1 Mbps Wireless LAN Access Point 8000 User Guide Version 1.1 http://www.3com.com/ http://support.3com.com/registration/frontpg.pl/ Published April, 2002 Version 1.1.
3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145 Copyright © 2002 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
CONTENTS 1 INTRODUCTION Wireless and Wired Networks 1 Access Point 8000 Feature Summary Installation Overview 2 2 1 INSTALLING THE ACCESS POINT Before You Begin 5 Deciding Where to Place Equipment 5 Connecting the Standard Antenna 6 Placing the Access Point 6 Mounting on a Wall 7 Mounting on a Ceiling 8 Connecting Power 9 Connecting to an Ethernet Network 10 Checking the LEDs 10 Selecting A Different Antenna 11 Omnidirectional Antenna 11 Ceiling Mount Omnidirectional Antenna Ceiling Mount Hallway Anten
Using the Configuration Management System Changing Access Point Properties 26 Setting Network Properties 26 Setting Data Transmission Properties 27 Setting Advanced Data Transmission Properties Setting up Security 29 Security Settings 29 Access Point Encryption Settings 30 Setting up a User Access List 30 Setting up a MAC Address Access List 31 Defining RADIUS Servers 31 Configuring for SNMP Management 31 Defining a TFTP Server 32 Setting up a System Log 32 Upgrading the System 32 Changing the Administratio
Returning Products for Repair 48 REGULATORY COMPLIANCE INFORMATION INDEX
1 INTRODUCTION The 3Com wireless product family lets you set up a local area network (LAN) without the restraints of network cabling. If your office already has an Ethernet LAN, the 3Com 11 Mbps Wireless LAN Access Point 8000 can extend the network without additional cabling. The access point security features extend the security of installed wired networks to include all wireless components.
2 CHAPTER 1: INTRODUCTION User support Supports up to 256 simultaneous users, regardless of mode of operation. DHCP support Uses DHCP to obtain a leased IP address and network configuration information from a server. If the network has no DHCP server, the access point’s internal DHCP server assigns IP addresses to wireless clients in a stand-alone wireless network. SNMP and MIB interfaces SNMP, HP OpenView, and 3Com Network Supervisor (3NS).
Installation Overview 3 5 After hardware installation is complete, install the access point tools, utilities, and user guide from the installation CD. See “Installing Software Utilities” on page 14. 6 To set up a wireless client to authenticate through the access point to your RADIUS server, refer to “Using the Wireless 802.1x Agent” on page 19. 7 To set access point security or configure the wireless network, refer to “Configuring the Access Point 8000” on page 23.
2 Before You Begin INSTALLING THE ACCESS POINT The following items are required for installation: ■ 3Com Integrated Power-over-Ethernet power supply and power cord. ■ Standard category 5 straight (8-wire) Ethernet cable for connecting the access point to the power supply. This length of cable must reach from the access point to the power supply. If you plan to connect the access point to a wired network, you will need an additional length of Ethernet cable.
6 CHAPTER 2: INSTALLING THE ACCESS POINT selecting the final location and be sure to allow for routing the antenna cable as required. Do not install the access point in wet or dusty areas without protection. Make sure the temperature ranges between –20˚ C to 55˚ C (–4˚ F to 131˚ F). Connecting the Standard Antenna The access point is supplied with standard detachable antennas. These should be attached before the access point is installed. 1 Carefully unpack the standard detachable antennas.
Placing the Access Point Mounting on a Wall 7 To mount an access point on a wall, follow the instructions on the mounting template supplied in the box and refer to the following illustration. Preferably, mount the access point near the ceiling above any obstructions that could block transmission.
CHAPTER 2: INSTALLING THE ACCESS POINT To mount an access point to the T-rail grid of an acoustical ceiling, you must first attach the mounting bracket to the access point as shown. SE T TO ER W PO LY PP SU Align the T-rail grips with the ceiling T-rail, adjusting them so they grip the T-rail snugly. Tighten the screws on the T-rail grip. Position the antenna so that the arms point down and away from the access point at a 45˚ angle.
Connecting Power Connecting Power 9 The access point is powered by the 3Com Integrated Power-over-Ethernet power supply, which provides power over a standard category 5 straight (8-wire) Ethernet cable. This eliminates the need to run standard power directly to the access point. The power supply can be located at any point between the access point and the LAN access port (if you plan to connect to a wired LAN), wherever a convenient power outlet exists.LEDs light. The access point is IEEE 802.
10 CHAPTER 2: INSTALLING THE ACCESS POINT Connecting to an Ethernet Network Use a standard Ethernet cable to connect the access point to an Ethernet network, as shown below. To avoid damaging other components connected to the network, make sure that the Ethernet cable connected to the LAN port is plugged into the To Hub/Switch port on the power supply (not the To Access Point port).
Selecting A Different Antenna Selecting A Different Antenna 11 The standard detachable portable antenna supplied with the access point is a multi-purpose antenna suitable for a variety of environments, including office LANs, physical plants, and factory floors.
12 CHAPTER 2: INSTALLING THE ACCESS POINT a design, be sure that it can pass signals used in the 2.5 GHz signal range. Many inexpensive units are available with F connectors, but these are typically designed for cable TV-UHF applications and may degrade the signals in the band used by the access point. Ceiling Mount Omnidirectional Antenna The ceiling-mount omnidirectional antenna (model number 3CWE492) is designed to cover large, open areas.
Selecting A Different Antenna 13 Directional Panel Antenna The ceiling, wall, and corner-mount flat-panel directional antenna (model 3CWE498) provides stable coverage both indoors and outdoors. The panel can be mounted virtually anywhere and in any orientation. The flat-panel directional antenna operates with a gain of 8 dBi.
14 CHAPTER 2: INSTALLING THE ACCESS POINT antenna to achieve the maximum possible received signal strength. See “Using the Site Survey Tool” on page 39 for more information. 1 Position the antenna so that there are minimal obstacles between it and any client with which it will communicate. While maintaining a direct line of sight between the antenna and a client is not strictly necessary, such an arrangement helps to ensure a strong signal.
Installing Software Utilities 15 ■ Install the 3Com Network Supervisor. The 3Com Network Supervisor v. 3.5 (3NS) graphically discovers, maps, and displays network links and IP devices, including 3Com wireless access points. It is not required for access point management. It is included for sites that require centralized network management and are not already using an SNMP-based tool.
ACCESS POINT SECURITY 3 The advanced security features of the Access Point 8000 address the two primary aspects of wireless networking security: network authentication and transmission encryption. The access point provides standardized methods for authentication and encryption, but also offers innovative technology from 3Com that extends the standards and makes wireless networking more secure. The access point can provide a complete stand-alone security solution.
18 CHAPTER 3: ACCESS POINT SECURITY them. After successful authentication, the TLS server securely sends the session keys to the access point and user data is allowed to pass. EAP-TLS is currently supported only under Windows XP. 3Com Serial Authentication Serial Authentication, a 3Com-proprietary upper layer authentication mechanism, uses a two-phase process involving both EAP-TLS and EAP-MD5 ■ In the first phase, the wireless client and the RADIUS EAP-TLS server mutually authenticate each other.
802.1x RADIUS Support 19 3Com 128-bit Dynamic Security Link Encryption. 3Com’s proprietary 128-bit Dynamic Security Link is built into the access point and permits user-level authentication. This option can be used only with local access point authentication. Users must log in with username and password. (The access point username and password database can support up to 1000 names.
20 CHAPTER 3: ACCESS POINT SECURITY If authentication fails, the access point will continue to block traffic from that client. The user may also manually log off and stop the agent, which suspends the authentication process until the client manually logs on again or intentionally re-associates with an access point. When a computer is logged off manually, the access point blocks traffic from the client until the client logs on again.
Using the Wireless 802.1x Agent 21 whenever an untrusted certificate is received. The 802.1x agent remembers the last trusted certificate, whether imported or manually verified, and automatically accepts that certificate.
4 CONFIGURING THE ACCESS POINT 8000 If the access point factory default configuration does not meet your network requirements, or if you want to customize the configuration settings, you can use these tools, which are included on the 3Com Access Point 8000 Installation CD, to change the configuration.
24 CHAPTER 4: CONFIGURING THE ACCESS POINT 8000 6 After you install the device manager, you can launch it by double-clicking the device manager icon on your computer desktop, or, from the Windows Start menu select Start / Programs / 3Com Wireless Infrastructure Device Manager / 3Com Wireless Infrastructure Device Manager. Launching a Wireless Device Configuration Make sure that the 3Com Wireless Infrastructure Device Manager is installed.
Using the Configuration Management System 25 The following table describes the functions of the buttons in the 3Com Wireless Infrastructure Device Manager window. Using the Configuration Management System Button Description Properties Displays the following properties of the selected device: Device Name, Device Type, Wireless LAN Service Area (ESSID), IP Address, Subnet Mask, and MAC Address. Configure Launches the Configuration Management System for the selected device.
26 CHAPTER 4: CONFIGURING THE ACCESS POINT 8000 Changing Access Point Properties Setting Network Properties Page Group Description System Status The System Status pages show currently associated clients, general information about the access point, and details about wireless configuration settings. The Access Point Properties page displays the properties of the selected access point. You can change properties by entering values in the fields and clicking the radio buttons described below.
Setting Data Transmission Properties 27 To turn off the access point DHCP server capability regardless of whether or not another DHCP server is available, click Disable and click Save. ■ Setting Data Transmission Properties Gateways—You can specify up to three additional gateway IP addresses. These settings are optional. (Only the default gateway is required). The Data Transmission Properties page lets you select radio channel settings and performance settings.
28 CHAPTER 4: CONFIGURING THE ACCESS POINT 8000 be set to Diversity Off. Generally, if the access point is using the standard detachable antennas, this parameter should be set to Diversity On to maximize the transmission and reception qualities of using both antennas.
Setting up Security Setting up Security 29 The Encryption page lets you select the type of security to be used on the access point. The page is divided into Security Settings, which determine the type of access authentication, and Access Point Encryption Settings, which determine the type of encryption used if the access point is handling encryption. To maintain wireless association, the encryption settings on clients and all the access points they associate with must match exactly.
30 CHAPTER 4: CONFIGURING THE ACCESS POINT 8000 Access Point Encryption Settings The following encryption settings are available on the Encryption page. These encryption settings are for Security settings that use access point encryption: ■ No Security (Open System)—No encryption is used. The network communications could be intercepted by unintended recipients.
Setting up a MAC Address Access List Setting up a MAC Address Access List Defining RADIUS Servers 31 ■ Deleting users—To delete users, check the boxes next to the users you want to delete and click Delete. If you click Reset, all checked boxes are cleared and you may reselect which users to delete from the list. ■ Modify Passwords—To modify a password, select the button next to the user name click Change. Change the password in the spaces provided and click OK.
32 CHAPTER 4: CONFIGURING THE ACCESS POINT 8000 ■ Defining a TFTP Server Identify which traps to send to the trap host or hosts. A TFTP server must be set up in order to perform firmware updates, backups, and restores. The TFTP Setup page identifies the TFTP server that will be used. If you do not have a TFTP server, you can install the one shipped with the access point. Use the 3Com CD (Tools and Utilities options) to install the 3CDaemon TFTP server.
Changing the Administration Password 33 4 Click the Access Point Firmware check box. 5 Enter the name of the upgrade file that you downloaded earlier. 6 Click Upgrade Now. The upgrade file is copied from the TFTP server to the access point and the access point restarts using the new upgrade. Changing the Administration Password When you log in for the first time, the Configuration Management System asks you to supply an administration password. Enter a password of at least 6-16 alphanumeric characters.
points in a network. Template parameters do not affect nor overwrite settings unique to individual access points, such as device name, location, IP addresses, and administration passwords. Viewing Statistics The statistics pages display various categories of operational and performance statistics associated with the access point. The values do not update dynamically, but you can update them at any time by refreshing the display.
Viewing System Status ■ ■ ■ packets that higher-level protocols requested be transmitted to a non-unicast (a subnetwork-broadcast or subnetwork-multicast) address, including those that were discarded or not sent non-unicast (subnetwork-broadcast or subnetwork-multicast) packets delivered to a higher-layer protocol octets transmitted out of the interface, including framing characters ■ octets received out of the interface, including framing characters ■ ■ ■ ■ Viewing System Status subnetwork unic
36 CHAPTER 4: CONFIGURING THE ACCESS POINT 8000
CONDUCTING A SITE SURVEY 5 Setting up a basic wireless LAN can be as simple as placing a 3Com 11 Mbps Wireless LAN access point in a central area, plugging it in, and setting up one or more clients. However, you can be certain that you have selected the best location if you conduct a site survey before installing an access point permanently. The 3Com Site Survey utility performs a set of tests that help you evaluate locations for 3Com access point units.
38 CHAPTER 5: CONDUCTING A SITE SURVEY You should also consider the following items: Electrical Requirements ■ If there any radio frequency (RF) systems already in use at the site, their signals could interfere with the access point signals. ■ If the access point will be connecting to a wired LAN, the access point must be installed close enough to connect to the hub with an Ethernet cable. ■ Available AC power. See “Electrical Requirements”.
Using the Site Survey Tool ■ 39 At the end of the testing, use the results from the Site Survey tool to help you decide on the best location for the access point. Based on the tests, the Site Survey tool lists the locations in descending order from best to worst. For more information, see “Interpreting Test Results” on page 40.
40 CHAPTER 5: CONDUCTING A SITE SURVEY 3 From the Run menu, select Start Test. The tests take a few moments to run. When they are finished, the results appear in the window. For details on the information that is presented, see “Interpreting Test Results” on page 40. 4 Optionally, save the test: From the File menu, select Save. Name the test and save it in the location of your choice. The Site Survey tool appends the characters .ssf to the file name.
Site Survey Menus 41 indicate faster ping rates. You can sort this list in ascending or descending order by clicking the Avg Ping RTT column head. The Site Survey utility recommends access point locations based purely on the test numbers. You can use the recommendations to guide your decision about access point locations.
6 TROUBLESHOOTING If you have difficulty with the access point, try the solutions in the following table. Symptom Solutions Access point does not power up. Make sure the Ethernet cable is plugged into the port labeled To Access Point on the power brick. Check for a faulty access point power supply. Check for a failed AC power supply No operation. Verify the access point configuration. Review access point firmware revisions and update firmware if necessary.
44 CHAPTER 6: TROUBLESHOOTING Symptom Solutions While you are configuring the access point, the Configuration Management System stops responding. To maintain wireless association, the WLAN service area and the security settings on the client and the access point must match exactly. Therefore, if you are associated with the access point that you are configuring and you change the access point WLAN service area or security, make sure to change the client WLAN service area to match.
A TECHNICAL SUPPORT 3Com provides easy access to technical support information through a variety of services. This appendix describes these services. Information contained in this appendix is correct at time of publication. For the most recent information, 3Com recommends that you access the 3Com Corporation World Wide Web site.
46 APPENDIX A: TECHNICAL SUPPORT Support from Your Network Supplier If you require additional assistance, contact your network supplier. Many suppliers are authorized 3Com service partners who are qualified to provide a variety of services, including network planning, installation, hardware maintenance, application training, and support services.
Support from 3Com Country Europe, Middle East and Africa From anywhere in these regions, call: Telephone Number +44 (0)1442 435529 phone +44 (0)1442 436722 fax Europe and South Africa From the following countries, you may use the toll-free numbers: Austria Belgium Denmark Finland France Germany Hungary Ireland Israel Italy Luxembourg Netherlands Norway Poland Portugal South Africa Spain Sweden Switzerland U.K.
Returning Products for Repair Before you send a product directly to 3Com for repair, you must first obtain an authorization number. Products sent to 3Com without authorization numbers will be returned to the sender unopened, at the sender’s expense.
REGULATORY COMPLIANCE INFORMATION FCC RADIO-FREQUENCY EXPOSURE NOTICE This device generates and radiates radio-frequency energy. In order to comply with FCC radio-frequency radiation exposure guidelines for an uncontrolled environment, this equipment has to be installed and operated while maintaining a minimum body to antenna distance of 2 meters. This product does not contain any user serviceable components.
EUROPEAN COMMUNITY - CE NOTICE Marking by the symbol: indicates compliance with the essential requirements of Directive 73/23/EC and the essential requirements of articles 3.1(b), 3.2 and 3.3 of Directive 1999/5/EC.
INDEX Numbers 128-bit Dynamic Security Link 30 128-bit dynamic security link encryption 19 128-bit Shared Encryption Key Settings 30 128-bit shared key encryption 18 3CDaemon 14 3Com 128-bit dynamic security link encryption 19 3Com 802.
M MAC address access list 31 MAC address, use in locating devices 24 management SNMP management 31 system log 32 TFTP setup 32 N network privacy mode 28 network properties 26 network supplier support 46 network traffic accelerator 27 NIC, choosing 25 nondedicated circuit, recommendations 38 O omnidirectional antenna 11 online technical services 45 open network 18 open system 30 P password 31 changing administrator 33 changing user 31 power 9 connecting power 9 power, 24-hour requirement 38 Pre-IP Configu
