User Manual Part 3
Table Of Contents
- Introduction
- 1.1 New Features
- 1.2 Feature Overview
- 1.2.1 Single or Dual Mode Radio Options
- 1.2.2 Separate LAN and WAN Ports
- 1.2.3 Multiple Mounting Options
- 1.2.4 Antenna Support for 2.4 GHz and 5.2 GHz Radios
- 1.2.5 Sixteen Configurable WLANs
- 1.2.6 Support for 4 BSSIDs per Radio
- 1.2.7 Quality of Service (QoS) Support
- 1.2.8 Industry Leading Data Security
- 1.2.9 VLAN Support
- 1.2.10 Multiple Management Accessibility Options
- 1.2.11 Updatable Firmware
- 1.2.12 Programmable SNMP v1/v2/v3 Trap Support
- 1.2.13 Power-over-Ethernet Support
- 1.2.14 MU-MU Transmission Disallow
- 1.2.15 Voice Prioritization
- 1.2.16 Support for CAM and PSP MUs
- 1.2.17 Statistical Displays
- 1.2.18 Transmit Power Control
- 1.2.19 Advanced Event Logging Capability
- 1.2.20 Configuration File Import/Export Functionality
- 1.2.21 Default Configuration Restoration
- 1.2.22 DHCP Support
- 1.2.23 Multi-Function LEDs
- 1.3 Theory of Operations
- Hardware Installation
- Getting Started
- System Configuration
- Network Management
- Configuring Access Point Security
- 6.1 Configuring Security Options
- 6.2 Setting Passwords
- 6.3 Enabling Authentication and Encryption Schemes
- 6.4 Configuring Kerberos Authentication
- 6.5 Configuring 802.1x EAP Authentication
- 6.6 Configuring WEP Encryption
- 6.7 Configuring KeyGuard Encryption
- 6.8 Configuring WPA Using TKIP
- 6.9 Configuring WPA2-CCMP (802.11i)
- 6.10 Configuring Firewall Settings
- 6.11 Configuring VPN Tunnels
- 6.12 Configuring Content Filtering Settings
- 6.13 Configuring Rogue AP Detection
- 6.14 Configuring User Authentication
- Monitoring Statistics
- Command Line Interface Reference
- Configuring Mesh Networking
- Technical Specifications
- Usage Scenarios
- Customer Support
- Index
AP-51xx Access Point Product Reference Guide
B-18
These three rules should be configured above all other rules (default or user defined). When
Advanced LAN Access is used, certain inbound/outbound rules need to be configured to
control incoming/outgoing packet flow for IPSec to work properly (with Advanced LAN
Access). These rules should be configured first before other rules are configured.
• Question 13: Do I need to add any special routes on the access point to get my VPN
tunnel to work?
No. However, clients could need extra routing information. Clients on the local LAN side
should either use the access point as their gateway or have a route entry tell them to use
the access point as the gateway to reach the remote subnet.
B.3 Replacing an AP-4131 with an AP-5131 or AP-5181
The access point’s modified default configuration enables an access point to not only operate in a
single-cell environrment, but also function as a replacement for legacy Symbol AP-4131 model access
points. You cannot port an access point’s configuration file to an access point, but you can configure
an access point similarly and provide an improved data rate and feature set.
An AP-4131 has only one LAN port and it is defaulted to DHCP/BOOTP enabled. The access point is
optimized for single-cell deployment, so it should allow the customer to use an access point as a
”drop-in” replacement for an existing AP-4131 deployment. However, to optimally serve as a
replacement for existing AP-4131 deployments, the access point’s “out-of-box” defaults are now set
as follows:
• The access point’s LAN1 port must default to DHCP client mode
• The access point’s LAN2 port must default to DHCP server mode
• The access point’s WAN port must default to Static mode.
• The default gateway now defaults to LAN1.
Scr <Remote Subnet IP range>
Dst <WAN IP address>
Transport UDP
Scr port 1:65535
Dst port 500
Rev NAT None