Wireless LAN Array Statistics (for all radios) This page provides a detailed statistical summary of the performance of all radios, displayed either numerically or by percentage (your choice). The following image shows an example from the XS-3700 product. The default Statistics Type is NUMERIC, but you can change this to PERCENTAGE from the pull-down menu at the top of the page. In addition, you can Refresh or Clear the data on this page at any time by clicking on the appropriate button. Figure 74.
Wireless LAN Array SSID This is a status only page that allows you to review SSID (Service Set IDentifier) assignments. It includes the SSID name, whether or not an SSID is visible on the network, any security and QoS parameters defined for each SSID, associated VLAN IDs, and radio availability per SSID. There are no configuration options available on this page, but if you are experiencing problems or reviewing SSID management parameters, you may want to print this page for your records.
Wireless LAN Array Understanding SSIDs The SSID (Service Set Identifier) is a unique identifier that wireless networking devices use to establish and maintain wireless connectivity. Multiple access points on a network or sub-network can use the same SSIDs. SSIDs are case-sensitive and can contain up to 32 alphanumeric characters (do not include spaces when defining SSIDs). Multiple SSIDs A BSSID (Basic SSID) refers to an individual access point radio and its associated clients.
Wireless LAN Array As an example, one SSID named accounting might require the highest level of security, while another SSID named guests might have low security requirements. Another example may define an SSID named voice that supports voice over Wireless LAN phones with the highest possible Quality of Service (QoS) definition. This type of SSID might also forward traffic to specific VLANs on the wired network.
Wireless LAN Array Procedure for Managing SSIDs 1. New SSID: Enter a new SSID definition. 2. Security: From the pull-down list, choose the security that will be required by users for this SSID, either Open, WEP or WPA. The Open option provides no security and is not recommended. For an overview of the security options, go to “Security Planning” on page 35. 3. Qos Priority: From the pull-down list, select a Quality of Service (QoS) setting.
Wireless LAN Array 9. Security: From the pull-down list, choose the security that will be required by users for the selected SSID— either Open, WEP or WPA. The Open option provides no security and is not recommended. For an overview of the security options, go to “Security Planning” on page 35. 10. QoS Priority: From the pull-down list, select a Quality of Service (QoS) setting. The QoS setting you define here will prioritize wireless traffic for the selected SSID over other SSID wireless traffic.
Wireless LAN Array Security This is a status only page that allows you to review the Array’s security parameters. It includes the assigned network administration accounts, Access Control List (ACL) values, WEP and WPA status, and RADIUS configuration settings. There are no configuration options available on this page, but if you are experiencing issues with security, you may want to print this page for your records.
Wireless LAN Array Security Management This page allows you to establish the security parameters for your wireless network, including WEP, WPA and RADIUS authentication. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. For additional information about wireless network security, refer to “Security Planning” on page 35. Figure 78.
Wireless LAN Array Understanding Security The Xirrus Wireless LAN Array incorporates many security features that administrators can configure. After initially installing an Array, always change the default administrator password (the default is admin), and choose a strong replacement password (a strong password contains letters, numbers and special characters). When appropriate, issue read only administrator accounts.
Wireless LAN Array z WPA (Wi-Fi Protected Access)—this is a much stronger encryption mode than WEP and uses TKIP (Temporal Key Integrity Protocol) or AES (Advanced Encryption Standard) to encrypt data. WPA solves security issues with WEP. It also allows you to establish encryption keys on a per-user-basis, with key rotation for added security. In addition, TKIP provides Message Integrity Check (MIC) functionality and prevents active attacks on the wireless network.
Wireless LAN Array z RADIUS 802.1x with EAP—802.1x uses a RADIUS server to authenticate large numbers of clients, and can handle different EAP (Extensible Authentication Protocol) authentication methods, including EAP-TLS, EAP-TTLS and EAP-PEAP. The RADIUS server can be internal (provided by the XS-3900) or external. An external RADIUS server offers more functionality and security, and is recommended for large deployments.
Wireless LAN Array 6. PSK Authentication: Choose Yes to enable PSK (Pre-Shared Key) authentication, or choose No to disable PSK. 7. WPA Preshared Key / Verify Key: If you enabled PSK, enter a passphrase here, then re-enter the passphrase to verify that you typed it correctly. 8. EAP Authentication: Choose Yes to enable EAP Authentication Protocol) or choose No to disable EAP. # 9. (Extensible A RADIUS server must be defined to use EAP.
Wireless LAN Array 13. Click on the Save button to save your changes. # After configuring network security, the configuration must be applied to an SSID for the new functionality to take effect. Radius Server This page allows you to set up the Array’s internal RADIUS server, or define the use of an external RADIUS server for user authentication. # The internal RADIUS server will only authenticate wireless clients that want to associate to the Array.
Wireless LAN Array Procedure for Configuring Radius Servers 1. Radius Server Mode: Choose Internal if you want to use the XS-3900’s internal RADIUS server, or choose External to use an external RADIUS server. 2. Primary IP Address: If you are using an external RADIUS server, enter the primary server’s IP address. 3. Primary Port Number: If you are using an external RADIUS server, enter the primary port number. 4.
Wireless LAN Array Radius User This page allows you to manage local RADIUS user accounts (create, modify and delete). When finished, click on the Save button to save your changes. Figure 80.
Wireless LAN Array Procedure for Configuring Radius Users 1. New User Name: Enter a new RADIUS user name. 2. User Password: Enter a password for this user. 3. Verify Password: Re-enter the user password to verify that you typed it correctly. 4. SSID (Network Name): Choose an SSID from the pull-down list (this will be the only SSID a user can associate to). 5. Click on the Create User button to add this user to the list. Editing Radius Users 6.
Wireless LAN Array MAC Access List This page allows you to create new MAC access lists, delete existing lists, and add/remove MAC addresses. When finished, click on the Save button to save your changes. Figure 81.
Wireless LAN Array Procedure for Configuring MAC Access Lists 1. MAC Access List Type: Select the MAC Access List type—either Disabled, Allow List or Deny List, then click on the Modify button to apply your changes. z Allow List: Only allows these MAC addresses to associate to the Array. z Deny List: Allows all MAC addresses except the addresses defined in this list. # In addition to these lists, other authentication methods (for example, RADIUS) are still enforced for users. 2.
Wireless LAN Array Admin Management This page allows you to manage network administrator accounts (create, modify and delete). It also allows you to limit account access to a read only status. When finished, click on the Save button to save your changes. Figure 82.
Wireless LAN Array Procedure for Creating Network Administrator Accounts 1. New Admin ID: Enter a meaningful description for this new network administrator ID. 2. Privilege Level: Choose Read to restrict this administrator ID to read only status, or choose Read/Write if you want to give this administrator ID full read/write privileges. In the read only mode, administrators cannot save changes to configurations. 3. Admin Password: Enter a password for this ID. 4.
Wireless LAN Array Management Control This page allows the Array management interfaces to be enabled and disabled and their inactivity time-outs set. The supported range is 300 (default) to 100,000 seconds. Figure 83.
Wireless LAN Array Rogue AP List This page displays rogue APs, according to the list you select (either Unknown, Known or Approved). In addition, you can sort the results based on the following parameters: z SSID z BSSID z Channel z RSSI z Security z IP Address z Discovered z Last Active You can refresh the list at any time by clicking on the Refresh button. Figure 84.
Wireless LAN Array Rogue Control List This page allows you to set up a control list for rogue APs, based on a type that you define. When finished, click on the Save button to save your changes. Figure 85.
Wireless LAN Array Procedure for Establishing Rogue AP Control 1. New Rogue SSID: Enter the SSID for the new rogue AP. 2. Rogue Control Type: Define the type, either Known or Approved. 3. Click on the Create button to add this rogue AP to the Rogue Control List. 4. Rogue Control List: If you want to edit the control type for a rogue AP, select the rogue from the list. a.
Wireless LAN Array Stations This page displays stations (clients) that are currently associated with the Array. You can sort the results based on the following parameters: z MAC Address z Manufacturer z IP Address z Netbios Name z IAP z SSID z VLAN z RSSI z Time Figure 86.
Wireless LAN Array RSSI An alternative display is given on the RSSI page, which shows each associated station and their RSSI value (signal strength) as seen by the WLAN Array. Figure 87.
Wireless LAN Array Services This is a status only page that allows you to review the current status of syslog and SNMP services. There are no configuration options available on this page, but if you are experiencing issues with network services, you may want to print this page for your records. Figure 88.
Wireless LAN Array Time Settings This page allows you to manage the Array’s time settings, including synchronizing the Array’s clock with a universal clock from an NTP (Network Time Protocol) server. Synchronizing the Array’s clock with an NTP server ensures that syslog time-stamping is maintained across all units. Figure 89.
Wireless LAN Array Procedure for Managing the Time Settings Manual Time 1. Adjust Time: Check this box to allow manual adjustment of the time in hours, minutes and seconds (hrs:min:sec). 2. Adjust Date: Check this box to allow manual adjustment of the date (day/month/year). 3. Auto Adjust Daylight Savings: Check this box if you want the system to automatically adjust the time for daylight savings. 4.
Wireless LAN Array System Log This page allows you to enable or disable the Syslog server, define the server’s IP address, and set the level for Syslog reporting—the Syslog service will send Syslog messages to the defined Syslog server. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. Figure 90.
Wireless LAN Array Procedure for Configuring Syslog 1. Enable Syslog Server: Choose Yes to enable Syslog functionality, or choose No to disable this feature. 2. Server IP Address: If you enabled Syslog, enter the IP address of the Syslog server. 3. Syslog Server Level: Choose the level of Syslog reporting from the pull-down list. Levels include: z Emergency z Alerts z Critical z Error z Warning z Notification z Information z Debug The default level is Information. 136 4.
Wireless LAN Array SNMP This page allows you to enable or disable SNMP and define the SNMP parameters. SNMP allows remote management of the Array by the Xirrus Management System (XM-3300), or other SNMP-based management system. When finished, click on the Apply button to apply the new settings to this session, then click on the Save button to save your changes. Figure 91.
Wireless LAN Array Procedure for Configuring SNMP 1. Enable SNMP: Choose Yes to enable SNMP functionality, or choose No to disable this feature. # 138 SNMP must be enabled on each array when used with the XM3300 Management Platform. 2. SNMP Link IP Address: Enter the IP address of the SNMP link. 3. Trap Port: Enter the trap port. 4. Community String: Enter the community string. 5. Send Auth Failure Traps: Choose Yes to log authentication failure traps or No to disable. 6.
Wireless LAN Array Array Info This is a status only page that allows you to review the current status of the Array. There are no configuration options available on this page, but if you are experiencing issues with network services, you may want to print this page for your records. Figure 92.
Wireless LAN Array Tools This page allows you to reset the system’s configuration parameters to their factory default values, reboot the system, and ping other IP addresses for diagnostic purposes. Figure 93.
Wireless LAN Array Procedure for Configuring System Tools 1. System Configuration Reset: Click on the Reset button to reset the system’s current configuration settings to the factory default values—all previous configuration settings will be lost. 2. System Reboot: Click on the Reboot button to reboot the system—you must reboot the Array. 3.
Wireless LAN Array Show Config This page allows you to display the configuration settings for the Array, based on the following sort options: z Running—Displays the current configuration (the one running now). z Saved—Displays the saved configuration from this session. z Startup—Displays the configuration at start up. z Factory—Displays the configuration established at the factory. Figure 94.
Wireless LAN Array Event Log This is a status only page that allows you to review the event log, where system alerts and messages are displayed. Although there are no configuration options available on this page, you do have the choice of deciding how the event messages are sorted (Time Stamp, Priority, or Message). The displayed messages may also be filtered by using the Filter Priority setting, which allows control of the minimum displayed priority.
Wireless LAN Array Click on the Refresh button to refresh the messages, or click on the Clear button to delete all messages. If you are experiencing problems with your network you may want to print this page for your records.
Wireless LAN Array The Command Line Interface This chapter covers configuration and management tasks using the product’s Command Line Interface (CLI), and includes a procedure for establishing a Telnet connection to the Xirrus Array.
Wireless LAN Array Basic Commands Help To get help at any point type help or ? to view the interactive help system. Tab Key The Tab key allows auto-completion of commands such that only a few unique characters need to be entered followed by the Tab key, which will automatically fill in the rest of the command. ? Key The ? key displays the list of available commands at any point of typing in the command line.
Wireless LAN Array Command Modes Configure Mode Allows major functional changes to interfaces and Array configuration. Requires read/write administrator privileges From the default prompt, type configure then press Xirrus-Array# configure Xirrus-Array(config)# The prompt changes to show the current mode in parentheses. # When inputting commands you need only type as many characters as the system requires before it recognizes your input.
Wireless LAN Array Date & Time Mode Allows you to configure the date and time settings used by the Array. Requires read/write administrator privileges From the configure mode, type date then press Xirrus-Array(config)# date Xirrus-Array(config-date-time)# DHCP Mode Allows you to enable, disable and configure the DHCP server.
Wireless LAN Array Run Test Mode Allows you to execute diagnostic run tests (for example, pings and trace routes). Requires read/write administrator privileges From the configure mode, type run-tests then press Xirrus-Array(config)# run-tests Xirrus-Array(run-test)# Security Mode Allows you to set security parameters for the Array.
Wireless LAN Array Syslog Mode Allows you to enable, disable and configure the Syslog server. Requires read/write administrator privileges From the configure mode, type syslog then press Xirrus-Array(config)# syslog Xirrus-Array(config-syslog)# Selecting Interfaces From the configure mode select the desired interface.
Wireless LAN Array Commands This section contains detailed information for each CLI command, organized alphabetically. The following table provides a listing of the commands. Click on any command in this list to “jump” to that command.
Wireless LAN Array administrator DESCRIPTION Adds and edits administrator accounts and privileges—available from the config command mode. SYNTAX administrator [add password [enc] {read_only | read_write} | del ] PARAMETERS add read_only read_write password enc Add user ID Read only permissions Read/write permissions Define user password Enter password in encrypted form (must be in quotes) DEFAULTS None.
Wireless LAN Array EXAMPLE To add a new administrator account: config-administrator (config-admin)# add johnk password xtyrk567 read_write Figure 97. CLI: Adding a New Administrator Account SEE ALSO None.
Wireless LAN Array acl DESCRIPTION Configures the MAC based Access Control Lists to allow or limit the association of stations to the Array.
Wireless LAN Array console DESCRIPTION Configures the Console Interface (serial port)—available from the configinterface command mode.
Wireless LAN Array USAGE GUIDELINES None. EXAMPLE To set the baud rate of the console serial port to 9600 baud: config-interface console (config-console)# baud 9600 Figure 99. CLI: Setting the IP Address for the Serial Port SEE ALSO None.
Wireless LAN Array contact-info DESCRIPTION Sets the contact information for this Array—available from the config command mode. SYNTAX contact-info {name [] | email [] | phone []}@ PARAMETERS contact-info name email phone Contact information for assistance on this Array Contact name (must be within quotes) Contact email address (must be within quotes) Contact telephone number (must be within quotes) DEFAULTS None. USAGE GUIDELINES None.
Wireless LAN Array SEE ALSO None. copy DESCRIPTION Creates a copy of the specified file on the Flash file system. SYNTAX copy PARAMETERS sourcefile destinationfile The existing source file name The new destination file name DEFAULTS None. USAGE GUIDELINES None. EXAMPLE To create a backup of the current system image file, type: Xirrus_WLAN_Array(config)# copy XS-39-1.1.0 XS-39-1.1.
Wireless LAN Array date-time DESCRIPTION Set the date/time for the Array—available from the config command mode, using the format hh:mm mm/dd/yyyy. SYNTAX date-time PARAMETERS dst_adjust no ntp set timezone Adjust daylight savings Disable daylight savings Configure the NTP server Set the date and time for the Array Configure the time zone DEFAULTS None. USAGE GUIDELINES You access the date-time command mode from the config mode.
Wireless LAN Array EXAMPLE To disable daylight savings, type: (config-date-time)# no dst Figure 101. CLI: Disabling Daylight Savings SEE ALSO None. dhcp-server DESCRIPTION Configures the local DHCP server settings—available from the Config-> dhcp-server command mode.
Wireless LAN Array PARAMETERS on off start-ip-range end-ip-range default-lease max-lease show Enable the DHCP server Disable the DHCP server Starting IP address for the lease pool Ending IP address for the lease pool Default lease period (in minutes), if one is not requested Maximum lease period allowed Display the current DHCP server settings DEFAULTS Default lease time 300 Maximum lease time 300 USAGE GUIDELINES None.
Wireless LAN Array dir DESCRIPTION Lists the contents of the local Flash file system directory. SYNTAX dir PARAMETERS None. DEFAULTS None. USAGE GUIDELINES None. EXAMPLE To list the local Flash file system directory contents, type: Xirrus_WLAN_Array(config)# dir The following will appear: . .. lastboot xs37-1.0.37.
Wireless LAN Array dns DESCRIPTION Used to configure the DNS settings—available from the Config-> dns command mode. SYNTAX dns { domain [] | server1 [] | server2 [] | server3 []} PARAMETERS domain server1 server2 server3 Enter your domain name (Example: www.mydomain.com) Enter the first DNS server IP address Enter the second DNS server IP address Enter the third DNS server IP address DEFAULTS None.
Wireless LAN Array erase DESCRIPTION Erases the specified file from the Flash file system. SYNTAX Erase PARAMETERS filename existing file to delete. DEFAULTS None. USAGE GUIDELINES None.
Wireless LAN Array eth0 DESCRIPTION Configures the 10/100 Ethernet Interface Settings—available from the config-interface command mode.
Wireless LAN Array EXAMPLE To set the IP address of the 10/100 Ethernet interfaces: config-interface eth0 (config-eth0)# ip addr 192.168.39.186 mask 255.255.255.0 Figure 102.
Wireless LAN Array ftp DESCRIPTION Opens an ftp connection to a remote system. SYNTAX ftp PARAMETERS IP address of remote ftp host (in A.B.C.D format) DEFAULTS None. USAGE GUIDELINES Once an ftp connection is established, the following commands are available from the ftp prompt: binary delete ls recv bye dir mkdir rename cd disconnect open rmdir cdup get put send chmod hash pwd size close help quit ? EXAMPLE None. SEE ALSO None.
Wireless LAN Array gig1 DESCRIPTION Configures the Gigabit 1 Ethernet Interface Settings—available from the config-interface command mode.
Wireless LAN Array DEFAULTS None. USAGE GUIDELINES Setting the Gigabit1 interface parameters will automatically set the Gigabit2 parameters to the same values. EXAMPLE To set the IP address of the gigabit Ethernet interfaces: config-interface gig1 (config-gig1/2)# ip addr 192.168.39.186 mask 255.255.255.0 Figure 103.
Wireless LAN Array gig2 DESCRIPTION Configures the Gigabit 2 Ethernet Interface Settings—available from the config-interface command mode.
Wireless LAN Array USAGE GUIDELINES Setting Gigabit2 Interface parameters will automatically set the Gigabit1 parameters to the same values for failover purposes. EXAMPLE To set the IP address of the gigabit Ethernet interfaces: config-interface gig2 ((config-gig1/2)# ip addr 192.168.39.186 mask 255.255.255.0 Figure 104.
Wireless LAN Array hostname DESCRIPTION Sets the host name for this Array—available from the config command mode. SYNTAX hostname “hostname string” PARAMETERS None. DEFAULTS None. USAGE GUIDELINES None. EXAMPLE To set the hostname for the Xirrus Array: (config)# hostname Xirrus_Array_3900 Figure 105.
Wireless LAN Array SEE ALSO None. iap DESCRIPTION Changes the configuration of a specific Integrated Access Point (IAP) radio interface—available from the config-interface command mode. Groups of interfaces can be accessed via the following interface commands. z iap number: Configuration for a specific IAP. The prompt will change to: IAP number (config-iap-a12)#. z global_a_settings: Common configuration for all 802.11a IAPs. The prompt will change to: (config-iap-global-a)#.
Wireless LAN Array monitor external Internal omni-directional monitor antenna (available on abg2 IAP only) Select the external antenna (Available on IAP abg1, abg3, and abg4 only) DEFAULTS None. USAGE GUIDELINES None. EXAMPLE To set the cell size to large for the integrated access point a12: (config-iap)# a12 (config-iap-a12)# cellsize large Figure 106.
Wireless LAN Array iap global_settings DESCRIPTION Makes global configuration changes to all Integrated Access Point (IAP) radio interfaces—available from the config-interface command mode. This command allows configuration changes to all IAP interfaces. Other global settings can be made for specific groups of IAPs by using one of the below parameters in the interface IAP command mode: z iap number: Configuration for a specific IAP.
Wireless LAN Array led_activity beacon tx_data rx_data tx_mgmt rx_mgmt broadcast probe_req assoc beacon-rate beacon-dtim all_down all_up short-retries long-retries inactive-time reauth-period rogue_detect on off add del approved known list cellsize small medium large rx-threshold tx-power 176 Set IAP led behavior based on certain conditions Blink an IAP led when a beacon is transmitted Blink an IAP led when a data frame is transmitted Blink an IAP led when a data frame is received Blink an IAP led when a
Wireless LAN Array auto_channel power_up schedule on off Automatically assign channels to all IAPs Automatically run automatic channel assignment at power up Run automatic channel assignment at scheduled time(s) Enable autochannel at power up Disable autochannel at power up DEFAULTS None. USAGE GUIDELINES None. EXAMPLE To enable all the radio interfaces: (config-iap)# global_settings (config-iap-global)# all_up Figure 107.
Wireless LAN Array iap global_a_settings DESCRIPTION Makes global configuration changes to all 802.11a Integrated Access Point (IAP) radio interfaces—available from the Config->Interface command mode. This command allows configuration changes to all 802.11a IAP interfaces. Other global settings can be made for specific groups of IAPs by using one of the following parameters in the interface IAP command mode: z iap number: Configuration for a specific IAP.
Wireless LAN Array optimize_range optimize_throughput all_down all_up cellsize small medium large rx-threshold tx-power parameter (-100,0) thresrx parameter (0,20) powertx Set 802.11a rates for the best range Set 802.11a rates for the best throughput Shut down (disable) all 802.11a IAPs Bring up (enable) all 802.
Wireless LAN Array SEE ALSO iap global_bg_settings iap global_settings show iap all iap global_bg_settings DESCRIPTION Makes global configuration changes to all 802.11bg Integrated Access Point (IAP) radio interfaces—available via the Config-> Interface command mode. This command allows configuration changes to all 802.11bg IAP interfaces.
Wireless LAN Array PARAMETERS frag-threshold rts-threshold auto_channel rates basic supported defaults optimize_range optimize_throughput all_down all_up preamble short_preamble long_preamble slot_time short_slot long_slot dot11g_protect dot11g_only on off cellsize small medium large rx-threshold tx-power 802.11b/g fragmentation threshold packet size above which a packet will be fragmented 802.11b/g RTS threshold packet size above which an RTS is issued before sending Automatically assign channels to 802.
Wireless LAN Array SEE ALSO None. location DESCRIPTION Defines the location description for this Xirrus Array—available from the config command mode. SYNTAX location PARAMETERS locname Input location name for this Array DEFAULTS None. USAGE GUIDELINES Quotes must be used around the location text if spaces are used between words. Typing location with no parameters will clear any set value.
Wireless LAN Array more DESCRIPTION Lists the contents of a file, one screen at a time. SYNTAX More PARAMETERS The file name for which to display the contents DEFAULTS None. USAGE GUIDELINES None. EXAMPLE None. SEE ALSO None.
Wireless LAN Array PARAMETERS external secondary ip port secret enc on off timeout internal on off add del password enc ssid show Configure the primary external RADIUS server parameters Prompt will change to (config-radius-external)# Configure the secondary external RADIUS server parameters Prompt will change to (config-radius-secondary)# IP address of the RADIUS server Authentication port of the RADIUS server Shared secret for the RADIUS server Enter encrypted shared secret for the RADIUS server Enable
Wireless LAN Array reboot DESCRIPTION Reboots the Xirrus Array. SYNTAX reboot PARAMETERS None. DEFAULTS None. USAGE GUIDELINES When rebooting the Array, you must respond to the following prompts: z The system will prompt you to save any unsaved configuration changes. z The system will prompt you to confirm the reboot action. EXAMPLE To reboot the Xirrus Array type the following.
Wireless LAN Array reset DESCRIPTION Resets all settings to the factory defaults, then reboots the Xirrus Array. SYNTAX reset PARAMETERS None. DEFAULTS None. USAGE GUIDELINES When you enter the reset command, the system will prompt you to confirm the reset action. EXAMPLE To reset the Xirrus Array back to factory defaults, type: Xirrus_WLAN_Array(config)# reset Are you sure you want to reset to factory settings and reboot? [yes/no]:y SEE ALSO reboot run-script DESCRIPTION Run a CLI command script.
Wireless LAN Array DEFAULTS None. USAGE GUIDELINES None. EXAMPLE None. SEE ALSO None. run-tests DESCRIPTION Runs network diagnostic tests from the run-test command mode—available from the config-run-tests command mode. SYNTAX traceroute | ping PARAMETERS traceroute ping Run a trace on IP route or DNS name Execute ping utility DEFAULTS None. USAGE GUIDELINES You access the run-tests command mode from the config mode.
Wireless LAN Array EXAMPLE To test connectivity to a client device at IP address 192.168.0.2 type: (config)# run-tests (config-run-test)# ping 192.168.0.2 Figure 109. CLI: Testing Client Connectivity To view the network routing to another device use traceroute: (config)# run-tests (config-run-test)# traceroute 192.168.0.2 Figure 110. CLI: Viewing the Routing to a Client SEE ALSO None.
Wireless LAN Array save DESCRIPTION Permanently saves the current configuration so that changes will be available at the next system boot. SYNTAX save PARAMETERS None. DEFAULTS None. USAGE GUIDELINES None. EXAMPLE To permanently save the current configuration, type: Xirrus_WLAN_Array(config)# save SEE ALSO None. security DESCRIPTION Set wireless and other security parameters for the Xirrus Array. Available via the config-security command mode.
Wireless LAN Array SYNTAX wep { on | off | default_key | key { size [not_set | { ascii | hex | enc } ] } } PARAMETERS on off key size ascii hex enc default_key Enable WEP encryption Disable WEP encryption Set static WEP key number 1-4 Key size (40 or 128 bits, default = 128) ASCII characters Hex digits Encrypted form Default key ID 1-4 SYNTAX wpa { on | off | rekey { never | } | { no ] tkip [ on | off } | [ no ] aes [ on | off ] | [ no ] eap [ on | off ] | [ no ] psk
Wireless LAN Array enc Enter an encrypted form of the passphrase in double quotes DEFAULTS None. USAGE GUIDELINES None. EXAMPLE To disable WEP encryption, type: (config)# security (config-security) wep (config-security-wep) off Figure 111. CLI: Disabling WEP Encryption SEE ALSO None.
Wireless LAN Array show DESCRIPTION Displays settings and information, and is useful when verifying the current configuration of the Array.
Wireless LAN Array stations statistics Display station (client) information Display interface statistics DEFAULTS None. USAGE GUIDELINES None. EXAMPLE To display the current security settings, type: (config)# security (config-security) show Figure 112. CLI: Displaying the Current Security Settings SEE ALSO None.
Wireless LAN Array snmp DESCRIPTION Configures SNMP (Simple Network Management Protocol). This command is available from the config->snmp command mode.
Wireless LAN Array ssh DESCRIPTION Enables or disables ssh (secure shell) access to the Command Line Interface. SYNTAX ssh {on | off} PARAMETERS on off Enable ssh access Disable ssh access DEFAULTS None. USAGE GUIDELINES None. EXAMPLE None. SEE ALSO telnet.
Wireless LAN Array syslog DESCRIPTION Configures the syslog server settings. This command is available from the config->syslog command mode. SYNTAX syslog {on | off | {ipsyslog | [no] console [on | off] | level | buffered | show}} PARAMETERS on off ipsyslog level buffered console no on off show Enable Syslog server Disable Syslog server Syslog IP address (in A.B.C.
Wireless LAN Array telnet DESCRIPTION Enables or disables telnet access to the Command Line Interface. SYNTAX telnet {on | off} PARAMETERS on off Enable telnet access Disable telnet access DEFAULTS None. USAGE GUIDELINES None. EXAMPLE None. SEE ALSO None.
Wireless LAN Array Page is intentionally blank 198 The Command Line Interface
Wireless LAN Array Appendices 199
Wireless LAN Array Page is intentionally blank 200
Wireless LAN Array Appendix A: Servicing the Xirrus Array This chapter contains procedures for servicing the Xirrus Array, including the removal and reinstallation of major hardware components.
Wireless LAN Array Removing the Access Panel Use this procedure when you want to remove the system’s access panel. You must remove this panel whenever you need to service the internal components of the Array. 1. Turn OFF the Array’s main power switch. 2. Disconnect the AC power cord from the Array. 3. Place the Array face-down on a flat surface. Avoid moving the unit to reduce the risk of damage (scratching) to the finished enclosure. 4.
Wireless LAN Array 5. Lift up the access panel to reveal the main system board. Lift up the access panel Figure 115. Removing the Access Panel 6. Disconnect the connectors to the power supply and the fan. Fan connector Power supply connector Figure 116. Disconnecting the Power Supply and Fan 7. The access panel can now be safely removed.
Wireless LAN Array Reinstalling the Access Panel Use this procedure when you need to reinstall the access panel after servicing the XS-3900’s internal components. 1. Reconnect the fan and power supply. Fan connector Power supply connector Figure 117. Reconnecting the Fan and Power Supply 2. Reinstall the access panel and secure the panel with the three screws. Screw ! Do not overtighten Screw ! Do not overtighten Screw ! Do not overtighten Figure 118. Reinstalling the Access Panel 3.
Wireless LAN Array Replacing the FLASH Memory Module Use this procedure when you want to replace the system’s FLASH memory module. 1. Remove the system’s access panel. Refer to “Removing the Access Panel” on page 202. 2. Remove the FLASH memory module, taking care not to “wiggle” the module and risk damaging the connection points. FLASH memory module Figure 119. Removing the FLASH Memory Module 3. The removal procedure is complete.
Wireless LAN Array 4. Reinstall the access panel (refer to “Reinstalling the Access Panel” on page 204). Replacing the Main System Memory Use this procedure when you want to replace the main system memory. 1. Remove the access panel (refer to “Removing the Access Panel” on page 202). 2. Remove the DIMM memory module, taking care not to “wiggle” the module and risk damaging the connection points. DIMM memory module Push down on the two locking tabs to release the DIMM memory module Figure 120.
Wireless LAN Array Replacing the Integrated Access Point Radio Module Use this procedure when you want to replace the integrated access point radio module. 1. Remove the access panel (refer to “Removing the Access Panel” on page 202). 2. Remove the nylon locking screws (8 places) that secure the chassis cover to the main body of the XS-3900. Nylon screws (8 places) Figure 121. Removing the Chassis Cover Nylon Screws 3. Lift and remove the chassis cover. Remove the chassis cover Figure 122.
Wireless LAN Array 4. Lift the edge of the integrated access point module. Lift here (do not force) Figure 123. Lifting the Integrated Access Point Module 5. Slide the integrated access point module away from the unit to disconnect it from the main system board. Disconnect the module Figure 124. Disconnect the Integrated Access Point Module 6. 208 The removal procedure is complete. You can now reinstall the integrated access point module (or install a new module).
Wireless LAN Array 7. ! ! Reinstall the chassis cover (see warnings). When reinstalling the chassis cover, take care to align the cover correctly to avoid damaging the antenna modules. Do not force the chassis cover onto the body of the unit. Do not overtighten the nylon locking screws. 8. Reinstall the nylon locking screws (8 places) to secure the chassis cover in place—do not overtighten. 9. Reinstall the access panel (refer to “Reinstalling the Access Panel” on page 204).
Wireless LAN Array Page is intentionally blank 210 Appendix A: Servicing the Xirrus Array
Wireless LAN Array Appendix B: Quick Reference Guide This chapter contains product reference information. Use this chapter to locate the information you need quickly and efficiently. Section headings for this chapter include: z “Review of WMI Pages” on page 211 z “Factory Default Settings” on page 215 z “Keyboard Shortcuts” on page 220 Review of WMI Pages This section provides a review of the product’s WMI pages, with a brief explanation of their function and content.
Wireless LAN Array Page 212 Function DNS Settings Set up a DNS server (or multiple servers), if you want to offer clients associating with the Array the ability to use meaningful domain names (URLs) instead of numerical IP addresses. IAP Interfaces Provides a snapshot of global configuration data associated with radios.
Wireless LAN Array Page Function SSID Provides a snapshot of SSID (Service Set IDentifier) assignments. It includes the SSID name, whether or not an SSID is visible on the network, any security and QoS parameters defined for each SSID, associated VLAN IDs, guest access, and radio availability per SSID. SSID Management Manage SSIDs (create, modify or delete). It also allows you to assign security parameters and VLANs on a per SSID basis.
Wireless LAN Array Page 214 Function Management Control Displays rogue APs, according to the sort list you select (either Unknown, Known or Approved). Rogue Control List Establishes a control list for rogue APs, based on a type that you define. Stations Displays stations that are currently associated with the Array. Services Provides a current status of Syslog and SNMP services. Time Settings Synchronizes the Array’s clock with a universal clock from an NTP server.
Wireless LAN Array Factory Default Settings The following tables show the Array’s factory default settings. Network Interfaces Serial Setting Default Value Baud Rate 115200 Word Size 8 bits Stop Bits 1 Parity No parity Time Out 10 seconds Gigabit 1 and Gigabit 2 Setting Default Value Enabled Yes DHCP Bind Yes Default IP Address 10.0.1.2 Default IP Mask 255.0.0.
Wireless LAN Array Fast Ethernet Setting Default Value Enabled Yes DHCP Bind Yes Default IP Address 10.0.1.1 Default IP Mask 255.0.0.
Wireless LAN Array Server Settings DHCP Setting Enabled Default Value No Maximum Lease Time 300 minutes Default Lease Time 300 minutes IP Start Range 192.168.1.100 IP End Range 192.168.1.200 External RADIUS Setting Enabled Primary Server Primary Port Primary Secret Secondary Server Secondary Port Secondary Secret Time Out (before primary server is retired) Appendix B: Quick Reference Guide Default Value Yes 0.0.0.
Wireless LAN Array Internal RADIUS Setting Enabled Default Value No The user database is cleared upon reset to the factory defaults. For the Internal RADIUS Server you have a maximum of 200 entries. NTP Setting Default Value Enabled No Primary time.nist.gov Secondary 192.6.15.
Wireless LAN Array Default SSID Setting Default Value ID xirrus VLAN None Encryption Off Encryption Type None QoS None Enabled Yes Encryption Setting Enabled Default Value Yes WEP Keys null (all 4 keys) WEP Key Length null (all 4 keys) Default Key ID 0 WPA Enabled No TKIP Enabled Yes AES Enabled No EAP Enabled Yes PSK Enabled No Pass Phrase null Group Rekey 600 Appendix B: Quick Reference Guide 219
Wireless LAN Array Administrator Account and Password Setting Default Value ID admin Password admin Management Setting Default Value Telnet On SSH On Keyboard Shortcuts The following table shows the most common keyboard shortcuts. Action Shortcut Cut selected data and place it on the clipboard. Ctrl + X Copy selected data to the clipboard. Ctrl + C Paste data from the clipboard into a document (at the insertion point). Ctrl + V Copy the active window to the clipboard.
Wireless LAN Array Appendix C: Technical Support This chapter provides valuable support information that can help you resolve technical difficulties. Before contacting Xirrus, review all sections in this chapter and try to determine if your problem resides with the Array or your network infrastructure.
Wireless LAN Array Frequently Asked Questions This section answers some of the most frequently asked questions, organized by functional area. Multiple SSIDs Q. What Are BSSIDs and SSIDs? A. BSSID (Basic Service Set Identifier) refers to an individual access point radio and its associated clients. The identifier is the MAC address of the access point radio that forms the BSS.
Wireless LAN Array Another example may define an SSID named voice that supports voice over Wireless LAN phones with the highest possible Quality of Service (QoS) definition. This type of SSID might also forward traffic to specific VLANs on the wired network. Q. How do I set up SSIDs? A. Use the following procedure as a guideline. For more detailed information, go to “SSID” on page 107. 1. From the Web Management Interface, go to the SSID Management page. 2.
Wireless LAN Array Security Q. How do I know my management session is secure? A. Follow these guidelines: z Administrator passwords Always change the default administrator password (the default is admin), and choose a strong replacement password. When appropriate, issue read only administrator accounts. z SSH versus Telnet Be aware that Telnet is not secure over network connections and should be used only with a direct serial port connection.
Wireless LAN Array z WEP (Wired Equivalent Privacy) This option provides minimal protection (though much better than using an open network). An early standard for wireless data encryption and supported by all Wi-Fi certified equipment, WEP is vulnerable to hacking and is therefore not recommended for use by Enterprise networks.
Wireless LAN Array z RADIUS 802.1x with EAP 802.1x uses a RADIUS server to authenticate large numbers of clients, and can handle different EAP (Extensible Authentication Protocol) authentication methods, including EAP-TLS, EAPTTLS and EAP-PEAP. The RADIUS server can be internal (provided by the XS-3900) or external. An external RADIUS server offers more functionality and is recommended for large Enterprise deployments.
Wireless LAN Array VLAN Support Q. What Are VLANs? A. VLANs (Virtual Local Area Networks) are a logical grouping of network devices that share a common network broadcast domain. Members of a particular VLAN can be on any segment of the physical network but logically only members of a particular VLAN can see each other. VLANs are defined and implemented using the wired network switches that are VLAN capable. Packets are tagged for transmission on a particular VLAN according to the IEEE 802.
Wireless LAN Array As an example, to provide guest user access an SSID of guest might be created. This SSID could be mapped to a wired VLAN that segregates unknown users from the rest of the wired network and restricts them to Internet access only. Wireless users could then associate to the wireless network via the guest SSID and obtain access to the Internet through the selected VLAN, but would be able to access other privileged network resources. Contact Information Xirrus, Inc.
Wireless LAN Array Glossary of Terms 802.11a A supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 5 GHz and data rates of up to 54 Mbps. 802.11b A supplement to the IEEE 802.11 WLAN specification that describes radio transmissions at a frequency of 2.4 GHz and data rates of up to 11 Mbps. 802.11d A supplement to the Media Access Control (MAC) layer in 802.11 to promote worldwide use of 802.11 WLANs.
Wireless LAN Array authentication The process that a station, device, or user employs to announce its identify to the network which validates it. IEEE 802.11 specifies two forms of authentication, open system and shared key. bandwidth Specifies the amount of the frequency spectrum that is usable for data transfer. In other words, it identifies the maximum data rate a signal can attain on the medium without encountering significant attenuation (loss of power).
Wireless LAN Array channel A specific portion of the radio spectrum—the channels allotted to one of the wireless networking protocols. For example, 802.11b and 802.11g use 14 channels in the 2.4 GHz band, only 3 of which don't overlap (1, 6, and 11). In the 5 GHz band, 802.11a uses 8 channels for indoor use and 4 for outdoor use, none of which overlap.
Wireless LAN Array domain The main name/Internet address of a user's Internet site as registered with the InterNIC organization, which handles domain registration on the Internet. For example, the “domain” address for Xirrus is: http://www.xirrus.com, broken down as follows: z z z z http:// represents the Hyper Text Teleprocessing Protocol used by all Web pages. www is a reference to the World Wide Web. xirrus refers to the company. com specifies that the domain belongs to a commercial enterprise.
Wireless LAN Array encryption Any procedure used in cryptography to translate data into a form that can be decrypted and read only by its intended receiver. Fast Ethernet A version of standard Ethernet that runs at 100 Mbps rather than 10 Mbps. FCC (Federal Communications Commission) US wireless regulatory authority. The FCC was established by the Communications Act of 1934 and is charged with regulating Interstate and International communications by radio, television, wire, satellite and cable.
Wireless LAN Array MAC address (Media Access Control Address) A 6-byte hexadecimal address assigned by a manufacturer to a device. Mbps (Megabits per second) A standard measure for data transmission speeds (for example, the rate at which information travels over the Internet). 1 Mbps denotes one million bits per second. MTU (Maximum Transmission Unit) The largest physical packet size—measured in bytes—that a network can transmit.
Wireless LAN Array preamble Preamble (sometimes called a header) is a section of data at the head of a packet that contains information that the access point and client devices need when sending and receiving packets. PLCP has two structures, a long and a short preamble. All compliant 802.11b systems have to support the long preamble.
Wireless LAN Array Remote DC Power System (XP-3100) An optional Xirrus proprietary product that provides distributed DC power to multiple XS-3900 units, eliminating the need to run dedicated AC power to each unit and facilitating backup power when connected via a UPS. RSSI (Received Signal Strength Indicator) A measure of the energy observed by an antenna when receiving a signal.
Wireless LAN Array SSID (Service Set IDentifier) Every wireless network or network subset (such as a BSS) has a unique identifier called an SSID. Every device connected to that part of the network uses the same SSID to identify itself as part of the family—when it wants to gain access to the network or verify the origin of a data packet it is sending over the network. In short, it is the unique name shared among all devices in a WLAN.
Wireless LAN Array VLAN tagging (Virtual LAN tagging) Static port-based VLANs were originally the only way to segment a network without using routing, but these port-based VLANs could only be implemented on a single switch (or switches) cabled together. Routing was required to transfer traffic between unconnected switches. As an alternative to routing, some vendors created proprietary schemes for sharing VLAN information across switches.
Wireless LAN Array WPA (Wi-Fi Protected Access) A Wi-Fi Alliance standard that contains a subset of the IEEE 802.11i standard, using TKIP as an encryption method and 802.1X for authentication. XM-3300 The Xirrus Wireless Management System (XM-3300) is a Xirrus proprietary product used for managing large XS-3900 deployments from a centralized Webbased interface.
Wireless LAN Array Page is intentionally blank 240 Glossary of Terms
Wireless LAN Array Index Numerics 802.11a 11 802.11a/b/g 11 802.11b/g 11 802.11e 12 802.11p 12 802.11q 12 D default settings 215 deployment ease of 12 DHCP server 23, 85 DIMM module replacing 206 DNS settings 87 E access panel reinstalling 204 removing 202 AES 12 authentication 12 EAP-MDS 12 EAP-TLS 12 EAP-TTLS 12 encryption 12 event log 143 event messages 67 express setup 54, 73 external RADIUS server 802.
Wireless LAN Array mounting the unit 43 requirements 21 unpacking the unit 40 workflow 39 installation workflow 39 integrated radio module replacing 207 interfaces Web 65 Internet Explorer 22 K key features 10 keyboard shortcuts 220 performance 10 power cord 202 power outlet 21 power supply replacing 209 power switch 202 print button 68 product installation 21, 199 product overview 6 product specifications 13, 17 PuTTy 22 Q L QoS 12 Quality of Service 12 quick reference guide 211 logging 135, 143 logg
Wireless LAN Array replacing 206 T technical support contact information 228 frequently asked questions 222 Telnet establishing a connection 145 TKIP 12 tools 140 U unpacking the unit 40 user interface 65 V VoWLAN 12 W warning messages 67 Web interface 65 structure and navigation 67 WEP 12 workflow 39 WPA2 6 X Xirrus Management System 6, 9, 12, 23 Xirrus Remote Power System 21, 23 XMS 6, 9, 12, 23 XRPS 21, 23 XS 3900 management 69 Index 243
Wireless LAN Array Page is intentionally blank 244 Index
