EAP8518 802.11n Access Point User Guide www.edge-core.
USER GUIDE EAP8518 IEEE 802.
COMPLIANCES FEDERAL COMMUNICATION COMMISSION INTERFERENCE STATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
COMPLIANCES IMPORTANT NOTE: FCC RADIATION EXPOSURE STATEMENT This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator & your body. IC STATEMENT : This Class B digital apparatus complies with Canadian ICES-003.
COMPLIANCES AUSTRALIA/NEW ZEALAND AS/NZS 4771 ACN 066 352010 TAIWAN NCC 根據交通部低功率管理辦法規定: 第十二條 經型式認證合格之低功率射頻電機,非經許可,公司、商號或使用者均不得擅自變更 頻率、加大功率或變更原設計之特性及功能。 第十四條 低功率射頻電機之使用不得影響飛航安全及干擾合法通信;經發現有干擾現象時,應 立即停用,並改善至無干擾時方得繼續使用。前項合法通信,指依電信法規定作業之無線電通 信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 EC CONFORMANCE DECLARATION Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC).
COMPLIANCES NOTE: The user must use the configuration utility provided with this product to ensure the channels of operation are in conformance with the spectrum usage rules for European Community countries as described below. ◆ This device requires that the user or installer properly enter the current country of operation in the command line interface as described in the user guide, before operating this device.
COMPLIANCES OPERATION USING 5 GHZ CHANNELS IN THE EUROPEAN COMMUNITY The user/installer must use the provided configuration utility to check the current channel of operation and make necessary configuration changes to ensure operation occurs in conformance with European National spectrum usage laws as described below and elsewhere in this document. Allowed Frequency Bands Allowed Channel Numbers Countries 5.15 - 5.25 GHz* 36, 40, 44, 48 Austria, Belgium 5.15 - 5.
COMPLIANCES Hungarian Magyar Alulírott, Edgecore nyilatkozom, hogy a Radio LAN device megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak. Italian Italiano Con la presente Edgecore dichiara che questo Radio LAN device è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.
ABOUT THIS GUIDE PURPOSE This guide gives specific information on how to install the 11n wireless access point and its physical and performance related characteristics. It also gives information on how to operate and use the management functions of the access point.
CONTENTS SECTION I COMPLIANCES 3 ABOUT THIS GUIDE 9 CONTENTS 10 FIGURES 15 TABLES 18 INDEX OF CLI COMMANDS 21 GETTING STARTED 1 INTRODUCTION 24 25 Key Hardware Features 25 Description of Capabilities 25 Package Contents 26 Hardware Description 27 Antennas 28 External Antenna Connectors 28 LED Indicators 30 Console Port 31 Ethernet Port 31 Power Connector 31 Reset Button 31 2 NETWORK TOPOLOGIES 32 Interference Issues 32 Infrastructure Wireless LAN 32 Infrastructure
CONTENTS Location Selection 36 Mounting on a Horizontal Surface 37 Mounting on a Wall 38 Connecting and Powering On 39 4 INITIAL CONFIGURATION SECTION II 40 Connecting to the Login Page 40 Home Page and Main Menu 41 Common Web Page Buttons 42 Quick Start 43 Step 1 43 Step 2 44 Step 3 46 Main Menu Items 47 WEB CONFIGURATION 48 5 SYSTEM SETTINGS 49 Administration Settings 50 IP Address 51 RADIUS Settings 52 Primary and Secondary RADIUS Server Setup 52 RADIUS Accounting
CONTENTS SNMP Trap Settings 65 View Access Control Model 66 SNMPv3 Users 67 SNMPv3 Targets 68 SNMPv3 Notification Filters 69 7 ADVANCED SETTINGS 71 Local Bridge Filter 71 Link Layer Discovery Protocol 72 Access Control Lists 74 Source Address Settings 74 Destination Address Settings 75 Ethernet Type 76 8 WIRELESS SETTINGS 77 Spanning Tree Protocol (STP) 77 Bridge 78 Ethernet Interface 79 Wireless Interface 79 Authentication 80 Local MAC Authentication 80 RADIUS MAC Aut
CONTENTS AP Wireless Configuration SECTION III 105 Station Status 105 Event Logs 106 COMMAND LINE INTERFACE 108 11 USING THE COMMAND LINE INTERFACE 110 Console Connection 110 Telnet Connection 111 Entering Commands 112 Keywords and Arguments 112 Minimum Abbreviation 112 Command Completion 112 Getting Help on Commands 112 Showing Commands 112 Negating the Effect of Commands 113 Using Command History 113 Understanding Command Modes 113 Exec Commands 114 Configuration Comman
CONTENTS SECTION IV 22 FILTERING COMMANDS 175 23 SPANNING TREE COMMANDS 180 24 WDS BRIDGE COMMANDS 191 25 ETHERNET INTERFACE COMMANDS 193 26 WIRELESS INTERFACE COMMANDS 198 27 WIRELESS SECURITY COMMANDS 212 28 LINK LAYER DISCOVERY COMMANDS 222 29 VLAN COMMANDS 226 30 WMM COMMANDS 229 APPENDICES 234 A TROUBLESHOOTING 235 Diagnosing LED Indicators 235 Before Contacting Technical Support 235 B WDS SETUP EXAMPLES 238 Basic WDS Link Between Two APs 239 WDS Links Between Three or M
FIGURES Figure 1: Top Panel 27 Figure 2: Rear Panel 27 Figure 3: Ports 28 Figure 4: External Antenna Connectors 29 Figure 5: Screw-off External Antenna Connector - Close Up 29 Figure 6: LEDs 30 Figure 7: Infrastructure Wireless LAN 33 Figure 8: Infrastructure Wireless LAN for Roaming Wireless PCs 34 Figure 9: Bridging Mode 35 Figure 10: Attach Feet 37 Figure 11: Wall Mounting 38 Figure 12: Login Page 40 Figure 13: Home Page 41 Figure 14: Set Configuration Changes 42 Figure 15: H
FIGURES Figure 32: SNMPv3 Targets 69 Figure 33: SNMP Notification Filter 69 Figure 34: Local Bridge Filter 71 Figure 35: LLDP Settings 72 Figure 36: Source ACLs 74 Figure 37: Destination ACLs 75 Figure 38: Ethernet Type Filter 76 Figure 39: Spanning Tree Protocol 78 Figure 40: Local Authentication 81 Figure 41: RADIUS Authentication 82 Figure 42: Interface Mode 83 Figure 43: Radio Settings 84 Figure 44: VAP Settings 87 Figure 45: VAP Basic Settings 88 Figure 46: WDS-STA Mode 89
FIGURES Figure 68: Straight Through Wiring 251 Figure 69: Crossover Wiring 252 Figure 70: RJ-45 Console 254 – 17 –
TABLES Table 1: Key Hardware Features 25 Table 2: LED Behavior 30 Table 3: Logging Levels 59 Table 4: WMM Access Categories 94 Table 5: Command Modes 114 Table 6: Keystroke Commands 115 Table 7: General Commands 116 Table 8: System Management Commands 120 Table 9: Country Codes 121 Table 10: System Management Commands 135 Table 11: Logging Levels 137 Table 12: System Clock Commands 139 Table 13: DHCP Relay Commands 144 Table 14: SNMP Commands 146 Table 15: Flash/File Commands 1
TABLES Table 32: 1000BASE-T MDI and MDI-X Port Pinouts 253 Table 33: Console Port Pinouts 254 – 19 –
TABLES – 20 –
INDEX OF CLI COMMANDS NUMERICS D 802.1x enable 169 802.
INDEX OF CLI COMMANDS M mac-authentication server 173 mac-authentication session-timeout 173 make-radius-effective 167 make-rf-setting-effective 203 make-security-effective 219 management-vlanid 227 P password 123 path-cost (STP Interface) 185 ping 118 pmksa-lifetime 219 port-priority (STP Interface) 186 preamble 203 prompt 122 R radius-server accounting address 165 radius-server accounting key 166 radius-server accounting port 166 radius-server accounting timeout-interim 167 radius-server address 164 ra
INDEX OF CLI COMMANDS – 23 –
SECTION I GETTING STARTED This section provides an overview of the access point, and introduces some basic concepts about wireless networking. It also describes the basic settings required to access the management interface.
1 INTRODUCTION The EAP8518 is an IEEE 802.11n access point (AP) that meets draft 2.0 standards. It is fully interoperable with older 802.11a/b/g standards, providing a transparent, wireless high speed data communication between the wired LAN and fixed or mobile devices. The unit includes three detachable dual-band 2.4/5 GHz antennas with the option to attach alternative antennas that can extend or shape the network coverage area.
CHAPTER 1 | Introduction Package Contents initial configuration and troubleshooting, and support for Simple Network Management tools. The EAP8518 utilises MIMO technology and Spatial Multiplexing to achieve the highest possible data rate and throughput on the 802.11n frequency. The unit’s PoE RJ-45 port provides a 1 Gbps full-duplex link to a wired LAN.
CHAPTER 1 | Introduction Hardware Description HARDWARE DESCRIPTION Figure 1: Top Panel Antennas LED Indicators Figure 2: Rear Panel RJ-45 Console Port DC Power Socket RJ-45 PoE Port – 27 – Reset Button
CHAPTER 1 | Introduction Hardware Description Figure 3: Ports DC Power Port RJ-45 PoE Port RJ-45 Console Port ANTENNAS The access point includes three integrated external MIMO (multiple-input and multiple-output) antennas. MIMO uses multiple antennas for transmitting and receiving radio signals to improve data throughput and link range. Each antenna transmits the outgoing signal as a toroidal sphere (doughnut shaped), with the coverage extending most in a direction perpendicular to the antenna.
CHAPTER 1 | Introduction Hardware Description Figure 4: External Antenna Connectors Figure 5: Screw-off External Antenna Connector - Close Up – 29 –
CHAPTER 1 | Introduction Hardware Description LED INDICATORS The access point includes four status LED indicators, as described in the following figure and table. Figure 6: LEDs Ethernet Link/Activity 802.11 a/b/g/n Link/Activity System Error or Failure Power Table 2: LED Behavior LED Status Description LAN Off Ethernet RJ-45 has no valid link. Blue Ethernet RJ-45 has a 1000 Mbps link. Blinking indicates Green Ethernet RJ-45 has a 100 Mbps link.
CHAPTER 1 | Introduction Hardware Description CONSOLE PORT This port is used to connect a console device to the access point through a serial cable. The console device can be a PC or workstation running a VT100 terminal emulator, or a VT-100 terminal. A crossover RJ-45 to DB-9 cable is supplied with the unit for connecting to the console port. ETHERNET PORT The access point has one 1000BASE-T RJ-45 port that can be attached directly to 10BASE-T/100BASE-TX/1000BASE-TX LAN segments.
2 NETWORK TOPOLOGIES Wireless networks support a standalone configuration as well as an integrated configuration with 10/100/1000 Mbps Ethernet LANs. The EAP8518 also provides bridging services that can be configured independently on on any of the virtual AP (VAP) interfaces.
CHAPTER 2 | Network Topologies Infrastructure Wireless LAN for Roaming Wireless PCs The infrastructure configuration extends the accessibility of wireless PCs to the wired LAN. A wireless infrastructure can be used for access to a central database, or for connection between mobile workers, as shown in the following figure.
CHAPTER 2 | Network Topologies Infrastructure Wireless Bridge wireless network cards and adapters and wireless access points within a specific ESS must be configured with the same SSID. Figure 8: Infrastructure Wireless LAN for Roaming Wireless PCs Seamless Roaming Between Access Points Server Desktop PC Switch Switch Access Point Notebook PC Notebook PC Access Point Desktop PC INFRASTRUCTURE WIRELESS BRIDGE The IEEE 802.
CHAPTER 2 | Network Topologies Infrastructure Wireless Bridge Figure 9: Bridging Mode WDS Links Between Access Points Network Core VAP 0 WDS-AP Mode VAP 2 AP Mode VAP 1 WDS-AP Mode VAP 0 WDS-STA Mode VAP 2 AP Mode VAP 1 WDS-AP Mode VAP 0 WDS-STA Mode VAP 1 AP Mode VAP 0 WDS-STA Mode VAP 1 AP Mode – 35 –
3 INSTALLING THE ACCESS POINT This chapter describes how to install the access point. LOCATION SELECTION Choose a proper place for the access point. In general, the best location is at the center of your wireless coverage area, within line of sight of all wireless devices. Try to place the access point in a position that can best cover its service area. For optimum performance, consider these guidelines: ◆ Mount the access point as high as possible above any obstructions in the coverage area.
CHAPTER 3 | Installing the Access Point Mounting on a Horizontal Surface MOUNTING ON A HORIZONTAL SURFACE To keep the access point from sliding on the surface, attach the four rubber feet provided in the accessory kit to the marked circles on the bottom of the access point.
CHAPTER 3 | Installing the Access Point Mounting on a Wall MOUNTING ON A WALL To mount on a wall follow the instructions below. Figure 11: Wall Mounting Mounting Slots The access point should be mounted only to a wall or wood surface that is at least 1/2-inch plywood or its equivalent. To mount the access point on a wall, always use its wall-mounting bracket. The access point must be mounted with the RJ-45 cable connector oriented upwards to ensure proper operation. 1.
CHAPTER 3 | Installing the Access Point Connecting and Powering On CONNECTING AND POWERING ON Connect the power adapter to the access point, and the power cord to an AC power outlet. Otherwise, the access point can derive its operating power directly from the RJ-45 port when connected to a device that provides IEEE 802.3af compliant Power over Ethernet (PoE). CAUTION: Use ONLY the power adapter supplied with this access point. Otherwise, the product may be damaged.
4 INITIAL CONFIGURATION The EAP8518 offers a user-friendly web-based management interface for the configuration of all the unit’s features. Any PC directly attached to the unit can access the management interface using a web browser, such as Internet Explorer (version 6.0 or above) or Firefox (version 2.0 or above). CONNECTING TO THE LOGIN PAGE It is recommended to make initial configuration changes by connecting a PC directly to the EAP8518’s LAN port. The EAP8518 has a default IP address of 192.168.1.
CHAPTER 4 | Initial Configuration Home Page and Main Menu HOME PAGE AND MAIN MENU After logging in to the web interface, the Home page displays. The Home page shows some basic settings for the AP, including Country Code and the management access password. Figure 13: Home Page The web interface Main Menu menu provides access to all the configuration settings available for the access point.
CHAPTER 4 | Initial Configuration Common Web Page Buttons CAUTION: You must set the country code to the country of operation. Setting the country code restricts operation of the access point to the radio channels and transmit power levels permitted for wireless networks in the specified country. COMMON WEB PAGE BUTTONS The list below describes the common buttons found on most web management pages: ◆ Set – Applies the new parameters and saves them to temporary RAM memory.
CHAPTER 4 | Initial Configuration Quick Start ◆ Logout – Ends the web management session. ◆ Save Config – Saves the current configuration so that it is retained after a restart. QUICK START The Quick Start menu is designed to help you configure the basic settings required to get the access point up and running. Click ‘System’, followed by ‘Quick Start’. STEP 1 The first page of the Quick Start configures the system identification, access password, and the Country Code.
CHAPTER 4 | Initial Configuration Quick Start ◆ Old Password — If the unit has been configured with a password already, enter that password, otherwise enter the default password “admin.” ◆ New Password — The password for management access. (Length: 5-32 characters, case sensitive) ◆ Confirm New Password — Enter the password again for verification.
CHAPTER 4 | Initial Configuration Quick Start The following items are displayed on this page: DHCP ◆ DHCP Status — Enables/disables DHCP on the access point. (Default: disabled) ◆ IP Address — Specifies an IP address for management of the access point. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. (Default: 192.168.1.1.) ◆ Subnet Mask — Indicates the local subnet mask. Select the desired mask from the drop down menu. (Default: 255.255.255.
CHAPTER 4 | Initial Configuration Quick Start STEP 3 The Step 3 page of the Quick Start configures radio interface settings. Figure 18: Quick Start - Step 3 The following items are displayed on this page: INTERFACE SETTING ◆ WiFi Mode — Sets the mode of operation of the radio chip to 802.11n/g (2.4 GHz) or 802.11n/a (5 GHz). (Default: 11n/g) BASIC SETTING ◆ SSID — Sets the service set identifier for the primary VAP.
CHAPTER 4 | Initial Configuration Main Menu Items ■ TKIP: TKIP is used as the multicast encryption cipher. ■ AES-CCMP: AES-CCMP is used as the multicast encryption cipher. AES-CCMP is the standard encryption cipher required for WPA2. AUTHENTICATION ◆ 802.1x — Enables 802.1X authentication. (Default: Disabled) ◆ 802.1x Reauthentication Refresh Rate — The time period after which a connected client must be re-authenticated.
SECTION II WEB CONFIGURATION This section provides details on configuring the access point using the web browser interface.
5 SYSTEM SETTINGS This chapter describes basic system settings on the access point.
CHAPTER 5 | System Settings Administration Settings ADMINISTRATION SETTINGS The Administration Settings page configures some basic settings for the AP, such as the system identification name, the management access password, and the wireless operation Country Code. Figure 19: Administration The following items are displayed on this page: ◆ System Name — An alias for the access point, enabling the device to be uniquely identified on the network.
CHAPTER 5 | System Settings IP Address CAUTION: You must set the country code to the country of operation. Setting the country code restricts operation of the access point to the radio channels and transmit power levels permitted for wireless networks in the specified country. IP ADDRESS Configuring the access point with an IP address expands your ability to manage the access point. A number of access point features depend on IP addressing to operate.
CHAPTER 5 | System Settings RADIUS Settings ◆ Default Gateway — The default gateway is the IP address of the router for the access point, which is used if the requested destination address is not on the local subnet. If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided. ◆ Primary and Secondary DNS Address — The IP address of Domain Name Servers on the network.
CHAPTER 5 | System Settings RADIUS Settings Figure 21: RADIUS Settings The following items are displayed on the RADIUS Settings page: ◆ RADIUS Status — Enables/disables the primary RADIUS server. ◆ IP Address — Specifies the IP address or host name of the RADIUS server. ◆ Port (1024-65535) — The UDP port number used by the RADIUS server for authentication messages.
CHAPTER 5 | System Settings System Time ◆ Port (1024-65535) — The UDP port number used by the RADIUS accounting server for authentication messages. (Range: 1024-65535; Default: 1813) ◆ Key — A shared text string used to encrypt messages between the access point and the RADIUS accounting server. Be sure that the same text string is specified on the RADIUS server. Do not use blank spaces in the string.
CHAPTER 5 | System Settings System Time SNTP SERVER Configures the access point to operate as an SNTP client. When enabled, at SETTINGS least one time server IP address must be specified. ◆ SNTP Status — Enables/disables SNTP. (Default: enabled) ◆ Primary Server — The IP address of an SNTP or NTP time server that the access point attempts to poll for a time update. ◆ Secondary Server — The IP address of a secondary SNTP or NTP time server.
CHAPTER 5 | System Settings SpectraLink Voice Priority SPECTRALINK VOICE PRIORITY SpectraLink Voice Priority (SVP) is a voice priority mechanism for WLANs. SVP is an open, straightforward QoS approach that has been adopted by most leading vendors of WLAN APs. SVP favors isochronous voice packets over asynchronous data packets when contending for the wireless medium and when transmitting packets onto the wired LAN.
CHAPTER 5 | System Settings VLAN Configuration ◆ When VLAN support is enabled on the access point, traffic passed to the wired network is tagged with the appropriate VLAN ID, either a VAP default VLAN ID, or the management VLAN ID. Traffic received from the wired network must also be tagged with one of these known VLAN IDs. Received traffic that has an unknown VLAN ID or no VLAN tag is dropped.
CHAPTER 5 | System Settings System Logs SYSTEM LOGS The access point can be configured to send event and error messages to a System Log Server. The system clock can also be synchronized with a time server, so that all the messages sent to the Syslog server are stamped with the correct time and date. Figure 25: System Log Settings The following items are displayed on this page: ◆ Syslog Status — Enables/disables the logging of error messages.
CHAPTER 5 | System Settings Quick Start Wizard ◆ Logging Level — Sets the minimum severity level for event logging. (Default: Debug) The system allows you to limit the messages that are logged by specifying a minimum severity level. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug). The message levels that are logged include the specified minimum level up to the Emergency level.
6 MANAGEMENT SETTINGS This chapter describes management access settings on the access point. It includes the following sections: ◆ “Remote Management Settings” on page 60 ◆ “Access Limitation” on page 62 ◆ “Simple Network Management Protocol” on page 63 REMOTE MANAGEMENT SETTINGS The Web, Telnet, and SNMP management interfaces are enabled and open to all IP addresses by default.
CHAPTER 6 | Management Settings Remote Management Settings ◆ The client and server generate session keys for encrypting and decrypting data. ◆ The client and server establish a secure encrypted connection. ◆ A padlock icon should appear in the status bar for Internet Explorer. Figure 26: Remote Management The following items are displayed on Admin Interface page: ◆ Telnet Access — Enables/disables management access from Telnet interfaces.
CHAPTER 6 | Management Settings Access Limitation ◆ HTTPS Server — Enables/disables management access from a HTTPS server. (Default: enabled) ◆ HTTPS Port — Specifies the HTTPS port for secure IP connectivity. (Default: 443; Range 1024-65535) ◆ SNMP Access — Enables/disables management access from SNMP interfaces. (Default: enabled) ACCESS LIMITATION The Access Limitation page limits management access to the access point from specified IP addresses or wireless clients.
CHAPTER 6 | Management Settings Simple Network Management Protocol ◆ Subnet Mask — Specifies the subnet mask in the form 255.255.255.x RESTRICT MANAGEMENT ◆ Enable/Disable — Enables/disables management of the device by a wireless client. (Default: disabled) SIMPLE NETWORK MANAGEMENT PROTOCOL Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.
CHAPTER 6 | Management Settings Simple Network Management Protocol Figure 28: SNMP Basic Settings The following items are displayed on this page: ◆ SNMP — Enables or disables SNMP management access and also enables the access point to send SNMP traps (notifications). (Default: Disable) ◆ System Location — A text string that describes the system location. (Maximum length: 255 characters) ◆ System Contact — A text string that describes the system contact.
CHAPTER 6 | Management Settings Simple Network Management Protocol SNMP TRAP SETTINGS Traps indicating status changes are issued by the AP to specified trap managers. You must specify trap managers so that key events are reported by the AP to your management station (using network management platforms). Figure 29: SNMP Trap Settings The following items are displayed on this page: ◆ Trap Destination — Specifies the recipient of SNMP notifications. Enter the IP address or the host name.
CHAPTER 6 | Management Settings Simple Network Management Protocol VIEW ACCESS To configure SNMPv3 management access to the AP, follow these steps: CONTROL MODEL 1. Specify read and write access views for the AP MIB tree. 2. Configure SNMP user groups with the required security model (that is, SNMP v1, v2c, or v3) and security level (authentication and privacy). 3. Assign SNMP users to groups, along with their specific authentication and privacy passwords.
CHAPTER 6 | Management Settings Simple Network Management Protocol to the subtree “1.3.6.1.2.1.2.2.1.1.23,” the zero corresponds to the 10th subtree ID. When there are more subtree IDs than bits in the mask, the mask is padded with ones. ◆ View List – Shows the currently configured object identifiers of branches within the MIB tree that define the SNMP view. CREATING GROUPS An SNMPv3 group sets the access policy for its assigned users, restricting them to specific read, write, and notify views.
CHAPTER 6 | Management Settings Simple Network Management Protocol The following items are displayed on this page: ◆ User Name — The SNMPv3 user name. (32 characters maximum) ◆ Group — The SNMPv3 group name. ◆ Auth Type — The authentication type used for the SNMP user; either MD5 or none. When MD5 is selected, enter a password in the corresponding Passphrase field. ◆ Auth Passphrase — The authentication password or key associated with the authentication and privacy settings.
CHAPTER 6 | Management Settings Simple Network Management Protocol Figure 32: SNMPv3 Targets The following items are displayed on this page: ◆ Target ID — A user-defined name that identifies a receiver of notifications. (Maximum length: 32 characters) ◆ IP Address — Specifies the IP address of the receiving management station. ◆ UDP Port — The UDP port that is used on the receiving management station for notification messages.
CHAPTER 6 | Management Settings Simple Network Management Protocol The following items are displayed on this page: ◆ Filter ID — A user-defined name that identifies the filter. (Maximum length: 32 characters) ◆ Subtree — Specifies MIB subtree to be filtered. The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”. ◆ Type — Indicates if the filter is to “include” or “exclude” the MIB subtree objects from the filter.
7 ADVANCED SETTINGS This chapter describes advanced settings on the access point. It includes the following sections: ◆ “Local Bridge Filter” on page 71 ◆ “Link Layer Discovery Protocol” on page 72 ◆ “Access Control Lists” on page 74 LOCAL BRIDGE FILTER The access point can employ network traffic frame filtering to control access to network resources and increase security. You can prevent communications between wireless clients and prevent access point management from wireless clients.
CHAPTER 7 | Advanced Settings Link Layer Discovery Protocol ◆ Prevent Inter and Intra VAP client communication — When enabled, clients cannot establish wireless communications with any other client, either those associated to the same VAP interface or any other VAP interface. LINK LAYER DISCOVERY PROTOCOL This page allows you to configure the Link Layer Discovery Protocol (LLDP). LLDP allows devices in the local broadcast domain to share information about themselves.
CHAPTER 7 | Advanced Settings Link Layer Discovery Protocol ◆ Message Transmission Interval (seconds) — Configures the periodic transmit interval for LLDP advertisements. (Range: 5-32768 seconds; Default: 30 seconds) This attribute must comply with the following rule: (Transmission Interval * Hold Time) ≤ 65536, and Transmission Interval >= (4 * Delay Interval) ◆ ReInitial Delay Time (seconds) — Configures the delay before attempting to re-initialize after LLDP ports are disabled or the link goes down.
CHAPTER 7 | Advanced Settings Access Control Lists ACCESS CONTROL LISTS Access Control Lists allow you to configure a list of wireless client MAC addresses that are not authorized to access the network. A database of MAC addresses can be configured locally on the access point. SOURCE ADDRESS The ACL Source Address Settings page enables traffic filtering based on the SETTINGS source MAC address in the data frame.
CHAPTER 7 | Advanced Settings Access Control Lists DESTINATION The ACL Destination Address Settings page enables traffic filtering based ADDRESS SETTINGS on the destination MAC address in the data frame. Figure 37: Destination ACLs The following items are displayed on this page: ◆ DA Status — Enables network traffic with specific destination MAC addresses to be filtered (dropped) from the access point.
CHAPTER 7 | Advanced Settings Access Control Lists ETHERNET TYPE The Ethernet Type Filter controls checks on the Ethernet type of all incoming and outgoing Ethernet packets against the protocol filtering table. (Default: Disabled) Figure 38: Ethernet Type Filter The following items are displayed on this page: ◆ Disabled — Access point does not filter Ethernet protocol types. ◆ Enabled — Access point filters Ethernet protocol types based on the configuration of protocol types in the filter table.
8 WIRELESS SETTINGS This chapter describes wireless settings on the access point. It includes the following sections: ◆ “Spanning Tree Protocol (STP)” on page 77 ◆ “Authentication” on page 80 ◆ “Radio Settings” on page 84 ◆ “Virtual Access Points (VAPs)” on page 87 ◆ “Quality of Service (QoS)” on page 93 SPANNING TREE PROTOCOL (STP) The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
CHAPTER 8 | Wireless Settings Spanning Tree Protocol (STP) Figure 39: Spanning Tree Protocol BRIDGE Sets STP bridge link parameters. The following items are displayed on the STP page: ◆ Spanning Tree Protcol — Enables/disables STP on the AP. (Default: Enabled) ◆ Priority — Used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STP root device.
CHAPTER 8 | Wireless Settings Spanning Tree Protocol (STP) from among the device ports attached to the network. (Default: 20 seconds; Range: 6-40 seconds) Minimum: The higher of 6 or [2 x (Hello Time + 1)]. Maximum: The lower of 40 or [2 x (Forward Delay - 1)] ◆ Hello Time — Interval (in seconds) at which the root device transmits a configuration message. (Default: 2 seconds; Range: 1-10 seconds) Minimum: 1 Maximum: The lower of 10 or [(Max.
CHAPTER 8 | Wireless Settings Authentication ◆ Link Port Priority — Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the spanning tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops.
CHAPTER 8 | Wireless Settings Authentication Figure 40: Local Authentication The following items are displayed on Authentication page: MAC Authentication — Selects between, disabled, Local MAC authentication and RADIUS authentication. ◆ Local MAC — The MAC address of the associating station is compared against the local database stored on the access point. The Local MAC Authentication section enables the local database to be set up.
CHAPTER 8 | Wireless Settings Authentication ◆ MAC Authentication Table — Displays current entries in the local MAC database. RADIUS MAC The MAC address of the associating station is sent to a configured RADIUS AUTHENTICATION server for authentication. When using a RADIUS authentication server for MAC address authentication, the server must first be configured on the RADIUS page.
CHAPTER 8 | Wireless Settings Interface Mode INTERFACE MODE The access point can operate in two modes, IEEE 802.11a/n only, or 802.11g/n only. Also note that 802.11g is backward compatible with 802.11b, operating in the 2.4 GHz band. The 802.11a/n mode operates in the 5 GHz band. NOTE: The EAP8518 radio can operate in 2.4 GHz mode or 5 GHz mode. It does not operate at 2.4 GHz and 5 GHz modes at the same time. You must first select the basic radio operating mode you want to use for your network.
CHAPTER 8 | Wireless Settings Radio Settings RADIO SETTINGS The IEEE 802.11n interfaces include configuration options for radio signal characteristics and wireless security features. The access point can operate in two modes, mixed 802.11g/n (2.4 GHz), or mixed 802.11a/n (5 GHz). Note that the radio cannot not operate at 2.4 GHz and 5 GHz modes at the same time. Each radio supports eight virtual access point (VAP) interfaces, referred to as VAP0 ~ VAP7.
CHAPTER 8 | Wireless Settings Radio Settings The following items are displayed on this page: ◆ High Throughput Mode — The access point provides a channel bandwidth of 20 MHz by default giving an 802.11g connection speed of 54 Mbps and a 802.11n connection speed of up to 108 Mbps, and ensures backward compliance for slower 802.11b devices. Setting the HT Channel Bandwidth to 40 MHz (sometimes referred to as Turbo Mode) increases connection speed for 802.11g and 802.11n to 74 Mbps and 300 Mbps respectively.
CHAPTER 8 | Wireless Settings Radio Settings ◆ Preamble Length — The radio preamble (sometimes called a header) is a section of data at the head of a packet that contains information that the wireless device and client devices need when sending and receiving packets. You can set the radio preamble to long or short. A short preamble improves throughput performance, whereas a long preamble is required when legacy wireless devices are part of your network.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) ◆ Aggregate MAC Protocol Data Unit (A-MPDU) — Enables / disables the sending of this four frame packet header for statistical purposes. (Default: Enabled) ◆ A-MPDU Length Limit (1024-65535) — Defines the A-MPDU length. (Default: 65535 bytes; Range: 1024-65535 bytes) ◆ Aggregate MAC Service Data Unit (A-MSDU) — Enables / disables the sending of this four frame packet header for statistical purposes.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) The following items are displayed on this page: ◆ VAP Number — The number associated with the VAP, 0-7. ◆ SSID — The name of the basic service set provided by a VAP interface. Clients that want to connect to the network through the access point must set their SSID to the same as that of an access point VAP interface. (Default: EC _VAP_# (0 to 7); Range: 1-32 characters) ◆ Enable — Enables the specified VAP.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) ◆ Mode — Selects the mode in which the VAP will function. ■ AP Mode: The VAP provides services to clients as a normal access point. ■ WDS-AP Mode: The VAP operates as an access point in WDS mode, which accepts connections from client stations in WDS-STA mode. ■ WDS-STA Mode: The VAP operates as a client station in WDS mode, which connects to an access point VAP in WDS-AP mode.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) The following items are displayed in the VAP Basic Settings when WDS-AP mode is selected: ◆ WDS-AP (Parent) SSID — The SSID of the VAP on the connecting access point that is set to WDS-AP mode. ◆ WDS-AP (Parent) MAC — The MAC address of the VAP on the connecting access point that is set to WDS-AP mode. WIRELESS SECURITY Describes the wireless security settings for each VAP, including association SETTINGS mode, encryption, and authentication.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) to configure and maintain a RADIUS server, WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wireless clients. The PSK mode uses the same TKIP packet encryption and key management as WPA in the enterprise, providing a robust and manageable alternative for small networks.
CHAPTER 8 | Wireless Settings Virtual Access Points (VAPs) RADIUS server, the client remains connected the network. Only if reauthentication fails is network access blocked. (Range: 0-65535 seconds; Default: 0 means disabled) WIRED EQUIVALENT WEP provides a basic level of security, preventing unauthorized access to PRIVACY (WEP) the network, and encrypting data transmitted between wireless clients and the VAP.
CHAPTER 8 | Wireless Settings Quality of Service (QoS) The following items are on this page for WEP configuration: ◆ Default WEP Key Index – Selects the key number to use for encryption for the VAP interface. If the clients have all four WEP keys configured to the same values, you can change the encryption key to any of the settings without having to update the client keys.
CHAPTER 8 | Wireless Settings Quality of Service (QoS) 802.1D priorities is specifically intended to facilitate inter operability with other wired network QoS policies. While the four ACs are specified for specific types of traffic, WMM allows the priority levels to be configured to match any network-wide QoS policy. WMM also specifies a protocol that access points can use to communicate the configured traffic priority levels to QoS-enabled wireless clients.
CHAPTER 8 | Wireless Settings Quality of Service (QoS) Figure 49: WMM Backoff Wait Times Time CWMin High Priority CWMax AIFS Random Backoff Minimum Wait Time Random Wait Time CWMin Low Priority CWMax AIFS Random Backoff Minimum Wait Time Random Wait Time For high-priority traffic, the AIFSN and CW values are smaller. The smaller values equate to less backoff and wait time, and therefore more transmit opportunities.
CHAPTER 8 | Wireless Settings Quality of Service (QoS) The following items are displayed on this page: ◆ ◆ WMM — Sets the WMM operational mode on the access point. When enabled, the parameters for each AC queue will be employed on the access point and QoS capabilities are advertised to WMM-enabled clients. (Default: Disabled) ■ Disable: WMM is disabled. ■ Enable: WMM must be supported on any device trying to associated with the access point.
CHAPTER 8 | Wireless Settings Quality of Service (QoS) ■ ◆ Admission Control: The admission control mode for the access category. When enabled, clients are blocked from using the access category. (Default: Disabled) Set WMM — Applies the new parameters and saves them to RAM memory. Also prompts a screen to inform you when it has taken affect. Click “OK” to return to the home page. Changes will not be saved upon a reboot unless the running configuration file is saved.
9 MAINTENANCE SETTINGS Maintenance settings includes the following sections: ◆ “Upgrading Firmware” on page 98 ◆ “Running Configuration” on page 101 ◆ “Resetting the Access Point” on page 102 UPGRADING FIRMWARE You can upgrade new access point software from a local file on the management workstation, or from an FTP or TFTP server. New software may be provided periodically from your distributor. After upgrading new software, you must reboot the access point to implement the new code.
CHAPTER 9 | Maintenance Settings Upgrading Firmware Figure 51: Firmware The following items are displayed on this page: ◆ Firmware Version — Displays what version of software is being used as a runtime image - “Active”, and what version is a backup image “Backup”. You may specify up to two images. ◆ Next Boot Image — Specifies what version of firmware will be used as a runtime image upon bootup. ◆ Set Next Boot — Applies the runtime image setting.
CHAPTER 9 | Maintenance Settings Upgrading Firmware ◆ ◆ Remote — Downloads an operation code image file from a specified remote FTP or TFTP server. After filling in the following fields, click Start Upgrade to proceed. ■ New Firmware File: Specifies the name of the code file on the server. The new firmware file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.
CHAPTER 9 | Maintenance Settings Running Configuration RUNNING CONFIGURATION A copy of a previous running configuration may be uploaded to the access point as a saved file from a remote location, or the current configuration saved and stored for restoration purposes at a later point. A configuration file may be saved or downloaded to/from a specified remote FTP or TFTP server.
CHAPTER 9 | Maintenance Settings Resetting the Access Point ◆ IP Address — IP address or host name of FTP or TFTP server. ◆ Username — The user ID used for login on an FTP server. ◆ Password — The password used for login on an FTP server. ◆ Start Import/Export — Initiates the selected backup or restore. ◆ Restore Factory Setting — Click the Restore button to reset the configuration settings for the access point to the factory defaults and reboot the system.
10 STATUS INFORMATION The Information menu displays information on the current system configuration, the wireless interface, the station status and system logs. Status Information includes the following sections: ◆ “AP Status” on page 103 ◆ “Station Status” on page 105 ◆ “Event Logs” on page 106 AP STATUS The AP Status window displays basic system configuration settings, as well as the settings for the wireless interface.
CHAPTER 10 | Status Information AP Status The following items are displayed on this page: ◆ Serial Number — The serial number of the physical access point. ◆ System Up Time — Length of time the management agent has been up. ◆ Ethernet MAC Address — The physical layer address for the Ethernet port. ◆ Radio 0 MAC Address — The physical layer address for the VAP 0 interface. ◆ System Name — Name assigned to this system. ◆ System Contact — Administrator responsible for the system.
CHAPTER 10 | Status Information Station Status AP WIRELESS The AP Wireless Configuration displays the VAP interface settings. CONFIGURATION Figure 55: AP Wireless Configuration The following items are displayed on this page: ◆ VAP — Displays the VAP number. ◆ SSID — The service set identifier for the VAP interface. ◆ Association Mode — Shows the basic security mode configured for the VAP. ◆ 802.1X — Shows if IEEE 802.1X access control for wireless clients is enabled.
CHAPTER 10 | Status Information Event Logs EVENT LOGS The Event Logs window shows the log messages generated by the access point and stored in memory. Figure 57: Event Logs The following items are displayed on this page: ◆ Display Event Log — Selects the log entries to display. Up to 20 log messages can be displayed at one time. Each log entry includes the time the log message was generated, the logging level associated with the message, and the text of the log message.
CHAPTER 10 | Status Information Event Logs – 107 –
SECTION III COMMAND LINE INTERFACE This section provides a detailed description of the Command Line Interface, along with examples for all of the commands.
SECTION | Command Line Interface ◆ “VLAN Commands” on page 226 ◆ “WMM Commands” on page 229 – 109 –
11 USING THE COMMAND LINE INTERFACE When accessing the management interface for the over a direct connection to the console port, or via a Telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. Using the access point’s command-line interface (CLI) is very similar to entering commands on a UNIX system. CONSOLE CONNECTION To access the access point through the console port, perform these steps: At the console prompt, enter the user name and password.
CHAPTER 11 | Using the Command Line Interface Telnet Connection TELNET CONNECTION Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host portion.
CHAPTER 11 | Using the Command Line Interface Entering Commands ENTERING COMMANDS This section describes how to enter CLI commands. KEYWORDS AND A CLI command is a series of keywords and arguments. Keywords identify ARGUMENTS a command, and arguments specify configuration parameters. For example, in the command “show interfaces ethernet,” show and interfaces are keywords, and ethernet is an argument that specifies the interface type.
CHAPTER 11 | Using the Command Line Interface Entering Commands filters interface line lldp logging radius snmp sntp station svp system version wds AP: show Show filters. Show interface information. TTY line information. Show lldp parameters. Show the logging buffers. Show radius server. Show snmp configuration. Show sntp configuration. Show 802.11 station table. Show SVP. Show system information. Show system version. Show WDS service.
CHAPTER 11 | Using the Command Line Interface Entering Commands list of the commands available for the current mode. The command classes and associated modes are displayed in the following table: Table 5: Command Modes Class Mode Exec Privileged Configuration Global Interface-ethernet Interface-wireless Interface-wireless-vap EXEC COMMANDS When you open a new console session on an access point, the system enters Exec command mode. Only a limited number of the commands are available in this mode.
CHAPTER 11 | Using the Command Line Interface Entering Commands To enter Interface mode, you must enter the “interface ethernet” while in Global Configuration mode. The system prompt will change to “AP(if-ethernet)#,” or “AP(if-wireless 0)” indicating that you have access privileges to the associated commands. You can use the exit command to return to the Exec mode. AP(config)#interface ethernet AP(if-ethernet)# COMMAND LINE Commands are not case sensitive.
12 GENERAL COMMANDS This chapter details general commands that apply to the CLI.
CHAPTER 12 | General Commands end This command returns to the previous configuration mode. DEFAULT SETTING None COMMAND MODE Global Configuration, Interface Configuration EXAMPLE This example shows how to return to the Configuration mode from the Interface Configuration mode: AP(if-ethernet)#end AP(config)# exit This command returns to the Exec mode or exits the configuration program.
CHAPTER 12 | General Commands COMMAND MODE Exec EXAMPLE The following example disables the CLI timeout. AP(config)# cli-session-timeout disable AP(config)# ping This command sends ICMP echo request packets to another node on the network. SYNTAX ping host_name - Alias of the host. ip_address - IP address of the host. DEFAULT SETTING None COMMAND MODE Exec COMMAND USAGE ◆ Use the ping command to see if another site on the network can be reached.
CHAPTER 12 | General Commands reset This command restarts the system or restores the factory default settings. SYNTAX reset board - Reboots the system. configuration - Resets the configuration settings to the factory defaults, and then reboots the system. DEFAULT SETTING None COMMAND MODE Exec COMMAND USAGE When the system is restarted, it will always run the Power-On Self-Test. EXAMPLE This example shows how to reset the system: AP#reset board Please wait a moment...
13 SYSTEM MANAGEMENT COMMANDS These commands are used to configure the password, system logs, browser management options, clock settings, and a variety of other system information.
CHAPTER 13 | System Management Commands country This command configures the access point’s country code, which identifies the country of operation and sets the authorized radio channels. SYNTAX country country_code - A two character code that identifies the country of operation. See the following table for a full list of codes.
CHAPTER 13 | System Management Commands DEFAULT SETTING US - for units sold in the United States 99 (no country set) - for units sold in other countries COMMAND MODE Exec COMMAND USAGE ◆ If you purchased an access point outside of the United States, the country code must be set before radio functions are enabled. ◆ The available Country Code settings can be displayed by using the country ? command. EXAMPLE AP#country tw AP# prompt This command customizes the CLI prompt.
CHAPTER 13 | System Management Commands DEFAULT SETTING Enterprise AP COMMAND MODE Global Configuration EXAMPLE AP(config)#system name AP AP(config)# password After initially logging onto the system, you should set the password. Remember to record it in a safe place. SYNTAX password password - Password for management access.
CHAPTER 13 | System Management Commands After boot up, the SSH server needs about two minutes to generate host encryption keys. The SSH server is disabled while the keys are being generated. The show system command displays the status of the SSH server. ◆ EXAMPLE AP(config)# apmgmtui ssh enable AP(config)# apmgmtui ssh port This command sets the Secure Shell server port. SYNTAX apmgmtui ssh port port-number - The UDP port used by the SSH server.
CHAPTER 13 | System Management Commands apmgmtui http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. SYNTAX apmgmtui http port no apmgmtui http port port-number - The TCP port to be used by the browser interface.
CHAPTER 13 | System Management Commands apmgmtui http This command sets the web browser timeout limit. session-timeout SYNTAX apmgmtui http session-timeout seconds - The web session timeout.
CHAPTER 13 | System Management Commands EXAMPLE AP(config)# apmgmtui https port 1234 AP(config)# apmgmtui https Use this command to enable the secure hypertext transfer protocol server (HTTPS) over the Secure Socket Layer (SSL), providing secure access (that is, an encrypted connection) to the access point’s web interface. Use the no form to disable this function.
CHAPTER 13 | System Management Commands apmgmtui snmp This command enables and disables SNMP management access to the AP. SYNTAX apmgmtui snmp [enable | disable] enable - Enables SNMP management access. disable - Disables SNMP management access. DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE AP(config)# apmgmtui snmp enable AP(config)# apmgmtip This command specifies the client IP addresses that are allowed management access to the access point through various protocols.
CHAPTER 13 | System Management Commands COMMAND USAGE ◆ If anyone tries to access a management interface on the access point from an invalid address, the unit will reject the connection, enter an event message in the system log, and send a trap message to the trap manager. ◆ Management access applies to SNMP, HTTP (web), Telnet, and SSH connections. EXAMPLE This example restricts management access to the specified addresses. AP(config)#apmgmtip multiple 192.168.1.50 255.255.255.
CHAPTER 13 | System Management Commands System Contact : System Country Code : US - United States MAC Address : 00:22:2d:4d:7b:80 Radio 0 MAC Address : 00:22:2d:4d:7b:81: IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.254 VLAN Status : Disable Management VLAN ID(AP): 1 DHCP Client : static HTTP Access : Enable HTTP Port : 80 HTTP Timeout : 0 HTTPs Access : Enable HTTPs Port : 443 Slot Status : Dual band(a/g) Boot Rom Version : v0.1.0 Software Version : 1.1.0.
CHAPTER 13 | System Management Commands Address Filtering : ALLOWED System Default : ALLOW addresses not found in filter table. Filter Table ----------------------------------------------------------No Filter Entries. Bootfile Information =================================== Bootfile : ec-img.
CHAPTER 13 | System Management Commands Key 1: EMPTY Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Key Length : Key 1: ZERO Key 2: ZERO Key 3: ZERO Key 4: ZERO Authentication Type : OPEN Rogue AP Detection : Disabled Rogue AP Scan Interval : 720 minutes Rogue AP Scan Duration : 350 milliseconds =========================================================== Console Line Information =========================================================== databits : 8 parity : none speed : 9600 stop bits : 1 =======================
CHAPTER 13 | System Management Commands 2: 3: 4: 0.0.0.0, Community: *****, State: Disabled 0.0.0.0, Community: *****, State: Disabled 0.0.0.
CHAPTER 13 | System Management Commands Boot Rom Version : v3.0.7 Software Version : v4.3.2.2 SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLED WEB Redirect : DISABLED DHCP Relay : DISABLED ============================================================== Version Information ========================================= Version: v4.3.2.
14 SYSTEM LOGGING COMMANDS These commands are used to configure system logging on the access point.
CHAPTER 14 | System Logging Commands logging host This command specifies syslog servers host that will receive logging messages. Use the no form to remove syslog server host. SYNTAX logging host <1 | 2 | 3 | 4> [udp_port] no logging host <1 | 2 | 3 | 4> 1 - First syslog server. 2 - Second syslog server. 3 - Third syslog server. 4 - Fourth syslog server. host_name - The name of a syslog server. (Range: 1-20 characters) host_ip_address - The IP address of a syslog server.
CHAPTER 14 | System Logging Commands logging level This command sets the minimum severity level for event logging. SYNTAX logging level DEFAULT SETTING Informational COMMAND MODE Global Configuration COMMAND USAGE Messages sent include the selected level down to Emergency level.
CHAPTER 14 | System Logging Commands show logging This command displays the logging configuration. SYNTAX show logging COMMAND MODE Exec EXAMPLE AP#show logging Logging Information ===================================================== Syslog State : ENABLE Logging Console State : DISABLE Logging Level : Debug Servers 1: 10.7.16.98, UDP Port: 514, State: DISABLE 2: 10.7.13.48, UDP Port: 514, State: DISABLE 3: 10.7.123.123, UDP Port: 65535, State: DISABLE 4: 10.7.13.
15 SYSTEM CLOCK COMMANDS These commands are used to configure SNTP and system clock settings on the access point.
CHAPTER 15 | System Clock Commands EXAMPLE AP(config)#sntp-server ip 1 10.1.0.19 AP# RELATED COMMANDS sntp-server enabled show sntp sntp-server enabled This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests.
CHAPTER 15 | System Clock Commands minute - Sets the minute. (Range: 0-59) DEFAULT SETTING 00:14:00, January 1, 1970 COMMAND MODE Global Configuration EXAMPLE This example sets the system clock to 12:10 April 27, 2009. AP(config)# sntp-server date-time 2009 4 27 12 10 AP(config)# RELATED COMMANDS sntp-server enabled sntp-server This command sets the start and end dates for daylight savings time. Use daylight-saving the no form to disable daylight savings time.
CHAPTER 15 | System Clock Commands EXAMPLE This sets daylight savings time to be used from the Sunday in the fourth week of April, to the Sunday in the fourth week of October. AP(config)# sntp-server daylight-saving date-week 4 4 0 10 4 0 AP(config)# sntp-server This command sets the time zone for the access point’s internal clock. timezone SYNTAX sntp-server timezone hours - Number of hours before/after UTC.
CHAPTER 15 | System Clock Commands Time Zone : (GMT+08) Hong Kong, Perth, Singapore, Taipei Daylight Saving : DISABLED Daylight Saving Time : From MAR, Fourth Week, Wednesday To NOV, Last Week, Sunday =========================================================== AP# – 143 –
16 DHCP RELAY COMMANDS Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients that broadcast a request. To receive the broadcast request, the DHCP server would normally have to be on the same subnet as the client. However, when the access point’s DHCP relay agent is enabled, received client requests can be forwarded directly by the access point to a known DHCP server on another subnet.
CHAPTER 16 | DHCP Relay Commands RELATED COMMANDS show interface wireless – 145 –
17 SNMP COMMANDS Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages.
CHAPTER 17 | SNMP Commands snmp-server This command defines the community access string for the Simple Network community Management Protocol. Use the no form to remove the specified community string. SYNTAX snmp-server community string [ro | rw] no snmp-server community string string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 23 characters, case sensitive) ro - Specifies read-only access.
CHAPTER 17 | SNMP Commands COMMAND MODE Global Configuration EXAMPLE AP(config)#snmp-server contact Paul AP(config)# RELATED COMMANDS snmp-server location snmp-server This command sets the system location string. Use the no form to remove location the location string. SYNTAX snmp-server location no snmp-server location text - String that describes the system location.
CHAPTER 17 | SNMP Commands COMMAND USAGE ◆ This command enables both authentication failure notifications and link-up-down notifications. ◆ The snmp-server host command specifies the host device that will receive SNMP notifications. EXAMPLE AP(config)#snmp-server enable server AP(config)# RELATED COMMANDS snmp-server host snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host.
CHAPTER 17 | SNMP Commands snmp-server trap This command enables the access point to send specific SNMP traps (i.e., notifications). Use the no form to disable specific trap messages. SYNTAX snmp-server trap no snmp-server trap trap - One of the following SNMP trap messages: dot11InterfaceAGFail - The 802.11a or 802.11g interface has failed. dot11InterfaceBFail - The 802.11b interface has failed. dot11StationAssociation - A client station has successfully associated with the access point.
CHAPTER 17 | SNMP Commands sntpServerFail - The access point has failed to set the time from the configured SNTP server. sysConfigFileVersionChanged - The access point’s configuration file has been changed. sysRadiusServerChanged - The access point has changed from the primary RADIUS server to the secondary, or from the secondary to the primary. sysSystemDown - The access point is about to shutdown and reboot. sysSystemUp - The access point is up and running.
CHAPTER 17 | SNMP Commands COMMAND MODE Global Configuration COMMAND USAGE ◆ The access point allows multiple notification filters to be created. Each filter can be defined by up to 20 MIB subtree ID entries. ◆ Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects. Note that the filter entries are applied in the sequence that they are defined. ◆ The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”.
CHAPTER 17 | SNMP Commands password for authentication and a DES key/password for encryption. read-view - The name of a defined SNMPv3 view for read access. write-view - The name of a defined SNMPv3 view for write access. DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE ◆ The access point allows multiple groups to be created. ◆ A group sets the access policy for the assigned users.
CHAPTER 17 | SNMP Commands DEFAULT SETTING None COMMAND MODE Global Configuration COMMAND USAGE ◆ Multiple SNMPv3 users can be configured on the access point. ◆ Users must be assigned to groups that have the same security levels. If a user who has “AuthPriv” security (uses authentication and encryption) is assigned to a NoAuthNoPriv group, the user will not be able to access the database. An AuthPriv user must be assigned to the group with the AuthPriv security level.
CHAPTER 17 | SNMP Commands ◆ The SNMP v3 user name that is specified in the target must first be configured using the snmp-server user command. EXAMPLE AP(config)#snmp-server target tarname 192.168.1.33 chris 1234 AP(config)# snmp-server filter This command configures SNMP v3 notification filters. Use the no form to delete an SNMP v3 filter or remove a subtree from a filter.
CHAPTER 17 | SNMP Commands show snmp users This command displays the SNMP v3 users and settings.
CHAPTER 17 | SNMP Commands show snmp filter This command displays the SNMP v3 notification filter settings. SYNTAX show snmp filter [filter-id] filter-id - A user-defined name that identifies an SNMP v3 notification filter. (Maximum length: 32 characters) COMMAND MODE Exec EXAMPLE AP# show snmp filter Filter List: ================================== Filter: defaultfilter Type: Included Subtree: .1 Type: Excluded Subtree: .1.3.6.1.2.1.2.2.1.1.23 Filter: testfilter Type: Excluded Subtree: .13.6.1.2.1.2.2.1.
CHAPTER 17 | SNMP Commands systemUp: Disabled systemDown: Disabled ========================================================================== AP# show snmp vacm This command displays the configured SNMP v3 views. view SYNTAX show snmp vacm view [view-name] view-name - The name of a user-defined SNMPv3 view. COMMAND MODE Exec EXAMPLE AP# sh snmp vacm view View List: ================================== View Name : defaultview Type : included OID : .
CHAPTER 17 | SNMP Commands ================================== Group Name : testgroup Security Level : NoAuthNoPriv Read-View : defaultview Write-View : defaultview Group Name Security Level Read-View Write-View : : : : group2 AuthPriv defaultview defaultview ================================== AP# – 159 –
18 FLASH/FILE COMMANDS These commands are used to manage the system code or configuration files.
CHAPTER 18 | Flash/File Commands EXAMPLE AP# dual-image boot-image A Change image to A AP# copy This command copies a boot file, code image, or configuration file between the access point’s flash memory and a FTP/TFTP server. When you save the configuration settings to a file on a FTP/TFTP server, that file can later be downloaded to the access point to restore system operation. The success of the file transfer depends on the accessibility of the FTP/TFTP server and the quality of the network connection.
CHAPTER 18 | Flash/File Commands characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) ◆ Due to the size limit of the flash memory, the access point supports only two operation code files. ◆ The system configuration file must be named “syscfg” in all copy commands. EXAMPLE The following example shows how to upload the configuration settings to a file on the TFTP server: AP# copy config tftp syscfg 192.168.1.
19 RADIUS CLIENT COMMANDS Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access for RADIUS-aware devices to the network. An authentication server contains a database of credentials, such as users names and passwords, for each wireless client that requires access to the access point. Table 16: RADIUS Client Commands Command Function Mode Page radius-server enable Enables the RADIUS server.
CHAPTER 19 | RADIUS Client Commands EXAMPLE AP(config)# radius-server primary enable This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command specifies the primary and secondary RADIUS server address address. SYNTAX radius-server {primary | secondary} address
address - IP address of server. DEFAULT SETTING 10.7.16.CHAPTER 19 | RADIUS Client Commands If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server key This command sets the RADIUS encryption key. SYNTAX radius-server {primary | secondary] key key_string - Encryption key used to authenticate logon access for client. Do not use blank spaces in the string.
CHAPTER 19 | RADIUS Client Commands This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command sets the RADIUS Accounting port. accounting port SYNTAX radius-server accounting port port - The port used by the RADIUS Accounting server.
CHAPTER 19 | RADIUS Client Commands EXAMPLE AP(config)# radius-server accounting key green This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command sets the interval between transmitting accounting updates accounting to the RADIUS server.
CHAPTER 19 | RADIUS Client Commands Please wait a while... AP(config)# show radius This command displays the current settings for the RADIUS server. DEFAULT SETTING None COMMAND MODE Exec EXAMPLE AP#show radius Radius Accounting Information ============================================== IP : 10.7.16.96 Key : ********* Port : 1813 timeout-interim : 300 ============================================== Radius Primary Server Information ============================================== Status : ENABLED IP : 192.
20 802.1X AUTHENTICATION COMMANDS The access point supports IEEE 802.1X access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. Client authentication is then verified by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to the network. The 802.
CHAPTER 20 | 802.1X Authentication Commands EXAMPLE AP(if-wireless 0: VAP[0])# 802.1x enable This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# RELATED COMMANDS show interface wireless 802.1x session- This command sets the time period after which a connected client must be timeout re-authenticated. SYNTAX 802.1x session-timeout seconds - The number of seconds.
21 MAC ADDRESS AUTHENTICATION COMMANDS Use these commands to define MAC authentication on the access point. For local MAC authentication, first define the default filtering policy using the address filter default command. Then enter the MAC addresses to be filtered, indicating if they are allowed or denied. For RADIUS MAC authentication, the MAC addresses and filtering policy must be configured on the RADIUS server.
CHAPTER 21 | MAC Address Authentication Commands RELATED COMMANDS address filter entry address filter entry This command enters a MAC address in the filter table. SYNTAX address filter entry allowed - Entry is allowed access. denied - Entry is denied access. mac-address - Physical address of client. (Enter six pairs of hexadecimal digits separated by hyphens; e.g., 00-90-D1-12-AB89.
CHAPTER 21 | MAC Address Authentication Commands DEFAULT None COMMAND MODE Global Configuration EXAMPLE AP(config)#address filter delete allowed 00-70-50-cc-99-1b AP(config)# mac-authentication This command sets address filtering to be performed with local or remote server options. Use the no form to disable MAC address authentication.
CHAPTER 21 | MAC Address Authentication Commands DEFAULT 0 (disabled) COMMAND MODE Global Configuration EXAMPLE AP(config)#mac-authentication session-timeout 300 AP(config)# show authentication This command shows all authentication settings, as well as the address filter table.
22 FILTERING COMMANDS The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types.
CHAPTER 22 | Filtering Commands COMMAND USAGE This command can disable wireless-to-wireless communications between clients via the access point. However, it does not affect communications between wireless clients and the wired network. EXAMPLE AP(config)#filter local-bridge all-vap AP(config)# filter ap-manage This command prevents wireless clients from accessing the management interface on the access point. Use the no form to disable this filtering.
CHAPTER 22 | Filtering Commands COMMAND MODE Global Configuration COMMAND USAGE You can add up to 128 MAC addresses to the filtering table. EXAMPLE AP(config)#filter acl-source-address add 00-12-34-56-78-9a AP(config)#filter acl-source-address enable AP(config)# filter acl- This command configures ACL filtering based on source MAC addresses in destination-address data frames.
CHAPTER 22 | Filtering Commands COMMAND MODE Global Configuration COMMAND USAGE This command is used in conjunction with the filter ethernet-type protocol command to determine which Ethernet protocol types are to be filtered. EXAMPLE AP(config)#filter ethernet-type enabled AP(config)# RELATED COMMANDS filter ethernet-type protocol filter ethernet-type This command sets a filter for a specific Ethernet type. Use the no form to protocol disable filtering for a specific Ethernet type.
CHAPTER 22 | Filtering Commands show filters This command shows the filter options and protocol entries in the filter table.
23 SPANNING TREE COMMANDS The commands described in this section are used to set the MAC address table aging time and spanning tree parameters for both the Ethernet and wireless interfaces.
CHAPTER 23 | Spanning Tree Commands bridge stp service This command enables the Spanning Tree Protocol. Use the no form to disable the Spanning Tree Protocol. SYNTAX [no] bridge stp service DEFAULT SETTING Enabled COMMAND MODE Global Configuration EXAMPLE This example globally enables the Spanning Tree Protocol. AP(config)bridge stp service AP(config) bridge stp br-conf Use this command to configure the spanning tree bridge forward time forwarding-delay globally for the wireless bridge.
CHAPTER 23 | Spanning Tree Commands bridge stp br-conf Use this command to configure the spanning tree bridge hello time globally hello-time for the wireless bridge. SYNTAX bridge stp br-conf hello-time
CHAPTER 23 | Spanning Tree Commands EXAMPLE AP(config)#bridge stp max-age 40 AP(config)# bridge stp br-conf Use this command to configure the spanning tree priority globally for the priority wireless bridge. SYNTAX bridge stp br-conf priority priority - Priority of the bridge. (Range: 0 - 65535) DEFAULT SETTING 32768 COMMAND MODE Global Configuration COMMAND USAGE Bridge priority is used in selecting the root device, root port, and designated port.
CHAPTER 23 | Spanning Tree Commands EXAMPLE AP(config)# bridge stp port-conf interface wireless 0 Enter Wireless configuration commands, one per line. AP(stp-if-wireless 0)# bridge-link path- Use this command to configure the spanning tree path cost for the cost Ethernet port. SYNTAX bridge-link path-cost cost - The path cost for the port.
CHAPTER 23 | Spanning Tree Commands COMMAND USAGE ◆ This command defines the priority for the use of a port in the Spanning Tree Protocol. If the path cost for all ports on a wireless bridge are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree. ◆ Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled.
CHAPTER 23 | Spanning Tree Commands EXAMPLE AP(stp-if-wireless 0: VAP[0])# path-cost 512 AP(stp-if-wireless 0: VAP[0])# port-priority (STP This command sets the spanning tree path cost for the VAP interface. Interface) SYNTAX port-priority priority - The priority for the VAP interface. (Range: 0-63) COMMAND MODE Global Configuration (STP interface) COMMAND USAGE ◆ This command defines the priority for the use of an interface in the Spanning Tree Protocol.
CHAPTER 23 | Spanning Tree Commands ================================== AP# show bridge br-conf This command displays spanning tree settings for a specified VLAN. SYNTAX show bridge br-conf all - Keyword to show the STP configuration for all VLANs. vlan-id - Specifies a VLAN ID.
CHAPTER 23 | Spanning Tree Commands Link Port Priority : 32 Link Path Cost : 4 ======================================== ATH0 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH1 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH2 configuration ======================================== Link Port Priority : 32 Link Path Cost :
CHAPTER 23 | Spanning Tree Commands vlan-id - Specifies a VLAN ID. (Range: 0-4095) COMMAND MODE Exec EXAMPLE AP# show bridge status all br0 status ===================================================== Bridge ID : 8000.0012cfa25430 Designated Root ID : 8000.0012cfa25430 Root Port : 0 ath0 --- port 0x2 Port ID Designated Root ID Designated Bridge ID Root Port Path Cost State : : : : : 0x8002 8000.0012cfa25430 8000.0012cfa25430 0 FORWARDING eth0 --- port 0x1 Port ID : 0x8001 Designated Root ID : 8000.
CHAPTER 23 | Spanning Tree Commands COMMAND MODE Exec EXAMPLE AP# show bridge forward-addr interface wireless 0 vap 0 MAC ADDRESS INTERFACE VLAN AGE ===================================================== 02:12:cf:a2:54:30 ath0 0 0 ===================================================== AP# – 190 –
24 WDS BRIDGE COMMANDS The commands described in this section are used to set the operation mode for each access point interface and configure Wireless Distribution System (WDS) forwarding table settings.
CHAPTER 24 | WDS Bridge Commands DEFAULT SETTING None COMMAND MODE Interface Configuration (Wireless) VAP COMMAND USAGE In WDS-STA mode, the VAP operates as a client station in WDS mode, which connects to an access point in WDS-AP mode. The user needs to specify the SSID and MAC address of the VAP to which it intends to connect.
25 ETHERNET INTERFACE COMMANDS The commands described in this section configure connection parameters for the Ethernet port and wireless interface.
CHAPTER 25 | Ethernet Interface Commands dns This command specifies the address for the primary or secondary domain name server to be used for name-to-address resolution. SYNTAX dns {primary-server | secondary-server} primary-server - Primary server used for name resolution. secondary-server - Secondary server used for name resolution. server-address - IP address of domain-name server.
CHAPTER 25 | Ethernet Interface Commands COMMAND MODE Interface Configuration (Ethernet) COMMAND USAGE ◆ DHCP is enabled by default. To manually configure a new IP address, you must first disable the DHCP client with the no ip dhcp command. ◆ You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets.
CHAPTER 25 | Ethernet Interface Commands EXAMPLE AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. AP(if-ethernet)#ip dhcp AP(if-ethernet)# RELATED COMMANDS ip address shutdown This command disables the Ethernet interface. To restart a disabled interface, use the no form.
CHAPTER 25 | Ethernet Interface Commands EXAMPLE AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.
26 WIRELESS INTERFACE COMMANDS The commands described in this section configure connection parameters for the wireless interfaces.
CHAPTER 26 | Wireless Interface Commands interface wireless This command enters wireless interface configuration mode. SYNTAX interface wireless index - The index of the wireless interface. (Range: 0) DEFAULT SETTING None COMMAND MODE Global Configuration EXAMPLE AP(config)# interface wireless 0 Enter Wireless configuration commands, one per line. AP(if-wireless 0)# vap This command provides access to the VAP (Virtual Access Point) interface configuration mode.
CHAPTER 26 | Wireless Interface Commands DEFAULT SETTING Disabled COMMAND MODE Interface Configuration (Wireless) EXAMPLE AP(if-wireless 0)#a-mpdu enable AP(if-wireless 0)# a-msdu This command enables and sets the Aggregate MAC Service Data Unit (A-MSDU). SYNTAX a-msdu {enable | disable | length } enable - Enable A-MSDU. disable - Disable A-MSDU. length - 1024-65535 bytes.
CHAPTER 26 | Wireless Interface Commands ht40-channel - The 802.11n 40 MHz channel number: 11ng mode: 01Plus, 02Plus, 03Plus, 04Plus, 05Plus, 05Minus, 06Plus, 06Minus, 07Plus, 07Minus, 08Minus, 09Minus, 10Minus, 11Minus 11na mode: 36Plus, 40Minus, 44Plus, 48Minus, 52Plus, 56Minus, 60Plus, 64Minus, 100Plus, 104Minus, 108Plus, 112Minus, 116Plus, 120Minus, 124Plus, 128Minus, 132Plus, 136Minus, 149Plus, 153Minus, 157Plus, 161Minus auto - Automatically selects an unoccupied channel (if available).
CHAPTER 26 | Wireless Interface Commands transmit-power This command adjusts the power of the radio signals transmitted from the access point. SYNTAX transmit-power signal-strength - Signal strength transmitted from the access point. (Options: full, half, quarter, eighth, min) DEFAULT SETTING Full COMMAND MODE Interface Configuration (Wireless) COMMAND USAGE ◆ The “min” keyword indicates minimum power.
CHAPTER 26 | Wireless Interface Commands COMMAND USAGE Both the 802.11g and 802.11b standards operate within the 2.4 GHz band. If you are operating in 11ng mode, any 802.11b devices in the service area will contribute to the radio frequency noise and affect network performance. EXAMPLE AP(if-wireless 0)#interface-radio-mode 11na AP(if-wireless 0)# make-rf-setting- This command implements all wireless command changes made in current effective CLI session.
CHAPTER 26 | Wireless Interface Commands COMMAND USAGE ◆ Using a short preamble instead of a long preamble can increase data throughput on the access point, but requires that all clients can support a short preamble. ◆ Set the preamble to long to ensure the access point can support all 802.11b and 802.11g clients.
CHAPTER 26 | Wireless Interface Commands beacon-interval This command configures the rate at which beacon signals are transmitted from the access point. SYNTAX beacon-interval interval - The rate for transmitting beacon signals. (Range: 20-1000 milliseconds) DEFAULT SETTING 100 COMMAND MODE Interface Configuration (Wireless) COMMAND USAGE The beacon signals allow wireless clients to maintain contact with the access point. They may also carry power-management information.
CHAPTER 26 | Wireless Interface Commands the access point will save all broadcast/multicast frames for the Basic Service Set (BSS) and forward them after every beacon. ◆ Using smaller DTIM intervals delivers broadcast/multicast frames in a more timely manner, causing stations in Power Save mode to wake up more often and drain power faster. Using higher DTIM values reduces the power used by stations in Power Save mode, but delays the transmission of broadcast/multicast frames.
CHAPTER 26 | Wireless Interface Commands EXAMPLE AP(if-wireless 0)# rts-threshold 0 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# ssid This command configures the service set identifier (SSID) of the VAP. SYNTAX ssid string - The name of a basic service set supported by the access point.
CHAPTER 26 | Wireless Interface Commands COMMAND USAGE When closed system is enabled, the access point will not include its SSID in beacon messages. Nor will it respond to probe requests from clients that do not include a fixed SSID.
CHAPTER 26 | Wireless Interface Commands COMMAND MODE Interface Configuration (Wireless-VAP) EXAMPLE AP(if-wireless 0: VAP[0])# auth-timeout-interval 10 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# shutdown This command disables the VAP interface. Use the no form to restart the interface.
CHAPTER 26 | Wireless Interface Commands EXAMPLE AP# show interface wireless 0 vap 0 ----------------------------------Basic Setting---------------------------SSID : Edgecore_VAP_0 Interface Radio Mode : 11ng Auto Channel Select : DISABLE Channel : 11 High Throughput Mode : HT20 Status : ENABLE VLAN-ID : 1 Dhcp-Relay Server Ip : 0.0.0.0 ------------------------------------Capacity------------------------------Maximum Association Client Number : 64 Clients --------------------------------802.
CHAPTER 26 | Wireless Interface Commands show station This command shows the wireless clients associated with the access point.
27 WIRELESS SECURITY COMMANDS The commands described in this section configure parameters for wireless security on the VAP interfaces. Table 24: Wireless Security Commands Command Function Mode Page auth Defines the 802.
CHAPTER 27 | Wireless Security Commands wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for authentication. wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Preshared Key are accepted for authentication DEFAULT SETTING open-system COMMAND MODE Interface Configuration (Wireless-VAP) COMMAND USAGE ◆ The auth command automatically configures settings for each authentication type, including encryption, 802.1X, and cipher suite. The command auth open-system disables encryption and 802.1X.
CHAPTER 27 | Wireless Security Commands encryption cipher suite is set to TKIP, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for each client. The access point advertises it’s supported encryption ciphers in beacon frames and probe responses. WPA and WPA2 clients select the cipher they support and return the choice in the association request to the access point. For mixed-mode operation, the cipher used for broadcast frames is always TKIP. WEP encryption is not allowed.
CHAPTER 27 | Wireless Security Commands EXAMPLE AP(if-wireless 0: VAP[0])# encryption This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# RELATED COMMANDS key key This command sets the keys used for WEP encryption. Use the no form to delete a configured key. SYNTAX key { | static | dynamic} no key index - Key index. (Range: 1-4) size - Key size.
CHAPTER 27 | Wireless Security Commands EXAMPLE AP(if-wireless 0: VAP[0])# key 1 64 hex 1234512345 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# RELATED COMMANDS key encryption transmit-key transmit-key This command sets the index of the WEP key to be used for encrypting data frames transmitted from the VAP to wireless clients. SYNTAX transmit-key index - Key index.
CHAPTER 27 | Wireless Security Commands cipher-suite This command defines the cipher algorithm used to encrypt the global key for broadcast and multicast traffic when using WPA or WPA2 security. SYNTAX multicast-cipher aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher. tkip - Use TKIP encryption for the multicast cipher. TKIP or AESCCMP can be used for the unicast cipher depending on the capability of the client.
CHAPTER 27 | Wireless Security Commands EXAMPLE AP(if-wireless 0: VAP[0])# cipher-suite tkip This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# wpa-pre-shared-key This command defines a Wi-Fi Protected Access (WPA/WPA2) Pre-sharedkey. SYNTAX wpa-pre-shared-key hex - Specifies hexadecimal digits as the key input format.
CHAPTER 27 | Wireless Security Commands pmksa-lifetime This command sets the time for aging out cached WPA2 Pairwise Master Key Security Association (PMKSA) information for fast roaming. SYNTAX pmksa-lifetime minutes - The time for aging out PMKSA information.
CHAPTER 27 | Wireless Security Commands EXAMPLE AP(if-wireless 0: VAP[0])# make-security-effective It will take several minutes ! Please wait a while... Args: 1 lo no wireless extensions. eth0 no wireless extensions. br0 no wireless extensions. wifi0 no wireless extensions. lo no wireless extensions. eth0 no wireless extensions. br0 no wireless extensions. wifi0 no wireless extensions. lo no wireless extensions. eth0 no wireless extensions. br0 no wireless extensions.
CHAPTER 27 | Wireless Security Commands lo no wireless extensions. eth0 no wireless extensions. br0 no wireless extensions. wifi0 no wireless extensions. Error for wireless request "Set Fragmentation Threshold" (8B24) : SET failed on device ath0 ; Invalid argument.
28 LINK LAYER DISCOVERY COMMANDS LLDP allows devices in the local broadcast domain to share information about themselves. LLDP-capable devices periodically transmit information in messages called Type Length Value (TLV) fields to neighbor devices. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
CHAPTER 28 | Link Layer Discovery Commands lldp-transmit hold- This command configures the time-to-live (TTL) value sent in LLDP muliplier advertisements. SYNTAX lldp transmit hold-multiplier multiplier - The hold multiplier number.
CHAPTER 28 | Link Layer Discovery Commands EXAMPLE AP(config)# lldp transmit interval 30 AP(config)# lldp transmit re-init- This command configures the delay before attempting to re-initialize after delay LLDP ports are disabled or the link goes down. SYNTAX lldp transmit re-init-delay seconds - Time in seconds.
CHAPTER 28 | Link Layer Discovery Commands objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission. ◆ This attribute must comply with the rule: (4 * Delay Interval) ≤ Transmission Interval EXAMPLE AP(config)# lldp transmit delay-to-local-change 10 txDelay range is 1 to quter of msgTxInterval AP(config)# show lldp This command displays the current LLDP configuration.
29 VLAN COMMANDS The access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network. VLAN IDs can be mapped to specific VAP interfaces, allowing users to remain within the same VLAN as they move around a campus site. CAUTION: When VLANs are enabled, the access point’s Ethernet port drops all received traffic that does not include a VLAN tag.
CHAPTER 29 | VLAN Commands ◆ Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point’s management VLAN ID, or with a VLAN tag that matches one of the VAP default VLAN IDs. EXAMPLE AP(config)# vlan enabled Warning! VLAN's status has been changed now ! It will take several seconds ! Please wait a while... AP(config)# RELATED COMMANDS management-vlanid management-vlanid This command configures the management VLAN ID for the access point.
CHAPTER 29 | VLAN Commands vlan-id This command configures the default VLAN ID for the VAP interface. SYNTAX vlan-id vlan-id - Default VLAN ID. (Range: 1-4094) DEFAULT SETTING 1 COMMAND MODE Interface Configuration (Wireless-VAP) COMMAND USAGE ◆ To implement the default VLAN ID setting for VAP interface, the access point must enable VLAN support using the vlan command.
30 WMM COMMANDS The access point implements QoS using the Wi-Fi Multimedia (WMM) standard. Using WMM, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard and it enables the access point to inter-operate with both WMM-enabled clients and other devices that may lack any WMM functionality.
CHAPTER 30 | WMM Commands wmm-acknowledge- This command allows the acknowledgement wait time to be enabled or policy disabled for each Access Category (AC). SYNTAX wmm-acknowledge-policy ac_number - Access categories. (Range: 0-3) ack - Require the sender to wait for an acknowledgement from the receiver. noack - Does not require the sender to wait for an acknowledgement from the receiver.
CHAPTER 30 | WMM Commands BSS - Wireless client ac_number - Access categories (ACs) – voice, video, best effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802.1D priority tags as shown in Table 4 on page 94. (Range: 0-3) LogCwMin - Minimum log value of the contention window. This is the initial upper limit of the random backoff wait time before wireless medium access can be attempted.
CHAPTER 30 | WMM Commands WMM Parameters AC0 (Best Effort) AC1 (Background) AC2 (Video) AC3 (Voice) AIFS 3 7 1 1 TXOP Limit 0 0 94 47 Admission Control Disabled Disabled Disabled Disabled COMMAND MODE Interface Configuration (Wireless) EXAMPLE AP(if-wireless 0)# wmmparam ap 0 5 10 3 64 1 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# – 232 –
CHAPTER 30 | WMM Commands – 233 –
SECTION IV APPENDICES This section provides additional information and includes these items: ◆ “Troubleshooting” on page 235 ◆ “WDS Setup Examples” on page 238 ◆ “Hardware Specifications” on page 247 ◆ “Cables and Pinouts” on page 250 ◆ “Glossary” on page 255 ◆ “Index” on page 259 – 234 –
A TROUBLESHOOTING DIAGNOSING LED INDICATORS Table 30: LED Indicators Symptom Action Power LED is off ◆ The AC power adapter may be disconnected. Check connections between the unit, the power adapter, and the wall outlet. ◆ The PoE cable may be disconnected. Check connections between the unit and the PoE power source. ◆ ◆ Reset the unit to try and clear the condition. ◆ ◆ Verify that the unit and attached device are powered on.
APPENDIX A | Troubleshooting Before Contacting Technical Support ■ If authentication is being performed through IEEE 802.1X, be sure the wireless users have installed and properly configured 802.1X client software. ■ If MAC address filtering is enabled, be sure the client’s address is included in the local filtering database or on the RADIUS server database.
APPENDIX A | Troubleshooting Before Contacting Technical Support 5. If all other recovery measure fail, and the access point is still not functioning properly, take any of these steps: ■ Reset the access point’s hardware using the console interface, web interface, or through a power reset. ■ Reset the access point to its default configuration by using the console interface or web interface. Then use the default user name “admin” and password “admin” to access the management interface.
B WDS SETUP EXAMPLES The EAP8518 can use the IEEE 802.11 Wireless Distribution System (WDS) to set up links between APs independently on any of the unit’s eight VAP interfaces. This enables the configuration of multiple links between multiple APs. NOTE: The EAP8518 radio can operate in 2.4 GHz mode or 5 GHz mode. It does not operate at 2.4 GHz and 5 GHz at the same time. You must first select the basic radio operating mode you want to use for your WDS network.
APPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs BASIC WDS LINK BETWEEN TWO APS Consider the example illustrated in Figure 58. In this example, an EAP8518 connected to the main wired LAN needs to connect to another EAP8518 using a WDS link on VAP interface 0.
APPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs Figure 59: WDS Example — Access Point A VAP Setting 2. In the VAP Basic Settings, select WDS-AP for the Mode. 3. For security on the WDS link, select WPA-PSK or WPA2-PSK, set the encryption type, then enter the security key. 4. Click Set to confirm the new settings. Figure 60: WDS Example — Access Point A VAP Details 5. On the VAP Setting page, enable VAP 0, and then click Set to implement the new settings.
APPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs Figure 61: WDS Example — Access Point A WDS-AP VAP Setting 6. Click the Save Config button to retain the configuration set up when the AP is restarted. ACCESS POINT B CONFIGURATION 1. Go to the Wireless>VAP Settings page and click Edit to configure VAP 0. 2. In the VAP Basic Setting, select WDS-STA for the Mode. 3. Enter the SSID and MAC address of VAP 0 on Access point A.
APPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs 5. Click Set to confirm the new settings. Figure 63: WDS Example — Access Point B VAP Details 6. On the VAP Settings page, enable VAP 0 (if not already enabled) and then click Set to implement the new settings. Figure 64: WDS Example — Access Point B WDS-STA VAP Setting 7. Click the Save Config button to retain the configuration set up when the AP is restarted.
APPENDIX B | WDS Setup Examples Basic WDS Link Between Two APs CHECKING THE WDS LINK STATUS When you have configured both access point VAPs, you can check the status of the link from Access Point A. Go to the Information>Station Status page. For the VAP 0 interface, the Access Point B MAC address displays as a connected station.
APPENDIX B | WDS Setup Examples WDS Links Between Three or More APs WDS LINKS BETWEEN THREE OR MORE APS Consider the example illustrated in Figure 66. In this example, an EAP8518 connected to the main wired LAN connects to two other units using a WDS links. One of the connected units also connects to another EAP8518. In addition, two of the EAP8518 units support local wireless clients.
APPENDIX B | WDS Setup Examples WDS Links Between Three or More APs ACCESS POINT A CONFIGURATION 1. Configure VAP 0 settings: a. Set VAP 0 to WDS-AP mode. b. Set security to WPA-PSK or WPA2-PSK and configure a key. c. Set the SSID and enable the VAP. 2. Configure VAP 1 settings: a. Set VAP 1 to WDS-AP Mode. b. Set security to WPA-PSK or WPA2-PSK and configure a key. c. Set the SSID and enable the VAP. ACCESS POINT B CONFIGURATION 1. Configure VAP 0 settings: a. Set VAP 0 to WDS-STA mode. b.
APPENDIX B | WDS Setup Examples WDS Links Between Three or More APs 2. Configure VAP 1 settings: a. Set VAP 1 to AP Mode. b. Set the required security for wireless clients. c. Set the SSID and enable the VAP. ACCESS POINT D CONFIGURATION 1. Configure VAP 0 settings: a. Set VAP 0 to WDS-STA mode. b. Configure the WDS Parent SSID and Parent MAC address of VAP 1 on Access point A. c. Set the same security and encyption key as VAP 1 on Access Point A. d. Enable the VAP. 2. Configure VAP 1 settings: a.
C HARDWARE SPECIFICATIONS WIRELESS TRANSMIT 802.11b/g/n: POWER (MAXIMUM) 802.11b: 21 dBm (typical) 802.11g: 16 dBm 802.11n HT20 (20MHz, MCS): 20.5 dBm 802.11n HT40 (40MHz, MCS): 21 dBm 802.11a/n: 802.11a: 16 dBm 802.11n HT20 (20MHz, MCS): 18 dBm 802.11n HT40 (40 MHz, MCS): 16 dBm WIRELESS RECEIVE 802.11b/g/n: SENSITIVITY (MAXIMUM) 802.11b: -92 dBm 802.11g: -89 dBm 802.11n HT20 (20MHz, MCS): -87 dBm 802.11n HT40 (40MHz, MCS): -88 dBm 802.11a/n: 802.11a: -88 dBm 802.11n HT20 (20MHz, MCS): -87 dBm 802.
APPENDIX C | Hardware Specifications DATA RATE 802.11b: 1, 2, 5.5, 11 Mbps per channel 802.11g: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel 802.11n: 27, 54, 81, 108, 162, 216, 243, 270, 300 Mbps per channel (40MHz) 802.11a: Normal Mode: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel Turbo Mode: 12, 18, 24, 36, 48, 54, 96, 108 Mbps per channel OPERATING CHANNELS 802.11g/n: 11 channels in base mode (US, Canada) 13 channels (ETSI, Japan) 802.
APPENDIX C | Hardware Specifications TEMPERATURE Operating: 0 to 40 °C (32 to 104 °F) Storage: -20 to 70 °C (32 to 158 °F) HUMIDITY 15% to 95% (non-condensing) COMPLIANCES FCC Part 15B Class B EN 55022B EN 55024 EN 61000-3-2 EN 61000-3-3 RADIO SIGNAL FCC Part 15C 15.247, 15.207 (2.4 GHz) CERTIFICATION EN 300 328 EN 301 489-1 EN 301 489-17 IC RSS-210 STANDARDS IEEE 802.11b/g IEEE 802.11a IEEE 802.11n draft v2.0 IEEE 802.3-2005 PHYSICAL SIZE 18.8 x 15 x 2.2 cm (7.40 x 5.90 x 0.87 in) WEIGHT 595 g (20.
D CABLES AND PINOUTS TWISTED-PAIR CABLE ASSIGNMENTS For 10/100BASE-TX connections, a twisted-pair cable must have two pairs of wires. For 1000BASE-T connections the twisted-pair cable must have four pairs of wires. Each wire pair is identified by two different colors. For example, one wire might be green and the other, green with white stripes. Also, an RJ-45 connector must be attached to both ends of the cable. NOTE: Each wire pair must be attached to the RJ-45 connectors in a specific orientation.
APPENDIX D | Cables and Pinouts Twisted-Pair Cable Assignments Table 31: 10/100BASE-TX MDI and MDI-X Port Pinouts PIN MDI Signal Namea MDI-X Signal Name 1 Transmit Data plus (TD+) -48V power (Negative Vport) Receive Data plus (RD+) GND (Positive Vport) 2 Transmit Data minus (TD-) -48V power (Negative Vport) Receive Data minus (RD-) GND (Positive Vport) 3 Receive Data plus (RD+) GND (Positive Vport) Transmit Data plus (TD+) -48V power (Negative Vport) 4 -48V power (Negative Vport) GND (Positiv
APPENDIX D | Cables and Pinouts Twisted-Pair Cable Assignments CROSSOVER WIRING If the twisted-pair cable is to join two ports and either both ports are labeled with an “X” (MDI-X) or neither port is labeled with an “X” (MDI), a crossover must be implemented in the wiring. (When auto-negotiation is enabled for any RJ-45 port on this switch, you can use either straightthrough or crossover cable to connect to any device type.
APPENDIX D | Cables and Pinouts Twisted-Pair Cable Assignments Table 32: 1000BASE-T MDI and MDI-X Port Pinouts Pin MDI Signal Name MDI-X Signal Name 1 Bi-directional Pair A Plus (BI_DA+) -48V power (Negative Vport) Bi-directional Pair B Plus (BI_DB+) GND (Positive Vport) 2 Bi-directional Pair A Minus (BI_DA-) -48V power (Negative Vport) Bi-directional Pair B Minus (BI_DB-) GND (Positive Vport) 3 Bi-directional Pair B Plus (BI_DB+) GND (Positive Vport) Bi-directional Pair A Plus (BI_DA+) -48V pow
APPENDIX D | Cables and Pinouts Console Port Pin Assignments CONSOLE PORT PIN ASSIGNMENTS The RJ-45 console port on the front panel of the access point is used to connect to the access point for out-of-band console configuration to a DB-9 connector on a PC. The command-line configuration program can be accessed from a terminal, or a PC running a terminal emulation program. The pin assignments and cable wiring used to connect to the console port are provided in the following table.
GLOSSARY 10BASE-T IEEE 802.3-2005 specification for 10 Mbps Ethernet over two pairs of Category 3 or better UTP cable. 100BASE-TX IEEE 802.3-2005 specification for 100 Mbps Fast Ethernet over two pairs of Category 5 or better UTP cable. 1000BASE-T IEEE 802.3ab specification for 1000 Mbps Gigabit Ethernet over four pairs of Category 5 or better UTP cable. ACCESS POINT An internetworking device that seamlessly connects wired and wireless networks.
GLOSSARY DYNAMIC HOST Provides a framework for passing configuration information to hosts on a CONFIGURATION TCP/IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding PROTOCOL (DHCP) the capability of automatic allocation of reusable network addresses and additional configuration options. ENCRYPTION Data passing between the access point and clients can use encryption to protect from interception and evesdropping.
GLOSSARY MAC ADDRESS The physical layer address used to uniquely identify network nodes. NETWORK TIME NTP provides the mechanisms to synchronize time across the network. The PROTOCOL (NTP) time servers operate in a hierarchical-master-slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. OPEN SYSTEM A security option which broadcasts a beacon signal including the access point’s configured SSID.
GLOSSARY VIRTUAL ACCESS POINT Virtual AP technology multiplies the number of Access Points present within (VAP) the RF footprint of a single physical access device. With Virtual AP technology, WLAN users within the device.s footprint can associate with what appears to be different access points and their associated network services. All the services are delivered using a single radio channel, enabling Virtual AP technology to optimize the use of limited WLAN radio spectrum.
INDEX A F antennas 28 authentication cipher suite 214 closed system 208 MAC address 171, 172 type 208 filter 171 address 171 between wireless clients 175 local bridge 175 local or remote 173 management access 176 protocol types 177 VLANs 226 firmware displaying version 130 upgrading 161 B beacon interval 205 rate 205 BOOTP 194, 195 bridge 34 C channel 200 closed system 207 community name, configuring 147 community string 147 configuration settings, saving or restoring 161 connect console port 39 conne
INDEX location selection 36 log messages 136 server 136 M MAC address, authentication 171, 172 mounting on a horizontal surface 37 mounting on a wall 38 N network configuration 32 O open system 207 P package contents 26 password configuring 123 management 123 port priority STA 184 position antennas 39 power connector 31 SSL 127 STA interface settings 184–?? path cost 184 port priority 184 startup files, setting 160 station status 211 status displaying device status 129 displaying station status 211 su
EAP8518 E092009-DT-R01 149100000037A
