User Guide
Table Of Contents
- Nortel WLAN Security Switch 2300 Series Configuration Guide
- Contents
- How to get Help
- Introducing the Nortel WLAN 2300 System
- Using the Command-Line Interface
- Configuring AAA for Administrative and Local Access
- Configuring and Managing Ports and VLANs
- Configuring and Managing Ports
- Configuring and Managing VLANs
- Managing the Layer 2 Forwarding Database
- Port and VLAN Configuration Scenario
- Configuring and Managing IP Interfaces and Services
- MTU Support
- Configuring and Managing IP Interfaces
- Configuring the System IP Address
- Configuring and Managing IP Routes
- Managing the Management Services
- Configuring and Managing DNS
- Configuring and Managing Aliases
- Configuring and Managing Time Parameters
- Setting the Time Zone
- Configuring the Summertime Period
- Statically Configuring the System Time and Date
- Displaying the Time and Date
- Configuring and Managing NTP
- Adding an NTP Server
- Removing an NTP Server
- Changing the NTP Update Interval
- Resetting the Update Interval to the Default
- Enabling the NTP Client
- Displaying NTP Information
- Managing the ARP Table
- Pinging Another Device
- Logging In to a Remote Device
- Tracing a Route
- IP Interfaces and Services Configuration Scenario
- Configuring SNMP
- Overview
- Configuring SNMP
- Displaying SNMP Information
- Configuring and Managing Mobility Domain Roaming
- Configuring User Encryption
- Configuring AP access points
- AP Overview
- Configuring AP access points
- Specifying the Country of Operation
- Configuring a Template for Automatic AP Configuration
- Configuring AP Port Parameters
- Configuring AP-WSS Security
- Configuring a Service Profile
- Configuring a Radio Profile
- Configuring Radio-Specific Parameters
- Mapping the Radio Profile to Service Profiles
- Assigning a Radio Profile and Enabling Radios
- Disabling or Reenabling Radios
- Displaying AP Information
- Displaying AP Configuration Information
- Displaying a List of Distributed APs
- Displaying a List of Distributed APs that Are Not Configured
- Displaying Connection Information for Distributed APs
- Displaying Service Profile Information
- Displaying Radio Profile Information
- Displaying AP Status Information
- Displaying AP Statistics Counters
- Configuring RF Auto-Tuning
- Wi-Fi Multimedia
- Configuring and Managing Spanning Tree Protocol
- Configuring and Managing IGMP Snooping
- Configuring and Managing Security ACLs
- About Security Access Control Lists
- Creating and Committing a Security ACL
- Mapping Security ACLs
- Modifying a Security ACL
- Using ACLs to Change CoS
- Enabling Prioritization for Legacy Voice over IP
- Security ACL Configuration Scenario
- Managing Keys and Certificates
- Why Use Keys and Certificates?
- About Keys and Certificates
- Creating Keys and Certificates
- Choosing the Appropriate Certificate Installation Method for Your Network
- Creating Public-Private Key Pairs
- Generating Self-Signed Certificates
- Installing a Key Pair and Certificate from a PKCS #12 Object File
- Creating a CSR and Installing a Certificate from a PKCS #7 Object File
- Installing a CA’s Own Certificate
- Displaying Certificate and Key Information
- Key and Certificate Configuration Scenarios
- Configuring AAA for Network Users
- About AAA for Network Users
- AAA Tools for Network Users
- Configuring 802.1X Authentication
- Configuring Authentication and Authorization by MAC Address
- Configuring Web-based AAA
- Configuring Last-Resort Access
- Configuring AAA for Users of Third-Party APs
- Assigning Authorization Attributes
- Overriding or Adding Attributes Locally with a Location Policy
- Configuring Accounting for Wireless Network Users
- Displaying the AAA Configuration
- Avoiding AAA Problems in Configuration Order
- Configuring a Mobility Profile
- Network User Configuration Scenarios
- Configuring Communication with RADIUS
- Managing 802.1X on the WSS Switch
- Managing Sessions
- Managing System Files
- Rogue Detection and Countermeasures
- About Rogues and RF Detection
- Summary of Rogue Detection Features
- Configuring Rogue Detection Lists
- Enabling Countermeasures
- Disabling or Reenabling Active Scan
- Enabling AP Signatures
- Disabling or Reenabling Logging of Rogues
- Enabling Rogue and Countermeasures Notifications
- IDS and DoS Alerts
- Displaying RF Detection Information
- Appendix A: Troubleshooting a WS Switch
- Fixing Common WSS Setup Problems
- Recovering the System Password
- Configuring and Managing the System Log
- Running Traces
- Using Show Commands
- Remotely Monitoring Traffic
- Capturing System Information for Technical Support
- Appendix B: Supported RADIUS Attributes
- Appendix C: Mobility Domain Traffic Ports
- Appendix D: DHCP Server
- Glossary
- Index
- Command Index
618 Glossary
320657-A
failover In a redundant system, an operation by which a standby (or secondary) system component
automatically takes over the functions of an active (or primary) system component when the active component
fails or is temporarily shut down or removed for servicing. During and after failover, the system continues its
normal operations with little or no interruption in service.
FCC Federal Communications Commission. The United States’ governing body for telecommunications,
radio, television, cable, and satellite communications.
FDB See forwarding database (FDB).
Federal Communications Commission See FCC.
FHSS Frequency-hopping spread-spectrum. One of two types of spread-spectrum radio technology used in
wireless LAN (WLAN) transmissions. The FHSS technique modulates the data signal with a narrowband
carrier signal that “hops” in a predictable sequence from frequency to frequency as a function of time over a
wide band of frequencies. Interference is reduced, because a narrowband interferer affects the spread-spectrum
signal only if both are transmitting at the same frequency at the same time. The transmission frequencies are
determined by a spreading (hopping) code. The receiver must be set to the same hopping code and must listen
to the incoming signal at the proper time and frequency to receive the signal. Compare DSSS.
forwarding database (FDB) A database maintained on a WLAN—Security Switch (WSS) switch
for the purpose of making Layer 2 forwarding and filtering decisions. Each entry consists of the media access
control (MAC) address of a source or destination device, an identifier for the port on which the source or
destination station is located, and an identifier for the virtual LAN (VLAN) to which the device belongs. FDB
entries are either permanent (never deleted), static (not aged, but deleted when the WSS is restarted or loses
power), or dynamic (learned dynamically and removed through aging or when the WSS is restarted or loses
power).
frequency-hopping spread-spectrum See FHSS.
GBIC Gigabit interface converter. A hot-swappable input/output device that plugs into a gigabit Ethernet
port, to link the port with a fiber-optic or copper network. The data transfer rate is 1 gigabit per second (Gbps)
or more. Typically employed as high-speed interfaces, GBICs allow you to easily configure and upgrade
communications networks.
gigabit interface converter See GBIC.
wildcard See MAC address wildcard; user wildcard; VLAN wildcard.
GMK Group master key. A cryptographic key used to derive a group transient key (GTK) for the Temporal
Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
greenfield network An original deployment of a telecommunications network.
GRE tunnel A virtual link between two remote points on a network, created by means of the Generic
Routing Encapsulation (GRE) tunneling protocol. GRE encapsulates packets within a transport protocol
supported by the network.
GTK Group transient key. A cryptographic key used to encrypt broadcast and multicast packets for
transmissions using the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).
group master key See GMK.