Wireless LAN Mobility System Wireless LAN Switch Manager Reference Manual 3CRWXR10095A, 3CRWX120695A, 3CRWX440095A http://www.3com.com/ Part No.
3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2005, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
CONTENTS ABOUT THIS GUIDE Conventions 15 Documentation 16 Documentation Comments 1 17 INSTALLING 3WXM Hardware Requirements 19 Hardware Requirements for 3WXM Client 19 Hardware Requirements for 3WXM Monitoring Service Software Requirements 21 Preparing for Installation 21 User Privileges 22 Serial Number and License Key 22 HP OpenView Network Node Manager 22 Installing 3WXM 23 Unpacking Files 23 Using the Installation Wizard 24 Installing the HP OpenView Plug-In 27 Licensing 28 Installation Log File 30 U
Site Objects 49 Alerts Panel 50 Content Panel 52 Monitor Tab 52 Managed Devices Tab 60 Verification Tab 61 Events Tab 62 Rogue Detection Tab 63 Information Panel 64 Configuration Wizards 65 Reports 68 Copying and Pasting Objects 70 Copy and Paste 70 Copy and Paste Replace 71 Enabling Keyboard Shortcut Mnemonics (Windows XP Only) 3 GETTING STARTED Starting 3WXM 75 Restricting Access to 3WXM 77 Creating an Administrator Account 78 Creating Provision or Monitor Accounts 79 Deleting 3WXM User Accounts 79 Disa
4 PLANNING THE 3COM MOBILITY SYSTEM Building Wizard Overview 95 Accessing the Building Wizard 95 Creating a Site 105 Creating or Modifying Buildings in a Site 107 Modifying Floor Defaults 109 Importing or Drawing Floor Details 110 Importing a Drawing of a Floor 111 Cropping the Paper Space 118 Adjusting the Origin Point 119 Adjusting the Scale of a Drawing 121 Working with Layers 122 Cleaning Up a Drawing 124 Drawing Floor Objects Manually 128 Changing an Individual Floor’s Properties 129 Specifying the RF
Generating a Work Order 175 Applying RF Auto-Tuning Settings to the Network Plan 5 176 CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS WX Switch Wizard Overview 179 System and Administrative Page 182 Wireless Page 183 AAA Page 185 Adding a WX Switch to the Network Plan 186 To create a new WX switch based on a configured switch 186 To add a switch by uploading its basic configuration from the network 187 To add a switch by importing a configuration file 187 Accessing the WX Switch Wizard 187 Configuri
Configuring Load Sharing 225 Load Sharing 225 Link Redundancy 225 Configuration Changes Based on Port Groups To configure load sharing 225 Configuring IP Services 226 Configuring Static Routes 226 Configuring IP Aliases 229 Configuring DNS 230 Configuring NTP 231 Configuring ARP 233 6 225 CONFIGURING WIRELESS PARAMETERS Overview 235 Configuring an SSID 237 Configuring a Service Profile 238 Configuring Encryption 240 Mapping a Service Profile to a Radio Profile 245 Configuring a Radio Profile 245 To creat
Defining RADIUS Server Groups 268 Creating and Managing Users in the Local User Database 269 Creating Named Users 270 Creating Named User Groups 271 Creating MAC Address Users 272 Creating MAC Address User Groups 273 Configuring User Authorization Attributes 274 Configuring and Managing Access Rules for Administrative Users 280 Using User Globs and MAC Address Globs 281 Creating Administrator and Console Access Rules 283 Managing Administrator and Console Access Rules 285 Configuring and Managing Access Rul
Changing Verification Options 330 Disabling and Reenabling Rules 331 Synchronizing Local and Network Changes 333 Change Management Options 333 Toolbar Options 334 Managing WX switch Configuration Changes 335 Synchronizing When the Network and 3WXM Have Nonmatching Changes 337 Modifying Configuration Change Polling Options 337 Deploying WX switches from a Network Plan to the Network 339 To deploy network plan changes to the network 339 To deploy WX switches from a network plan to the network 339 Distributing
Using the Explore Window 355 Toolbar Options 357 Threshold Flags 359 Displaying Object Details 361 Displaying 802.
Rogue Detection Requirements 421 Rogue Detection Lists 423 Using the Rogue Detection Tab 425 Toolbar Options 426 Filtering the Rogue List 426 Displaying Rogue Details 428 Displaying a Rogue’s Geographical Location 430 Ignoring Friendly Third-Party Devices 431 Adding a Device to the Attack List 431 Converting a Rogue into a Third Party AP 432 To convert a rogue into a third-party AP 432 To display the list 432 To remove a third-party AP 432 Adding a Rogue’s Clients to the Black List 433 Configuring RF Detect
Locating and Fixing Coverage Holes 459 Locating a Coverage Hole 459 Fixing a Coverage Hole 460 Computing and Placing New MAPs 461 Adding New MAPs that Are Already Installed to the Network Plan A USING 3WXM WITH HP OPENVIEW Preparing to Use HP OpenView and 3WXM 463 Starting 3WXM from Network Node Manager 463 B CHANGING 3WXM PREFERENCES Overview 465 Resetting Preferences Values 466 Changing Network Synchronization Options 466 Changing User Interface Options 468 Changing Persistence Options 469 Changing To
Backing Up a Plan 493 Changing Backup Settings 493 Restoring a Plan from a Backup 494 Copying a Plan Backup from One Server to Another Deleting a Plan Backup 495 D OBTAINING SUPPORT FOR YOUR PRODUCT Register Your Product 497 Purchase Value-Added Services 497 Troubleshoot Online 497 Access Software Downloads 498 Telephone Technical Support and Repair Contact Us 499 INDEX 498 494
ABOUT THIS GUIDE This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM). Read this manual if you are a network administrator or a person responsible for managing a WLAN. If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.
ABOUT THIS GUIDE This manual uses the following text and syntax conventions: Table 2 Text Conventions Convention Description Menu Name > Command Indicates a menu item that you select. For example, File > New indicates that you select New from the File menu. Monospace text Sets off command syntax or sample commands and system responses. Bold text Highlights commands that you enter or items you select.
Documentation Comments 17 Wireless LAN Switch Manager Reference Manual This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM). Wireless LAN Switch Manager User’s Guide This guide shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM).
ABOUT THIS GUIDE Example: Wireless LAN Switch and Controller Configuration Guide Part number 730-9502-0071, Revision B Page 25 Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.
1 INSTALLING 3WXM This chapter describes how to install 3Com Wireless LAN Switch Manager (3WXM). Hardware Requirements 3WXM can be utilized with a client/server deployment or both client and monitoring services can be run on the same machine. The monitoring service is used for collecting historical data and for managing the network. The client requires communication with the monitoring service for managing the network.
CHAPTER 1: INSTALLING 3WXM Hardware Requirements for 3WXM Monitoring Service Table 4 shows the minimum and recommended requirements to run the 3WXM monitoring service. Table 4 Hardware Requirements for Running 3WXM Monitoring Service Minimum Recommended Processor Intel Pentium 4 2.4 GHz or equivalent Intel Pentium 4 3.
Software Requirements Software Requirements 21 3WXM client and 3WXM monitoring services are each supported on the following operating systems: Microsoft Windows Server 2003 Microsoft Windows XP with Service Pack 1 (SP1) or later Microsoft Windows 2000 with Service Pack 4 You must use the English version of the operating system you select. Operating system versions in other languages are not supported with 3WXM.
CHAPTER 1: INSTALLING 3WXM User Privileges Before you install 3WXM, make sure that you are logged in as a user who has permission to install software, or as an administrator. After you install 3WXM, you can configure 3WXM access privileges for the user accounts on the machine. Likewise, you can configure access privileges for the monitoring service, if installed.
Installing 3WXM Installing 3WXM 23 Installing 3WXM involves the following tasks: Unpack files. (See “Unpacking Files” on page 23.) Use the installation wizard. (See “Using the Installation Wizard” on page 24.) Install the HP OpenView plug-in (optional). (See “Installing the HP OpenView Plug-In” on page 27.) Perform the licensing steps. (See “Licensing” on page 28.) The installation wizard for the 3WXM client has an option to install the monitoring service on the same machine.
CHAPTER 1: INSTALLING 3WXM Using the Installation Wizard To use the installation wizard: 1 On the Choose Installation Type page, choose one of the following: To install both 3WXM Services and the client, click the 3WXM Services icon. To install only the 3WXM client, click the 3WXM client icon. On Windows systems, the monitoring service is started automatically when you complete installation and starts automatically whenever you restart your system. 2 Click Next.
Installing 3WXM 25 5 Type the name of the directory in which to install 3WXM, or accept the default. The default installation directory is C:\Program Files\3Com\Wireless Switch Manager. You can also type a directory name in the box, or select a directory by clicking Choose and browsing the filesystem. To revert to the default installation directory, click Restore Default Folder. 6 Click Next. The Pre-Installation Summary page appears. 7 Check the installation summary information.
CHAPTER 1: INSTALLING 3WXM If this page contains options for rebooting your system, you must reboot to complete the installation. Generally, a reboot is required only if another instance of 3WXM is running while you perform the installation of this instance. Select one of the reboot options. If the Database Export Failed page appears, this indicates that the installer was unable to upgrade an existing database created by an earlier version of 3WXM.
Installing 3WXM Installing the HP OpenView Plug-In 27 To install the HP OpenView plug-in: 1 Complete step 9 of the procedure in “Using the Installation Wizard” on page 24. 2 Click Next. The Select Plug-in page appears. 3 Select the HPOV checkbox and click Next. The License Agreement page appears. After reading the 3WXM license agreement, select whether to accept the terms of the agreement. (If you choose not to accept the terms of the license agreement, you cannot proceed with the installation.
CHAPTER 1: INSTALLING 3WXM Licensing Each time you start 3WXM, it checks the license information. If the product is not licensed, the following dialog is displayed. 1 If you are installing a licensed copy, select Standard Base Product and click Next. Go to step 2. If you are installing an evaluation copy, select Time Limited Evaluation and click Next. Go to Step 3. 2 Type the license key that was supplied with the 3WXM CD, and click Next.
Installing 3WXM 29 3 Click Get Activation Key. A 3Com web page appears. Enter your registration information (and the license key, if you are licensing a purchased copy) in order to obtain an activation key. 4 Copy the activation key from the web page and paste it into the Activation Key box of the Activation Key page. 5 If you plan to manage 10 or fewer wireless LAN switches, click Finish. You are through with this procedure.
CHAPTER 1: INSTALLING 3WXM 6 Type the upgrade license key in the License Key box and click Next. 7 Click Get Activation Key to access the product activation key for your upgrade license. Register your upgrade license in order to obtain its activation key. 8 Copy the evaluation key for the upgrade license from the web page and paste it into the Activation Key box of the Activation Key page. 9 Click Finish. Installation Log File During installation, an installation log file, 3WXM_InstallLog.
Uninstalling 3WXM Uninstalling 3WXM 31 You uninstall 3WXM by using its Uninstall wizard. Access the Uninstall wizard from the 3Com program list in the Windows Start menu or the Control Panel. To uninstall 3WXM on Windows systems: 1 Access the Windows Control Panel, and select Add or Remove Programs. 2 Select 3WXM and click Change/Remove. 3 Click Uninstall. The 3WXM Uninstall Options dialog appears.
CHAPTER 1: INSTALLING 3WXM CAUTION: Do not delete the serial number unless specifically asked to do so by 3Com Technical Support. Your license(s) to use this software are registered against this serial number. If you delete the serial number, the software will generate a new serial number if it is ever reinstalled. You will then require new licenses to register against the new serial number. If you delete the serial number, the license information will also be deleted.
2 WORKING WITH THE 3WXM USER INTERFACE This chapter describes how to use the 3Com Wireless LAN Switch Manager (3WXM) interface. Overview A network plan is the workspace in 3WXM you use to design a 3Com network. In a network plan, you define components of the network (WX switches, MAP access points, and optionally third-party access points).
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Organizer panel Toolbar Content panel Object Details panel (hidden by default) Alerts panel Network Activity icon The main 3WXM window contains a toolbar with menu categories. Underneath the categories are icons for frequently used menu options. The window also contains panels for navigating to and displaying information. The main 3WXM window contains the following panels. (See the previous figure.
Menu Options in Main 3WXM Window 35 Alerts panel — Displays summary statistics for configuration changes or errors and for rogue access points detected in the 3Com Mobility Domain. Object Details panel — Displays details for an object selected in the Organizer panel. When displayed, the Object Details panel is located under the Content panel. This panel is hidden by default. You can resize a panel by clicking and dragging the panel’s border.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Table 6 3WXM Menu Options Menu Menu Option File Description (New) Create a new network plan. (Open) Open a network plan. Close Close a network plan. (Switch Network Plan) Select a different network plan to edit. Delete a network plan. (Delete Network Plan) (Save) Save a network plan. (Save As) Save a copy of a network plan under a new name. Refresh Refresh the network plan with the most current data from the server.
Menu Options in Main 3WXM Window 37 Table 6 3WXM Menu Options (continued) (Alerts) Open the Alerts panel. (Toolbars) Toggle display of toolbar icons. Icons for selected toolbar categories are displayed under the row of toolbar categories. Config (Insert) Add an object. This option displays a wizard to a child object to the selected object in the Organizer panel. For example, if a Mobility Domain name is selected, Config > Insert displays the Create Wireless Switch wizard to add a WX switch.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Table 6 3WXM Menu Options (continued) (Distribute Certificates) Distribute certificates to WX switches. (Reboot WX/MAP Reboot WX switches or MAP access points. Devices) (Apply Auto-Tune Settings) Apply channel and power settings from live radios to their counterparts in the network plan to update the plan. For example, if RF Auto-Tuning causes radio configuration changes, you can easily synchronize the network plan with the changes using this option.
Menu Options in Main 3WXM Window 39 Table 6 3WXM Menu Options (continued) (Client Errors) Generate a trend report on client-related health in the network. For example, this report can indicate areas of the network where clients have been experiencing high association failure rates. (Watch List Client) Generate a report of detailed information for a client on the watch list. (For more information about the client watch list, see “Managing the Client Watch List” on page 389.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Table 6 3WXM Menu Options (continued) (3WXM Services Backup/Restore) Configure settings for backing up the database used by 3WXM services, as well as restore a previously backed-up version of the database. (3WXM Services Display information about the lock placed on Lock Management) the network plan and/or delete the lock. Window (Launch Telnet) Open a Telnet connection to a selected device.
Organizer Panel Organizer Panel 41 The Organizer panel provides a tree-like view of the 3Com equipment and site data managed by 3WXM. The Organizer panel contains the following sections: Policies — The set of policies included in your network plan. Equipment — The set of devices in your network plan.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE To display the objects in a section of the Organizer panel, click on the right arrow next to the section name. For example, to display the objects in the Sites section, click next to Sites. The section is expanded to display the site names. To expand the view of an object in the Policies, Equipment, or Sites panel and display its contents, click on the plus sign next to the object.
Organizer Panel Displaying Additional Object Details 43 To display details for an object in the Organizer panel, select the object. Details about the object appear in the Information panel, located at the bottom right of the main 3WXM window. For example, select a Mobility Domain to display the system IP address and system name of the seed switch for the domain.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE To edit configuration parameters for an object, right-click on the object’s icon and select Edit. To display parameters for an object, right-click on the object’s icon and select View. To create a new instance of an object (where applicable), right-click on the object’s icon and select Insert. You also can create objects by copying and pasting. (See “Copying and Pasting Objects” on page 70.) Table 7 lists the objects for a policy.
Organizer Panel 45 Table 7 Policy Objects (continued) Object Description Admin Access Rules Rules for securing Admin access and console access to the WX switch. Network Access Rules Rules for authenticating users attempting to access the network. You can create rules for the following authentication types: IEEE 802.1X MAC authentication Web AAA Last-resort RF Detection Settings for RF detection scans.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Equipment Objects The Equipment section of the Organizer panel contains configuration objects for Mobility Domains, WX switches, and third-party APs. At the top level of the hierarchy, the Equipment section of the Organizer panel can contain the following types of objects: Mobility Domain—Configuration parameters for a Mobility Domain. You can configure parameters for the WX switches within a Mobility Domain.
Organizer Panel 47 Table 8 lists the objects that can appear under a Mobility Domain. These objects control configuration parameters for devices in the Mobility Domain. Table 8 Mobility Domain Objects Object Description WX switch Configuration parameters for the WX switches within a Mobility Domain. See Table 9 for a description of the configurable objects for a WX switch. Rogue Detection Configuration parameters for rogue detection and countermeasures.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Table 9 WX Switch Objects (continued) Radio Profiles Sets of radio parameters that can be applied to multiple radios, including the beacon interval, RF Auto-Tuning settings, and service profiles. (Service profiles associate SSIDs with the radios.) Service Profiles Sets of encryption parameters associated with an SSID and with radio profiles. Ports/MAPs Settings for individual ports and for directly connected access points.
Organizer Panel 49 Table 9 WX Switch Objects (continued) IP Services Settings for IP parameters: IP routes to the default gateway IP aliases Domain Name Service (DNS) settings Network Time Protocol (NTP) settings Address Resolution Protocol (ARP) settings Table 10 lists the object that can appear under Third Party APs. Table 10 Third Party AP Objects Object Description AP: name Configuration parameters for a third-party (non-3Com) AP.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Table 11 Third Party AP Objects (continued) Coverage Area Wireless coverage area on the selected floor. Coverage areas contain radios. MAP Access Point MAP access point on the selected floor. MSP access points contain radios. Third-party access Third-party access point on the selected floor point Alerts Panel The Alerts panel provides brief configuration and rogue detection status.
Alerts Panel 51 Table 12 lists the types of alerts displayed in the Alerts panel. Table 12 Alerts Alert Category Description Configuration Lists the number of configuration errors and warnings encountered when 3WXM verifies WX switch configurations in the network plan. 3WXM compares a switch’s configuration to a set of configuration rules, and flags the items that must (error) or should (warning) be corrected before deploying the switch configuration from the network plan to the live network.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Content Panel The Content panel displays information for objects selected in the Organizer panel, or for options selected from the Manage or Monitor toolbar option of the main 3WXM window. Information is displayed in the following tabs: Monitor Managed Devices Verification Events Rogue Detection Performance Statistics Clicking on a statistic in the Alerts panel also opens one of these tabs.
Content Panel 53 Drop-Down List The scope of the data displayed depends on the object that is selected. For example, if you select a Mobility Domain, the information applies to all the WX switches, MAP access points, and radios in the Mobility Domain. If you select an individual radio, the information applies only to that radio. To open the Monitor tab, select an object in the Organizer panel, then do one of the following: Select Monitor > New Monitor from the main 3WXM toolbar.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE If you select a MAP access point or a radio, the floor plan containing the MAP or radio is displayed. The floor plan also is displayed if you select the floor or you select a wiring closet, coverage area, MAP, or radio on the floor.
Content Panel 55 Floor views are available only if you add the floor to the site information in the network plan. In either view, the operational status of 3Com equipment is indicated by the following colors: Green — Up Yellow — Up (but with minor service degradation) Orange — Up (but with major service degradation) Red — Down Blue — Unknown You can double-click on an object to drill down to more detailed information about the object.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE You can edit configuration parameters for an object displayed in the Explore window by right-clicking on the object’s icon and selecting Edit. To create a new instance of an object (where applicable), right-click on the object’s icon and select Insert. Monitor Tab — Status Summary Window The Status Summary window shows the operational status of 3Com equipment (WX switches, their MAP access points, and MAP radios).
Content Panel 57 Monitor Tab — Client Monitor Window The Client Monitor window shows detailed information about client activity on the network. Client information is displayed in the following tabs: Client Activity — displays association and 802.1X information for the clients Client Sessions — lists bandwidth, signal-to-noise-ratio (SNR), and received signal strength indicator (RSSI) information for client sessions Client Watch List — lists the clients 3WXM is tracking.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Monitor Tab — RF Monitor Window The RF monitor window shows detailed RF information for each radio. Radio information is displayed in the following tabs: RF Neighborhood — lists the other transmitting devices that the radio can hear. SSID-BSSID Mapping — lists the MAC address associated with each SSID the radio can hear Activity — lists log messages for the radio RF Environment — lists 802.
Content Panel 59 Monitor Tab — RF Trends Window The RF trends window shows current and historical 802.11 statistics and shows graphs of the data. You can graph absolute values or deltas from previous values.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Managed Devices Tab The Managed Devices tab enables you to examine and reconcile configuration differences between WX switches in the live network and their counterparts in a network plan. You can display this tab in the following ways: Click on Local Changes or Network Changes in the alerts section of the Organizer panel. Select Manage > Managed Devices from the main 3WXM toolbar.
Content Panel Verification Tab 61 The Verification tab enables you to troubleshoot configuration issues on WX switches in the network plan or in the live network. Warning or error messages are displayed to indicate issues. Warning and error messages Resolutions Error/Warning Details You can fix configuration errors and verify the results. If you want to instead disregard specific error or warning messages, you can disable the messages.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Events Tab The Events tab displays log messages for 3WXM, the monitoring service, and for WX switches. To display the Events tab, select Monitor > Events from the main 3WXM toolbar.
Content Panel Rogue Detection Tab 63 The Rogue Detection tab lists information about non-3Com wireless devices detected in the Mobility Domain. The Mobility System Software (MSS) running on WX switches continually performs RF scans to detect rogue access points. Normally, if a scan detects a third-party access point, MSS assumes the access point is a rogue and issues countermeasures against it.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Information Panel The Information panel displays details about the object selected in the Organizer panel. For example, if a WX switch is selected, details about the switch are displayed.
Configuration Wizards Configuration Wizards 65 3WXM provides configuration wizards for configuring site information and 3Com equipment. The wizards provide a general workflow for configuration and enable you to easily set or change the parameters for an object. You display the configuration wizard for an object by selecting the object in the Organizer panel, then right-clicking and selecting Insert (to create a new one) or Edit (to edit the one that is selected).
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE CAUTION: None of the information you enter in a wizard is saved until you click Finish. If you want to stop working in a wizard and return to finish later, click Finish to save your work before closing the wizard. Some pages have buttons that open additional wizards. For example, the RADIUS Server page contains buttons to add, change, copy and paste, or delete a RADIUS server. Clicking the New RADIUS Server button opens the Create RADIUS Server wizard.
Configuration Wizards 67 The Modify RADIUS Server wizard remains open in the background. After you enter information in the Create RADIUS Server wizard and click Finish, the Modify RADIUS Server returns to the foreground. The new server added with the Create RADIUS Server wizard appears in the server list.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Most of the configuration wizards in 3WXM are similar to the Modify RADIUS Server wizard. Two of the wizards are more complex: Building wizard — Enables you to import or create floor drawings, characterize RF obstacles, plan wireless coverage, and generate work orders for 3Com equipment installation. (See “Planning the 3Com Mobility System” on page 95.) WX Switch wizard — Enables you to modify a switch’s configuration parameters.
Reports 69 When you generate a report, you can specify the scope of the report and the location where 3WXM saves the report. Some reports also have additional options. 3WXM saves the reports in HTML format. Here is an example of a client summary report.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Copying and Pasting Objects 3WXM allows you to duplicate objects, using the copy, paste, and paste replace options. Use the copy and paste options to create a new object. Use the copy and paste replace options to replace an object with a copy of another instance of the same type of object. You can copy and paste objects selected in the Organizer panel or in the Building wizard.
Copying and Pasting Objects Copy and Paste Replace 71 To replace an object with the copy and paste replace options: 1 Select the object you want to copy in the Organizer panel. 2 Right-click on the object and select Copy, or select Edit > Copy from the main toolbar. 3 Select the object you want to replace. 4 Right-click on the parent object and select Paste Replace, or select Edit > Paste Replace from the main toolbar. The configuration wizard for the new copy appears.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE Enabling Keyboard Shortcut Mnemonics (Windows XP Only) Keyboard shortcut mnemonics (also called action mnemonics) in 3WXM underline shortcut characters in action names in toolbars and menus. When a character is underlined, you can press the corresponding letter key on the keyboard to display the toolbar menu or perform the menu action. Depending on your Windows XP desktop setup, 3WXM might not show action mnemonics.
Enabling Keyboard Shortcut Mnemonics (Windows XP Only) 73 4 Clear the box labeled Hide underlined letters for keyboard navigation until I press the Alt key. Clearing this option allows programs to show the underlined character for mnemonics in 3WXM. 5 Click OK. 6 In the Display Properties dialog box, click OK.
CHAPTER 2: WORKING WITH THE 3WXM USER INTERFACE
3 GETTING STARTED This chapter contains information about starting 3Com Wireless LAN Switch Manager (3WXM), restricting access to 3WXM, creating and managing network plans, and defining a Mobility Domain. Starting 3WXM The following steps describe how to start 3WXM. 1 Select Start > Programs > 3Com > 3WXM > 3WXM, or double-click the 3WXM icon on the desktop. If you are starting 3WXM for the first time, or you have not entered license information previously, the License wizard appears.
CHAPTER 3: GETTING STARTED 7 Type the upgrade license key in the License Key box and click Next. 8 Click the Get Activation Key to access the product activation key for your upgrade license. Register your upgrade license in order to obtain its activation key. 9 Copy the activation key for the upgrade license from the web page and paste it into the Activation Key box of the Activation Key page. 10 Click Finish.
Restricting Access to 3WXM 77 Switch to an existing network plan. You can open the sample plan included with 3WXM or a plan that you or another 3WXM user has saved on the 3WXM Services host. 3WXM comes with a sample plan called 3ComStarterExample. This plan contains a two-floor building with two WX1200 switches and two AP2750 MAP access points on each switch. Each switch and its MAPs provide coverage for a floor. The 3Com equipment is configured to provide both clear (unencrypted) and secure (802.
CHAPTER 3: GETTING STARTED Creating an Administrator Account Before you can restrict user access to 3WXM, you must create an administrator account. After creating an administrator account, you can create provision or monitor accounts. To create an administrator account: 1 Select Tools > 3WXM Services Setup. The 3WXM Services Setup dialog box appears. 2 In the Access Control section of the dialog box, de-select Allow all users. The Add Account dialog box appears.
Restricting Access to 3WXM 79 3 Type a new password for the administrator (1 to 80 alphanumeric characters, with no spaces or tabs). The password is case-sensitive. 4 Type the administrator password again for verification. 5 Click OK. 6 In the 3WXM Services Setup dialog box, click Save to save the changes. Creating Provision or Monitor Accounts After creating an administrator account, you can create a provision or monitor accounts.
CHAPTER 3: GETTING STARTED Disabling Access Control If you have enabled access control for 3WXM, you can disable access control. This allows all users who have successfully authenticated to the system on which 3WXM is installed to run 3WXM. If you disable access control, the permissions and account types are deleted from 3WXM. These deletions have no effect on the Windows user accounts. To disable access control: 1 Select Tools > 3WXM Services Setup. The 3WXM Services Setup dialog box appears.
Creating and Managing Network Plans Creating a Network Plan 81 To create a network plan 1 From the main 3WXM window, select File > New. The Options wizard appears. 2 In the Network Plan Name box, type a name for the network plan. You can use 1 to 60 alphanumeric characters, with no spaces, tabs, or any of the following: slash (/), backslash (\), quotation marks (“ ”), asterisk (*), question mark (?), angle brackets (< >), or vertical bar (|).
CHAPTER 3: GETTING STARTED 5 If 3WXM detected third-party (non-3Com) APs, they appear in the Third Party AP list. If you want to include any of the listed third-party APs in your network plan, click Choose Available and select the APs from the list. 6 Click Next to save the network plan on the server and open it in 3WXM. 7 Do one of the following: Managing Network Plans If you intend to use the physical planning features, click Next to configure Site information.
Creating and Managing Network Plans To save a network plan: 1 In the main 3WXM window, select File > Save. 2 Click Finish. You can also save a network plan with a new name.
CHAPTER 3: GETTING STARTED Saving a Network Plan with a New Name You can save a network plan with a new name by using the Save As feature. To save a network plan with a new name: 1 In the main 3WXM window, select File > Save As. The Save As Network Plan wizard appears. 2 In Specify Plan Name, type a new network plan name. Optionally, you can select an existing network plan name to replace it. 3 Click Next. You see the status of the save process. 4 Click Finish.
Creating and Managing Network Plans 85 You can open a network plan created in a previous version of 3WXM with a later version of 3WXM. For example, if you created a network plan in 3WXM Version 2.1, you can open the plan in 3WXM Version 4.0. However, because a network plan created in 3WXM Version 2.1 manages WX switches running MSS Version 2.1, you cannot use new features available in MSS Version 4.0 unless you upgrade the WX to MSS Version 4.0.
CHAPTER 3: GETTING STARTED Closing a Network Plan You can close a network plan at any time. If you have unsaved changes, you are asked whether you want to save the changes. You can save the changes on the server (the host running the 3WXM service) or locally (the host on which you are working). If you elect to save changes locally, the changes are not saved on the server.
Creating and Managing Network Plans 87 If you select Save Changes Locally, the changes are not saved on the server. In this case, the next time you start 3WXM, the software checks whether your client still holds the lock for the network plan; if it does, then the network plan with the locally saved changes is opened in 3WXM. 4 Click Next to save and close the network plan. Deleting a Network Plan You can delete a network plan at any time.
CHAPTER 3: GETTING STARTED Sharing a Network Plan Since the 3WXM plan repository resides on a networked server (the host running 3WXM Services), you can easily share access to network plans among hosts running the 3WXM client. When you make changes to a network plan, 3WXM locks it on the server. Other 3WXM clients can still open the network plan, but the lock prevents the other clients from modifying it while you are making changes.
Creating and Managing Network Plans 89 To override another user’s lock 1 Select Tools > 3WXM Services Lock Management. The 3WXM Services Lock Management dialog box appears. 2 Select the lock you want to delete and click on Delete Lock. (Only an Administrator can delete a lock.) 3 A message is displayed indicating that the user whose lock you selected will not be able to save their changes when you delete their lock. Click Yes to confirm that you want to do this.
CHAPTER 3: GETTING STARTED Defining a Mobility Domain A Mobility Domain is a collection of WX switches that work together to support roaming users. One of the WX switches is defined as a seed device, which distributes information to the other WX switches defined in the Mobility Domain. A Mobility Domain allows users to roam geographically from one WX switch to another without losing network connectivity. Users connect as a member of a VLAN through their authorized identities.
Defining a Mobility Domain 91 The client uses the same authorization parameters for the new session as for the old session. For example, changing the Encryption-Type or VLAN-Name parameter might cause a new session to be recorded, rather than a roam within the same session. A disassociated session has a grace period of 5 seconds in which the session history can be retrieved and forwarded. After 5 seconds, the session is cleared, and its accounting is stopped. You cannot configure the grace period.
CHAPTER 3: GETTING STARTED Table 13 Traffic Ports Used for AAA Servers and Management Servers Protocol Port Function IP/UDP (17) 1812 RADIUS authentication (default setting) IP/UDP (17) 1813 RADIUS accounting (default setting) IP/TCP (6) 443 Secure Sockets Layer protocol (SSL) management using Web Manager IP/TCP (6) 8889 SSL management using 3WXM IP/TCP (6) 23 Telnet management IP/UDP (17) 161 SNMP get and set operations IP/UDP (17) 162 SNMP traps IP/ICMP (1) N/A Several types
Defining a Mobility Domain 93 2 In the Mobility Domain Name box, type the name for the Mobility Domain (1 to 16 characters, with no spaces or tabs). 3 In the Seed Member list, select the WX switch that is the seed member. Only a WX in the Mobility Domain can be specified as a seed member. If the only value in the list is Not Assigned, you must create a WX switch and assign it a valid system IP address before completing the wizard. 4 Do one of the following: To close the wizard, click Finish.
CHAPTER 3: GETTING STARTED
4 PLANNING THE 3COM MOBILITY SYSTEM The 3Com Wireless LAN Switch Manager (3WXM) planning tools help you plan your mobility system. This chapter discusses the Building wizard and describes how to create a site, create or modify buildings, import or draw floor details, specify the RF characteristics of a floor, define a wireless coverage area, compute MAP placement, and generate RF network design information.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Depending on how you access the wizard, the wizard’s title can be Create Building, Modify Building, Create Floor, or Modify Floor. The wizard is the same regardless of the title.
Building Wizard Overview 97 Building Wizard — Setup Page The Setup page (shown above) enables you to configure basic building parameters including the building name, number of floors for which you want to plan wireless coverage, and default settings for unit of measurement and ceiling attenuation. Table 14 lists the toolbar icons in the edit options area of the page. Table 14 Toolbar Options on Setup Page Option Description Edit floor properties, including the name, level, and ceiling attenuation levels.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Building Wizard — Edit Content Page The Edit Content page enables you to modify imported floor drawings or create new ones, and characterize RF obstacles. You can assign attenuation information to objects or import the information from a site survey data file. The edit options area has icons for free-drawing objects and for inserting RF obstacles.
Building Wizard Overview 99 Table 15 lists the toolbar icons at the top of the floor display area. Table 15 Toolbar Options on Edit Content Page Option Description Adjust the paper space (crop the drawing). Define the drawing scale. Change the grid size. Open the Information pane. The Information pane appears under the Floor display. Show the zoom navigator pane. Zoom in. Zoom out. Fit view in window. Print the view displayed in the Floor display area. Copy selected objects. Paste selected objects.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Table 15 Toolbar Options on Edit Content Page (continued) Option Description Remove RF obstacle information. Delete selected components. View or change dimensions. Building Wizard — Plan RF Coverage Page The Plan RF Coverage page enables you to identify the wiring closet locations, draw and characterize the wireless coverage areas, insert third-party access points, and compute installation locations for WX switches and 3Com access points.
Building Wizard Overview 101 The edit options area has icons for drawing coverage areas and for inserting wiring closets, RF measurement points, and third-party access points. These icons are described in “Defining a Coverage Area” on page 137, “Adding a Third-Party Access Point” on page 149, and “Placing RF Measurement Points” on page 169. Table 16 lists the toolbar icons at the top of the floor display area. Table 16 Toolbar Options on Plan RF Coverage Page Option Description Define the drawing scale.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Table 16 Toolbar Options on Plan RF Coverage Page (continued) Option Description Show 802.11g RF coverage in the floor display area. Hide display of 802.11 RF coverage in the floor display area. Building Wizard — Optimize RF Coverage Page The Optimize RF Coverage page enables you to fine tune a network plan with RF data from the network. You can import data from a site survey file to refine the attenuation information for RF obstacles.
Building Wizard Overview 103 Table 17 Toolbar Options on Optimize RF Coverage Page Option Description Define the drawing scale. Change the grid size. Open the Information pane. The Information pane appears under the floor display area. Show the zoom navigator pane. Zoom in. Zoom out. Fit view in window. Print the view displayed in the floor display area. Undo last change. Redo last change. Edit properties. Delete selected components. View or change dimensions. Place an RF measurement point. Show 802.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Building Wizard — Report Page The Report page enables you to generate work orders for installing 3Com equipment. You also can display 3Com equipment inventories and other network information. Table 18 lists the toolbar icons at the top of the floor display area. Table 18 Toolbar Options on Report Page Option Description Define the drawing scale. Change the grid size.
Creating a Site 105 Table 18 Toolbar Options on Report Page (continued) Option Description Open the Information pane. The Information pane appears under the floor display area. Show the zoom navigator pane. Zoom in. Zoom out. Fit view in window. Print the view displayed in the floor display area. Creating a Site A site is a folder that contains the buildings in the network plan. A site usually represents a campus of geographically colocated buildings.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM To create a site: 1 Without selecting any object in the Organizer panel, select Config > Insert > Site from the main 3WXM menu. The Create Site wizard appears. 2 In the Site Name box, type a name for the site (1 to 80 alphanumeric characters, with no spaces or tabs). 3 In the Number Of Buildings box, specify how many buildings are in your site.
Creating or Modifying Buildings in a Site Creating or Modifying Buildings in a Site 107 You can add a new building or modify an existing building. 1 Display the Building page by doing one of the following: In the Create Site wizard, click Building at the top of the wizard. In the Organizer panel, select the site. Right-click and select Edit. Click Building at the top of the wizard. The Building page appears.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 3 In the Building Name box, type the name of the building (1 to 30 alphanumeric characters, with no spaces or tabs). 4 In the Number Of Floors box, specify how many floors the building has. 5 In the Starting Floor Level box, specify the floor number of the first floor in the building. To start with a subterranean floor, you can specify 0 or a negative floor number. 6 In the Skip Floor Levels box, specify floor numbers you want to skip.
Creating or Modifying Buildings in a Site 109 7 Do one of the following: Click Apply Changes to apply the numbering changes to the plan. Click Ignore Changes to clear the changes without applying them. 8 Do one of the following: Modifying Floor Defaults Click the Floor Defaults tab to change the default values for unit of measurement, ceiling height, and attenuation caused by ceilings. See “Modifying Floor Defaults”. Click Next to configure floor information for the building.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM The ceiling height is based on the surface of the ceiling where the access points will be mounted, not on the center of the plenum space between floors. 4 In the Ceiling Type box, select the type of ceiling used most commonly in the building. 3WXM adjusts the default attenuations based on your selection. 5 To change the default attenuation for radios, type the number of dB in the 802.11a (dB) box or 802.11b/g (dB) box.
Importing or Drawing Floor Details Importing a Drawing of a Floor 111 You can import a drawing of your floor plan into 3WXM. 3WXM supports the following file types: AutoCAD drawing (DWG), a native binary format used by AutoCAD. You can import the following versions: R13, R14, R2000. Use R2000 if available. Drawing Interchange Format (DXF), an ASCII-based interchange format used for multi-vendor interoperability. You can import the following versions: R12, R13, R14, R2000. Use R2000 if available.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Preparing a Drawing Before Importing It 3WXM has a file cleanup feature that can help remove unwanted information from an imported drawing. However, the more cleanup work you do before importing a file, the better the results will be. In addition, cleaning up a file before importing it helps reduce the file size, which in turn enhances performance when handling the file in 3WXM.
Importing or Drawing Floor Details 113 Check for grouped objects, especially groups that span multiple layers or include the entire drawing. If a grouped object contains objects that you will to assign differing RF values to, or if some objects will not become RF obstacles, ungroup the objects and delete the unneeded objects. If all the RF objects in the grouped object will have the dame RF value, you might want to leave the object grouped.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM In AutoCAD: Click-drag to select unwanted objects and delete them. When all unwanted objects are deleted, purge the drawing of all unwanted layers, blocks, and font by selecting File > Drawing Utilities > Purge. Make sure purge nested items is selected. Click Purge until the option is greyed out. CAUTION: In AutoCAD, you cannot delete a layer if the layer is not empty.
Importing or Drawing Floor Details 115 Useful AutoCAD Operations and Naming-Conventions Table 19 and Table 20 provide AutoCAD operating tips and naming conventions that can be helpful as you prepare your floor plans for 3WXM. Table 19 Operating Tips Operation Path Zoom Extension Hotkey Ctrl+Backspace Arranges all items in the drawing view. Explode Format > Explode Alt+Shift+E Ungroups all items. Group Use “Create Group” tool or Format > Create Group Group items.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 2 Select the floor number from the Current Floor list. By default, the lowest floor of the building is selected. 3 Click Import Floor Layout. 4 After navigating to the directory containing the drawing, select it, and click Open. The drawing appears. After you import a drawing, 3WXM remembers the directory you chose. If you originally imported a DXF or DWG file, you can import a DXF, DWG, GIF, or JPEG file and layer it over the original file.
Importing or Drawing Floor Details 117 5 Read the message about verifying the drawing scale, then click OK. (“Adjusting the Scale of a Drawing” on page 121 describes how to adjust the scale.) The drawing is displayed in the View panel. 6 Do one of the following: Click Finish to save the changes and close the wizard. Change floor properties. See “Modifying Floor Defaults” on page 109 or “Changing an Individual Floor’s Properties” on page 129. Edit floor contents.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Cropping the Paper Space You can crop the paper space of a drawing to remove unneeded space and objects around the floor. For example, if the drawing includes parking lot information, you can easily remove the parking lot by cropping. CAUTION: All objects that are outside the area you select to keep, are permanently removed. To crop the paper space 1 Access the floor plan in the Edit Content page. 2 Click con the toolbar.
Importing or Drawing Floor Details Adjusting the Origin Point 119 3WXM uses a building’s origin point to understand what is above or below a given floor. When calculating RF coverage, 3WXM needs to understand where MAP access points on adjacent floors are located so that 3WXM can take RF from those MAPs into account when assigning channels. If an imported drawing has an origin point defined, 3WXM tries to use that origin point.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM You are not required to use the upper left corner of the building as the origin point. You can select an easily identifiable feature on all floors, such as an elevator shaft. Or, to include additional features that are not on the floor itself, you can extend the drawing beyond the exterior walls by moving the origin farther up and left. To adjust the origin point 1 Access the floor plan in the Edit Content page.
Importing or Drawing Floor Details 121 In this example, the origin point has been moved to an interior shaft. New location of origin point Adjusting the Scale of a Drawing If you imported a DWG or DXF drawing, you might need to adjust the scale of the drawing because the units used in these drawings might not have a one-to-one correspondence to meters and feet. To adjust the scale of the drawing, you draw a line between two points of known distance and adjust the measurement.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM To adjust the scale 1 In the Edit Content page of the Building wizard, click on the toolbar. 2 Drag to create a line between two points. The Input dialog box appears. 3 Type the actual distance between the two points. 4 Click OK. Until you adjust or verify the scale of a floor, 3WXM reminds you to do so each time you navigate to the Edit Content page when the floor is displayed.
Importing or Drawing Floor Details 123 Adding or removing a layer To add a new layer to a drawing, do the following in the Edit Content page: 1 Right-click the list of layers next to the View panel. 2 Select Add Layer from the menu that is displayed. 3WXM adds the new layer to the bottom of the list and highlights its name in the Layer Name column so you can edit it. 3 Edit the name.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Moving an object from one layer to another To move an object from one drawing layer to another: 1 In the View panel of the Edit Content page, select the object(s). 2 Click on the toolbar. The Layer Assignment dialog box appears. 3 Click the down arrow to display the list of layers in the drawing, and select the layer to which you want to move the object(s). 4 Click OK.
Importing or Drawing Floor Details 125 To clean up a drawing 1 On the Edit Content page, click Clean Layout. The Floor Plan Clean Up wizard appears. 2 In the Remove Lines and Remove Objects group boxes, click next to any items you do not want 3WXM to remove from the drawing during cleanup. 3WXM removes all these items by default. 3 To change the short line length, type the new length in the Short Line Length box. 3WXM removes all lines that are this length or shorter.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 5 To change the maximum size of objects to be removed, type the new horizontal and vertical dimensions in the X-axis and Y-axis boxes. 3WXM removes all objects that fit within both the specified axes. 6 In the Layer List group box, select the layers you want to clean up. You can select individual layers or all layers. 3WXM removes the specified objects only from the layers you select. By default, no layers are selected. 7 Click Next.
Importing or Drawing Floor Details 127 9 Do one of the following: Click Finish to accept the changes. Click Previous to change the cleanup constraints. Go to step 2 on page 125. Click Cancel to cancel the changes.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Drawing Floor Objects Manually You can use the Free Draw palette to add objects to your floor drawing that are not related to RF obstacles (for example, a conference room table). The tools for drawing non-RF objects work the same as the tools for drawing RF objects, but the tools are different. To draw a non-RF object, use the tools in the Free Draw group box. To draw RF objects, use the tools in the Insert RF Obstacle group box.
Importing or Drawing Floor Details Changing an Individual Floor’s Properties 129 To change an individual floor’s properties, you use the Setup page of the Building wizard. Follow these steps. 1 In the Setup page of the Building wizard, select the floor by clicking in the Level column or Floor Plan column. 2 Click the Edit floor properties icon. The Floor Properties dialog box appears. 3 To change the floor name, type the new name in the Floor Name box (1 to 60 alphanumeric characters, with no tabs).
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Specifying the RF Characteristics of a Floor 3WXM uses RF attenuation information in the floor plan when calculating how many MAPs you need and where to place them to provide the wireless coverage required for the floor. The RF attenuation information comes from the attenuation values associated with objects on the floor plan that have been converted into RF obstacles. An RF obstacle is an object that has an attenuation value associated with it.
Specifying the RF Characteristics of a Floor 131 3 Go to “To use the Create RF Obstacle Dialog box” on page 132. To create RF obstacles for an area in a drawing 1 Diagonally drag the cursor over the area where you want to create RF obstacles. 2 Right-click, and select Create RF Obstacle. The Create RF Obstacle dialog box appears. 3 Go to “To use the Create RF Obstacle Dialog box” on page 132. To create RF obstacles for multiple selected objects in a drawing 1 Click an object on the floor.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM To use the Create RF Obstacle Dialog box The Create RF Obstacle dialog box is shown in the following figure. 1 In the Description box, type a description for the RF obstacle (1 to 60 characters, with no tabs). 2 In the Obstacle Type list, select the material of which the RF obstacle is made. Select Other if the material is not listed. This allows you to create your own obstacle type.
Specifying the RF Characteristics of a Floor Drawing RF Obstacles 133 To draw RF obstacles, you use the Insert RF Obstacle box of the Edit Content page. Follow these steps. 1 In the Insert RF Obstacle group box of the Edit Content page, click one of the following icons and draw the object as described: Object Action Diagonally drag the cursor over the area where you want the circle to appear. (circle) Diagonally drag the cursor over the area where you want the square to appear.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Using an object other than a line to represent an RF obstacle’s dimensions does not materially affect the calculation of RF attenuation. When 3WXM calculates attenuation along any vector passing through the obstacle, it counts the obstacle’s RF attenuation only once, regardless of the floor space it occupies. The Create RF Obstacle dialog box appears. 2 Go to “To use the Create RF Obstacle Dialog box” on page 132.
Defining Wireless Coverage Areas Accessing the Define Coverage Page 135 You access the Define Coverage page using the Building wizard. Follow these steps. 1 Open the Building wizard. See “Accessing the Building Wizard” on page 95. 2 Click Plan RF Coverage at the top of the wizard. The Plan RF Coverage page appears. Creating a Wiring Closet A wiring closet is a room that contains networking devices, such as switches. If you have an existing wiring closet, you can draw it on the floor layout.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Each floor plan must have at least one wiring closet, if the floor will use MAPs that are directly connected to their WX switches. However, a floor is not required to have a wiring closet if MAPs will be indirectly attached through the network. In this case, if you do not create a wiring closet, 3WXM assumes the WX switch that will manage the Distributed MAPs will be located in a wiring closet on another floor in the building.
Defining Wireless Coverage Areas 137 3WXM determines how many WX switches are needed when it computes how many MAP access points are required and automatically creates them. 5 To add a WX switch you previously created to the wiring closet, click Choose Available, and select the WX switch from the list. Repeat for additional WX switches. To remove a WX switch from the wiring closet, select it from the list of WX switches and click Remove.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Area 2 840-9502-0035 Area 1 The coverage areas shown in the figure below cannot share coverage and are not supported by 3WXM. (However, separate, nonshared coverage areas can overlap.) Area 1 Area 2 840-9502-0035 138 Keep the following in mind when planning shared coverage areas: Two coverage areas using the same wireless technology cannot be shared. A coverage area using 802.11b and a coverage area using 802.11g cannot be shared.
Defining Wireless Coverage Areas 139 Drawing a Coverage Area 840-9502-0036 3WXM supports concave polygons, which have an internal angle greater than 180 degrees. When drawing a polygon, make sure that two sides of the polygon do not intersect each other, as shown in the following figure. Also make sure start and end points and the vertices are not too close.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Object Action 1 Click at a vertex, and drag the cursor to the next vertex. 2 Click again, and drag the cursor until the parallelogram takes the shape you want. (parallelogram) 3 Click to finish. 1 Click at a vertex, then move the cursor to the next vertex. (polygon) 2 Repeat until the polygon takes the shape you want. For a polygon with n sides, click n-1 additional times at the vertices. For example, to draw a 7-sided polygon, click at 6 vertices.
Defining Wireless Coverage Areas Go to “Specifying the Wireless Technology for a Coverage Area”.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Specifying the Wireless Technology for a Coverage Area (To draw a coverage area, see “Drawing a Coverage Area” on page 139.) To specify wireless technology for a coverage area: 1 In the Technology list of the Coverage Area Choices wizard, select one of the following: 802.11a 802.11b 802.11g 802.11a and 802.11b 802.11a and 802.11g Select 802.11a and 802.11b if the area requires 802.11a and 802.11b coverage. Select 802.11a and 802.
Defining Wireless Coverage Areas 143 Specifying Coverage Area Properties To specify coverage area properties: 1 In the Name box, type a name for the coverage area (1 to 60 characters long, with no tabs). 2 Verify that the Technology selection is correct. 3 For 802.11g, to prevent the association of 802.11b clients to any radio in this coverage area, select Exclude 802.11b clients. To allow 802.11b clients to associate to radios in the coverage area, clear Exclude 802.11b clients.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 3WXM can perform two calculations for MAP placement. One is based on coverage only. The other is based on capacity, using the capacity parameters. 3WXM compares the results of the calculations and selects the calculation that results in more MAPs. By default, 3WXM performs only the coverage calculation. If you enable the Use Capacity Calculation option, 3WXM performs both calculations.
Defining Wireless Coverage Areas 145 Go to “Specifying Association Information”. Specifying Association Information To specify association information: 1 In the Mobility Domain list, select the Mobility Domain that contains the MAPs used for this coverage area. 2 In the Radio Profile list, select the radio profile used for this coverage area. The profiles available depend on the Mobility Domain you selected in step 1. The profile you select applies to all radios associated with the coverage area.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM To create a new profile, click Create. The Create Radio Profile wizard appears. (See “Configuring a Radio Profile” on page 245.) 3 In the Service Profile List group box, click Choose Available to select a service profile. Service profiles define SSIDs and their encryption settings, and are associated with radio profiles. You can select more than one service profile. To create a new profile, click Create. The Create Service Profile wizard appears.
Defining Wireless Coverage Areas 147 10 To change the ceiling height, specify the new height in the Height of the Ceiling box. 11 To change the height where MAPs are mounted, specify the new mounting height in the MAP Placement Height box. 12 To change the WX switch model, select the model from the WX Model list. 13 To change the default MAP model, select the model from the Default MAP Choice list. A suitable choice might be the AP3750 for shared areas or the AP2750 for areas that are not shared.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 14 To change the MAP connection type, select the type from the MAP Connection Type list: Direct — MAPs are directly attached to dedicated WX switch ports. Distributed — MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices. If the MAP access points are directly connected to the WX, ensure that UTP Cat 5 cabling distances between the MAP and the WX in the wiring closet do not exceed 100 meters (330 feet).
Defining Wireless Coverage Areas 149 20 To change the number of redundant connections for the distributed connection type, type the number in the Redundant Level box. For direct connections, the redundancy level is always 1. 21 Click Finish to save the changes and close the wizard. Adding a Third-Party Access Point If you have third-party access points in your network, you can draw them on your floor layout. You can also configure the access point’s radio attributes using 3WXM.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 3 In the AP Model list, select one of the following: AP (Dual Radio) — 802.11a and 802.11b or 802.11b/g AP (Single Radio) — 802.11a, 802.11b, or 802.11g 4 Select one of the following: 11a, 11b, 11g. The choices available depend on the selection you made in step 3. 5 In the Name box, type a name for the access point. You can use 1 to 32 characters, with no punctuation except the following: period (.), hyphen (-), or underscore (_).
Defining Wireless Coverage Areas 151 12 Do one of the following: To close the wizard and save the changes, click Finish. To configure radio attributes, see “Configuring Radio Attributes” on page 151. Configuring Radio Attributes To configure radio attributes: 1 In the Create Third-Party AP wizard, after placing a third-party access point, click Next. 2 Verify the radio slot number and radio type. For a dual-radio access point, 802.11b/g radios have a slot number of 1. 802.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 8 In the SSID box, type the service set identifier (SSID) for the radio. 9 If the access point has only one radio, click Finish. Otherwise, go to step 10. 10 Click Next. The Radio A page appears. 11 Repeat step 2 through step 8 for the 802.11a radio. 12 Click Finish to save the changes.
Computing MAP Placement 153 3WXM assigns transmit power levels and channels for each MAP. The power levels and association rates are set to optimize cell sizes for the coverage area. 3WXM shows the expected (simulated) coverage of the completed design, and allows you to see how the coverage changes when you make adjustments to MAP location or power levels.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM To specify design constraints 1 In the Computation group box of the Plan RF Coverage page, click Manage Constraints. The Manage Constraints dialog box appears. 2 To change the ceiling height, specify the new height in the Height of the Ceiling box. 3 To change the height where MAPs are mounted, specify the new mounting height in the MAP Placement Height box. 4 To change the WX switch model, select the model from the Use WX Type list.
Computing MAP Placement 155 6 To change the MAP connection type, select the type from the MAP Connection Type list: Direct — MAPs are directly attached to dedicated WX switch ports. (Applies to WX1200 switches only.) Distributed — MAPs can be indirectly attached through intermediate Layer 2 or Layer 3 devices. If the MAP access points are directly connected to the WX, ensure that UTP Cat 5 cabling distances between the MAP and the WX in the wiring closet do not exceed 100 meters (330 feet).
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM WX4400 switches support indirect MAP connections only. 12 To change the number of redundant connections for the distributed connection type, type the number in the Redundant Level box. 13 For direct connections, the redundancy level is always 1. 14 To update all the constraints for the areas you will select in step 15, select Update All Constraints. By default, 3WXM applies only changed constraint values to the selected areas.
Computing MAP Placement 157 To compute and place MAP access points 1 On the Plan RF Coverage page, click on Compute and Place MAPs. The Compute and Place wizard appears. 2 To remove a coverage area from MAP placement and computation, clear the area’s Compute Layout box. 3 To specify the primary wiring closet for a coverage area, click in the Wiring Closet column to display the wiring closet list and select a wiring closet from the list.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 6 Go to “To review coverage area computation”. To review coverage area computation 1 Review the number of MAP access points required for each coverage area, and the overriding criterion used (coverage or capacity). 2 Click Finish to apply the changes. Icons for the suggested MAP access point locations appear on the floor plan.
Computing MAP Placement 159 To see the RF coverage area for an area, right-click on the area (either in the organizer list or on the floor) and select Show RF Coverage. If the area supports more than one radio technology, you also need to select the technology. The choices available depend on the wireless technology you chose for the coverage area. This example shows the 802.11b coverage for an area.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 3 To see the RF coverage area for a specific MAP or radio, right-click the MAP or radio, and select one of the following: Show RF Coverage > 802.11a Show RF Coverage > 802.11b Show RF Coverage > 802.11g The choices available depend on the wireless technology you chose for the coverage area. The following example shows RF coverage provided by a specific MAP’s 802.11b radio.
Computing MAP Placement 161 You must now compute the optimal power. See “Computing Optimal Power” on page 165. Locking and Unlocking Coverage Areas After you create a coverage area, it is locked. If you need to move or resize a coverage area, you can unlock it. To unlock a coverage area 1 Select the coverage area on the floor or from the Coverage Areas list in the lower left panel of the Plan RF Coverage page. 2 Right-click, and select Unlock. You can now move or resize the coverage area.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 3 To relock the coverage area: a Select the coverage area. b Right-click, and select Lock. Locking and Unlocking MAP Access Points After you compute and place the necessary MAP access points for a coverage area, you can move them to fine-tune the wireless coverage. If you need a MAP to be located at a fixed location on the floor, you can lock its current location when you recompute the necessary coverage.
Computing MAP Placement 163 To assign channels 1 In the Computation section of the Plan RF Coverage page, click Assign Channels to MAPs. The Channel Assignment wizard appears, showing the current channel assignment constraints. 2 To change the starting floor for channel assignment, select the floor from the Begin On Floor List. By default, 3WXM starts at the top floor and works down. 3 To change the ending floor for channel assignment, select the floor from the End On Floor List.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 4 To change the radio type for which to assign channels, select the radio type from the Technology list. By default, 3WXM assigns channels for all radio types on the MAP access points placed in the building. 5 To prevent 3WXM from taking the channel assignments for the floor above into account when calculating the channel assignments for a floor, clear Use Cross-Floor Channel Information. 6 Click Next. The Channel Assignment Progress page appears.
Computing MAP Placement 165 9 Do one of the following: Computing Optimal Power To verify the RF network, see “Verifying the Wireless Network” on page 168. Click Finish to save the changes and close the wizard. If you do not plan to use the RF Auto-Tuning feature to automatically set the power levels on the MAPs after deployment and installation, use the Compute Optimal Power option to calculate the power settings for the MAPs.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 2 To optimize the AP count, select Optimize AP Count. This option checks for coverage overlaps and removes a MAP if neighboring MAPs provide enough coverage to make the MAP unnecessary. This option applies only to coverage areas that are configured for coverage, not capacity. (This is configured on the Area Properties page of the Coverage Area wizard.
Computing MAP Placement 167 To resolve optimal power computation problems If power levels for one or more coverage areas could not be optimized, show the RF coverage at baseline association and minimum transmit rates for the coverage areas by doing the following: 1 In the Show RF coverage using listbox, select how you want to display the coverage: Baseline Association Rate — Coverage is shown based on the MAP radio baseline association rate.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Verifying the Wireless Network Showing RF Coverage You can use the following tools to help verify the wireless network: Show RF coverage. Place RF measurement points. Use RF interactive measurement mode. Looking at the RF coverage allows you to see if the entire area is adequately covered by the MAP access points. You can move the MAPs and see how the coverage changes.
Verifying the Wireless Network 169 3 In the Show RF coverage using listbox, select how you want to display the coverage: Baseline Association Rate — Coverage is shown based on the MAP radio baseline association rate. The baseline association rate is the typical data rate the radio is expected to support for client associations. (The baseline association rate is specified during planning, on a coverage area basis.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM 3 In the Description box, type a description for the measurement point (1 to 60 characters). 4 In the RSSI Options box, select display options for the dialog box: To list access points that cannot be detected from this RF measurement point, select Show Unreachable MAPs. To list disabled access points, select Show Disabled MAPs. To list access on other floors that can be detected from this RF measurement point, select Show MAPs on Other Floors.
Verifying the Wireless Network 171 6 Do one of the following: Using RF Interactive Measurement Mode To use the RF interactive measurement mode, see “Using RF Interactive Measurement Mode”. To generate network design information, see “Generating RF Network Design Information” on page 173. Click Finish to save the changes and close the wizard. RF interactive measurement mode is useful when you are troubleshooting or surveying the coverage areas on the floor.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Table 21 shows the information available in the RF measurement table. Table 21 RF Measurement Information Item Value X Distance in the X direction from the 0,0 coordinate (the upper left corner of the panel). Y Distance in the Y direction from the 0,0 coordinate (the upper left corner of the panel). Show Unreachable MAPs Show MAP access points that are too far away to accurately measure signal strength.
Generating RF Network Design Information Generating RF Network Design Information Accessing the Report Page 173 After 3WXM has calculated the number of MAP access point required to provide wireless coverage, you can get the following information: Floor layout with MAP access points and other objects defined for the floor List of MAPs Work order To access the Report page 1 Open the Building wizard (see “Accessing the Building Wizard” on page 95). 2 Click Report. The Report page appears.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM Reviewing Layout Information Reviewing the MAP List To see the floor layout, click View Layout. To review the MAP list, click View MAP List. The list of MAP access points appears in the right panel.
Generating RF Network Design Information Generating a Work Order 175 You can generate a work order as part of your wireless network planning. The work order provides all of the necessary information for the physical installation of the 3Com Mobility System. A work order shows where the MAP access points should be installed, WX initial setup configuration information, and projected RSSI information that is useful when verifying the installation.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM When the work order has been generated, the View Work Order button becomes available. 6 Click View Work Order. A browser window opens to display the work order in HTML format. A browser must be specified in the Tools tab in the Preferences dialog box (Tools > Preferences). 7 Select a floor from the Select Floor list and click View Work Order. The work order is displayed starting at the floor you specified. You can scroll to view additional information.
Applying RF Auto-Tuning Settings to the Network Plan 177 When you access the wizard from the toolbar, the network plan’s Mobility Domains are listed in the Scope section. 2 Select the scope. If you select a Mobility Domain as the scope, the change is also applied to the Domain Policies in the Mobility Domain. 3 Select the RF Auto-Tuning settings you want to apply. Both channel and power settings are selected by default. 4 If you accessed the wizard from the toolbar, select the scope.
CHAPTER 4: PLANNING THE 3COM MOBILITY SYSTEM
5 CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS This chapter and the following two chapters describe how to configure WX switch parameters using the WX Switch wizard. Depending on how you access the wizard, the wizard’s title can be Create Wireless Switch, or Modify followed by the WX switch name. For simplicity, the documentation refers to the wizard as the WX Switch wizard. WX Switch Wizard Overview The WX Switch wizard enables you to configure WX switches.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS The wizard has the following pages: System and Administrative Wireless AAA
WX Switch Wizard Overview Wizard pages Parameter checklist 181 Configuration fields Verification results Each page has a parameter checklist. Click on an item in the checklist to display or modify the configuration for that parameter. The wizard automatically verifies the configuration parameters and displays any warning or error messages in the verification area at the bottom of the window.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Blank — Error. Comparison of the parameters against the 3WXM rules resulted in an error for at least one of the rules. 3WXM allows you to deploy the switch parameters to a switch if all checkmarks are green. You also can deploy the parameters to a switch if some checkmarks are orange, although 3Com recommends that you carefully review the warnings first. You cannot deploy the switch parameters if any of the checkmarks are blank.
WX Switch Wizard Overview Wireless Page 183 The Wireless page enables you to configure MAP access point and radio parameters. For example, to create a new radio profile, select Radio Profile in the organizer list on the left, then click New Radio Profile to display the Create Radio Profile wizard.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS When an option in a configuration wizard opens a new wizard, the other wizard remains open in the background. However, you can enter information only in the new wizard. After you click Finish to save your changes and close the new wizard, you can continue working in the other wizard. (To configure wireless parameters, see “Configuring Wireless Parameters” on page 235.
WX Switch Wizard Overview AAA Page 185 The AAA wizard enables you to configure authentication, authorization, and accounting (AAA) for administrative access and network user access. You can configure RADIUS parameters, users, and access filters. (To configure AAA parameters, see “Configuring Authentication, Authorization, and Accounting Parameters” on page 263.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Adding a WX Switch to the Network Plan To create a new WX switch, do one of the following: In the Organizer panel, select the Mobility Domain where you want to create the switch in the Organizer panel, then right-click and select Insert > Wireless Switch. In the Organizer panel, shift+right-click to deselect an object (if one is selected), right-click, then select Insert > Wireless Switch.
Accessing the WX Switch Wizard To add a switch by uploading its basic configuration from the network 187 If you have already deployed a WX switch in the network and you want to add the switch to the network plan, you can upload the switch’s configuration into 3WXM, edit the switch, then redeploy the switch with the new parameters. 1 Use the procedure in “Uploading a WX Switch Configuration into 3WXM” on page 325 to upload the switch.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Configuring Basic WX Properties To configure basic WX properties, do the following steps. 1 Access the WX Switch wizard for the switch. (See “Accessing the WX Switch Wizard” on page 187.) 2 Select System and Administrative at the top of the wizard, if not already selected. 3 Select WX Properties from the organizer list on the left side of the page, if not already selected.
Configuring VLANs 189 This password must match the enable password that was defined on the WX switch using the CLI command set enablepass. For more information, see the Wireless LAN Switch and Controller Configuration Guide. The password is encrypted when you type it. 12 Type the name of the WX switch’s configuration file, from 1 to 128 characters with no spaces, in the Configuration File box.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS You do not need to configure VLANs on MAP access ports or wired authentication ports, because the VLAN membership of these types of ports is determined dynamically through the authentication and authorization process. Users who require authentication connect through WX ports that are configured for MAP access points or wired authentication access.
Configuring VLANs 191 VLAN Names To create a VLAN, you must assign a name to it. VLAN names must be globally unique across a Mobility Domain to ensure the intended user connectivity as determined through authentication and authorization. Every VLAN on a WX has a VLAN name, used for authorization purposes, and a VLAN number. VLAN numbers can vary uniquely for each WX and are not related to 802.1Q tag values even when used. You cannot use a number as the first character in a VLAN name.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS If you use a tag value, 3Com recommends that you use the same value as the VLAN number. The WX switch does not require the VLAN number and tag value to be the same, but some other vendors’ devices do. Do not assign the same VLAN multiple times using different tag values to the same network port. Although MSS does not prohibit you from doing so, the configuration is not supported.
Configuring VLANs 193 Forward database aging timeout The aging timeout period specifies how long a dynamic entry can remain unused before the software removes the entry from the database. To configure VLAN basic properties 1 Access the WX Switch wizard for the WX switch. (See “Accessing the WX Switch Wizard” on page 187.) 2 Select System and Administrative at the top of the wizard, if not already selected. 3 Select VLANs from the organizer list on the left side of the page, if not already selected.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 10 In the Aging Time box, specify the aging timeout period (0 to 1,000,000 seconds) for dynamic entries in the forwarding database. The default is 300 seconds (5 minutes). If you specify 0, aging is disabled. 11 Do one of the following: To configure VLAN membership, click Next to display the VLAN Member Selection page. (See “Adding Ports to a VLAN” on page 194.) To close the wizard and save the changes, click Finish.
Configuring VLANs 195 To add a port or port group to the VLAN and retain previous VLAN membership, click Add. An added or moved port or port group now appears in the Current Members list. 4 To specify a tag value for a port or port group: a Select the Tag checkbox for the port or port group. By default, the checkbox is not selected. To remove a tag for a port or port group, clear the checkbox. b Double-click the Tag Value column for the port or port group. c Change the tag value.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS MSS uses 802.1D bridge protocol data units (BPDUs) on VLAN ports that are untagged. However, each VLAN still runs its own instance of STP, even if two or more VLANs contain untagged ports. To run a single instance of STP in 802.1D mode on the entire switch, configure all network ports as untagged members of the same VLAN. MSS uses PVST+ BPDUs on VLAN ports that are tagged. PVST+ BPDUs include tag information in the 802.
Configuring VLANs 197 7 Do one of the following: To configure STP port information, click Next to display the Spanning Tree Port Setup page. (See “Configuring Spanning Tree Port Information”.) To close the wizard and save the changes, click Finish. Configuring Spanning Tree Port Information You can change the STP cost and priority of an individual port. You can also enable port fast convergence.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 100 Mbps, full duplex—18 100 Mbps, half duplex—19 10 Mbps, full duplex aggregate link (port group)—90 10 Mbps, full duplex—95 10 Mbps, half duplex—100 Specify 0 to use the default cost for the port based on link speed. 7 To enable port fast convergence, select the PortFast checkbox. 8 Click Finish. The Create VLAN wizard is now active. 9 Repeat step 2 through step 8 for each port you want to modify.
Configuring VLANs 199 4 If IGMP queriers are not on the subnet (for example, multicast routers), select Querier Enabled. 3Com recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic that is not routed. 5 In the Query Interval box, specify the interval (1 to 65,535 seconds) at which the WX switch sends general IGMP queries on behalf of multicast routers to advertise multicast groups. The default interval is 125 seconds.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Configuring Static Multicast Ports A WX learns about multicast routers and receivers from multicast traffic received from those devices. When the WX receives traffic from a multicast router or receiver, the WX adds the port that received the traffic as a multicast router or receiver port.
Configuring VLANs 201 Configuring the MSS DHCP Server MSS has a DHCP server that the switch uses to allocate IP addresses to the following. DHCP service for these items is enabled by default. Directly connected MAPs Host connected to a new (unconfigured) WXR100 or WX1200, to configure the switch using the Web Quick Start Optionally, you can configure the DHCP server to also provide IP addresses to Distributed MPs and to clients.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Backbone Fast Convergence Backbone fast convergence accelerates a port’s recovery following the failure of an indirect link. Normally, when a forwarding link fails, a bridge that is not directly connected to the link does not detect the link change until the maximum age timer expires.
Configuring the System IP Address 203 7 Click Finish. Modifying VLANs To modify a VLAN: 1 In the Organizer panel, navigate to WX switch you want to configure. 2 Expand the object to see the configuration options. 3 Expand VLANs. 4 Select the VLAN you want to modify. 5 Select Config > Edit. For more information about editing VLAN properties, see “Creating a VLAN” on page 192. Deleting VLANs To delete a VLAN: 1 In the Organizer panel, navigate to the WX switch that has the VLAN.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 3 Select System IP Address from the organizer list on the left side of the page, if not already selected. 4 Select the VLAN on which the system IP address is configured from the System VLAN/IP list box. 5 Optionally, enter the IP address of the switch’s default gateway router in the first row of the Gateway IP Address section. You can enter up to four gateway addresses.
Configuring WX Management Services Setting System Information 205 Logging — The system log provides event information for monitoring and troubleshooting. You can send the log information to a local data buffer on a WX, to the console, to a Telnet session, and to a configured set of syslog servers. (See “Configuring Logging” on page 215.) Tracing — Tracing allows you to review diagnostic information for debugging MSS. Tracing allows you to review messages about the status of a specific area of MSS.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 5 Do one of the following: Enabling HTTPS Go to “Enabling HTTPS”. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes. By default, HTTPS is enabled on the WX, allowing you to use Web Manager on port 443 for a secure session. If you disable HTTPS, you cannot use Web Manager. Enabling or disabling HTTPS does not affect 3WXM secure communications.
Configuring WX Management Services Configuring Telnet 207 To configure Telnet access to the WX: 1 Do one of the following: Open the WX Switch wizard, then select HTTPS, Telnet, SSH & Web Portal under Management Services in the organizer list of the System and Administrative page. In the Organizer panel, select Management Services under a WX switch, then select Config > Edit. Click on HTTPS, Telnet, SSH & Web Portal at the top of the wizard.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 3 Do one of the following: Disabling or Reenabling WebAAA Go to “Disabling or Reenabling WebAAA”. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes.
Configuring WX Management Services 209 On each switch in the network plan, you must enable notifications and configure 3WXM Services as a notification target (trap receiver). 3WXM Services does not start listening for SNMP notifications from switches until you save the network plan. To configure SNMP: 1 Do one of the following: Open the WX Switch wizard, then select SNMP under Management Services in the organizer list of the System and Administrative page.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Configuring an SNMP V1 or V2c Community String To configure an SNMP community string: 1 Do one of the following: Open the WX Switch wizard, then select Community under SNMP, located under Management Services in the organizer list of the System and Administrative page. Select New Community. In the Organizer panel, select Management Services under a WX switch, then select Communities under SNMP. Select Config > Edit.
Configuring WX Management Services Configuring an SNMP V3 User 211 To configure an SNMPv3 user: 1 Do one of the following: Open the WX Switch wizard, then select USM User under SNMP, located under Management Services in the organizer list of the System and Administrative page. Select New USM User. In the Organizer panel, select Management Services under a WX switch, then select Users under SNMP. Select Config > Edit. 2 In the Username box, type the name of the SNMPv3 user.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS b If you select Hex or IP, type the hexadecimal string or IP address in the Value box. 5 Select the authentication type used to authenticate communications with the remote SNMP engine: None—No authentication is used. This is the default. MD5—Message-digest algorithm 5 is used. SHA—Secure Hashing Algorithm (SHA) is used.
Configuring WX Management Services 213 Configuring a Notification Profile A notification profile is a named list of all the notification types that can be generated by a switch, and for each notification type, the action to take (drop or send) when an event occurs. To configure a notification profile: 1 Do one of the following: Open the WX Switch wizard, then select Notification Profile under SNMP, located under Management Services in the organizer list of the System and Administrative page.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS In the Organizer panel, select Management Services under a WX switch, then select Notification Target under SNMP. Select Config > Edit. 2 Specify the target ID. 3 Type the IP address of the target. 4 Specify the protocol port on which the target listens for SNMP notifications. The default is 162. 5 Select the notification profile that will use this target. 6 From the Security Model pull-down list, select the SNMP version.
Configuring WX Management Services 215 12 For SNMPv3 with informs only (not traps), specify the engine ID: a From the Format pull-down list, select IP or Hex. b If you select Hex, type the hexadecimal string in the Value box. 13 Click Finish to save the changes. Configuring Logging Events that occur on a WX can be stored or sent to different destinations. Events can be stored in a local buffer on the WX.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Critical — You must resolve the critical condition. If you do not resolve the condition, the WX can reboot or shut down. Error — The WX is missing data or unable to form a connection. Warning — A possible problem exists. Notice — Events that can cause system problems have occurred. These are logged for diagnostic purposes. Info — Informational messages only. No problems exist. Debug — Output from debugging.
Configuring WX Management Services 217 6 Do one of the following: Go to “Setting Up a Syslog Server”. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes. Setting Up a Syslog Server You can specify a syslog server. Syslog facilities are identifiers that allow a syslog server to handle different syslog messages from different sources. You can use a facility in the range of Local 0 through Local 7.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 9 Do one of the following: To configure tracing, go to “Configuring Tracing” on page 218. To set timezone parameters, go to “Setting the Timezone” on page 220. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes. Configuring Tracing You can configure tracing for debugging MSS. You use specific keywords to specify which area of MSS to trace.
Configuring WX Management Services 219 CAUTION: Running tracing can have adverse effects on system performance. 3Com recommends that you initially use the lowest levels possible and slowly increase the levels to get the necessary data. 8 Optionally, in the User Name box, type the username to trace. Specify a username no longer than 60 alphanumeric characters that contains no spaces or tab characters. 9 Optionally, in the MAC Address box, type the MAC address to trace.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Setting the Timezone You can specify the number of hours (and optionally the minutes) that the WX switch’s real-time clock is offset from Coordinated Universal Time (UTC) — also known as Greenwich Mean Time (GMT). The time zone information is used by Network Time Protocol (NTP) if you enabled it. You can also specify whether the WX modifies the clock during daylight savings time or similar summertime period.
Configuring WX Management Services 221 5 In the Start Hour box, specify the hour (between 0 and 23) to start the time change. 6 In the Start Minute box, specify the minute (between 0 and 59) when the time change starts. 7 In the End Month list, select the month of the year when the time change ends. 8 In the End Week list, select the week of the month when the time change ends (First, Second, Third, Fourth, or Last). 9 In the End Day list, select the day of the week when the time change ends.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Configuring Wired Authentication Ports A wired authentication port is an Ethernet port that has 802.1X authentication enabled for access control. Like wireless users, users that are connected to the WX switch over Ethernet can be authenticated before they can be authorized to use the network. However, data for wired users is not encrypted after they are authenticated.
Configuring Network Ports 223 6 Do one of the following: Go to “Configuring Network Ports”. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes. Any ports you configure as wired authentication ports are represented in 3WXM with a wired authentication port icon ( ). Configuring Network Ports A network port is Layer 2 switch port that connects the WX switch to other networking devices such as switches and routers.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 7 To specify the speed of a 10/100 Ethernet port, select one of the following: Auto — Sets the port to automatically detect the traffic speed and set the speed accordingly. This is the default value. 10 — Sets the speed to 10 Mbps. 100 — Sets the speed to 100 Mbps. The port speed for gigabit Ethernet ports is predefined as 1000 Mbps and cannot be configured.
Configuring Load Sharing Configuring Load Sharing 225 A port group is a set of physical ports that function together as a single link and provide load sharing and link redundancy. Only network ports can participate in a port group. Load Sharing The WX balances port group traffic among the group’s physical ports by assigning traffic flows to ports based on the source and destination MAC addresses of the traffic.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 5 To add a port to the port group, select the Member checkbox for the port. The port group name appears in the Port Group column for the port. 6 To remove a port from a port group, clear the Member checkbox for the port. 7 To change the membership of a port that is in another port group, select the Member checkbox for the port. The Port Group Member Remove dialog box appears. Click Yes to change the port’s membership.
Configuring IP Services 227 For destination routes that are not directly attached, you can add static routes. A static route specifies the destination and the gateway router through which to forward traffic.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS To verify that the WX has an IP interface in the same subnet as the route’s next-hop IP address, you can use the display interface CLI command. If the WX does not have an interface in the next hop’s subnet, the static route cannot be resolved, and the VLAN:Interface field of the display ip route command output shows that the static route is down.
Configuring IP Services 229 3 Edit the IP address to the address of the gateway the route uses. 4 To change the cost for using the route, click the value in the Metric column for the route and type a value for the cost (0 to 2,147,483,647). Lower-cost routes are preferred. The default is 1. 5 Repeat step 2 through step 4 for each default route you want to configure. 6 Do one of the following: Configuring IP Aliases Go to “Configuring IP Aliases” on page 229.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS 6 Do one of the following: Configuring DNS Go to “Configuring DNS” on page 230. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes. You can configure the WX switch to resolve hostnames to their IP addresses by querying a Domain Name Service (DNS) server. By enabling DNS, you can specify a hostname rather than an IP address.
Configuring IP Services 231 Click Finish to close the wizard and save changes. Adding DNS Servers To add a DNS server: 1 Do one of the following: Open the WX Switch wizard, then select DNS under IP Services in the organizer list of the System and Administrative page. In the Organizer panel, select IP Services under a WX switch, then select Config > Edit. The Modify IP Services wizard appears. Click on DNS at the top of the wizard. 2 Click on a row in the IP Address column.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS Setting NTP Properties To set NTP properties: 1 Do one of the following: Open the WX Switch wizard, then select NTP under IP Services in the organizer list of the System and Administrative page. In the Organizer panel, select IP Services under a WX switch, then select Config > Edit. The Modify IP Services wizard appears. Click on NTP at the top of the wizard. 2 To enable NTP, select Enabled. To disable NTP, clear Enabled.
Configuring IP Services 233 6 Do one of the following: Configuring ARP Go to “Configuring ARP”. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes. The Address Resolution Protocol (ARP) table maps IP addresses to MAC addresses. ARP is enabled by default on the WX and cannot be disabled. An ARP entry is added to the table in one of the following ways: Automatically by the WX.
CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS The local entry for the WX, static entries, and permanent entries in the ARP table are not affected by the aging timeout. 3 To add an ARP entry, click New ARP Entry. The Create ARP Entry dialog box is displayed. 4 In the MAC Address box, type the MAC address that the IP address is to be mapped to. 5 In the IP Address box, type the IP address for the ARP entry. 6 Click Finish.
6 CONFIGURING WIRELESS PARAMETERS This chapter describes how to configure the following wireless parameters for WX switches: Overview Service Set Identifiers (SSIDs) Service profiles, which enable or disable beaconing for an SSID and define the encryption used for that SSID’s wireless traffic Radio profiles, which assign IEEE 802.11 settings and a service profile to radios MAP access points To set these parameters, you can use the Wireless page of the WX Switch wizard.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS (For information about the WX Switch wizard, see “WX Switch Wizard Overview” on page 179.) When a wireless client requests access to the network, the client requests access to a specific Service Set Identifier (SSID). Beaconing, encryption, and authentication settings for the SSID are controlled by a service profile.
Configuring an SSID For encrypted traffic, the security mode and encryption algorithm used: Available security modes: Wired Equivalent Privacy (WEP) only, Wi-Fi Protected Access (WPA) only, Robust Security Network (RSN) only, WEP + WPA, WEP + RSN, WPA + RSN, and WEP + WPA + RSN Available encryption algorithms: 40-bit WEP, 104-bit WEP, Temporal Key Integrity Protocol (TKIP), and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) Authentication settings:
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS Configuring a Service Profile A service profile controls advertisement and encryption for an SSID. You can specify the following: Whether SSIDs that use the service profile are beaconed Whether the SSIDs are encrypted or clear (unencrypted) For encrypted SSIDs, the encryption settings to use The SSID type must be crypto (encrypted) for encryption to be used.
Configuring a Service Profile 239 9 Select the fallthru authentication method from the Fall Through Auth list box. The WX switch uses the fallthru method to try to authenticate a client if the client name or MAC address does not match the userglob or MAC address glob in an 802.1X or MAC authentication rule for the SSID.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS Configuring Encryption To configure encryption, follow these steps: 1 In the Create Service Profile wizard, click Encryption. The Encryption page appears. 2 Select the encryption types you want to use: WPA WEP RSN(WPA2) WEP+WPA WEP+RSN WEP+WPA+RSN WPA+RSN RSN Microsoft Windows XP does not support WEP with WPA or RSN. To configure a radio profile to provide WEP for XP clients, select WEP only.
Configuring a Service Profile 241 The SSID type must be crypto (encrypted) for WEP to be used. If the SSID type is clear, wireless traffic is not encrypted, regardless of the encryption settings. To configure WEP: 1 Do one of the following: If you are configuring dynamic WEP, go to step 5. If you are configuring static WEP, go to the next step. 2 To specify a WEP key, type the hexadecimal value of the key in one of the WEP key boxes.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS Configuring WPA or RSN WPA is a security enhancement to the IEEE 802.11 wireless standard. WPA provides enhanced encryption with new cipher suites and provides per-packet message integrity checks. WPA is based on Draft 3 of the 802.11i standard. You can use WPA with 802.1X authentication. If the client does not support 802.1X, you can use a preshared key on the MAP and the client for authentication. Robust Security Network (RSN) provides WPA2 support.
Configuring a Service Profile 243 Temporal Key Integrity Protocol (TKIP) — TKIP uses the RC4 encryption algorithm, a 128-bit encryption key, a 48-bit initialization vector (IV), and a message integrity code (MIC) called Michael. Wired Equivalent Privacy (WEP) with 104-bit keys — 104-bit WEP uses the RC4 encryption algorithm with a 104-bit key. WEP with 40-bit keys — 40-bit WEP uses the RC4 encryption algorithm with a 40-bit key.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS Rather than type the preshared key, you can specify a passphrase that is used to generate a preshared key. In the Pre-shared Key box, type an alphanumeric passphrase (8 to 63 characters). Click Generate Key. The preshared key appears in the Pre-shared Key box. 5 Go to “To configure WPA or RSN encryption choices”. To configure WPA or RSN encryption choices 1 To enable the 40-bit WEP cipher suite, select WEP-40 Enabled.
Configuring a Radio Profile Mapping a Service Profile to a Radio Profile 245 A radio profile controls IEEE settings for a set of 3Com radios. The radio profile also maps a service profile to the radios. If a radio profile is already configured, you can map it to the service profile. Otherwise, you can configure the radio profile and map it to the service profile later. (To configure a radio profile, see “Configuring a Radio Profile” on page 245.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS To create a radio profile To create a radio profile, use the following procedure. 1 Access the WX Switch wizard for the WX switch. (See “Accessing the WX Switch Wizard” on page 187.) 2 Select Wireless at the top of the wizard, if not already selected. 3 Select Radio Profile from the organizer list on the left side of the page. 4 Select New Radio Profile. The Create Radio Profile wizard appears.
Configuring a Radio Profile 247 CAUTION: Countermeasures affect wireless service on a radio. When a MAP radio is sending countermeasures, the radio is disabled for use by network traffic, until the radio finishes sending the countermeasures. 8 To disable active scanning for rogue devices, deselect Enable Active Scan. When active scan is enabled, radios send probe any requests (probe requests with a null SSID name), to solicit probe responses from other access points.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS 6 In the Max. Tx MSDU Lifetime box, specify the maximum amount of time, from 500 ms to 250,000 ms (250 seconds), the MAP can hold an outbound frame in buffer storage. The default value is 2,000 ms (2 seconds). 7 In the Max. Rx MSDU Lifetime box, specify the maximum amount of time, from 500 ms to 250,000 ms (250 seconds), the MAP can hold an inbound frame in buffer storage. The default is 2000 ms (2 seconds).
Configuring a Radio Profile 249 4 To change the interval at which radios reduce power after temporarily increasing the power to maintain the minimum data rate for an associated client, change the value in the Tx. Power Backoff Timer box. At the end of each power-backoff interval, radios that temporarily increased their power reduce it by 1 dBm. The power backoff continues in 1 dBm increments after each interval until the power returns to expected setting. You can specify from 0 to 65535 seconds.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS To map the radio profile to a service profile To map the radio profile to a service profile, use the following procedure. 1 In the Create Radio Profile wizard, click Service Profile Selection. The Service Profile Selection page appears. 2 Select the service profile in the Available Service Profiles list. 3 Click Add to move the profile name to the Current Service Profiles column.
Configuring Directly Connected MAP Access Points Configuring Directly Connected MAP Access Points 251 MAP access points contain radios that provide networking between your wired network and IEEE 802.11 wireless users. a MAP can connect to the wired network through a direct 10/100 Ethernet connection to a WX or indirectly through other Layer 2 or Layer 3 wired networking devices. Configure a MAP port for each directly connected MAP.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS You can see that the port has been labeled as a MAP port and has PoE enabled. Enable all ports as MAP ports by selecting MAP Enabled in the MAP Enabled column heading. 5 Click in the Name column for a MAP port you enabled, and type a name for it (1 to 16 alphanumeric characters, with no spaces or tabs). 6 To select the MAP type, click on the MAP Type cell for the port, and select the MAP type from the list.
Configuring Directly Connected MAP Access Points 253 6 In the Fingerprint box, type the 16-digit hexadecimal number of the MAP’s encryption fingerprint. Use either of the following formats: 11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00 1122:3344:5566:7788:99aa:bbcc:ddee:ff00 A MAP’s fingerprint is the hash value of the MAP’s public encryption key. The fingerprint is displayed on a label on the back of the MAP, and is labeled RSA key.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS Select No to disable automatic firmware upgrading. Automatic firmware upgrading is enabled by default. 10 Do one of the following: To modify radio settings To modify radio settings for the MAP, see “To modify radio settings”. To modify connection settings for the MAP, see “To modify a MAP connection” on page 257. To save changes and close the wizard, click Finish. To modify radio settings, use the following procedure.
Configuring Directly Connected MAP Access Points 255 To indicate the direction of the antenna’s coverage, change the value in the Directionality of antenna box. The default value of 0 degrees directs the antenna’s coverage to the right on the floor plan. For example, to move the coverage 90 degrees (so that the antenna’s area of coverage faces downward as you view the floor plan), type 90 in the box. You can verify and change the antenna’s coverage direction after you finish using this wizard.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS b To change the minimum rate at which a radio is allowed to transmit traffic to clients, select the rate from the Client Data Rate pull-down list. The radio automatically increases its transmit power when necessary to maintain at least the minimum rate with an associated client. The valid values depend on the radio type. All values are in Mbps. For 802.11g radios — 54, 48, 36, 24, 18, 12, 11, 9, 6, 5.5, 2, or 1 For 802.11b radios — 11, 5.
Configuring Directly Connected MAP Access Points To modify a MAP connection 257 You can change connection parameters for a MAP, including the WX port (for directly connected MAPs). For MAP models that have two Ethernet ports, you also can add or change the second WX connection for redundancy. 1 On the MAP page of the Wireless page of the WX Switch wizard, select a MAP port, then click Modify MAP. The Modify MAP wizard appears. 2 Select the connection you want to change and click Modify.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS Configuring Distributed MAP Access Points A MAP can connect to the wired network through a direct 10/100 Ethernet connection to a WX or indirectly through other Layer 2 or Layer 3 wired networking devices. Configure a Distributed MAP for each indirectly connected MAP. Table 22 lists how many MAPs you can configure on a WX switch, and how many MAPs a switch can boot. The numbers are for directly connected and Distributed MAPs combined.
Configuring Distributed MAP Access Points 259 Require—Distributed MAPs can be managed by the switch only if they have encryption keys and their keys have been verified by an administrator. If a MAP does not have an encryption key or the key has not been verified, the WX does not establish a management session with the MAP. The setting applies to all Distributed MAPs booted and managed by the switch.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS 9 In the Name box, type a name (1 to 16 alphanumeric characters, with no spaces or tabs). 10 In the Serial Number box, type the serial number of the MAP. 11 In the Fingerprint box, type the 16-digit hexadecimal number of the MAP’s encryption fingerprint. Use either of the following formats: 11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff:00 1122:3344:5566:7788:99aa:bbcc:ddee:ff00 A MAP’s fingerprint is the hash value of the MAP’s public encryption key.
Configuring Distributed MAP Access Points 261 14 In the Enable Firmware Update list, select Yes to automatically upgrade MAP boot firmware. The upgrade version of the firmware is loaded from a WX when the MAP is booting. Select No to disable automatic firmware upgrading. Automatic firmware upgrading is enabled by default. 15 Do one of the following: To modify radio settings for the MAP, see “To modify radio settings” on page 254.
CHAPTER 6: CONFIGURING WIRELESS PARAMETERS
7 CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS This chapter describes how to configure the following Authentication, Authorization, and Accounting (AAA) parameters for WX switches: Overview RADIUS servers, for backend AAA processing of WX administrator access and network client access Local database entries for AAA processing of administrator and network client access Network client access rules based on SSID Location policies for overriding authorization parameters
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS (For information about the WX Switch wizard, see “WX Switch Wizard Overview” on page 179.) Connecting to RADIUS Servers and Server Groups Remote Authentication Dial-In User Service (RADIUS) is a client-server security protocol that provides authentication, authorization, and accounting for network users and devices. A RADIUS server stores user profiles, which include usernames, passwords, and other user attributes.
Connecting to RADIUS Servers and Server Groups 265 Although you can use the local database on the WX switch to authenticate users, 3Com recommends using RADIUS to accommodate the large number of users in an enterprise network. For information about the RADIUS attributes supported by Mobility System Software (MSS), see the Wireless LAN Switch and Controller Configuration Guide.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS When the dead time is set to 0, and there are two or more RADIUS servers in a RADIUS server group, authentication starts with the first server in the group, unless there are two or more RADIUS servers and load sharing is configured, in which case authentication starts by trying a server in round-robin style. 7 In the Key box, type the password (also known as a shared secret key) used to authenticate to the RADIUS server.
Connecting to RADIUS Servers and Server Groups 267 4 Click New RADIUS Server. The Create RADIUS Server wizard appears. 5 In the Name box, type the name of an existing RADIUS server (1 to 32 alphanumeric characters, with no spaces or tabs). Do not use the same name for a RADIUS server and a RADIUS server group. 6 In the IP Address box, type the IP address for the RADIUS server, in dotted decimal notation.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS 14 Do one of the following: Defining RADIUS Server Groups To define RADIUS servers, go to “Defining RADIUS Server Groups”. Click Finish to save the changes and close the wizard. A server group is a group of one to four RADIUS servers. Server groups enable RADIUS server redundancy by allowing another server to be used if the first server is unavailable.
Creating and Managing Users in the Local User Database 269 9 To add more servers (up to four maximum) to the group, repeat step 7 and step 8. 10 Do one of the following: To change the order of RADIUS servers in the RADIUS server group, see “Changing the Order in a RADIUS Server Group”. To close the Create RADIUS Server Group dialog box and save the changes, click Finish. Changing the Order in a RADIUS Server Group If load balancing is not enabled, the WX always uses the first server in the list.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS You can create two types of users in the local database: Creating Named Users Named users — These users are authenticated by username and password and are assigned to specific VLANs. Users include administrators and network users. You can group these users by creating user groups, in order to simplify configuration. MAC address users — These users are authenticated by a MAC address.
Creating and Managing Users in the Local User Database 271 8 In the User Group list, select a user group to assign the user to, if the group is already configured. You do not need to assign a user to a user group. If you do select a user group, you only need to specify a password for the user. All other attributes are obtained from the user group. 9 Do one of the following: Creating Named User Groups To configure user attributes, see “Configuring User Authorization Attributes” on page 274.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS 10 Do one of the following: Creating MAC Address Users To configure user attributes, see “Configuring User Authorization Attributes” on page 274. To close the Create User Group wizard and save the changes, click Finish. When creating MAC address users, you configure authentication properties. You can optionally configure user attributes, which are stored in the local database.
Creating and Managing Users in the Local User Database Creating MAC Address User Groups 273 When creating a MAC address user group, you define properties for the group. You can optionally define user attributes, which are stored in the local database. Attributes defined for an individual user override attributes defined for a group. To define MAC address user group properties: 1 Access the WX Switch wizard for the WX switch. (See “Accessing the WX Switch Wizard” on page 187.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Configuring User Authorization Attributes Authorization attributes can be assigned to users in the local database or on remote servers. The attributes, which include access control list (ACL) filters, VLAN membership, encryption type, session time-out period, and other session characteristics, let you control how and when users access the network.
Creating and Managing Users in the Local User Database 275 Table 24 lists the user attributes and their value ranges. You can specify these attributes in lowercase when using the CLI. Table 24 Authentication Attributes for Local Users Attribute Description encryption-type One of the following numbers that Type of encryption required for access by identifies an encryption algorithm: the client.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Table 24 Authentication Attributes for Local Users (continued) Attribute Description Valid Value(s) filter-id Inbound or outbound ACL to apply to the user. If configured in the WX switch’s local database, this attribute can be an access control list (ACL) to filter outbound or inbound traffic. Use the following format: inboundacl.in or outboundacl.
Creating and Managing Users in the Local User Database 277 Table 24 Authentication Attributes for Local Users (continued) Attribute Description Valid Value(s) mobility-profile Mobility Profile attribute for the user. A WX switch can provide network access for users associated with a third-party AP that has authenticated the users with RADIUS. You can connect a third-party AP to a WX switch and configure the WX to provide authorization for clients who authenticate and access the network through the AP.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Table 24 Authentication Attributes for Local Users (continued) Attribute Description Valid Value(s) session-timeout Maximum number of seconds for the user’s session. Number between 0 and 4,294,967,296 seconds (approximately 136.2 years). (network access mode only) ssid (network access mode only) start-date Name of the SSID you want the user to SSID the user is allowed to access after use.
Creating and Managing Users in the Local User Database 279 Table 24 Authentication Attributes for Local Users (continued) Attribute Description time-of-day One of the following: Day(s) and time(s) during which the user never—Access is always denied. is permitted to log into the network. any—Access is always allowed. (network access mode only) After authorization, the user’s session can last until either the Time-Of-Day range or the Session-Timeout duration (if set) expires, whichever is shorter.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Table 24 Authentication Attributes for Local Users (continued) Attribute Description Valid Value(s) vlan-name Virtual LAN (VLAN) assignment. Name of a VLAN that you want the user to use. The VLAN must be configured on a WX switch within the Mobility Domain to which this WX switch belongs.
Configuring and Managing Access Rules for Administrative Users 281 When configuring authentication for console users, make sure that there is a username and password defined in the local WX user database that you can use to log in through the console. Also make sure that you configure authentication for console users so that the user glob includes at least one valid local user. Otherwise, you could prevent anyone from being able to use the console to access the WX.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS MAC Address Globs A MAC address glob is a similar method for applying some AAA commands to either a single 6-byte MAC address or a set of MAC addresses.
Configuring and Managing Access Rules for Administrative Users Creating Administrator and Console Access Rules 283 You can set up administrator and console access rules, and the authentication and accounting methods for administrator access. To set up administrator or console access rule properties 1 Access the WX Switch wizard for the WX switch. (See “Accessing the WX Switch Wizard” on page 187.) 2 Select AAA at the top of the wizard, if not already selected.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS You can add one or both methods to the list. If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list.
Configuring and Managing Access Rules for Administrative Users 285 If you specify a RADIUS server group as the first method and the administrator is denied access by the RADIUS server, no accounting is attempted with the other methods specified in the list. If you specify LOCAL as the first method and an administrator is not in the local user database on the WX, accounting is attempted with a RADIUS server group if one is defined in the method list.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Configuring and Managing Access Rules for Network Users Network users include the following types of users: Wireless users — Users who access the network by associating with an SSID on a 3Com radio. Wired authentication users — Users who access the network over an Ethernet connection to a WX switch port that is configured as a wired authentication (wired-auth) port.
Configuring and Managing Access Rules for Network Users 287 The username or MAC address can be an exact match or can match a userglob or MAC address glob, which allow wildcards to be used for all or part of the username or MAC address. (For more information about globs, see “Using User Globs and MAC Address Globs” on page 281.) Authentication Types MSS provides the following types of authentication: IEEE 802.1X — If the network user’s network interface card (NIC) supports 802.1X, MSS checks for an 802.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Authentication Algorithm MSS can try more than one of the authentication types described in “Authentication Types” to authenticate a user. MSS tries 802.1X first. If the user’s NIC supports 802.1X but fails authentication, MSS denies access. Otherwise, MSS tries MAC authentication next. If MAC authentication is successful, MSS grants access to the user.
Configuring and Managing Access Rules for Network Users Client associates with MAP radio or requests access from wired authentication port Client requests encrypted SSID? Yes 802.1X rule that matches SSID? Client responds to 802.1X? Yes No No No Yes Authent. Allow succeeds? Yes Client No Refuse Client Authent.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS SSID Name “Any” In authentication rules for wireless access, you can specify the name any for the SSID. This value is a wildcard that matches on any SSID string requested by the user. For 802.1X and WebAAA rules that match on SSID any, MSS checks the RADIUS servers or local database for the username (and password, if applicable) entered by the user.
Configuring and Managing Access Rules for Network Users 291 User Credential Requirements The user credentials that MSS checks for on RADIUS servers or in the local database differ depending on the type of authentication rule that matches on the SSID or wired access requested by the user. For a user to be successfully authenticated by an 802.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS The only required attribute is the Virtual LAN (VLAN) name on which to place the user. RADIUS and MSS have additional optional attributes. For example, you can provide further access controls by specifying the times during which the user can access the network, you can apply inbound and outbound access control lists (ACLs) to the user’s traffic, and so on.
Configuring and Managing Access Rules for Network Users 293 Service-Type — Type of access the user is requesting, which can be network access, administrative access to the enabled (configuration) mode of the MSS CLI, or administrative access to the nonenabled mode of the CLI. Session-Timeout — Maximum number of seconds allowed for the user’s session. Regardless of whether you configure the user and attributes on RADIUS servers or the WX switch’s local database, the VLAN attribute is required.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Last Resort Network Access — If the client name matches the userglob, the WX switch allows the user onto the SSID. If the client name does not match the userglob, the WX switch tries WebAAA. Web Network Access — If the client name matches the userglob, the WX switch serves a web page to the client so the client can log in.
Configuring and Managing Access Rules for Network Users 295 MAC addresses must be specified with colons as the delimiters (for example, 00:11:22:33:44:55). You can use wildcards by specifying an asterisk (*) in MAC addresses. The following lists examples of using wildcards in MAC addresses: * (all MAC addresses) 00:* 00:01:* 00:01:02* 00:01:02:03:* 00:01:02:03:04:* 00:01:02:03:04:0* Last-resort access does not need a userglob or MAC address glob.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS 3 Click 802.1X Policy at the top of the Create 802.1X Network Access wizard. The 802.1X Policy page appears. Go to step 5. 4 Click Authentication at the top of the wizard to display the following page. (The page contents are the same for MAC, last-resort, and WebAAA.) 5 To enable this authentication rule for the SSID, select Enabled.
Configuring and Managing Access Rules for Network Users 297 Pass-Through — No protocol is used by the WX. 3Com Mobility System Software (MSS) sends the EAP processing to a RADIUS server. If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, the EAP Sub-Protocol is None. 8 To select the authentication method, click Choose Available, then select the method from the list: RADIUS server group — A server group that you have configured previously.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS 3 Select one of the following record options: Select Start-Stop to specify that records are sent at the start of a session and the end of a session. Select Stop-Only to specify that records are sent only at the end of a session. 4 To select the accounting method, click Choose Available, then select the method from the list: RADIUS server group — A server group that you have configured previously.
Configuring Location Policies 299 To change the order of access rules 1 From the AAA page of the WX Switch wizard, select Admin Access or Network Access. 2 Select a rule from the list of rules. 3 To change the position of the rule, click Move Up or Move Down until the rule is in the position you want. 4 To move other rules, repeat step 2 and step 3 until all rules are in the order you want. 5 To close the wizard and save the changes, click Finish.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS The conditions can be one or more of the following: AAA-assigned VLAN Username MAP access port, Distributed MAP number, or wired authentication port through which the user accessed the network SSID name with which the user is associated Conditions within a rule are ANDed. All conditions in the rule must match in order for MSS to take the specified action.
Configuring Location Policies 301 3 Select Location Policy Rule from the organizer list on the left side of the page, if not already selected. 4 Click New Location Policy Rule. The Create Location Policy Rule wizard appears. 5 In the User Glob Name list, select one of the following: None — Do not use a user glob to determine whether to apply the location policy. Equal — Apply the location policy to all usernames matching a specified user glob.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS 8 In the Physical Port List group box, click Choose Available to select the list of physical ports for which the location policy is applied. The Physical Port Selection dialog box appears. a Select one or more ports. To make multiple selections, press Shift (for contiguous items) or Control (for noncontiguous items) while clicking items. b Click Close. 9 To select Distributed MAPs, click Distributed MAP List.
Configuring AAA for Clients of Third-Party APs Configuring AAA for Clients of Third-Party APs 303 A WX switch can provide network access for users associated with a third-party AP that has authenticated the users with RADIUS. You can connect a third-party AP to a WX switch and configure the WX to provide authorization for clients who authenticate and access the network through the AP. To configure MSS to authenticate 802.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS For the userglob, type a full or partial username to be matched during authentication (1 to 80 alphanumeric characters, with no spaces or tabs). The format of a user glob depends on the client type and EAP method. For Windows domain clients using Protected EAP (PEAP), the user glob is in the format Windows_domain_name\username. The Windows domain name is the NetBIOS domain name and must be specified in capital letters.
Configuring AAA for Clients of Third-Party APs 305 6 To change the UDP port number on which the WX switch will listen for RADIUS access-requests from the AP, edit the number in the Authentication Port box. 7 To change the UDP port number on which the WX switch will listen for RADIUS stop-accounting records from the AP, edit the number in the Accounting Port box. 8 Type the key, which is the shared secret configured on the RADIUS servers.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Configuring Mobility Profiles Mobility Profile™ attributes allow or deny access to the network for a specific user or group of users. When you create a Mobility Profile, you specify which MAP ports, Distributed MAPs, or wired authentication ports are to be included. Typically, you include ports that are defined as MAP ports or Distributed MAPs.
Using Access Control Lists for Security 307 9 Click Choose Available and select a Distributed MAP. Repeat for each Distributed MAP. 10 Click Close. The Create Mobility Profiles dialog box is active. 11 Click Finish to save the changes and close the wizard. Using Access Control Lists for Security An access control list (ACL) filters packets to restrict or permit network usage by certain users, network devices, or traffic types.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Setting Up ACL Basic Properties To set up ACL basic properties: 1 Access the WX Switch wizard for the WX switch. (See “Accessing the WX Switch Wizard” on page 187.) 2 Select AAA at the top of the wizard, if not already selected. 3 Select Mobility Profile from the organizer list on the left side of the page, if not already selected. 4 Click New ACL. The Create ACL wizard appears.
Using Access Control Lists for Security 309 Creating an IP ACE 1 In the ACL Setup page of the Create ACL wizard, click New. A list of ACE types appears. 2 Select New IP ACE. The Create IP ACE dialog box appears. 3 In the Action list, select Permit to allow access if the conditions in the ACE are matched, or Deny to refuse access if the conditions are matched.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS 7 In the Destination IP box, type the destination IP address and destination wildcard mask in CIDR notation. 8 In the TOS box, type a TOS value from -1 to 15. The following lists specific values and their meanings: -1 (any) — All packets are subject to the ACE regardless of whether TOS is set. 0 (normal) — Packets with normal TOS defined are filtered.
Using Access Control Lists for Security 311 10 To close the Create IP ACE dialog box and save the changes, click Finish. Creating a TCP or UDP ACE To create a TCP or UDP ACE: 1 In the ACL Setup page of the Create ACL wizard, click New. A list of ACEs appears. 2 Select the ACE you want to create. To create a TCP ACE, click New TCP ACE. The Create TCP ACE dialog box appears. To create a UDP ACE, click New UDP ACE. The Create UDP ACE dialog box appears.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Range — Packets are filtered for ports that are between the source port name or number and the end of the range. Go to step 10. 9 In the Port Name list, select a TCP or UDP source port name. To specify the source port by its port number, select Other and go to step 10. The source port number must be lower than the destination port number. 10 In the Port Number list, specify a TCP or UDP source port number.
Using Access Control Lists for Security 313 The value range for ICMP types is -1 to 255. The default value is -1, which indicates that all ICMP packets are subject to the ACE regardless of ICMP type. Table 25 lists some common ICMP types. For a complete list of ICMP types, see www.iana.org/assignments/icmp-parameters. 6 If the ICMP type you specified in step 5 has codes available, type the code in the Code box. 7 Click Finish.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Creating a Layer 4 Protocol ACE To create a Layer 4 Protocol ACE: 1 In the ACL Setup page of the Create ACL wizard, click New. A list of ACEs appears. 2 Select New L4 Protocol ACE. The Create L4 Protocol ACE dialog box appears. 3 In the Action list, select Permit to allow access if the conditions in the ACE are matched, or Deny to refuse access if the conditions are matched.
Using Access Control Lists for Security 315 Table 26 Commonly Used IP Protocol Numbers (continued) IP Protocol Number Protocol 89 Open Shortest Path First (OSPF) protocol 103 Protocol Independent Multicast (PIM) 112 Virtual Router Redundancy Protocol (VRRP) 115 Layer Two Tunneling Protocol (L2TP) For a complete list of IP protocol numbers, see www.iana.org/assignments/protocol-numbers. 8 Click Finish. Adding ACEs to an ACL The order in which ACEs are listed in an ACL is critical.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS Mapping User-Based ACLs When you map a user-based ACL, you can use any defined ACL, even if that ACL is also mapped to a port, VLAN, or virtual port. You can set a Filter-Id authorization attribute at the RADIUS server or at the WX switch’s local database. The Filter-Id attribute is a security ACL name (or two ACL names) with the direction of the packets indicated.
Using Access Control Lists for Security 317 Mapping ACLs to Ports, VLANs, or Virtual Ports You can map ACLs to ports (or port groups), VLANs, or virtual ports. You cannot map an ACL to a MAP port or a wired authentication port. To map an ACL to ports, VLANs, or virtual ports: 1 In the Create ACL wizard, click ACL Map. The ACL Map page appears. 2 Do one of the following: To map an ACL to a Distributed MAP, see “Mapping an ACL to a VLAN”.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS 6 In the Name list, select the VLAN name from the list. Only names of VLANs that have previously been created appear in the list. 7 Click Finish to save the mapping. The Create ACL wizard reappears. 8 Click Finish to close the Create ACL wizard. Mapping an ACL to a Port 1 In the ACL Map page, click New. 2 Select New ACL Port Map. The Create ACL Port Map dialog box appears.
Configuring 802.1X Parameters Configuring 802.1X Parameters 319 The IEEE 802.1X standard provides an authentication framework that supports a variety of methods for authenticating and authorizing network access for wired or wireless users. You can configure 802.1X authentication parameters for an individual WX or for a domain policy. CAUTION: 802.1X parameter settings are global for all SSIDs configured on the WX switch. To configure 802.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS 10 To set the maximum number of times the WX switch retransmits an EAP request to the client before timing out the authentication session, specify the value (0 to 10) in the Maximum Requests box. The default is 2 attempts. To support SSIDs that have both 802.1X and static WEP clients, MSS sends a maximum of two ID requests, even if this parameter is set to a higher value.
Configuring 802.1X Parameters 321 15 To enable WEP key rolling (rotation) of the broadcast and multicast WEP keys, select WEP Key Rolling. 16 To specify the time to wait before rotating the WEP key, specify the value, from 30 to 1,641,600 seconds, (19 days) in the WEP Key Rolling Period box. The default is 3600 seconds (one hour). 17 To specify the number of seconds MSS retains session information for Bonded Auth™ (bonded authentication) purposes for an authenticated machine while waiting for the 802.
CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS
8 MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS This chapter describes the management of WX system files. It includes information about uploading a WX switch configuration into 3WXM, verifying configuration information, synchronizing local and network changes, deploying WX switches from a network plan to the network, distributing image and configuration files, importing and exporting WX switch configuration files, working with domain policies, and rebooting WX switches or MAP access points.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Table 27 WX File Management Options in 3WXM (continued) Option Description Configure and apply policies Applies configuration settings from policies to a single switch or multiple switches. (“Configuring and Applying Policies” on page 345.) Deploy Sends WX switch configurations from the network plan into the live network, to implement the network plan on the live WX switches.
Uploading a WX Switch Configuration into 3WXM Uploading a WX Switch Configuration into 3WXM 325 If you have already installed and configured a WX, you can upload its configuration into 3WXM. You must first set the country code using the set system countrycode command in the CLI. For more information about this and other CLI commands, see the Wireless LAN Switch and Controller Command Reference.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS To upload a WX switch configuration 1 In the main 3WXM window, select Manage > Upload. The Upload Wireless Switch wizard appears. 2 In the IP Address box, type the IP address for the WX switch. 3 In the Enable Password box, type the enable password for the WX switch. This password must match the enable password that was defined using the CLI command set enablepass.
Verifying Configuration Information Verifying Configuration Information 327 If the connection time takes more than 30 seconds, adjust the Connect Timeout value. (See “Changing Network Synchronization Options” on page 466.) 3WXM uses a set of rules to verify WX switch configurations. Changes to a WX switch’s configuration in 3WXM or in the live network are automatically evaluated by comparing the changes to the rules.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS The Verification tab contains a Config Verification tab and a Network Verification tab: The Config Verification tab shows errors and warnings for WX switch configuration information in 3WXM. The Network Verification tab shows errors and warnings for configuration information in the network. The errors and warnings can be for WX switch configuration items and for the monitoring service.
Verifying Configuration Information Filtering the Message List Resolving an Error or Warning 329 By default, all warning and error messages are listed. You can use the following options to filter the message list: Show Errors — Error messages are listed only when this option is selected. Show Warnings — Warning messages are listed only when this option is selected. Show Disabled — Disabled rules are listed only when this option is selected.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Disabling a Rule from the Message List All 3WXM rules are enabled by default. If you want 3WXM to stop alerting you about a specific error or warning, you can disable the rule for that error or warning. You can disable rules on a per-instance basis or globally for all instances. If you disable a rule for a specific instance, 3WXM stops alerting you about that particular instance but still uses the rule when evaluating other configurations.
Verifying Configuration Information 331 In addition, 3WXM allows you to deploy or export configuration changes that cause error messages by default. To change verification options 1 On the toolbar of the Verification tab click Options. The Verification Options dialog box appears.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS 3 Locate the rule you want to disable. You can click on the Class or Rule headers to sort alphabetically by rule class or by rule name. You also can filter the display to show only the rules in a specific class. To filter the rule list based on class: a Click Filter By Class. The rule list changes to list the rules in the selected class. b Select a rule class from the listbox. The list of rules changes to list the rules in the selected class.
Synchronizing Local and Network Changes 333 b Click next to the instances you want to disable, then go to step 10. 10 Click Close. Synchronizing Local and Network Changes Whenever configuration changes occur to a WX switch, 3WXM alerts you that changes have occurred. If configuration changes occur on a WX switch in the network or in the network plan so that the network and network plan are out of synch, 3WXM displays a message in a popup window to alert you that a change has occurred.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Deploy — Send the configuration changes to the same WX switch in the network. Undo — Remove the changes from the WX switch in the network plan. For network changes: Review — Display the configuration changes that have occurred in the network for the selected WX switch. Accept — Update the WX switch in the network plan with the changes from the live WX switch. Undo — Remove the changes from the WX switch in the network.
Synchronizing Local and Network Changes 335 Table 29 Toolbar Options on Managed Devices Tab (continued) Option Description Upload Opens the Upload Wireless Switch wizard, which lets you add a new WX switch to the network plan by copying the configuration from a WX switch already running in the network. (See “Uploading a WX Switch Configuration into 3WXM” on page 325.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS To deploy local changes, go to “To deploy local changes”. To accept network changes, go to “To accept network changes”. To undo changes, go to “To undo changes”. To deploy local changes 1 Select one or more WX switches. To select multiple switches, press Shift (for contiguous switches) or Control (for noncontiguous switches) while clicking. 2 In the Local Changes group box, click Deploy. The Deploy Configurations dialog box appears.
Synchronizing Local and Network Changes 337 To undo changes 1 Select one or more WX switches. To select multiple WX switches, press Shift (for contiguous WX switches) or Control (for noncontiguous WX switches) while clicking. 2 Do one of the following: To undo local changes, click Undo in the Local Changes group box. To undo network changes, click Undo in the Network Changes group box. The status is shown in the Network Status and Local Status columns.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS To modify configuration polling options 1 Display the Managed Devices tab by doing one of the following: Click on Local Changes or Network Changes in the Alerts panel. Select Manage > Managed Devices from the main 3WXM toolbar. 2 Click Options on the Managed Devices tab’s toolbar. The Managed Device Options dialog box appears. 3 To enable the detection of configuration changes in the network, make sure Poll Config is selected.
Deploying WX switches from a Network Plan to the Network Deploying WX switches from a Network Plan to the Network 339 To deploy the WX switches configured in a network plan, select Manage > Deploy from the toolbar in the main 3WXM window. The Deploy Configurations dialog box is displayed. This dialog box is also accessible from the Managed Devices tab, and is displayed when you click Deploy on that tab.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS 4 If the network plan is successfully deployed and synchronized, save the network plan at this time. Distributing Image and Configuration Files You can manage WX system image and configuration files by using the Distribute Images & Configuration dialog box.
Distributing Image and Configuration Files Distributing System Images 341 You can distribute a system image to one or more WX switches in a Mobility Domain. Optionally, you can distribute compatible configuration information from the network plan to the WX switches at the same time. To use a new system image, you must reboot the WX. For more information, see “Rebooting WX Switches or MAP Access Points” on page 348. 3Com recommends that you verify the network plan before distributing system images.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Distributing WX Configuration Files You can distribute a complete WX configuration defined in a network plan as a file and download it to one or more WX switches at one time. Using this feature replaces the current configuration file on the WX. You must reboot the WX for the configuration file to take effect. 3Com recommends that you verify the network plan before distributing configuration files.
Importing and Exporting WX switch Configuration Files 343 If you import a configuration containing information that an older version of 3WXM or MSS does not support, the information is ignored when the configuration is imported. If you import a WX switch configuration, you must enable 3WXM management of the WX switch before you can deploy the WX switch to the network. (To enable 3WXM management of a WX switch, see “Configuring Basic WX Properties” on page 188.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS To export a configuration To export a configuration, use the following procedure. 1 Select File > Export. The Export Configurations dialog box appears. 2 In the Export From list, select the Mobility Domain whose configuration you want to export. 3 If you want to export the configuration file to a different directory, click the Choose button, which is labeled with the current output directory. The Select dialog box appears.
Configuring and Applying Policies Configuring and Applying Policies 345 The Policies section of the Organizer panel allows you to set configuration parameters that you define once in 3WXM and then apply to multiple WX switches. When you apply a policy to a set of WX switches, all parameter settings in the policy are applied to the switches and override the settings already on the switches.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS Configuring a Policy 1 In the Organizer panel, click Policies to expand the Policies area, if not already expanded. 2 Do one of the following: Click in the blank area of the Policies area and select Config > Insert > Policy. Right-click in the blank area of the Policies area and select Insert > Policy. The Create Policy wizard appears. 3 Type a name for the policy.
Configuring and Applying Policies 347 Table 30 Configuration Information For This Feature Area See... Admin and Network Access Rules “Configuring and Managing Access Rules for Administrative Users” on page 280 “Configuring and Managing Access Rules for Network Users” on page 286 RF Detection “Detecting and Combatting Rogue Devices” on page 419 VLANs and Spanning Tree Properties “Configuring VLANs” on page 189 Service Profiles and Radio Profiles “Configuring a Service Profile” on page 238.
CHAPTER 8: MANAGING WX SYSTEM IMAGES AND CONFIGURATIONS The Policy Manager window appears. 3 Select the policy from the Select Policy drop-down list. 4 Select the switches in the Devices column. 5 Click Review Changes. For each switch you select, a tab appears. Each tab lists the CLI commands for the configuration changes that will be applied to the switch if you accept the changes. 6 To apply the changes from the policy to the switches, click Apply Changes, then click Close.
9 MANAGING CERTIFICATES A digital certificate is a form of electronic identification for computers. This chapter describes processing and managing certificates, and distributing PKS #12 files. Overview A digital certificate is a form of electronic identification for computers. The 3Com Mobility System supports the following types of X.509 digital certificates: Administrative certificate for the monitoring service or a WX switch 802.
CHAPTER 9: MANAGING CERTIFICATES Processing Certificates When 3WXM client connects to 3WXM Services or to a WX switch that presents a certificate that is unknown to 3WXM client, the Certificate Check dialog box appears. The dialog shows information about the certificate and allows you to accept or reject the certificate and therefore accept or reject the connection.
Managing Certificates 351 Managing Certificates After you have installed certificates, you can review a certificate or delete a certificate that is stored in the 3WXM certificate store. Reviewing Certificate Details After installing a certificate in 3WXM, you can see information such as the time frame for which the certificate is valid and who issued the certificate. To review certificate details 1 Select Tools > Certificate Management from the toolbar in the main 3WXM window.
CHAPTER 9: MANAGING CERTIFICATES Distributing PKCS #12 Files You can use 3WXM to distribute PKCS #12 files to one or more WX switches. After you select the file to distribute, you must enter the PKCS #12 password that was used to generate the certificate. You must also select whether the file is to be installed for administrative, 802.1X, or WebAAA purposes. You can then download the PKCS #12 file to the WX switches.
10 MONITORING THE NETWORK This chapter describes how to use the 3WXM monitoring service. It includes information about monitoring service requirements, accessing monitored data, using the Explore, Status Summary, Client Monitor, RF Monitor, and RF Trends windows, and accessing realtime performance statistics and the event log. Overview The 3WXM service regularly checks the status of the network and reports that status to each 3WXM client that is connected to the service.
CHAPTER 10: MONITORING THE NETWORK The 3WXM service is configured to provide data for the Explore and Status Summary windows by default. To provide data to the client and RF windows, you must enable the service to poll WX switches for client and RF data. You also can enable the service to receive SNMP traps generated by the WX switches. (See “Changing Monitoring Settings” on page 489.
Using the Explore Window 355 3 Do one of the following: Select Monitor > New Monitor from the toolbar in the main 3WXM window. Right-click on the object and select New Monitor. The Monitor tab appears in the Content panel. Each option in step 3 displays monitored data for the selected object. Using the Explore Window The Explore window shows the status of 3Com equipment within the scope of the object selected in the Equipment or Sites section of the Organizer panel.
CHAPTER 10: MONITORING THE NETWORK If you select a MAP access point, radio, wiring closet, or coverage area in the Sites section of the Organizer panel, the floor plan is displayed. Floor views are available only if you add the floor to the site information in the network plan.
Using the Explore Window Toolbar Options 357 The Explore window has a toolbar in the link view and the floor view. Table 31 lists the options on the toolbar in the link view. Table 31 Toolbar Options in Link View of Explore Window Icon Description Show the zoom navigator panel. Zoom in. Zoom out. Refresh the information. Fit the view in the Explore window. Print the view displayed in the Explore window. Display link labels for WX switches, ports, buildings, floors. Show wired authentication ports.
CHAPTER 10: MONITORING THE NETWORK Table 32 lists the options on the toolbar in the floor view. Table 32 Toolbar Options in Floor View of Explore Window Icon Description Show the zoom navigator panel. Zoom in. Zoom out. Refresh the information. Fit the view in the Explore window. Print the view displayed in the Explore window. Displays link labels for MAPs.
Using the Explore Window 359 Table 32 Toolbar Options in Floor View of Explore Window (continued) Hide the 802.11 coverage. Take an RF measurement. Display the view in reverse video. Threshold Flags A red flag next to an object in the link view of the Explore window indicates that a threshold for the object has been exceeded. The thresholds are defined by the 3WXM service. (See “Changing 3WXM Services Preferences” on page 479.
CHAPTER 10: MONITORING THE NETWORK You can select on the object that has the red flag for more information. An asterisk indicates the statistic whose threshold was crossed. In the example above, the WX switch has a higher signal-to-noise ratio (SNR) than specified for the threshold. Double-click on the object with the red flag to drill down to even more detailed information. In the example below, the client counts for each MAP access point being actively managed by the switch are displayed.
Using the Explore Window 361 When a red flag appears in the Explore window, the column for the statistic whose threshold was exceeded also turns red in the RF Trends window. Displaying Object Details To drill down for more detailed information for an object in the Explore window, double-click on the object. All Monitor Tab windows, including the Explore window itself, are updated to display information specifically about the selected object.
CHAPTER 10: MONITORING THE NETWORK Displaying 802.11 Coverage When a floor view is displayed in the Explore window, you can display 802.11 coverage for the floor. To display coverage, select MAPs, then click on one or more of the following icons on the Explore window’s toolbar: Displays 802.11a coverage. Displays 802.11b coverage. Displays 802.11g coverage. Here is an example of the 802.11g coverage of a MAP radio, displayed according to the baseline association rate of 36 Mbps.
Using the Explore Window 363 The jagged appearance of the coverage area is normal and is caused by the RF obstacles around the radio. The RF obstacle information in the floor plan enables 3WXM to more accurately portray RF information for the network, including a radio’s coverage. If the coverage area for a radio is displayed as a sphere, then the floor plan does not have any RF obstacles around the radio.
CHAPTER 10: MONITORING THE NETWORK Taking RF Measurements In the floor view, you can take an RF measurement at any point on the floor plan. An RF measurement point indicates the RSSI value for each 3Com radio on the floor. To take an RF measurement 1 In the floor view of the Explore window, click on the window’s toolbar. RF measurement options appear on the left.
Using the Explore Window 365 RF measurement point RSSI measurements Table 34 lists the RF measurement information that is displayed for the measurement point. Table 34 RF Measurement Information Item Value X (Feet) Distance in the X direction from the 0,0 coordinate (the upper left corner of the panel). Y (Feet) Distance in the Y direction from the 0,0 coordinate (the upper left corner of the panel).
CHAPTER 10: MONITORING THE NETWORK Table 34 RF Measurement Information (continued) Item Value Show MAPs on Other Floors Show the MAPs located on other floors that can be detected from this RF measurement point. MAP/AP MAP or third-party access points detected. Distance (Feet) Distance between MAP and RF measurement point. Channel Channel of the MAP or third-party access point. RSSI (dBm) Signal strength from the MAP at the RF measurement point.
Using the Client Monitor Window Using the Client Monitor Window 367 The Client Monitor window shows detailed information about client activity on the network. Client information is displayed in the following tabs: Client Activity — displays association and 802.1X information for the clients Client Sessions — lists bandwidth, signal-to-noise-ratio (SNR), and received signal strength indicator (RSSI) information for client sessions Client Watch List — lists the clients 3WXM is tracking.
CHAPTER 10: MONITORING THE NETWORK Table 35 Toolbar Options in Client Monitor Window (continued) Refreshing Client Data Option Description Report Opens the Watch List Client Report dialog box, which enables you to generate a report for specific clients on the watch list. (See “Generating a Watch List Client Report” on page 446.) By default, the data displayed in the Client Monitor window is not refreshed. You can refresh the data on demand, or automatically at regular intervals.
Using the Client Monitor Window 369 Data Displayed When a Mobility Domain or Site is Selected When a Mobility Domain is selected in the organizer panel, the Client Monitor window’s Client Activity tab displays a row of information for each WX switch in the Mobility Domain. The same counters appear when you select a Site, building, or floor. Table 36 lists the data displayed on the Client Activity tab when a Mobility Domain is selected.
CHAPTER 10: MONITORING THE NETWORK Table 36 Client Activity Columns When a Mobility Domain is Selected Option Description Authentication Failures Number of times authentication for a client failed.
Using the Client Monitor Window 371 Table 36 Client Activity Columns When a Mobility Domain is Selected Option Description Associations Number of times a client associated with a radio on this WX switch. De-Associations Number of times a client de-associated from a radio on this WX switch. Roams Number of times a client roamed to a new MAP access point, either on the same WX switch or another WX switch. Clears Number of times a client session was cleared.
CHAPTER 10: MONITORING THE NETWORK Table 37 lists the data displayed on the Client Activity tab when a WX switch, MAP access point, or individual radio is selected.
Using the Client Monitor Window 373 Table 38 Activity Details for Association Failure Column Description MAC Address MAC address of the client. Association Failure Cause Cause of the association failure: already-exist cipher-mismatch cipher-rejected load-balance other switching-ssid wep-not-configured Client Location Mobility Domain, WX switch, MAP access point, and radio that were dealing with the client. SSID SSID the client was requesting.
CHAPTER 10: MONITORING THE NETWORK Table 39 Activity Details for Authentication Failure (continued) Column Description Client Location Mobility Domain, WX switch, MAP access point, and radio that were dealing with the client. Session ID ID used by 3Com equipment to track the session within the Mobility Domain. Auth Server IP System IP address of the WX switch that was attempting to authenticate the client.
Using the Client Monitor Window 375 Table 40 Activity Details for Authorization Failure (continued) Column Description Authorization Failure Cause Reason the authorization failure trap was generated: acl-mismatch crypto-type-mismatch end_date_mismatch location-policy mobility-profile-mismatch other ssid-mismatch start_date_mismatch timeofday-mismatch user-param vlan-tunnel-failure Client Location Mobility Domain, WX switch, MAP access point, and radio that w
CHAPTER 10: MONITORING THE NETWORK Table 41 Activity Details for Authorization Successful (continued) Column Description Auth Protocol Type 802.1X protocol used to authenticate the client: EAP-TLS MD5 NONE PASS-THROUGH PEAP RSSI Strength of the signal received by the radio from the client. Access Type Authentication type that granted access: DOT1X MAC LAST-RESORT WEB Session ID ID used by 3Com equipment to track the session within the Mobility Domain.
Using the Client Monitor Window 377 Table 41 Activity Details for Authorization Successful (continued) Column Description Auth Server IP System IP address of the WX switch that was attempting to authenticate the client. Note — The system IP address is listed even if the switch was using a RADIUS server to authenticate the client. SSID SSID the client was requesting. Client Location Mobility Domain, WX switch, MAP access point, and radio that were dealing with the client.
CHAPTER 10: MONITORING THE NETWORK Table 43 Activity Details for Disassociation (continued) Column Description Session ID ID used by 3Com equipment to track the session within the Mobility Domain. Client IP Address IP address of the client. Auth Server IP System IP address of the WX switch that was attempting to authenticate the client. Note — The system IP address is listed even if the switch was using a RADIUS server to authenticate the client. SSID SSID the client was associated with.
Using the Client Monitor Window 379 Table 44 Activity Details for Dot1x Failure (continued) Column Description RSSI Strength of the signal received by the radio from the client. Dot1x Failure Cause Cause of the failure. Table 45 Activity Details for Roam Displaying Client Session Information Column Description User Name Username of the client. MAC Address MAC address of the client. SSID SSID the client was associated with.
CHAPTER 10: MONITORING THE NETWORK Table 46 lists the data displayed on the Client Sessions tab when the scope is a Mobility Domain. Table 46 Client Sessions Columns When a Mobility Domain is Selected Column Description Scope Scope of the data displayed in the row. The scope for each row in the Client Activity tab is always a WX switch.
Using the Client Monitor Window 381 Data Displayed When the Scope is a Mobility Domain When a Mobility Domain is selected in the organizer panel, the Client Monitor window’s Client Sessions tab displays a row of information for each WX switch in the Mobility Domain. Table 47 lists the data displayed on the Client Sessions tab when the scope is a Mobility Domain. Table 47 Client Sessions Columns When Scope Is a Mobility Domain Column Description Scope Scope of the data displayed in the row.
CHAPTER 10: MONITORING THE NETWORK Data Displayed When a WX Switch, MAP, or Radio is Selected When a WX switch, MAP access point, or individual radio is selected in the organizer panel, the Client Monitor window’s Client Sessions tab displays a row of information for each client session. Table 48 lists the data displayed on the Client Sessions tab when the scope is a WX switch, MAP access point, or individual radio.
Using the Client Monitor Window 383 Table 48 Client Sessions Columns When Scope Is a WX Switch, MAP, or Radio Column Description SSID SSID with which the client is associated. Access Type Authentication type that granted access: DOT1X MAC LAST-RESORT WEB Location Mobility Domain, WX switch, MAP access point, and radio that were dealing with the client. SNR SNR of data transmissions from the client to the radio. RSSI RSSI of data transmissions from the client to the radio.
CHAPTER 10: MONITORING THE NETWORK Table 49 Session Properties Columns (continued) Column Description Authentication Server System IP address of the WX switch that was attempting to authenticate the client. Note — The system IP address is listed even if the switch was using a RADIUS server to authenticate the client. SSID SSID with which the client is associated.
Using the Client Monitor Window 385 Table 49 Session Properties Columns (continued) Column Description Session State State of the user session: Associated — User is authenticated using an 802.11 protocol and associated with a MAP. Authorizing — User is authenticated and is starting the AAA authorization process. Authorized — User is authorized. Active — User is on the network. Deassociated — User is disassociated from the MAP.
CHAPTER 10: MONITORING THE NETWORK Displaying Session Statistics On the Client Sessions tab, select the Session Statistics tab at the bottom of the window. On the Session Statistics tab, you can select statistics for the MAP the client is associated with, or total statistics for the client’s entire roaming history. For the current statistics, select Current AP. For the totals for the entire roaming history, select Lifetime. Table 50 lists the information displayed on the tab.
Using the Client Monitor Window 387 Table 50 Session Statistics Columns (continued) Column Description Unicast Bytes Out Number of unicast bytes transmitted by the radio to the client during this session. Unicast Packets Out Number of unicast packets transmitted by the radio to the client during this session. Transmit Timeouts Number of times a packet transmitted by the radio to a client remained unacknowledged long enough for the transmission attempt to time out.
CHAPTER 10: MONITORING THE NETWORK Displaying Session Location History On the Client Sessions tab, select the Location History tab at the bottom of the window. Each row represents a session with a 3Com radio. When a client roams from one radio to another, the session on the radio the client is leaving is closed and a new session is opened on the radio to which the client is roaming.
Using the Client Monitor Window Managing the Client Watch List 389 You can add clients to a watch list. The watch list allows you to monitor client roaming history and network performance. 3WXM monitors the clients on the watch list by MAC address. Adding a Client to the Watch List You can add a client to the watch list using either of the following methods: On the Client Session tab, select the client, then click Client Monitor window’s toolbar.
CHAPTER 10: MONITORING THE NETWORK 2 Select one of the following: Find a specific user — to find a user using specific search attributes. Go to step 3. Find all users — to find all users. Go to step 4. 3 Use any or all of the following search criteria: In the Username box, specify the username of the user you want to find. In the IP Address box, specify the IP address of the user. In the MAC Address box, specify the MAC address of the user.
Using the Client Monitor Window 391 6 Click Next. The search results appear. 7 To add a user to the watch list in the User Management tab, select the Add Watch checkbox in the user row. Repeat for all users that you want to add to the watch list. 8 Click Finish.
CHAPTER 10: MONITORING THE NETWORK Displaying the Client Watch List To display the watch list, select the Client Watch List tab in the Client Monitor window. To display details for a client on the watch list, select the client. Details for the client appear in the window.
Using the Client Monitor Window 393 Details are displayed on the following tabs: Session — displays the Session Properties, Session Statistics, and Location History tabs. These are the same tabs displayed at the bottom of the Client Sessions tab. (For descriptions of the data they display, see “Displaying Client Session Information” on page 379.) Trend: Session Stats — Displays operational rate, SNR, and RSSI trend data.
CHAPTER 10: MONITORING THE NETWORK Displaying a Client’s Geographical Location To display the location of a client within a site, select the client, then click on the Client Monitor window’s toolbar. The floor the client is currently on is displayed, as well as the client’s likely location on the floor. The client is most likely in the vicinity of the contour shown on the floor plan. The contour is labeled with the client’s username and IP address.
Using the RF Monitor Window Using the RF Monitor Window 395 The RF Monitor window shows detailed RF information for each radio. Radio information is displayed in the following tabs: RF Neighborhood — lists the other transmitting devices that the radio can hear. SSID-BSSID Mapping — lists the MAC address associated with each SSID the radio can hear Activity — lists log messages for the radio RF Environment — lists 802.
CHAPTER 10: MONITORING THE NETWORK Displaying RF Neighborhood Information In the RF Monitor window, select the RF Neighborhood tab at the bottom of the window. The RF Neighborhood tab lists the transmitters that can hear or are heard by the radio selected in the top section of the window. You can select the viewpoint of the list: To list the other transmitters that the selected radio can hear, select Transmitters.
Using the RF Monitor Window 397 Table 53 lists the information displayed on the tab. Table 53 RF Monitor RF Neighborhood Columns Column Description Neighbor MAP name and radio number. Note — This information comes from the site plan and is displayed only if the MAP is in the plan. BSSID BSSID detected by the radio. Note — This column displays a single entry for each 3Com radio, even if the radio is supporting multiple BSSIDs. However, BSSIDs for third-party 802.
CHAPTER 10: MONITORING THE NETWORK Displaying the Activity Log The activity log displays RF Auto-Tuning and countermeasures activity for the radio. To display the activity log, in the RF Monitor window, select the Activity tab at the bottom of the window. Table 54 lists the information displayed on the tab. Table 54 RF Monitor Activity Log Columns Column Description Time System date and time on the WX switch when the switch generated the SNMP trap for the event message.
Using the RF Monitor Window Displaying RF Environment Statistics 399 To display RF environment statistics, in the RF Monitor window, select the RF Environment tab at the bottom of the window. Table 55 lists the information displayed on the tab. Table 55 RF Monitor Environment Columns Column Description Channel Radio channel to which the other columns apply. Noise Noise threshold on the active channel. RF Auto-Tuning prefers channels with low noise levels over channels with higher noise levels.
CHAPTER 10: MONITORING THE NETWORK Table 55 RF Monitor Environment Columns (continued) Using the RF Trends Window Column Description PHY Packet Errors Number of frames received by the MAP radio that had physical layer errors on the active channel. These errors can indicate interference from a non-802.11 device. Pkt Re-transmissions Number of retransmitted packets sent from the client to the radio on the active channel.
Using the RF Trends Window 401 Table 56 lists the information displayed in the top section of the RF Trends window. Table 56 RF Trends Columns Column Description Radio MAP name and radio number. SNR Signal-to-noise ratio of the last data packet received by the radio. Throughput Rate at which data is transmitted by the radio, in bits per second. Authorized Clients Number of authorized clients associated with the radio. Client Failures Combined number of the following types of errors: 802.
CHAPTER 10: MONITORING THE NETWORK When looking at graphed data, you can see the data in absolute or delta values. Delta (rate of change) values are calculated with the following equation: value at end of polling interval - value at beginning of polling interval time difference (in seconds) To change how you view data values, select Absolute to see absolute values or Deltas to see rate-of-change values. Refreshing RF Trend Data By default, the data displayed in the RF Trends window is not refreshed.
Accessing Realtime Performance Statistics 403 In the Client Monitor window, click on the window’s toolbar. Go to “Viewing Performance Data” on page 405. 2 Select the scope to monitor from the list on the left side of the dialog box. 3 Select the specific object(s) to monitor from the list on the right side of the dialog box. To select multiple contiguous objects, click Shift while selecting. To select multiple noncontiguous objects, click Ctrl while selecting.
CHAPTER 10: MONITORING THE NETWORK 5 Select the polling interval from the poll interval box. The intervals available depend on the scope and statistic type you selected. 6 Click Start Monitoring. The Statistics tab for your scope selection appears in the Content panel. Generally, the scope is an aggregate object, which means that it is made up of sub-objects. (The exception is when a scope is a set of ports.
Accessing Realtime Performance Statistics 405 8 You can repeat step 2 through step 7 for other scopes and objects. The corresponding Statistics tab appears, along with the first tab. If you make changes in the network plan that affect the object membership list (for example, you add a WX to a Mobility Domain and deploy it), the current monitoring session does not update this change. Stop the session, and restart performance monitoring for the scope.
CHAPTER 10: MONITORING THE NETWORK Viewing Current Data To see the current performance data, click the Current tab. To sort data You can sort data in ascending or descending order to see the highest or lowest values at a glance. To sort data, click the title of the column whose data you want to sort. Click the column title again to toggle between ascending and descending order. To see details for performance data You can see performance data for the objects in the scope you selected.
Accessing Realtime Performance Statistics 407 Viewing Historical Data To see historical performance data in a graph, click the History tab. Graphing starts when you click the tab and is based on the polling interval you selected. To see details for historical data You can see historical data for the objects in the scope you selected. For example, if you selected a Mobility Domain as the scope, you can see historical data for the Mobility Domain, WX switches in the Mobility Domain, or WX ports.
CHAPTER 10: MONITORING THE NETWORK Viewing Data in Percentages To see a set of objects in a particular category of data as percentages in a pie chart, click the Percent tab. Data for the pie chart is captured when you click the tab and is based on the polling interval you selected. To see details for percentage-based performance data You can see percentage data for the objects in the selected scope.
Accessing Realtime Performance Statistics 409 To hide the list of objects that you can graph, click Hide Object Selector. Doing this allows you to see the graph in the full width of the Statistics tab. The following figure shows the delta values for Octets In and Octets Out for the entire Mobility Domain as percentages in a pie chart.
CHAPTER 10: MONITORING THE NETWORK Exporting Performance Data You can export performance data (absolute values only) to a file in comma-delimited text (.csv) format. To export data to a file 1 In the Statistics tab, click Export Absolute. The Export Data dialog box appears. 2 To specify a directory and name for the file, click Choose. On UNIX and Linux systems, the default directory is the home directory of the user running 3WXM.
Accessing the Event Log Accessing the Event Log Displaying the event log 411 3WXM maintains a log of system events.
CHAPTER 10: MONITORING THE NETWORK Toolbar Options Table 57 lists the options on the Event tab’s toolbar. Table 57 Toolbar Options on Event Tab Refreshing the Data Option Description Export Displays the Export Data dialog box, which lets you save log data into a file. Refresh Refreshes the data. Show Event Details Displays details for the currently selected message in the bottom section of the Event tab. Show Filters Displays the filter tabs in the bottom section of the Event tab.
Accessing the Event Log 413 You now see the log entries in Event tab that match the criteria of the filter that you chose. To monitor event messages for a WX switch in the network plan, the switch must be in the list of monitored switches configured on the monitoring service. In addition, the log monitoring option must be enabled on the service. (See “Changing 3WXM Services Preferences” on page 479.
CHAPTER 10: MONITORING THE NETWORK 3 In the IP Address box, type an IP address or a partial IP address. For example, if you type 10.20, you see all events that pertain to IP addresses containing the string 10.20. Set the search criteria by selecting contains the string, contains all of the strings, or contains at least one of the strings. 4 In the Date list, select one of the following to filter events by time: Any — No events are filtered based on time criteria.
Accessing the Event Log 415 Filtering Events by Severity You can limit the events you see in Event tab based on event severity. 1 Click on the Severity tab. 2 Select or clear the severity levels to display (the following descriptions are WX-based): Emergency — The WX is unusable. Alert — Action must be taken immediately. Critical — You must resolve the critical condition. If you do not resolve the condition, the WX might reboot or shut down.
CHAPTER 10: MONITORING THE NETWORK To save a filter: 1 In the Stored Filters group box, type a new filter name in the Name box. 2 Type a name for the filter (1 to 80 alphanumeric characters, with no tabs). 3 Click Save. The filter is saved and appears in the Stored Filters list. Deleting Filters You can delete any filter that you created, but you cannot delete predefined filters. To delete a filter: 1 In the Stored Filters group box, select the filter to be deleted. 2 Click Delete.
Accessing the Event Log 417 By default, this option is selected. 4 To copy files before overwriting them, select Copy Files Before Overwriting. By default, this option is selected. The existing file is copied to a file with a .bak extension. 5 Click Export. You can see the status of the export process in the Results box. 6 Click Close. Reviewing Event Details To see the details for a specific event, select the event. Event details appear in the lower section of the Event tab.
CHAPTER 10: MONITORING THE NETWORK
11 DETECTING AND COMBATTING ROGUE DEVICES This chapter discusses how to manage rogue devices that try to use your wireless network. Information includes an overview of detection features, enabling countermeasures, using the Rogue Detection tab, displaying a rogue’s geographical location, ignoring friendly third-party devices, and converting a rogue into a third party AP. Overview MAP radios automatically scan the RF spectrum for other devices transmitting in the same spectrum.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES Ad Hoc Users RF Detection Scans Another type of rogue is a private WLAN user group. The group might be using an access point or software that provides access point functionality to a wireless laptop. Users can configure a wireless network interface card (NIC) in “ad hoc” mode and easily set up a simple peer-to-peer network. Although this WLAN might be isolated from the corporate WLAN, the users are stealing the air from legitimate WLAN users.
Rogue Detection Requirements Countermeasures 421 You can enable MSS to use countermeasures against rogues. Countermeasures consist of packets that interfere with a client’s ability to use the rogue. Countermeasures are disabled by default. When you enable them, all devices of interest that are not in the known devices list become viable targets for countermeasures. The Mobility Domain’s seed WX switch automatically selects individual radios to send the countermeasure packets.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES Table 58 SNMP Notifications for RF Detection Notification Type Description RFDetectUnAuthorizedOUI Indicates that MSS has detected a wireless device that is not on the list of permitted vendors. RFDetectUnAuthorizedAP Indicates that MSS has detected the MAC address of an AP that is on the attack list.
Rogue Detection Lists Rogue Detection Lists 423 Rogue detection lists specify the third-party devices and SSIDs that MSS allows on the network, and the devices MSS classifies as rogues. You can configure the following rogue detection lists: Permitted SSID list—A list of SSIDs allowed in the Mobility Domain. MSS generates a message if an SSID that is not on the list is detected. Permitted vendor list—A list of the wireless networking equipment vendors whose equipment is allowed on the network.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES MAP radio detects wireless packet. Source MAC in Ignore List? No SSID in Permitted SSID List? No Yes Yes OUI in Permitted Vendor List? No Generate an alarm. Yes Classify device as a rogue. Issue countermeasures (if enabled). Source MAC in Attack List? Yes No Rogue classification algorithm deems the device to be a rogue? No Device is not a threat.
Using the Rogue Detection Tab Using the Rogue Detection Tab 425 To display rogue information, select Monitor > Rogue Detection from the toolbar in the main 3WXM window. The Rogue Detection tab appears in the Content panel. The Rogue Detection tab lists information about the rogue devices detected in the network. The rogue list section of the tab lists all rogues detected within the time period specified in the filter section. To display information about a rogue, select the rogue.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES 3WXM Services keeps events in a circular log. Once the log becomes full, 3WXM Services purges old entries to make room for new ones. However, the 3WXM Services never purges the entries for the first appearance and first disappearance of a rogue. Toolbar Options The Rogue Detection tab has a toolbar. Table 59 lists the options on the toolbar.
Using the Rogue Detection Tab 427 2 Select the type of entries you want to display: Rogue APs—APs that are on the 3Com network but do not belong there. Interfering APs—Devices that are not part of the 3Com network but also are not rogues. No client connected to these devices have been detected communicating with any network entity listed in the forwarding database (FDB) of any WX switch in the Mobility Domain.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES To change the scope of the rogue list 1 Select the scope in the Organizer panel. 2 Select Show for selected scope in the toolbar of the Rogue Detection tab. 3WXM updates the rogue list to display only the rogues detected within the selected scope. If you change the scope by selecting another object in the Organizer panel, or you deselect the Show for selected scope option, click Refresh to refresh the rogue list for the new scope setting.
Using the Rogue Detection Tab 429 Activity Log Tab The Activity Log tab lists the appearance and disappearance of the selected rogue, the rogue’s SSID, and the number of MAP radios that detected the rogue or its disappearance. Table 60 lists the information displayed in the Rogue Details section of the Rogue Detection tab. Table 60 Rogue Details Columns Column Description Time Time when 3WXM client received updated information from the monitoring service.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES Table 61 Rogue Listener Details Columns Column Description RSSI Strength of the signal received by the listener from the rogue. SSID SSID of the rogue. Clients Tab The Clients tab lists details about the clients of rogue devices. To display client information for a rogue, select the rogue in the Filtered List. Table 59 lists the information displayed on the Clients tab.
Ignoring Friendly Third-Party Devices Ignoring Friendly Third-Party Devices 431 By default, when countermeasures are enabled, MSS considers any third-party transmitter to be a rogue device and can send countermeasures to prevent clients from using that device. To prevent MSS from sending countermeasures against a friendly device, add the device to the known addresses list.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES Converting a Rogue into a Third Party AP If a device in the rogue list belongs to a third-party AP in your network, you can convert the rogue into a third-party AP. When you convert a rogue into a third-party AP, the rogue disappears from the rogue list. Converting a rogue into a third-party AP applies only to the network plan, in 3WXM. 3WXM does not send this information in any form to the WX switches in the network.
Adding a Rogue’s Clients to the Black List Adding a Rogue’s Clients to the Black List 433 The client black list is a switch’s list of MAC addresses of wireless clients who are not allowed on the network. MSS prevents clients on the list from accessing the network through an WX switch. 1 In the Filtered List of rogues on the Rogue Detection tab, select the rogues whose clients you want to place on the black list. 2 Click on the toolbar. The Select Devices dialog is displayed.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES d Click Finish. 5 To add an Organizationally Unique Identifier (OUI) to the list of allowed wireless equipment vendors: a Click Permitted OUI List. b Click Selected Vendors. The Select Vendor OUIs wizard is displayed. c Select the device type: Client AP All (clients and APs) d Select the vendor from the Vendor drop-down list. e Select the specific OUIs you want to allow for the selected vendor.
Configuring RF Detection Options from the Organizer Panel b Click New Rogue Device Address. The Create Rogue Device Address wizard is displayed. c Type the rogue’s MAC address. d Click Finish. 9 Click Finish to save the changes and close the Modify RF Detection wizard.
CHAPTER 11: DETECTING AND COMBATTING ROGUE DEVICES
12 GENERATING REPORTS This chapter describes the reports you can generate with 3WXM: Inventory Mobility Domain Configuration WX Configuration Client Summary Client Details Client Errors Watch List Client Network Usage RF Summary Radio Details Rogue Summary Site Survey Work Order
CHAPTER 12: GENERATING REPORTS Overview The Reports option of the main toolbar enables you to generate reports for network clients, RF usage, rogue devices, and 3Com equipment.
Generating an Inventory Report Generating an Inventory Report 439 The inventory report lists the WX switches and MAP access points in a specific Mobility Domain or that do not belong to a Mobility Domain. To generate an inventory report 1 Select Reports > Inventory Report from the toolbar in the main 3WXM window. The Inventory Report dialog box appears. 2 To change the Mobility Domain the report is for, select it from the drop-down list.
CHAPTER 12: GENERATING REPORTS Generating a Mobility Domain Configuration Report The Mobility Domain configuration report lists information for all the WX switches in a Mobility Domain, including the VLANs, radio and service profiles, and RADIUS server groups and servers configured on the WX switch(es). 1 Select Reports > Mobility Domain Configuration from the toolbar in the main 3WXM window. The Mobility Domain Configuration Report dialog box appears.
Generating a WX Configuration Report Generating a WX Configuration Report 441 The WX configuration report lists configuration details for a WX switch. 1 Select Reports > WX Configuration from the toolbar in the main 3WXM window. The WX Configuration Report dialog box appears. 2 Select the WX switch for which you want the report. The scope is always Wireless Switch and cannot be changed.
CHAPTER 12: GENERATING REPORTS Table 65 WX Configuration Report Sections (continued) Generating a Client Summary Report Section Description Distributed APs Distributed MAPs configured on the WX switch. Radio Profiles Radio profiles configured on the WX switch. Service Profiles Service profiles configured on the WX switch. 802.1X 802.1X parameters configured on the WX switch. RADIUS RADIUS server groups and servers configured on the WX switch.
Generating a Client Details Report 443 5 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 6 Click Generate. 7 When the report is generated, click the report link to view it.
CHAPTER 12: GENERATING REPORTS 3 Click on the Select field, and select one of the following from the drop-down list: User Name IP Address MAC Address 4 Click on the Value field. Erase the text in the field and type the username, IP address, or MAC address of the user, depending on the selection criterion you specified in step 3. 5 Press Enter to complete the filter. 6 Repeat step 2 through step 5 for each user you want to display details for.
Generating a Client Errors Report Generating a Client Errors Report 445 The client errors report lists error statistics for current client sessions. The data for this report comes from the 3WXM Services. The Enable RF trending option, located in the RF Monitor group box, must be enabled. (See “Changing Monitoring Settings” on page 489.) 1 Select Reports > Client Errors from the toolbar in the main 3WXM window. The Client Errors Report dialog box appears.
CHAPTER 12: GENERATING REPORTS Client errors on individual WX switches (See “Using the Client Monitor Window” on page 367 for information about the data columns in each section of the report.) Generating a Watch List Client Report The watch list client report lists session information and roaming history for clients on the watch list. The client must be on the client watch list. (See “Managing the Client Watch List” on page 389.
Generating a Network Usage Report 447 The watch list client report contains the following sections: Session Properties Location History Session Statistics AP Statistics (See “Using the Client Monitor Window” on page 367 for information about the data columns in each section of the report.) Generating a Network Usage Report The network usage report lists network usage statistics. The data for this report comes from the monitoring service.
CHAPTER 12: GENERATING REPORTS 5 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select. 6 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 7 Click Generate. 8 When the report is generated, click the report link to view it.
Generating a Radio Details Report 7 Days 30 Days 449 5 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select. 6 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 7 Click Generate. 8 When the report is generated, click the report link to view it.
CHAPTER 12: GENERATING REPORTS (See “Using the RF Monitor Window” on page 395 and “Using the RF Trends Window” on page 400 for information about the data in each section of the report.) Generating a Rogue Details Report The rogue details report lists detailed information about rogue devices. The data for this report comes from the monitoring service. The Enable Rogue Detection option, located in the Rogue Detection group box of the Monitoring Settings tab, must be enabled.
Generating a Rogue Summary Report Generating a Rogue Summary Report 451 The rogue summary report lists information about rogues. The data for this report comes from the monitoring service. The Enable Rogue Detection option, located in the Rogue Detection group box of the Monitoring Settings tab, must be enabled. (See “Changing Monitoring Settings” on page 489.) 1 Select Reports > Rogue Summary from the toolbar in the main 3WXM window. The Rogue Summary Report dialog box appears.
CHAPTER 12: GENERATING REPORTS Generating a Site Survey Order The site survey order contains the locations and MAC addresses of the line-of-site (LOS) points for use when conducting a site survey, and also provides a GIF image of the floor. For the site survey order to be meaningful, you must specify the line-of-site (LOS) points first. (See “Placing RF Measurement Points” on page 169.) To generate a site survey order 1 Select Reports > Site Survey Order from the toolbar in the main 3WXM window.
Generating a Work Order Generating a Work Order 453 A work order provides all of the necessary information for the physical installation of the 3Com Mobility System. A work order shows where the MAP access points should be installed, WX initial setup configuration information, and projected RSSI information that is useful when verifying the installation. The work order has meaning only after you add planning information. (See “Planning the 3Com Mobility System” on page 95.
CHAPTER 12: GENERATING REPORTS
13 OPTIMIZING A NETWORK PLAN After you deploy a network plan to the 3Com equipment in your live network, you can optimize the plan based on RF information from the network. The RF information can be from a site survey or from MAP radios. Site survey—RF measurements come from a site survey file generated by the Ekahau Site Survey™ tool. Save the file in comma-separated values (csv) format and import the file into 3WXM. MAP radios—RF measurements come from the MAPs in the network.
CHAPTER 13: OPTIMIZING A NETWORK PLAN 3 Click Import Measurements. The Import RF Measurements wizard appears.
Importing RF Measurements 457 4 Select the source(s) of the measurements. Network—Measurements come from MAP radios. File—Measurements come from a site survey file. You can select one or both sources. 5 If you selected File, select the file format from the File Format listbox. 6 If you did not select File, go to step 9. 7 Click Choose to navigate to the csv file that contains the RF measurement data. 8 In the Map Name field, specify the map name.
CHAPTER 13: OPTIMIZING A NETWORK PLAN If the number is greater than 0, 3WXM successfully imported measurements. If the number is 0, no measurements were imported. Try the import again. If you are using a site survey file, verify that the map name is correct. Applying the RF Measurements to the Floor Plan 1 On the Optimize RF Coverage page of the Building wizard, click Optimize. A wizard appears, listing the progress of the request.
Locating and Fixing Coverage Holes Locating and Fixing Coverage Holes 459 After you import RF measurements and optimize, you can look for coverage holes by displaying coverage. Locating a Coverage Hole 1 Access the Optimize RF Coverage page of the Building wizard, if not already open. (See “Accessing the Building Wizard” on page 95.
CHAPTER 13: OPTIMIZING A NETWORK PLAN You also can show coverage by right-clicking on the scope in the Coverage Areas section, then selecting Show RF Coverage. Coverage for the selected scope(s) is displayed. This example shows 802.11a coverage, by transmit data rate, for the coverage area SSMG_A. To hide coverage again, right-click on the scope in the Coverage Areas section and select Hide RF Coverage.
Locating and Fixing Coverage Holes 461 Install new MAPs and add them to the network plan. Using this method, you install the new MAP first, then integrate it into your network plan. Computing and Placing New MAPs The procedure for computing and placing new MAPs is the same as the procedure you use for initial planning. Make sure you lock the existing MAPs in place before you compute and place the new MAPs. (See “Computing MAP Placement” on page 152.
CHAPTER 13: OPTIMIZING A NETWORK PLAN
A USING 3WXM WITH HP OPENVIEW If you installed the HP OpenView plug-in during installation of 3Com Wireless LAN Switch Manager (3WXM), you can use HP OpenView in conjunction with 3WXM to manage the 3Com Mobility System. This chapter discusses preparing to use HP OpenView and 3WXM, and starting 3WXM from the Network Node Manager.
CHAPTER A: USING 3WXM WITH HP OPENVIEW
B CHANGING 3WXM PREFERENCES This chapter discusses how to set 3Com Wireless LAN Switch Manager (3WXM) client preferences. It describes how to reset preferences values and change options for network synchronization, user interface, persistence, tools, certificate management, RF planning, and 3WXM logging. Overview You can set 3WXM preferences for a user session on the system on which 3WXM is installed. The preferences you set are valid only for that user on that system.
CHAPTER B: CHANGING 3WXM PREFERENCES Resetting Preferences Values Changing Network Synchronization Options You can reset the preferences values to their default values by doing one of the following: To reset the values for a tab, click the tab to display it, and click Reset. (Each tab has a Reset button.) To reset all preferences for all tabs, click Reset All. By default, 3WXM checks for configuration changes, events, and status changes on WX switches.
Changing Network Synchronization Options 467 3 To set the amount of time that 3WXM waits for a connection to be established to a WX before trying to connect again, specify the timeout (1 to 30 seconds) in the Connect Timeout box. The default is 5 seconds. 4 To set the number of times (0 to 5) 3WXM tries to reconnect to the WX after the original attempt, specify the value in the Retry Count box. The default is 3 times.
CHAPTER B: CHANGING 3WXM PREFERENCES Changing User Interface Options You can change the following user interface options: Confirmation prompt when closing wizard pages Window style for exploring the topological view in the main 3WXM window Size of icons in 3WXM Placement of the wizard index in wizard dialog boxes To change 3WXM user interface options: 1 Select Tools > Preferences. The Preferences dialog box appears. 2 Click the UI tab.
Changing Persistence Options 469 5 Within Icon Size, select one of the following: 16x16 — Change all icons to 16x16 pixels. This is the default setting. 20x20 — Change all icons to 20x20 pixels. 24x24 — Change all icons to 24x24 pixels. 6 Within Show Wizard Index, select one of the following: On Top — See the wizard index at the top of wizard dialog boxes. This is the default setting. On Left — See the wizard index on the left of wizard dialog boxes.
CHAPTER B: CHANGING 3WXM PREFERENCES 3 To change the Telnet executable file or location used by 3WXM, type the path of the executable file in the Telnet Executable box. The default Telnet executable file is C:\WINDOWS\system32\telnet.exe. You can also click Browse to navigate the computer filesystem. 4 To change the Web browser executable file or location used by 3WXM, type the path of the executable file in the Browser Executable box.
Changing Options for RF Planning 471 3 To automatically accept self-signed certificates, select Always accept self-signed certificates. To clear this option, clear Always accept self-signed certificates. By default, this option is disabled. The 3WXM client accepts a certificate only if the certificate is signed by a certificate authority (CA). 4 Click Close to close the Preferences dialog box, or click another tab to continue making changes.
CHAPTER B: CHANGING 3WXM PREFERENCES 3 In the Typical Client Tx Power box, specify the typical transmit power (1 to 20 dBm) for clients in the network. The default is 13 dBm, which is a common client transmit power. If you want to choose the color for an RF technology or obstacle, see “Changing Colors”. Changing Colors You can change the color schemes for showing the following types of RF information: 802.11a channels 802.11b and 802.
Changing Options for RF Planning 473 To Change a Color 1 Select Tools > Preferences. The Preferences dialog box appears. 2 Click the RF tab. 3 Select one of the following tabs: 802.11a Channel Colors 802.11b/g Channel Colors RF Obstacle Colors Data Rate Colors RSSI Band Colors SNR Band Colors Load Band Colors Probability Colors 4 Click on the color column for the color you want to change. The Choose Color dialog box appears.
CHAPTER B: CHANGING 3WXM PREFERENCES For more information about using HSB, see “Defining a Color by Changing HSB Properties” on page 475. For more information about using RGB, see “Defining a Color by Changing RGB Properties” on page 476. Defining a Color from the Palette 1 To specify a color using the color palette, click Swatches in the Choose Color dialog box. 1 From the color palette, click the color you want to see. Repeat until you find the color you want.
Changing Options for RF Planning 475 Defining a Color by Changing HSB Properties You can define colors by changing the hue, saturation, and brightness (HSB). Hue is the color itself (for example, blue, orange, or purple). Hue is measured in degrees (0 to 360 degrees). Saturation is the strength of the color. Saturation values are measured in percentages, with 0 percent indicating no color saturation (gray) and 100 percent indicating full saturation.
CHAPTER B: CHANGING 3WXM PREFERENCES 3 To change the saturation value, select the S option and do one of the following: In the S box, specify a value between 0 and 100 percent. Use the slider to specify the saturation value. 4 To change the brightness value, select the B option and do one of the following: In the B box, specify a value between 0 and 100 percent. Use the slider to specify the brightness value. 5 Click OK to accept the color.
Changing 3WXM Logging Options 477 2 Use the Red, Green, and Blue sliders to define a color. You can see a preview of the color in the Preview box. 3 Click OK to accept the color. The RF Planning Options tab in the Preferences dialog box is active. 4 Do one of the following: Changing 3WXM Logging Options Change another color. Click another Preferences tab. Click Close to close the Preferences dialog box. You can change the severity and type of 3WXM events that are logged.
CHAPTER B: CHANGING 3WXM PREFERENCES 3 In the Log Event Level list, select one of the following event levels: Critical — A critical condition has occurred that requires immediate resolution. Warning — An event that might require attention has occurred. Info — Informational messages only. No action is required. Debug — All events are shown, including debug messages. Select the Debug option only if 3Com Technical Support has advised you to do so.
C CHANGING 3WXM SERVICES PREFERENCES This chapter discusses how to change 3WXM Services preferences. Overview To set 3WXM Services preferences, select Tools > 3WXM Services Setup from the toolbar in the main 3WXM window. See the following figure on the next page. This chapter describes how to change monitoring service preferences. To change 3WXM client preferences, see “Changing 3WXM Preferences” on page 465. To configure access control for the 3WXM client, see “Restricting Access to 3WXM” on page 77.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES The 3WXM Services Setup window contains a configuration area and a message area at the bottom. When you click Save to implement changes you make on one of the window’s tabs, the monitoring service verifies the changes. If the changes are valid, the service implements the changes. Otherwise, the service displays error messages and does not implement the changes. By default, the monitoring service does not allow remote connections.
Starting or Stopping the 3WXM Services Starting or Stopping the 3WXM Services 481 3WXM Services is started automatically when you complete installation and starts automatically whenever you restart your system. You can start 3WXM Services from within 3WXM or from Windows Services. 1 Display the Services window. Here is an example of the Services window in Windows XP. (The window might look differently on your system.) 2 Scroll down and select 3WXM Services. 3 Select the Start or Stop option.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES Connecting to 3WXM Services If a firewall is enabled on the host where you install 3WXM Services, 3WXM Services will not be able to communicate with 3WXM client or with WX switches unless the firewall is configured to allow through traffic for the SSL and SNMP ports (443 and 162 by default). To connect to 3WXM Services 1 Select Monitor -> Service Selection from the toolbar in the main 3WXM window. 2 Start 3WXM client.
Connecting to 3WXM Services 483 If the Open Network Plan option is selected and this is the first time you are accessing the server from this client, 3WXM Services opens a new (blank) network plan. 8 Click Next. If the Certificate Check dialog is displayed, click Accept. (For more certificate options, see the next section, “Certificate Check”.) If the Finish button does not become available, read the last message in the message area of the page to determine why the service could not be reached.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES By default, the 3WXM client does not accept self-signed certificates, even from 3WXM Services. Instead, when 3WXM Services or another device presents a self-signed certificate to the 3WXM client, the Certificate Check dialog box appears on the client. This dialog box displays the certificate information. The options you select in this dialog box apply to all HTTPS connections with the 3WXM client.
Verifying that the 3WXM Client is Receiving Service Data Verifying that the 3WXM Client is Receiving Service Data 485 If you are using a network plan that already contains equipment, use the following procedure to verify that the 3WXM client is receiving data for the equipment. 1 Select an object in the Organizer panel, then right-click and select Monitor. The Monitor tab appears in the Content panel.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES 4 The change the UDP port on which 3WXM Services listens for SNMP traps, type or select the port number in the HTTPS Server Port box. The default is 162. 5 To enable 3WXM Services to receive traps, select one or both of the following trap types: SNMP V1 Traps SNMP V3 Traps 3WXM Services does not start listening for SNMP notifications from the WX switches in the network plan until you save the network plan.
Changing WX Connection Settings 487 If this is the first user account, 3WXM Services inserts the username you used to log onto the machine that is running 3WXM Services in the Account Name box. However, you are not required to use this name. In fact, you are not required to use a name that matches a user account on the machine. The 3WXM Services automatically makes the first user account you add an Admin account.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES 4 To change the number of times 3WXM Services will reattempt to query a WX switch, if 3WXM Services does not receive a reply to the first query attempt within the connect timeout, type or select the value in the Retry Count box. You can specify from 0 to 5 retries. The default is 5 retries. 5 To prevent 3WXM Services from accepting all types of certificates from the WX switches it monitors, click Accept all certificates to disable the option.
Changing Monitoring Settings Changing Monitoring Settings 489 By default, status monitoring and monitoring of WX notifications is enabled but monitoring of WX log messages and traps are disabled. Status monitoring supplies data for the Explore and Status Summary windows of the Monitor tab. SNMP notifications (traps) generated by WX switches supply data for the Client Monitor, RF Monitor, and RF Trends windows.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES The data for some reports also requires monitoring options to be enabled. For information, see the descriptions for each report in “Generating Reports” on page 437. To change monitoring settings To change monitoring settings, use the following procedure. 1 Select Tools > 3WXM Services Setup. The 3WXM Services Setup dialog box appears. (See Figure on page 480.) 2 Click the Monitoring Settings tab.
Changing Monitoring Settings 491 7 To enable the monitoring service to track client connection failures, select Collect client connection failure traps. This option enables the monitoring service to collect data from the following traps generated by monitored WX switches: ClientAssociationFailure, ClientAuthenticationFailure, ClientAuthorizationFailure, and ClientDot1xFailure. This option is disabled by default.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES When a TCA is triggered, the alert is displayed as a red flag in the link view of the Explore window of the Monitor tab. You can click on the object for more information. In addition, the corresponding data column in the RF Trends window of the Monitor tab turns red. 9 To enable 3WXM Services to track rogue detection and countermeasures information, select Enable Rogue Detection. This option is enabled by default.
Managing Network Plans 493 By default, backups created automatically by 3WXM are stored in the following location: 3WXM\backup\auto\plan_name Backups created by you are stored in the following location by default: 3WXM\backup\manual\plan_name 3WXM zips the backup files and assigns them unique names. You can assign a name to a backup that you create. However, this name does not appear in the backup directory. To select a plan based on the name you assign, use the Backup/Restore dialog.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES Restoring a Plan from a Backup To restore a plan from a backup 1 Access the Backup/Restore dialog. 2 Click on the backup you want to restore. 3 Click Restore. 4 Click Close to close the dialog. Copying a Plan Backup from One Server to Another You can copy a plan to another server by copying that plan’s backup file to the other server, then restoring the plan on the other server from the backup.
Managing Network Plans 495 The status is displayed in the Status window. Click Close to close the dialog. 9 On the other server (the one to which you copied the backup), access the Backup/Restore dialog. 10 Select the backup and click Restore. 11 Click Close to close the dialog. 12 Select File > Save from the menu bar in the main 3WXM window to save the plan. This completes the procedure. 13 To change the destination path, click on the path. The Select dialog appears.
CHAPTER C: CHANGING 3WXM SERVICES PREFERENCES
D Register Your Product OBTAINING SUPPORT FOR YOUR PRODUCT Warranty and other service benefits start from the date of purchase, so it is important to register your product quickly to ensure you get full use of the warranty and other service benefits available to you. Warranty and other service benefits are enabled through product registration. Register your product at http://eSupport.3com.com/. 3Com eSupport services are based on accounts that you create or have authorization to access.
CHAPTER D: OBTAINING SUPPORT FOR YOUR PRODUCT 3Com Knowledgebase helps you troubleshoot 3Com products. This query-based interactive tool is located at http://knowledgebase.3com.com and contains thousands of technical solutions written by 3Com support engineers. Access Software Downloads Software Updates are the bug fix / maintenance releases for the version of software initially purchased with the product.
Contact Us 499 product is registered and under warranty, you can obtain an RMA number online at http://eSupport.3com.com/. First time users will need to apply for a user name and password. Contact Us 3Com offers telephone, e-mail and internet access to Technical Support and repair services. To access these services for your region, use the appropriate telephone number, URL or e-mail address from the list below. Telephone numbers are correct at the time of publication.
CHAPTER D: OBTAINING SUPPORT FOR YOUR PRODUCT Country Telephone Number Country Telephone Number You can also obtain support in this region using the following URL: http://emea.3com.com/support/email.
INDEX Numbers 3WXM restricting access to 77 software requirements 21 toolbar icons 35 802.1Q tagging 191 802.1X access rules 286 802.1X authentication configuring 319 standard 319 802.1X network access rules setting up policy properties 295 accounting 284 authentication 283 creating 283 managing 285 setting up properties 283 ARP (Address Resolution Protocol) adding entries 233 aging timeout 233 configuring 233 assigning MAP channels 162 asterisks.
INDEX creating 283 managing 285 setting up properties 283 conventions notice icons, About This Guide 15 text, About This Guide 16 copying objects 70 countermeasures ignoring friendly devices 431 coverage areas defining 137 drawing 139 shared 137 specifying properties 143 specifying wireless technology for 142 D default routes configuring 228 delimiter characters, for user globs 281 Distributed MAPs mapping ACLs to 317 distributing system files 340 distributing WX software images 341 DNS (Domain Name
INDEX troubleshooting 30 unpacking files 23 user privileges 22 using the wizard 24 IP aliases configuring 229 creating 229 IP services ARP 233 configuring 226 DNS 230 IP aliases 229 NTP 231 static routes 226 MAP (Managed Access Point) adding connections 257 configuring 251 modifying attributes 252 rebooting 348 Mobility Domains creating 92 definition 90 roaming behavior 90 traffic ports used by 91 Mobility Profiles definition 306 monitoring service starting 481 L N layer 0 122 license key 22 link redun
INDEX O objects copying and pasting 70 optimal power 165 origin point, adjusting 119 P paper space cropping 118 pasting objects 70 performance data exporting 410 sorting 406 viewing 405 viewing details 406 PKCS #12 files, distributing 352 port fast convergence 197 port groups definition 225 link redundancy 225 ports mapping ACLs to 318 network 223 wired authentication 222 power, optimal 165 preferences certificate management 470 logging 477 network synchronization 466 resetting all preferences 466 re
INDEX image repository 340 system information, configuring 205 IGMP 198 static multicast ports 200 STP 197 STP fast convergence 201 creating 192 definition 189 deleting 203 mapping ACLs to 317 modifying 203 naming 191 roaming 191 tagging 191 users 190 VLAN globs in location policies 282 T tag type 191 TCP ACE, creating 311 Telnet, configuring 207 time zone, configuring 220 tracing configuring 218 properties, configuring 218 traffic forwarding 191 traffic ports used by Mobility Domains 91 tunnel affinity
INDEX
