3 management access to the AP, follow these steps: Model 1. Specify read and write access views for the AP MIB tree. 2. Configure SNMP user groups with the required security model (that is, SNMP v1, v2c, or v3) and security level (authentication and privacy). 3. Assign SNMP users to groups, along with their specific authentication and privacy passwords.
Chapter 4 | Management Settings Simple Network Management Protocol “1111 1111 1011 1111.” If applied to the subtree “1.3.6.1.2.1.2.2.1.1.23,” the zero corresponds to the 10th subtree ID. When there are more subtree IDs than bits in the mask, the mask is padded with ones. ◆ View List – Shows the currently configured object identifiers of branches within the MIB tree that define the SNMP view.
Chapter 4 | Management Settings Simple Network Management Protocol The following items are displayed on this page: ◆ User Name — The SNMPv3 user name. (32 characters maximum) ◆ Group — The SNMPv3 group name. ◆ Auth Type — The authentication type used for the SNMP user; either MD5 or none. When MD5 is selected, enter a password in the corresponding Passphrase field. ◆ Auth Passphrase — The authentication password or key associated with the authentication and privacy settings.
Chapter 4 | Management Settings Simple Network Management Protocol Figure 25: SNMPv3 Targets The following items are displayed on this page: ◆ Target ID — A user-defined name that identifies a receiver of notifications. (Maximum length: 32 characters) ◆ IP Address — Specifies the IP address of the receiving management station. ◆ UDP Port — The UDP port that is used on the receiving management station for notification messages.
Chapter 4 | Management Settings Simple Network Management Protocol The following items are displayed on this page: ◆ Filter ID — A user-defined name that identifies the filter. (Maximum length: 32 characters) ◆ Subtree — Specifies MIB subtree to be filtered. The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”. ◆ Type — Indicates if the filter is to “include” or “exclude” the MIB subtree objects from the filter.
5 Advanced Settings This chapter describes advanced settings on the access point. It includes the following sections: ◆ “Local Bridge Filter” on page 60 ◆ “Link Layer Discovery Protocol” on page 61 ◆ “Access Control Lists” on page 63 ◆ “Link Integrity” on page 66 Local Bridge Filter The access point can employ network traffic frame filtering to control access to network resources and increase security.
Chapter 5 | Advanced Settings Link Layer Discovery Protocol ◆ Prevent Intra VAP client communication — When enabled, clients associated with a specific VAP interface cannot establish wireless communications with each other. Clients can communicate with clients associated to other VAP interfaces.
Chapter 5 | Advanced Settings Link Layer Discovery Protocol The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner. TTL in seconds is based on the following rule: (Transmission Interval * Hold time) ≤ 65536. Therefore, the default TTL is 4*30 = 120 seconds. ◆ Message Transmission Interval (seconds) — Configures the periodic transmit interval for LLDP advertisements.
Chapter 5 | Advanced Settings Access Control Lists Access Control Lists Access Control Lists allow you to configure a list of wireless client MAC addresses that are not authorized to access the network. A database of MAC addresses can be configured locally on the access point. Source Address The ACL Source Address Settings page enables traffic filtering based on the source Settings MAC address in the data frame.
Chapter 5 | Advanced Settings Access Control Lists Destination Address The ACL Destination Address Settings page enables traffic filtering based on the Settings destination MAC address in the data frame. Figure 30: Destination ACLs The following items are displayed on this page: ◆ DA Status — Enables network traffic with specific destination MAC addresses to be filtered (dropped) from the access point.
Chapter 5 | Advanced Settings Access Control Lists Ethernet Type The Ethernet Type Filter controls checks on the Ethernet type of all incoming and outgoing Ethernet packets against the protocol filtering table. (Default: Disabled) Figure 31: Ethernet Type Filter The following items are displayed on this page: ◆ Disabled — Access point does not filter Ethernet protocol types. ◆ Enabled — Access point filters Ethernet protocol types based on the configuration of protocol types in the filter table.
Chapter 5 | Advanced Settings Link Integrity Link Integrity The AP provides a link integrity feature that can be used to ensure that wireless clients are connected to resources on the wired network. The AP does this by periodically sending Ping messages to a host device in the wired Ethernet network. If the AP detects that the connection to the host has failed, it can disable the radio interfaces, forcing clients to find and associate with another AP.
6 Wireless Settings This chapter describes wireless settings on the access point.
Chapter 6 | Wireless Settings Authentication Authentication Wireless clients can be authenticated for network access by checking their MAC address against the local database configured on the access point, or by using a database configured on a central RADIUS server. Alternatively, authentication can be implemented using the IEEE 802.1X network access control protocol. You can configure a list of the MAC addresses for wireless clients that are authorized to access the network.
Chapter 6 | Wireless Settings Authentication ◆ Local MAC — The MAC address of the associating station is compared against the local database stored on the access point. The Local MAC Authentication section enables the local database to be set up. ◆ System Default — Specifies a default action for all unknown MAC addresses (that is, those not listed in the local MAC database). ◆ ◆ ■ Deny: Blocks access for all MAC addresses except those listed in the local database as “Allow.
Chapter 6 | Wireless Settings Authentication ◆ RADIUS MAC — The MAC address of the associating station is compared against the RADIUS server database. The RADIUS MAC Authentication section enables the RADIUS database to be set up. ◆ Session Timeout — The time period after which a connected client must be re-authenticated. During the re-authentication process of verifying the client’s credentials on the RADIUS server, the client remains connected the network.
Chapter 6 | Wireless Settings Radio Settings Radio Settings The IEEE 802.11n wireless interfaces include configuration options for radio signal characteristics and wireless security features. The AP can operate in several radio modes, mixed 802.11b/g/n (2.4 GHz), or mixed 802.11a/n (5 GHz). Note that the radios can operate at 2.4 GHz and 5 GHz at the same time. The web interface identifies the radio configuration pages as: ◆ Radio 0 — the 2.4 GHz 802.11b/g/n radio interface ◆ Radio 1 — the 5 GHz 802.
Chapter 6 | Wireless Settings Radio Settings The following items are displayed on this page: ◆ High Throughput Mode — The access point provides a channel bandwidth of 20 MHz by default giving an 802.11g connection speed of 54 Mbps and a 802.11n connection speed of up to 108 Mbps, and ensures backward compliance for slower 802.11b devices. Setting the HT Channel Bandwidth to 40 MHz increases connection speed for 802.11n up to 300 Mbps.
Chapter 6 | Wireless Settings Radio Settings Note: Enabling the AP to communicate with 802.11b/g clients in both 802.11b/g/n Mixed and 802.11n modes also requires that HT Operation be set to HT20. ◆ Preamble Length — The radio preamble (sometimes called a header) is a section of data at the head of a packet that contains information that the wireless device and client devices need when sending and receiving packets. You can set the radio preamble to long or short.
Chapter 6 | Wireless Settings Radio Settings propagation delays, echoes, and reflections to which digital data is normally very sensitive. Enabling the Short Guard Interval sets it to 400ns. (Default: Disabled) ◆ Aggregate MAC Protocol Data Unit (A-MPDU) — Enables / disables the sending of this four frame packet header for statistical purposes. (Default: Enabled) ◆ A-MPDU Length Limit (1024-65535) — Defines the A-MPDU length.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Virtual Access Points (VAPs) The AP supports up to 16 virtual access point (VAP) interfaces per radio, numbered 0 to 15. Each VAP functions as a separate access point, and can be configured with its own Service Set Identification (SSID) and security settings. However, most radio signal parameters apply to all VAP interfaces. The VAPs function similar to a VLAN, with each VAP mapped to its own default VLAN ID.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ Enable — Enables the specified VAP. (Default: Disabled) ◆ Status — Displays the mode of the VAP. The default is set to "AP," for normal access point services. ◆ Edit Setting — Click to open the page to configure basic and security settings for the selected VAP. ◆ QoS Setting — Click to open the page to configure QoS settings for the selected VAP.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ Mode — Selects the mode in which the VAP will function. ■ AP Mode: The VAP provides services to clients as a normal access point. ■ WDS-AP Mode: The VAP operates as an access point in WDS mode, which accepts connections from APs in WDS-STA mode. ■ WDS-STA Mode: The VAP operates as a client station in WDS mode, which connects to an access point VAP in WDS-AP mode.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ Multicast Enhancement — When a wireless client joins a multicast group, this feature converts multicast packets to unicast packets to improve multicast video quality. WDS-STA Mode Describes additional basic VAP settings when functioning in WDS-STA mode.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) The following items are available for VAP security: ◆ ◆ Association Mode — Defines the mode with which the VAP will associate with clients. ■ Open System: The VAP is configured by default as an “open system,” which broadcasts a beacon signal including the configured SSID. Wireless clients with an SSID setting of “any” can read the SSID from the beacon and automatically set their SSID to allow immediate connection.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ 802.1X — The access point supports 802.1X authentication only for clients initiating the 802.1X authentication process (i.e., the access point does not initiate 802.1X authentication). For clients initiating 802.1X, only those successfully authenticated are allowed to access the network. For those clients not initiating 802.1X, access to the network is allowed after successful wireless association with the access point. The 802.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Figure 40: WEP Configuration The following items are on this page for WEP configuration: ◆ Default WEP Key Index – Selects the key number to use for encryption for the VAP interface. If the clients have all four WEP keys configured to the same values, you can change the encryption key to any of the settings without having to update the client keys.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) VAP QoS Settings Click the QoS Setting link from the VAP Settings page to access the QoS priority mapping configuration for traffic on the VAP interface. Figure 41: QoS Settings The following items are displayed in the VAP QoS Settings page: ◆ VAP to 802.1p Setting — You can modify the VLAN priority tags of traffic on the VAP interface with a specified priority value. Requires the default VLAN ID for the VAP to be any other value than 1.
Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Both “802.1d to 802.1p” mapping and “802.1d to DSCP” mapping can be enabled simultaneously when the default VLAN ID for the VAP is any other value than 1. When only “802.1d to DSCP” mapping is enabled, the default VLAN ID for the VAP must be set to 1. ◆ QoS Template — Enables up to eight user-defined priority mapping tables to be configued. The tables are used to map the WMM 802.1d priorities to 802.1p/ DSCP priorities.
Chapter 6 | Wireless Settings Rogue AP Detection VAP Bandwidth Click the Bandwidth Setting link from the VAP Settings page to configure rate Settings limiting for traffic on the VAP interface. Figure 43: Bandwidth Settings The following items are displayed on this page: ◆ Bandwidth Control on Uplink Setting — Enables the rate limiting of traffic from the VAP interface as it is passed to the wired network. You can set a maximum rate in kbytes per second.
Chapter 6 | Wireless Settings Rogue AP Detection Figure 44: Rogue AP Detection The following items are displayed on this page: ◆ AP Scan Setting — Enables the periodic scanning for other nearby access points. (Default: Disable) ◆ Scan Interval — Sets the time between each rogue AP scan. (Range: 15 -65535 seconds; Default: 7200 seconds) ◆ Scan Duration — Sets the length of time for each rogue AP scan.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) ◆ Rogue AP Scan Result — Displays information of unknown APs detected within the range of the AP running the scan. ◆ Friendly Active AP Scan Result — Displays information of known APs detected within the range of the AP running the scan. ◆ Start Instant Scan — Starts an immediate rogue AP scan on the radio interface.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) Table 2: WMM Access Categories Access Category WMM Designation Description 802.1D Tags AC_VO (AC3) Voice Highest priority, minimum delay. Time-sensitive data such as VoIP (Voice over IP) calls. 7, 6 AC_VI (AC2) Video High priority, minimum delay. Time-sensitive data such as streaming video. 5, 4 AC_BE (AC0) Best Effort Normal priority, medium delay and throughput. Data only affected by long delays.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) Figure 45: WMM Backoff Wait Times Time CWMin High Priority CWMax AIFS Random Backoff Minimum Wait Time Random Wait Time CWMin Low Priority CWMax AIFS Random Backoff Minimum Wait Time Random Wait Time For high-priority traffic, the AIFSN and CW values are smaller. The smaller values equate to less backoff and wait time, and therefore more transmit opportunities.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) The following items are displayed on this page: ◆ ◆ WMM — Sets the WMM operational mode on the access point. When enabled, the parameters for each AC queue will be employed on the access point and QoS capabilities are advertised to WMM-enabled clients. (Default: Disabled) ■ Disable: WMM is disabled. ■ Enable: WMM must be supported on any device trying to associated with the access point.
Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) ■ ◆ Admission Control: The admission control mode for the access category. When enabled, clients are blocked from using the access category. (Default: Disabled) Set WMM — Applies the new parameters and saves them to RAM memory. Also prompts a screen to inform you when it has taken affect. Click “OK” to return to the home page. Changes will not be saved upon a reboot unless the running configuration file is saved.
7 Maintenance Settings Maintenance settings includes the following sections: ◆ “Upgrading Firmware” on page 91 ◆ “Running Configuration” on page 93 ◆ “Resetting the Access Point” on page 94 ◆ “Scheduled Reboot” on page 95 Upgrading Firmware You can upgrade new access point software from a local file on the management workstation, or from an FTP or TFTP server. New software may be provided periodically from your distributor.
Chapter 7 | Maintenance Settings Upgrading Firmware Figure 47: Firmware The following items are displayed on this page: ◆ Firmware Version — Displays the software image version that is being used as the runtime image. The “Active” image is the current running software, and the “Backup” image is the second software file installed on the AP, but not running. ◆ Next Boot Image — Specifies what version of software will be used as a runtime image upon bootup.
Chapter 7 | Maintenance Settings Running Configuration ◆ ■ New Firmware File: Specifies the name of the code file on the server. The new firmware file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) ■ IP Address: IP address or host name of FTP or TFTP server.
Chapter 7 | Maintenance Settings Resetting the Access Point The following items are displayed on this page: ◆ File Backup/Restore — Downloads an operation code image file from a specified remote FTP or TFTP server. After filling in the following fields, click Start Export/Import to proceed. ◆ Export/Import — Select Export to upload a file to an FTP/TFTP server. Select Import to download a file from an FTP/TFTP server. ◆ Config file — Specifies the name of the configuration file.
Chapter 7 | Maintenance Settings Scheduled Reboot Figure 49: Resetting the Access Point The following items are displayed on this page: ◆ Save Runtime config before Reboot — Checking this option saves the current running configuration to the startup file. ◆ Reboot — Click the “Reboot” button to reset the configuration settings for the AP and reboot the system. Note that all unsaved user configured information will be lost.
Chapter 7 | Maintenance Settings Scheduled Reboot ◆ Status — Selects a fixed time interval or a countdown time, or disables the feature. ◆ Interval — Specifies the interval in days. (Range: 1~7 days) ◆ Schedule Time — Specifies a time in hours and minutes. (Range: 0~23 hours, 0~59 minutes) Figure 51: Reboot Schedule — Countdown Time The following items are displayed on this page: ◆ Status — Selects a fixed time interval or a countdown time, or disables the feature.
8 Status Information The Information menu displays information on the current system configuration, the wireless interface, the station status and system logs.
Chapter 8 | Status Information AP Status AP Status The AP Status window displays basic system configuration settings, as well as the settings for the wireless interfaces. AP System The AP System Configuration table displays the basic system configuration settings Configuration Figure 52: AP System Configuration The following items are displayed on this page: ◆ Serial Number — The serial number of the physical access point. ◆ System Up Time — Length of time the management agent has been up.
Chapter 8 | Status Information AP Status ◆ System Name — Name assigned to this system. ◆ System Contact — Administrator responsible for the system. ◆ IP Address — IP address of the management interface for this device. ◆ IP Default Gateway — IP address of the gateway router between this device and management stations that exist on other network segments. ◆ HTTP Server Status — Shows if management access via HTTP is enabled. ◆ HTTP Port — Shows the TCP port used by the HTTP interface.
Chapter 8 | Status Information AP Status AP Wireless The AP Wireless Configuration displays the VAP interface settings for the 2.4 GHz Configuration and 5 GHz radios. Figure 53: AP Wireless Configuration The following items are displayed on this page for the 2.4 GHz and 5 GHz radio interfaces: ◆ VAP — Displays the VAP number. ◆ SSID — The service set identifier for the VAP interface. ◆ Status — Displays the interface mode setting, either “ap”, “wds-ap”, or “wds-sta”.
Chapter 8 | Status Information Station Status Station Status The Station Status window shows the wireless clients currently associated with the 2.4 GHz and 5 GHz radio interfaces. Figure 54: Station Status The following items are displayed on this page: ◆ Total Station Number of this device — The total number of clients associated to the AP. ◆ Total Station Number of Radio 0 — The total number of clients associated to the 2.4 GHz radio.
Chapter 8 | Status Information Station Statistics Station Statistics The Station Statistics window shows the statistic information for wireless clients currently associated with the 2.4 GHz and 5 GHz radio interfaces. Figure 55: Station Statistics The following items are displayed on this page: ◆ Station Address — The MAC address of the wireless client. ◆ TxPkts — The number of transmitted packets from this client. ◆ TxBytes — The number of transmitted bytes from this client.
Chapter 8 | Status Information Event Logs Event Logs The Event Logs window shows the log messages generated by the access point and stored in memory. Figure 56: Event Logs The following items are displayed on this page: ◆ Display Event Log — Selects the log entries to display. Up to 20 log messages can be displayed at one time. Each log entry includes the time the log message was generated, the logging level associated with the message, and the text of the log message.
Chapter 8 | Status Information WDS Status WDS Status The WDS Status window shows the WDS information for the 2.4 GHz and 5 GHz radio interfaces. Figure 57: WDS Status The following items are displayed on this page: ◆ Auto Refresh Setting — Enables the automatic refresh of WDS status information. When enabled, you can also set the time interval between each status refresh. ◆ WDS-STA Status — The status of other APs in WDS-STA mode connected to the AP interfaces.
Chapter 8 | Status Information WDS Status ◆ ■ RxRate (Mbps) — The data receive rate from the AP client. ■ IP — The IP address assigned to the AP client. ■ Privacy — The data encryption method used by the AP client. ■ Authentication — The authentication method used by the AP client. WDS-AP Status — The status of other APs in WDS-AP mode connected to AP interfaces. ■ Station Address — The MAC address of the WDS-enabled AP.
Chapter 8 | Status Information WDS Status – 106 –
Section III Command Line Interface This section provides a detailed description of the Command Line Interface, along with examples for all of the commands.
Section III | Command Line Interface ◆ “Wireless Security Commands” on page 232 ◆ “Rogue AP Detection Commands” on page 241 ◆ “Link Integrity Commands” on page 247 ◆ “Link Layer Discovery Commands” on page 250 ◆ “VLAN Commands” on page 254 ◆ “WMM Commands” on page 258 ◆ “QoS Commands” on page 263 – 108 –
9 Using the Command Line Interface When accessing the management interface for the over a direct connection to the console port, or via a Telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. Using the access point’s command-line interface (CLI) is very similar to entering commands on a UNIX system. Console Connection To access the AP through the console port, first set up a console connection to the AP.
Chapter 9 | Using the Command Line Interface Telnet Connection Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. If the access point does not acquire an IP address from a DHCP server, the default IP address used by the access point is 192.168.2.10.
Chapter 9 | Using the Command Line Interface Entering Commands Entering Commands This section describes how to enter CLI commands. Keywords and A CLI command is a series of keywords and arguments. Keywords identify a Arguments command, and arguments specify configuration parameters. For example, in the command “show interfaces ethernet,” show and interfaces are keywords, and ethernet is an argument that specifies the interface type.
Chapter 9 | Using the Command Line Interface Entering Commands interface line lldp logging long-distance radius rogue-ap snmp sntp station system version wds AP: show Show interface information. TTY line information. Show lldp parameters. Show the logging buffers. Show the outdoor parameter information. Show radius server. Show Rogue AP information. Show snmp configuration. Show sntp configuration. Show 802.11 station table. Show system information. Show system version. Show WDS service.
Chapter 9 | Using the Command Line Interface Entering Commands current mode. The command classes and associated modes are displayed in the following table: Table 3: Command Modes Class Mode Exec Privileged Configuration Global Interface-ethernet Interface-wireless Interface-wireless-vap Exec Commands When you open a new console session on an access point, the system enters Exec command mode. Only a limited number of the commands are available in this mode.
Chapter 9 | Using the Command Line Interface Entering Commands AP#configure AP(config)# To enter Interface mode, you must enter the “interface ethernet” while in Global Configuration mode. The system prompt will change to “AP(if-ethernet)#,” or “AP(if-wireless 0)” indicating that you have access privileges to the associated commands. You can use the exit command to return to the Exec mode. AP(config)#interface ethernet AP(if-ethernet)# Command Line Commands are not case sensitive.
10 General Commands This chapter details general commands that apply to the CLI.
Chapter 10 | General Commands end This command returns to the previous configuration mode. Default Setting None Command Mode Global Configuration, Interface Configuration Example This example shows how to return to the Configuration mode from the Interface Configuration mode: AP(if-ethernet)#end AP(config)# exit This command returns to the Exec mode or exits the configuration program.
Chapter 10 | General Commands Command Mode Exec Example The following example disables the CLI timeout. AP(config)# cli-session-timeout disable AP(config)# ping This command sends ICMP echo request packets to another node on the network. Syntax ping host_name - Alias of the host. ip_address - IP address of the host. Default Setting None Command Mode Exec Command Usage ◆ Use the ping command to see if another site on the network can be reached.
Chapter 10 | General Commands reset This command restarts the system or restores the factory default settings. Syntax reset board - Reboots the system. configuration - Resets the configuration settings to the factory defaults, and then reboots the system. configuration-keep-ip - Resets the configuration settings to the factory defaults except for the IP address, and then reboots the system.
11 System Management Commands These commands are used to configure the password, system logs, browser management options, clock settings, and a variety of other system information.
Chapter 11 | System Management Commands Table 5: System Management Commands (Continued) Command Function Mode Page show version Displays version information for the system Exec 132 show config Displays detailed configuration information for the system Exec 132 country This command configures the access point’s country code, which identifies the country of operation and sets the authorized radio channels.
Chapter 11 | System Management Commands Table 6: Country Codes (Continued) Country Code Country Code Country Code Country Code China CN Israel IL Panama PA Uruguay UY Colombia CO Italy IT Peru PE Uzbekistan UZ Costa Rica CR Japan JP Philippines PH Yemen YE Croatia HR Jordan JO Poland PL Venezuela VE Cyprus CY Kazakhstan KZ Portugal PT Vietnam VN Czech Republic CZ North Korea KP Puerto Rico PR Zimbabwe ZW Denmark DK Korea Republic KR Slovenia SI
Chapter 11 | System Management Commands Default Setting Enterprise AP Command Mode Global Configuration Example AP(config)#prompt RD2 RD2(config)# system name This command specifies or modifies the system name for this device. Syntax system name name - The name of this host.
Chapter 11 | System Management Commands memory-falling - The memory utilization falling threshold in Kbytes. (Range: 0 to less than the memory rising threshold) interval - The utilization check interval in seconds.
Chapter 11 | System Management Commands Default Setting None. There are no admin or guest passwords. Command Mode Global Configuration Example AP(config)#password admin null tpschris AP(config)# reboot-schedule This command restarts the system after a scheduled time. Syntax reboot-schedule {fixed-time | countdown | disable} fixed-time - Reboots after a specified time in days, hours, and minutes. countdown - Reboots after a specified coundown time in minutes.
Chapter 11 | System Management Commands Default Setting Enabled Command Mode Global Configuration Command Usage ◆ The access point supports Secure Shell version 2.0 only. ◆ After boot up, the SSH server needs about two minutes to generate host encryption keys. The SSH server is disabled while the keys are being generated. The show system command displays the status of the SSH server. Example AP(config)# apmgmtui ssh enable AP(config)# apmgmtui ssh port This command sets the Secure Shell server port.
Chapter 11 | System Management Commands Default Setting Interface enabled Command Mode Global Configuration Example AP(config)# apmgmtui telnet-server enable AP(config)# apmgmtui http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. Syntax apmgmtui http port no apmgmtui http port port-number - The TCP port to be used by the browser interface.
Chapter 11 | System Management Commands Command Mode Global Configuration Example AP(config)# apmgmtui http server AP(config)# Related Commands apmgmtui http port apmgmtui http This command sets the web browser timeout limit. session-timeout Syntax apmgmtui http session-timeout seconds - The web session timeout.
Chapter 11 | System Management Commands Command Mode Global Configuration Command Usage ◆ You cannot configure the HTTP and HTTPS servers to use the same port. ◆ To avoid using common reserved TCP port numbers below 1024, the configurable range is restricted to 443 and between 1024 and 65535.
Chapter 11 | System Management Commands ■ The client and server establish a secure encrypted connection. A padlock icon should appear in the status bar for Internet Explorer. Example AP(config)# apmgmtui https server AP(config)# apmgmtui snmp This command enables and disables SNMP management access to the AP. Syntax apmgmtui snmp [enable | disable] enable - Enables SNMP management access. disable - Disables SNMP management access.
Chapter 11 | System Management Commands subnet-mask - Specifies a range of IP addresses allowed management access. Default Setting All addresses Command Mode Global Configuration Command Usage ◆ If anyone tries to access a management interface on the access point from an invalid address, the unit will reject the connection, enter an event message in the system log, and send a trap message to the trap manager. ◆ Management access applies to SNMP, HTTP (web), Telnet, and SSH connections.
Chapter 11 | System Management Commands Example AP#show system System Information ============================================================== Serial Number : AC25123456 System Up time : 1 min System Name : SMC2891W-AN System Location : where? System Contact : who? System Country Code : TW - Taiwan MAC Address : 70:72:CF:00:11:70 Radio 0 MAC Address : 70:72:CF:00:11:70 Radio 1 MAC Address : 70:72:CF:00:11:80 IP Address : 192.168.2.10 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.2.
Chapter 11 | System Management Commands iowait (%) 0.00 idle (%) 92.08 =============== Memory ====================================== free (kb) 95820 used (kb) 17256 used (%) 15.26 cached (kb) 4900 ============================================================= AP# show version This command displays the software version for the system. Command Mode Exec Example AP#show version Boot Rom Version Software Version Hardware Version AP# : U-Boot 1.1.4 r1.4 : 0.3.3.
Chapter 11 | System Management Commands HTTP Access HTTP Port HTTP Timeout HTTPs Access HTTPs Port SSH Access SSH Port Telnet Access Telnet Port Slot Status Boot Rom Version Software Version Hardware Version Part Number Production Date User Name Reboot scheduling : : : : : : : : : : : : : : : : : Enable 80 1800 Enable 443 Enable 22 Enable 23 Dual band(a/g) U-Boot 1.1.4 r1.4 0.3.3.
Chapter 11 | System Management Commands There is no group. ================================== User List: ================================== There is no SNMPv3 User. ================================== Target List: ================================== There is no SNMP target. ================================== Filter List: ================================== There is no notification filter.
Chapter 11 | System Management Commands Destination Filter :DISABLED Destination MAC : ========================================== Console Line Information =========================================================== databits : 8 parity : none speed : 115200 stop bits : 1 =========================================================== Ethernet Interface Information ======================================== IP Address : 192.168.2.10 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.2.
Chapter 11 | System Management Commands WPA PSK Key Type : ascii WPA PSK Key : ******** Default Transmit Key : 1 Static WEP Keys Key 1 : ***** Key 2 : ***** Key 3 : ***** Key 4 : ***** Pre-Authentication : DISABLE ----------------------------------802.1x----------------------------------802.1x : DISABLE 802.
Chapter 11 | System Management Commands Maximum Association Client Per Radio : 127 Clients -----------------------------802.
Chapter 11 | System Management Commands AC0(BE) AC1(BK) AC2(VI) AC3(VO) CwMin: CwMin: CwMin: CwMin: 4 4 3 2 CwMax: CwMax: CwMax: CwMax: 10 10 4 3 AIFSN: AIFSN: AIFSN: AIFSN: 3 7 2 2 TXOP TXOP TXOP TXOP Limit: 0 Limit: 0 Limit:3008 Limit:1504 ACM:Disabled ACM:Disabled ACM:Disabled ACM:Disabled LLDP Information =================================================================== Status :Disabled Message Transmission Hold Time :4 Message Transmission Interval (seconds) :30 Reinitial Delay Time (secon
12 System Logging Commands These commands are used to configure system logging on the access point.
Chapter 12 | System Logging Commands logging host This command specifies syslog servers host that will receive logging messages. Use the no form to remove syslog server host. Syntax logging host <1 | 2 | 3 | 4> [udp_port] no logging host <1 | 2 | 3 | 4> 1 - First syslog server. 2 - Second syslog server. 3 - Third syslog server. 4 - Fourth syslog server. host_name - The name of a syslog server. (Range: 1-20 characters) host_ip_address - The IP address of a syslog server.
Chapter 12 | System Logging Commands logging level This command sets the minimum severity level for event logging. Syntax logging level Default Setting Informational Command Mode Global Configuration Command Usage Messages sent include the selected level down to Emergency level. Table 8: Logging Levels Level Argument Description Emergency System unusable Alert Immediate action needed Critical Critical conditions (e.g.
Chapter 12 | System Logging Commands Example AP(config)#logging clear AP(config)# show logging This command displays the logging configuration. Syntax show logging Command Mode Exec Example AP#show logging Logging Information ===================================================== Syslog State : ENABLE Logging Console State : DISABLE Logging Level : Debug Servers 1: 10.7.16.98, UDP Port: 514, State: DISABLE 2: 10.7.13.48, UDP Port: 514, State: DISABLE 3: 10.7.123.123, UDP Port: 65535, State: DISABLE 4: 10.
Chapter 12 | System Logging Commands AP# – 143 –
13 System Clock Commands These commands are used to configure SNTP and system clock settings on the access point.
Chapter 13 | System Clock Commands Example AP(config)#sntp-server ip 1 10.1.0.19 AP# Related Commands sntp-server enabled show sntp sntp-server enabled This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests.
Chapter 13 | System Clock Commands hour - Sets the hour. (Range: 0-23) minute - Sets the minute. (Range: 0-59) Default Setting 00:14:00, January 1, 1970 Command Mode Global Configuration Example This example sets the system clock to 12:10 April 27, 2009. AP(config)# sntp-server date-time 2009 4 27 12 10 AP(config)# Related Commands sntp-server enabled sntp-server daylight- This command sets the start and end dates for daylight savings time. Use the no saving form to disable daylight savings time.
Chapter 13 | System Clock Commands ◆ Using the command without setting the start and end date enables the daylight-saving feature. Example This sets daylight savings time to be used from the Sunday in the fourth week of April, to the Sunday in the fourth week of October. AP(config)# sntp-server daylight-saving date-week 4 4 0 10 4 0 AP(config)# sntp-server timezone This command sets the time zone for the access point’s internal clock.
Chapter 13 | System Clock Commands SNTP Information =========================================================== Service State : ENABLED SNTP (server 1) IP : 129.6.15.28 SNTP (server 2) IP : 132.163.4.
14 DHCP Relay Commands Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients that broadcast a request. To receive the broadcast request, the DHCP server would normally have to be on the same subnet as the client. However, when the access point’s DHCP relay agent is enabled, received client requests can be forwarded directly by the access point to a known DHCP server on another subnet.
Chapter 14 | DHCP Relay Commands Related Commands show interface wireless – 150 –
15 SNMP Commands Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages.
Chapter 15 | SNMP Commands snmp-server This command defines the community access string for the Simple Network community Management Protocol. Use the no form to remove the specified community string. Syntax snmp-server community string [ro | rw] no snmp-server community string string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 23 characters, case sensitive) ro - Specifies read-only access.
Chapter 15 | SNMP Commands Command Mode Global Configuration Example AP(config)#snmp-server contact Paul AP(config)# Related Commands snmp-server location snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location no snmp-server location text - String that describes the system location.
Chapter 15 | SNMP Commands Command Mode Global Configuration Command Usage ◆ This command enables both authentication failure notifications and link-updown notifications. ◆ The snmp-server host command specifies the host device that will receive SNMP notifications. Example AP(config)#snmp-server enable server AP(config)# Related Commands snmp-server host snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host.
Chapter 15 | SNMP Commands Example AP(config)#snmp-server host 1 10.1.19.23 batman AP(config)# Related Commands snmp-server enable server snmp-server trap This command enables the access point to send specific SNMP traps (i.e., notifications). Use the no form to disable specific trap messages. Syntax snmp-server trap no snmp-server trap trap - One of the following SNMP trap messages: sysSystemDown - The access point is about to shutdown and reboot.
Chapter 15 | SNMP Commands include - Defines a filter type that includes objects in the MIB subtree. exclude - Defines a filter type that excludes objects in the MIB subtree. subtree - The part of the MIB subtree that is to be filtered. mask - An optional hexadecimal value bit mask to define objects in the MIB subtree. Default Setting None Command Mode Global Configuration Command Usage ◆ The access point allows multiple notification filters to be created.
Chapter 15 | SNMP Commands level - The SNMPv3 security level of the group. One of the following: NoAuthNoPriv - A group using no authentication and no data encryption. Users in this group use no security, either authentication or encryption, in SNMP messages they send to the agent. AuthNoPriv - A group using authentication, but no data encryption. Users in this group send SNMP messages that use an MD5 key/ password for authentication, but not a DES key/password for encryption.
Chapter 15 | SNMP Commands username - Name of the user connecting to the SNMP agent. (Range: 1-32 characters) groupname - Name of an SNMP group to which the user is assigned. (Range: 1-32 characters) none | md5 - Uses no authentication or MD5 authentication. auth-passphrase - Authentication password. Enter a minimum of eight characters for the user. (8 – 32 characters) none | des - Uses SNMPv3 with no privacy, or with DES56 encryption. priv-passphrase - Privacy password.
Chapter 15 | SNMP Commands port-number - The UDP port that is used on the receiving management station for notifications. notification-filter-id - The name if a defined notification filter. Default Setting None Command Mode Global Configuration Command Usage ◆ The access point supports multiple SNMP v3 target IDs. ◆ The SNMP v3 user name that is specified in the target must first be configured using the snmp-server user command. Example AP(config)#snmp-server target tarname 192.168.1.
Chapter 15 | SNMP Commands ◆ Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects. Note that the filter entries are applied in the sequence that they are defined. ◆ The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”. Example AP(config)#snmp-server filter trapfilter include .1 AP(config)#snmp-server filter trapfilter exclude .1.3.6.1.2.1.2.2.1.1.
Chapter 15 | SNMP Commands Example AP# show snmp target Target List: ================================== Target ID : christraps IP Address : 192.168.1.33 User Name : chris UDP Port : 4321 Filter ID : Not Defined ================================== AP# show snmp filter This command displays the SNMP v3 notification filter settings. Syntax show snmp filter [filter-id] filter-id - A user-defined name that identifies an SNMP v3 notification filter.
Chapter 15 | SNMP Commands Example AP# show snmp SNMP Information ============================================== Service State : Enable Community (ro) : ******* Community (rw) : ******** Location : where? Contact : who? ============================================== Trap Destination List: ============================================== Trap Destination: 192.168.1.
Chapter 15 | SNMP Commands show snmp vacm This command displays the configured SNMP v3 groups. group Syntax show snmp vacm group [group-name] group-name - The name of a user-defined SNMPv3 group.
16 Flash/File Commands These commands are used to manage the system code or configuration files. Table 12: Flash/File Commands Command Function Mode Page dual-image Specifies the file or image used to start up the system GC 164 copy Copies a code image or configuration between flash memory and a FTP/TFTP server Exec 165 show dual-image Displays the name of the current operation code file that booted the system Exec 166 dual-image This command specifies the image used to start up the system.
Chapter 16 | Flash/File Commands Example AP# dual-image boot-image A Change image to A AP# copy This command copies a boot file, code image, or configuration file between the access point’s flash memory and a FTP/TFTP server. When you save the configuration settings to a file on a FTP/TFTP server, that file can later be downloaded to the access point to restore system operation. The success of the file transfer depends on the accessibility of the FTP/TFTP server and the quality of the network connection.
Chapter 16 | Flash/File Commands ◆ The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) ◆ Due to the size limit of the flash memory, the access point supports only two operation code files.
17 RADIUS Client Commands Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access for RADIUS-aware devices to the network. An authentication server contains a database of credentials, such as users names and passwords, for each wireless client that requires access to the access point. Table 13: RADIUS Client Commands Command Function Mode Page radius-server enable Enables the RADIUS server.
Chapter 17 | RADIUS Client Commands Command Mode Global Configuration Example AP(config)# radius-server primary enable This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server address This command specifies the primary and secondary RADIUS server address. Syntax radius-server {primary | secondary} address
address - IP address of server. Default Setting 10.7.16.Chapter 17 | RADIUS Client Commands Example AP(config)# radius-server primary port 1810 This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server key This command sets the RADIUS encryption key. Syntax radius-server {primary | secondary] key key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
Chapter 17 | RADIUS Client Commands Command Usage When the RADIUS Accounting server UDP address is specified, a RADIUS accounting session is automatically started for each user that is successfully authenticated to the access point. Example AP(config)# radius-server accounting address 192.168.1.19 This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command sets the RADIUS Accounting port.
Chapter 17 | RADIUS Client Commands Default Setting DEFAULT Command Mode Global Configuration Example AP(config)# radius-server accounting key green This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command sets the interval between transmitting accounting updates to the accounting RADIUS server.
Chapter 17 | RADIUS Client Commands Command Mode Global Configuration Example AP(config)# make-radius-effective It will take several minutes ! Please wait a while... AP(config)# show radius This command displays the current settings for the RADIUS server. Default Setting None Command Mode Exec Example AP#show radius Radius Accounting Information ============================================== IP : 10.7.16.
18 802.1X Authentication Commands The access point supports IEEE 802.1X access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. Client authentication is then verified by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to the network. The 802.
Chapter 18 | 802.1X Authentication Commands Example AP(if-wireless 0: VAP[0])# 802.1x enable This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# Related Commands show interface wireless 802.1x This command sets the time period after which a connected client must be rereauthentication-time authenticated. Syntax 802.1x reauthentication-time seconds - The number of seconds.
19 MAC Address Authentication Commands Use these commands to define MAC authentication on the access point. For local MAC authentication, first define the default filtering policy, then enter the MAC addresses to be filtered, indicating if they are allowed or denied. For RADIUS MAC authentication, the MAC addresses and filtering policy must be configured on the RADIUS server.
Chapter 19 | MAC Address Authentication Commands Example AP(config)#mac-authentication server remote AP(config)# Related Commands mac-authentication server local address entry radius-server address mac-authentication This command sets local filtering to allow or deny listed MAC addresses. server local address default Syntax mac-authentication server local address default allowed - Only MAC addresses entered as “denied” in the address filtering table are denied.
Chapter 19 | MAC Address Authentication Commands Default None Command Mode Global Configuration Command Mode ◆ The access point supports up to 1024 MAC addresses. ◆ An entry in the address table may be allowed or denied access depending on the global setting configured for the mac-authentication server local address default command.
Chapter 19 | MAC Address Authentication Commands mac-authentication This command sets the interval at which associated clients will be re-authenticated session-timeout with the RADIUS server authentication database. Use the no form to disable reauthentication. Syntax mac-authentication session-timeout no mac-authentication session-timeout seconds - Re-authentication interval.
20 Filtering Commands The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types.
Chapter 20 | Filtering Commands Command Mode Global Configuration Command Usage This command can disable wireless-to-wireless communications between clients via the access point. However, it does not affect communications between wireless clients and the wired network. Example AP(config)#filter local-bridge all-vap AP(config)# filter restrict- This command prevents wireless clients from accessing the management interface management on the access point. Use the no form to disable this filtering.
Chapter 20 | Filtering Commands Example AP(config)#filter dhcp enable AP(config)# filter acl-source- This command configures ACL filtering based on source MAC addresses in data address frames. Syntax filter acl-source-address {enable | disable | add | delete } enable - Key word that enables ACL filtering on the access point. disable - Key word that disables ACL filtering on the access point. add - Key word that adds a MAC address to the filter table.
Chapter 20 | Filtering Commands delete - Key word that removes a MAC address from the filter table mac-address - Specifies a MAC address in the form xx-xx-xx-xx-xx-xx. Default Disabled Command Mode Global Configuration Example AP(config)#filter acl-destination-address add 00-12-34-56-78-9a AP(config)#filter acl-destination-address enable AP(config)# filter ethernet-type This command checks the Ethernet type on all incoming and outgoing Ethernet enabled packets against the protocol filtering table.
Chapter 20 | Filtering Commands protocol - An Ethernet protocol type.
Chapter 20 | Filtering Commands – 184 –
21 Spanning Tree Commands The commands described in this section are used to set the MAC address table aging time and spanning tree parameters for both the Ethernet and wireless interfaces.
Chapter 21 | Spanning Tree Commands bridge stp service This command enables the Spanning Tree Protocol. Use the no form to disable the Spanning Tree Protocol. Syntax [no] bridge stp service Default Setting Enabled Command Mode Global Configuration Example This example globally enables the Spanning Tree Protocol. AP(config)bridge stp service AP(config) bridge stp br-conf Use this command to configure the spanning tree bridge forward time globally for forwarding-delay the wireless bridge.
Chapter 21 | Spanning Tree Commands bridge stp br-conf Use this command to configure the spanning tree bridge hello time globally for the hello-time wireless bridge. Syntax bridge stp br-conf hello-time
Chapter 21 | Spanning Tree Commands root port, a new root port is selected from among the device ports attached to the network. Example AP(config)#bridge stp max-age 40 AP(config)# bridge stp br-conf Use this command to configure the spanning tree priority globally for the wireless priority bridge. Syntax bridge stp br-conf priority priority - Priority of the bridge.
Chapter 21 | Spanning Tree Commands Command Usage Use this command to enter STP interface configuration mode. In this mode STP settings for specific VAP interfaces can be configured. Example AP(config)# bridge stp port-conf interface wireless 0 Enter Wireless configuration commands, one per line. AP(stp-if-wireless 0)# bridge-link path-cost Use this command to configure the spanning tree path cost for the Ethernet port. Syntax bridge-link path-cost cost - The path cost for the port.
Chapter 21 | Spanning Tree Commands Command Mode Interface Configuration (Ethernet) Command Usage ◆ This command defines the priority for the use of a port in the Spanning Tree Protocol. If the path cost for all ports on a wireless bridge are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. ◆ Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled.
Chapter 21 | Spanning Tree Commands Command Usage ◆ This command is used by the Spanning Tree Protocol to determine the best path between devices. Therefore, lower values should be assigned to interfaces with faster media, and higher values assigned to interfaces with slower media. ◆ Path cost takes precedence over port priority. Example AP(stp-if-wireless 0: VAP[0])# path-cost 512 AP(stp-if-wireless 0: VAP[0])# port-priority (STP This command sets the spanning tree path cost for the VAP interface.
Chapter 21 | Spanning Tree Commands Command Mode Global Configuration Command Usage The AP stores the MAC addresses for all known devices. All the addresses learned by monitoring traffic are stored in a dynamic address table. This information is used to pass traffic directly between inbound and outbound interfaces. When the MAC address table “aging time” has expired, a learned MAC address is discarded from the table.
Chapter 21 | Spanning Tree Commands Example AP# show bridge br-conf all BR0 configuration ======================================== BRIDGE MAC : 00:12:cf:a2:54:30 Priority : 32768 Hello Time : 2 Maximum Age : 20 Forward Delay : 0 ======================================== AP# show bridge port-conf This command displays spanning tree settings for specified interfaces.
Chapter 21 | Spanning Tree Commands ATH3 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH4 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH5 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH6 configuration =====================
Chapter 21 | Spanning Tree Commands Designated Bridge ID : 8000.0012cfa25430 Root Port Path Cost : 0 State : FORWARDING eth0 --- port 0x1 Port ID : 0x8001 Designated Root ID : 8000.0012cfa25430 Designated Bridge ID : 8000.0012cfa25430 Root Port Path Cost : 0 State : DISABLED ===================================================== AP# show bridge forward This command displays STP settings for forwarding MAC addesses on specified address interfaces or VLANs.
Chapter 21 | Spanning Tree Commands show bridge mac- This command displays the MAC address table aging time.
22 WDS Bridge Commands The commands described in this section are used to set the operation mode for each access point interface and configure Wireless Distribution System (WDS) forwarding table settings.
Chapter 22 | WDS Bridge Commands Default Setting None Command Mode Interface Configuration (Wireless) VAP Command Usage In WDS-STA mode, the VAP operates as a client station in WDS mode, which connects to an access point in WDS-AP mode. The user needs to specify the SSID and MAC address of the VAP to which it intends to connect.
23 Ethernet Interface Commands The commands described in this section configure connection parameters for the Ethernet port and wireless interface.
Chapter 23 | Ethernet Interface Commands dns This command specifies the address for the primary or secondary domain name server to be used for name-to-address resolution. Syntax dns {primary-server | secondary-server} primary-server - Primary server used for name resolution. secondary-server - Secondary server used for name resolution. server-address - IP address of domain-name server.
Chapter 23 | Ethernet Interface Commands Command Mode Interface Configuration (Ethernet) Command Usage ◆ DHCP is disabled by default. If DHCP is enabled, you must first disable the DHCP client with the no ip dhcp command before you manually configure a new IP address. ◆ You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets.
Chapter 23 | Ethernet Interface Commands effort to learn its IP address. (DHCP values can include the IP address, subnet mask, and default gateway.) Example AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. AP(if-ethernet)#ip dhcp AP(if-ethernet)# Related Commands ip address ip management This command sets the IP address for management access to the AP. address Syntax ip management address ip-address - The IP address for management access.
Chapter 23 | Ethernet Interface Commands ipv6-address - IPv6 address. netmask - Network mask for the associated IPv6 subnet. This mask identifies the host address bits used for routing to specific subnets. gateway - IPv6 address of the default gateway. Default Setting IP address: 2001:db8::1 Netmask: 64 Gateway: 2001:db8::2 Command Mode Interface Configuration (Ethernet) Command Usage ◆ DHCPv6 is disabled by default.
Chapter 23 | Ethernet Interface Commands Command Usage ◆ You must assign an IPv6 address to this device to gain management access over the network or to connect the access point to existing IPv6 subnets. You can manually configure a specific IPv6 address using the ipv6 address command, or direct the device to obtain an address from a DHCPv6 server using this command. ◆ When you use this command, the access point will begin broadcasting DHCPv6 client requests. The current IPv6 address (i.e.
Chapter 23 | Ethernet Interface Commands show interface This command displays the status for the Ethernet interface. ethernet Syntax show ethernet interface Default Setting Ethernet interface Command Mode Exec Example AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.2.10 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.2.254 Primary DNS : Secondary DNS : Management IP : 192.168.1.10 Management Subnet : 255.255.255.
24 Wireless Interface Commands The commands described in this section configure connection parameters for the wireless interfaces.
Chapter 24 | Wireless Interface Commands Table 20: Wireless Interface Commands (Continued) Command Function Mode Page assoc- timeout-interval Configures the idle time interval (when no frames are sent) after which a client is disassociated from the VAP interface IC-W-VAP 219 auth- timeout-value Configures the time interval after which clients must be re-authenticated IC-W-VAP 220 multicast-enhance Enhances multicast quality for wireless clients IC-W-VAP 220 shutdown Disables the wireless i
Chapter 24 | Wireless Interface Commands Command Mode Global Configuration Example AP(config)# interface wireless 0 Enter Wireless configuration commands, one per line. AP(if-wireless 0)# vap This command provides access to the VAP (Virtual Access Point) interface configuration mode. Syntax vap vap-index - The number that identifies the VAP interface.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)#a-mpdu enable AP(if-wireless 0)# a-msdu This command enables and sets the Aggregate MAC Service Data Unit (A-MSDU). Syntax a-msdu {enable | disable | length } enable - Enable A-MSDU. disable - Disable A-MSDU. length - 1024-65535 bytes.
Chapter 24 | Wireless Interface Commands auto - Automatically selects an unoccupied channel (if available). Otherwise, the lowest channel is selected. Default Setting Automatic channel selection Command Mode Interface Configuration (Wireless) Command Usage ◆ The available channel settings are limited by local regulations, which determine the number of channels that are available. ◆ The available channels depend on the radio interface, either 11b/g/n (2.4 GHZ) or 11a/n (5 GHz).
Chapter 24 | Wireless Interface Commands Default Setting Percentage Mode: Full (100%) dBm Mode: 18 dBm Command Mode Interface Configuration (Wireless) Command Usage ◆ The “min” keyword indicates minimum power. ◆ The longer the transmission distance, the higher the transmission power required. But to support the maximum number of users in an area, you must keep the power as low as possible. Power selection is not just a trade off between coverage area and maximum supported clients.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# min-allowed-rate 1 6 mcs0 mcs8 AP(if-wireless 0)# disable-coexist This command prevents the operation of both 20 MHz and 40 MHz channel bandwidths in the wireless network. Syntax disable-coexist n - No, do not disable channel coexistance. y - Yes, disable channel coexistance.
Chapter 24 | Wireless Interface Commands preamble This command sets the length of the signal preamble that is used at the start of a 802.11b/g data transmission. Syntax preamble [long | short-or-long] long - Sets the preamble to long (192 microseconds). short-or-long - Sets the preamble to short if no 802.11b clients are detected (96 microseconds).
Chapter 24 | Wireless Interface Commands purpose of a guard interval is to introduce immunity to propagation delays, echoes, and reflections to which digital data is normally very sensitive. Enabling the short guard interval sets it to 400ns.
Chapter 24 | Wireless Interface Commands Default Setting 1 Command Mode Interface Configuration (Wireless) Command Usage ◆ The Delivery Traffic Indication Map (DTIM) packet interval value indicates how often the MAC layer forwards broadcast/multicast traffic. This parameter is necessary to wake up stations that are using Power Save mode. ◆ The DTIM is the interval between two synchronous frames with broadcast/ multicast information.
Chapter 24 | Wireless Interface Commands Command Usage ◆ If the threshold is set to 1, the access point always sends RTS signals. If set to 2346, the access point never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled. ◆ The access point sends RTS frames to a receiving station to negotiate the sending of a data frame.
Chapter 24 | Wireless Interface Commands closed-system This command prohibits access to clients without a pre-configured SSID. Use the no form to disable this feature. Syntax [no] closed-system Default Setting Disabled Command Mode Interface Configuration (Wireless-VAP) Command Usage When closed system is enabled, the access point will not include its SSID in beacon messages. Nor will it respond to probe requests from clients that do not include a fixed SSID.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# max-client 64 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0)# max-association This command configures the maximum number of wireless clients that can associate with a VAP interface. Syntax max-association max-clients - The maximum number associated clients for the VAP interface.
Chapter 24 | Wireless Interface Commands Command Usage ◆ When enabled, the AP applies a priority order for associating clients when the maximum clients for the VAP has been reached. The priority order is 11n clients, 11a/g clients, then 11b clients. ◆ When the association pool for the VAP is full and the AP receives an association request from a high-priority (11n) client, the AP sends a disassociation to a lower priority client (11a/g or 11b) in order to be able to associate the highpriority client.
Chapter 24 | Wireless Interface Commands auth-timeout-interval This command configures the time interval within which clients must complete authentication to the VAP interface. Syntax auth-timeout-interval minutes - The number of minutes before re-authentication.
Chapter 24 | Wireless Interface Commands shutdown (VAP) This command disables the VAP interface. Use the no form to restart the interface. Syntax [no] shutdown Default Setting Interface enabled Command Mode Interface Configuration (Wireless-VAP) Command Usage You must first enable VAP interface 0 before you can enable VAP interfaces 1 to 15.
Chapter 24 | Wireless Interface Commands antenna-chain This command selects the use of two antennas or a single antenna for radio transmissions. Syntax antenna-chain right-left - The radio transmits from both internal antennas. left - The radio only transmits from one internal antenna. right - The radio only transmits from one internal antenna.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# long-distance enable For making changes effective, please execute make-RF-setting-effective command ! AP(if-wireless 0)# long-distance This command computes settings that allow wireless clients a long distance from reference-data the AP to maintain communications. Syntax long-distance reference-data distance - An approximate distance in meters.
Chapter 24 | Wireless Interface Commands Command Mode Interface Configuration (Wireless) Example AP(if-wireless 0)# long-distance slottime 25 For making changes effective, please execute make-RF-setting-effective command after entering all three long distance parameters! AP(if-wireless 0)# long-distance This command sets the acknowledge timeout for long-distance communications. acktimeout Syntax long-distance acktimeout timeout - The adjusted acknowledge timeout in microseconds.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# long-distance ctstimeout 56 For making changes effective, please execute make-RF-setting-effective command after entering all three long distance parameters! AP(if-wireless 0)# bandwidth-control This command enables the downlink bandwidth control for a VAP interface. downlink Syntax bandwidth-control downlink enable - Enables the downlink bandwidth control setting. disable - Disables the feature.
Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0: VAP[0])# bandwidth-control downlink rate 512 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# bandwidth-control This command enables the uplink bandwidth control for a VAP interface. uplink Syntax bandwidth-control uplink enable - Enables the uplink bandwidth control setting. disable - Disables the feature.
Chapter 24 | Wireless Interface Commands Command Mode Interface Configuration (Wireless-VAP) Example AP(if-wireless 0: VAP[0])# bandwidth-control uplink rate 512 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# show interface This command displays the status for a specified VAP interface. wireless Syntax show interface wireless vap index - The wireless interface slot number.
Chapter 24 | Wireless Interface Commands WPA Function : OPEN-SYSTEM, WPA FUNCTION DISABLE WPA PSK Key Type : ascii WPA PSK Key : ******** Default Transmit Key : 1 Static WEP Keys Key 1 : ***** Key 2 : ***** Key 3 : ***** Key 4 : ***** Pre-Authentication : DISABLE -------------------------------------802.1x--------------------------------802.1x : DISABLE 802.
Chapter 24 | Wireless Interface Commands Station Table Information ======================================== Wireless Interface 0 VAPs List: if-wireless 0 VAP [0] : ADDR RSSI Tx(Mbps) Rx(Mbps) Authentication fc:25:3f:70:1a:4f 22 0M 6M fc:25:3f:5c:32:49 20 0M 13M if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless if-wireless 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 VAP VAP VAP VAP VAP VAP VAP VAP VAP V
Chapter 24 | Wireless Interface Commands Example AP#show station statistics Station Table Information ======================================== Wireless Interface 0 VAPs List: if-wireless 0 VAP [0] : Total Station Number of this vap: 0 if-wireless 0 VAP [1] : Total Station Number of this vap: 0 if-wireless 0 VAP [2] : Total Station Number of this vap: 0 if-wireless 0 VAP [3] : Total Station Number of this vap: 0 if-wireless 0 VAP [4] : Total Station Number of this vap: 0 if-wireless 0 VAP [5] : Total Statio
Chapter 24 | Wireless Interface Commands Total Station if-wireless 1 Total Station if-wireless 1 Total Station if-wireless 1 Total Station if-wireless 1 Total Station Number of this VAP [12] : Number of this VAP [13] : Number of this VAP [14] : Number of this VAP [15] : Number of this vap: 0 vap: 0 vap: 0 vap: 0 vap: 0 ======================================== Total Station Number of this device: 0 Total Station Number of Radio 0: 0 Total Station Number of Radio 1: 0 =====================================
25 Wireless Security Commands The commands described in this section configure parameters for wireless security on the VAP interfaces. Table 21: Wireless Security Commands Command Function Mode Page auth Defines the 802.
Chapter 25 | Wireless Security Commands wpa2-psk - Clients using WPA2 with a Pre-shared Key are accepted for authentication. wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for authentication. wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Pre-shared Key are accepted for authentication Default Setting open-system Command Mode Interface Configuration (Wireless-VAP) Command Usage ◆ The auth command automatically configures settings for each authentication type, including encryption, 802.
Chapter 25 | Wireless Security Commands ◆ WPA2 defines a transitional mode of operation for networks moving from WPA security to WPA2. WPA2 Mixed Mode allows both WPA and WPA2 clients to associate to a common VAP interface. When the encryption cipher suite is set to TKIP, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for each client. The access point advertises it’s supported encryption ciphers in beacon frames and probe responses.
Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# encryption This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# Related Commands key key This command sets the keys used for WEP encryption. Use the no form to delete a configured key. Syntax key { | static | dynamic} no key index - Key index. (Range: 1-4) size - Key size.
Chapter 25 | Wireless Security Commands ◆ The WEP key index, length and type configured for the VAP must match those configured for clients.
Chapter 25 | Wireless Security Commands cipher-suite This command defines the cipher algorithm used to encrypt the global key for broadcast and multicast traffic when using WPA or WPA2 security. Syntax multicast-cipher aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher. tkip - Use TKIP encryption for the multicast cipher. TKIP or AES-CCMP can be used for the unicast cipher depending on the capability of the client.
Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# cipher-suite tkip This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# wpa-pre-shared-key This command defines a Wi-Fi Protected Access (WPA/WPA2) Pre-shared-key. Syntax wpa-pre-shared-key hex - Specifies hexadecimal digits as the key input format.
Chapter 25 | Wireless Security Commands pmksa-lifetime This command sets the time for aging out cached WPA2 Pairwise Master Key Security Association (PMKSA) information for fast roaming. Syntax pmksa-lifetime minutes - The time for aging out PMKSA information.
Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# make-security-effective It will take several minutes ! Please wait a while... device eth0 left promiscuous mode br0: port 1(eth0) entering disabled state br0: port 3(ath16) entering disabled state br0: port 2(ath0) entering disabled state device ath16 left promiscuous mode br0: port 3(ath16) entering disabled state device ath0 left promiscuous mode br0: port 2(ath0) entering disabled state wlan_vap_delete : enter.
26 Rogue AP Detection Commands A “rogue AP” is either an access point that is not authorized to participate in the wireless network, or an access point that does not have the correct security configuration. Rogue APs can potentially allow unauthorized users access to the network. Alternatively, client stations may mistakenly associate to a rogue AP and be prevented from accessing network resources. Rogue APs may also cause radio interference and degrade the wireless LAN performance.
Chapter 26 | Rogue AP Detection Commands Command Usage ◆ While the access point scans a channel for rogue APs, wireless clients will not be able to connect to the access point. Therefore, avoid frequent scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue AP.
Chapter 26 | Rogue AP Detection Commands Command Mode Interface Configuration (Wireless) Command Usage Enter the MAC address/Basic Service Set Identifier (BSSID) of known APs in the network. These MAC addresses will be filtered out of the list of detected APs during a scan. Building a database of approved APs allows the AP to discover rogue APs. Without a configured database, the AP can detect neighboring APs only, it cannot identify whether the APs are rogues.
Chapter 26 | Rogue AP Detection Commands Command Mode Interface Configuration (Wireless) Command Usage ◆ During a scan, client access may be disrupted and new clients may not be able to associate to the access point. If clients experience severe disruption, reduce the scan duration time. ◆ A long scan duration time will detect more access points in the area, but causes more disruption to client access.
Chapter 26 | Rogue AP Detection Commands rogue-ap instant-scan This command starts an immediate scan for access points on the radio interface. Default Setting Disabled Command Mode Interface Configuration (Wireless) Command Usage While the access point scans a channel for rogue APs, wireless clients will not be able to connect to the access point. Therefore, avoid frequent scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue AP.
Chapter 26 | Rogue AP Detection Commands – 246 –
27 Link Integrity Commands The access point provides a link integrity feature that can be used to ensure that wireless clients are connected to resources on the wired network. The access point does this by periodically sending Ping messages to a host device in the wired Ethernet network. If the access point detects that the connection to the host has failed, it disables the radio interfaces, forcing clients to find and associate with another access point.
Chapter 27 | Link Integrity Commands Response Timeout: 2 seconds Retry Counts: 5 Command Mode Global Configuration Command Usage ◆ When link integrity is enabled, the IP address of a host device in the wired network must be specified. ◆ The access point periodically sends an ICMP echo request (Ping) packet to the link host IP address. When the number of failed responses (either the host does not respond or is unreachable) exceeds the limit set by this command, the link is determined as lost.
Chapter 27 | Link Integrity Commands Example AP(config)# link-integrity link-fail-action 0 enable AP(config)# show link-integrity This command displays the current link integrity configuration. Command Mode Exec Example AP#show link-integrity Link Integrity Information =================================================================== Link integrity: disabled Destination IP: 192.168.2.
28 Link Layer Discovery Commands LLDP allows devices in the local broadcast domain to share information about themselves. LLDP-capable devices periodically transmit information in messages called Type Length Value (TLV) fields to neighbor devices. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
Chapter 28 | Link Layer Discovery Commands lldp-transmit hold- This command configures the time-to-live (TTL) value sent in LLDP advertisements. muliplier Syntax lldp transmit hold-multiplier multiplier - The hold multiplier number.
Chapter 28 | Link Layer Discovery Commands Example AP(config)# lldp transmit interval 30 AP(config)# lldp transmit re-init- This command configures the delay before attempting to re-initialize after LLDP delay ports are disabled or the link goes down. Syntax lldp transmit re-init-delay seconds - Time in seconds.
Chapter 28 | Link Layer Discovery Commands Command Usage ◆ The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission.
29 VLAN Commands The access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network. VLAN IDs can be mapped to specific VAP interfaces, allowing users to remain within the same VLAN as they move around a campus site. Caution: When VLANs are enabled, the access point’s Ethernet port drops all received traffic that does not include a VLAN tag.
Chapter 29 | VLAN Commands ◆ Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point’s management VLAN ID, or with a VLAN tag that matches one of the VAP default VLAN IDs. Example AP(config)# vlan enabled Warning! VLAN's status has been changed now ! It will take several seconds ! Please wait a while... AP(config)# Related Commands management-vlanid management-vlanid This command configures the management VLAN ID for the access point.
Chapter 29 | VLAN Commands native-vlanid This command configures the default VLAN ID for the LAN port interface. Syntax native-vlanid vlan-id - Default VLAN ID. (Range: 1-4094) Default Setting 1 Command Mode Global Configuration Command Usage ◆ To implement the default VLAN ID setting for the LAN port, the AP must first enable VLAN support using the vlan command. ◆ When VLANs are enabled, the AP assigns the default VLAN ID to untagged frames received on the LAN port interface.
Chapter 29 | VLAN Commands ◆ When VLANs are enabled, the access point tags frames received from wireless clients with the default VLAN ID for the VAP interface.
30 WMM Commands The access point implements QoS using the Wi-Fi Multimedia (WMM) standard. Using WMM, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard and it enables the access point to inter-operate with both WMM-enabled clients and other devices that may lack any WMM functionality.
Chapter 30 | WMM Commands wmm-acknowledge- This command allows the acknowledgement wait time to be enabled or disabled policy for each Access Category (AC). Syntax wmm-acknowledge-policy ac_number - Access categories. (Range: 0-3) ack - Require the sender to wait for an acknowledgement from the receiver. noack - Does not require the sender to wait for an acknowledgement from the receiver.
Chapter 30 | WMM Commands AP - Access Point BSS - Wireless client ac_number - Access categories (ACs) – voice, video, best effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802.1D priority tags as shown in Table 2 on page 87. (Range: 0-3) LogCwMin - Minimum log value of the contention window. This is the initial upper limit of the random backoff wait time before wireless medium access can be attempted.
Chapter 30 | WMM Commands Table 28: BSS Parameters WMM Parameters AC0 (Best Effort) AC1 (Background) AC2 (Video) AC3 (Voice) LogCwMin 4 4 3 2 LogCwMax 6 10 4 3 AIFS 3 7 1 1 TXOP Limit 0 0 94 47 Disabled Disabled Disabled Admission Control Disabled Command Mode Interface Configuration (Wireless) Example AP(if-wireless 0)# wmmparam ap 0 5 10 3 64 1 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)#
Chapter 30 | WMM Commands – 262 –
31 QoS Commands The QoS commands configure QoS priority mapping for traffic on VAP interfaces. The AP enables Wi-Fi Multimedia (WMM) 802.1d priorities to be mapped to 802.1p priorities or IP DSCP priorities. Table 29: QoS Commands Command Function Mode Page qos vap-802.1p Enables the setting of VAP traffic to a specific 802.1p priority value IC-W VAP 263 qos vap-802.1p retagged-userpriority Sets the 802.1p priority value for VAP traffic IC-W VAP 264 qos 802.1d-802.
Chapter 31 | QoS Commands Command Usage ◆ To implement this command on a VAP interface the default VLAN ID for the VAP must be set to any other value than 1. ◆ The VAP-to-802.1p priority QoS feature cannot be enabled together with the 802.1d-to-802.1p or 802.1d-to-DSCP features. Example AP(if-wireless 0: VAP[0])# qos vap-802.1p enable This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# qos vap-802.
Chapter 31 | QoS Commands qos 802.1d-802.1p This command enables the mapping of WMM 802.1d priority values to 802.1p values on a VAP interface. Syntax qos 802.1d-802.1p enable - Enables the mapping of WMM 802.1d to 802.1p priority values. disable - Disables the feature. Default Disabled Command Mode Interface Configuration (Wireless-VAP) Command Usage ◆ This QoS feature requires a QoS mapping template to be configured using the qos qos-template qos-template-priority command.
Chapter 31 | QoS Commands Command Usage ◆ The AP supports eight QoS priority mapping templates, each identified by an ID number (1 to 8). The templates also have user-defined name that can be configured using the qos qos-template qos-template-name command. ◆ The QoS priority mapping templates can be configured using the qos qostemplate qos-template-priority command. Example AP(if-wireless 0: VAP[0])# qos 802.1d-802.
Chapter 31 | QoS Commands AP(if-wireless 0: VAP[0])# qos 802.1d-dscp This command sets the mapping template to use for the WMM 802.1d to DSCP mapping-template priority mapping on a VAP interface. Syntax qos 802.1d-dscp mapping-template template-id - The identifying number of a QoS mapping template. (Range: 1-8) Default 1 Command Mode Interface Configuration (Wireless-VAP) Command Usage ◆ The AP supports eight QoS priority mapping templates, each identified by an ID number (1 to 8).
Chapter 31 | QoS Commands qos qos-template qos- This command sets the name of a QoS priority mapping template. template-name Syntax qos qos-template qos-template-name template-id - The identifying number of a QoS mapping template. (Range: 1-8) template-name - The user-defined name of a QoS mapping template.
Chapter 31 | QoS Commands Example AP(if-wireless 0: VAP[0])# qos qos-template qos-template-priority 1 10234765 AP(if-wireless 0: VAP[0])# qos qos-template qos- This command displays the user-defined QoS priority mapping templates and their template-show priority mapping configuration.
Chapter 31 | QoS Commands – 270 –
Section IV Appendices This section provides additional information and includes these items: ◆ “Troubleshooting” on page 272 – 271 –
A Troubleshooting Problems Accessing the Management Interface Table 30: Troubleshooting Chart Symptom Action Cannot connect using Telnet, web browser, or SNMP software ◆ ◆ ◆ ◆ ◆ ◆ ◆ Cannot access the CLI through a serial port connection ◆ ◆ Forgot or lost the password ◆ Be sure the AP is powered up. Check network cabling between the management station and the AP. Check that you have a valid network connection to the AP and that intermediate switch ports have not been disabled.
Appendix A | Troubleshooting Using System Logs 5. Designate the SNMP host that is to receive the error messages. 6. Repeat the sequence of commands or other actions that lead up to the error. 7. Make a list of the commands or circumstances that led to the fault. Also make a list of any error messages displayed. 8. Set up your terminal emulation software so that it can capture all console output to a file. Then enter the “show config” command to record all system settings in this file. 9.
Index of CLI Commands 802.1x enable 173 802.
Index of CLI Commands preamble 213 prompt 121 qos 802.1d-802.1p 265 qos 802.1d-802.1p mapping-template 265 qos 802.1d-dscp 266 qos 802.1d-dscp mapping-template 267 qos qos-template qos-template-name 268 qos qos-template qos-template-priority 268 qos qos-template qos-template-show 269 qos vap-802.1p 263 qos vap-802.
Index A F authentication cipher suite 234 closed system 217 MAC address 176 type 217 filter address 176 between wireless clients 179 local bridge 179 local or remote 175 management access 180 protocol types 182 VLANs 254 firmware displaying version 132 upgrading 165 B beacon interval 214 rate 214 BOOTP 200, 201, 202, 203 C channel 209 channel coexistance, disable 212 closed system 217 community name, configuring 152 community string 152 configuration settings, saving or restoring 165 console port, req
Index O T open system 217 time zone 147 transmit power, configuring 210 trap destination 154 trap manager 154 P password configuring 123 management 123 port priority STA 189 upgrading software 165 user password 123 R V radio channel 802.11a interface 209 802.
Headquarters No. 1, Creation Rd. III Hsinchu Science Park Taiwan 30077 Tel: +886 3 5638888 Fax: +886 3 6686111 (for Asia-Pacific): Technical Support information at www.smc-asia.com www.smcnetworks.co.kr SMC2890W-AN, SMC2891W-AN www.smc.