User Guide
Table Of Contents
- Nortel WLAN Security Switch 2300 Series Configuration Guide
- Contents
- How to get Help
- Introducing the Nortel WLAN 2300 System
- Using the Command-Line Interface
- Configuring AAA for Administrative and Local Access
- Configuring and Managing Ports and VLANs
- Configuring and Managing Ports
- Configuring and Managing VLANs
- Managing the Layer 2 Forwarding Database
- Port and VLAN Configuration Scenario
- Configuring and Managing IP Interfaces and Services
- MTU Support
- Configuring and Managing IP Interfaces
- Configuring the System IP Address
- Configuring and Managing IP Routes
- Managing the Management Services
- Configuring and Managing DNS
- Configuring and Managing Aliases
- Configuring and Managing Time Parameters
- Setting the Time Zone
- Configuring the Summertime Period
- Statically Configuring the System Time and Date
- Displaying the Time and Date
- Configuring and Managing NTP
- Adding an NTP Server
- Removing an NTP Server
- Changing the NTP Update Interval
- Resetting the Update Interval to the Default
- Enabling the NTP Client
- Displaying NTP Information
- Managing the ARP Table
- Pinging Another Device
- Logging In to a Remote Device
- Tracing a Route
- IP Interfaces and Services Configuration Scenario
- Configuring SNMP
- Overview
- Configuring SNMP
- Displaying SNMP Information
- Configuring and Managing Mobility Domain Roaming
- Configuring User Encryption
- Configuring AP access points
- AP Overview
- Configuring AP access points
- Specifying the Country of Operation
- Configuring a Template for Automatic AP Configuration
- Configuring AP Port Parameters
- Configuring AP-WSS Security
- Configuring a Service Profile
- Configuring a Radio Profile
- Configuring Radio-Specific Parameters
- Mapping the Radio Profile to Service Profiles
- Assigning a Radio Profile and Enabling Radios
- Disabling or Reenabling Radios
- Displaying AP Information
- Displaying AP Configuration Information
- Displaying a List of Distributed APs
- Displaying a List of Distributed APs that Are Not Configured
- Displaying Connection Information for Distributed APs
- Displaying Service Profile Information
- Displaying Radio Profile Information
- Displaying AP Status Information
- Displaying AP Statistics Counters
- Configuring RF Auto-Tuning
- Wi-Fi Multimedia
- Configuring and Managing Spanning Tree Protocol
- Configuring and Managing IGMP Snooping
- Configuring and Managing Security ACLs
- About Security Access Control Lists
- Creating and Committing a Security ACL
- Mapping Security ACLs
- Modifying a Security ACL
- Using ACLs to Change CoS
- Enabling Prioritization for Legacy Voice over IP
- Security ACL Configuration Scenario
- Managing Keys and Certificates
- Why Use Keys and Certificates?
- About Keys and Certificates
- Creating Keys and Certificates
- Choosing the Appropriate Certificate Installation Method for Your Network
- Creating Public-Private Key Pairs
- Generating Self-Signed Certificates
- Installing a Key Pair and Certificate from a PKCS #12 Object File
- Creating a CSR and Installing a Certificate from a PKCS #7 Object File
- Installing a CA’s Own Certificate
- Displaying Certificate and Key Information
- Key and Certificate Configuration Scenarios
- Configuring AAA for Network Users
- About AAA for Network Users
- AAA Tools for Network Users
- Configuring 802.1X Authentication
- Configuring Authentication and Authorization by MAC Address
- Configuring Web-based AAA
- Configuring Last-Resort Access
- Configuring AAA for Users of Third-Party APs
- Assigning Authorization Attributes
- Overriding or Adding Attributes Locally with a Location Policy
- Configuring Accounting for Wireless Network Users
- Displaying the AAA Configuration
- Avoiding AAA Problems in Configuration Order
- Configuring a Mobility Profile
- Network User Configuration Scenarios
- Configuring Communication with RADIUS
- Managing 802.1X on the WSS Switch
- Managing Sessions
- Managing System Files
- Rogue Detection and Countermeasures
- About Rogues and RF Detection
- Summary of Rogue Detection Features
- Configuring Rogue Detection Lists
- Enabling Countermeasures
- Disabling or Reenabling Active Scan
- Enabling AP Signatures
- Disabling or Reenabling Logging of Rogues
- Enabling Rogue and Countermeasures Notifications
- IDS and DoS Alerts
- Displaying RF Detection Information
- Appendix A: Troubleshooting a WS Switch
- Fixing Common WSS Setup Problems
- Recovering the System Password
- Configuring and Managing the System Log
- Running Traces
- Using Show Commands
- Remotely Monitoring Traffic
- Capturing System Information for Technical Support
- Appendix B: Supported RADIUS Attributes
- Appendix C: Mobility Domain Traffic Ports
- Appendix D: DHCP Server
- Glossary
- Index
- Command Index
630 Glossary
320657-A
Web View A Web-based application for configuring and managing a single WLAN—Security Switch
(WSS) switch and its attached Access Point (AP) access ports through a Web browser. Web View uses a
secure connection that implements Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS).
WECA Wireless Ethernet Compatibility Alliance. See Wi-Fi Alliance.
WEP Wired-Equivalent Privacy protocol. A security protocol, specified in the IEEE 802.11 standard, that
attempts to provide a wireless LAN (WLAN) with a minimal level of security and privacy comparable to a
typical wired LAN. WEP encrypts data transmitted over the WLAN to protect the vulnerable wireless
connection between users (clients) and access ports (APs). Although appropriate for most home use, WEP is
weak and fundamentally flawed for enterprise use. Compare AES; CCMP; TKIP.
Wi-Fi Alliance An organization formed by leading wireless equipment and software providers, for
certifying all IEEE 802.11 wireless LAN (WLAN) products for interoperability and promoting the term Wi-Fi
as their global brand name. Only products that pass Wi-Fi Alliance testing can be certified. Certified products
are required to carry an identifying seal on their packaging stating that the product is Wi-Fi certified and
indicating the radio frequency band used (2.4 GHz for 802.11b and 5 GHz for 802.11a, for example). The
Wi-Fi Alliance was formerly known as the Wireless Ethernet Compatibility Alliance (WECA).
Wi-Fi Protected Access See WPA.
wildcard mask A 32-bit quantity used with an IP address to determine which bits in the address to
ignore in a comparison with another IP address. When setting up security access control lists (ACLs), you
specify source and destination IP addresses and corresponding wildcard masks by which the WSS switch
determines whether to forward or filter packets. The security ACL checks the bits in IP addresses that
correspond to any 0s (zeros) in the mask, but does not check the bits that correspond to 1s (ones) in the mask.
wired authentication port An Ethernet port that has 802.1X authentication enabled for access
control.
Wired-Equivalent Privacy protocol See WEP.
Wireless Ethernet Compatibility Alliance See Wi-Fi Alliance.
wireless Internet service provider See WISP.
wireless LAN See WLAN.
WISP Wireless Internet service provider. A company that provides public wireless LAN (WLAN) services.
WLAN Wireless LAN. A LAN to which mobile users (clients) can connect and communicate by means of
high-frequency radio waves rather than wires. WLANs are defined in the IEEE 802.11 standard.
WLAN Management Software ™ A tool suite for planning, configuring, deploying, and
managing a Nortel WLAN 2300 System wireless LAN (WLAN). Based on site and user requirements, WLAN
Management Software determines the location of WLAN—Security Switch (WSS) switches and Access
Point (AP) access points and can store and verify configuration information before installation. After
installation, WLAN Management Software deploys the settings on the equipment and manages and verifies
configuration changes. To monitor network performance, WLAN Management Software collects WSS and
AP information, calculates and displays AP neighbor relationships, and detects anomalous events—for
example, rogue access ports.