AP-5131 Access Point Product Reference Guide
AP-5131 Access Point Product Reference Guide 72E-70930-01 Revision A October 2005
© 2005 by Symbol Technologies, Inc. All rights reserved. No part of this publication may be reproduced or used in any form, or by any electrical or mechanical means, without permission in writing from Symbol. This includes electronic or mechanical means, such as photocopying, recording, or information storage and retrieval systems. The material in this manual is subject to change without notice. The software is provided strictly on an “as is” basis.
Contents About This Guide Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Document Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii Service Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
iv AP-5131 Access Point Product Reference Guide Kerberos Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 EAP Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 WEP Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 KeyGuard Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
v Available Product Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Placement of the AP-5131 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 Site Surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 Antenna Options . . . . . . . . . .
vi AP-5131 Access Point Product Reference Guide Enabling SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Specific SNMP Traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring SNMP RF Trap Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Network Time Protocol (NTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Logging Configuration. . . . . . . . . . . . . . . . . . . . .
vii Configuring WPA2-CCMP (802.11i) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22 Configuring Firewall Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25 Configuring LAN to WAN Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27 Available Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30 Configuring Advanced LAN Access . . . . . . . . . . . . . . . . . . .
viii AP-5131 Access Point Product Reference Guide Network Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-12 Network LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13 Network LAN, VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16 Network LAN, DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-23 Network Type Filter Commands . . . . . . . . . . . .
ix Appendix A. Technical Specifications Physical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1 Electrical Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-2 Radio Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-3 Antenna Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x AP-5131 Access Point Product Reference Guide
About This Guide Introduction This guide provides configuration and setup information for the AP-5131 model access point. Document Conventions The following document conventions are used in this document: NOTE Indicate tips or special requirements. ! CAUTION Indicates conditions that can cause equipment damage or data loss.
viii AP-5131 Access Point Product Reference Guide WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage. Notational Conventions The following notational conventions are used in this document: • • • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents.
AP-5131 Introduction The Symbol AP-5131 Access Point (AP) provides a bridge between Ethernet wired LANs or WANs and wireless networks. It provides connectivity between Ethernet wired networks and radio-equipped mobile units (MUs). MUs include the full line of Symbol terminals, bar-code scanners, adapters (PC cards, Compact Flash cards and PCI adapters) and other devices. The AP-5131 provides a maximum 54Mbps data transfer rate via each radio.
1-2 AP-5131 Access Point Product Reference Guide 1.1 Feature Overview The Symbol AP-5131 has the following features: • • • • • • • • • • • • • • • • • • • • • • • Single or Dual Mode Radio Options Separate LAN and WAN Ports Multiple Mounting Options Antenna Support for 2.4 GHz and 5.
AP-5131 Introduction If the AP-5131 is manufactured as a dual-radio access point, the AP-5131 enables you to configure one radio for 802.11a, and the other 802.11b/g. For more information on configuring your AP-5131, see Setting the WLAN’s Radio Configuration on page 5-36. 1.1.2 Separate LAN and WAN Ports The AP-5131 has one LAN port and one WAN port, each with their own MAC address.
1-4 AP-5131 Access Point Product Reference Guide 1.1.5 Sixteen Configurable WLANs A Wireless Local Area Network (WLAN) is a data-communications system that flexibly extends the functionalities of a wired LAN. A WLAN does not require lining up devices for line-of-sight transmission, and are thus, desirable for wireless networking. Roaming users can be handed off from one AP-5131 to another like a cellular phone system.
AP-5131 Introduction WMM defines four access categories (voice, video, best effort and background) to prioritize traffic to provide enhanced multimedia support. For information on configuring QoS support for the AP-5131, see Setting the WLAN Quality of Service (QoS) Policy on page 5-31. 1.1.8 Industry Leading Data Security The AP-5131 supports numerous encryption and authentication techniques to protect the data transmitting on the WLAN.
1-6 AP-5131 Access Point Product Reference Guide in RFC 1510), to authenticate users/clients in a wireless network environment and to securely distribute the encryption keys used for both encrypting and decrypting. A basic understanding of RFC 1510 Kerberos Network Authentication Service (V5) is helpful in understanding how Kerberos functions. By default, WLAN devices operate in an open system network where any wireless device can associate with an AP without authorization.
AP-5131 Introduction or formula for scrambling the data. A key is the specific code used by the algorithm to encrypt or decrypt the data. Decryption is the decoding and unscrambling of received encrypted data. The same device, host computer or front-end processor, usually performs both encryption and decryption. The data transmit or receive direction determines whether the encryption or decryption function is performed.
1-8 AP-5131 Access Point Product Reference Guide • a re-keying mechanism WPA uses an encryption method called Temporal Key Integrity Protocol (TKIP). WPA employs 802.1X and Extensible Authentication Protocol (EAP). For additional information con configuring WPA, see Configuring WPA Using TKIP on page 6-19. 1.1.8.6 WPA2-CCMP (802.11i) Encryption WPA2 is a newer 802.11i standard that provides even stronger wireless security than Wi-Fi Protected Access (WPA) and WEP.
AP-5131 Introduction 1.1.8.9 Content Filtering Content filtering allows system administrators to block specific commands and URL extensions from going out through the AP-5131 WAN port only. Therefore, content filtering affords system administrators selective control on the content proliferating the network and is a powerful screening tool. Content filtering allows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound HTTP, SMTP, and FTP requests.
1-10 AP-5131 Access Point Product Reference Guide 1.1.11 Updatable Firmware Symbol periodically releases updated versions of the AP-5131 device firmware to the Symbol Web site. If the AP-5131 firmware version displayed on the System Settings page (see Configuring System Settings on page 4-2) is older than the version on the Web site, Symbol recommends updating the AP-5131 to the latest firmware version for full feature functionality.
AP-5131 Introduction The Symbol Power Injector (Part No. AP-PSBIAS-T-1P-AF) is a single-port, 802.3af compliant Power over Ethernet hub combining low-voltage DC with Ethernet data in a single cable connecting to the AP-5131. The Power Injector’s single DC and Ethernet data cable creates a modified Ethernet cabling environment on the AP-5131’s LAN port eliminating the need for separate Ethernet and power cables. For more information on the Symbol Power Injector, see Symbol Power Injector System on page 2-7.
1-12 AP-5131 Access Point Product Reference Guide 1.1.16 Support for CAM and PSP MUs The AP-5131 supports both CAM and PSP powered MUs. CAM (Continuously Aware Mode) MUs leave their radios on continuously to hear every beacon and message transmitted. These systems operate without any adjustments by the AP-5131. A beacon is a uniframe system packet broadcast by the AP to keep the network synchronized.
AP-5131 Introduction AP-5131 managed Local Area Network (LAN). For more information, see Logging Configuration on page 4-28. 1.1.20 Configuration File Import/Export Functionality Configuration settings for an AP-5131 can be downloaded from the current configuration of another AP-5131. This affords the administrator the opportunity to save the current configuration before making significant changes or restoring the default configuration.
1-14 AP-5131 Access Point Product Reference Guide 1.1.23 Multi Function LEDs The AP-5131 houses seven LED indicators. Four LEDs exist on the top of the AP-5131 and are visible from wall, ceiling and table-top orientations. Three of these four LEDs are single color activity LEDs, and one is a multi-function red and white status LED.
AP-5131 Introduction • • • • • • • • MAC Layer Bridging Content Filtering DHCP Support Media Types Direct-Sequence Spread Spectrum MU Association Process Operating Modes Management Access Options 1.2.1 Cellular Coverage An AP-5131 establishes an average communication range with MUs called a Basic Service Set (BSS) or cell. When in a particular cell, the MU associates and communicates with the AP-5131 supporting the radio coverage area of that cell.
1-16 AP-5131 Access Point Product Reference Guide 1.2.2 Network Topology The following are sample topologies: • A single AP-5131 without a wired network establishing a single-cell wireless network for peer-to-peer MUs.
AP-5131 Introduction • A single AP-5131 bridging the Ethernet and radio networks.
1-18 AP-5131 Access Point Product Reference Guide • Two or more AP-5131s coexisting as separate, individual networks (WLANs) at the same site without interference using different ESSIDs. These separate WLANs can be configured to use different channel assignments to avoid RF interference.
AP-5131 Introduction • Multiple AP-5131’s wired together provide a network with better coverage area and performance when using the same ESSID. 1.2.3 MAC Layer Bridging The AP-5131 provides MAC layer bridging between its interfaces. The AP-5131 monitors traffic from its interfaces and, based on frame address, forwards the frames to the proper destination. The AP-5131 tracks source and destination addresses to provide intelligent bridging as MUs roam or network topologies change.
1-20 AP-5131 Access Point Product Reference Guide to another. The bridge forwards packets addressed to unknown systems to the Default Interface (Ethernet). The AP-5131 internal stack interface handles all messages directed to the AP-5131. Each AP-5131 stores information on destinations and their interfaces to facilitate forwarding.
AP-5131 Introduction Intercepting and decoding a direct-sequence transmission requires a predefined algorithm to associate the spreading code used by the transmitting AP-5131 to the receiving MU. This algorithm is established by IEEE 802.11b specifications. The bit redundancy within the chipping sequence enables the receiving MU to recreate the original data pattern, even if bits in the chipping sequence are corrupted by interference. The ratio of chips per bit is called the spreading ratio.
1-22 AP-5131 Access Point Product Reference Guide • • • Supported rate changes or the MU finds a better transmit rate with another AP-5131 RSSI (received signal strength indicator) of a potential AP-5131 exceeds the current AP-5131 Ratio of good-transmitted packets to attempted-transmitted packets falls below a threshold. An MU selects the best available AP-5131 and adjusts itself to the AP-5131 direct-sequence channel to begin association.
AP-5131 Introduction 1.2.8 Management Access Options Managing the AP-5131 includes viewing network statistics and setting configuration options. Statistics track the network activity of associated MUs and data transfers on the AP interfaces. The AP-5131 requires one of the following connection methods to perform a custom installation and manage the network: • • • • Secure Java-Based WEB UI - (use Sun Microsystems’ JRE 1.
1-24 AP-5131 Access Point Product Reference Guide
Hardware Installation An AP-5131 installation includes mounting the AP-5131 on a table-top, wall, ceiling T-bar or above the ceiling (attic or plenum), connecting the AP-5131 to the network (LAN or WAN port connection), connecting antennae and applying power. Installation procedures vary for different environments. ! CAUTION Symbol recommends conducting a radio site survey prior to installing the AP-5131.
2-2 AP-5131 Access Point Product Reference Guide 2.2 Package Contents Check package contents for the correct model AP-5131 and applicable AP-5131 accessories. Each available configuration (at a minimum), contains the following: • • • • AP-5131 (two models available) • Single 802.11a/g radio, external antenna (Part No. AP-5131-4002X-WW) • Dual 802.11a+g radios, external antenna (Part No. AP-5131-1304X-WW) Software and Documentation CD-ROM AP-5131 Install Guide (Part No.
Hardware Installation Symbol Part # Description AP-5131-40020-WW AP-5131 802.11a/g Single Radio Access Point AP-5131 Install Guide Software and Documentation CD-ROM Accessories Bag AP-5131-40021-WW AP-5131 802.11a/g Single Radio Access Point AP-5131 Install Guide Software and Documentation CD-ROM Power Injector (Part No. AP-PSBIAS-T-1P-AF) Accessories Bag AP-5131-40022-WW AP-5131 802.
2-4 AP-5131 Access Point Product Reference Guide ! CAUTION Using an antenna other than the Dual-Band Antenna (Part No. ML2452-APA2-01) could render the AP-5131’s Rogue AP Detector Mode feature inoperable. Contact your Symbol sales associate for specific information. 2.3 Requirements The minimum installation requirements for a single-cell, peer-to-peer network: • • • • AP-5131 (either the dual or single radio model) AP-5131 48 Volt Power Supply (Part No. 50-24000-050) or Symbol power injector (Part No.
Hardware Installation Symbol recommends conducting a site survey to define and document radio interference obstacles before installing the AP-5131 to maximize its radio coverage area. 2.4.1 Site Surveys A site survey analyzes the installation environment and provides users with recommendations for equipment and placement. The optimum placement of 802.11a access points differs from 802.
2-6 AP-5131 Access Point Product Reference Guide Symbol Part Number Antenna Type Nominal Net Gain (dBi) ML-2499-BYGA2-01 Yagi Antenna 13.9 ML-2452-APA2-01 Dual-Band 3.0 NOTE An additional adapter is required to use ML-2499-11PNA2-01 and ML-2499-BYGA2-01 model antennae. Please contact Symbol for more information. The 5.2 GHz antenna suite includes the following models: Symbol Part Number Antenna Type Nominal Net Gain (dBi) ML-5299-WPNA1-01 Panel Antenna 13.
Hardware Installation For detailed specifications on the 2.4 GHz and 5.2 GHz antennae mentioned in this section, see section 2.4 GHz Antenna Matrix on page A-4 and section 5.2 GHz Antenna Matrix on page A-4. 2.5 Power Options The power options for the AP-5131 include: • • • Symbol Power Injector (Part No. AP-PSBIAS-T-1P-AF) Symbol 48-Volt Power Supply (Part No. 50-24000-050) Any standard 802.3af compliant device. 2.
2-8 AP-5131 Access Point Product Reference Guide connecting to the AP-5131. The AP-5131 can only use a Power Injector when connected to the LAN port. The Symbol AP-5131 Power Supply (Part No. 50-24000-050) is not included in the kit and is orderable separately as an accessory. ! CAUTION The AP-5131 supports any standards-based 802.3af compliant power source (including non-Symbol power sources).
Hardware Installation 2.6.1 Installing the Power Injector Refer to the following sections for information on planning, installing, and validating the power injector installation: • • • Preparing for Site Installation Cabling the Power Injector Power Injector LED Indicators 2.6.1.1 Preparing for Site Installation The power injector can be installed free standing, on an even horizontal surface or wall mounted using the power injector’s wall mounting key holes.
2-10 AP-5131 Access Point Product Reference Guide Ensure the cable length from the Ethernet source (host) to the power injector and AP-5131 does not exceed 100 meters (333 ft.) The power injector has no On/Off power switch. The power injector receives power and is ready for AP-5131 device connection and operation as soon as AC power is applied. 2.6.1.
Hardware Installation For more information and device specifications for the Symbol power injector, refer to the Power Injector Quick Install Guide (Part No. 72-66153-01) available from the Symbol Web site or the AP-5131 Software and documentation CDROM. 2.7 Mounting the AP-5131 The AP-5131 can rest on a flat surface, attach to a wall, mount under a suspended T-Bar or above a ceiling (plenum or attic). Choose one of the following mounting options based on the physical environment of the coverage area.
2-12 AP-5131 Access Point Product Reference Guide 4. Cable the AP-5131 using either the Symbol power injector solution or an approved line cord and power supply. ! CAUTION Do not supply power to the AP-5131 until the cabling of the unit is complete. For Symbol power injector installations: a. Connect a RJ-45 Ethernet cable between the network data supply (host) and the power injector Data In connector. b.
Hardware Installation 5. Verify the behavior of the AP-5131 LEDs. For more information, see LED Indicators on page 2-20. 6. Return the AP-5131 to an upright position and place it in the location you wish it to operate. Ensure the AP-5131 is sitting evenly on all four rubber feet. The AP-5131 is ready to configure. For information on an AP-5131 default configuration, see Getting Started on page 3-1. For specific details on AP-5131 system configurations, see System Configuration on page 4-1. 2.7.
2-14 AP-5131 Access Point Product Reference Guide ! CAUTION Both the Dual and Single Radio model AP-5131s use RSMA type antenna connectors. On the Dual Radio AP-5131, a single dot on the antenna connector indicates the primary antenna for both Radio 1 (2.4 GHz) and Radio 2 (5.2 GHz). Two dots designate the secondary antenna for both Radio 1 and Radio 2.
Hardware Installation e. Plug the power adapter into an outlet. NOTE If the AP-5131 is utilizing remote management antennae, a wire cover can be used to provide a clean finished look to the installation. Contact Symbol for more information. 9. Verify the behavior of the AP-5131 LEDs. For more information, see LED Indicators on page 2-20. The AP-5131 is ready to configure. For information on an AP-5131 default configuration, see Getting Started on page 3-1.
2-16 AP-5131 Access Point Product Reference Guide 4. Cable the AP-5131 using either the Symbol power injector solution or an approved line cord and power supply. ! CAUTION Do not supply power to the AP-5131 until the cabling of the unit is complete. For Symbol power injector installations: a. Connect a RJ-45 Ethernet cable between the network data supply (host) and the Power Injector Data In connector. b.
Hardware Installation 10. Rotate the AP-5131 chassis 45 degrees counter-clockwise. The clips click as they fasten to the T-bar. 11. The AP-5131 is ready to configure. For information on an AP-5131 default configuration, see Getting Started on page 3-1. For specific details on AP-5131 system configurations, see System Configuration on page 4-1. NOTE If the AP-5131 is utilizing remote management antennae, a wire cover can be used to provide a clean finished look to the installation.
2-18 AP-5131 Access Point Product Reference Guide ! CAUTION Symbol does not recommend mounting the AP-5131 directly to any suspended ceiling tile with a thickness less than 12.7mm (0.5in.) or a suspended ceiling tile with an unsupported span greater than 660mm (26in.). Symbol strongly recommends fitting the AP-5131 with a safety wire suitable for supporting the weight of the device. The safety wire should be a standard ceiling suspension cable or equivalent steel wire between 1.59mm (.062in.) and 2.
Hardware Installation Light Pipe Ceiling Tile Decal Badge 9. Snap the clips of the light pipe into the bottom of the AP-5131. 10. Fit the light pipe into hole in the tile from its unfinished side. 11. Place the decal on the back of the badge and slide the badge onto the light pipe from the finished side of the tile. 12. Attach the radio antennae to their correct connectors. ! CAUTION Both the Dual and Single Radio model AP-5131s use RSMA type antenna connectors.
2-20 AP-5131 Access Point Product Reference Guide For Symbol power injector installations: a. Connect a RJ-45 Ethernet cable between the network data supply (host) and the Power Injector Data In connector. b. Connect a RJ-45 Ethernet cable between the power injector Data & Power Out connector and the AP-5131 LAN port. c. Ensure the cable length from the Ethernet source (host) to the power injector and AP-5131 does not exceed 100 meters (333 ft). The power injector has no On/Off power switch.
Hardware Installation Power and Error Conditions (Split LED) Data Over Ethernet 802.11a Radio Activity 802.11b/g Radio Activity The five LEDs on the top housing of the AP-5131 are clearly visible in table-top, wall and below ceiling installations. The five AP-5131 top housing LEDs have the following display and functionality: Power Status Solid white indicates the AP-5131 is adequately powered.
2-22 AP-5131 Access Point Product Reference Guide Boot and Power Status Solid white indicates the AP-5131 is adequately powered. Error Conditions Solid red indicates the AP-5131 is experiencing a problem condition requiring immediate attention. Power and Error Conditions Blinking red indicates the AP-5131 Rogue AP Detection feature has located a rogue device 2.
Getting Started The AP-5131 should be installed in an area tested for radio coverage using one of the site survey tools available to the Symbol field service technician. Once an installation site has been identified, the installer should carefully follow the hardware precautions, requirements, mounting guidelines and power options outlined in Hardware Installation on page 2-1. 3.
3-2 AP-5131 Access Point Product Reference Guide • • For instructions on mounting an AP-5131 to a ceiling T-bar, see Suspended Ceiling T-Bar Installations on page 2-15. To install an AP-5131 in an above the ceiling attic space, see Above the Ceiling (Plenum) Installations on page 2-17. For information on the 802.11a and 802.11b/g radio antenna suite available to the AP-5131, see Antenna Options on page 2-5.
Getting Started 3.3 Basic Device Configuration For the basic setup described in this section, the Java-based Web UI will be used to configure the AP-5131. Use the AP-5131’s LAN interface for establishing a link with the AP-5131. Configure the AP5131 as a DHCP client. For optimal screen resolution, set your screen resolution to 1024 x 768 pixels or greater. 1. Start Internet Explorer and enter the following IP address in the address field: 192.168.0.
3-4 AP-5131 Access Point Product Reference Guide 3. If the default login is successful, the Change Admin Password window displays. Change the password. Enter the current password and a new admin password in fields provided, and click Apply. Once the admin password has been updated, a warning message displays stating the AP5131 must be set to a country. .
Getting Started 2. Enter a System Name for the AP-5131. The System Name is useful if multiple Symbol devices are being administered. 3. Select the Country for the AP-5131’s country of operation from the drop-down menu The AP-5131 prompts the user for the correct country code on the first login. A warning message also displays stating that an incorrect country settings may result in illegal radio operation. Selecting the correct country is central to legally operating the AP-5131.
3-6 AP-5131 Access Point Product Reference Guide 4. Optionally enter the IP address of the server used to provide system time to the AP-5131 within the Time Server field. NOTE DNS names are not supported as a valid IP address. The user is required to enter a numerical IP address. Once the IP address is entered, the AP-5131’s Network Time Protocol (NTP) functionality is engaged automatically.
Getting Started f. Specify the address of a Primary DNS Server. The ISP or a network administrator provides this address. 6. Optionally, use the Enable PPP over Ethernet checkbox to enable Point-to-Point over Ethernet (PPPoE) for a high-speed connection that supports this protocol. Most DSL providers are currently using or deploying this protocol. PPPoE is a data-link protocol for dialup connections. PPPoE will allow the AP-5131 to use a broadband modem (DSL, cable modem, etc.
3-8 AP-5131 Access Point Product Reference Guide c. If using the static or DHCP Server option, enter the network-assigned IP Address of the AP-5131. NOTE DNS names are not supported as a valid IP address for the AP-5131. The user is required to enter a numerical IP address. d. The Subnet Mask defines the size of the subnet. The first two sets of numbers specify the network domain, the next set specifies the subset of hosts within a larger network.
Getting Started b. Use the Available On checkboxes to define whether the target WLAN is operating over the 802.11a or 802.11b/g radio. Ensure the radio selected has been enabled (see step 8). c. Even an AP-5131 configured with minimal values must protect its data against theft and corruption. A security policy should be configured for WLAN1 as part of the basic configuration outlined in this guide. A security policy can be configured for the WLAN from within the Quick Setup screen.
3-10 AP-5131 Access Point Product Reference Guide The WEP 128 Settings field displays within the New Security Policy screen. 4. Configure the WEP 128 Settings field as required to define the Pass Key used to generate the WEP keys. Pass Key Specify a 4 to 32 character pass key and click the Generate button. The AP-5131, other proprietary routers and Symbol MUs use the same algorithm to convert an ASCII string to the same hexadecimal number.
Getting Started Keys #1-4 Use the Key #1-4 fields to specify key numbers. The key can be either a hexidecimal or ASCII depending on which option is selected from the drop-down menu. For WEP 64 (40-bit key), the keys are 10 hexadecimal characters in length or 5 ASCII characters. For WEP 128 (104-bit key), the keys are 26 hexadecimal characters in length or 13 ASCII characters. Select one of these keys for activation by clicking its radio button.
3-12 AP-5131 Access Point Product Reference Guide Packet Length Specifies the length of each packet transmitted to the MU during the test. The default length is 100 bytes. 4. Click the Ping button to begin transmitting packets to the specified MU address. Refer to the Number of Responses value to assess the number of responses from the MU versus the number of ping packets transmitted by the AP-5131.
System Configuration The Symbol AP-5131 contains a built-in browser interface for system configuration and remote management using a standard Web browser such as Microsoft Internet Explorer, Netscape Navigator or Mozilla Firefox. The browser interface also allows for system monitoring of the AP. Web management of the AP-5131 requires either Microsoft Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later. NOTE For optimum compatibility, use Sun Microsystems’ JRE 1.
4-2 AP-5131 Access Point Product Reference Guide System configuration topics include: • • • • • • • • Configuring System Settings Configuring Data Access Managing Certificate Authority (CA) Certificates Configuring SNMP Settings Configuring Network Time Protocol (NTP) Logging Configuration Importing/Exporting Configurations Updating Device Firmware 4.
System Configuration 2. Configure the AP-5131 System Settings field to assign a system name and location, set the country of operation and view device version information. System Name Specify a device name for the AP-5131. Symbol recommends selecting a name serving as a reminder of the user base the AP-5131 supports (engineering, retail, etc.). System Location Enter the location of the AP-5131. The System Location parameter acts as a reminder of where the AP can be found.
4-4 AP-5131 Access Point Product Reference Guide Serial Number Displays the AP-5131 Media Access Control (MAC) address. The AP-5131 MAC address is hard coded at the factory and cannot be modified. The LAN and WAN port MAC addresses can be located within the LAN and WAN Stats screens. For information on locating the AP-5131 MAC addresses, see Viewing WAN Statistics on page 7-2 and Viewing LAN Statistics on page 7-5. 3.
System Configuration 6. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the System Settings screen to the last saved configuration. 7. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.
4-6 AP-5131 Access Point Product Reference Guide 2. Use the AP-5131 Access field checkboxes to enable/disable the following AP-5131 interfaces: Applet HTTP (port 80) Select the LAN and/or WAN checkboxes to enable access to the AP-5131 configuration applet using a Web browser. Applet HTTPS (port 443) Select the LAN and/or WAN checkboxes to enable access to the AP-5131 configuration applet using a Secure Sockets Layer (SSL) for encrypted HTTP sessions.
System Configuration Radius Designates that a Radius server is used in the authentication credential verification. If using this option, the connected PC is required to have its Radius credentials verified with an external Radius server. Additionally, the Radius Server’s Active Directory should have a valid user configured and have a PAP based Remote Access Policy configured for Radius Admin Authentication to work. 6.
4-8 AP-5131 Access Point Product Reference Guide 4.3 Managing Certificate Authority (CA) Certificates Certificate management includes the following sections: • • Importing a CA Certificate Creating Self Certificates 4.3.1 Importing a CA Certificate A certificate authority (CA) is a network authority that issues and manages security credentials and public keys for message encryption. The CA signs all digital certificates that it issues with its own private key.
System Configuration 2. Copy the content of the CA Certificate message (using a text editor such as notepad) and then click on Paste from Clipboard. The content of the certificate displays in the Import a root CA Certificate field. 3. Click the Import root CA Certificate button to import it into the CA Certificate list. 4. Once in the list, select the certificate ID within the View Imported root CA Certificates field to view the certificate issuer name, subject, and certificate expiration data. 5.
4-10 AP-5131 Access Point Product Reference Guide 2. Click on the Add button to create the certificate request. The Certificate Request screen displays. 3. Complete the request form with the pertinent information. Only 4 values are required, the others optional: Key ID Enter a logical name for the certificate to help distinguish between certificates. The name can be up to 7 characters in length. Subject The required Subject value contains important information about the certificate.
System Configuration Key Length Defines the length of the key. Possible values are 512, 1024, and 2048. 4. Complete as many of the optional values within the Certificate Request screen as possible. 5. When the form is completed, click the Generate button. The Certificate Request screen disappears and the ID of the generated certificate request displays in the drop-down list of certificates. 6. Click the Export Request button.
4-12 AP-5131 Access Point Product Reference Guide configuration and monitor Internet devices in potentially remote locations. MIB information accessed via SNMP is defined by a set of managed objects called object identifiers (OIDs). An object identifier (OID) is used to uniquely identify each object variable of a MIB. The AP-5131 CDROM contains the following 2 MIB files: • Symbol-CC-WS2000-MIB-2.
System Configuration SNMP RF Trap Thresholds Feature Symbol-AP-5131-MIB MIB LAN to WAN Access Feature Symbol-CC-WS2000-MIB-2.0 MIB Config Import/Export Symbol-AP-5131-MIB Advanced LAN Access Symbol-CC-WS2000-MIB-2.0 MU Authentication Stats Symbol-AP-5131-MIB Router Configuration Symbol-CC-WS2000-MIB-2.0 WNMP Ping Configuration Symbol-AP-5131-MIB System Settings Symbol-CC-WS2000-MIB-2.0 Known AP Stats Symbol-AP-5131-MIB AP 5131 Access Symbol-CC-WS2000-MIB-2.
4-14 AP-5131 Access Point Product Reference Guide Use the SNMP Access screen to define SNMP v1/v2c community definitions and SNMP v3 user definitions. SNMP version 1 (v1) provides a strong network management system, but its security is relatively weak. The improvements in SNMP version 2c (v2c) do not include the attempted security enhancements of other version-2 protocols. Instead, SNMP v2c defaults to SNMP-standard community strings for read-only and read/write access.
System Configuration 2. Configure the SNMP v1/v2 Configuration field (if SNMP v1/v2 is used) to add or delete community definitions, name the community, specify the OID and define community access. Add Click Add to create a new SNMP v1/v2c community definition. Delete Select Delete to remove a SNMP v1/v2c community definition. Community Use the Community field to specify a site-appropriate name for the community.
4-16 AP-5131 Access Point Product Reference Guide OID Use the OID (Object Identifier) area to specify a setting of All or enter a Custom OID. Select All to assign the user access to all OIDs in the MIB. The OID field uses numbers expressed in dot notation. Passwords Select Passwords to display the Password Settings screen for specifying authentication and password settings for an SNMP v3 user. The maximum password length is 11 characters.
System Configuration 6. Click Apply to save any changes to the SNMP Access screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost. 7. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the SNMP Access screen to the last saved configuration. 8. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
4-18 AP-5131 Access Point Product Reference Guide 2. Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP access. Access Control List Enter Start IP and End IP addresses (numerical addresses only, no DNS names supported) to specify a range of user that can access the AP-5131 SNMP interface. An SNMP-capable client can be set up whereby only the administrator (for example) can use a read/ write community definition.
System Configuration OK Click Ok to return to the SNMP Access screen. Click Apply within the SNMP Access screen to save any changes made on the SNMP Access Control screen. Cancel Click Cancel to undo any changes made on the SNMP Access Control screen. This reverts all settings for this screen to the last saved configuration. 4.4.2 Enabling SNMP Traps SNMP provides the ability to send traps to notify the administrator that trap conditions are met.
4-20 AP-5131 Access Point Product Reference Guide 2. Configure the SNMP v1/v2c Trap Configuration field (if SNMP v1/v2c Traps are used) to modify the following: Add Click Add to create a new SNMP v1/v2c Trap Configuration entry. Delete Click Delete to remove a selected SNMP v1/v2c Trap Configuration entry. Destination IP Specify a numerical (non DNS name) destination IP address for receiving the traps sent by the AP-5131 SNMP agent.
System Configuration Add Click Add to create a new SNMP v3 Trap Configuration entry. Delete Select Delete to remove an entry for an SNMP v3 user. Destination IP Specify a numerical (non DNS name) destination IP address for receiving the traps sent by the AP-5131 SNMP agent. Port Specify a destination User Datagram Protocol (UDP) port for receiving traps. Username Enter a username specific to the SNMP-capable client receiving the traps.
4-22 AP-5131 Access Point Product Reference Guide 4.4.3 Configuring Specific SNMP Traps Use the SNMP Traps screen to enable specific traps on the AP-5131. Symbol recommends defining traps to capture unauthorized devices operating within the AP-5131 coverage area. Trap configuration depends on the network machine that receives the generated traps. SNMP v1/v2c and v3 trap configurations function independently. In a mixed SNMP environment, traps can be sent using configurations for both SNMP v1/v2c and v3.
System Configuration MU associated Generates a trap when an MU becomes associated with one of the AP-5131’s WLANs. MU denied association Generates a trap when an MU is denied association to a AP-5131 WLAN. Can be caused when the maximum number of MUs for a WLAN is exceeded or when an MU violates the AP-5131’s Access Control List (ACL). MU denied authentication Generates a trap when an MU is denied authentication on one of the AP’s WLANs.
4-24 AP-5131 Access Point Product Reference Guide 5. Configure the System Traps field to generate traps when the AP-5131 re-initializes during transmission, saves its configuration file. When a trap is enabled, a trap is sent every 5 seconds until the condition no longer exists. System Cold Start Generates a trap when the AP-5131 re-initializes while transmitting, possibly altering the SNMP agent's configuration or protocol entity implementation.
System Configuration 2. Configure the RF Trap Thresholds field to define device threshold values for SNMP traps. NOTE Average Bit Speed,% of Non-Unicast, Average Signal, Average Retries,% Dropped and % Undecryptable are not AP-5131 statistics. Pkts/s Enter a maximum threshold for the total throughput in Pps (Packets per second). Throughput Set a maximum threshold for the total throughput in Mbps (Megabits per second).
4-26 AP-5131 Access Point Product Reference Guide Average Retries Set a maximum threshold for the average number of retries for each device. % Dropped Enter a maximum threshold for the total percentage of packets dropped for each device. Dropped packets can be caused by poor RF signal or interference on the channel. % Undecryptable Define a maximum threshold for the total percentage of packets undecryptable for each device.
System Configuration NOTE The current time is not set accurately when initially connecting to the AP-5131. Until a server is defined to provide the AP-5131 the correct time, the AP-5131 displays 1970-01-01 00:00:00 as the default time. To manage clock synchronization on the AP-5131: 1. Select System Configuration - > NTP Servers from the AP-5131 menu tree. 2. Ensure the Current Time field reflects the appropriate time for the AP-5131. Time Displays the current time based on the AP-5131 system clock.
4-28 AP-5131 Access Point Product Reference Guide Enable NTP on AP-5131 Select the Enable NTP on AP-5131 checkbox to allow a connection between the AP-5131 and one or more specified NTP servers. Disable this option (uncheck the checkbox) if Kerberos is not in use and time synchronization is not necessary. Preferred Time Server Specify the numerical (non DNS name) IP address and port of the primary NTP server. The default port is 123.
System Configuration 2. Configure the Log Options field to save event logs, set the log level and optionally port the AP-5131’s log to an external server. View Log Click View to save a log of events retained on the AP-5131. The system displays a prompt requesting the administrator password before saving the log. After the password has been entered, click Get File to display a dialogue with buttons to Open or Save the log.txt file. Click Save and specify a location to save the log file.
4-30 AP-5131 Access Point Product Reference Guide Logging Level Use the Logging Level drop-down menu to select the desired log level for tracking system events. Eight logging levels, (0 to 7) are available. Log Level 6: Info is the AP-5131 default log level. These are the standard UNIX/LINUX syslog levels.
System Configuration updated by the imported file. Therefore, the imported configuration is not a merge with the configuration of the target AP-5131. The exported file can be edited with any document editor if necessary. ! CAUTION A single-radio model AP-5131 cannot import/export its configuration to a dual-radio model AP-5131. In turn, a dual-radio model AP-5131 cannot import/export its configuration to a single-radio AP-5131.
4-32 AP-5131 Access Point Product Reference Guide Filename Specify the name of the configuration file to be written to the FTP or TFTP server. Server IP Enter the numerical (non DNS name) IP address of the destination FTP or TFTP server where the configuration file is imported or exported. Filepath (optional) Defines the optional path name used to import/export the target configuration file. FTP Select the FTP radio button if using an FTP server to import or export the configuration.
System Configuration Upload and Apply A Configuration File Click the Upload and Apply A Configuration File button to upload a configuration file to this AP-5131 using HTTP. Download Configuration File Click the Download Configuration File button to download this AP-5131’s configuration file using HTTP. 4. Refer to the Status field to assess the completion of the import/export operation.
4-34 AP-5131 Access Point Product Reference Guide ! CAUTION If errors occur when importing the configuration file, a parsing message displays defining the line number where the error occurred. The configuration is still imported, except for the error. Consequently, it is possible to import an invalid configuration. The user is required to fix the problem and repeat the import operation until an error-free import takes place. 5. Click Apply to save the filename and Server IP information.
System Configuration Refer to Importing/Exporting Configurations on page 4-30 for instructions on exporting the AP-5131’s current configuration to have it available after the firmware is updated. 2. Select System Configuration - > Firmware Update from the AP-5131 menu tree. 3. Configure the DHCP Options field to enable automatic firmware and/or configuration file updates when the selected LAN or WAN interface detects an updated file.
4-36 AP-5131 Access Point Product Reference Guide Option Code Data Type AP-5131 TFTP Server Name 181 IP address AP-5131 Firmware File Name 187 String AP-5131 Configuration File Name 188 String The Vendor Class Identifier used is SymbolAP.5131-V1-0 The DHCP Server needs to be configured with the above mentioned vendor specific options and vendor class identifier.
System Configuration Interface Use the Interface drop-down menu to select the WAN or LAN interface to be monitored by the AP-5131 for version updates if the Enable Automatic Firmware Update and/or Enable Automatic Configuration Update checkboxes are selected. Configure the Update Firmware field as required to set a filename and target firmware file upload location for manual firmware updates. 4. Specify the name of the target firmware file within the Filename field. 5.
4-38 AP-5131 Access Point Product Reference Guide FAIL: control channel error FAIL: data channel error FAIL: channel closed unexpected FAIL: establish data channel FAIL: accept data channel FAIL: user interrupted FAIL: no valid interface found FAIL: conflict ip address FAIL: command exchange time out FAIL: invalid subnet number 12. Confirm the AP-5131’s configuration is the same as before the firmware update. If they are not, restore the settings.
Network Management Configuring network management includes configuring network aspects in numerous areas. See the following sections for more information on AP-5131 network management: • • • • Configuring the LAN Interface Configuring WAN Settings Enabling Wireless LANs (WLANs) Configuring Router Settings 5.
5-2 AP-5131 Access Point Product Reference Guide The AP-5131 can use Dynamic Host Configuration Protocol (DHCP) to obtain a leased IP address and configuration information from a remote server. DHCP is based on the BOOTP protocol and can coexist or interoperate with BOOTP. Use the LAN Configuration screen to define the LAN interface and assign a timeout value to disable the LAN connection if no data traffic is detected within a defined interval.
Network Management LAN Timeout Enable 802.1q Trunking Use the LAN Timeout drop-down menu to specify whether the LAN timeout is Disabled, Enabled or uses a Hardware Detect option to detect traffic over the LAN port. Using Hardware Detect, if a LAN cable becomes disconnected from the AP-5131, MUs disassociate and the AP-5131 radio(s) power off. If enabled is selected, enter a value (in seconds). The AP-5131 uses this timeout value when no traffic is detected over the LAN connection.
5-4 AP-5131 Access Point Product Reference Guide This interface is a DHCP Client Select this button to enable DHCP to set AP-5131 network address information via the LAN connection. This is recommended if the AP-5131 resides within a large corporate network or the Internet Service Provider (ISP) uses DHCP. DHCP is a protocol that includes mechanisms for IP address allocation and delivery of host-specific configuration parameters from a DHCP server to a host.
Network Management Network Mask The first two sets of numbers specify the network domain, the next set specifies the subset of hosts within a larger network. These values help divide a network into subnetworks and simplify routing and data transmission. The subnet mask defines the size of the subnet. Default Gateway The Default Gateway parameter defines the numerical (non DNS name) IP address of a router the AP-5131 uses on the Ethernet as its default gateway.
5-6 AP-5131 Access Point Product Reference Guide VLANs enable organizations to share network resources in various network segments within large areas (airports, shopping malls, etc.). A VLAN is a group of clients with a common set of requirements independent of their physical location. VLANs have the same attributes as physical LANs, but they enable system administrators to group MUs even when they are not members of the same network segment.
Network Management The VLAN name screen displays. The first time the screen is launched a default VLAN name of 1 and a default VLAN ID of 1 display. The VLAN name is auto-generated once the user assigns a VLAN ID. However, the user has the option of re-assigning a name to the VLAN using New VLAN and Edit VLAN screens. To create a new VLAN, click the Create button, to edit the properties of an existing VLAN, click the Edit button. 4. Assign a unique VLAN ID (from 1 to 4095) to each VLAN added or modified.
5-8 AP-5131 Access Point Product Reference Guide The VLAN ID associates a frame with a specific VLAN and provides the information the AP-5131 needs to process the frame across the network. Therefore, it may be practical to assign a name to a VLAN representative or the area or type of network traffic it represents. A business may have offices in different locations and want to extend an internal LAN between the locations.
Network Management The Management VLAN uses a default tag value of 1. The Management VLAN is used to distinguish VLAN traffic flows. The trunk port marks the frames with special tags as they pass between the AP-5131 and its destination, these tags help distinguish data traffic. Authentication servers (such as Radius and Kerberos) must be on the same Management VLAN. Additionally, DHCP and BOOTP servers must be on the same Management VLAN as well. 9. Define a Native VLAN Tag.
5-10 AP-5131 Access Point Product Reference Guide 5.1.2 Configuring Advanced DHCP Server Settings Use the Advanced DHCP Server screen to specify (reserve) static (or fixed) IP addresses for specific devices. Every wireless, 802.11x-standard device has a unique Media Access Control (MAC) address. This address is the device's hard-coded hardware number (shown on the bottom or back). An example of a MAC address is 00:A0:F8:45:9B:07.
Network Management If a statically mapped IP address is within the IP address range in use by the DHCP server, that IP address may still be assigned to another client. To avoid this, ensure all statically mapped IP addresses are outside of the IP address range assigned to the DHCP server. If multiple entries exist within the Reserved Clients field, use the scroll bar to the right of the window to navigate. 5. Click the Del (delete) button to remove a selected table entry. 6.
5-12 AP-5131 Access Point Product Reference Guide 2. Use the all ethernet types, except drop-down menu to designate whether the Ethernet Types defined within this screen are allowed or denied for use by the AP-5131. 3. To add an Ethernet type, click the Add button. The Add Ethernet Type screen displays. Use this screen to add one type filter option at a time, for a list of up to 16 entries.
Network Management 4. To optionally delete a type filtering selection from the list, highlight the packet type and click the Delete button. 5. Click Apply to save any changes to the Ethernet Type Filter Configuration screen. Navigating away from the screen without clicking Apply results in all changes to the screens being lost. 6. Click Cancel to securely exit the Ethernet Type Filter Configuration screen without saving your changes. 7.
5-14 AP-5131 Access Point Product Reference Guide 2. Refer to the WAN IP Configuration field to enable the WAN interface, and set network address information for the WAN connection. NOTE Symbol recommends that the WAN and LAN ports should not both be configured as DHCP clients. Enable WAN Interface Select the Enable WAN Interface checkbox to enable a connection between the AP-5131 and a larger network or outside world through the WAN port. Disable this option to effectively isolate the AP-5131’s WAN.
Network Management This interface is a DHCP Client This checkbox enables DHCP for the AP-5131 WAN connection. This is useful, if the larger corporate network or Internet Service Provider (ISP) uses DHCP. DHCP is a protocol that includes mechanisms for IP address allocation and delivery of host-specific configuration parameters from a DHCP server to a host. Some of these parameters are IP address, network mask, and gateway.
5-16 AP-5131 Access Point Product Reference Guide More IP Addresses Click the More IP Addresses button to specify additional static IP addresses for the AP-5131. Additional IP addresses are required when users within the WAN need dedicated IP addresses, or when servers need to be accessed (addressed) by the outside world. The More IP Addresses screen allows the administrator to enter up to eight WAN IP addresses for the AP-5131 WAN. Only numeric, nonDNS names can be used.
Network Management PPPoE State Displays the current connection state of the PPPoE client. When a PPPoE connection is established, the status displays Connected. When no PPPoE connection is active, the status displays Disconnected. Keep-Alive Select the Keep-Alive checkbox to maintain the AP-5131 WAN connection indefinitely (no timeout interval). Some ISPs terminate inactive connections. Enabling Keep-Alive keeps the AP-5131 WAN connection active, even when there is no traffic.
5-18 AP-5131 Access Point Product Reference Guide 5. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the WAN screen to the last saved configuration. 6. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 5.2.
Network Management 2. Configure the Address Mapping field to generate a WAN IP address, define the NAT type and set outbound/inbound NAT mappings. WAN IP Address The WAN IP addresses on the NAT screen are dynamically generated from address settings applied on the WAN screen. NAT Type Specify the NAT Type as 1 to 1 to map a WAN IP address to a single host (local) IP address. 1 to 1 mapping is useful when users need dedicated addresses, and for public-facing servers connected to the AP-5131.
5-20 AP-5131 Access Point Product Reference Guide Outbound Mappings When 1 to 1 NAT is selected, a single IP address can be entered in the Outbound Mappings area. This address provides a 1 to 1 mapping of the WAN IP address to the specified LAN IP address. When 1 to Many is selected, the Outbound Mappings area displays LAN. If none is selected, The Outbound Mappings area is blank. Inbound Mappings When 1 to 1 or 1 to Many is selected, the Inbound Mappings option displays a Port Forwarding button.
Network Management 3. Configure the Port Forwarding screen to modify the following: Add Click Add to create a local map that includes the name, transport protocol, start port, end port, and IP address for incoming packets. Delete Click Delete to remove a selected local map entry. Name Enter a name for the service being forwarded. The name can be any alphanumeric string and is used for identification of the service.
5-22 AP-5131 Access Point Product Reference Guide Forward all unspecified ports to Use the Forward all unspecified ports to checkbox to enable port forwarding for incoming packets with unspecified ports. In the adjacent area, enter a target forwarding IP address for incoming packets. This number must be within the specified NAT range for the associated WAN IP address. 4. Click Ok to return to the NAT screen. Within the NAT screen, click Apply to save any changes made on the Port Forwarding screen. 5.
Network Management If a WLAN is defined, that WLAN displays within the Wireless Configuration screen. When the AP-5131 is first booted, WLAN1 exists as a default WLAN available immediately for connection. 2. Refer to the information within the Wireless Configuration screen to view the name, ESSID, AP-5131 radio designation, VLAN ID and security policy of existing WLANs. WLAN Name The Name field displays the name of each WLAN that has been defined.
5-24 AP-5131 Access Point Product Reference Guide VLAN The VLAN field displays the specific VLAN the target WLAN is mapped to. For information on VLAN configuration for the WLAN, see Configuring VLAN Support on page 5-5. Security Policy The Security Policy field displays the security profile configured for the target WLAN. For information on configuring security for a WLAN, see Enabling Authentication and Encryption Schemes on page 6-5.
Network Management Use the New WLAN and Edit WLAN screens as required to create/modify a WLAN. To create a new WLAN or edit the properties of an existing WLAN: 1. Select Network Configuration -> Wireless from the AP-5131 menu tree. The Wireless Configuration screen displays. 2. Click the Create button to configure a new WLAN, or highlight a WLAN and click the Edit button to modify an existing WLAN. Either the New WLAN or Edit WLAN screen displays. 3.
5-26 AP-5131 Access Point Product Reference Guide Max MUs Use the Max MUs field to define the number of MUs permitted to interoperate within the new or revised WLAN. The maximum (and default) is 127. Select a number that is appropriate with the intended radio traffic of that WLAN’s radio coverage area. NOTE If 802.11a is selected as the radio used for the WLAN, the WLAN cannot use a Kerberos supported security policy. 4.
Network Management Disallow MU to MU Communication The AP-5131’s MU-MU Disallow feature prohibits MUs from communicating with each other even if they are on different WLANs, assuming one of the WLAN’s is configured to disallow MU-MU communication. Therefore, if an MU’s WLAN is configured for MU-MU disallow, it will not be able to communicate with any other MUs connected to this AP-5131. Use Secure Beacon Select the Use Secure Beacon checkbox to not transmit the AP5131’s ESSID.
5-28 AP-5131 Access Point Product Reference Guide 1. Select Network Configuration -> Wireless -> Security from the AP-5131 menu tree. The Security Configuration screen appears with existing policies and their attributes displayed. NOTE When the AP-5131 is first launched, a single security policy (default) is available and mapped to WLAN 1. It is anticipated numerous additional security policies will be created as the list of WLANs grows.
Network Management 5.3.1.2 Configuring a WLAN Access Control List (ACL) An Access Control Lists (ACL) affords a system administrator the ability to grant or restrict MU access by specifying a MU MAC address or range of MAC addresses to either include or exclude from AP-5131 connectivity. Use the Mobile Unit Access Control List Configuration screen to create new ACL policies (using the New MU ACL Policy sub-screen) or edit existing policies (using the Edit MU ACL Policy sub-screen).
5-30 AP-5131 Access Point Product Reference Guide 2. Click the Create button to configure a new ACL policy, or select a policy and click the Edit button to modify an existing ACL policy. The AP-5131 supports a maximum of 16 MU ACL policies.
Network Management Either the New MU ACL Policy or Edit MU ACL Policy screens display. 3. Assign a name to the new or edited ACL policy that represents an inclusion or exclusion policy specific to a particular type of MU traffic you may want to use with a single or group of WLANs. More than one WLAN can use the same ACL policy. 4. Configure the parameters within the Mobile Unit Access Control List field to allow or deny MU access to the AP-5131. The MU adoption list identifies MUs by their MAC address.
5-32 AP-5131 Access Point Product Reference Guide a new policy can be created or an existing policy can be modified using the New QoS Policy or Edit QoS Policy screens. Once new policies are defined, they are available for use within the New WLAN or Edit WLAN screens to assign to specific WLANs based on MU interoperability requirements.
Network Management 2. Click the Create button to configure a new QoS policy, or select a policy and click the Edit button to modify an existing QoS policy. The AP-5131 supports a maximum of 16 QoS policies.
5-34 AP-5131 Access Point Product Reference Guide 3. Assign a name to the new or edited QoS policy that makes sense to the AP-5131 traffic receiving priority. More than one WLAN can use the same QoS policy. 4. Select the Support Voice prioritization checkbox to allow legacy voice prioritization. Certain products may not receive priority over other voice or data traffic.
Network Management NOTE Wi-fi functionality requires that both the AP-5131 and its associated clients are WMM-capable and have WMM enabled. WMM enabled devices can take advantage of their QoS functionality only if using applications that support WMM, and can assign an appropriate priority level to the traffic streams they generate. 5. Use the two Multicast Address fields to specify one or two MAC addresses to be used for multicast applications. Some VoIP devices make use of multicast addresses.
5-36 AP-5131 Access Point Product Reference Guide CW Max The contention window maximum value is the maximum amount of time the MU waits before transmitting when there is no other data traffic on the network. The longer the interval, the lesser likelihood of collision, but the greater propensity for longer transmit periods. AIFSN The AIFSN is the minimum interframe space between data packets transmitted for the selected Access Category.
Network Management If the AP-5131 is a dual-radio model, the Radio Configuration screen enables you to configure one radio for 802.11a use and the other for 802.11b/g (no other alternatives exist for the dual-radio model). Using a dual-radio AP-5131, individual 802.11a and 802.11b/g radios can be enabled or disabled using the Radio Configuration screen checkboxes. To set the AP-5131 radio configuration (this example is for a dual-radio AP-5131): 1.
5-38 AP-5131 Access Point Product Reference Guide 3. Click Apply to save any changes to the Radio Configuration screen. Navigating away from the screen without clicking Apply results in all changes to the screens being lost. 4. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Radio Configuration screen to the last saved configuration. 5. Click Logout to securely exit the AP-5131 Symbol Access Point applet.
Network Management 2. Configure the Properties field to assign a name and placement designation for the radio. Placement Use the Placement drop-down menu to specify whether the radio is located outdoors or indoors. Default placement depends on the country of operation selected for the AP-5131. MAC Address The AP-5131, like other Ethernet devices, has a unique, hardware encoded Media Access Control (MAC) or IEEE address. MAC addresses determine the device sending or receiving data.
5-40 AP-5131 Access Point Product Reference Guide Channel Setting The following channel setting options exist: User Selection - If selected, use the drop-down menu to specify the legal channel for the intended country of operation. The dropdown menu is not available if this option is not selected. Automatic Selection - Enables the AP-5131 to auto-select the channel of operation. For example, if three AP-5131’s are operating on 802.
Network Management 4. Configure the Performance field to set the preamble, thresholds values, data rates and QoS values for the radio. Support Short Preamble The preamble is approximately 8 bytes of packet header generated by the AP-5131 and attached to the packet prior to transmission from the 802.11b radio. The preamble length for 802.11b transmissions is data rate dependant. The short preamble is 50% shorter than the long preamble.
5-42 AP-5131 Access Point Product Reference Guide Set RF QoS Click the Set RF QoS button to display the Set RF QOS screen to set QoS parameters for the AP-5131 radio. This setting should not be confused with the QoS configuration screen used for a WLAN. The Set RF QoS screen initially appears with default values displayed. Configure the CW min and CW max (contention window), AIFSN (Arbitrary Inter-Frame Space Number) and TXOPs Time for each Access Category. These are the QoS policies for the 802.
Network Management Beacon Interval The beacon interval controls the performance of power save stations. A small interval may make power save stations more responsive, but it will also cause them to consume more battery power. A large interval makes power save stations less responsive, but could increase power savings. The default is 100. Avoid changing this parameter as it can adversely affect performance. DTIM Interval The DTIM interval defines how often broadcast frames are delivered.
5-44 AP-5131 Access Point Product Reference Guide Defining Primary WLANs allows an administrator to dedicate BSSIDs (4 BSSIDs are available for mapping) to WLANs. From that initial BSSID assignment, Primary WLANs can be defined from within the WLANs assigned to BSSID groups 1 through 4. Each BSSID beacons only on the primary WLAN. The user should assign each WLAN to its own BSSID.
Network Management 8. Click Apply to save any changes to the Radio Settings and Advanced Settings screens. Navigating away from the screen without clicking Apply results in changes to the screens being lost. 9. Click Undo Changes (if necessary) to undo any changes made to the screen and its subscreens. Undo Changes reverts the settings to the last saved configuration. 10. Click Logout to securely exit the AP-5131 Symbol Access Point applet.
5-46 AP-5131 Access Point Product Reference Guide First In First Out WLANs receive services from the AP-5131 on a first-come, firstserved basis. This is the default setting. Round-Robin Each WLAN receives AP-5131 services in turn as long the AP-5131 has data traffic to forward. Weighted RoundRobin If selected, a weighting (prioritization) scheme (configured within the QoS Configuration screen) is used to define which WLANs receive AP-5131 resources first. 3.
Network Management NOTE Though the Rogue AP and Firewall features appear after the Bandwidth Management features within the AP-5131 menu tree, they are described in this guide within the security chapter as both items are data protection functions, for more information see, Configuring Firewall Settings on page 6-25 and Configuring Rogue AP Detection on page 6-51. 5.4 Configuring Router Settings The AP-5131 router uses routing tables and protocols to forward data packets from one network to another.
5-48 AP-5131 Access Point Product Reference Guide The information in the AP-5131 Router Table is dynamically generated from settings applied on the WAN screen. The destination for each subnet is its IP address. The subnet mask (or network mask) and gateway settings are those belonging to each subnet. Displayed interfaces are those associated with destination IP addresses. To change any of the network address information within the WAN screen, see Configuring WAN Settings on page 5-13. 3.
Configuring Access Point Security Security measures for the AP-5131 and its WLANs are critical. Use the available AP-5131 security options to protect the AP-5131 LAN from wireless vulnerabilities, and safeguard the transmission of RF packets between the AP-5131 and its associated MUs. WLAN security can be configured on an ESS by ESS basis on the AP-5131. Sixteen separate ESSIDs (WLANs) can be supported on an AP-5131, and must be managed (if necessary) between the 802.11a and 802.11b/g radio.
6-2 AP-5131 Access Point Product Reference Guide NOTE Security for the AP-5131 can be configured in various locations throughout the AP-5131 menu structure. This chapter outlines the security options available to the AP-5131, and the menu locations and steps required to configure specific security measures. 6.
Configuring Access Point Security 6.2 Setting Passwords Before setting the AP-5131 security parameters, verify an administrative password for the AP-5131 has been created to restrict access to the device before advanced device security is configured. To password protect and restrict AP-5131 device access: 1. Connect a wired computer to the AP-5131 LAN port using a standard CAT-5 cable. 2. Set up the computer for TCP/IP DHCP network addressing and make sure the DNS settings are not hardcoded. 3.
6-4 AP-5131 Access Point Product Reference Guide 4. Log in using the “admin” as the default User ID and “symbol” as the default Password. If the default login is successful, the Change Admin Password window displays. Change the default login and password to significantly decrease the likelihood of hacking. 5. Enter the previous password and the new admin password in the two fields provided. Click the Apply button. Once the admin password has been created/updated, the System Settings screen displays.
Configuring Access Point Security An AP-5131 can be reset by removing and re-inserting the LAN cable or removing and reinserting the power cable. As the AP-5131 is re-booting, a “Press esc key to run boot firmware” message displays. 6. Quickly press . ! CAUTION If the key is not pressed within three seconds after the “Press esc key to run boot firmware” message displays, the AP-5131 will continue to boot. If the key is pressed within three seconds a boot> prompt displays. 7.
6-6 AP-5131 Access Point Product Reference Guide security policy does not satisfy the data protection requirements of a specific WLAN, a new security policy (using the authentication and encryption schemes discussed above) can be created. To enable an existing WLAN security policy or create a new policy: 1. Select Network Configuration -> Wireless -> Security from the AP-5131 menu tree. The Security Configuration screen displays. 2. If a new security policy is required, click the Create button.
Configuring Access Point Security NOTE An existing security policy can be edited from the Security Configuration screen by selecting an existing policy and clicking the Edit button. Use the Edit Security Policy screen to edit the policy. For more information on editing an existing security policy, refer to security configuration sections described in steps 4 and 5. 3. Use the Name field to define a logical security policy name.
6-8 AP-5131 Access Point Product Reference Guide WEP 128 (104-bit key) Select the WEP 128 (104 bit key) button to display the WEP 128 Settings field within the New Security Policy screen. For specific information on configuring WEP 128, see Configuring WEP Encryption on page 6-15. KeyGuard Select the KeyGuard button to display the KeyGuard Settings field within the New Security Policy screen. For specific information on configuring KeyGuard, see Configuring KeyGuard Encryption on page 6-17.
Configuring Access Point Security 7. Click Cancel to return to the target WLAN screen without keeping any of the changes made within the New Security Policy screen. 6.4 Configuring Kerberos Authentication Kerberos (designed and developed by MIT) provides strong authentication for client/server applications using secret-key cryptography. Using Kerberos, a client must prove its identity to a server (and vice versa) across an insecure network connection.
6-10 AP-5131 Access Point Product Reference Guide The Kerberos Configuration field displays within the New Security Policy screen. 4. Ensure the Name of the security policy entered suits the intended configuration or function of the policy. 5. Set the Kerberos Configuration field as required to define the parameters of the Kerberos authentication server and AP-5131. Realm Name Specify a realm name that is case-sensitive, for example, SYMBOL.COM.
Configuring Access Point Security Primary KDC Specify a numerical (non-DNS) IP address and port for the primary Key Distribution Center (KDC). The KDC implements an Authentication Service and a Ticket Granting Service, whereby an authorized user is granted a ticket encrypted with the user's password. The KDC has a copy of every user password. Backup KDC Optionally, specify a numerical (non-DNS) IP address and port for a backup KDC. Backup KDCs are referred to as slave servers.
6-12 AP-5131 Access Point Product Reference Guide by clicking the Edit button. To configure a new security policy supporting 802.1x EAP, continue to step 2. 2. Click the Create button to configure a new policy supporting 802.1x EAP. The New Security Policy screen displays with no authentication or encryption options selected. 3. Select the 802.1x EAP radio button. The 802.1x EAP Settings field displays within the New Security Policy screen. 4.
Configuring Access Point Security Radius Server Address Specify the numerical (non-DNS) IP address of a primary Remote Dial-In User Service (RADIUS) server. Optionally, specify the IP address of a secondary server. The secondary server acts as a failover server if the primary server cannot be contacted. An ISP or a network administrator provides these addresses.
6-14 AP-5131 Access Point Product Reference Guide MU Tx Period (1-65635) secs Specify the time period (in seconds) for the AP-5131's retransmission of the EAP Identity Request frame. The default is 5 seconds. MU Max Retries (1-10) retries Specify the maximum number of times the AP-5131 retransmits an EAP-Request frame to the client before it times out the authentication session. The default is 2 retries.
Configuring Access Point Security MU Timeout Specify the time (in seconds) for the AP-5131’s retransmission of EAP-Request packets. The default is 10 seconds. If this time is exceeded, the authetnication session is terminated. Retries Specify the number of retries for the MU to retransmit a missed frame to the Radius server before it times out of the authentication session. The default is 2 retries.
6-16 AP-5131 Access Point Product Reference Guide The WEP 64 Settings or WEP 128 Settings field displays within the New Security Policy screen. 4. Ensure the Name of the security policy entered suits the intended configuration or function of the policy. 5. Configure the WEP 64 Settings or WEP 128 Settings field as required to define the Pass Key used to generate the WEP keys. These keys must be the same between the AP-5131 and its MU to encrypt packets between the two devices.
Configuring Access Point Security Keys #1-4 Use the Key #1-4 areas to specify key numbers. The key can be either a hexadecimal or ASCII depending on which option is selected from the drop-down menu. For WEP 64 (40-bit key), the keys are 10 hexadecimal characters in length or 5 ASCII characters. For WEP 128 (104-bit key), the keys are 26 hexadecimal characters in length or 13 ASCII characters. Select one of these keys for activation by clicking its radio button.
6-18 AP-5131 Access Point Product Reference Guide If security policies supporting KeyGuard exist, they appear within the Security Configuration screen. These existing policies can be used as is, or their properties edited by clicking the Edit button. To configure a new security policy supporting KeyGuard, continue to step 2. 2. Click the Create button to configure a new policy supporting KeyGuard. The New Security Policy screen displays with no authentication or encryption options selected. 3.
Configuring Access Point Security Pass Key Specify a 4 to 32 character pass key and click the Generate button. The pass key can be any alphanumeric string. The AP-5131, other proprietary routers, and Symbol MUs use the algorithm to convert an ASCII string to the same hexadecimal number. MUs without Symbol adapters need to use WEP keys manually configured as hexadecimal numbers. Keys #1-4 Use the Key #1-4 areas to specify key numbers.
6-20 AP-5131 Access Point Product Reference Guide 1. Select Network Configuration -> Wireless -> Security from the AP-5131 menu tree. If security policies supporting WPA-TKIP exist, they appear within the Security Configuration screen. These existing policies can be used as is, or their properties edited by clicking the Edit button. To configure a new security policy supporting WPA-TKIP, continue to step 2. 2. Click the Create button to configure a new policy supporting WPA-TKIP.
Configuring Access Point Security Broadcast Key Rotation Select the Broadcast Key Rotation checkbox to enable or disable the broadcasting of encryption-key changes to MUs. Only broadcast key changes when required by associated MUs to reduce the transmissions of sensitive key information. This value is disabled by default. Update broadcast keys every (300604800 seconds) Specify a time period in seconds for broadcasting encryption-key changes to MUs.
6-22 AP-5131 Access Point Product Reference Guide 6.9 Configuring WPA2-CCMP (802.11i) WPA2 is a newer 802.11i standard that provides even stronger wireless security than Wi-Fi Protected Access (WPA) and WEP. CCMP is the security standard used by the Advanced Encryption Standard (AES). AES serves the same function TKIP does for WPA-TKIP. CCMP computes a Message Integrity Check (MIC) using the proven Cipher Block Chaining (CBC) technique.
Configuring Access Point Security 5. Configure the Key Rotation Settings field as required to set Broadcast Key Rotation and the update interval. Broadcast Key Rotation Select the Broadcast Key Rotation checkbox to enable or disable the broadcasting of encryption key changes to MUs. Only broadcast key changes when required by associated MUs to reduce the transmissions of sensitive key information. This option is disabled by default.
6-24 AP-5131 Access Point Product Reference Guide ASCII Passphrase To use an ASCII passphrase (and not a hexadecimal value), select the checkbox enter an alphanumeric string of 8 to 63 characters. The string allows character spaces. The AP-5131 converts the string to a numeric value. This passphrase saves the administrator from entering the 256-bit key each time keys are generated.
Configuring Access Point Security 10. Click the Cancel button to undo any changes made within the WPA2/CCMP Settings field and return to the WLAN screen. This reverts all settings to the last saved configuration. 6.10 Configuring Firewall Settings The AP-5131's firewall is a set of related programs located in the gateway on the WAN side of the AP-5131. The firewall uses a collection of filters to screen information packets for known types of system attacks.
6-26 AP-5131 Access Point Product Reference Guide Disable Firewall Select the Disable Firewall checkbox to disable all firewall functions on the AP-5131. This includes firewall filters, NAT, VPN, content filtering, and subnet access. Disabling the AP-5131 firewall makes the AP-5131 vulnerable to data attacks and is not recommended during normal operation if using the WAN port. 3. Refer to the Timeout Configuration field to define a timeout interval to terminate IP address translations.
Configuring Access Point Security Max Header Length Use the Max Header Length field to set the maximum allowable header length (at least 256 bytes). Max Headers Use the Max Headers field to set the maximum number of headers allowed (12) 5. Click Apply to save any changes to the Firewall screen. Navigating away from the screen without clicking the Apply button results in all changes to the screens being lost. 6. Click Undo Changes (if necessary) to undo any changes made.
6-28 AP-5131 Access Point Product Reference Guide 2. Configure the LAN to WAN Access screen as required to allow or deny access to selected (enabled) protocols. Allow or Deny all protocols, except Use the drop-down menu to select either Allow or Deny. The selected setting applies to all protocols except those with enabled checkboxes and any traffic that is added to the table.
Configuring Access Point Security End Port Enter the ending port number for a port range. If the protocol uses a single port, leave the field blank. A new entry might use Web Traffic for its name, TCP for its protocol, and 80 for its port number. Pre configured Rules The following protocols are preconfigured with the AP-5131. To enable a protocol, check the box next to the protocol name. • HTTP - Hypertext Transfer Protocol is the protocol for transferring files on the Web.
6-30 AP-5131 Access Point Product Reference Guide 6.10.1.1 Available Protocols Protocols that are not pre-configured can be specified using the drop down list within the Transport column within the LAN to WAN Access and Advanced Subnet Access screens. They include: • • • • • ALL - Enables all of the protocol options displayed in the drop-down menu (as described below). TCP - Transmission Control Protocol is a set of rules for sending data as message units over the Internet.
Configuring Access Point Security access rules must be overridden. However, the Advanced LAN Access screen allows you to import existing subnet access rules into the advanced subnet access rules. To configure AP-5131 advanced LAN access: 1. Select Network Configuration -> Firewall -> Advanced LAN Access from the AP-5131 menu tree. 2. Configure the Settings field as needed to override the settings in the LAN to WAN Access screen and import firewall rules into the Advanced LAN Access screen.
6-32 AP-5131 Access Point Product Reference Guide 3. Configure the Firewall Rules field as required add, insert or delete firewall rules into the list of advanced rules. Inbound or Outbound Select Inbound or Outbound from the drop-down menu to specify if a firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface. Add Click the Add button to insert a new rule at the bottom of the table.
Configuring Access Point Security Src. Ports (Source Ports) The source port range determines which ports the firewall rule applies to on the source IP address. Click on the field to configure the source port range. A new window displays to enter the starting and ending port ranges. For rules where only a single port is necessary, enter the same port in the start and end port fields. Dst.
6-34 AP-5131 Access Point Product Reference Guide 2. Use the VPN Tunnels field to add or delete a tunnel to the list of available tunnels, list tunnel network address information and display key exchange information for each tunnel. Add Click Add to add a VPN tunnel to the list. To configure a specific tunnel, select it from the list and use the parameters within the VPN Tunnel Config field to set its properties. Del Click Del to delete a highlighted VPN tunnel.
Configuring Access Point Security Key Exchange Type The Key Exchange Type column lists the key exchange type for passing keys between both ends of a VPN tunnel. If Manual Key Exchange is selected, this column displays Manual. If Auto (IKE) Key Exchange is selected, the field displays Automatic. 3. If a VPN tunnel has been added to the list of available AP-5131 tunnels, use the VPN Tunnel Config field to optionally modify the tunnel’s properties.
6-36 AP-5131 Access Point Product Reference Guide Auto (IKE) Key Exchange Select the Auto (IKE) Key Exchange checkbox to configure AH and/ or ESP without having to manually enter keys. The keys automatically generate and rotate for the authentication and encryption type selected. Auto Key Settings Select the Auto (IKE) Key Exchange checkbox, and click the Auto Key Settings button to open a screen where AH authentication and ESP encryption/authentication can be configured.
Configuring Access Point Security To configure manual key settings for the AP-5131: 1. Select Network Configuration -> WAN -> VPN from the AP-5131 menu tree. 2. Refer to the VPN Tunnel Config field, select the Manual Key Exchange checkbox and click the Manual Key Settings button. 3. Configure the Manual Key Settings screen to modify the following: AH Authentication AH provides data authentication and anti-replay services for the VPN tunnel.
6-38 AP-5131 Access Point Product Reference Guide Inbound AH Authentication Key Configure a key for computing the integrity check on inbound traffic with the selected authentication algorithm. The key must be 32/40 hexadecimal (0-9, A-E) characters in length. The key value must match the corresponding outbound key on the remote security gateway. Outbound AH Authentication Key Configure a key for computing the integrity check on outbound traffic with the selected authentication algorithm.
Configuring Access Point Security ESP Encryption Algorithm Select the encryption and authentication algorithms for the VPN tunnel using the drop-down menu. • DES - Uses the DES encryption algorithm requiring 64-bit (16-character hexadecimal) keys. • 3DES - Uses the 3DES encryption algorithm requiring 192-bit (64-character hexadecimal) keys. • AES 128-bit: - Uses the Advanced Encryption Standard algorithm with 128-bit (32-character hexadecimal) keys.
6-40 AP-5131 Access Point Product Reference Guide Inbound SPI (Hex) Define an eight-character hexadecimal value identify the inbound security association created by the encryption algorithm. The value must match the corresponding outbound SPI value configured on the remote security gateway. Outbound SPI (Hex) Enter an eight-character hexadecimal value to identify the outbound security association created by the encryption algorithm.
Configuring Access Point Security 3. Configure the Auto Key Settings screen to modify the following: Use Perfect Forward Secrecy Forward secrecy is a key-establishment protocol guaranteeing the discovery of a session key or long-term private key does not compromise the keys of other sessions. Select Yes to enable Perfect Forward Secrecy. Select No to disable Perfect Forward Secrecy. AH Authentication AH provides data authentication and anti-replay services for the VPN tunnel.
6-42 AP-5131 Access Point Product Reference Guide ESP Type ESP provides packet encryption, optional data authentication and anti-replay services for the VPN tunnel. Use the drop-down menu to select the ESP type. • None - Disables ESP. The rest of the fields are not active. • ESP - Enables ESP for this tunnel. • ESP with Authentication - Enables ESP with authentication. ESP Encryption Algorithm Use this menu to select the encryption and authentication algorithms for this VPN tunnel.
Configuring Access Point Security To configure IKE key settings for the AP-5131: 1. Select Network Configuration -> WAN -> VPN from the AP-5131 menu tree. 2. Refer to the VPN Tunnel Config field, select the Auto (IKE) Key Exchange checkbox and click the IKE Settings button. 3. Configure the IKE Key Settings screen to modify the following: Operation Mode The Phase I protocols of IKE are based on the ISAKMP identityprotection and aggressive exchanges.
6-44 AP-5131 Access Point Product Reference Guide Local ID Type Select the type of ID to be used for the AP-5131 end of the SA. • IP - Select IP if the local ID type is the IP address specified as part of the tunnel. • FQDN - Use FQDN if the local ID is a fully qualified domain name (such as sj.symbol.com). • UFQDN - Select UFQDN if the local ID is a user fully-qualified domain name (such as johndoe@symbol.com). Local ID Data Specify the FQDN or UFQDN based on the Local ID type assigned.
Configuring Access Point Security IKE Authentication Algorithm IKE provides data authentication and anti-replay services for the VPN tunnel. Select an authentication methods from the drop-down menu. • MD5 - Enables the Message Digest 5 algorithm requiring 128-bit (32-character hexadecimal) keys. • SHA1 - Enables Secure Hash Algorithm 1 requiring 160-bit (40-character hexadecimal) keys. IKE Authentication Passphrase If you selected Pre-Shared Key as the authentication mode, you must provide a key.
6-46 AP-5131 Access Point Product Reference Guide Diffie Hellman Group Select a Diffie-Hellman Group to use. The Diffie-Hellman key agreement protocol allows two users to exchange a secret key over an insecure medium without any prior secrets. Two algorithms exist, one 768-bit and one 1024-bit algorithm. Select one of the following options: • Group 1 - 768 bit - Somewhat faster than the 1024-bit algorithm, but secure enough in most situations.
Configuring Access Point Security 2. Reference the Security Associations field to view the following: Tunnel Name The Tunnel Name column lists the names of all the tunnels configured on the AP-5131. Clicking the Tunnel Name title bar enables you to sort by tunnel name. For information on configuring a tunnel, see Configuring VPN Tunnels on page 6-33. Status The Status column lists the status of each configured tunnel. When the tunnel is not in use, the status reads NOT_ACTIVE.
6-48 AP-5131 Access Point Product Reference Guide Life Time Use the Life Time column to view the lifetime associated with a particular Security Association (SA). Each SA has a finite lifetime defined. When the lifetime expires, the SA can no longer be used to protect data traffic. The maximum SA lifetime is 3600 seconds (1 hour). Tx Bytes The Tx Bytes column lists the amount of data (in bytes) transmitted through each configured tunnel.
Configuring Access Point Security screening tool. Content filtering allows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound HTTP, SMTP, and FTP requests. To configure content filtering for the AP-5131: 1. Select Network Configuration -> WAN -> Content Filtering from the AP-5131 menu tree. 2. Configure the HTTP field to configure block Web proxies and URL extensions.
6-50 AP-5131 Access Point Product Reference Guide Block Outbound URL Extensions Enter a URL extension or file name per line in the format of filename.ext. An asterisk (*) can be used as a wildcard in place of the filename to block all files with a specific extension. 3. Configure the SMTP field to disable or restrict specific kinds of network mail traffic. Block Outbound SMTP Simple Mail Transport Protocol (SMTP) is the Internet standard for Commands host-to-host mail transport.
Configuring Access Point Security Block Outbound FTP Actions File Transfer Protocol (FTP) is the Internet standard for host-to-host mail transport. FTP generally operates over TCP port 20 and 21. FTP filtering allows the blocking of any or all outgoing FTP functions. Check the box next to the command to disable the command when using FTP across the AP-5131’s WAN port. • Storing Files - Blocks the request to transfer files sent from the client across the AP’s WAN port to the FTP server.
6-52 AP-5131 Access Point Product Reference Guide The rogue detection interval is used in conjunction with Symbol MUs that identify themselves as rogue detection capable to the AP-5131. The detection interval defines how often the AP-5131 requests these MUs to scan for a rogue AP. A shorter interval can effect the performance of the MU, but it will also decrease the time it takes for the AP-5131 to scan for a rogue AP.
Configuring Access Point Security RF Scan by MU Select the RF Scan by MU checkbox to enable MUs to scan for potential rogue APs within the network. Define an interval in the Scan Interval field for associated MUs to beacon in an attempt to locate a rogue AP. Set the interval to a value sooner than the default if a large volume of device network traffic is anticipated within the coverage area of the target AP-5131 access point.
6-54 AP-5131 Access Point Product Reference Guide MAC Address Click Add, and enter the device MAC address to be excluded from classification as a rogue device. Any ESSid Select the Any ESSid checkbox to prevent a device’s ESSid (whether it is a known device ESSid or not) from being considered a rogue device ESSID Click Add, and enter the name of a device ESSid to be excluded from classification as a rogue device. 4. Click Apply to save any changes to the Rogue AP Detection screen.
Configuring Access Point Security The Active APs screen displays with detected rogue devices displayed within the Rogue APs table. 2. Enter a value (in minutes) in the Allowed APs Age Out Time field to indicate the number of elapsed minutes before an AP will be removed from the approved list and reevaluated. A zero (0) for this value (default value) indicates an AP can remain on the approved AP list permanently. 3.
6-56 AP-5131 Access Point Product Reference Guide 6. Highlight a rogue AP and click the Details button to display a screen with device and detection information specific to that rogue device. This information is helpful in determining if a rogue AP should be moved to the Allowed APs table. For more information on the displaying information on detected rogue APs, see Displaying Rogue AP Details on page 6-56. 7. Click Apply to save any changes to the Active APs screen.
Configuring Access Point Security The Detail screen displays for the rogue AP. 3. Refer to the Rogue AP Detail field for the following information: BSSID/MAC Displays the MAC address of the rogue AP. This information could be useful if the MAC address is determined to be a Symbol MAC address and the device is interpreted as non-hostile and the device should be defined as an allowed AP. ESSID Displays the ESSID of the rogue AP.
6-58 AP-5131 Access Point Product Reference Guide Detection Method Displays the RF Scan by MU, RF On-Channel Detection or RF Scan by Detector Radio method selected from the Rogue AP screen to detect rogue devices. For information on detection methods, see Configuring Rogue AP Detection on page 6-51. First Heard (days:hrs:min) Defines the time in (days:hrs:min) that the rogue AP was initially heard by the detecting AP.
Configuring Access Point Security 2. Highlight an MU from within the Rogue AP enabled MUs field and click the scan button. The target MU begins scanning for rogue devices using the detection parameters defined within the Rogue AP Detection screen. To modify the detection parameters, see Configuring Rogue AP Detection on page 6-51. Those devices detected as rogue APs display within the Scan Result table.
6-60 AP-5131 Access Point Product Reference Guide 6. Click Logout to return to the Rogue AP Detection screen.
Monitoring Statistics The AP-5131 has functionality to display robust transmit and receive statistics for its WAN and LAN port. Wireless Local Area Network (WLAN) stats can also be displayed collectively for each enabled WLAN as well as individually for up to 16 specific WLANs. Transmit and receive statistics can also be displayed for the AP-5131’s 802.11a and 802.11b/g radios. An advanced radio statistics page is also available to display retry histograms for specific data packet retry information.
7-2 AP-5131 Access Point Product Reference Guide • • • • • Viewing LAN Statistics Viewing Wireless Statistics Viewing Radio Statistics Summary Viewing MU Statistics Summary Viewing Known Access Point Statistics 7.1 Viewing WAN Statistics Use the AP-5131 WAN Stats screen to view real-time statistics for monitoring the AP-5131 activity through its Wide Area Network (WAN) port. The Information field of the WAN Stats screen displays basic WAN information, generated from settings on the WAN screen.
Monitoring Statistics 2. Refer to the Information field to reference the following AP-5131 WAN data: Status The Status field displays Enabled if the WAN interface is enabled on the WAN screen. If the WAN interface is disabled on the WAN screen, the WAN Stats screen displays no connection information and statistics. To enable the WAN connection, see Configuring WAN Settings on page 5-13 HW Address The Media Access Control (MAC) address of the AP-5131 WAN port.
7-4 AP-5131 Access Point Product Reference Guide RX Errors RX errors include dropped data packets, buffer overruns, and frame errors on inbound traffic. The number of RX errors is a total of RX Dropped, RX Overruns and RX Carrier errors. Use this information to determine performance quality of the current WAN connection. RX Dropped The RX Dropped field displays the number of data packets that fail to reach the WAN interface. If this number appears excessive, consider a new connection to the device.
Monitoring Statistics TX Carrier The TX Carrier field displays the number of TCP/IP data carrier errors. 5. Click the Clear WAN Stats button to reset each of the data collection counters to zero in order to begin new data collections. The RX/TX Packets and RX/TX Bytes totals remain at their present values and are not cleared. Do not clear the WAN stats if currently in an important data gathering activity or risk losing all data calculations to that point. 6.
7-6 AP-5131 Access Point Product Reference Guide 2. Refer to the Information field to view the following AP-5131 device address information: HW Address The Media Access Control (MAC) address of the AP-5131. The MAC address is hard coded at the factory and cannot be changed. IP Address The Internet Protocol (IP) addresses for the AP-5131 LAN port. 3. Refer to the Received field to view data received over the AP-5131 LAN port. RX Packets RX packets are data packets received over the AP-5131 LAN port.
Monitoring Statistics RX Dropped The RX Dropped field displays the number of data packets failing to reach the LAN port. If this number appears excessive, consider a new connection to the device. RX Overruns RX overruns are buffer overruns on the AP-5131 LAN port. RX overruns occur when packets are received faster than the LAN connection can handle them. If RX overruns are excessive, consider reducing the data rate, for more information, see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
7-8 AP-5131 Access Point Product Reference Guide 5. Click the Clear LAN Stats button to reset each of the data collection counters to zero in order to begin new data collections. The RX/TX Packets and RX/TX Bytes totals remain at their present values and are not cleared. 6. Click the Logout button to securely exit the AP-5131 Symbol Access Point applet. There will be a prompt confirming logout before the applet is closed. 7.
Monitoring Statistics 2. Refer to the WLAN Summary field to reference high-level data for each enabled WLAN. Name Displays the names of all the enabled WLANs on the AP-5131. For information on enabling a WLAN, see Enabling Wireless LANs (WLANs) on page 5-22. MUs Displays the total number of MUs currently associated with each enabled WLAN. Use this information to assess if the MUs are properly grouped by function within each enabled WLAN.
7-10 AP-5131 Access Point Product Reference Guide Retries Displays the average number of retries per packet. An excessive number could indicate possible network or hardware problems. Clear All WLAN Stats Click this button to reset each of the data collection counters to zero in order to begin new data collections. Do not clear the WLAN stats if currently in an important data gathering activity or risk losing all data calculations to that point. 3.
Monitoring Statistics information. The Traffic field displays statistics on RF traffic and throughput. The RF Status field displays information on RF signal averages from the associated MUs. The Error field displays RF traffic errors based on retries, dropped packets, and undecryptable packets. The WLAN Stats screen is view-only with no user configurable data fields. To view statistics for an individual WLAN: 1.
7-12 AP-5131 Access Point Product Reference Guide Encryption Type Displays the encryption method defined for the WLAN. If the encryption type does not match the desired scheme for the WLAN or needs to be enabled, see Enabling Authentication and Encryption Schemes on page 6-5. Num. Associated MUs Displays the total number of MUs currently associated with the WLAN. If this number seems excessive, consider segregating MU’s to other WLANs if appropriate. 3.
Monitoring Statistics 4. Refer to the RF Status field to view the following MU signal, noise and performance information for the WLAN selected from the AP-5131 menu tree. Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the selected WLAN. The number in black represents this statistic for the last 30 seconds and the number in blue represents this statistic for the last hour.
7-14 AP-5131 Access Point Product Reference Guide 6. Click the Clear WLAN Stats button to reset each of the data collection counters to zero in order to begin new data collections. Do not clear the WLAN stats if currently in an important data gathering activity or risk losing all data calculations to that point. 7. Click the Logout button to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 7.
Monitoring Statistics Type MUs Displays the type of radio (either 802.11a or 802.11b/g) currently deployed by the AP-5131. To configure the radio type, see Setting the WLAN’s Radio Configuration on page 5-36. Displays the total number of MUs currently associated with each AP-5131 radio. T-put Displays the total throughput in Megabits per second (Mbps) for each AP-5131 radio listed. To adjust the data rate for a specific radio, see Configuring the 802.11a or 802.11b/g Radio on page 538.
7-16 AP-5131 Access Point Product Reference Guide dropped or could not decrypt. The information within the 802.11a Radio Statistics screen is view-only with no configurable data fields. To view detailed radio statistics: 1. Select Status and Statistics -> Radio Summary -> Radio Statistics from the AP-5131 menu tree. 2. Refer to the Information field to view the AP-5131 802.11a or 802.11b/g radio’s MAC address, placement and transmission information.
Monitoring Statistics Placement Lists whether the AP-5131 radio is indoors or outdoors. To change the placement setting, see Configuring the 802.11a or 802.11b/g Radio on page 5-38. Current Channel Indicates the channel for communications between the AP-5131 radio and its associated MUs. To change the channel setting, see Configuring the 802.11a or 802.11b/g Radio on page 5-38. Num Associated MUs Lists the number of mobile units (MUs) currently associated with the AP-5131 802.11a or 802.11b/g radio.
7-18 AP-5131 Access Point Product Reference Guide 4. Refer to the RF Status field to view the following MU signal, noise and performance information for the target AP-5131 802.11a or 802.11b/g radio. Avg MU Signal Avg MU Noise Displays the average RF signal strength in dBm for all MUs associated with the radio. The number in black represents the average signal for the last 30 seconds and the number in blue represents the average signal for the last hour.
Monitoring Statistics 7.4.1.1 Retry Histogram Refer to the Retry Histrogram screen for an overview of the retries transmitted by an AP-5131 radio and whether those retries contained any data packets. Use this information in combination with the error fields within a Radio Stats screen to assess overall radio performance. To display a Retry Histogram screen for an AP-5131 radio: 1. Select Status and Statistics -> Radio Summary -> Radio Statistics -> Retry Histogram from the AP-5131 menu tree.
7-20 AP-5131 Access Point Product Reference Guide 2. Click Apply to save any changes to the Radio Histogram screen. Navigating away from the screen without clicking Apply results in changes to the screens being lost. 3. Click Undo Changes (if necessary) to undo any changes made to the screen. Undo Changes reverts the settings to the last saved configuration. 4. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 7.
Monitoring Statistics 2. Refer to the MU List field to reference associated MU address, throughput and retry information. IP Address Displays the IP address of each of the associated MU. MAC Address Displays the MAC address of each of the associated MU. WLAN Displays the WLAN name each MU is interoperating with. Radio Displays the name of the 802.11a or 802.11b/g radio each MU is associated with. T-put Displays the total throughput in Megabits per second (Mbps) for each associated MU.
7-22 AP-5131 Access Point Product Reference Guide 8. Click the Logout button to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 7.5.1 Viewing MU Details Use the MU Details screen to display throughput, signal strength and transmit error information for a specific MU associated with the AP-5131. The MU Details screen is separated into four fields; MU Properties, MU Traffic, MU Signal, and MU Errors.
Monitoring Statistics Voice MU Displays whether or not the mobile unit is a voice capable device. Such devices include Netvision and Spectralink IP phones. Traffic from voice MUs is handled differently than traffic from MUs without this capability. MUs grouped to particular WLANs can be prioritized to transmit and receive voice traffic over data traffic. For more information, see Setting the WLAN Quality of Service (QoS) Policy on page 5-31.
7-24 AP-5131 Access Point Product Reference Guide Avg MU Signal Displays RF signal strength in dBm for the target MU. The number in black represents signal information for the last 30 seconds and the number in blue represents signal information for the last hour. Avg MU Noise Displays RF noise for the target MU. The number in black represents noise for the last 30 seconds, the number in blue represents noise for the last hour. Avg MU SNR Displays the Signal to Noise Ratio (SNR) for the target MU.
Monitoring Statistics To ping a specific MU to assess its connection with an AP-5131: 1. Select Status and Statistics - > MU Stats from the AP-5131 menu tree. 2. Select the Echo Test button from within the MU Stats Summary screen 3. Specify the following ping test parameters. Station Address The IP address of the target MU. Refer to the MU Stats Summary screen for associated MU IP address information. Number of ping Specify the number of ping packets to transmit to the target MU. The default is 100.
7-26 AP-5131 Access Point Product Reference Guide 7.6 Viewing Known Access Point Statistics The AP-5131 has the capability of detecting and displaying the properties of other access points (both Symbol and those from other manufacturers) located within its coverage area. Detected AP-5131’s transmit a WNMP message indicating their channel, IP address, firmware version, etc. This information is used to create a known AP list. The list has field indicating the properties of the access point discovered.
Monitoring Statistics KBIOS The data traffic handled by the located AP-5131 in kilobytes (both transmitted and received) per second. Unit Name Displays the name assigned to the AP-5131 using the System Settings screen. For information on changing the unit name, see Configuring System Settings on page 4-2. 2. Click the Clear Known AP Stats button to reset each of the data collection counters to zero in order to begin new data collections. 3.
7-28 AP-5131 Access Point Product Reference Guide
Command Line Interface Reference The AP-5131 Command Line Interface (CLI) is accessed through the serial port or a Telnet session. The AP-5131 CLI follows the same conventions as the Web-based user interface. The CLI does, however, provide an “escape sequence” to provide diagnostics for problem identification and resolution. The AP-5131 CLI treats the following as invalid characters: | " & , \ ' < > In order to avoid problems when using the AP-5131 CLI, these characters should be avoided. 8.
8-2 AP-5131 Access Point Product Reference Guide 8.1.2 Accessing the CLI via Telnet To connect to the AP-5131 CLI through a Telnet connection: 1. Telnet into the AP-5131 using an IP address of 192.168.0.1 2. Enter the default username of admin and the default password of symbol. If this is your first time logging into the AP-5131, you are unable to access any of the AP-5131’s commands until the country code is set. A new password will also need to be created.
Command Line Interface Reference 8-3 8.2 Admin and Common Commands AP5131>admin> Description: Displays admin configuration options. The items available under this command are shown below. Syntax: admin help passwd summary network system stats .. / save quit Accesses admin configuration. This requires an administration login. Displays general user interface help. Changes the admin password.
8-4 AP-5131 Access Point Product Reference Guide AP5131>admin> Description: Displays admin configuration options. Syntax: admin Accesses admin configuration. Admin configuration requires an administration login.
Command Line Interface Reference 8-5 AP5131>admin>help Description: Displays general CLI user interface help. Syntax: help Displays command line help using combinations of function keys for navigation. Example: admin>help ? * Restriction of “?”: : display command help - Eg. ?, show ?, s? : “?” after a function argument is treated : as an argument : Eg. admin
8-6 AP-5131 Access Point Product Reference Guide AP5131>admin>passwd Description: Changes the password for the admin login. Syntax: passwd Changes the admin password for AP-5131 access. This requires typing the old admin password and entering a new password and confirming it. Passwords can be up to 11 characters. The AP-5131 CLI treats the following as invalid characters: | " & , \ ' < > In order to avoid problems when using the AP-5131 CLI, these characters should be avoided.
Command Line Interface Reference 8-7 AP5131>admin>summary Description: Displays the AP-5131’s system summary. Syntax: summary Displays a summary of high-level characteristics and settings for the WAN, LAN and WLAN. Example: admin>summary AP-5131 firmware version 1.0.0.
8-8 AP-5131 Access Point Product Reference Guide AP5131>admin>.. Description: Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure. Example: admin(network.lan)>..
Command Line Interface Reference 8-9 AP5131>admin> / Description: Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure. Example: admin(network.
8-10 AP-5131 Access Point Product Reference Guide AP5131>admin>save Description: Saves the configuration to system flash. The save command appears in all of the submenus under admin. In each case, it has the same function, to save the current configuration. Syntax: save Saves configuration settings. The save command works at all levels of the CLI. The save command must be issued before leaving the CLI for updated settings to be retained.
Command Line Interface Reference 8-11 AP5131>admin>quit Description: Exits the command line interface session and terminates the session. The quit command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI. Once the quit command is executed, the login prompt displays again.
8-12 AP-5131 Access Point Product Reference Guide 8.3 Network Commands AP5131>admin(network)> Description: Displays the network submenu. The items available under this command are shown below. lan wan wireless firewall router .. / save quit Goes to the LAN submenu. Goes to the WAN submenu. Goes to the Wireless Configuration submenu. Goes to the firewall submenu. Goes to the router submenu. Goes to the parent menu. Goes to the root menu. Saves the current configuration to the system flash.
Command Line Interface Reference 8-13 8.3.1 Network LAN Commands AP5131>admin(network.lan)> Description: Displays the LAN submenu. The items available under this command are shown below. show set vlan dhcp type-filter .. / save quit Shows current AP-5131 LAN port parameters. Sets LAN parameters. Defines LAN VLAN configuration values. Goes to the LAN DHCP submenu. Goes to the type-filter submenu to specify data types allowed or denied access to the AP-5131 WLAN traffic Goes to the parent menu.
8-14 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan)> show Description: Displays the AP-5131 LAN settings. Syntax: show Shows the settings for the AP-5131 LAN interface. Example: admin(network.lan)>show LAN Interface : enable LAN Timeout : 45 sec. 802.11q Trunking : disable 802.1x Port Authentication: Username : admin Password : ******** LAN IP mode : DHCP server IP Address : 192.168.0.1 Network Mask : 255.255.255.255 Default Gateway : 192.168.0.
Command Line Interface Reference 8-15 AP5131>admin(network.lan)> set Description: Sets the LAN parameters for the LAN port. Syntax: set lan timeout trunking username passwd ip-mode ipadr mask dgw domain dns wins Enables or disables the AP-5131 LAN interface. Sets the interval (in seconds) the AP-5131 uses to terminate its LAN interface if no activity is detected for the specified interval. Enables or disables 802.
8-16 AP-5131 Access Point Product Reference Guide 8.3.1.1 Network LAN, VLAN Commands AP5131>admin(network.lan.vlan)> Description: Displays the AP-5131 VLAN submenu. show set create edit delete mapping .. / save quit Displays the VLAN list currently defined for the AP-5131. Sets the AP-5131 VLAN configuration. Creates a new AP-5131 VLAN. Edits the properties of an existing AP-5131 VLAN. Deletes a VLAN. Maps AP-5131 WLANs to VLANs. Moves to the parent menu. Goes to the root menu.
Command Line Interface Reference 8-17 AP5131>admin(network.lan.vlan)> show Description: Displays current VLAN parameter settings the AP-5131. These parameters are defined with the set command. Syntax: show name config wlan Displays the existing list of AP-5131 VLAN names. Shows the target VLAN configuration. Displays the WLAN summary list. Example: admin(network.lan.
8-18 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.vlan)> set Description: Sets VLAN parameters for the AP-5131. Syntax: set mgmt- tag native-tag mode Defines the Management VLAN tag (1-4095). Sets the Native VLAN tag (1-4095). Sets WLAN VLAN mode (WLAN 1-16) to either dynamic or static. Example: admin(network.lan.vlan)>set mgmt-tag 1 admin(network.lan.vlan)>set native-tag 1 admin(network.lan.
Command Line Interface Reference 8-19 AP5131>admin(network.lan.vlan)> create Description: Creates a VLAN for the AP-5131. Syntax: create vlan-id vlan-name Defines the VLAN ID (1-4095). Specifies the name of the VLAN (1-31 characters in length). Example: admin(network.lan.vlan)> admin(network.lan.vlan)>create 5 VLAN-5 For information on creating VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
8-20 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.vlan)> edit Description: Modifies a VLAN’s name and ID. Syntax: edit name id Modifies an exisiting VLAN name (1-31 characters in length) Modifies an existing VLAN ID (1-4095) characters in length). For information on editing VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
Command Line Interface Reference 8-21 AP5131>admin(network.lan.vlan)> delete Description: Deletes a specific VLAN or all VLANs. Syntax: delete < VLAN id> Deletes a specific VLAN ID (1-16). all Deletes all defined VLANs. For information on deleting VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
8-22 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.vlan)> mapping Description: Maps an AP-5131 VLAN to a WLAN. Syntax: wlan Maps an AP-5131 WLAN to an exisiting VLAN name, and maps an AP-5131 VLAN to an exisiting WLAN name. All names and IDs are case-sensitive. For information on mapping VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
Command Line Interface Reference 8-23 8.3.1.2 Network LAN, DHCP Commands AP5131>admin(network.lan.dhcp)> Description: Displays the AP-5131 DHCP submenu. The items available are displayed below. show set add delete list .. / save quit Displays DHCP parameters. Sets DHCP parameters. Adds static DHCP address assignments. Deletes static DHCP address assignments. Lists static DHCP address assignments. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash.
8-24 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.dhcp)> show Description: Shows DHCP parameter settings. Syntax: show Displays DHCP parameter settings for the AP-5131. These parameters are defined with the set command. Example: admin(network.lan.dhcp)>show DHCP Address Assignment Range: Starting IP Address : 192.168.0.100 Ending IP Address : 192.168.0.
Command Line Interface Reference 8-25 AP5131>admin(network.lan.dhcp)> set Description: Sets DHCP parameters for the LAN port. Syntax: set range lease Sets the DHCP assignment range from IP address to IP address . Sets the DHCP lease time in seconds (1-999999). Example: admin(network.lan.dhcp)>set range 192.168.0.100 192.168.0.254 admin(network.lan.dhcp)>set lease 86400 admin(network.lan.dhcp)>show DHCP Address Assignment Range: Starting IP Address : 192.168.0.
8-26 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.dhcp)> add Description: Adds static DHCP address assignments. Syntax: add Adds a reserved static IP address to a MAC address. Example: admin(network.lan.dhcp)>add 00A0F8112233 192.160.24.6 admin(network.lan.dhcp)>add 00A0F1112234 192.169.24.7 admin(network.lan.
Command Line Interface Reference 8-27 AP5131>admin(network.lan.dhcp)> delete Description: Deletes static DHCP address assignments. Syntax: delete all Deletes the static DHCP address entry . Deletes all static DHCP addresses. Example: admin(network.lan.dhcp)>list ----------------------------------------------------------------------------Index MAC Address IP Address ----------------------------------------------------------------------------1 00A0F8112233 10.1.2.
8-28 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.dhcp)> list Description: Lists static DHCP address assignments. Syntax: list Lists the static DHCP address assignments. Example: admin(network.lan.dhcp)>list ----------------------------------------------------------------------------Index MAC Address IP Address ----------------------------------------------------------------------------1 00A0F8112233 10.1.2.4 2 00A0F8102030 10.10.1.2 3 00A0F8112234 10.1.2.
Command Line Interface Reference 8-29 8.3.1.3 Network Type Filter Commands AP5131>admin(network.lan.type-filter)> Description: Displays the AP-5131 Type Filter submenu. The items available under this command include: e show set add delete .. / save quit Displays the current Ethernet Type exception list. Defines Ethernet Type Filter parameters. Adds an Ethernet Type Filter entry. Removes an Ethernet Type Filter entry. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash.
8-30 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.type-filter)> show Description: Displays the AP-5131’s current Ethernet Type Filter configuration. Syntax: show Displays the existing AP-5131 Type-Filter configuration. Example: admin(network.lan.
Command Line Interface Reference 8-31 AP5131>admin(network.lan.type-filter)> set Description: Defines the AP-5131 Ethernet Type Filter configuration. Syntax: set mode allow or deny Allows or denies the AP-5131 from processing a specified Ethernet data type. Example: admin(network.lan.type-filter)>set mode allow For information on configuring the AP-5131’s type filter settings using the applet (GUI), see Setting the Type Filter Configuration on page 5-11.
8-32 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.type-filter)> add Description: Adds an Ethernet Type Filter entry. Syntax: add Adds entered Ethernet Type to list of data types either allowed or denied AP-5131 processing permissions. Example: admin(network.lan.type-filter)> admin(network.wireless.type-filter)>add 2 8137 admin(network.wireless.type-filter)>add 3 0806 admin(network.wireless.type-filter)>add 4 0800 admin(network.wireless.
Command Line Interface Reference 8-33 AP5131>admin(network.lan.type-filter)> delete Description: Removes an Ethernet Type Filter entry individually or the entire Type Filter list. Syntax: delete all Deletes the specified Ethernet Type index entry (1 through 16). Deletes all Ethernet Type entries currently in list. Example: admin(network.lan.type-filter)>delete 1 admin(network.lan.
8-34 AP-5131 Access Point Product Reference Guide 8.3.2 Network WAN Commands AP5131>admin(network.wan)> Description: Displays the WAN submenu. The items available under this command are shown below. show set nat vpn app .. / save quit Displays the AP-5131 WAN configuration and the AP-5131’s current PPPoE configuration. Defines the AP-5131’s WAN and PPPoE configuration. Displays the NAT submenu, wherein Network Address Translations (NAT) can be defined.
Command Line Interface Reference 8-35 AP5131>admin(network.wan)> show Description: Displays the AP-5131 WAN port parameters. Syntax: show Shows the general IP parameters for the WAN port along with settings for the WAN interface.. Example: admin(network.wan)>show WAN Interface : enable WAN DHCP Client Mode : disable IP address : 0.0.0.0 Network Mask : 0.0.0.0 Default Gateway : 10.10.1.1 Primary DNS Server : 0.0.0.0 Secondary DNS Server : 0.0.0.
8-36 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan)> set Description: Defines the configuration of the AP-5131 WAN port. Syntax: set wan dhcp ipadr enable/disable enable/disable mask dgw dns pppoe mode enable/disable Enables or disables the AP-5131 WAN port. Enables or disables WAN DHCP Client mode. Sets up to 8 (using from 1 to 8) IP addresses for the AP-5131 WAN interface.
Command Line Interface Reference 8-37 8.3.2.1 Network WAN NAT Commands AP5131>admin(network.wan.nat)> Description: Displays the NAT submenu. The items available under this command are shown below. show set add delete list .. / save quit Displays the AP-5131’s current NAT parameters for the specified index. Defines the AP-5131 NAT settings. Adds NAT entries. Deletes NAT entries. Lists NAT entries. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
8-38 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.nat)> show Description: Displays AP-5131 NAT parameters. Syntax: show Displays AP-5131 NAT parameters for the specified NAT index. Example: admin(network.wan.nat)>show 2 WAN IP Mode : disable WAN IP Address : 157.235.91.2 NAT Type : 1-to-many 1 to 1 Outbound Mappings : 0.0.0.0 Inbound Mappings : Port Forwarding unspecified port forwarding mode : enable unspecified port fwd. ip address : 111.223.222.
Command Line Interface Reference 8-39 AP5131>admin(network.wan.nat)> set Description: Sets NAT inbound and outbound parameters. Syntax: set type ip mode unspec-ip Sets the type of NAT translation for WAN address index (1-8) to (none, 1-to-1, or 1-to-many). Sets NAT IP mapping associated with WAN address to the specified IP address .
8-40 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.nat)> add Description: Adds NAT entries.
Command Line Interface Reference 8-41 AP5131>admin(network.wan.nat)> delete Description: Deletes NAT entries. Syntax: delete all Deletes a specified NAT index entry associated with the WAN. Deletes all NAT entries associated with the WAN. Example: admin(network.wan.
8-42 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.nat)> list Description: Lists AP-5131 NAT entries for the specified index. Syntax: list Lists the inbound NAT entries associated with WAN port. Example: admin(network.wan.
Command Line Interface Reference 8-43 8.3.2.2 Network WAN, VLAN Commands AP5131>admin(network.wan.vpn)> Description: Displays the VPN submenu. The items available under this command include: add set delete list reset stats ikestate .. / save quit Adds VPN tunnel entries. Sets key exchange parameters. Deletes VPN tunnel entries. Lists VPN tunnel entries Resets all VPN tunnels. Lists security association status for the VPN tunnels. Displays an Internet Key Exchange (IKE) summary. Goes to the parent menu.
8-44 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.vpn)> add Description: Adds a VPN tunnel entry. Syntax: add Creates a tunnel (1 to 13 characters) to gain access through local WAN IP from the remote subnet with address and subnet mask using the remote gateway . Example: admin(network.wan.vpn)>add SJSharkey 209.235.44.31 206.107.22.46 255.255.255.224 206.107.22.
Command Line Interface Reference 8-45 AP5131>admin(network.wan.vpn)> set Description: Sets VPN entry parameters. Syntax: set type Sets the tunnel type to Auto or Manual for the specified tunnel name. authalgo Sets the authentication algorithm for to (None, MD5, or SHA1).
8-46 AP-5131 Access Point Product Reference Guide salife Defines the name of the tunnnel the Security Association Life Time <300-65535> applies to in seconds. ike opmode Sets the Operation Mode of IKE for to Main or Aggr(essive). myidtype Sets the Local ID type for IKE authentication for (1 to 13 characters) to (IP, FQDN, or UFQDN).
Command Line Interface Reference 8-47 AP5131>admin(network.wan.vpn)> delete Description: Deletes VPN tunnel entries. Syntax: delete * Deletes all VPN entries. Deletes VPN entries . Example: admin(network.wan.vpn)>list -------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP -------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.
8-48 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.vpn)> list Description: Lists VPN tunnel entries. Syntax: list Lists all tunnel entries. Lists detailed information about tunnel named . Note that the must match case with the name of the VPN tunnel entry Example: admin(network.wan.
Command Line Interface Reference 8-49 AP5131>admin(network.wan.vpn)> reset Description: Resets all of the AP-5131’s VPN tunnels. Syntax: reset Resets all VPN tunnels. Example: admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)> For information on configuring VPN using the applet (GUI), see Configuring VPN Tunnels on page 6-33.
8-50 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.vpn)> stats Description: Lists statistics for all active tunnels. Syntax: stats Display statistics for all VPN tunnels. Example: admin(network.wan.
Command Line Interface Reference 8-51 AP5131>admin(network.wan.vpn)> ikestate Description: Displays statistics for all active tunnels using Internet Key Exchange (IKE). Syntax: ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key. Example: admin(network.wan.
8-52 AP-5131 Access Point Product Reference Guide 8.3.2.3 Network WAN App Commands AP5131>admin(network.wan.app)> Description: Displays the outbound content filtering submenu. The items available under this command are shown below. addcmd delcmd list .. / save quit Adds app control commands to the deny list. Deletes app control commands from the deny list. Lists app control entries. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
Command Line Interface Reference 8-53 AP5131>admin(network.wan.app)> addcmd Description: Adds app control commands to the deny list. Syntax: addcmd web file proxy activex ftp put get ls mkdir cd pasv smtp helo mail rcpt data quit send saml reset vrfy expn . Denies specified web file name. can be up to 15 characters and "*" can be used to match any string. can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. Denies web proxies.
8-54 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.app)> delcmd Description: Deletes application control commands from the deny list. Syntax: delcmd web ftp smtp file proxy activex put get ls mkdir cd pasv helo mail rcpt data quit send saml reset vrfy expn . Deletes specified web file name from deny list. can be up to 15 characters and "*" can be used to match any string. can be up to 10 characters (such as htm, html, or java).
Command Line Interface Reference 8-55 AP5131>admin(network.wan.app)> list Description: Lists the app control records. Syntax: list web ftp smtp Lists Web/HTTP app control settings. Lists FTP app control settings. Lists SMTP app control record. Example: admin(network.wan.app)>list web HTTP Files/Commands Web Proxy ActiveX filename : deny : deny : admin(network.wan.
8-56 AP-5131 Access Point Product Reference Guide 8.3.3 Network Wireless Commands AP5131>admin(network.wireless) Description: Displays the AP-5131 wireless submenu. The items available under this command include: wlan security Displays the WLAN submenu used to create and configure up to 16 WLANs per AP-5131. Displays the security submenu used to create encryption and authentication based security policies for use with AP-5131 WLANs.
Command Line Interface Reference 8-57 8.3.3.1 Network WLAN Commands AP5131>admin(network.wireless.wlan)> Description: Displays the AP-5131 wireless LAN (WLAN) submenu. The items available under this command include: e show create edit delete .. / save quit Displays the AP-5131’s current WLAN configuration. Defines the parameters of a new WLAN. Modifies the properties of an existing WLAN. Deletes an existing WLAN. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash.
8-58 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.wlan)> show Description: Displays the AP-5131’s current WLAN configuration. Syntax: show summary wlan Displays the current configuration for existing WLANs. Displays the configuration for the requested WLAN (WLAN 1 through 16). Example: admin(network.wireless.wlan)>show wlan 1 ESS Identifier : 101 WLAN Name : Lobby 802.11a Radio : available 802.
Command Line Interface Reference 8-59 AP5131>admin(network.wireless.wlan)> create Description: Defines the parameters of a new AP-5131 WLAN. Syntax: sh create set ess wlan-name 11a 11bg max-mu security acl passwd no-mu-mu sbeacon bcast qos add-wlan .. Defines the ESSID for a target WLAN. Determines the name of this particlular WLAN (1-32). Enables or disables access to the AP-5131 802.11a radio.
8-60 AP-5131 Access Point Product Reference Guide admin(network.wireless.wlan.create)>show security ---------------------------------------------------------------------Secu Policy Name Authen Encryption Associated WLANs ---------------------------------------------------------------------1 Default Manual no encrypt Front Lobby 2 WEP Demo Manual WEP 64 2nd Floor 3 Open Manual no encrypt 1st Floor admin(network.wireless.wlan.
Command Line Interface Reference 8-61 AP5131>admin(network.wireless.wlan)> edit Description: Edits the properties of an existing WLAN policy. Syntax: edit Edits the properties of an existing WLAN policy. For information on editing a WLAN using the applet (GUI), see Creating/Editing Individual WLANs on page 5-24.
8-62 AP-5131 Access Point Product Reference Guide 8.3.3.2 Network Security Commands AP5131>admin(network.wireless.security)> Description: Displays the AP-5131 wireless security submenu. The items available under this command include: show create edit delete .. / save quit Displays the AP-5131’s current security configuration. Defines the parameters of a security policy. Edits the properties of an existing security policy. Removes a specific security policy. Goes to the parent menu. Goes to the root menu.
Command Line Interface Reference 8-63 AP5131>admin(network.wireless.security)> show Description: Displays the AP-5131’s current security configuration. Syntax: show summary policy Displays list of existing security policies (1-16). Displays the specified security policy . Example: admin(network.wireless.
8-64 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.security)> create Description: Defines the parameter of AP-5131 security policies.
Command Line Interface Reference 8-65 Syntax: create Defines the parameters of a security policy. show set Displays new or existing security policy parameters. sec-name Sets the name of the security policy. auth Sets the authentication type for WLAN to (none, eap, or kerberos). Note: Kerberos parameters are only in affect if "kerberos" is specified for the authentication method (set auth ). kerb realm Sets the Kerberos realm.
8-66 AP-5131 Access Point Product Reference Guide accounting adv retry Sets the maximum number of reauthentication retries (1-99). mode Enable or disable Radius accounting. timeout Defines MU timout period in seconds (1-255). retry Sets the maximum number of MU retries to (1-10). syslog Enable or disable syslog messages. ip Defines syslog server IP address.
Command Line Interface Reference 8-67 index Selects the WEP/KeyGuard key (from one of the four potential values of (1-4). hex-key Sets the WEP/KeyGuard key for key index (1-4) for WLAN to . ascii-key Sets the WEP/KeyGuard key for key index (1-4) for WLAN to . Note: TKIP parameters are only affected if "tkip" is selected as the encryption type.
8-68 AP-5131 Access Point Product Reference Guide add-policy Adds the policy and exits. .. Disregards the policy creation and exits the CLI session. For information on configuring the encryption and authentication options available to the AP-5131 using the applet (GUI), see Configuring Security Options on page 6-2.
Command Line Interface Reference 8-69 AP5131>admin(network.wireless.security.edit)> Description: Edits the properties of a specific security policy. Syntax: show set change .. Displays the new or modified security policy parameters. Edits security policy parameters. Completes policy changes and exits the session. Cancels the changes made and exits the session. Example: admin(network.wireless.security.edit)> admin(network.wireless.security.
8-70 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.security)> delete Description: Deletes a specific security policy. Syntax: delete Removes the specified security policy for the list supported. Removes all security policies except the default policy. For information on configuring the encryption and authentication options available to the AP-5131 using the applet (GUI), see Configuring Security Options on page 6-2.
Command Line Interface Reference 8-71 8.3.3.3 Network ACL Commands AP5131>admin(network.wireless.acl)> Description: Displays the AP-5131 Mobile Unit Access Control List (ACL) submenu. The items available under this command include: show create edit delete .. / save quit Displays the AP-5131’s current ACL configuration. Creates an MU ACL policy. Edits the properties of an existing MU ACL policy. Removes an MU ACL policy. Goes to the parent menu. Goes to the root menu.
8-72 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.acl)> show Description: Displays the AP-5131’s current ACL configuration. Syntax: show summary policy Displays the list of existing MU ACL policies. Displays the requested MU ACL index policy. Example: admin(network.wireless.
Command Line Interface Reference 8-73 AP5131>admin(network.wireless.acl)> create Description: Creates an MU ACL policy. Syntax: create show set add-addr delete add-policy .. acl-name mode Displays the parameters of a new ACL policy. Sets the MU ACL policy name. Sets the ACL mode for the defined index (1-16). Allowed MUs can access the AP-5131 managed LAN. Options are deny and allow. Adds specified MAC address to list of ACL MAC addresses.
8-74 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.acl.edit)> Description: Edits the properties of an existing MU ACL policy. Syntax: show Displays MU ACL policy and its parameters. set Modifies the properties of an existing MU ACL policy. add Adds an MU ACL table entry. delete Deletes an MU ACL table entry, including starting and ending MAC address ranges. change Completes the changes made and exits the session. .. Cancels the changes made and exits the session.
Command Line Interface Reference 8-75 AP5131>admin(network.wireless.acl)> delete Description: Removes an MU ACL policy. Syntax: delete all Deletes a partilcular MU ACL policy. Deletes all MU ACL policies. For information on configuring the ACL options available to the AP-5131 using the applet (GUI), see Configuring a WLAN Access Control List (ACL) on page 5-29.
8-76 AP-5131 Access Point Product Reference Guide 8.3.3.4 Network Radio Configuration Commands AP5131>admin(network.wireless.radio)> Description: Displays the AP-5131 Radio submenu. The items available under this command include: e show set radio1 radio2 .. / save quit Summarizes AP-5131 radio parameters at a high-level. Defines the AP-5131 radio configuration. Displays the 802.11b/g radio submenu. Displays the 802.11a radio submenu. Goes to the parent menu. Goes to the root menu.
Command Line Interface Reference 8-77 AP5131>admin(network.wireless.radio)> show Description: Displays the AP-5131’s current radio configuration. Syntax: show Displays the AP-5131’s current radio configuration. Example: admin(network.wireless.radio)>show Radio Configuration Radio 1 Name : Radio 1 Radio Mode : enable RF Band of Operation : 802.11b/g (2.4 GHz) Radio 2 Name : Radio 2 Radio Mode : enable RF Band of Operation : 802.
8-78 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio)> set Description: Enables an AP-5131 Radio and defines the RF band of operation. Syntax: set 11a 11bg Enables or disables the AP-5131’s 802.11a radio. Enables or disables the AP-5131’s 802.11b/g radio. Example: admin(network.wireless.radio)>set 11a disable admin(network.wireless.radio)>set 11bg enable admin(network.wireless.
Command Line Interface Reference 8-79 AP5131>admin(network.wireless.radio.radio1)> Description: Displays a specific 802.11b/g radio submenu. The items available under this command include: Syntax: show set advanced .. / save quit Displays 802.11b/g radio settings. Defines specific 802.11b/g radio parameters. Displays the Adavanced radio settings submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
8-80 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.radio1)> show Description: Displays specific 802.11b/g radio settings. Syntax: show radio qos Displays specific 802.11b/g radio settings. Displays specific 802.11b/g radio WMM QoS settings. Example: admin(network.wireless.radio.radio1)>show radio Radio Setting Information Placement : indoor MAC Address : 00A0F8715920 Radio Type : 802.
Command Line Interface Reference 8-81 admin(network.wireless.radio.
8-82 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.802-11bg)> set Description: Defines specific 802.11b/g radio parameters. Syntax: set placement ch-mode channel antenna power bg-mode rates beacon dtim preamble rts qos Defines the AP-5131 radio placement as indoors or outdoors. Determines how the radio channel is selected. Defines the actual channel used by the radio. Sets the radio antenna power Defines the radio antenna power transmit level.
Command Line Interface Reference 8-83 AP5131>admin(network.wireless.radio.802-11bg.advanced)> Description: Displays the advanced submenu for the 802.11b/g radio. The items available under this command include: Syntax: show set .. / save quit Displays advanced radio settings for the 802.11b/g radio. Defines advanced parameters for the 802.11b/g radio. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
8-84 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.802-11bg.advanced)> show Description: Displays the BSSID to WLAN mapping for the 802.11b/g radio. Syntax: show advanced wlan Displays advanced settings for the 802.11b/g radio. Displays WLAN summary list for the 802.11b/g radio. Example: admin(network.wireless.radio.802-11bg.
Command Line Interface Reference 8-85 AP5131>admin(network.wireless.radio.802-11bg.advanced)> set Description: Defines advanced parameters for the target 802.11b/g radio. Syntax: set wlan bss Defines advanced WLAN to BSSID mapping for the target radio. Sets the BSSID to primary WLAN definition. Example: admin(network.wireless.radio.802-11bg.advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11bg.
8-86 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.802-11a)> Description: Displays a specific 802.11a radio submenu. The items available under this command include: Syntax: show set advanced .. / save quit Displays 802.11a radio settings Defines specific 802.11a radio parameters. Displays the Advanced radio settings submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
Command Line Interface Reference 8-87 AP5131>admin(network.wireless.radio.802-11a)> show Description: Displays specific 802.11a radio settings. Syntax: show radio qos Displays specific 802.11a radio settings. Displays specific 802.11a radio WMM QoS settings. Example: admin(network.wireless.radio.802-11a)>show radio Radio Setting Information Placement : indoor MAC Address : 00A0F8715920 Radio Type : 802.
8-88 AP-5131 Access Point Product Reference Guide admin(network.wireless.radio.
Command Line Interface Reference 8-89 AP5131>admin(network.wireless.radio.802-11a)> set Description: Defines specific 802.11a radio parameters. Syntax: set placement ch-mode channel antenna power rates beacon dtim rts qos Defines the AP-5131 radio placement as indoors or outdoors. Determines how the radio channel is selected. Defines the actual channel used by the radio. Sets the radio antenna power. Defines the radio antenna power transmit level. Sets the supported radio transmit rates.
8-90 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.802-11a.advanced)> Description: Displays the advanced submenu for the 802-11a radio. The items available under this command include: Syntax: show set .. / save quit Displays advanced radio settings for the 802-11a radio. Defines advanced parameters for the 802-11a radio. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
Command Line Interface Reference 8-91 AP5131>admin(network.wireless.radio.802-11a.advanced)> show Description: Displays the BSSID to WLAN mapping for the 802.11a radio. Syntax: show advanced wlan Displays advanced settings for the 802.11a radio. Displays WLAN summary list for 802.11a radio. Example: admin(network.wireless.radio.802-11a.
8-92 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.802-11a.advanced)> set Description: Defines advanced parameters for the target 802..11a radio. Syntax: set wlan bss Defines advanced WLAN to BSSID mapping for the target radio. Sets the BSSID to primary WLAN definition. Example: admin(network.wireless.radio.802-11a.advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11a.
Command Line Interface Reference 8-93 8.3.3.5 Network Quality of Service (QoS) Commands AP5131>admin(network.wireless.qos)> Description: Displays the AP-5131 Quality of Service (QoS) submenu. The items available under this command include: e show create edit delete .. / save quit Displays AP-5131 QoS policy information. Defines the parameters of the QoS policy. Edits the settings of an existing QoS policy. Removes an existing QoS policy. Goes to the parent menu. Goes to the root menu.
8-94 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.qos)> show Description: Displays the AP-5131’s current QoS policy by summary or individual policy. Syntax: show summary policy Displays all exisiting QoS policies that have been defined. Displays the configuration for the requested QoS policy. Example: admin(network.wireless.
Command Line Interface Reference 8-95 AP5131>admin(network.wireless.qos.create)> Description: Defines an AP-5131 QoS policy. Syntax: show Displays new QoS policy parameters. set Sets QoS policy parameters. add-policy Completes the policy creation and exits the CLI session. .. Cancels the QoS policy creation and exits the CLI session. For information on configuring the WLAN QoS options available to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page 5-31.
8-96 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.qos.edit)> Descripton: Edits the properties of an existing QoS policy. Syntax: show set qos-name vop mcast wmm-qos cwmin cwmax aifsn txops default change .. Displays QoS policy parameters. Sets the QoS name for the specified index entry.
Command Line Interface Reference 8-97 AP5131>admin(network.wireless.qos)> delete Description: Removes a QoS policy. Syntax: delete Deletes the specified QoS polciy index, or all of the policies. For information on configuring the WLAN QoS options available to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page 5-31.
8-98 AP-5131 Access Point Product Reference Guide 8.3.3.6 Network Bandwith Management Commands AP5131>admin(network.wireless.bandwidth)> Description: Displays the AP-5131 Bandwidth Management submenu. The items available under this command include: e show set .. / save quit Displays Bandwidth Management information for how data is processed by the AP-5131. Defines Bandwidth Management parameters for the AP-5131. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash.
Command Line Interface Reference 8-99 AP5131>admin(network.wireless.bandwidth)> show Description: Displays the AP-5131’s current Bandwidth Management configuration. Syntax: show Displays the current Bandwidth Management configuration for defined WLANs and how they are weighted. Example: admin(network.wireless.
8-100 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.bandwidth)> set Description: Defines the AP-5131 Bandwidth Management configuration. Syntax: set mode weight Defines bandwidth share mode of First In First Out , Round Robin or Weighted Round Robin Assigns a bandwidth share allocation for the WLAN when Weighted Round Robin is selected. The weighting is from 1-10.
Command Line Interface Reference 8-101 8.3.3.7 Network Rogue-AP Commands AP5131>admin(network.wireless.rogue-ap)> Description: Displays the Rogue AP submenu. The items available under this command include: e show set mu-scan allowed-list active-list rogue-list .. / save quit Displays the current AP-5131 Rogue AP detection configuration. Defines the Rogue AP detection method. Goes to the Rogue AP mu-uscan submenu. Goes to the Rogue AP Allowed List submenu. Goes the Rogue AP Active List submenu.
8-102 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.rogue-ap)> show Description: Displays the current AP-5131 Rogue AP detection configuration. Syntax: show Displays the current AP-5131 Rogue AP detection configuration. Example: admin(network.wireless.
Command Line Interface Reference 8-103 AP5131>admin(network.wireless.rogue-ap)> set Description: Defines the AP-5131 ACL rogue AP method. Syntax: set mu-scan interval on-channel detector-scan symbol-ap applst-ageout roglst-ageout Enables or disables to permit MUs to scan for rogue APs. Define an interval for associated MUs to beacon in attempting to locate rogue APs. Value not available unless mu-scan is enabled.
8-104 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.rogue-ap.mu-scan)> Description: Displays the Rogue-AP mu-scan submenu. Syntax: start show .. / save quit Initiates scan immediately by the MU. Displays all APs located by the MU scan. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
Command Line Interface Reference 8-105 AP5131>admin(network.wireless.rogue-ap.mu-scan)> start Description: Initiates an MU scan from a user provided MAC address. Syntax: start Initiates MU scan from user provided MAC address. For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
8-106 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.rogue-ap.mu-scan)> show Description: Displays the results of an MU scan. Syntax: show Initiates MU scan from user provided MAC address. For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Command Line Interface Reference 8-107 AP5131>admin(network.wireless.rogue-ap.allowed-list)> Description: Displays the Rogue-AP allowed-list submenu. show add delete .. / save quit Displays the rogue AP allowed list Adds an AP MAC address and ESSID to the allowed list. Deletes an entry or all entries from the allowed list. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
8-108 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.rogue-ap.allowed-list)> show Description: Displays the Rogue AP allowed List. Syntax: show Displays the rogue-AP allowed list. Example: admin(network.wireless.rogue-ap.
Command Line Interface Reference 8-109 AP5131>admin(network.wireless.rogue-ap.allowed-list)> add Description: Adds an AP MAC address and ESSID to existing allowed list. Syntax: add Adds an AP MAC address and ESSID to existing allowed list. Use a “*” for any ESSID. Example: admin(network.wireless.rogue-ap.allowed-list)>add 00A0F83161BB 103 admin(network.wireless.rogue-ap.
8-110 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.rogue-ap.allowed-list)> delete Description: Deletes an AP MAC address and ESSID to existing allowed list. Syntax: delete Deletes an AP MAC address and ESSID (or all addresses) from the allowed list. For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Command Line Interface Reference 8-111 8.3.4 Network Firewall Commands AP5131>admin(network.firewall)> Description: Displays the AP-5131 firewall submenu. The items available under this command include: show set access advanced .. / save quit Displays the AP-5131’s current firewall configuration. Defines the AP-5131’s firewall parameters. Enables/disables firewall permissions through the LAN and WAN ports. Displays interoperaility rules between the LAN and WAN ports. Goes to the parent menu.
8-112 AP-5131 Access Point Product Reference Guide AP5131>admin(network.firewall)> show Description: Displays the AP-5131 firewall parameters. Syntax: show Shows all AP-5131’s firewall settings. Example: admin(network.
Command Line Interface Reference 8-113 AP5131>admin(network.firewall)> set Description: Defines the AP-5131 firewall parameters. Syntax: set mode nat-timeout override syn src win ftp ip seq mime len hdr filter Enables or disables the firewall. Defines the NAT interval. Enables or disables subnet access override. Enables or disables SYN flood attack check. Enables or disables source routing check.
8-114 AP-5131 Access Point Product Reference Guide AP5131>admin(network.firewall)> access Description: Enables or disables firewall permissions through LAN to WAN ports. Syntax: show set add delete list .. / save quit Displays LAN to WAN access rules. Sets LAN to WAN access rules. Adds LAN to WAN exception rules. Deletes LAN to WAN access exception rules. Displays LAN to WAN access exception rules. Goes to parent menu Goes to root menu. Saves configuration to system flash.
Command Line Interface Reference 8-115 AP5131>admin(network.firewall)> advanced Description: Displays whether an AP-5131 firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface.. Syntax: import inbound outbound .. / save quit Imports rules from LAN to WAN access. Goes to the Inbound Firewall Rules submenu. Goes to the Outbound Firewall Rules submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to flash memory.
8-116 AP-5131 Access Point Product Reference Guide 8.3.5 Network Router Commands AP5131>admin(network.router)> Description: Displays the router submenu. The items available under this command are: add delete list show .. / save quit Adds user-defined routes. Deletes user-defined routes. Lists user-defined routes. Displays the existing AP-5131 router configuration. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
Command Line Interface Reference 8-117 AP5131>admin(network.router)> show Description: Shows the AP-5131 route table. Syntax: show Shows the AP-5131 route table. Example: admin(network.router)>show ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.0 lan 0 2 192.168.1.0 255.255.255.0 0.0.0.0 lan 0 3 192.168.0.0 255.255.
8-118 AP-5131 Access Point Product Reference Guide AP5131>admin(network.router)> add Description: Adds user-defined routes. Syntax: add Adds a route with destination IP address , IP netmask , destination gateway IP address , interface LAN or WAN , and metric set to (1-15). Example: admin(network.router)>add 192.168.2.100 255.255.255.0 192.168.2.1 LAN 1 admin(network.
Command Line Interface Reference 8-119 AP5131>admin(network.router)> delete Description: Deletes user-defined routes. Syntax: delete all Deletes the user-defined route (1-20) from list. Deletes all user-defined routes. Example: admin(network.router)>list ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.
8-120 AP-5131 Access Point Product Reference Guide AP5131>admin(network.router)> list Description: Lists user-defined routes. Syntax: list Displays a list of user-defined routes. Example: admin(network.router)>list ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.0 lan 0 2 192.168.1.0 255.255.255.0 0.0.0.0 lan 0 3 192.
Command Line Interface Reference 8-121 8.4 System Commands AP5131>admin(system)> Description: Displays the System submenu. The items available under this command are shown below. restart show set debug lastpw exec access cmgr snmp ntp logs cfg-update fw-update test .. / save quit Restarts the AP-5131. Shows AP-5131 system parameter settings. Defines AP-5131 system parameter settings. Accesses AP-5131 password-protected debug information. Displays last debug password. Goes to a Linux command menu.
8-122 AP-5131 Access Point Product Reference Guide AP5131>admin(system)>restart Description: Restarts the AP-5131 access point. Syntax: restart Restarts the AP-5131. Example: admin(system)>restart ************************************************************************** ** Unsaved configuration changes will be lost when the AP-5131 is reset. ** Please be sure to save changes before resetting.
Command Line Interface Reference 8-123 AP5131>admin(system)>show Description: Displays high-level AP-5131 system information. Syntax: show Displays AP-5131 system information. Example: admin(system)>show system name : BldgC system location : Atlanta Field Office admin email address : johndoe@mycompany.com system uptime : 0 days 4 hours 41 minutes AP-5131 firmware version country code : 1.0.0.
8-124 AP-5131 Access Point Product Reference Guide AP5131>admin(system)>set Description: Sets AP-5131 system parameters. Syntax: set name loc email cc Sets the AP-5131 system name to (1 to 59 characters). Sets the AP-5131 system location to (1 to 59 characters). Sets the AP-5131 admin email address to (1 to 59 characters). Sets the AP-5131 country code using two-letters .
Command Line Interface Reference 8-125 8.4.1 System Debug and Last Password Commands AP5131>admin(system)>debug Description: Accesses AP-5131 debug information. This information is designed for field service use only, and should not be used by unqualified personnel. Example: admin(system)>debug Debug Password: AP-5131 MAC Address is 00:A0:F8:71:6A:74 Last Password was symbol12 AP5131>admin(system)>lastpw Description: Displays the last debug password.
8-126 AP-5131 Access Point Product Reference Guide 8.4.2 System Access Commands AP5131>admin(system)>access Description: Displays the AP-5131 access submenu. show set .. / save quit Displays AP-5131 system access capabilities. Goes to the AP-5131 system access submenu. Goes to the parent menu. Goes to the root menu. Saves the current configuration to the AP-5131 system flash. Quits the CLI and exits the current session.
Command Line Interface Reference 8-127 AP5131>admin(system.access)>set Description: Defines the permissions to access the AP-5131 applet, CLI, SNMP as well as defining their timeout values. Syntax: set applet applet app-timeout lan wan cli cli ssh ssh auth-timout wan lan wan lan inactivetimeout snmp snmp admin-auth server port secret wan lan local/ RADIUS Defines the applet HTTP/HTTPS access parameters for the LAN port.
8-128 AP-5131 Access Point Product Reference Guide AP5131>admin(system.access)>show Description: Displays the current AP-5131 access permissions and timeout values. Syntax: show Shows all of the current system access settings for the AP-5131.. Example: admin(system.
Command Line Interface Reference 8-129 8.4.3 System Certificate Management Commands AP5131>admin(system)>cmgr Description: Displays the Certificate Manager submenu. The items available under this command include: genreq delself loadself listself loadca delca listca showreq delprivkey listprivkey impcert .. / save quit Generates a Certificate Request. Deletes a Self Certificate. Loads a Self Certificate signed by CA. Lists the self certificate loaded. Loads trusted certificate from CA.
8-130 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> genreq Description: Generates a certificate request. Syntax: genreq [-ou ] [-on ] [-cn ] [-st ] ...
Command Line Interface Reference 8-131 AP5131>admin(system.cmgr)> delself Description: Deletes a self certificate. Syntax: delself Deletes the self certificate named . Example: admin(system.cmgr)>delself MyCert2 For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates on page 4-9.
8-132 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> loadself Description: Loads a self certificate signed by the Certificate Authority. Syntax: loadself Load the self certificate signed by the CA with name . For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates on page 4-9.
Command Line Interface Reference 8-133 AP5131>admin(system.cmgr)> listself Description: Lists the loaded self certificates. Syntax: listself Lists all self certificates that are loaded. For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates on page 4-9.
8-134 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> loadca Description: Loads a trusted certificate from the Certificate Authority. Syntax: loadca Loads the trusted certificate (in PEM format) that is pasted into the command line. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
Command Line Interface Reference 8-135 AP5131>admin(system.cmgr)> delca Description: Deletes a trusted certificate. Syntax: delca Deletes the trusted certificate. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
8-136 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> listca Description: Lists the loaded trusted certificate. Syntax: listca Lists the loaded trusted certificates. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
Command Line Interface Reference 8-137 AP5131>admin(system.cmgr)> showreq Description: Displays a certificate request in PEM format. Syntax: showreq Displays a certificate request named generated from the genreq command. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
8-138 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> delprivkey Description: Deletes a private key. Syntax: delprivkey Deletes private key named . For information on configuring certificate settings using the applet (GUI), see Creating Self Certificates on page 4-9.
Command Line Interface Reference 8-139 AP5131>admin(system.cmgr)> listprivkey Description: Lists the names of private keys. Syntax: listprivkey Lists all private keys. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
8-140 AP-5131 Access Point Product Reference Guide 8.4.4 System SNMP Commands AP5131>admin(system)> snmp Description: Displays the SNMP submenu. The items available under this command are shown below. access traps .. / save quit Goes to the SNMP access submenu. Goes to the SNMP traps submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
Command Line Interface Reference 8-141 8.4.4.1 System SNMP Access Commands AP5131>admin(system.snmp.access) Description: Displays the SNMP Access menu. The items available under this command are shown below. show add delete list .. / save quit Shows SNMP v3 engine ID. Adds SNMP access entries. Deletes SNMP access entries. Lists SNMP access entries. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
8-142 AP-5131 Access Point Product Reference Guide AP5131>admin(system.snmp.access)> show Description: Shows the SNMP v3 engine ID. Syntax: show eid Shows the SNMP v3 Engine ID. Example: admin(system.snmp.access)>show eid AP-5131 snmp v3 engine id : 000001846B8B4567F871AC68 admin(system.snmp.access)> For information on configuring SNMP access settings using the applet (GUI), see Configuring SNMP Access Control on page 4-17.
Command Line Interface Reference 8-143 AP5131>admin(system.snmp.access)> add Description: Adds SNMP access entries for specific v1v2 and v3 user definitions. Syntax: add acl v1v2c v3 Adds an entry to the SNMP access control list with as the starting IP address and and as the ending IP address.
8-144 AP-5131 Access Point Product Reference Guide AP5131>admin(system.snmp.access)> delete Description: Deletes SNMP access entries for specific v1v2 and v3 user definitions. Syntax: delete acl v1v2c v3 all all all Deletes entry from the access control list. Deletes all entries from the access control list. Deletes entry from the v1/v2 configuration list. Deletes all entries from the v1/v2 configuration list. Deletes entry from the v3 user definition list.
Command Line Interface Reference 8-145 AP5131>admin(system.snmp.access)> list Description: Lists SNMP access entries. Syntax: list acl v1v2c v3 all Lists SNMP access control list entries. Lists SNMP v1/v2c configuration. Lists SNMP v3 user definition with index . Lists all SNMP v3 user definitions. Example: admin(system.snmp.
8-146 AP-5131 Access Point Product Reference Guide 8.4.4.2 System SNMP Traps Commands AP5131>admin(system.snmp.traps) Description: Displays the SNMP traps submenu. The items available under this command are shown below. show set add delete list .. / save quit Shows SNMP trap parameters. Sets SNMP trap parameters. Adds SNMP trap entries. Deletes SNMP trap entries. Lists SNMP trap entries. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
Command Line Interface Reference 8-147 AP5131>admin(system.snmp.traps)> show Description: Shows SNMP trap parameters. Syntax: show trap rate-trap Shows SNMP trap parameter settings. Shows SNMP rate-trap parameter settings. Example: admin(system.snmp.
8-148 AP-5131 Access Point Product Reference Guide AP5131>admin(system.snmp.traps)> set Description: Sets SNMP trap parameters.
Command Line Interface Reference 8-149 AP5131>admin(system.snmp.traps)> add Description: Adds SNMP trap entries. Syntax: add v1v2 Adds an entry to the SNMP v1/v2 access list with the destination IP address set to , the destination UDP port set to , the community string set to (1 to 31 characters), and the SNMP version set to .
8-150 AP-5131 Access Point Product Reference Guide AP5131>admin(system.snmp.traps)> delete Description: Deletes SNMP trap entries. Syntax: delete v1v2c v3 all all Deletes entry from the v1v2c access control list. Deletes all entries from the v1v2c access control list. Deletes entry from the v3 access control list. Deletes all entries from the v3 access control list. Example: admin(system.snmp.
Command Line Interface Reference 8-151 AP5131>admin(system.snmp.traps)> list Description: Lists SNMP trap entries. Syntax: list v1v2c v3 all Lists SNMP v1/v2c access entries. Lists SNMP v3 access entry . Lists all SNMP v3 access entries. Example: admin(system.snmp.traps)>add v1v2 203.223.24.2 162 mycomm v1 admin(system.snmp.
8-152 AP-5131 Access Point Product Reference Guide 8.4.5 System Network Time Protocol (NTP) Commands AP5131>admin(system)> ntp Description: Displays the NTP menu. The correct network time is required for numerous functions to be configured accuaretly on the AP-5131. Syntax: set show set .. / save quit Shows NTP parameters settings. Sets NTP parameters. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
Command Line Interface Reference 8-153 P5131>admin(system.ntp)> show Description: Displays the NTP server configuration. Syntax: show Shows all NTP server settings. Example: admin(system.ntp)>show current time (UTC) : 2005-08-31 14:35:20 ntp mode : enable preferred server ip : 203.21.37.18 preferred server port : 123 first alternate server ip : 203.21.37.19 first alternate server port : 123 second alternate server ip : 0.0.0.
8-154 AP-5131 Access Point Product Reference Guide AP5131>admin(system.ntp)> set Description: Sets NTP parameters for AP-5131 clock synchronization. Syntax: set mode server port intrvl Enables or disables NTP. Sets the NTP sever IP address. Defines the port number. Defines the clock synchronization interval used between the AP-5131 and the NTP server in minutes (15 - 65535). Example: admin(system.ntp)>set mode enable admin(system.ntp)>set server 203.21.37.
Command Line Interface Reference 8-155 8.4.6 System Log Commands AP5131>admin(system)> logs Description: Displays the AP-5131 log submenu. Logging options include: Syntax: show set view delete send .. / save quit Shows logging options. Sets log options and parameters. Views system log. Deletes the system log. Sends log to the designated FTP Server. Goes to the parent menu. Goes to the root menu. Saves configuration to system flash. Quits the CLI.
8-156 AP-5131 Access Point Product Reference Guide AP5131>admin(system.logs)> show Description: Displays the current AP-5131 logging settings. Syntax: show Displays the logging options. Example: admin(system.logs)>show log level : L6 Info syslog server logging : enable syslog server ip address : 192.168.0.102 ftp/tftp server address : 192.168.0.
Command Line Interface Reference 8-157 AP5131>admin(system.logs)> set Description: Sets log options and parameters. Syntax: set level mode ipadr server user passwd Sets the level of the events that will be logged. All events with a level at or above (L0-L7) will be saved to the system log. L0:Emergency L1:Alert L2:Critical L3:Errors L4:Warning L5:Notice L6:Info (default setting) L7:Debug Enables or disables syslog server logging.
8-158 AP-5131 Access Point Product Reference Guide AP5131>admin(system.logs)> view Description: Displays the AP-5131 system log file. Syntax: view Displays the entire AP-5131 system log file. Example: admin(system.logs)>view Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception).
Command Line Interface Reference 8-159 AP5131>admin(system.logs)> delete Description: Deletes the log files. Syntax: delete Deletes the AP-5131 system log file. Example: admin(system.logs)>delete For information on configuring logging settings using the applet (GUI), see Logging Configuration on page 4-28.
8-160 AP-5131 Access Point Product Reference Guide AP5131>admin(system.logs)> send Description: Sends log and core file to an FTP Server. Syntax: send Sends the system log file via FTP to a location specified with the set command. Use the set command to set the FTP login and site information. Example: admin(system.logs)>send File transfer : [ In progress ] File transfer : [ Done ] admin(system.
Command Line Interface Reference 8-161 8.4.7 System Configuration-Update Commands AP5131>admin(system.cfg-update)> Description: Displays the AP-5131 configuration update submenu. Syntax: default partial show set export import .. / save quit Restores the default AP-5131 configuration. Restores a partial default AP-5131 configuration. Shows import/export parameters. Sets import/export AP-5131 configuration parameters. Exports AP-5131 configuration to a designated system.
8-162 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cfg-update)> default Description: Restores the full AP-5131 factory default configuration. Syntax: default Restores the AP-5131 to the original (factory) configuration. Example: admin(system.cfg-update)>default Are you sure you want to default the configuration? : For information on importing/exporting AP-5131 configurations using the applet (GUI), see Importing/Exporting Configurations on page 4-30.
Command Line Interface Reference 8-163 AP5131>admin(system.cfg-update)> partial Description: Restores a partial factory default configuration. The AP-5131’s LAN, WAN and SNMP settings are uneffected by the partial restore. Syntax: default Restores a partial AP-5131 configuration. Example: admin(system.
8-164 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cfg-update)> show Description: Displays import/export parameters for the AP-5131 configuration file. Syntax: show Shows all import/export parameters. Example: admin(system.cfg-update)>show cfg filename : cfg.txt ftp/tftp server ip address : 192.168.0.
Command Line Interface Reference 8-165 AP5131>admin(system.cfg-update)> set Description: Sets the import/export parameters. Syntax: set file path server user passwd Sets the configuration file name (1 to 39 characters in length). Defines the path used for the configuration file upload. Sets the FTP/TFTP server IP address. Sets the FTP user name (1 to 39 characters in length). Sets the FTP password (1 to 39 characters in length). Example: admin(system.
8-166 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cfg-update)> export Description: Exports the configuration from the system. Syntax: export ftp tftp terminal Exports the AP-5131 configuration to the FTP server. Use the set command to set the server, user, password, and file name before using this command. Exports the AP-5131 configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command.
Command Line Interface Reference 8-167 AP5131>admin(system.cfg-update)> import Description: Imports the AP-5131 configuration to the AP-5131. Syntax: import ftp tftp Imports the AP-5131 configuration file from the FTP server. Use the set command to set the server, user, password, and file. Imports the AP-5131 configuration from the TFTP server. Use the set command to set the server and file. Example: Import FTP Example admin(system.cfg-update)>set server 192.168.22.12 admin(system.
8-168 AP-5131 Access Point Product Reference Guide 8.4.8 Firmware Update Commands AP5131>admin(system)>fw-update Description: Displays the firmware update submenu. The items available under this command are shown below. show set update .. / save quit Displays the current AP-5131 firmware update settings. Defines the AP-5131 firmware update parameters. Executes the firmware update. Goes to the parent menu. Goes to the root menu. Saves the current configuration to the AP-5131 system flash.
Command Line Interface Reference 8-169 AP5131>admin(system.fw-update)>show Description: Displays the current AP-5131 firmware update settings. Syntax: show Shows the current system firmware update settings for the AP-5131. Example: admin(system.fw-update)>show automatic firmware upgrade automatic config upgrade : enable : LAN firmware filename firmware path ftp/tftp server ip address ftp user name ftp password : : : : : APFW.bin /tftpboot/ 168.197.2.
8-170 AP-5131 Access Point Product Reference Guide AP5131>admin(system.fw-update)>set Description: Defines AP-5131 firmware update settings and user permissions. Syntax: set fw-auto cfg-auto iface file path server user passwd When enabled, updates device firmware each time the firmware versions are found to be different between the AP-5131 and the specified firmware on the remote system.
Command Line Interface Reference 8-171 AP5131>admin(system.fw-update)>update Description: Executes the AP-5131 firmware update over the WAN or LAN port using either ftp or tftp. Syntax: update Defines the ftp ot tftp mode used to conduct the firmware update. Specifies whether the update is executed over the AP-5131’s WAN or LAN interface . For information on updating AP-5131 device firmware using the applet (GUI), see Updating Device Firmware on page 4-34.
8-172 AP-5131 Access Point Product Reference Guide 8.4.9 System Test Commands AP5131>admin(system.test)> Description: Displays the AP-5131 test submenu. The items available under this command include: show set .. / save quit Displays the AP-5131 test options. Defines the parameters of an AP-5131 system test. Goes to the parent menu. Goes to the root menu. Saves the current configuration to the AP-5131 system flash. Quits the CLI and exits the current session.
Command Line Interface Reference 8-173 AP5131>admin(system.test)> show Description: Displays the AP-5131 test options. Syntax: show Displays the AP-5131 test options. Example: admin(system.test)>show half fc windows for ap100 val : [ 0x0000 ........ .......0] broadcast in psp val : [ 0x0000 ........ ......1.] drop bc pre wep val : [ 0x0000 ........ .....1..] wpa2 tkip disabled val : [ 0x0000 ........ ....0...] wireless disable val : [ 0x0000 ........ ...0....
8-174 AP-5131 Access Point Product Reference Guide AP5131>admin(system.test)> set Description: Defines the parameters of an AP-5131 system test. These commands are recommended for qualified technicians only. Syntax: set flow hbt wd pmd rs int1 int2 int3 int str1 str2 str3 str4 enable/disable enable/disable enable/disable enable/disable enable/disable Enables or disables flow control for the AP-5131.
Command Line Interface Reference 8-175 8.5 Statistics Commands AP5131>admin(stats) Description: Displays the AP-5131 statistics submenu. The items available under this command are: show send-cfg clear flash-all-leds echo ping .. / save quit Displays AP-5131 WLAN, MU, LAN and WAN statistics. Sends a config file to all AP-5131’s within the known AP table. Clears all statistic counters to zero. Starts and stops the flashing of all AP-5131 LEDs. Defines the parameters for pinging a designated station.
8-176 AP-5131 Access Point Product Reference Guide AP5131>admin(stats)> show Description: Displays AP-5131 system information. Syntax: show wan lan wlan s-wlan radio mu s-mu known-ap Displays stats for the AP-5131 WAN port. Displays stats for the AP-5131 LAN port Displays WLAN status and statistics summary. Displays status and statistics for an individual WLAN Displays a radio statistics transmit and receive summary. Displays all mobile unit (MU) status.
Command Line Interface Reference 8-177 AP5131>admin(stats)> send-cfg Description: Copies the AP-5131’s configuration to the AP-5131s within the known AP table. Syntax: send-cfg Copies the AP-5131’s configuration to the AP-5131s within the known AP table Example: admin(stats)>send-cfg admin(stats)> For information on copying the AP-5131 config to another AP-5131 with the same ESSID using the applet (GUI), see Viewing Known Access Point Statistics on page 7-26.
8-178 AP-5131 Access Point Product Reference Guide AP5131>admin(stats)> clear Description: Clears the specified statistics counters to zero to begin new data calculations. Syntax: clear wan lan rf all-wlan wlan all-radio radio1 radio2 mu known-ap Clears WAN statistics counters. Clears LAN statistics counters. Clears all RF data. Clears all WLAN summary information. Clears individual WLAN statistic counters. Clears AP-5131 radio summary information. Clears statistics counters specific to radio1.
Command Line Interface Reference 8-179 AP5131>admin(stats)> flash-all-leds Description: Starts and stops the illumination of a specified access point’s LEDs. Syntax: flash-all-leds Defines the Known AP index number of the target AP to flash. Begins or terminates the flash activity.
8-180 AP-5131 Access Point Product Reference Guide AP5131>admin(stats)> echo Description: Defines the echo test values used to conduct a ping test to an associated MU. Syntax: list set start .. / quit Defines echo test parameters and result. Determines echo test packet data. Begins echoing the defined station. Goes to parent menu. Goes to root menu. Quits CLI session. For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
Command Line Interface Reference 8-181 AP5131>admin.stats.echo)> list Description: Lists echo test parameters and results. Syntax: list Lists echo test parameters and results. Example: admin(stats.echo)>list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 Number of MU Responses : 2 admin(stats.echo)> For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
8-182 AP-5131 Access Point Product Reference Guide AP5131>admin.stats.echo)>set Description: Defines the parameters of the echo test. Syntax: set station request length data Defines MU target MAC address. Sets number of echo packets to transmit (1-539). Determines echo packet length in bytes (1-539). Defines the particular packet data. For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
Command Line Interface Reference 8-183 AP5131>admin.stats.echo)> start Description: Initiates the echo test. Syntax: start Initiates the echo test. Example: admin(stats.echo)>start admin(stats.echo)>list Station Address : 00A0F843AABB Number of Pings : 10 Packet Length : 100 Packet Data (in HEX) : 1 Number of MU Responses : 2 For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
8-184 AP-5131 Access Point Product Reference Guide AP5131>admin(stats)> ping Description: Defines the ping test values used to conduct a ping test to an AP with the same ESSID. Syntax: ping list set start .. / quit Defines ping test packet length. Determines ping test packet data. Begins pinging the defined station. Goes to parent menu. Goes to root menu. Quits CLI session. For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
Command Line Interface Reference 8-185 AP5131>admin.stats.ping)> list Description: Lists ping test parameters and results. Syntax: list Lists ping test parameters and results. Example: admin(stats.ping)>list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 Number of AP Responses : 2 admin(stats.ping)> For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
8-186 AP-5131 Access Point Product Reference Guide AP5131>admin.stats.ping)> set Description: Defines the parameters of the ping test. Syntax: set station request length data Defines the AP target MAC address. Sets number of ping packets to transmit (1-539). Determines ping packet length in bytes (1-539). Defines the particular packet data. Example: admin(stats.ping)>set station 00A0F843AABB admin(stats.ping)>set request 10 admin(stats.ping)>set length 100 admin(stats.ping)>set data 1 admin(stats.
Command Line Interface Reference 8-187 AP5131>admin.stats.echo)> start Description: Initiates the ping test. Syntax: start Initiates the ping test. Example: admin(stats.ping)>start admin(stats.ping)>list Station Address : 00A0F843AABB Number of Pings : 10 Packet Length : 100 Packet Data (in HEX) : 1 Number of AP Responses : 2 For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
8-188 AP-5131 Access Point Product Reference Guide
Technical Specifications Technical specifications include specifications in the following areas: • • • • • Physical Characteristics Electrical Characteristics Radio Characteristics Antenna Specifications Country Codes A.
A-2 AP-5131 Access Point Product Reference Guide Dimensions 5.32 inches long x 9.45 inches wide x 1.77 inches thick. 135 mm long x 240 mm wide x 45 mm thick. Housing Metal, Plenum Housing (UL2043) Weight 1.95 lbs/0.88 Kg (single-radio model) 2.05 lbs/0.93 Kg (dual-radio model) Operating Temperature -20 to 50° Celsius Storage Temperature -40 to 70° Celsius Altitude 8,000 feet/2438 m @ 28° Celsius (operating) 15,000 feet/4572 m @ 12° Celsius (storage) Vibration Vibration to withstand .
Technical Specifications A.3 Radio Characteristics The AP-5131 has the following radio characteristics: Operating Channels 802.11a radio - Channels 1-35 (4920-5825 MHz) 802.11b/g radio - Channels 1-13 (2412-2472 MHz) 802.11b/g radio - Channel 14 (2484 MHz Japan only) Actual operating frequencies depend on regulatory rules and certification agencies. Receiver Sensitivity 802.11a Radio 802.
A-4 AP-5131 Access Point Product Reference Guide A.4.1 2.4 GHz Antenna Matrix The following section describes each 2.4 GHz antenna approved for use with the AP-5131. Below is a table of each of these 2.4 GHz antennas and Symbol’s part number. Symbol Part Number Antenna Type Nominal Net Gain (dBi) ML-2499-11PNA2-01 Wide Angle Directional 8.5 ML-2499-HPA3-01 Omni-Directional Antenna 3.3 ML-2499-BYGA2-01 Yagi Antenna 13.9 ML-2452-APA2-01 Dual-Band 3.0 A.4.2 5.
Technical Specifications Item Symbol Part Number Loss (db) @ 2.4 GHz Description Loss (db) @ 5.2 GHz 50JK ML-1499-50JK-01 Jumper Kit 3.75 6.6 100JK ML-1499-100JK-01 Jumper Kit 7.5 12.8 A.4.4 Antenna Accessory Connectors, Cable Type and Length The following describes each antenna accessory’s connector and cable type, plus the length. Item Connector1 Connector2 Length (meters) Cable Type 72PJ RPBNC-F RPBNC-M 1.83 RG-58 LAK1 RPBNC-F N-F 0.
A-6 AP-5131 Access Point Product Reference Guide Bulgaria BG Qatar QA Canada CA Romania RO Chile CL Russian Federation RU Country Code Country Code China CN Saudi Arabia SA Colombia CO Singapore SG Costa Rica CR Slovak Republic SK Croatia HR Slovenia SI Cypress CY South Africa ZA Czech Rep.
Technical Specifications Jordan JO Kazakhanstan KZ Kuwait KW Country Code Latvia LV Liechtenstein LI Lithuania LT Luxembourg LU Malaysia MY Malta MT Mexico MX Morocco MA Nambia NA Netherlands NL Country Code A-7
A-8 AP-5131 Access Point Product Reference Guide
Customer Support Symbol Technologies provides its customers with prompt and accurate customer support. Use the Symbol Support Center as the primary contact for any technical problem, question or support issue involving Symbol products. If the Symbol Customer Support specialists cannot solve a problem, access to all technical disciplines within Symbol becomes available for further assistance and support.
B-2 AP-5131 Access Point Product Reference Guide North American Contacts Inside North America: Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 Telephone: 1-631-738-2400/1-800-SCAN 234 Fax: 1-631-738-5990 Symbol Support Center (for warranty and service information): telephone: 1-800-653-5350 fax: (631) 738-5410 Email: support@symbol.
Customer Support Web Support Sites MySymbolCare http://www.symbol.com/services/msc Symbol Services Homepage http://symbol.com/services Symbol Software Updates http://symbol.com/services/downloads Symbol Developer Program http://software.symbol.com/devzone Additional Information Obtain additional information by contacting Symbol at: 1-800-722-6234, inside North America +1-516-738-5200, in/outside North America http://www.symbol.
B-4 AP-5131 Access Point Product Reference Guide
Index A access options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23 access point CAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 PSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 RSSI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22 accessories bag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IN-6 AP-5131 Access Point Product Reference Guide basic device configuration . . . . . . . . . . . . . . . . . . . . . . . 3-3 beacon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 CAM stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 PSP stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12 BSSID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 bullets, use of . . . . . . . . . . . . . . . . . . . . .
IN-7 I MU importing certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 importing/exporting configurations. . . . . . . . . . . . . . . 4-30 installation, ceiling . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17 installation, ceiling T-Bar. . . . . . . . . . . . . . . . . . . . . . . 2-15 installation, desk mounting . . . . . . . . . . . . . . . . . . . . . 2-11 installation, wall mounting . . . . . . . . . . . . . . . . . . . . . 2-13 CAM . . . . . . . . . . . . . . . . . .
IN-8 AP-5131 Access Point Product Reference Guide radio, statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-14 restore default configuration . . . . . . . . . . . . . . . . . . . . . 4-4 rogue AP detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-51 rogue AP detection, allowed APs . . . . . . . . . . . . . . . . . 6-54 rogue AP, details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-57 S secuirty, WPA . . . . . . . . . . . . . . . . . . . . . . . . .
IN-9 WLAN, enabling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22 WLAN, security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-27 WLAN, statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8 WPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19 WPA2-CCMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8, 6-22 WPA2-CCMP (802.11i) . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 WPA-CCMP (802.11i) . . .
IN-10 AP-5131 Access Point Product Reference Guide
Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 http://www.symbol.
