AP-51xx Access Point Product Reference Guide
AP-51xx Access Point Product Reference Guide 72E-XXXXX-01 Revision X Juanuary 2007 Pre-Release
© 2006 by Symbol Technologies, Inc. All rights reserved. No part of this publication may be reproduced or used in any form, or by any electrical or mechanical means, without permission in writing from Symbol. This includes electronic or mechanical means, such as photocopying, recording, or information storage and retrieval systems. The material in this manual is subject to change without notice. The software is provided strictly on an “as is” basis.
Contents About This Guide Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Document Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii Service Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv AP-51xx Access Point Product Reference Guide Single or Dual Mode Radio Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Separate LAN and WAN Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Multiple Mounting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Antenna Support for 2.4 GHz and 5.2 GHz Radios . . . . . . . . . . . . . . . . . . . . . . 1-8 Sixteen Configurable WLANs. . . . . . . . . . . . .
v MU Association Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23 Operating Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24 Management Access Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25 Chapter 2. Hardware Installation Precautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vi AP-51xx Access Point Product Reference Guide Chapter 3. Getting Started Installing the Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 Configuration Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2 Basic Device Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 Configuring Device Settings. . . . . . . . . . . . . . . . . . . . . . . . .
vii Enabling Wireless LANs (WLANs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22 Creating/Editing Individual WLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24 Configuring WLAN Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29 Configuring a WLAN Access Control List (ACL) . . . . . . . . . . . . . . . . . . . 5-30 Setting the WLAN Quality of Service (QoS) Policy . . . . . . . . . . . . . . . . .
viii AP-51xx Access Point Product Reference Guide Using MUs to Detect Rogue Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring the Radius Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring LDAP Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring a Proxy Radius Server . . . . . . . . . . .
ix Network WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-39 Network WAN NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-42 Network WAN, VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-48 Network Wireless Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-57 Network WLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x AP-51xx Access Point Product Reference Guide Configuring a WLAN for Mesh Networking Support . . . . . . . . . . . . . . . . . . . . 9-8 Configuring the Access Point Radio for Mesh Support . . . . . . . . . . . . . . . . . 9-12 Usage Scenario - Trion Enterprises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19 Trion’s Initial Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19 Adding 2 Client Bridges to Expand the Coverage Area . . . .
xi Frequently Asked VPN Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-13 Replacing an AP-4131 with an AP-5131 or AP-5181. . . . . . . . . . . . . . . . . . . . . . . .B-18 Appendix C.
xii AP-51xx Access Point Product Reference Guide
About This Guide Introduction This guide provides configuration and setup information for the AP-5131 and AP-5181 model access points. For the purposes of this guide, the devices will be called AP-51xx or the generic term “access point” when an identical conifiguration activities applied to both models. Document Conventions The following document conventions are used in this document: NOTE Indicate tips or special requirements.
viii AP-51xx Access Point Product Reference Guide ! CAUTION Indicates conditions that can cause equipment damage or data loss. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage. Notational Conventions The following notational conventions are used in this document: • • • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents.
Introduction This AP-51xx Product Reference Guide contains setup and advanced configuration instructions for both the AP-5131 and AP-5181 model Symbol access points. Both the AP-5131 and AP-5181 model access points share the same Web UI interface, thus there is no difference in how the devices are configured using the instructions within this guide.
1-2 AP-51xx Access Point Product Reference Guide 1.1 New Features With this most recent 1.1 release of the access point firmware, the following new features have been introduced to the existing feature set: • • • • • • Mesh Networking Additional LAN Subnet On-board Radius Server Authentication Hotspot Support Routing Information Protocol (RIP) Manual Date and Time Settings 1.1.
Introduction Once the access point (in client bridge mode) establishes at least one wireless connection, it establishes other wireless connections in the background as they become available. In this way, the access point is able to establish simultaneous redundant links. An access point (in client bridge mode) can establish up to 3 simultaneous wireless connections with other AP-5131s or AP-5181s.
1-4 AP-51xx Access Point Product Reference Guide 1.1.3 On-board Radius Server Authentication The access point now has the ability to work as a Radius Server to provide user database information and user authentication. Several new screens have been added to the access point’s menu tree to configure Radius server authentication and configure the local user database and access policies.
Introduction 1.1.5 Routing Information Protocol (RIP) With the release of the 1.1 version access point, Routing Information Protocol (RIP) functionality has been added to the existing Router screen. RIP is an interior gateway protocol that specifies how routers exchange routing-table information. The parent Router screen also allows the administrator to select the type of RIP and the type of RIP authentication used.
1-6 AP-51xx Access Point Product Reference Guide 1.2 Feature Overview The Symbol access point has the following existing features carried forward from its initial 1.0 release: • • • • • • • • • • • • • • • • • • • • • • • Single or Dual Mode Radio Options Separate LAN and WAN Ports Multiple Mounting Options Antenna Support for 2.4 GHz and 5.
Introduction 1.2.1 Single or Dual Mode Radio Options One or two possible configurations are available on the access point depending on which model is purchased. If the access point is manufactured as a single radio access point, the access point enables you to configure the single radio for either 802.11a or 802.11b/g. If the access point is manufactured as a dual-radio access point, the access point enables you to configure one radio for 802.11a, and the other 802.11b/g.
1-8 AP-51xx Access Point Product Reference Guide For detailed information on the mounting options available for the access point, see Mounting the AP-5131 on page 2-12. 1.2.4 Antenna Support for 2.4 GHz and 5.2 GHz Radios The access point supports several 802.11a and 802.11b/g radio antennas. Select the antenna best suited to the radio transmission requirements of your coverage area. For an overview of the Radio 1 (2.4 GHz) and Radio 2 (5.
Introduction For detailed information on strategically mapping BSSIDs to WLANs, see Configuring the 802.11a or 802.11b/g Radio on page 5-47.
1-10 AP-51xx Access Point Product Reference Guide 1.2.7 Quality of Service (QoS) Support The access point QoS implementation provides applications running on different wireless devices a variety of priority levels to transmit data to and from the access point. Equal data transmission priority is fine for data traffic from applications such as Web browsers, file transfers or email, but is inadequate for multimedia applications.
Introduction • Content Filtering For an overview on the encryption and authentication schemes available on the access point, refer to Configuring Access Point Security on page 6-1. 1.2.8.1 Kerberos Authentication Authentication is a means of verifying information that is transmitted from a secure source. If information is authentic, you know who created it and you know that it has not been altered in any way since it was originated.
1-12 AP-51xx Access Point Product Reference Guide An MU is not able to access the network if not authenticated. When configured for EAP support, the access point displays the MU as an EAP station. EAP is only supported on mobile devices running Windows XP, Windows 2000 (using Service Pack #4) and Windows Mobile 2003. Refer to the system administrator for information on configuring a Radius Server for EAP (802.1x) support. For detailed information on EAP configurations, see Configuring 802.
Introduction 1.2.8.4 KeyGuard Encryption Use KeyGuard to shield the master encryption keys from being discovered through hacking. KeyGuard negotiation takes place between the access point and MU upon association. The access point can use KeyGuard with Symbol MUs. KeyGuard is only supported on Symbol MUs making it a Symbol proprietary security mechanism. For detailed information on KeyGuard configurations, see Configuring KeyGuard Encryption on page 6-18. 1.2.8.
1-14 AP-51xx Access Point Product Reference Guide For detailed information on WPA2-CCMP configurations, see Configuring WPA2-CCMP (802.11i) on page 6-22. 1.2.8.7 Firewall Security A firewall keeps personal data in and hackers out. The access point firewall prevents suspicious Internet traffic from proliferating the access point managed network. The access point performs network address translation (NAT) on packets passing to and from the WAN port.
Introduction assignment. In addition to these 16 VLANs, the access point supports dynamic, user-based, VLANs when using EAP authentication. VLANs enable organizations to share network resources in various network segments within large areas (airports, shopping malls, etc.). A VLAN is a group of clients with a common set of requirements independent of their physical location.
1-16 AP-51xx Access Point Product Reference Guide SNMP allows a network administrator to configure the access point, manage network performance, find and solve network problems, and plan for network growth. The access point supports SNMP management functions for gathering information from its network components. The access point downloads site contains the following 2 MIB files: • • Symbol-CC-WS2000-MIB-2.
Introduction communication. Therefore, if an MU’s WLAN is configured for MU-MU disallow, it will not be able to communicate with any other MUs connected to this access point. For detailed information on configuring an access point WLAN to disallow MU to MU communications, see Creating/Editing Individual WLANs on page 5-24. 1.2.15 Voice Prioritization Each access point WLAN has the capability of having its QoS policy configured to prioritize the network traffic requirements for associated MUs.
1-18 AP-51xx Access Point Product Reference Guide Associated MU stats can be displayed collectively and individually for specific MUs. An echo (ping) test is also available to ping specific MUs to assess association strength. Finally, the access point can detect and display the properties of other APs detected within the access point’s radio coverage area. The type of AP detected can be displayed as well as the properties of individual APs.
Introduction For detailed information on restoring a default or partial default configuration, see Configuring System Settings on page 4-2. 1.2.22 DHCP Support The access point can use Dynamic Host Configuration Protocol (DHCP) to obtain a leased IP address and configuration information from a remote server. DHCP is based on the BOOTP protocol and can coexist or interoperate with BOOTP.
1-20 AP-51xx Access Point Product Reference Guide The access point uses electromagnetic waves to transmit and receive electric signals without wires. Users communicate with the network by establishing radio links between mobile units (MUs) and access points. The access point uses DSSS (direct sequence spread spectrum) to transmit digital data from one device to another. A radio signal begins with a carrier signal that provides the base or center frequency.
Introduction access points with the same ESSID defines a coverage area. A valid ESSID is an alphanumeric, casesensitive identifier up to 32 characters. An MU searches for an access point with a matching ESSID and synchronizes (associates) to establish communications. This device association allows MUs within the coverage area to move about or roam. As the MU roams from cell to cell, it associates with a different access point.
1-22 AP-51xx Access Point Product Reference Guide directed packet to the correct destination. Transmitted ARP request packets echo back to other MUs. The access point removes from its database the destination or interface information that is not used for a specified time. The AP refreshes its database when it transmits or receives data from these destinations and interfaces. 1.3.3 Media Types The access point radio interface conforms to IEEE 802.11a/b/g specifications.
Introduction The ratio of chips per bit is called the spreading ratio. A high spreading ratio increases the resistance of the signal to interference. A low spreading ratio increases the bandwidth available to the user. The access point uses different modulation schemes to encode more bits per chip at higher data rates. The access point is capable of a maximum 54Mbps data transmission rate (802.
1-24 AP-51xx Access Point Product Reference Guide An MU selects the best available access point and adjusts itself to the access point direct-sequence channel to begin association. Once associated, the access point begins forwarding frames addressed to the target MU. Each frame contains fields for the current direct-sequence channel. The MU uses these fields to resynchronize to the access point. The scanning and association process continues for active MUs.
Introduction 1.3.7 Management Access Options Managing the access point includes viewing network statistics and setting configuration options. Statistics track the network activity of associated MUs and data transfers on the AP interfaces. The access point requires one of the following connection methods to perform a custom installation and manage the network: • • • • Secure Java-Based WEB UI - (use Sun Microsystems’ JRE 1.
1-26 AP-51xx Access Point Product Reference Guide
Hardware Installation An access point installation includes mounting the access point, connecting the access point to the network (LAN or WAN port connection), connecting antennae and applying power. Installation procedures vary for different environments.
2-2 AP-51xx Access Point Product Reference Guide ! CAUTION Symbol recommends conducting a radio site survey prior to installing the access point. A site survey is an excellent method of documenting areas of radio interference and providing a tool for device placement. 2.1 Precautions Before installing an AP-5131 or AP-5181 model access point verify the following: • • Do not install in wet or dusty areas without additional protection. Contact a Symbol representative for more information.
Hardware Installation Symbol Part # Description AP-5131-13043-WWR AP-5131 802.11a+g Dual Radio Access Point AP-5131 Install Guide Software and Documentation CD-ROM Power Injector (Part No. AP-PSBIAS-1P2-AFR) (4) Dual-Band Antennae (Part No. ML-2452-APA2-01) Accessories Bag AP-5131-40020-WW AP-5131 802.11a/g Single Radio Access Point AP-5131 Install Guide Software and Documentation CD-ROM Accessories Bag AP-5131-40021-WWR AP-5131 802.
2-4 AP-51xx Access Point Product Reference Guide For an overview on the optional antennae available for the AP-5131, see Antenna Options on page 26. For detailed specifications on the 2.4 GHz and 5.2 GHz antenna suite, see 2.4 GHz Antenna Matrix on page A-5 and 5.2 GHz Antenna Matrix on page A-5. ! CAUTION Using an antenna other than the Dual-Band Antenna (Part No. ML-2452-APA2-01) could render the AP-5131’s Rogue AP Detector Mode feature inoperable.
Hardware Installation 2.3 Requirements The minimum installation requirements for a single-cell, peer-to-peer network (regardless of access point model) • • • • An AP-5131 or AP-5181 model access point (either a dual or single radio model) 48 Volt Power Supply (Part No. 50-24000-050) or Symbol power injector (Part No. AP-PSBIAS-1P2-AFR) a power outlet Dual-Band Antennae.
2-6 AP-51xx Access Point Product Reference Guide 2.4.1 Site Surveys A site survey analyzes the installation environment and provides users with recommendations for equipment and placement. The optimum placement of 802.11a access points differs from 802.11b/g access points, because the locations and number of access points required are different to support the radio coverage area.
Hardware Installation The AP-5131 2.4 GHz antenna suite includes the following models: Symbol Part Number Antenna Type Nominal Net Gain (dBi) ML-2499-11PNA2-01R Wide Angle Directional 8.5 ML-2499-HPA3-01R Omni-Directional Antenna 3.3 ML-2499-BYGA2-01R Yagi Antenna 13.9 ML-2452-APA2-01 Dual-Band 3.0 NOTE An additional adapter is required to use ML-2499-11PNA2-01 and ML-2499-BYGA2-01 model antennae. Please contact Symbol for more information. The AP-5131 5.
2-8 AP-51xx Access Point Product Reference Guide For detailed specifications on the 2.4 GHz and 5.2 GHz antennae mentioned in this section, see section 2.4 GHz Antenna Matrix on page A-5 and section 5.2 GHz Antenna Matrix on page A-5. 2.4.2.2 AP-5181 Antenna Options -TBD 2.5 Power Options 2.5.1 AP-5131 Power Options The power options for the AP-5131 include: • • • Symbol Power Injector (Part No. AP-PSBIAS-1P2-AFR) Symbol 48-Volt Power Supply (Part No. 50-24000-050) Any standard 802.
Hardware Installation 2.6 Symbol Power Injector System The access point can receive power either directly form a Symbol 48V AC-DC power supply or via an Ethernet cable connected to the LAN port (using the 802.3af standard). When users purchase a Symbol WLAN solution, they often need to place access points in obscure locations. In the past, a dedicated power source was required for each access point in addition to the Ethernet infrastructure.
2-10 AP-51xx Access Point Product Reference Guide 2.6.1.1 Preparing for Site Installation The power injector can be installed free standing, on an even horizontal surface or wall mounted using the power injector’s wall mounting key holes. The following guidelines should be adhered to before cabling the power injector to an Ethernet source and an access point: • • • Do not block or cover airflow to the power injector. Keep the power injector away from excessive heat, humidity, vibration and dust.
Hardware Installation The power injector has no On/Off power switch. The power injector receives power and is ready for access point device connection and operation as soon as AC power is applied. 2.6.1.3 Power Injector LED Indicators The power injector demonstrates the following LED behavior under normal and/or problematic operating conditions: LED Green (Steady) AC (Main) Port Power injector is receiving power from AC Indicates a device is connected to the outlet.
2-12 AP-51xx Access Point Product Reference Guide 2.7 Mounting the AP-5131 The AP-5131 can rest on a flat surface, attach to a wall, mount under a suspended T-Bar or above a ceiling (plenum or attic). Choose one of the following mounting options based on the physical environment of the coverage area. Do not mount the AP-5131 in a location that has not been approved in a site survey.
Hardware Installation 4. Cable the AP-5131 using either the Symbol power injector solution or an approved line cord and power supply. ! CAUTION Do not supply power to the AP-5131 until the cabling of the unit is complete. For Symbol power injector installations: a. Connect a RJ-45 Ethernet cable between the network data supply (host) and the power injector Data In connector. b. Connect a RJ-45 Ethernet cable between the power injector Data & Power Out connector and the Symbol AP-5131 LAN port. c.
2-14 AP-51xx Access Point Product Reference Guide 5. Verify the behavior of the AP-5131 LEDs. For more information, see AP-5131 LED Indicators on page 2-21. 6. Return the AP-5131 to an upright position and place it in the location you wish it to operate. Ensure the AP-5131 is sitting evenly on all four rubber feet. The AP-5131 is ready to configure. For information on an AP-5131 default configuration, see Getting Started on page 3-1.
Hardware Installation ! CAUTION Both the Dual and Single Radio model AP-5131s use RSMA type antenna connectors. On the Dual Radio AP-5131, a single dot on the antenna connector indicates the primary antenna for both Radio 1 (2.4 GHz) and Radio 2 (5.2 GHz). Two dots designate the secondary antenna for both Radio 1 and Radio 2. On Single Radio models, a single dot on the antenna connector indicates the primary antenna for Radio 1, and two dots designate the secondary antenna for Radio 1. 8.
2-16 AP-51xx Access Point Product Reference Guide e. Plug the power adapter into an outlet. NOTE If the AP-5131 is utilizing remote management antennae, a wire cover can be used to provide a clean finished look to the installation. Contact Symbol for more information. 9. Verify the behavior of the AP-5131 LEDs. For more information, see AP-5131 LED Indicators on page 2-21. The AP-5131 is ready to configure. For information on an AP-5131 default configuration, see Getting Started on page 3-1.
Hardware Installation 4. Cable the AP-5131 using either the Symbol power injector solution or an approved line cord and power supply. ! CAUTION Do not supply power to the AP-5131 until the cabling of the unit is complete. For Symbol power injector installations: a. Connect a RJ-45 Ethernet cable between the network data supply (host) and the Power Injector Data In connector. b. Connect a RJ-45 Ethernet cable between the power injector Data & Power Out connector and the AP-5131 LAN port. c.
2-18 AP-51xx Access Point Product Reference Guide 10. Rotate the AP-5131 chassis 45 degrees counter-clockwise. The clips click as they fasten to the T-bar. 11. The AP-5131 is ready to configure. For information on an AP-5131 default configuration, see Getting Started on page 3-1. For specific details on AP-5131 system configurations, see System Configuration on page 4-1.
Hardware Installation ! CAUTION Symbol does not recommend mounting the AP-5131 directly to any suspended ceiling tile with a thickness less than 12.7mm (0.5in.) or a suspended ceiling tile with an unsupported span greater than 660mm (26in.). Symbol strongly recommends fitting the AP-5131 with a safety wire suitable for supporting the weight of the device. The safety wire should be a standard ceiling suspension cable or equivalent steel wire between 1.59mm (.062in.) and 2.5mm (.10in.) in diameter.
2-20 AP-51xx Access Point Product Reference Guide Light Pipe Ceiling Tile Decal Badge 9. Snap the clips of the light pipe into the bottom of the AP-5131. 10. Fit the light pipe into hole in the tile from its unfinished side. 11. Place the decal on the back of the badge and slide the badge onto the light pipe from the finished side of the tile. 12. Attach the radio antennae to their correct connectors. ! CAUTION Both the Dual and Single Radio model AP-5131s use RSMA type antenna connectors.
Hardware Installation For Symbol power injector installations: a. Connect a RJ-45 Ethernet cable between the network data supply (host) and the Power Injector Data In connector. b. Connect a RJ-45 Ethernet cable between the power injector Data & Power Out connector and the AP-5131 LAN port. c. Ensure the cable length from the Ethernet source (host) to the power injector and AP-5131 does not exceed 100 meters (333 ft). The power injector has no On/Off power switch.
2-22 AP-51xx Access Point Product Reference Guide Power and Error Conditions (Split LED) Data Over Ethernet 802.11a Radio Activity 802.11b/g Radio Activity The five LEDs on the top housing of the AP-5131 are clearly visible in table-top, wall and below ceiling installations. The five AP-5131 top housing LEDs have the following display and functionality: Power Status Solid white indicates the AP-5131 is adequately powered.
Hardware Installation Boot and Power Status Solid white indicates the AP-5131 is adequately powered. Error Conditions Solid red indicates the AP-5131 is experiencing a problem condition requiring immediate attention. Power and Error Conditions Blinking red indicates the AP-5131 Rogue AP Detection feature has located a rogue device 2.9 Mounting the AP-5181 The AP-5181 can be connected to a pole or attach to a wall.
2-24 AP-51xx Access Point Product Reference Guide NOTE The AP-5181 tilt angle may need to be adjusted during the antenna alignment process. Verify the antenna polarization angle when installing, enusre the antennas are oriented corretly in respect to the AP-5181's coverage area. 2.9.2 AP-5181 Wall Monuted Installations Complete the following steps to mount the AP-5181 to a wall using the supplied wall-mounting bracket: 1.
Hardware Installation 2.10 AP-5181 LED Indicators The AP-5181 utilizes four LED indicators. Five LEDs display within four LED slots on the back of the access point. The five LEDs have the following display and functionality: Illustration forthcoming Power Status Solid white indicates the AP-5131 is adequately powered. Error Conditions Solid red indicates the AP-5131 is experiencing a problem condition requiring immediate attention.
2-26 AP-51xx Access Point Product Reference Guide 2.11 Setting Up MUs For a discussion of how to initially test the access point to ensure it can interoperate with the MUs intended for its operational environment, see Basic Device Configuration on page 3-3 and specifically Testing Connectivity on page 3-11. Refer to the LA-5030 & LA-5033 Wireless Networker PC Card and PCI Adapter Users Guide, available from the Symbol Web site, for installing drivers and client software if operating in an 802.
Getting Started The access point should be installed in an area tested for radio coverage using one of the site survey tools available to the Symbol field service technician. Once an installation site has been identified, the installer should carefully follow the hardware precautions, requirements, mounting guidelines and power options outlined in Appendix 2, Hardware Installation on page 2-1.
3-2 AP-51xx Access Point Product Reference Guide For installing an AP-5131 model access point • • • • For instructions on installing the AP-5131 on a table top, see Desk Mounted Installations on page 2-12. For instructions on mounting an AP-5131 to a wall, see Wall Mounted Installations on page 2-14. For instructions on mounting an AP-5131 to a ceiling T-bar, see Suspended Ceiling T-Bar Installations on page 2-16.
Getting Started • • Config file - Readable text file; Importable/Exportable via FTP, TFTP and HTTP. Configuration settings for an access point can be downloaded from the current configuration of another access point meeting the import/export requirements. For information on importing or exporting configuration files, see Importing/Exporting Configurations on page 4-36. MIB (Management Information Base) accessing the access point SNMP functions using a MIB Browser.
3-4 AP-51xx Access Point Product Reference Guide 2. Log in using admin as the default User ID and symbol as the default Password. Though the example above is for an AP-5131, there is no difference for an AP-5181. 3. If the default login is successful, the Change Admin Password window displays. Change the password. Enter the current password and a new admin password in fields provided, and click Apply.
Getting Started The export function will always export the encrypted Admin User password. The import function will import the Admin Password only if the access point is set to factory default. If the access point is not configured to factory default settings, the Admin User password WILL NOT get imported. .
3-6 AP-51xx Access Point Product Reference Guide 4. Optionally enter the IP address of the server used to provide system time to the access point within the Time Server field. NOTE DNS names are not supported as a valid IP address. The user is required to enter a numerical IP address. Once the IP address is entered, the access point’s Network Time Protocol (NTP) functionality is engaged automatically.
Getting Started e. Define a Default Gateway address for the access point’s WAN connection. The ISP or a network administrator provides this address. f. Specify the address of a Primary DNS Server. The ISP or a network administrator provides this address. 6. Optionally, use the Enable PPP over Ethernet checkbox to enable Point-to-Point over Ethernet (PPPoE) for a high-speed connection that supports this protocol. Most DSL providers are currently using or deploying this protocol.
3-8 AP-51xx Access Point Product Reference Guide c. If using the static or DHCP Server option, enter the network-assigned IP Address of the access point. NOTE DNS names are not supported as a valid IP address for the access point. The user is required to enter a numerical IP address. d. The Subnet Mask defines the size of the subnet. The first two sets of numbers specify the network domain, the next set specifies the subset of hosts within a larger network.
Getting Started a. Enter the Extended Services Set Identification (ESSID) and name associated with the WLAN. For additional information on creating and editing up to 16 WLANs per access point, see Creating/Editing Individual WLANs on page 5-24. b. Use the Available On checkboxes to define whether the target WLAN is operating over the 802.11a or 802.11b/g radio. Ensure the radio selected has been enabled (see step 8). c.
3-10 AP-51xx Access Point Product Reference Guide Multiple WLANs can share the same security policy, so be careful not to name security policies after specific WLANs or risk defining a WLAN to single policy. Symbol recommends naming the policy after the attributes of the authentication or encryption type selected. 3. Select the WEP 128 (104 bit key) checkbox. The WEP 128 Settings field displays within the New Security Policy screen. 4.
Getting Started Keys #1-4 Use the Key #1-4 fields to specify key numbers. The key can be either a hexidecimal or ASCII depending on which option is selected from the drop-down menu. For WEP 64 (40-bit key), the keys are 10 hexadecimal characters in length or 5 ASCII characters. For WEP 128 (104-bit key), the keys are 26 hexadecimal characters in length or 13 ASCII characters. Select one of these keys for activation by clicking its radio button.
3-12 AP-51xx Access Point Product Reference Guide Packet Length Specifies the length of each packet transmitted to the MU during the test. The default length is 100 bytes. 4. Click the Ping button to begin transmitting packets to the specified MU address. Refer to the Number of Responses value to assess the number of responses from the MU versus the number of ping packets transmitted by the access point.
System Configuration The Symbol access point contains a built-in browser interface for system configuration and remote management using a standard Web browser such as Microsoft Internet Explorer, Netscape Navigator or Mozilla Firefox. The browser interface also allows for system monitoring of the access point. Web management of the access point requires either Microsoft Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later. NOTE For optimum compatibility, use Sun Microsystems’ JRE 1.
4-2 AP-51xx Access Point Product Reference Guide System configuration topics include: • • • • • • • • Configuring System Settings Configuring Data Access Managing Certificate Authority (CA) Certificates Configuring SNMP Settings Configuring Network Time Protocol (NTP) Logging Configuration Importing/Exporting Configurations Updating Device Firmware 4.
System Configuration System Name Specify a device name for the access point. Symbol recommends selecting a name serving as a reminder of the user base the access point supports (engineering, retail, etc.). System Location Enter the location of the access point. The System Location parameter acts as a reminder of where the AP can be found. Use the System Name field as a specific identifier of device location.
4-4 AP-51xx Access Point Product Reference Guide 3. Refer to the Factory Defaults field to restore either a full or partial default configuration. ! CAUTION Restoring the access point’s configuration back to default settings changes the administrative password back to “symbol.” If restoring the configuration back to default settings, be sure you change the administrative password accordingly.
System Configuration NOTE The Apply button is not needed for restoring the access point default configuration or restarting the access point. 6. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the System Settings screen to the last saved configuration. 7. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.
4-6 AP-51xx Access Point Product Reference Guide 2. Use the access point Access field checkboxes to enable/disable the following on the access point’s LAN1, LAN2 or WAN interfaces: Applet HTTP (port 80) Select the LAN1, LAN2 and/or WAN checkboxes to enable access to the access point configuration applet using a Web browser.
System Configuration 4. Configure the Secure Shell field to set timeout values to reduce network inactivity. Authentication Timeout Defines the maximum time (between 30 - 120 seconds) allowed for SSH authentication to occur before executing a timeout. The minimum permissible value is 30 seconds.
4-8 AP-51xx Access Point Product Reference Guide Shared Secret Define a shared secret for authentication on the server. The shared secret is required to be the same as the shared secret defined on the Radius server. Use shared secrets to verify Radius messages (with the exception of the Access-Request message) sent by a Radius-enabled device configured with the same shared secret. Apply the qualifications of a well-chosen password to the generation of a shared secret.
System Configuration Depending on the public key infrastructure, the digital certificate includes the owner's public key, the certificate expiration date, the owner's name and other public key owner information. The access point can import and maintain a set of CA certificates to use as an authentication option for Virtual Private Network (VPN) access. To use the certificate for a VPN tunnel, define a tunnel and select the IKE settings to use either RSA or DES certificates.
4-10 AP-51xx Access Point Product Reference Guide 2. Copy the content of the CA Certificate message (using a text editor such as notepad) and then click on Paste from Clipboard. The content of the certificate displays in the Import a root CA Certificate field. 3. Click the Import root CA Certificate button to import it into the CA Certificate list. 4.
System Configuration 2. Click on the Add button to create the certificate request. The Certificate Request screen displays. 3. Complete the request form with the pertinent information. Only 4 values are required, the others optional: Key ID Enter a logical name for the certificate to help distinguish between certificates. The name can be up to 7 characters in length. Subject The required Subject value contains important information about the certificate.
4-12 AP-51xx Access Point Product Reference Guide Signature Algorithm Use the drop-down menu to select the signature algorithm used for the certificate. Options include: • MD5-RSA - Message Digest 5 algorithm in combination with RSA encryption. • SHA1-RSA - Secure Hash Algorithm 1 in combination with RSA encryption. Key Length Defines the length of the key. Possible values are 512, 1024, and 2048. 4. When the form is completed, click the Generate button.
System Configuration The CA signs the certificate and will send it back. Once received, copy the content from the email into the clipboard. 7. Click the Paste from clipboard button. The content of the email displays in the window. Click the Load Certificate button to import the certificate and make it available for use as a VPN authentication option. The certificate ID displays in the Signed list.
4-14 AP-51xx Access Point Product Reference Guide 3. Complete the request form with the pertinent information. Key ID (required) Enter a logical name for the certificate to help distinguish between certificates. The name can be up to 7 characters in length. Subject (required) The required Subject value contains important information about the certificate. Contact the CA signing the certificate to determine the content of the Subject parameter.
System Configuration Key Length Defines the length of the key. Possible values are 512, 1024, and 2048. Symbol recommends setting this value to 1024 to ensure optimum functionality. 4. Complete as many of the optional values within the Certificate Request screen as possible. 5. When the form is completed, click the Generate button from within the Certificate Request screen.
4-16 AP-51xx Access Point Product Reference Guide 10. Select the Advanced request checkbox from within the Choose Request Type screen and click Next to continue. 11. From within the Advanced Certificate Requests screen, select the Submit a certificate request using a base 64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS file option. Click Next to continue. 12. Paste the content of certificate in the Saved Request field (within the Submit a Saved Request screen).
System Configuration 4.4 Configuring SNMP Settings Simple Network Management Protocol (SNMP) facilitates the exchange of management information between network devices. SNMP uses Management Information Bases (MIBs) to manage the device configuration and monitor Internet devices in potentially remote locations. MIB information accessed via SNMP is defined by a set of managed objects called object identifiers (OIDs). An object identifier (OID) is used to uniquely identify each object variable of a MIB.
4-18 AP-51xx Access Point Product Reference Guide Radio Configuration Symbol-AP-5131-MIB Content Filtering Symbol-CC-WS2000-MIB-2.0 Bandwidth Management Symbol-AP-5131-MIB Rogue AP Detection Symbol-CC-WS2000-MIB-2.0 SNMP Trap Selection Symbol-AP-5131-MIB Firewall Configuration Symbol-CC-WS2000-MIB-2.0 SNMP RF Trap Thresholds Symbol-AP-5131-MIB LAN to WAN Access Config Import/Export Symbol-AP-5131-MIB Advanced LAN Access Symbol-CC-WS2000-MIB-2.