Page 1 Wireless LAN Mobility System Wireless LAN Switch Manager Reference Manual WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A WX2200 3CRWX220095A http://www.3Com.com/ Part No. 10015404 Rev. AA Published August 2006...
Page 2 3Com Corporation reserves the right to revise this documentation and to make changes in content from time 01752-3064 to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose.
Page 3: Table Of Contents
ONTENTS BOUT UIDE Conventions Documentation Documentation Comments 3WXM NSTALLING Hardware Requirements Hardware Requirements for 3WXM Client Hardware Requirements for 3WXM Monitoring Service Software Requirements Preparing for Installation User Privileges Serial Number and License Key Installing 3WXM Installing 3WXM on Windows Systems Installing 3WXM on Linux Systems Installation Log File Upgrading 3WXM...
Page 4 Copying, Pasting, and Deleting Objects Copy and Paste in the Organizer Panel Copy and Paste Replace in the Organizer Panel Copy and Paste in the Content Panel Enabling Keyboard Shortcut Mnemonics (Windows XP Only) ETTING TARTED Starting 3WXM Restricting Access to 3WXM Creating an Administrator Account Creating Provision or Monitor Accounts Deleting 3WXM User Accounts...
Page 5 LANNING THE OBILITY YSTEM RF Planning Overview Accessing the RF Planning Tools Creating or Modifying a Site Creating or Modifying Buildings in a Site Creating or Modifying Floors Importing or Drawing Floor Details Importing a Drawing of a Floor File Recommendations Preparing a Drawing Before Importing It Cropping the Paper Space Adjusting the Scale of a Drawing...
Page 6 Reading the RF Measurement Table Generating RF Network Design Information WX S ONFIGURING YSTEM ARAMETERS WX Switch Configuration Objects Adding a WX Switch to the Network Plan Creating a WX Switch as Part of RF Planning Creating a WX Switch Using the Create Wireless Switch Wizard Creating a New WX Switch Based on a Configured Switch in the Network Plan Adding a Switch by Uploading its Configuration from the Network...
Page 7 Viewing Management Service Settings Changing Management Service Settings Configuring SNMP Viewing and Setting Log and Trace Settings Viewing Log Settings Changing Log Settings Viewing and Configuring IP Services Settings Viewing IP Services Setting Creating a Static Route Create an IP Alias Configuring DNS Configuring NTP Configuring ARP...
Page 8 ONFIGURING IRELESS ARAMETERS Viewing and Configuring Wireless Services Wireless Service Parameters Viewing Wireless Services Configuring an 802.1X Wireless Service Configuring a Voice over Wireless Service Configuring a Web-Portal (WebAAA) Service Configuring an Open Access Service Configuring a Custom Service Modifying Service Profile Settings Viewing SSID Encryption Settings and Access Rules Modifying SSID Encryption Settings and Access Rules Viewing and Configuring Radio Profiles...
Page 9 Adding an Entry to the Client Black List Enabling Countermeasures Enabling MAP Signatures ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Creating and Managing Users in the Local User Database Viewing Users and Groups in the Local Database Creating a Named User Creating a User Group and Assigning Users To It Creating a MAC User Creating a MAC User Group and Assigning Users To It Authorization Attributes...
Page 10 Viewing and Configuring AAA Support for Third-Party AP Users Viewing Settings for Third-Party AP AAA Support Creating a Proxy Access Rule Configuring a RADIUS Proxy for a Client Specifying the WX Port Connected to the Third-Party AP Viewing and Changing Location Policy Rules Viewing Location Policy Rules Creating a Location Policy Rule Viewing and Changing Mobility Profiles...
Page 11 Synchronizing Local and Network Changes Reviewing Switch Configuration Changes Accepting Network Changes Undoing Local or Network Changes Deploying Switch Configuration Changes Synchronizing When the Network and 3WXM Have Nonmatching Changes Distributing System Images Using the Image Repository Distributing System Images Rebooting WX Switches or MAP Access Points Enabling or Disabling Management of a Switch by 3WXM Viewing the Operation Log...
Page 12 ONFIGURING AND PPLYING OLICIES How Changes Are Managed Policies Created When You Migrate a 3.x Network Plan to 4.1 Viewing Policies Creating a Policy Configuring Feature Settings in a Policy Applying Policy Changes to Switches SING THE VENT Displaying the Event Log Toolbar Options Refreshing Event Data Reviewing Event Details...
Page 13 Generating a Site Survey Order Generating a Work Order ONITORING THE ETWORK Overview Requirements for Monitoring Accessing Monitored Data Using the Explore Window Toolbar Options Threshold Flags Displaying Object Details Displaying 802.11 Coverage Taking RF Measurements Using the Status Summary View Using the Client Monitor View Toolbar Options Refreshing Client Data...
Page 14 Using the Rogue Detection Screen Toolbar Options Filtering the Rogue List Displaying Rogue Details Displaying a Rogue’s Geographical Location Ignoring Friendly Third-Party Devices Adding a Device to the Attack List Converting a Rogue into a Third Party AP To convert a rogue into a third-party AP Adding a Rogue’s Clients to the Black List Configuring RF Detection Options from the Organizer Panel PTIMIZING A...
Page 15 3WXM S HANGING ERVICES REFERENCES Overview Starting or Stopping the 3WXM Services Starting or Stopping 3WXM Services on Windows Systems Starting or Stopping 3WXM Services on Linux Systems Connecting to 3WXM Services Certificate Check Verifying that the 3WXM Client is Receiving Service Data Changing Service Settings Changing WX Connection Settings Changing Monitoring Settings...
Page 17: About
BOUT UIDE This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM). Read this manual if you are a network administrator or a person responsible for managing a WLAN.
Page 18: Documentation
BOUT UIDE This manual uses the following text and syntax conventions: Table 2 Text Conventions Convention Description Menu Name > Indicates a menu item that you select. For example, Command File > New indicates that you select New from the File menu.
Page 19: Documentation Comments
Documentation Comments Wireless LAN Switch Manager Reference Manual This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM). Wireless LAN Switch Manager User’s Guide This guide shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM).
Page 20 Part number 730-9502-0071, Revision B Page 25 Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.
Page 21: Nstalling 3Wxm
3WXM NSTALLING This chapter describes how to install 3Com Wireless LAN Switch Manager (3WXM). Hardware Requirements Hardware Table 3 shows the minimum and recommended requirements to run the Requirements for 3WXM client on Windows and Linux platforms. 3WXM Client Table 3 Hardware Requirements for Running 3WXM Client...
Page 22: Hardware Requirements For 3Wxm Monitoring Service
1: I 3WXM HAPTER NSTALLING Hardware Table 4 shows the minimum and recommended requirements to run the Requirements for 3WXM monitoring service on Windows and Linux platforms. 3WXM Monitoring Table 4 Hardware Requirements for Running 3WXM Monitoring Service Service Minimum Recommended Processor Intel Pentium 4, 2.4 GHz or...
Page 23: Software Requirements
After you have installed 3WXM, you will need to register your license and the serial number with 3Com in order to obtain an activation key. The base key along with its activation key enables you to manage up to 10 wireless LAN switches.
Page 24: Serial Number And License Key
License Key To use 3WXM Services, you need to enter the base key and an activation key, which you obtain from 3Com. The base key and activation key enable you to manage up to 10 wireless LAN switches. To manage more than 10 wireless LAN switches, you need an upgrade license.
Page 25 3 Select 3Com Wireless Switch Manager. 4 Click the View button. The 3Com Wireless LAN Switch Manager (3WXM) information screen appears. 5 Click the Install button. The installation begins. During the installation, the 3Com Wireless Switch Manager installation wizard minimizes.
Page 26: Installing 3Wxm On Linux Systems
3WXM HAPTER NSTALLING 6 When the installation is complete, maximize the 3Com Wireless Switch Manager installation wizard screen, and then press the Contents button. 7 Press the Exit button to close the wizard, or navigate to the other items on the CD.
Page 27: Installation Log File
During installation, an installation log file, 3WXM_InstallLog.log, is created and placed in the 3WXM installation folder. Double-click the log file’s icon to read the log file. Have this log file available if you need to contact 3Com Technical Support about an installation problem.
Page 28: Upgrading 3Wxm
Save in the License Information dialog box. Uninstalling 3WXM You uninstall 3WXM by using its Uninstall wizard. Access the Uninstall on Windows wizard from the 3Com program list in the Windows Start menu or the Systems Control Panel. To uninstall 3WXM on Windows systems: 1 Access the Windows Control Panel, and select Add or Remove Programs.
Page 29 CAUTION: Do not delete the serial number unless specifically asked to do so by 3Com Technical Support. Your license(s) to use this software are registered against this serial number. If you delete the serial number, the software will generate a new serial number if it is ever reinstalled.
Page 30: Uninstalling 3Wxm On Linux Systems
1: I 3WXM HAPTER NSTALLING Uninstalling 3WXM To uninstall 3WXM on Linux systems: on Linux Systems 1 Log in as superuser. 2 In a shell window, change directories to the 3WXM installation directory. By default, the installation directory is /opt/3wxm. 3 At the prompt, enter cd UninstallerData.
Page 31: Working With The
3WXM ORKING WITH THE NTERFACE This chapter describes how to use the 3Com Wireless LAN Switch Manager (3WXM) interface. Overview When you start 3WXM client and log into 3WXM Services, the network plan is displayed by the 3WXM client. Organizer panel...
Page 32: Display Panels
Alerts panel Content panel Task List panel The main 3WXM window also contains a tool bar to navigate to major features. Organizer Panel The Organizer panel provides a tree-like view of the 3Com equipment and site data managed by 3WXM.
Page 33 Equipment (displayed by the Configuration tool bar option) — The set of devices in your network plan. This includes Mobility Domains, 3Com switches and MAPs, as well as third-party access points that 3WXM needs to be aware of while planning or monitoring the network.
Page 34: Alerts Panel
2: W 3WXM U HAPTER ORKING WITH THE NTERFACE To expand the view of an object in the tree, click on the plus sign next to the object. For example, to display the buildings in a site, click on the plus sign next to the site name.
Page 35: Content Panel
(See “Verifying Configuration Changes” on page 365.) Rogue Detection Lists the total number of rogues detected by 3Com radios and still operating in the Mobility Domain(s) defined in the network plan. Select this alert to open the Rogue Detection tab in the Content panel.
Page 36 2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Saving or Discarding Configuration Changes When you select the Policies, RF Planning, or Configuration tool bar option, the Content panel contains a Save button and a Discard button. Save—Click Save to send unsaved configuration changes to 3WXM Services to save in the network plan.
Page 37: Task List Panel
Display Panels To resolve errors and deploy the changes, use the Verification option. The Verification option provides detailed information for errors and warnings and enables you to resolve them. Generally, you can resolve an error or warning by ignoring it or by clicking a link to open a configuration wizard.
Page 38 2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Some wizards contain multiple pages. Click the Next and Previous buttons at the bottom of a wizard to navigate among the wizard’s pages. The Finish button saves the changes. If applicable, saving the changes also results in the newly configured object appearing in a table in the Content panel.
Page 39: Resizing A Display Panel
Display Panels Properties Dialogs To open a version of the configuration wizard that contains all the configurable settings for the object, even ones that rarely need to be changed, select the object in the table, then click Properties. Resizing a Display You can resize a panel by clicking and dragging the panel’s border, or by Panel clicking the resize icons (where applicable).
Page 40: Menu Bar Options
2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Menu Bar Options Table 8 lists the options available from the menu at the top of the main 3WXM window. Click on a menu category to display the options for that category.
Page 41: Tool Bar Options
You also can access the help by pressing the F1 key. Licensing Open the License Information dialog box. Report Problem Report a problem to 3Com Technical Support. About 3WXM About 3WXM: 3WXM version information Memory usage Java garbage collection (Force GC)
Page 42 The information appears in the Content panel. To perform site-related tasks, click task links in the Task List panel. (See “Planning the 3Com Mobility System” on page 71.) Configuration Display the tree of configured devices in the Organizer panel.
Page 43 Tool Bar Options Table 9 3WXM Tool Bar Options (continued) Option Description Verification Display the Config Verification and Network Verification tabs. The Verification tabs enable you to troubleshoot configuration issues on WX switches in the network plan or in the live network. To display more information about an error or warning message, click on the row containing the message.
Page 44: Copying, Pasting, And Deleting Objects
2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Copying, Pasting, You can copy, paste, and delete objects in the Organizer panel or in the and Deleting Content panel. In the Organizer panel, right-click on an object to display Objects a menu with the following options: Copy—Copy the selected object and its child objects to the clipboard.
Page 45: Copy And Paste Replace In The Organizer Panel
Copying, Pasting, and Deleting Objects Copy and Paste To replace an object with the Copy and Paste Replace options: Replace in the Organizer Panel 1 Select the object you want to copy in the Organizer panel. 2 Right-click on the object and select Copy. 3 Select the object you want to replace.
Page 46: Enabling Keyboard Shortcut Mnemonics (Windows Xp Only)
2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Enabling Keyboard Keyboard shortcut mnemonics (also called action mnemonics) in 3WXM Shortcut underline shortcut characters in action names in toolbars and menus. Mnemonics When a character is underlined, you can press the corresponding letter (Windows XP Only) key on the keyboard to display the toolbar menu or perform the menu action.
Page 47 Enabling Keyboard Shortcut Mnemonics (Windows XP Only) 4 Clear the box labeled Hide underlined letters for keyboard navigation until I press the Alt key. Clearing this option allows programs to show the underlined character for mnemonics in 3WXM. 5 Click OK. 6 In the Display Properties dialog box, click OK.
Page 48 2: W 3WXM U HAPTER ORKING WITH THE NTERFACE...
Page 49: Getting Started
3WXM client on the same machine where the server is installed. 1 Select Start > Programs > 3Com > 3WXM > 3WXM, or double-click the 3WXM icon on the desktop. The 3WXM Service Connection dialog appears.
Page 50 5 Type the license key that was supplied with the 3WXM CD, and click Next. 6 Click Get Activation Key. A 3Com web page appears. Enter your registration information (and the license key, if you are licensing a purchased copy) in order to obtain an activation key.
Page 51 Starting 3WXM 8 If you plan to manage 10 or fewer wireless LAN switches, click Finish and go to step 13. If you plan to manage more than 10 wireless LAN switches, click Next and go to step 9. If you are activating an evaluation copy, you can manage up to 10 wireless LAN switches.
Page 52: Restricting Access To 3Wxm
3: G HAPTER ETTING TARTED Restricting Access By default, all users who have been successfully authenticated to a system to 3WXM with 3WXM installed on it can run 3WXM. You can restrict the users allowed to access 3WXM on a system and define their access privileges by creating three types of 3WXM user accounts: Administrator—This account can monitor the network, configure the network, and administer 3WXM.
Page 53: Creating An Administrator Account
Restricting Access to 3WXM Creating an Before you can restrict user access to 3WXM, you must create an Administrator administrator account. After creating an administrator account, you can Account create provision or monitor accounts. To create an administrator account: 1 Select Tools > 3WXM Services Setup. The 3WXM Services Setup dialog box appears.
Page 54: Creating Provision Or Monitor Accounts
3: G HAPTER ETTING TARTED Creating Provision or After creating an administrator account, you can create provision or Monitor Accounts monitor accounts. To create a provision or monitor account: 1 Access the 3WXM Services Setup dialog box. 2 To add a provision user account, click Add Provision Account. To add a monitor account, click Add Monitor Account.
Page 55: Working With Network Plans
ORKING WITH ETWORK LANS A network plan is the workspace in 3WXM you use to design a 3Com network. In a network plan, you define components of the network (WX switches, MAP access points, and optional third-party access points). Regardless of whether you intend to use physical planning features, you must create a network plan before you can configure or manage WX switches or monitor network data.
Page 56: Creating A Network Plan
4: W HAPTER ORKING WITH ETWORK LANS Creating a Network To create a network plan: Plan 1 From the main 3WXM window, select File > New. The Create Network Plan wizard appears. 2 In the Network Plan Name box, type a name for the network plan. You can use 1 to 60 alphanumeric characters, with no spaces, tabs, or any of the following: slash (/), backslash (\), quotation marks (“...
Page 57: Managing Network Plans
Managing Network Plans Wireless Switch—Use a wizard to configure basic switch parameters. (See “Using the Create Wireless Switch Wizard” on page 167.) Third-Party AP—Add a third-party AP for use in network planning. (See “Creating a Third-Party AP” on page 65.) Country Code—Change the regulatory domain for the MAPs in the network plan.
Page 58: Opening A Network Plan
ORKING WITH ETWORK LANS 3Com recommends that you regularly back up the config-db directory so that you have additional copies of your network plans. (In addition to this section, see “Managing Network Plans” on page 506.) If the plan has unsaved changes and 3WXM Services becomes unavailable before the changes are saved, 3WXM client buffers the changes until 3WXM Services becomes available again.
Page 59: Importing A Network Plan
3Com recommends that you save a backup copy of the plan before importing objects from another plan. To save a backup copy, you can use the File > Save As option.
Page 60: Closing A Network Plan
4: W HAPTER ORKING WITH ETWORK LANS 3WXM compares the object names in the plan to be imported with the object names in the open plan. If both plans have objects of the same name and type, the objects are listed and Conflict appears in the Status column.
Page 61: Sharing A Network Plan
Managing Network Plans To delete a network plan 1 In the main 3WXM window, select File > Delete Network Plan. The Delete Network Plan wizard appears. 2 Select the network plan you want to delete from the list. 3 Click Next. The network plan is deleted. 4 Click Finish.
Page 62: Defining A Mobility Domain
4: W HAPTER ORKING WITH ETWORK LANS To disable notification 1 In the main 3WXM window, select Tools > Preferences. 2 Click the Persistence tab. 3 To disable change notification, clear Plan Change Notification. 4 Click Close. Defining a Mobility A Mobility Domain is a collection of WX switches that work together to Domain support roaming users.
Page 63 Defining a Mobility Domain Mobility Domain communications are stable. Generally, the communications required for roaming are the same as those required for VLAN tunneling. Roaming between ports on a WX is possible even if the Mobility Domain is down. Authentication, authorization, and accounting (AAA) on the MAP to which the client roams is successful on the first attempt.
Page 64: Traffic Ports Used By A Mobility Domain
4: W HAPTER ORKING WITH ETWORK LANS Traffic Ports Used by When deploying a Mobility Domain, you might attach the WX switches to a Mobility Domain subnets that have firewalls or access controls between them. Within a Mobility Domain, the WX switches exchange information and other types of traffic, depending on your configuration of AAA and various management services.
Page 65: Creating A Wx Switch
Creating a WX Switch 6 In the Available Devices list, select the WX switches you want to add to the Mobility Domain. 7 Click Next. 8 Select the switch to act as the seed switch for the Mobility Domain. 9 Click Finish. Creating a WX Switch 1 Select the Configuration tool bar option.
Page 66 4: W HAPTER ORKING WITH ETWORK LANS 9 In the HTTP Port Number box, specify the port number for HTTP service. 10 Click Next. 11 In the AP Model drop-down list, select one of the following: AP (Dual Radio)—802.11a and 802.11b or 802.11b/g AP (Single Radio)—802.11a, 802.11b, or 802.11g 12 In the Radio Type drop-down list, select one of the following: 11a, 11b, 11g.
Page 67: Changing The Country Code
Changing the Country Code Changing the The country code determines the valid radio types as well as channel Country Code numbers and power settings for MAP radios. The country code is one of the parameters you set when you create a network plan. If you need to change a plan’s country code, use the following procedure.
Page 68: Uploading A Wx Switch Into The Network Plan
4: W HAPTER ORKING WITH ETWORK LANS 5 Select the scope: Mobility Domain WX switch Radio profile Individual MAP radio To select a radio profile, display it first by clicking on the plus sign next to the WX switch. To select an individual radio, display it first by displaying its radio profile, then clicking on the plus sign next to the radio profile.
Page 69: Converting Auto Daps Into Statically Configured Aps
Converting Auto DAPs into Statically Configured APs Converting Auto Distributed MAPs that are not configured on any WX switches in the DAPs into Statically Mobility Domain can nonetheless be booted and managed by a switch if Configured APs the switch has a profile for Distributed MAPs, and has capacity to manage the MAP.
Page 70 Mobility Domain the two switches are in. All switches that do not fit either of the descriptions above. 3Com recommends that you allow 3WXM to automatically assign affinity values instead of using the CLI to manually set them. Even if you do use the CLI to set them, 3WXM does not replace the affinity values it automatically sets with values set on individual switches.
Page 71: Planning The 3C Om Mobility System
MAP placement, and generate RF network design information. RF Planning The 3WXM planning tools calculate the 3Com equipment you need, how Overview to configure it, and where to install it, all based on the information you provide about your wireless coverage needs.
Page 72: Accessing The Rf Planning Tools
5: P HAPTER LANNING THE OBILITY YSTEM Accessing the RF To access the RF planning tools, select the RF Planning tool bar option and Planning Tools do one of the following: If you are creating a new building, click on the site name in the Organizer panel and select Create Building in the Task List panel.
Page 73 RF Planning Overview Table 12 Toolbar icons available in RF Planning Tools (continued) Option Description Adjust the paper space (crop the drawing). Define the drawing scale. Change the grid size. Zoom in. Zoom out. Fit view in window. Print the view displayed in the floor display area. Toggle AP label.
Page 74: Creating Or Modifying A Site
5: P HAPTER LANNING THE OBILITY YSTEM Table 12 Toolbar icons available in RF Planning Tools (continued) Option Description View or change dimensions. Place an RF measurement point. Show 802.11a RF coverage in the floor display area. Show 802.11b RF coverage in the floor display area. Show 802.11g RF coverage in the floor display area.
Page 75 Creating or Modifying a Site 1 In the Site Name box, type a name for the site (1 to 80 alphanumeric characters, with no spaces or tabs). 2 To change the Country Code, select Setup Country Code in the Task List panel, then in the Change Country Code dialog, select the country where the network is to be deployed.
Page 76: Creating Or Modifying Buildings In A Site
5: P HAPTER LANNING THE OBILITY YSTEM Creating or To create or modify a building in a site: Modifying Buildings in a Site 1 Select the RF Planning tool bar option. 2 In the Organizer panel, click the site name. 3 Do one of the following: If you are creating a new building, click on the site name in the Organizer panel and select Create Building in the Task List panel.
Page 77 Creating or Modifying Buildings in a Site 1 In the Building Name box, type the name of the building (1 to 30 alphanumeric characters, with no spaces or tabs). 2 In the Task List Panel, under Other, click Edit Building. The Edit Building dialog box is displayed.
Page 78 5: P HAPTER LANNING THE OBILITY YSTEM 4 In the Starting Floor Level box, specify the floor number of the first floor in the building. To start with a subterranean floor, you can specify 0 or a negative floor number. 5 In the Skip Floor Levels box, specify floor numbers you want to skip.
Page 79: Creating Or Modifying Floors
Creating or Modifying Floors Creating or To create or modify a floor in a building: Modifying Floors 1 Select the RF Planning tool bar option. 2 In the Organizer panel, click the building name. 3 Do one of the following: If you are creating a new floor, click on the building name in the Organizer panel and select Create Floor in the Task List panel.
Page 80: Importing Or Drawing Floor Details
5: P HAPTER LANNING THE OBILITY YSTEM 6 In the Height of the Ceiling box, type the number of feet or meters from the floor to the ceiling (1 to 1000 feet or meters). The ceiling height is based on the surface of the ceiling where the access points will be mounted, not on the center of the plenum space between floors.
Page 81: File Recommendations
Drawings in DXF format sometimes import more easily into 3WXM. However, 3Com recommends that you obtain copies of the drawing in both DWG and DXF formats if possible, so that you can try the other format if the first format you try does not import easily.
Page 82 5: P HAPTER LANNING THE OBILITY YSTEM In AutoCAD, when you load the drawing file, you might see messages about the files not being found. To check for external references, you can select Insert > Xref Manager. If you look at the layers, externally referenced layers have a common prefix label with the $ delimiter between the label and the description (for example, SC03$a-WALL-FULL).
Page 83 Importing or Drawing Floor Details To check the contents of the invisible layers to make sure the information can be discarded, reverse the frozen/unfrozen status of all layers, to that only the layers that normally are frozen are visible. In TurboCAD, delete the unneeded layers.
Page 84 5: P HAPTER LANNING THE OBILITY YSTEM To move objects to the new RF layers, click-drag to select objects, select Modify >Properties, and change the objects’ layer. Save the drawing on DWG and DXF formats, in case one format does not import well.
Page 85 Importing or Drawing Floor Details Importing the Drawing To import a floor drawing: 1 Select the RF Planning tool bar option. 2 In the Organizer panel, click on the plus sign next to the building to expand it, then click on the name of the floor for which you are importing the drawing.
Page 86: Cropping The Paper Space
5: P HAPTER LANNING THE OBILITY YSTEM Figure 1 Floor Plan After Importing At this point, you can edit the floor contents. Go to “Cropping the Paper Space”, next, to begin. Cropping the Paper You can crop the paper space of a drawing to remove unneeded space Space and objects around the floor.
Page 87: Adjusting The Scale Of A Drawing
Importing or Drawing Floor Details If you click Yes, all objects and paper space outside the area you selected are removed and the image is resized to fill the removed space. Figure 1 on page 86 shows the same floor plan as Figure 2 (below) after cropping the paper space.
Page 88: Adjusting The Origin Point
5: P HAPTER LANNING THE OBILITY YSTEM Adjusting the Origin 3WXM uses a building’s origin point to understand what is above or below Point a given floor. When calculating RF coverage, 3WXM needs to understand where MAP access points on adjacent floors are located so that 3WXM can take RF from those MAPs into account when assigning channels.
Page 89: Working With Layers
Importing or Drawing Floor Details In this example, the origin point has been moved to an interior shaft. New location of origin point Working with Layers Most drawings contain multiple layers of information. 3WXM allows you to hide, add and delete individual layers. You also can add and remove objects and move objects from one layer to another.
Page 90 LANNING THE OBILITY YSTEM For best performance and simpler planning, 3Com recommends that you hide or remove unnecessary layers and remove unnecessary objects. The Clean Layout option automatically deletes all objects that meet the cleanup criteria, which you can modify. (See “Cleaning Up a Drawing” on page 91.) You also can select and delete individual objects.
Page 91: Cleaning Up A Drawing
Importing or Drawing Floor Details Adding or removing a layer To add a new layer to a drawing, do the following: 1 Right-click the list of layers in the Organizer panel. 2 Select Add Layer from the menu that is displayed. 3WXM adds the new layer to the list and highlights its name so you can edit it.
Page 92 5: P HAPTER LANNING THE OBILITY YSTEM To clean up a drawing 1 Display the floor plan in the Content panel. 2 In the Task List panel, under RF Planning, click Clean Layout. The Floor Plan Clean Up wizard appears. 3 In the Remove Lines and Remove Objects group boxes, click next to any items you do not want 3WXM to remove from the drawing during cleanup.
Page 93 Importing or Drawing Floor Details 6 To change the maximum size of objects to be removed, type the new horizontal and vertical dimensions in the X-axis and Y-axis boxes. 3WXM removes all objects that fit within both the specified axes. 7 In the Layer List group box, select the layers you want to clean up.
Page 94 5: P HAPTER LANNING THE OBILITY YSTEM 10 Do one of the following: Click Finish to accept the changes. Click Previous to change the cleanup constraints. Go back to step 2 on page 77. Click Cancel to cancel the changes.
Page 95: Drawing Floor Objects Manually
Importing or Drawing Floor Details Drawing Floor You can use the Free Draw palette to add objects to your floor drawing Objects Manually that are not related to RF obstacles (for example, a conference room table). The tools for drawing non-RF objects work the same as the tools for drawing RF objects, but the tools are different.
Page 96: Specifying The Rf Characteristics Of A Floor
“Importing RF Obstacle Data from a Site Survey” on page 100.) You also can use site survey data to optimize a network plan after you install 3Com equipment. (See “Optimizing a Network Plan” on page 477.) Recommendations Consider the following when creating RF obstacles: Be aware if a CAD drawing contains overlapping objects.
Page 97: Converting Objects Into Rf Obstacles
Specifying the RF Characteristics of a Floor Converting Objects You have several options when creating RF obstacles: into RF Obstacles Convert all objects in a layer of a CAD drawing into RF obstacles. Convert all objects in an area of the drawing into RF obstacles. Convert multiple objects in the drawing into RF obstacles.
Page 98 5: P HAPTER LANNING THE OBILITY YSTEM To create RF obstacles by grouping objects You can group several objects in a drawing to specify them as one RF obstacle. For example, if a wall consists of several lines, the lines can be grouped.
Page 99: Drawing Rf Obstacles
Specifying the RF Characteristics of a Floor 3 In the Attenuation Factor boxes, specify the attenuation factor for 802.11a and 802.11b/g technology (0 to 100 dB). The default is the typical attenuation factor for the material chosen. 4 Click Finish to save the changes and close the dialog box. If you created RF obstacles for all objects in a layer, all objects in the layer are converted into separate RF obstacles.
Page 100: Importing Rf Obstacle Data From A Site Survey
5: P HAPTER LANNING THE OBILITY YSTEM 1 Click at a vertex, then move the cursor to the next vertex. (polygon) 2 Repeat until the polygon takes the shape you want. For a polygon with n sides, click n-1 additional times at the vertices.
Page 101 Specifying the RF Characteristics of a Floor To use this method, perform the following tasks: 1 In 3WXM, identify the major RF obstacles and assign an attenuation value to them. You can select any attenuation value. 3WXM will use the RF measurement data from the site survey to correct the attenuation values.
Page 102 5: P HAPTER LANNING THE OBILITY YSTEM Site Survey Recommendations This manual does not describe how to use the site survey application. For this information, consult the Ekahau site survey documentation. When conducting the survey, use the following best practices for optimal results: Verify that the scale of the floor plan is correct before generating a work order.
Page 103 Specifying the RF Characteristics of a Floor 5 Click Yes next to File. 6 In the File Format listbox, select Ekahau. 7 Click Choose to navigate to the csv file that contains the LOS points. 8 Click Next. The MAC addresses of the LOS points appear.
Page 104 5: P HAPTER LANNING THE OBILITY YSTEM 9 Click next to the MAC address of each LOS point you want to import. The MAC addresses are associated with specific radio types. Select the MAC addresses for the radio types you want to use in the network. 10 Click Finish.
Page 105 Specifying the RF Characteristics of a Floor LOS points in Organizer Panel LOS point placed in floor location When you place an LOS point onto the floor plan, the icon disappears from the Organizer Panel. To create LOS points in 3WXM 1 Display the floor plan in the Content panel.
Page 106 5: P HAPTER LANNING THE OBILITY YSTEM 5 In the Name box, type a name for the LOS point and click Next. 6 In the AP Model listbox, select the type or model of AP you plan to use for the portable AP. If the model is not listed, select AP (Dual Radio) for a dual-radio AP or AP (Single Radio) for a single-radio AP.
Page 107 Specifying the RF Characteristics of a Floor 9 In the Channel Number listbox, specify the channel number on which the AP radio will be operating. 10 In the Transmit Power listbox, specify the transmit power of the AP’s radio. 11 In the MAC Address box, type the MAC address you want to use for this position of the AP.
Page 108 5: P HAPTER LANNING THE OBILITY YSTEM To move an LOS point To move an LOS icon, click-and-drag to select the icon and move it to its new location. To temporarily remove an LOS point onto the Objects to Place tab To temporarily remove an LOS point from the floor without deleting it, click and drag the LOS icon to the Objects To Place area of the Organizer panel.
Page 109 Specifying the RF Characteristics of a Floor 4 Select the scope for which you want generate a site survey order. You can specify the Network Plan, an individual site, an individual building, or an individual floor. 5 Select the language for the site survey order: English German 6 To specify the output directory for the site survey order, click the button...
Page 110 5: P HAPTER LANNING THE OBILITY YSTEM 9 Select a floor to display LOS point information for that floor. Scroll down to view the MAC address assignments for the LOS points. Use the instructions in the Ekahau Site Survey Initial Setup section of the work order to set up the survey.
Page 111 Specifying the RF Characteristics of a Floor 4 Click Yes next to File. 5 In the format listbox, select Ekahau. 6 Click Choose to navigate to the csv file that contains the RF measurement data. 7 In the Map Name field, specify the map name. The map name must match the name specified in the site survey work order, and must be the same map name used in the site survey tool.
Page 112: Defining Wireless Coverage Areas
5: P HAPTER LANNING THE OBILITY YSTEM Applying the RF Measurements to the Floor Plan 1 Under Site Survey in the Task List panel, click Optimize. A wizard appears, listing the progress of the request. The Total number of RF measurements that did not intersect any object line lists the number of measurements that did not experience attenuation due to an RF obstacle in the path between them.
Page 113: Creating A Wiring Closet
Defining Wireless Coverage Areas You must also identify the wireless technology required (802.11a or 802.11b/g) for coverage areas. For areas requiring multiple wireless technologies, two completely overlapping coverage areas are created—one for 802.11a and one for 802.11b/g. You define coverage by creating the following items: Wiring closets (at least one is required if you plan to install directly connected MAPs).
Page 114 5: P HAPTER LANNING THE OBILITY YSTEM 5 In the Name box, type the name of the wiring closet (1 to 60 characters, with no tabs). 6 If you have not defined a WX switch in 3WXM, click Finish to save the changes.
Page 115: Defining A Coverage Area
Defining Wireless Coverage Areas Defining a Coverage Using the coverage area drawing tool, you can specify the coverage area Area graphically on your floor plan. You perform the following tasks to define a coverage area: 1 “Drawing a Coverage Area” on page 116 2 “Specifying the Wireless Technology for a Coverage Area”...
Page 116: Area 1
5: P HAPTER LANNING THE OBILITY YSTEM The coverage areas shown in Figure 6 cannot share coverage and are not supported by 3WXM. (However, separate, nonshared coverage areas can overlap.) Figure 6 Unsupported Shared Coverage Area Example Area 1 Area 2 Keep the following in mind when planning shared coverage areas: Two coverage areas using the same wireless technology cannot be shared.
Page 117 Defining Wireless Coverage Areas If you are using a complex concave polygon as a coverage area, computation of MAP access points might take longer than the computation for an area with a less complicated shape. When drawing a coverage area, make sure it extends just short of external walls.
Page 118: Specifying The Wireless Technology For A Coverage Area
5: P HAPTER LANNING THE OBILITY YSTEM The Create Coverage Area wizard appears. Go to “Specifying the Wireless Technology for a Coverage Area”. Specifying the Wireless Technology for a Coverage Area (To draw a coverage area, see “Drawing a Coverage Area” on page 116.) To specify wireless technology for a coverage area: 1 In the Technology list, select one of the following: 802.11a...
Page 119: Specifying Coverage Area Properties
Defining Wireless Coverage Areas 2 To refine the dimensions of the coverage area, specify the appropriate dimension in the X-Length and Y-Length boxes. 3 Click Next. The wizard presents properties and association pages for the technology you chose in step 1. The following example shows the wizard for 802.11a and 802.11g technologies.
Page 120: Specifying Floor Properties For The Coverage Area
5: P HAPTER LANNING THE OBILITY YSTEM 4 Click Next. The Floor Properties page appears. Specifying Floor Properties for the Coverage Area You can optionally specify floor properties for the coverage area (if they are different from the defaults for the floor): 1 To change the ceiling height, specify the new height in the Height of the Ceiling box.
Page 121: Specifying Default Device Settings For The Coverage Area
Defining Wireless Coverage Areas Specifying Default Device Settings for the Coverage Area You can optionally specify the WX switch or MAP models that 3WXM uses when calculating the devices to include in the coverage area. 1 To change the WX switch model, select the model from the WX Model list. 2 To change the default MAP model, select the model from the Default AP Model list.
Page 122: Specifying Redundancy Computation For Maps In The Coverage Area
5: P HAPTER LANNING THE OBILITY YSTEM If the MAPs are directly connected to the WX, ensure that UTP Cat 5 cabling distances between the MAP and the WX in the wiring closet do not exceed 100 meters (330 feet). An indirectly attached MAP requires Power over Ethernet (PoE) from a source other than a WX switch, such as a power injector.
Page 123 Defining Wireless Coverage Areas 2 To change the MAP connection type for the redundant connection, select Direct or Distributed from the MAP Connection Type list. WX4400 switches support indirect MAP connections only. 3 To change the number of redundant connections for the distributed connection type, type the number in the Redundancy Level box.
Page 124: Configuring Capacity Calculation For Data
The throughput value cannot exceed the value you selected for the baseline association rate. 3Com recommends that per-station throughput values do not exceed 1 Mbps for 802.11b technology and 5 Mbps for 802.11a/g technology. 3 In the Expected Station Count list, specify the number of clients you expect to be in the coverage area.
Page 125: Configuring Capacity Calculation For Voice
Defining Wireless Coverage Areas Configuring Capacity Calculation for Voice 3WXM can perform multiple calculations for MAP placement. One is based on coverage only. Another is based on capacity for voice over IP service, using the capacity for voice parameters. 3WXM compares the results of the calculations and selects the calculation that results in more MAPs.
Page 126 5: P HAPTER LANNING THE OBILITY YSTEM 3 In the Active Handsets per AP list, specify the number of voice over IP phones that you want each MAP to handle. 4 In the Expected Handset Count list, specify the number of voice over IP phones you expect to be in the coverage area.
Page 127: Editing Coverage Areas
Defining Wireless Coverage Areas Specifying Mobility Domain, Radio Profile, and Wiring Closet Associations To specify association information for the coverage area: 1 In the Mobility Domain list, select the Mobility Domain that contains the MAPs used for this coverage area. 2 In the Radio Profile list, select the radio profile used for this coverage area.
Page 128 5: P HAPTER LANNING THE OBILITY YSTEM 4 Select the coverage area you want to edit and click Properties. The Coverage Area Properties dialog for the selected coverage area appears. (You can also display this dialog by displaying the floor plan, selecting Coverage Areas in the Organizer panel, then right-clicking on the coverage area and selecting Edit Properties from the menu.)
Page 129 Defining Wireless Coverage Areas 5 Under the General tab, you can do the following: In the Name box, edit the name of the coverage area (1 to 60 characters long, with no tabs). In the Technology list, select one of the following: 802.11a 802.11b 802.11g...
Page 130 5: P HAPTER LANNING THE OBILITY YSTEM In the Active Handsets per AP list, specify the number of voice over IP phones that you want each MAP to handle. In the Expected Handset Count list, specify the number of voice over IP phones you expect to be in the coverage area.
Page 131 Defining Wireless Coverage Areas 8 Under the Constraints tab, you can do the following: To change the ceiling height, specify the new height in the Height of the Ceiling box. To change the height where MAPs are mounted, specify the new mounting height in the AP Placement Height box.
Page 132: Placing Third-Party Access Points
Same WX for Redundancy. This option places both of a MAP’s wired connections on the same WX switch. For optimal resiliency, 3Com recommends the use of different WX switches for redundancy. To change the MAP connection type for the redundant connection, select Direct or Distributed from the AP Connection Type list.
Page 133: Moving A Third-Party Ap Icon To Its Floor Location
Placing Third-Party Access Points Moving a Third-Party If you added a third-party access point while using the Configuration or AP Icon to its Floor Rogue Detection tool bar options, the access point is on the Objects to Location Place tab. 1 In RF Planning, navigate to the floor plan.
Page 134 5: P HAPTER LANNING THE OBILITY YSTEM 5 In the Name box, type a name for the access point. You can use 1 to 32 characters, with no punctuation except the following: period (.), hyphen (-), or underscore (_). 6 Optionally, in the Manufacturer ID box, type the manufacturer identification for the access point (1 to 30 characters, with no spaces).
Page 135 Placing Third-Party Access Points 12 In the AP Model drop-down list, select one of the following: AP (Dual Radio)—802.11a and 802.11b or 802.11b/g AP (Single Radio)—802.11a, 802.11b, or 802.11g 13 In the Radio Type drop-down list, select one of the following: 11a, 11b, 11g.
Page 136 5: P HAPTER LANNING THE OBILITY YSTEM 15 Verify the radio slot number and radio type. For a dual-radio access point, 802.11b/g radios have a slot number of 1. 802.11a radios have a slot number of 2. 16 In the Channel Number list, select the channel number for the radio. 17 In the Transmit Power box, specify the transmit power for the radio.
Page 137: Placing Installed And Auto-Configured Maps
Placing Installed and Auto-Configured MAPs Placing Installed You can place MAPs that are already installed on the floor into the network plan. To do this, you upload the MAP configuration into 3WXM, Auto-Configured associate the MAP with a coverage area, then place them on the floor MAPs plan.
Page 138: Computing Map Placement
3 feet above the floor (the average height of a user’s desk). By default, 3WXM assumes that you want to directly connect the MAP access points to WX1200 switches and that you do not want redundant MAP connections for backup. You can change these design constraints.
Page 139 Computing MAP Placement If you are modifying an existing coverage area with deployed MAPs or if you need to preserve manual changes made to the current configuration, you can lock the MAPs. Locked MAPs cannot be moved or deleted during the Compute and Place process.
Page 140 5: P HAPTER LANNING THE OBILITY YSTEM 5 To change the height where MAPs are mounted, specify the new mounting height in the AP Placement Height box. 6 To change the WX switch model, select the model from the WX Model list.
Page 141 Computing MAP Placement 12 To change the number of redundant connections for the distributed connection type, type the number in the Redundant Level box. For direct connections, the redundancy level is always 1. 13 Click Next. The Coverage Area Selection dialog is displayed. 14 To update all the constraints for the selected coverage areas, select Update All Constraints.
Page 142 5: P HAPTER LANNING THE OBILITY YSTEM To compute and place MAPs 1 Display the floor plan in the Content panel. 2 In the Task List panel, click RF Planning. 3 Under RF Planning, click Compute and Place. The Compute and Place wizard appears.
Page 143 Computing MAP Placement 10 Go to “To review coverage area computation”. To review coverage area computation 1 Review the number of MAPs required for each coverage area, and the overriding criterion used (coverage or capacity). 2 Click Finish to apply the changes. Icons for the suggested MAP locations appear on the floor plan.
Page 144 5: P HAPTER LANNING THE OBILITY YSTEM To see the RF coverage area for an area, right-click on the area (either in the organizer panel or on the floor) and select Display RF Coverage. If the area supports more than one radio technology, you also need to select the technology.
Page 145 Computing MAP Placement You must now compute the optimal power. See “Computing Optimal Power” on page 149. Locking and Unlocking MAPs After you compute and place the necessary MAPs for a coverage area, you can move them to fine-tune the wireless coverage. If you need a MAP to be located at a fixed location on the floor, you can lock its current location when you recompute the necessary coverage.
Page 146: Assigning Map Channels
5: P HAPTER LANNING THE OBILITY YSTEM Assigning MAP If you do not plan to use the RF Auto-Tuning feature to automatically set Channels the channels on the MAPs after deployment and installation, use the Assign Channels to MAPs option to assign channels to the MAPs. Appropriate assignment of channels across the floor minimizes co-channel interference.
Page 147 Computing MAP Placement 3 To change the starting floor for channel assignment, select the floor from the Begin On Floor List. By default, 3WXM starts at the top floor and works down. 4 To change the ending floor for channel assignment, select the floor from the End On Floor List.
Page 148 5: P HAPTER LANNING THE OBILITY YSTEM 9 Click Finish to accept the channel assignments. The new channel assignments are reflected in the Coverage Areas panel. 10 Do one of the following: To verify the RF network, see “Verifying the Wireless Network” on page 152.
Page 149: Computing Optimal Power
3WXM factors in these considerations when calculating optimal power. 3Com recommends that you assign channels before you compute optimal power, to ensure successful power computation. If the MAP is using an external antenna, specify the antenna model and the direction of the antenna’s coverage before you compute power.
Page 150 5: P HAPTER LANNING THE OBILITY YSTEM 3 To optimize the AP count, select Optimize AP Count. This option checks for coverage overlaps and removes a MAP if neighboring MAPs provide enough coverage to make the MAP unnecessary. This option applies only to coverage areas that are configured for coverage, not capacity.
Page 151 Computing MAP Placement To resolve optimal power computation problems If power levels for one or more coverage areas could not be optimized, show the RF coverage at baseline association and minimum transmit rates for the coverage areas by doing the following: 1 In the Show RF coverage using listbox, select how you want to display the coverage: Baseline Association Rate—Coverage is shown based on the MAP...
Page 152: Verifying The Wireless Network
In most situations, increasing transmit power levels to close the holes will generate more co-channel interference. 3Com recommends that you allow these small holes during the planning process.
Page 153: Placing Rf Measurement Points
Verifying the Wireless Network 3 In the Show RF coverage using listbox, select how you want to display the coverage: Baseline Association Rate—Coverage is shown based on the MAP radio baseline association rate. The baseline association rate is the typical data rate the radio is expected to support for client associations.
Page 154 5: P HAPTER LANNING THE OBILITY YSTEM 4 On the floor plan, click where you want the measurement point to be placed. The Create RF Measurement Point dialog box appears. 5 In the Description box, type a description for the measurement point (1 to 60 characters).
Page 155: Using Rf Interactive Measurement Mode
Verifying the Wireless Network 7 Click OK to save the changes and close the box. 8 Do one of the following: To use the RF interactive measurement mode, see “Using RF Interactive Measurement Mode”. To generate network design information, see “Generating RF Network Design Information”...
Page 156 5: P HAPTER LANNING THE OBILITY YSTEM Table 15 shows the information available in the RF measurement table. Table 15 RF Measurement Information Item Value Distance in the X direction from the 0,0 coordinate (the upper left corner of the panel). Distance in the Y direction from the 0,0 coordinate (the upper left corner of the panel).
Page 157: Generating Rf Network Design Information
Information report provides all of the necessary information for the physical installation of the 3Com Mobility System. A work order shows where the MAPs should be installed, WX initial setup configuration information, and projected RSSI information that is useful when verifying the installation.
Page 158 5: P HAPTER LANNING THE OBILITY YSTEM 4 Specify whether to include the following information in the work order: RF Coverage RSSI Projections Show Disabled MAPs (only available if RSSI Projections is selected) Show RF Coverage On Entire Floor (only available if RSSI Projections is selected) Show Unreachable MAPs (only available if RSSI Projections is selected)
Page 159: Configuring Wx System Parameters
WX switches using 3WXM. If you want to use 3WXM planning to configure switches for you as part of coverage planning, see “Planning the 3Com Mobility System” on page 71. If you are planning to use 3WXM to configure switches in a remote office, see “Configuring WX Switches Remotely”...
Page 160 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Table 16 WX Switch Object Types Category Object Type Description System Ports Settings for individual ports. (See “Viewing and Changing Port Settings” on page 178.) Port Groups Settings for port groups. (See “Viewing and Changing Port Groups” on page 186.) Management Settings for the following management...
Page 161 WX Switch Configuration Objects Table 16 WX Switch Object Types (continued) Category Object Type Description System, cont. VLANs Groups of physical ports configured as a distinct Layer 2 broadcast domain. Each VLAN has its own Spanning Tree Protocol (STP) and Internet Group Management Protocol (IGMP) settings.
Page 162 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Table 16 WX Switch Object Types (continued) Category Object Type Description Wireless, cont. RF Detection Configuration parameters for rogue detection and countermeasures (See “Viewing and Changing RF Detection Settings” on page 284.) Local User Users configured on the WX switch instead of Database...
Page 163: Adding A Wx Switch To The Network Plan
Import the switch’s XML configuration file. Creating a WX Switch Select the Planning tool bar option and use the instructions in “Planning as Part of RF Planning the 3Com Mobility System” on page 71. Creating a WX Switch Using the Create Wireless Switch Wizard 1 Select the Configuration tool bar option.
Page 164: Creating A New Wx Switch Based On A Configured Switch In The Network Plan
CAUTION: After you select Managed to enable management of the switch by 3WXM, do not change this option unless advised to do so by 3Com Technical Support. If you change a WX switch to an unmanaged state in a network plan, all network operations (polling) stop for that WX switch.
Page 165: Adding A Switch By Uploading Its Configuration From The Network
Adding a WX Switch to the Network Plan 9 To modify the management interface, select the IP interface and VLAN from the VLAN/IP drop-down list. 10 To modify the enable password, edit the string in the Enable Password box. Use this option when you are creating a new switch in 3WXM. This option modifies the password in the network plan.
Page 166: Configuring Basic And Advanced Settings
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Configuring Basic Clicking on an option in the Task List panel opens a configuration wizard. and Advanced Configuration wizards enable you to configure basic settings for an Settings object. For most types of WX switch objects, after you configure the settings and close the wizard, the new object is added to a table in the Content panel.
Page 167: Deploying Changes
Using the Create Wireless Switch Wizard Deploying Changes To deploy all the changes, click Deploy. 3WXM compares the changes to the verification rules, and lists any warnings or error messages. If there are any errors, 3WXM will not deploy the changes. To deploy the changes, you must first resolve the errors.
Page 168 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS The Move button removes the ports from all other VLANs, and places them in the new VLAN. The ports appear in the Current Members list. 10 To tag ports in the VLAN, select Tag and edit the tag value. Use this option if you used the Add button instead of the Move button to place the ports in the VLAN.
Page 169: Setting Up A Switch
Setting Up a Switch Setting Up a Switch After you create a switch, you can use the System Setup Wizard to configure the following essential operation and management parameters: SNMP settings for monitoring of the switch by 3WXM VLANs RADIUS servers and server groups Wireless services Auto-DAP profile settings The SNMP security level and enabled version configured with this wizard...
Page 170 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS AuthRequest-UnsecuredNotify—SNMP message exchanges are authenticated but are not encrypted, and notifications are neither authenticated nor encrypted. The only security level supported for SNMPv1 and SNMPv2c is Unsecured. To use a higher security level, you must use USM (SNMPv3).
Page 171 Setting Up a Switch notify-only—The switch can use the string to send notifications. read-write-notify—An SNMP management application using the string can get and set object values on the switch. The switch can use the string to send notifications. Click Next. 6 Configure VLANs.
Page 172: Modifying Basic Switch Parameters
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Custom Service Profile—Provides wireless access based on the combination of options you choose. (Use this option only if none of the other options applies to the type of service you want to offer.) b See “Viewing and Configuring Wireless Services”...
Page 173 Task List panel. After you select Managed to enable management of the switch by 3WXM, do not change this option unless advised to do so by 3Com Technical Support. If you change a WX switch to an unmanaged state in a network plan, all network operations (polling) stop for that WX switch.
Page 174: Changing The Wx Software Version
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Changing the WX To change the WX software version: Software Version 1 Select the Configuration tool bar option. 2 In the Organizer panel, select the WX switch. 3 In the Task List panel, select Change Software Version. The Change Software Version wizard appears.
Page 175: Changing System Information
Modifying Basic Switch Parameters 6 Optionally, in the Offset Minutes box, select the number of minutes (between -59 to 59) to subtract from or add to UTC. 7 In the DST Name box, type the name for the summertime offset (1 to 16 alphanumeric characters, with no spaces or tabs).
Page 176: Converting Auto Daps Into Statically Configured Daps
6 In the Prompt box, type the CLI prompt for the WX. If you do not specify a prompt, the CLI uses the following default prompts: WX1200> for restricted access WX1200# for enabled access 7 In the Message of the Day box, type the message that appears before the beginning of each login prompt of each CLI session.
Page 177: Deleting Auto Daps
Modifying Basic Switch Parameters Deleting Auto DAPs 3WXM automatically updates an Auto DAP’s information in the network plan when the DAP either is converted into a configured MAP, or reboots and then connects to a different WX. However, if an Auto DAP leaves the network without being converted into a statically configured MAP or connecting to a different WX, 3WXM continues to list the DAP as a device being managed by the WX.
Page 178: Launching A Web Management Session With The Switch
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Launching a Web This option is available only if the switch is running and can be reached Management Session through the network by 3WXM Services. This option also requires the with the Switch Managed option for the switch to be enabled.
Page 179 Viewing and Changing Port Settings 3 To specify the speed of a 10/100 Ethernet port, select one of the following: Auto—Sets the port to automatically detect the traffic speed and set the speed accordingly. This is the default value. 10—Sets the speed to 10 Mbps. 100—Sets the speed to 100 Mbps.
Page 180: Configuring A Port For A Directly Connected Ap
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System. d Select Ports. 2 Select the port. 3 Click Properties. 4 Select SNMP Link Traps.
Page 181: Configure A Port For Wired Authentication
Viewing and Changing Port Settings 6 Click Next. The non-editable number (1 or 2) indicates the radio number on the MAP. 7 To enable the radio, select Enabled. 8 In the Channel Number list, select the channel number for the radio. If RF Auto-Tuning for channel configuration is enabled, setting this value has no effect.
Page 182 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 1 Access the Configure Wired Auth wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System. d Select Ports.
Page 183 Viewing and Changing Port Settings b Specify the user glob in the Matching User Glob box. To match on all usernames, leave the wildcards (**) in the box. (For syntax information, see “Access Rules” on page 240.) To use an existing rule, leave the rule in the list. c Click Next.
Page 184 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS To use an existing rule, leave the rule in the list. c Click Next. d Select the authentication and accounting method (RADUS server group or local database). (For information, see “AAA Methods (RADIUS Server Groups and the Local User Database)”...
Page 185 Viewing and Changing Port Settings 10 Create a Web Portal authentication rule to control access to the port, or use one that has already been created. To create a new rule: a Click Create. b Specify the user glob in the Matching User Glob box. To match on all usernames, leave the wildcards (**) in the box.
Page 186: Viewing And Changing Port Groups
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS If you select Web Portal in step 2, 3WXM automatically creates a user named web-portal-wired. Similarly, if you select Open Access, 3WXM creates a user called last-resort-wired. Do not delete or modify these users.
Page 187: Creating A Port Group
Viewing and Changing Port Groups Creating a Port Group To create a port group: 1 In the Task List panel, select Port Group. The Create Port Group wizard appears. 2 In the Port Group Name box, type the name of the port group (1 to 16 alphanumeric characters, with no spaces or tabs).
Page 188: Viewing And Changing Management Settings
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Viewing and By default, HTTPS is enabled on the WX, allowing you to use Web Changing Management on port 443 for a secure session. If you disable HTTPS, you Management cannot use Web Management. 3WXM communications also use HTTPS, Settings but 3WXM is not affected by the HTTPS configuration on the WX.
Page 189: Configuring Snmp
Viewing and Changing Management Settings You can specify from 0 to 86400 seconds (one day). The default is 3600 (one hour). If you specify 0, the idle timeout is disabled. The timeout interval is in 30-second increments. For example, the interval can be 0, or 30 seconds, or 60 seconds, or 90 seconds, and so on.
Page 190 1 to 32 alphanumeric characters, with no spaces or tabs. Community string names are transmitted in clear text. If you enable SNMP service on the WX, 3Com recommends that you do not use the well-known strings public (for READ) or private (for WRITE).
Page 191 Viewing and Changing Management Settings Configuring a USM (SNMP V3) User 1 Access the Create USM User wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System. d Select Management Services.
Page 192 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS b If you select Hex or IP, type the hexadecimal string or IP address in the Value box and click Next and go to step 5. Otherwise, click Finish. 5 Select the authentication type used to authenticate communications with the remote SNMP engine: None—No authentication is used.
Page 193 Viewing and Changing Management Settings Configuring a Notification Profile A notification profile is a named list of all the notification types that can be generated by a switch, and for each notification type, the action to take (drop or send) when an event occurs. 1 Access the Create Notification Profile wizard: a Select the Configuration tool bar option.
Page 194 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 2 Specify the target ID. 3 Type the IP address of the target. 4 Specify the protocol port on which the target listens for SNMP notifications. The default is 162. 5 Click Next. 6 Select the notification profile that will use this target.
Page 195 1 to 32 alphanumeric characters, with no spaces or tabs. Community string names are transmitted in clear text. If you enable SNMP service on the WX, 3Com recommends that you do not use the well-known strings public (for READ) or private (for WRITE).
Page 196 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS b In the Username box, type the name of the SNMPv3 user. The name can be 1 to 32 alphanumeric characters, with no spaces or tabs. c Select the access type. read-notify—An SNMP management application using the string can get object values on the switch but cannot set them.
Page 197 Viewing and Changing Management Settings b In the Retry Count box, specify the number of times the MSS SNMP engine will resend a notification that has not been acknowledged by the target. You can specify from 0 to 3 retries. The default is 0. 16 Click Finish.
Page 198 1 to 32 alphanumeric characters, with no spaces or tabs. Community string names are transmitted in clear text. If you enable SNMP service on the WX, 3Com recommends that you do not use the well-known strings public (for READ) or private (for WRITE).
Page 199 Viewing and Changing Management Settings If a USM user with access type read-write-notify, read-notify, or notify-only is already configured, you can select it. Otherwise, you must create a new one. You also can create a new USM user even if one is already configured.
Page 200: Viewing And Setting Log And Trace Settings
CAUTION: Setting traces can have adverse effects on system performance. 3Com recommends that you use the lowest levels possible for initial trace commands, and slowly increase the levels to get the data you need.
Page 201 The default severity level is Error. The debug level produces a lot of messages, many of which can appear to be somewhat cryptic. Debug messages are used primarily by 3Com for troubleshooting and are not intended for administrator use. 3 Configure logging to the console: a To specify that logging messages be sent to the console, select Enabled.
Page 202 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Creating an External Log Server You can specify a syslog server. Syslog facilities are identifiers that allow a syslog server to handle different syslog messages from different sources. You can use a facility in the range of Local 0 through Local 7. 1 Access the Create Syslog Server wizard: a Select the Configuration tool bar option.
Page 203: Viewing And Configuring Ip Services Settings
Viewing and Configuring IP Services Settings 3 Optionally, in the Level box, specify the amount of information included in the trace output (0 to 10). 0 provides the minimum amount of information and 10 proves the maximum amount of information. The default is 5.
Page 204: Creating A Static Route
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Creating a Static The IP routing table contains routes that MSS uses for determining the Route interfaces for a WX switch’s external communications. When you add an IP interface to a VLAN that is up, MSS automatically adds corresponding entries to the IP routing table.
Page 205: Create An Ip Alias
Viewing and Configuring IP Services Settings Create an IP Alias You can map an IP address to a name by creating an IP alias. For example, if you create an IP alias carmel for IP address 10.20.30.40, you could type telnet carmel rather than telnet 10.20.30.40.
Page 206: Configuring Ntp
If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes, convergence of the WX time can take many NTP update intervals. 3Com recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence.
Page 207: Configuring Arp
Viewing and Configuring IP Services Settings Configuring ARP The Address Resolution Protocol (ARP) table maps IP addresses to MAC addresses. ARP is enabled by default on the WX and cannot be disabled. An ARP entry is added to the table in one of the following ways: Automatically by the WX.
Page 208: Viewing And Configuring Vlans
RADIUS servers or in the local WX user database: Tunnel-Private-Group-ID—This attribute is described in RFC 2868, RADIUS Attributes for Tunnel Protocol Support. VLAN-Name—This attribute is a 3Com vendor-specific attribute (VSA). You cannot configure the Tunnel-Private-Group-ID attribute in the local user database.
Page 209: Viewing Vlans
62.) Because the default VLAN might not be in the same subnet on each switch, 3Com recommends that you do not rename the default VLAN or use it for user traffic. Instead, configure other VLANs for user traffic.
Page 210 IP addresses on the switch can belong to the same IP subnet. MSS does not support assigning a switch’s system IP address to an address received through the DHCP client. 3Com recommends that you use the DHCP client only on WXR100 switches that you plan to configure using the drop-ship method.
Page 211: Changing Vlan Membership
In addition, the same tag value can be used by different VLANs but on different network ports. If you use a tag value, 3Com recommends that you use the same value as the VLAN number. MSS does not require the VLAN number and tag value to be the same, but some other vendors’...
Page 212: Changing Vlan Spanning Tree Settings
ARAMETERS 6 To tag a port or port group, select the Tag checkbox. If you specify a tag value, 3Com recommends that you use the same value as the VLAN number. 3Com switches do not require the VLAN number and tag value to be the same, but some other vendors’...
Page 213 Viewing and Configuring VLANs 2 In the Content panel, select the VLAN. 3 In the Task List panel, select Configure Spanning Tree. This wizard configures STP features for an individual VLAN but does not configure fast convergence features, which are global. (See “Enabling STP Fast Convergence Features”...
Page 214 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS If STP is enabled on the VLAN, spanning tree packets are dropped at the port. If STP is disabled on the VLAN, spanning tree packets are forwarded transparently through the VLAN to and from that port. 6 In the Port Priority box, specify a priority value (0 to 255).
Page 215 Viewing and Configuring VLANs Enabling STP Fast Convergence Features The standard STP timers delay traffic forwarding briefly after a topology change. The time a port takes to change from the listening state to the learning state or from the learning state to the forwarding state is called the forwarding delay.
Page 216: Changing Vlan Igmp Settings
6 If IGMP queriers are not on the subnet (for example, multicast routers), select Querier Enabled. 3Com recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic that is not routed. 7 In the Query Interval box, specify the interval (1 to 65,535 seconds) at which the WX switch sends general IGMP queries on behalf of multicast routers to advertise multicast groups.
Page 217 Viewing and Configuring VLANs 8 In the Other Querier Present Interval box, specify how long (1 to 65,535 seconds) the WX switch waits for a general query to arrive before making itself the querier. The default interval is 255 seconds. 9 In the Query Response Interval box, specify how long (1 to 65,535 tenths of a second) a device can take to respond to an IGMP query.
Page 218 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS You cannot add MAP ports or wired authentication ports as static multicast ports. However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic. To add or remove static multicast router and receiver ports: 1 Access the VLAN table: a Select the Configuration tool bar option.
Page 219: Restricting Layer 2 Traffic Among Clients In A Vlan
Viewing and Configuring VLANs Restricting Layer 2 By default, clients within a VLAN are able to communicate with one Traffic Among Clients another directly at Layer 2. You can enhance network security by in a VLAN restricting Layer 2 forwarding among clients in the same VLAN. When you restrict Layer 2 forwarding in a VLAN, MSS allows Layer 2 forwarding only between a client and a set of MAC addresses, generally the VLAN’s gateway routers.
Page 220: Restricting Layer 3 Traffic Among Clients In A Vlan
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Restricting Layer 3 To restrict Layer 3 traffic among clients in the same VLAN, use an ACL. Traffic Among Clients You can configure the ACL yourself or use the Restrict L3 Traffic option in in a VLAN 3WXM.
Page 221: Configuring The Mss Dhcp Server
Use of the MSS DHCP server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. 3Com recommends that you do not use the MSS DHCP server to allocate client addresses in a production network.
Page 222: Changing The Aging Time For Fdb Entries
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS By default, all addresses except the host address of the VLAN, the network broadcast address, and the subnet broadcast address are included in the range. If you specify the range, the start address must be lower than the stop address, and all addresses must be in the same subnet.
Page 223: Viewing Acls
Viewing and Configuring ACLs You can choose to count the number of times an ACE is matched. This hit count is useful for troubleshooting complex ACL configurations and for monitoring traffic load for specific network applications or protocols. The hit count can only be seen from the CLI. To start updating hit counter statistics in the CLI, you must first set the hits sampling rate to a nonzero value, such as 15 seconds.
Page 224 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS To configure an ACL 1 Access the Create ACL wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System. d Select ACLs.
Page 225 Viewing and Configuring ACLs b Select the well-known name of the protocol from the Protocol Name drop-down list. If the protocol’s name is not listed, select Other to activate the Protocol Number box, then type or select the number. c Click OK. d If you selected tcp or udp, go to step 7.
Page 226 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Not Equal Range None (no comparison is required) c Select the well-known port name from the Port Name drop-down list. If the name is not in the list, select Other and type or select the port number in the Port Number box.
Page 227 Viewing and Configuring ACLs 0 (normal)—Packets with normal TOS defined are filtered. 1 (minimum monetary cost)—Packets with minimum monetary cost TOS defined are filtered. 2 (maximum reliability)—Packets with maximum reliability TOS defined are filtered. 4 (maximum throughput)—Packets with maximum throughput TOS defined are filtered.
Page 228: Configuring Advanced Acl Settings
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Configuring After you configure an ACL, you can configure the following advanced Advanced ACL settings: Settings Hit counter (enable or disable) Hit sample rate (applies if the hit counter is enabled) Established option, to apply a new TCP ACE only to established (existing) TCP sessions.
Page 229 Viewing and Configuring ACLs To enable the established option for TCP ACEs By default, a new TCP ACE applies to new sessions as well as established (existing) sessions. To apply the ACE only to established sessions, enable the established option. 1 Select the TCP ACE in the ACL table.
Page 230: Adding A New Ace To A Configured Acl
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Table 17 ICMP Messages and Codes (continued) ICMP Message (Type Number) Code (Number) Timestamp (13) None Timestamp Reply (14) None Information Request (15) None Information Reply (16) None Adding a New ACE to To add a new ACE to a configured ACL: a Configured ACL 1 Access the ACL table:...
Page 231 Viewing and Configuring ACLs 4 Select the mapping type: To map to a physical port, select port and go to step 5. To map to a virtual port, select vport and go to step 6. To map to a VLAN, select vlan and go to step 7. To map to a Distributed MAP, select dap and go to step 8.
Page 232: Deleting An Acl
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS b In the Direction list, select In to filter incoming packets or Out to filter outgoing packets. 9 Click Finish. The mapping appears in the ACL Mappings table. Deleting an ACL To delete an ACL: 1 Access the ACL table: a Select the Configuration tool bar option.
Page 233: Viewing And Changing Cos Mappings
Viewing and Changing CoS Mappings Viewing and MSS supports Layer 2 and Layer 3 classification and marking of traffic, to Changing CoS help provide end-to-end QoS throughout the network. QoS support Mappings includes support of Wi-Fi Multimedia (WMM), which provides wireless QoS for time-sensitive applications such as voice and video.
Page 234: Changing A Dscp-To-Cos Mapping
6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS The QoS mappings appear in the Content panel. The DSCP to CoS table lists the internal CoS values to which MSS maps DSCP values during classification of ingress traffic. The CoS to DSCP table lists the DSCP values to which MSS maps internal CoS values during marking of egress traffic.
Page 235: Setting A Range Of Dscp Values To A Single Cos Value
Viewing and Changing CoS Mappings Setting a Range of To set a range of DSCP values to a single CoS value: DSCP Values to a Single CoS Value 1 Access the QoS tables: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch.
Page 236 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS...
Page 237: Configuring
ONFIGURING IRELESS ARAMETERS This chapter describes how to view and configure the following wireless parameters for WX switches: Service Set Identifiers (SSIDs), which are managed by service profiles Radio profiles, which assign IEEE 802.11 settings and a service profile to radios Auto-DAP profile MAPs MAP radios...
Page 238: Wireless Service Parameters
7: C HAPTER ONFIGURING IRELESS ARAMETERS Wireless Service A wireless service consists of the following parameters: Parameters Service profile Access rules Service Profiles A service profile configures an SSID. Table 18 lists the parameters. For parameters that are assigned default values by the wizards, the table also lists the default values.
Page 239 Default Value Assigned by Parameter Description Service Profile Wizard Custom Web Subdirectory path and filename Blank (default page with 3Com Portal login page of an HTML page customized logo is used) for login to the SSID Security modes For encrypted SSIDs only, the...
Page 240 7: C HAPTER ONFIGURING IRELESS ARAMETERS You don’t need to select the values for all these parameters when you configure a service. The Service Profile wizards help you configure the essential parameters and assign appropriate values to the rest. Some of the parameters that 3WXM automatically sets are not configurable using the Service Profile wizards.
Page 241 Viewing and Configuring Wireless Services For Windows domain clients using Protected EAP (PEAP), the user glob is in the format Windows_domain_name\username. The Windows domain name is the NetBIOS domain name and must be specified in capital letters. For example, EXAMPLE\sydney, or EXAMPLE\*.*, which specifies all usernames whose usernames contain periods.
Page 242 7: C HAPTER ONFIGURING IRELESS ARAMETERS Uses challenge-response to compare hashes. Provides no encryption or integrity checking for the connection. The EAP-MD5 option does not work with Microsoft wired authentication clients. PEAP Offload—Protected EAP with Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAP-V2). Select this protocol for wireless clients.
Page 243: Viewing Wireless Services
Viewing and Configuring Wireless Services If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list. If you specify LOCAL as the first method and a user is not in the local user database on the WX, authentication and authorization are attempted with a RADIUS server group if one is defined in the method...
Page 244: Configuring An 802.1X Wireless Service
7: C HAPTER ONFIGURING IRELESS ARAMETERS Configuring an The 802.1X Service Profile wizard requires you to select one or more 802.1X Wireless RADIUS server groups and does not allow you to complete the Service configuration without selecting one. To be available for selection in the wizard, a RADIUS server group must already be configured before you open the wizard.
Page 245 Viewing and Configuring Wireless Services 10 Select the EAP type: EAP-MD5 Offload PEAP Offload Local EAP-TLS External RADIUS Server If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, the EAP Sub-Protocol is None. (For information, see “EAP Type (802.1X Only)” on page 241.) 11 Specify the authentication method (RADIUS server group or local database).
Page 246: Configuring A Voice Over Wireless Service
7: C HAPTER ONFIGURING IRELESS ARAMETERS If you have not planned RF coverage or configured any MAPs in the network plan yet, no radios are listed. You can add the radios later. (Select the radio profile, click Properties, then select Radio Selection. See “Configuring Advanced Radio Profile Settings”...
Page 247 Viewing and Configuring Wireless Services The next step depends on the encryption type you selected in step 5: If you selected Encrypted, go to step 8. If you selected Clear, go to step 18. 8 Select the access type: 802.1X Access—Device is allowed onto the SSID only after successful authentication using 802.1X.
Page 248 7: C HAPTER ONFIGURING IRELESS ARAMETERS By default, data in unicast and multicast packets are encrypted using WEP key 1. To use another key for either type of packet, select the key number in the WEP Unicast Key Index or WEP Multicast Key Index box. 17 Click Next.
Page 249: Configuring A Web-Portal (Webaaa) Service
Viewing and Configuring Wireless Services To create a new radio profile: a Select Create new Radio Profile and click Next. b Type the radio profile name in the Name box and click Next. c Select the radios you want to manage with the radio profile and click Move to move them to the Current Members list.
Page 250 7: C HAPTER ONFIGURING IRELESS ARAMETERS If you selected Clear in step 5, go to step 15. 7 Select the security modes you want the SSID to support. You can select one or more of the following: RSN (WPA2) Static WEP 8 Click Next.
Page 251 Viewing and Configuring Wireless Services 16 Click Next. The ACEs (ACL rules) that 3WXM will configure for the Web-Portal service are listed. The ACEs are required to allow DHCP traffic while blocking all other traffic while a user is being authenticated. These ACEs are used only during authentication.
Page 252: Configuring An Open Access Service
7: C HAPTER ONFIGURING IRELESS ARAMETERS (You can add, modify, or delete users at any time, even after this wizard is closed. See “Creating and Managing Users in the Local User Database” on page 289.) 20 Select or create the radio profile to map to this service profile. By default, the default radio profile is selected.
Page 253 Viewing and Configuring Wireless Services 5 Select the SSID type from the SSID Type drop-down list: Encrypted—Traffic on the SSID is encrypted. Clear—Traffic on the SSID is unencrypted. 6 Click Next. If you selected Encrypted in step 5, configure the encryption settings. Go to step 7.
Page 254: Configuring A Custom Service
7: C HAPTER ONFIGURING IRELESS ARAMETERS 14 Click Next. 15 Select the VLAN into which you want the switch to place users of the SSID. If you want to specify the VLAN later when configuring the access rules, you can leave the VLAN Name box blank. 16 Select or create the radio profile to map to this service profile.
Page 255: Modifying Service Profile Settings
Viewing and Configuring Wireless Services Modifying Service You can modify the following service profile settings in the Wireless Profile Settings Service Profiles table itself: SSID name SSID type (encrypted or clear) Beacon state (advertisement of the SSID) Radio profile (maps MAP radios to the service profile) To view or change other settings, select the service profile in the Wireless Service Profiles table and click Properties.
Page 256 7: C HAPTER ONFIGURING IRELESS ARAMETERS Static WEP Tab All of the settings on the Static WEP tab are explained in the sections on the service profile wizards. Authorization Attributes Tab The Authorization Attributes tab lists the default authorization attributes for the SSID.
Page 257 Viewing and Configuring Wireless Services Radio Profile Selection Tab The Radio Profile Selection tab list the radio profiles mapped to the service profiles. Service profile wizards map the service profiles to the default radio profile by default. To map another radio profile to the service profile, select the radio profile in the Available Radio Profiles list, then click Add.
Page 258 7: C HAPTER ONFIGURING IRELESS ARAMETERS Long Retry Count—Number of times (1 to 15) the MAP transmits an unacknowledged unicast frame that is equal to or longer than the fragment threshold before discarding the frame. The default is 5. Client Timeout Tab The Client Timeout tab lists settings for client session timers: User idle timeout—Number of seconds a client can remain idle before the client’s session is changed to the Disassociated state.
Page 259 Viewing and Configuring Wireless Services Multicast rate—Data rate at which the radio sends multicast frames. The valid rates depend on the radio type and are the same as the mandatory rates. The default is Automatic, which sets the multicast rate to the highest rate that can reach all clients connected to the radio.
Page 260: Viewing Ssid Encryption Settings And Access Rules
7: C HAPTER ONFIGURING IRELESS ARAMETERS SODA Tab The SODA tab has settings for the Sygate On-Demand (SODA) feature. SODA is an endpoint security solution that allows enterprises to enforce security policies on client devices without having to install any special software on the client machines.
Page 261 Viewing and Configuring Wireless Services b Click on the plus sign next to Wireless. c Select Wireless Services. 2 Select the service profile in the table. A set of tasks appears under Setup in the Task List panel. 3 To display encryption settings and access rules, select one of the following the Task List panel: 802.1X Access MAC Access...
Page 262: Modifying Ssid Encryption Settings And Access Rules
7: C HAPTER ONFIGURING IRELESS ARAMETERS Modifying SSID You can create access rules for a service profile from within a service Encryption Settings profile wizard. You also can create or modify a service profile’s access and Access Rules rules after creating the service profile. 1 Display the Wireless Service Profiles table: a In the Organizer panel, click on the plus sign next to the WX switch on which the service profile is configured.
Page 263 Viewing and Configuring Wireless Services 5 Select the encryption algorithms to use: AES (CCMP)—Usually used with RSN (WPA2) TKIP—Usually used with WPA WEP-104—Used with dynamic WEP WEP-40—Used with dynamic WEP 6 Click Next. 7 If you selected Static WEP, specify WEP keys. For each key (up to four), type the key value in the corresponding key box.
Page 264 7: C HAPTER ONFIGURING IRELESS ARAMETERS Do not change the deny rule at the bottom of the ACL. This rule must be present and the capture option must be used with the rule. If the rule does not have the capture option, the Web Portal user never receives a login page.
Page 265: Viewing And Configuring Radio Profiles
MAPs on different WX switches. 3Com recommends that you create a new radio profile and leave the default radio profile unchanged as a backup. The default radio profile is associated with a WX switch’s MAPs, unless you created a new radio profile while configuring a floor plan’s coverage...
Page 266: Creating A Radio Profile
7: C HAPTER ONFIGURING IRELESS ARAMETERS Creating a Radio To create a radio profile: Profile 1 Access the Create Radio Profile wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to Wireless.
Page 267: Configuring Advanced Radio Profile Settings
MSS as interfering devices. A rogue is a device that is in the 3Com network but does not belong there. An interfering device is not part of the 3Com network but also is not a rogue. MSS classifies a device as an...
Page 268 7: C HAPTER ONFIGURING IRELESS ARAMETERS CAUTION: Countermeasures affect wireless service on a radio. When a MAP radio is sending countermeasures, the radio is disabled for use by network traffic, until the radio finishes sending the countermeasures. Configured—Causes radios to attack only devices specified in the attack list on the WX switch (on-demand countermeasures).
Page 269 You can specify from 0 to 65535 seconds. The default channel interval is 3600 seconds. 3Com recommends that you use an interval of at least 300 seconds (5 minutes). If you set the interval to 0, RF Auto-Tuning does not reevaluate the channel at regular intervals.
Page 270 7: C HAPTER ONFIGURING IRELESS ARAMETERS At the end of each power-backoff interval, radios that temporarily increased their power reduce it by 1 dBm. The power backoff continues in 1 dBm increments after each interval until the power returns to expected setting. You can specify from 0 to 65535 seconds.
Page 271: Viewing And Changing The Auto-Dap Profile
Viewing and Changing the Auto-DAP Profile Voice Configuration Tab The Voice Configuration tab lists settings for VoIP services: QoS Mode—Classification and marking of high priority traffic on the WX and MAP: WMM—Classifies, marks, and forwards traffic for Wi-Fi Multimedia (WMM) devices based on 802.1p and DSCP values. SVP—Optimizes forwarding of SpectraLink Voice Priority (SVP) traffic by setting the random wait time a MAP radio waits before transmitting the traffic to 0 microseconds.
Page 272: Changing Auto-Dap Profile Settings
7: C HAPTER ONFIGURING IRELESS ARAMETERS Changing Auto-DAP To change settings for a switch’s Auto-DAP profile: Profile Settings 1 To enable the Auto-DAP profile, select Enabled. 2 To select the radio type, click the MAP Radio Type box and select the radio type from the list: 11a—802.11a 11b—802.11b only...
Page 273 Viewing and Changing the Auto-DAP Profile 6 In the Enable Firmware Update list, select Yes to automatically upgrade MAP boot firmware. The upgrade version of the firmware is loaded from a WX when the MAP is booting. Select No to disable automatic firmware upgrading. Automatic firmware upgrading is enabled by default.
Page 274: Converting Auto Daps Into Statically Configured Daps
7: C HAPTER ONFIGURING IRELESS ARAMETERS Converting Auto See “Converting Auto DAPs into Statically Configured APs” on page 69. DAPs into Statically Configured DAPs Deleting Auto DAPs See “Deleting Auto DAPs” on page 177. Viewing and MAPs contain radios that provide networking between your wired Configuring MAPs network and IEEE 802.11 wireless users.
Page 275: Viewing The Configured Maps
Maximum Configured Maximum Booted WX4400 24, 48, 72, 96, 120, depending on the license. WX1200 WXR100 WX2200 24, 48, 72, 96, 120 For a MAP that is directly connected to the WX, configure a MAP port instead. (For information, see “Configuring a Directly Connected MAP”...
Page 276 WX switch model: For a WX4400, you can specify a number from 1 to 300. For a WX1200, you can specify a number from 1 to 30. For a WXR100, you can specify a number from 1 to 8.
Page 277: Configuring A Directly Connected Map
(See “Creating a Distributed MAP” on page 275.) You cannot configure any gigabit Ethernet port, or port 7 or 8 on a WX1200 switch, or port 1 on a WXR100 switch, as a MAP port. To manage a MAP on a WX4400 switch, configure a Distributed MAP connection on the switch.
Page 278 7: C HAPTER ONFIGURING IRELESS ARAMETERS To configure a directly connected MAP 1 Access the Create Direct-Connect AP wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to Wireless.
Page 279: Changing The Map-Wx Security Mode
Viewing and Configuring MAPs c In the Channel Number list, select the channel number for the radio. If RF Auto-Tuning for channel configuration is enabled, setting this value has no effect. The channel number is controlled by RF Auto-Tuning. d In the Transmit Power box, specify the transmit power for the radio. If RF Auto-Tuning for power configuration is enabled, setting this value has no effect.
Page 280 7: C HAPTER ONFIGURING IRELESS ARAMETERS c Click the plus sign next to Wireless. d Select Access Points. 2 Select the MAP you want to modify and click Properties. 3 To select the radio type for a single-radio model, click the MAP Radio Type box and select the radio type from the list: 11a—802.11a 11b—802.11b only...
Page 281 Viewing and Configuring MAPs 8 To configure settings for a radio, click 802.11g Radio or 802.11a Radio. a To enable the radio, select Enabled. b If the MAP model supports external antennas, select the external antenna model from the Antenna Type box. c To indicate the direction of the antenna’s coverage, change the value in the Directionality of antenna box.
Page 282 7: C HAPTER ONFIGURING IRELESS ARAMETERS a To change the maximum power level RF Auto-Tuning can assign to the radio, select the power level from the Max. Transmit Power pull-down list. The default power level is default, which means RF Auto-Tuning can assign up to the maximum power level allowed for the radio.
Page 283: Viewing And Changing Radio Settings
Viewing and Changing Radio Settings Viewing and You can configure MAP radio settings when you configure the MAPs. Changing Radio You also can view or change radio settings after the MAPs are Settings configured. Viewing Radio To view radio settings: Settings 1 Select the Configuration tool bar option.
Page 284: Viewing And Changing Rf Detection Settings
7: C HAPTER ONFIGURING IRELESS ARAMETERS Viewing and This section contains procedures for configuring RF detection on an Changing RF individual switch. For an overview of RF detection and for specific Detection Settings information about the configuration options, see “Configuring Wireless Parameters”...
Page 285: Adding An Entry To The Permitted Ssid List
Viewing and Changing RF Detection Settings 4 Select the vendor from the Vendor drop-down list. 5 Select the specific OUIs you want to allow for the selected vendor. Go to step 9. If the vendor or OUI is not listed, click Cancel, then select Permitted OUI Entry in the Task List panel.
Page 286: Adding An Entry To The Rogue List
7: C HAPTER ONFIGURING IRELESS ARAMETERS Adding an Entry to To add an entry to the Rogue list: the Rogue List 1 Access the RF detection settings: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to Wireless.
Page 287: Enabling Map Signatures
Viewing and Changing RF Detection Settings A rogue is a device that is in the 3Com network but does not belong there. An interfering device is not part of the 3Com network but also is not a rogue. MSS classifies a device as an interfering device if no client...
Page 288 7: C HAPTER ONFIGURING IRELESS ARAMETERS...
Page 289: Configuring
The WX switch contains a local database that can store user information Managing Users in for a 3Com Mobility System. You can use the local database to create the Local User users and authenticate them, or you can use the local database in Database conjunction with a RADIUS server.
Page 290: Viewing Users And Groups In The Local Database
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS You can create two types of users in the local database: Named users — These users are authenticated by username and password and are assigned to specific VLANs. Users include administrators and network users. You can group these users by creating user groups, in order to simplify configuration.
Page 291: Creating A Named User
Creating and Managing Users in the Local User Database Creating a Named To create a named user: User 1 Access the Create Named User wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
Page 292: Creating A User Group And Assigning Users To It
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 9 Repeat step 5 through step 7 for each attribute value you want to change. 10 Click Finish. Creating a User To create a user group and assign users to it: Group and Assigning Users To It 1 Access the Create Named User Group wizard: a Select the Configuration tool bar option.
Page 293: Creating A Mac User
Creating and Managing Users in the Local User Database Creating a MAC User To create a MAC user: 1 When creating MAC address users, you configure authentication Access the Create MAC User wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch.
Page 294: Creating A Mac User Group And Assigning Users To It
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Creating a MAC User To create a MAC user group and assign users to it: Group and Assigning Users To It 1 Access the Create MAC User Group wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch.
Page 295: Authorization Attributes
Counter with CBC-MAC) encryption method are rejected. 2—Reserved Encryption-Type is a 4—TKIP (Temporal Key Integrity 3Com vendor-specific Protocol) attribute (VSA). The 8—WEP_104 (the default) vendor ID is 43, and the (Wired-Equivalent Privacy protocol vendor type is 3. using 104 bits of key strength) 16—WEP_40 (Wired-Equivalent...
Page 296 Profiles” on page 330.) name of a Mobility Profile that does Mobility-Profile is a not exist on the WX switch, the user 3Com vendor-specific is denied access. attribute (VSA). The vendor ID is 43, and the vendor type is 2.
Page 297 Name of the SSID you want the user to access after to use. The SSID must be configured (network access authentication. in a service profile, and the service mode only) profile must be used by a radio profile assigned to 3Com radios in the Mobility Domain.
Page 298 8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Table 22 Authentication Attributes for Local Users (continued) Attribute Description Valid Value(s) start-date Date and time at which Date and time, in the following the user becomes format: eligible to access the YY/MM/DD-HH:MM network.
Page 299 (required), and a the Session-Timeout time range in hhmm-hhmm duration (if set) expires, 4-digit 24-hour format (optional): whichever is shorter. mo—Monday Time-Of-Day is a 3Com vendor-specific tu—Tuesday attribute (VSA). The we—Wednesday vendor ID is 43, and the vendor type is 4.
Page 300: Viewing And Configuring Radius Settings
3Com Mobility System. Although you can use the local database on the WX switch to authenticate users, 3Com recommends using RADIUS to accommodate the large number of users in an enterprise network. For information about the RADIUS attributes supported by MSS, see the...
Page 301: Viewing Radius Settings, Servers, And Server Groups
Viewing and Configuring RADIUS Settings Viewing RADIUS To view RADIUS settings, servers, and server groups: Settings, Servers, and Server Groups 1 Select the Configuration tool bar option. 2 In the Organizer panel, click the plus sign next to the WX switch. 3 Click the plus sign next to AAA.
Page 302: Creating A Radius Server Group
Providing an authorization password is required only for users whose devices are authenticated by their MAC addresses or for last-resort users, neither of which have a regular username or password. The default authorization password is 3Com. Changing the password applies both to MAC users and to last-resort users.
Page 303: Changing Default Radius Settings
Viewing and Configuring RADIUS Settings d Select RADIUS. e In the Task List panel, select RADIUS Server Group. 2 In the Name box, type the name of the RADIUS server group (1 to 32 alphanumeric characters, with no spaces or tabs). Do not use the same name for a RADIUS server and a server group.
Page 304 8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Authorization password Use of the WX switch’s system IP address as the source address for RADIUS packets from the switch When you create a new RADIUS server, the default settings apply to the new server.
Page 305: Viewing And Configuring Global 802.1X Settings
Providing an authorization password is required only for users whose devices are authenticated by their MAC addresses or for last-resort users, neither of which have a regular username or password. The default authorization password is 3Com. Changing the password applies both to MAC users and to last-resort users.
Page 306 8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 2 To enable 802.1X authentication for all wired authentication ports on the WX switch, select System Authentication Control. To disable 802.1X authentication for all wired authentication ports, clear System Authentication Control. By default, 802.1X authentication is enabled.
Page 307 Viewing and Configuring Global 802.1X Settings 9 To enable reauthentication of 802.1X clients, select Reauthentication. To disable reauthentication, clear Reauthentication. By default, reauthentication is enabled. 10 To specify the number of reauthentication requests the WX switch attempts before a client becomes unauthorized, specify the value (1 to 10) in the Reauthentication Attempts box.
Page 308: Viewing And Configuring 802.1X Network Access Rules
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Viewing and This section describes how to view and configure 802.1X rules for user Configuring 802.1X network access. Network Access To configure other types of network access rules, see the following: Rules “Viewing and Configuring MAC Network Access Rules”...
Page 309 Viewing and Configuring 802.1X Network Access Rules 2 Specify whether the rule is for wireless access to an SSID or access through a wired authentication port: If the rule is for access to an SSID, do one of the following: To match on any SSID name, leave the value any in the SSID box.
Page 310 Cannot be used with RADIUS server authentication (requires user information to be in the switch’s local database) Pass-Through—No protocol is used by the WX. 3Com Mobility System Software (MSS) sends the EAP processing to a RADIUS server. If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, there is no the EAP Sub-Protocol to select.
Page 311 Viewing and Configuring 802.1X Network Access Rules If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list.
Page 312: Viewing And Configuring Mac Network Access Rules
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Viewing and MAC network access rules allow users onto the network by Configuring MAC authenticating their MAC addresses instead of their user names. Network Access During log on, if the username does not match an 802.1X authentication Rules rule, but the MAC address of the user’s NIC or Voice-over-IP (VoIP) phone and the SSID (if wireless) do match a MAC authentication rule, MSS...
Page 313 Viewing and Configuring MAC Network Access Rules 2 Specify whether the rule is for wireless access to an SSID or access through a wired authentication port: If the rule is for access to an SSID, do one of the following: To match on any SSID name, leave the value any in the SSID box.
Page 314 8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS MSS tries the methods in the order they appear in the Current RADIUS Server Groups list. To reorder the methods, select a method and click Up or Down. If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list.
Page 315: Viewing And Configuring Webaaa Network Access Rules
Viewing and Configuring WebAAA Network Access Rules Viewing and Web AAA allows network users to access the network by logging on a Configuring web page. WebAAA Network When a user attempts to access a web page over the network, the WX Access Rules switch intercepts the HTTP or HTTPS request and serves a login Web page to the user.
Page 316: Creating A Web Aaa Network Access Rule
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Creating a Web AAA To create a Web AAA network access rule: Network Access Rule 1 Access the Create MAC Network Access wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
Page 317 Viewing and Configuring WebAAA Network Access Rules For EAP with Transport Layer Security (EAP-TLS) clients, the format is username@domain_name. For example, sydney@example.com specifies the user sydney in the domain name example.com. The *@marketing.example.com glob specifies all users in the marketing department at example.com.
Page 318: Viewing And Configuring Last-Resort Network Access Rules
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 10 Select the accounting method(s) in the Available RADIUS Server Groups list and click Add. The options and processing are the same as those for authentication methods. (See step 6.) 11 Click Finish. Viewing and Last resort access allows users to access the network without entering a Configuring...
Page 319 Viewing and Configuring Last-Resort Network Access Rules 2 Specify whether the rule is for wireless access to an SSID or access through a wired authentication port: If the rule is for access to an SSID, do one of the following: To match on any SSID name, leave the value any in the SSID box.
Page 320: Viewing And Configuring Wx Administrator Access Rules
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 7 To enable this accounting rule for the SSID, select Enabled. By default, accounting rules you configure in 3WXM are disabled, which means 3WXM does not add the rules to the switch’s configuration. 8 Select one of the following record options: Select Start-Stop to specify that records are sent at the start of a session and the end of a session.
Page 321: Creating An Access Rule For Console Access
Viewing and Configuring WX Administrator Access Rules Creating an Access To create an access rule for console access: Rule for Console Access 1 Access the Create Console Admin User wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
Page 322: Creating An Access Rule For Telnet Or Ssh Access
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 7 To enable this accounting rule for the SSID, select Enabled. By default, accounting rules you configure in 3WXM are disabled, which means 3WXM does not add the rules to the switch’s configuration. 8 Select one of the following record options: Select Start-Stop to specify that records are sent at the start of a session and the end of a session.
Page 323 Viewing and Configuring WX Administrator Access Rules MSS tries the methods in the order they appear in the Current RADIUS Server Groups list. To reorder the methods, select a method and click Up or Down. If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list.
Page 324: Viewing And Configuring Aaa Support For Third-Party Ap Users
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Viewing and A WX switch can provide network access for users associated with a Configuring AAA third-party AP that has authenticated the users with RADIUS. You can Support for connect a third-party AP to a WX switch and configure the WX to provide Third-Party AP authorization for clients who authenticate and access the network Users...
Page 325 Viewing and Configuring AAA Support for Third-Party AP Users For the userglob, type a full or partial username to be matched during authentication (1 to 80 alphanumeric characters, with no spaces or tabs). The format of a user glob depends on the client type and EAP method. For Windows domain clients using Protected EAP (PEAP), the user glob is in the format Windows_domain_name\username.
Page 326: Configuring A Radius Proxy For A Client
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Configuring a RADIUS To configure a RADIUS proxy for a client: Proxy for a Client 1 Access the Create RADIUS Proxy Client wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
Page 327: Viewing And Changing Location Policy Rules
Viewing and Changing Location Policy Rules Viewing and During the login process, the AAA authorization process is started immediately Changing Location after clients are authenticated to use the WX switch. During authorization, Policy Rules MSS assigns the user to a VLAN and applies optional user attributes, such as a session timeout value and one or more security ACL filters.
Page 328: Creating A Location Policy Rule
8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Creating a Location To create a location policy rule: Policy Rule 1 Access the Create Location Rule wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
Page 329 Viewing and Changing Location Policy Rules 9 Select the Distributed MAPs for which the location policy is applied and click Add. 10 Click Next. 11 In the Action list, select one of the following: Permit—Allows access if the conditions in the location policy rule are matched.
Page 330: Viewing And Changing Mobility Profiles
After creating a Mobility Profile, you can assign it to users created in the local WX user database, or users who are authenticated and authorized by a RADIUS server. You assign the name of the Mobility Profile by using the Mobility-Profile RADIUS attribute, which is a 3Com vendor-specific attribute (VSA). Viewing Mobility...
Page 331 Viewing and Changing Mobility Profiles 4 In the Ports drop-down list, select the ports to include in the Mobility Profile: All—Include all MAP or wired authentication ports. Selected—Include a selected list of ports. None—Include no ports. If you select Selected, select the individual ports in the Available Physical Ports list and click Add.
Page 332 8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS...
Page 333: Configuring Wx Switches Remotely
WX S ONFIGURING WITCHES EMOTELY You can use 3WXM Services running in your corporate network to configure WX switches in remote offices. The following remote configuration scenarios are supported: Drop ship—3WXM Services running in the corporate network can configure a WXR100 switch shipped directly to a remote office. This option does not require any preconfiguration of the switch.
Page 334: How Remote Wx Configuration Works
9: C WX S HAPTER ONFIGURING WITCHES EMOTELY How Remote WX Configuration Works Drop Ship (WXR100 Only) 1 The WXR100 is shipped directly to the remote office where it will be deployed. 2 The network administrator at the corporate office preconfigures the switch in a 3WXM network plan.
Page 335 How Remote WX Configuration Works Figure 9 shows the location of the Fn switch and the LED. Figure 9 Fn Switch on WXR100 5 Because the Fn switch was pressed while the switch was starting, the WXR100 configures the following items to enable itself to contact 3WXM Services: Ports 1 and 2 in the default VLAN (VLAN 1) DHCP client on VLAN 1 enabled...
Page 336: Staged Wx
9: C WX S HAPTER ONFIGURING WITCHES EMOTELY If the serial number does not match and the Auto-Config IP Subnet Matching option is disabled, 3WXM cannot give the switch a configuration. 3WXM generates a verification warning (on the Network Verification tab). The warning lists the switch’s serial number and IP address.
Page 337: 3Wxm Requirements
3WXM Requirements 8 3WXM receives the configuration request, and looks in the currently open network plan for a switch configuration with the same model and serial number as the one in the configuration request. If the network plan contains a configuration with a matching model and serial number, 3WXM sends the configuration to the switch.
Page 338: Staging A Wx Switch For Configuration By 3Wxm
DNS domain name, and DNS server IP addresses. 1 Configure a VLAN: WX1200# set vlan 1 port 7 success: change accepted. 2 Enable the DHCP client on VLAN 1: WX1200# set interface 1 ip dhcp-client enable success: change accepted.
Page 339: Example 2: Deployment Site Has No Dhcp And No Dns
WX1200# set vlan 1 port 7 success: change accepted. 2 Configure an IP interface on the VLAN. WX1200# set interface 1 ip 192.168.1.252 255.255.255.0 success: change accepted. 3 Configure a default route through the local gateway: WX1200# set ip route default 192.168.1.1 1 success: change accepted.
Page 340: Example 3: Deployment Site Has Dns But No Dhcp
WX1200# set vlan 1 port 7 success: change accepted. 2 Configure an IP interface on the VLAN. WX1200# set interface 1 ip 192.168.1.252 255.255.255.0 success: change accepted. 3 Configure a default route through the local gateway: WX1200# set ip route default 192.168.1.1 0 success: change accepted.
Page 341: Example 4: Deployment Site Has Dhcp But Local Dns Domain Differs From Corporate Dns Domain
Staging a WX Switch for Configuration by 3WXM Example 4: The deployment site in this example has a DHCP server, so the switch’s Deployment Site Has DHCP client is enabled. Static IP address and default gateway information DHCP But Local DNS are not required.
Page 342: Preconfiguring A Switch In 3Wxm
9: C WX S HAPTER ONFIGURING WITCHES EMOTELY Preconfiguring a If you know the switch’s serial number, use the following procedure to Switch in 3WXM set up the switch’s configuration in 3WXM. 1 Start 3WXM Services. 2 Start a 3WXM client and connect to 3WXM Services. 3 Select Tools >...
Page 343: Uploading A Partially Configured Switch And Completing Its Configuration With 3Wxm
Preconfiguring a Switch in 3WXM Uploading a Partially Even if you do not know the serial number of a WX switch, you still can Configured Switch configure the switch in 3WXM. When the switch contacts 3WXM for a and Completing its configuration, 3WXM generates a warning message such as the Configuration with following:...
Page 344: Replacing A Switch And Reusing Its Configuration
9: C WX S HAPTER ONFIGURING WITCHES EMOTELY Replacing a Switch If a remote switch that is configured by 3WXM fails, you can install a new and Reusing its switch in its place and use 3WXM to configure the switch with the Configuration replaced switch’s configuration.
Page 345: Enabling Replacement Of Remote Switches
Replacing a Switch and Reusing its Configuration If the switch is a WXR100, the person at the remote office also inserts a paperclip or similar object into the WXR100’s Fn hole to press the Fn switch. Normally, the Fn LED (the right LED above port 1) remains solidly lit for 3 seconds after power on.
Page 346: Replacing A Switch
Replacing a Switch This task is performed by someone at the remote office and does not require a network administrator. 3Com recommends that you read through the entire procedure before beginning. To replace a switch 1 Remove the power cord from the old switch.
Page 347: Wx File Management Options
WX S ANAGING YSTEM MAGES ONFIGURATIONS This chapter describes the management of WX system files. It includes information about uploading a WX switch configuration into 3WXM, verifying configuration information, synchronizing local and network changes, deploying WX switches from a network plan to the network, distributing image and configuration files, importing and exporting WX switch configuration files, working with domain policies, and rebooting WX switches or MAP access points.
Page 348: Devices Tab
10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Table 23 WX File Management Options in 3WXM (continued) Option Description Synchronize Compares switch configurations in the network with their local and counterparts in the network plan, and enables you to review the network differences, and either deploy the new changes to synchronize the changes...
Page 349: Task List Options
Devices Tab Task List Options The Task List panel in the Devices tab has the following pages: Change Management Device Operations Table 24 lists the tasks you can select on the Devices tab. Table 24 Devices Tasks Task Task Option Group Task Description...
Page 350 10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Table 24 Devices Tasks (continued) Task Task Option Group Task Description Other Upload Add a WX switch to the network plan by copying its configuration from a live switch in the network.
Page 351 Devices Tab Table 24 Devices Tasks (continued) Task Task Option Group Task Description Device Actions Reboot Reboot a WX switch and the MAPs it is Operations, WX and managing. cont. (See “Rebooting WX Switches or MAP Access Points” on page 358.) Reboot Reboot MAPs.
Page 352: Toolbar Options
10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Toolbar Options Table 25 lists the options on the Devices tab’s toolbar. Table 25 Toolbar Options on Devices Tab Option Description Upload WX Opens the Upload Wireless Switch dialog box, which lets you add a new switch to the network plan by copying the configuration from a switch already running in the network.
Page 353: Accepting Network Changes
Synchronizing Local and Network Changes Selecting Review in Local Changes displays changes made in 3WXM. Selecting Review in Network Changes displays changes that have occurred in the network. 5 To print the changes, click Print. 6 Click Close to return to the Managed Devices tab. Accepting Network To accept network changes: Changes...
Page 354: Deploying Switch Configuration Changes
10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Deploying Switch You can deploy changes immediately or schedule them to be deployed Configuration later. Changes When you deploy changes to a WX, all of the changes are sent as a single transaction.
Page 355: Changes
Synchronizing Local and Network Changes You can click Close at any time after clicking Deploy. The operation continues in the background. To review the status of the operation, use the operation log. (See “Viewing the Operation Log” on page 360.) To schedule deployment of local changes 1 Select the Devices tool bar option.
Page 356: Distributing System Images
10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Distributing System You can use 3WXM to upgrade or downgrade the system image (MSS Images software) on WX switches. System images include switch software and MAP software. Using the Image Use the image repository to add or delete WX system images.
Page 357: Distributing System Images
“Rebooting WX Switches or MAP Access Points” on page 358. 3Com recommends that you use the Verification tab to resolve any configuration errors or warnings before you distribute system images. Before you can distribute an image, you must add it to the image repository.
Page 358: Rebooting Wx Switches Or Map Access Points
10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS 7 Edit the start date and time. (The date and time are based on the date and time on the machine where 3WXM Services is installed.) 8 Click Finish. Rebooting WX You can use 3WXM to reboot WX switches and MAPs.
Page 359: Enabling Or Disabling Management Of A Switch By 3Wxm
Enabling or Disabling Management of a Switch by 3WXM Enabling or The Devices tab lists managed switches and unmanaged switches Disabling separately. Managed switches can be deployed to the network and can Management of a be monitored by 3WXM Services. Unmanaged switches can be Switch by 3WXM configured in 3WXM but cannot be deployed to the network or monitored by 3WXM Services.
Page 360: Viewing The Operation Log
10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Viewing the The operation log displays information about the operations you perform Operation Log using the Devices options. To display the operation log 1 Select the Devices tool bar option. 2 At the bottom of the Task List panel, select Device Operations.
Page 361: Importing And Exporting Switch Configuration Files
Importing and Exporting Switch Configuration Files Importing and You can import or export switch configuration files in Extensible Markup Exporting Switch Language (XML) format. Configuration Files The import option enables you to create a WX switch in the network plan by importing configuration files in Extensible Markup Language (XML) format.
Page 362 10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS 7 Click Import. The status of the import process appears in the Status column. 8 Click Close to save the changes. 9 Enable 3WXM to manage the switch. (See “Modifying Basic Switch Parameters”...
Page 363: Modifying Configuration Change Polling Options
Modifying Configuration Change Polling Options Modifying By default, 3WXM client polls WX switches in the network every 15 Configuration minutes for network changes, and displays a popup message if changes Change Polling are detected. The popup message is in addition to notification in the Options Alerts panel.
Page 364 10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS...
Page 365: Verifying Configuration Changes
ERIFYING ONFIGURATION HANGES 3WXM uses a set of rules to verify WX switch configurations. Changes to a switch’s configuration in 3WXM or in the live network are automatically evaluated by comparing the changes to the rules. If the evaluation detects any error or warning conditions, the information in the Alerts panel is updated: Errors or warnings in a switch’s configuration in 3WXM affect the Configuration counts.
Page 366: Toolbar Options
11: V HAPTER ERIFYING ONFIGURATION HANGES Details about the selected error or warning appear in the lower left section of the tab. The Resolution section of the tab lists options for resolving the warning or error. Toolbar Options Table 27 lists the options on the Event tab’s toolbar. Table 27 Toolbar Options on Verification Tab Option Description...
Page 367: Disabling A Rule From The Message List
Resolving an Error or Warning To resolve an error or warning 1 Select the error or warning message in the Message column. 2 Read the information in the Error/Warning Details section. For some errors and warnings, this section contains information about how to resolve the error or warning.
Page 368: Changing Verification Options
11: V HAPTER ERIFYING ONFIGURATION HANGES To globally disable a warning or error 1 Select an instance of the warning or error message. 2 In the Resolutions section, click disable this rule for all instances. As soon as you click on this option, all instances of the message disappear from the list.
Page 369: Disabling And Reenabling Rules
Resolving an Error or Warning 3Com recommends that you do not deploy a network plan that contains configuration errors. Allowing configuration errors to be deployed to the network can affect network stability. 3 Click Close to place the changes into effect and close the dialog box.
Page 370 11: V HAPTER ERIFYING ONFIGURATION HANGES 6 Reenable the rule or instances: To reenable a rule all of whose instances are disabled, click on the checkbox in the Enabled column. The Disable All Instances option is deselected. To reenable an individual instance of a rule, click on the checkbox next to the instance.
Page 371: Managing
PKS #12 files. Overview A digital certificate is a form of electronic identification for computers. The 3Com Mobility System supports the following types of X.509 digital certificates: Administrative certificate for the monitoring service or a WX switch 802.1X-EAP certificate for a WX switch WebAAA certificate for a WX switch Certificate authority certificate to validate the administrator’s certificate...
Page 372: Processing Certificates
12: M HAPTER ANAGING ERTIFICATES Processing When 3WXM client connects to 3WXM Services or to a WX switch that Certificates presents a certificate that is unknown to 3WXM client, the Certificate Check dialog box appears. The dialog shows information about the certificate and allows you to accept or reject the certificate and therefore accept or reject the connection.
Page 373: Managing Certificates
Managing Certificates Managing After you have installed certificates, you can review a certificate or delete Certificates a certificate that is stored in the 3WXM certificate store. Reviewing Certificate After installing a certificate in 3WXM, you can see information such as Details the time frame for which the certificate is valid and who issued the certificate.
Page 374: Distributing Certificates To Wx Switches
12: M HAPTER ANAGING ERTIFICATES Distributing You can use 3WXM to distribute certificates from PKCS #12 files to one Certificates to WX or more WX switches. Switches Although you can distribute one PKCS #12 file to many WX switches, as a best practice, you should install a unique certificate and key pair per WX.
Page 375: Configuring And Ap
ONFIGURING AND PPLYING OLICIES A policy is a set of WX configuration parameters that you can define once in 3WXM and then apply to multiple WX switches. When you apply a policy to a set of WX switches, all parameter settings in the policy are applied to the switches and update the settings already on the switches.
Page 376: Viewing Policies
13: C HAPTER ONFIGURING AND PPLYING OLICIES Viewing Policies To view policies: 1 Select the Policies tool bar option. 2 To view the feature areas in the policy, click on the plus sign next to the policy name. Only the areas that are configured in the policy are listed. Click on the plus sign next to individual feature areas.
Page 377: Configuring Feature Settings In A Policy
Configuring Feature Settings in a Policy Configuring To configure feature settings in a policy: Feature Settings in a Policy 1 If you have not already done so, use the procedure in “Creating a Policy” on page 376 to configure a policy and select the switches to which you want to apply the policy.
Page 378 13: C HAPTER ONFIGURING AND PPLYING OLICIES Table 28 Feature Categories For This Feature Area See... System Features IP Services “Viewing and Configuring IP Services Settings” on page 203 VLANs, Spanning Trees “Viewing and Configuring VLANs” on page 208 and Port Groups “Changing STP Port Settings in a VLAN”...
Page 379: Using The
SING THE VENT 3WXM maintains a log of system events. The log contains messages generated by the following: WX switches in the network plan—messages generated by the WX switches in the network plan that are being monitored by the 3WXM service 3WXM Services—messages generated by the 3WXM server the client is in communication with 3WXM client—messages generated by the instance of the 3WXM...
Page 380: Refreshing Event Data
14: U HAPTER SING THE VENT Refreshing Event By default, the event data is refreshed whenever the 3WXM client Data generates a new message for itself, or receives a new message from the 3WXM Services. To disable automatic refreshing of events, clear the Auto-update checkbox and click Apply.
Page 381: Filtering Events By Content
Filtering Event Messages Filtering Events by When using the predefined filters, you can limit the events you see in Content Event tab by specifying criteria such as IP address, date, or text in the log message. You can use advanced filters to further limit the events you see. To filter messages by content 1 In the Event Source box, type an event source name or part of an event source name.
Page 382 14: U HAPTER SING THE VENT In the Start box, click the arrow to use the calendar to specify the day, month, and year. Specify the end time. After—Only events that occurred after a specified time In the Start box, click the arrow to use the calendar to specify the day, month, and year.
Page 383: Filtering Events By Severity
Filtering Event Messages Filtering Events by You can limit the events you see in Event tab based on event severity. Severity 1 Click on the Severity tab. 2 Select or clear the severity levels to display (the following descriptions are WX-based): Emergency—The WX is unusable.
Page 384: Creating And Saving Filters
14: U HAPTER SING THE VENT Creating and Saving If you have specified additional criteria to filter the events, you can save Filters the criteria as a stored custom filter. 1 In the Stored Filters group box, type a new filter name in the Name box. 2 Type a name for the filter (1 to 80 alphanumeric characters, with no tabs).
Page 385: Generating Reports
ENERATING EPORTS This chapter describes the reports you can generate with 3WXM: Inventory Mobility Domain Configuration WX Configuration Client Summary Client Details Client Errors Watch List Client Network Usage RF Summary Radio Details Rogue Summary Site Survey Work Order...
Page 386: Overview
15: G HAPTER ENERATING EPORTS Overview The Reports option of the 3WXM toolbar enables you to generate reports for network clients, RF usage, rogue devices, and 3Com equipment. Configuration reports: Inventory Mobility Domain Configuration WX Configuration Client monitoring reports: Client Summary...
Page 387: Generating An Inventory Report
Generating an Inventory Report Generating an The inventory report lists the WX switches and MAP access points in a Inventory Report specific Mobility Domain or that do not belong to a Mobility Domain. To generate an inventory report 1 Select the Reports tool bar option. 2 In the Report Category list, select Configuration Reports.
Page 388: Generating A Mobility Domain Configuration Report
15: G HAPTER ENERATING EPORTS Generating a The Mobility Domain configuration report lists information for all the WX Mobility Domain switches in a Mobility Domain, including the VLANs, radio and service Configuration profiles, and RADIUS server groups and servers configured on the WX Report switch(es).
Page 389: Generating A Wx Configuration Report
Generating a WX Configuration Report Generating a WX The WX configuration report lists configuration details for a WX switch. Configuration Report 1 Select the Reports toolbar option. 2 In the Report Category list, select Configuration Reports. 3 In the Reports list, select WX Configuration. 4 In the Report Scope Instance drop-down list, select the switch for which you want the report.
Page 390: Generating A Client Summary Report
15: G HAPTER ENERATING EPORTS Table 32 WX Configuration Report Sections (continued) Section Description ACLs Access Control Lists (ACLs) configured on the WX switch. Directly connected MAPs configured on the WX switch. Distributed APs Distributed MAPs configured on the WX switch. Radio Profiles Radio profiles configured on the WX switch.
Page 391: Generating A Client Details Report
Generating a Client Details Report 5 Select the instance for which you want the report. For example, if the scope is Building, select the building. 6 To select or change the output directory for the report, click Choose, navigate to the new directory, and click Select. 7 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option.
Page 392 15: G HAPTER ENERATING EPORTS 4 Click Add to add a report filter. The filter configuration fields are activated. 5 Click on the Select field, and select one of the following from the drop-down list: User Name IP Address MAC Address 6 Click on the Value field.
Page 393: Generating A Client Errors Report
Generating a Client Errors Report Generating a Client The client errors report lists error statistics for current client sessions. Errors Report The data for this report comes from 3WXM Services. The Enable RF trending option, located in the RF Monitor group box, must be enabled. (See “Changing Monitoring Settings”...
Page 394: Generating A Watch List Client Report
15: G HAPTER ENERATING EPORTS Generating a Watch The watch list client report lists session information and roaming history List Client Report for clients on the watch list. The client must be on the client watch list. (See “Managing the Client Watch List”...
Page 395: Generating A Network Usage Report
Generating a Network Usage Report Session Statistics AP Statistics (See “Using the Client Monitor View” on page 417 for information about the data columns in each section of the report.) Generating a The network usage report lists network usage statistics. Network Usage The data for this report comes from 3WXM Services.
Page 396: Generating An Rf Summary Report
15: G HAPTER ENERATING EPORTS 8 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 9 Click Generate. 10 When the report is generated, click the report link to view it. The network usage report contains the following sections: Cumulative statistics for the scope of the report Usage statistics on individual WX switches...
Page 397: Generating A Radio Details Report
Generating a Radio Details Report 7 To select or change the output directory for the report, click Choose, navigate to the new directory, and click Select. 8 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option.
Page 398: Generating A Rogue Details Report
15: G HAPTER ENERATING EPORTS 8 Click Generate. 9 When the report is generated, click the report link to view it. (See “Using the RF Monitor View” on page 444 and “Using the RF Trends View” on page 449 for information about the data in each section of the report.) Generating a Rogue The rogue details report lists detailed information about rogue devices.
Page 399: Generating A Rogue Summary Report
Generating a Rogue Summary Report Generating a Rogue The rogue summary report lists information about rogues. Summary Report The data for this report comes from 3WXM Services. The Enable Rogue Detection option, located in the Rogue Detection group box of the Monitoring Settings tab, must be enabled.
Page 400: Generating A Site Survey Order
15: G HAPTER ENERATING EPORTS 9 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 10 Click Generate. 11 When the report is generated, click the report link to view it. The report lists the BSSIDs of the rogues detected by each WX switch.
Page 401: Generating A Work Order
A work order provides all of the necessary information for the physical Order installation of the 3Com Mobility System. A work order shows where the MAP access points should be installed, WX initial setup configuration information, and projected RSSI information that is useful when verifying the installation.
Page 402 15: G HAPTER ENERATING EPORTS 7 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select. 8 Click Generate. 9 When the report is generated, click View. A browser window containing the report opens.
Page 403: Monitoring The Network
Explore — Shows the operational status of 3Com equipment: WX switches, MAP access points, and radios. Status Summary — Shows tables of basic information for the 3Com equipment. Client Monitor — Shows activity, errors, and session information for network clients. Additionally, you can configure a watch list of clients and track their activity and session histories over time, up to 30 days.
Page 404: Requirements For Monitoring
16: M HAPTER ONITORING THE ETWORK The 3WXM Services is configured to provide data for the Explore and Status Summary windows by default. To provide data to the client and RF windows, you must enable the service to poll WX switches for client and RF data.
Page 405: Using The Explore Window
3 Select an object in the Organizer panel. Monitored data for the selected object is displayed. Using the Explore The Explore view shows the status of 3Com equipment within the scope Window of the object selected in the Equipment or Sites section of the Organizer panel.
Page 406 16: M HAPTER ONITORING THE ETWORK If you select a MAP access point, radio, wiring closet, or coverage area in the Sites section of the Organizer panel, the floor plan is displayed. The floor plan is displayed only if you add the floor to the site information in the network plan.
Page 407: Toolbar Options
Using the Explore Window In either the link display or the floor display, the operational status of 3Com equipment is indicated by the following colors: Green — Up Yellow — Up (but with minor service degradation) Orange — Up (but with major service degradation) Red —...
Page 408 16: M HAPTER ONITORING THE ETWORK Table 34 lists the options on the toolbar in the floor display. Table 34 Toolbar Options in Floor Display of Explore View Icon Description Edit 3WXM preferences. Configure 3WXM Services. Launch Help. Zoom in. Zoom out.
Page 409: Threshold Flags
Using the Explore Window Table 34 Toolbar Options in Floor Display of Explore View (continued) Icon Description Show 802.11b coverage. Show 802.11g coverage. Hide the 802.11 coverage. Take an RF measurement. Display the view in reverse video. Threshold Flags A red flag next to an object in the link view of the Explore view indicates that a threshold for the object has been exceeded.
Page 410 16: M HAPTER ONITORING THE ETWORK You can click on the object that has the red flag for more information. An asterisk indicates the statistic whose threshold was crossed. In the example below, the WX switch has a higher signal-to-noise ratio (SNR) than specified for the threshold.
Page 411 Using the Explore Window When a red flag appears in the Explore view, the column for the statistic whose threshold was exceeded also turns red in the RF Trends view.
Page 412: Displaying Object Details
16: M HAPTER ONITORING THE ETWORK Displaying Object To drill down for more detailed information for an object in the Explore Details view, double-click on the object. All Monitor views, including the Explore view itself, are updated to display information specifically about the selected object.
Page 413 Using the Explore Window The jagged appearance of the coverage area is normal and is caused by the RF obstacles around the radio. The RF obstacle information in the floor plan enables 3WXM to more accurately portray RF information for the network, including a radio’s coverage.
Page 414: Taking Rf Measurements
In the floor plan display, you can take an RF measurement at any point on Measurements the floor plan. An RF measurement point indicates the RSSI value for each 3Com radio on the floor. To take an RF measurement 1 In the floor plan display of the Explore view, click on the window’s...
Page 415 Using the Explore Window RSSI measurements RF measurement point Table 36 lists the RF measurement information that is displayed for the measurement point. Table 36 RF Measurement Information Item Value X (Feet) Distance in the X direction from the 0,0 coordinate (the upper left corner of the panel).
Page 416: Using The Status Summary View
The measurement data is immediately updated for the new measurement point. Using the Status The Status Summary view shows the operational status of 3Com equipment Summary View (WX switches, their MAPs, and MAP radios). The Status column shows the equipment status, using the same colors as the Explore view.
Page 417: Using The Client Monitor View
Using the Client Monitor View Using the Client The Client Monitor view shows detailed information about client activity Monitor View on the network. Client information is displayed in the following tabs: Client Activity — displays association and 802.1X information for the clients Client Sessions —...
Page 418: Refreshing Client Data
16: M HAPTER ONITORING THE ETWORK Table 37 Toolbar Options in Client Monitor View (continued) Option Description Adds the user to the tracking list. 3WXM starts collecting session and roaming data for the user. Removes the user from the tracking list, so that 3WXM stops collecting session and roaming data for the user.
Page 419 Using the Client Monitor View The same counters appear when you select a Site, building, or floor. Table 38 lists the data displayed on the Client Activity tab when a Mobility Domain is selected. The counters are incremented each time the 3WXM Services receives a client activity trap generated by a WX switch.
Page 420 The VLAN the client is assigned to cannot be found. Association Failures Number of times a 3Com radio refused a client’s association request. Common causes of association failures include the following: The encryption cipher requested by the client is not enabled or not supported on the radio.
Page 421 Using the Client Monitor View Table 38 Client Activity Columns When a Mobility Domain is Selected Option Description Associations Number of times a client associated with a radio on this WX switch. De-Associations Number of times a client de-associated from a radio on this WX switch.
Page 422 16: M HAPTER ONITORING THE ETWORK Table 39 lists the data displayed on the Client Activity tab when a WX switch, MAP, or individual radio is selected. Table 39 Client Activity Columns When a WX Switch, MAP, or Radio is Selected Option Description Event Type...
Page 423 Using the Client Monitor View Table 40 Activity Details for Association Failure Column Description MAC Address MAC address of the client. Failure Cause Cause of the association failure: already-exist cipher-mismatch cipher-rejected load-balance other switching-ssid wep-not-configured Client Location Mobility Domain, WX switch, MAP access point, and radio that were dealing with the client.
Page 424 Mobility Domain, WX switch, MAP access point, and radio that were dealing with the client. Session ID ID used by 3Com equipment to track the session within the Mobility Domain. Auth Server IP System IP address of the WX switch that was attempting to authenticate the client.
Page 425 Mobility Domain, WX switch, MAP, and radio that were dealing with the client. Session ID ID used by 3Com equipment to track the session within the Mobility Domain. Auth Server IP System IP address of the WX switch that was attempting to authenticate the client.
Page 426 Client Location Mobility Domain, WX switch, MAP, and radio that were dealing with the client. Session ID ID used by 3Com equipment to track the session within the Mobility Domain. Client IP Address IP address of the client. Session State State of the user session: Associated —...
Page 427 MAC Address MAC address of the client. SSID SSID the client was associated with. Session ID ID used by 3Com equipment to track the session within the Mobility Domain. Client IP Address IP address of the client. Client Location Mobility Domain, WX switch, MAP, and radio that were dealing with the client.
Page 428 16: M HAPTER ONITORING THE ETWORK Table 45 Activity Details for Disassociation (continued) Column Description Client IP Address IP address of the client. Auth Server IP System IP address of the WX switch that was attempting to authenticate the client. Note —...
Page 429: Displaying Client Session Information
Roamed from Client WX switch, MAP access point, and radio from which the Location client roamed. Session ID ID used by 3Com equipment to track the session within the Mobility Domain. Client IP Address IP address of the client. Client Location Mobility Domain, WX switch, MAP access point, and radio to which the client roamed.
Page 430 16: M HAPTER ONITORING THE ETWORK Table 48 lists the data displayed on the Client Sessions tab when the scope is a Mobility Domain. Table 48 Client Sessions Columns When a Mobility Domain is Selected Column Description Scope Scope of the data displayed in the row. The scope for each row in the Client Activity tab is always a WX switch.
Page 431 Using the Client Monitor View Table 49 Client Sessions Columns When Scope Is a WX Switch, MAP, or Radio Column Description Username Username the client used to log on to the network. The username is shown in one of the following formats: Named user Windows domain users using PEAP MAC address (for devices that are authenticated by MAC...
Page 432 16: M HAPTER ONITORING THE ETWORK Table 50 Session Properties Columns Column Description Username Username the client used to log on to the network. MAC Address MAC address of the client. Start Time Date and time when the session began. The date and time are based on the system date and time of the WX switch with which the client is associated.
Page 433 Using the Client Monitor View Table 50 Session Properties Columns (continued) Column Description Session State State of the user session: Associated — User is authenticated using an 802.11 protocol and associated with a MAP. Authorizing — User is authenticated and is starting the AAA authorization process.
Page 434 16: M HAPTER ONITORING THE ETWORK Displaying Session Statistics On the Client Sessions tab, select the Session Statistics tab at the bottom of the view. On the Session Statistics tab, you can select statistics for the MAP the client is associated with, or total statistics for the client’s entire roaming history.
Page 435 Displaying Session Location History On the Client Sessions tab, select the Location History tab at the bottom of the window. Each row represents a session with a 3Com radio. When a client roams from one radio to another, the session on the radio the client is leaving is closed and a new session is opened on the radio to which the client is roaming.
Page 436: Managing The Client Watch List
16: M HAPTER ONITORING THE ETWORK Sessions in the location history are sorted from newest to oldest, with the oldest session at the bottom of the list and the newest session at the top. Table 52 lists the information displayed on the tab. Table 52 Location History Columns Column Description...
Page 437 Using the Client Monitor View 1 In the Client Monitor window, click on the window’s toolbar. The Find Clients dialog box appears. 2 Select one of the following: Find a specific user — to find a user using specific search attributes. Go to step 3.
Page 438 16: M HAPTER ONITORING THE ETWORK When specifying search criteria, you must provide an exact match. For a username, you can also specify the prefix of the username. For example, to find natasha@example.com, you could specify the following: natasha@example.com Wildcards are not supported in search criteria. For example, the user natasha cannot be found if you specify nat* in the Username box.
Page 439 Using the Client Monitor View 7 To add a user to the watch list in the User Management tab, select the Add Watch checkbox in the user row. Repeat for all users that you want to add to the watch list. 8 Click Finish.
Page 440 16: M HAPTER ONITORING THE ETWORK Details are displayed on the following tabs: Session — displays the Session Properties, Session Statistics, and Location History tabs. These are the same tabs displayed at the bottom of the Client Sessions tab. (For descriptions of the data they display, see “Displaying Client Session Information”...
Page 441: Displaying A Client's Geographical Location
Using the Client Monitor View When looking at graphed data, you can see the data in absolute or delta values. Delta (rate of change) values are calculated with the following equation: value at end of polling interval - value at beginning of polling interval time difference (in seconds) To change how you view data values, select Absolute to see absolute values or Deltas to see rate-of-change values.
Page 442 16: M HAPTER ONITORING THE ETWORK To improve the accuracy of the client location display, you can select up to six MAPs from the list. 3WXM uses the selected MAPs to calculate the location of the client. For best results, you should select the MAPs that have detected the client most recently.
Page 443: Terminating A Client's Session
Using the Client Monitor View 5 The client is most likely in the vicinity of the area indicated by the red squares in the floor plan. The number in red on the legend (0.44 in this example) is the probability (44%) that the client is where the display indicates.
Page 444: Using The Rf Monitor View
16: M HAPTER ONITORING THE ETWORK Using the RF The RF Monitor view shows detailed RF information for each radio. Radio Monitor View information is displayed in the following tabs: RF Neighborhood — lists the other transmitting devices that the radio can hear.
Page 445: Displaying Rf Neighborhood Information
Information is displayed for a radio if the radio sends beacon frames or responds to probe requests. Even if a radio’s SSIDs are unadvertised, 3Com radios detect the empty beacon frames (beacon frames without SSIDs) sent by the radio, and include the radio in the neighbor list.
Page 446: Displaying The Ssid-To-Bssid Mapping
Description BSSID BSSID detected by the radio. Note — This column displays a single entry for each 3Com radio, even if the radio is supporting multiple BSSIDs. However, BSSIDs for third-party 802.11 radios are listed separately, even if a radio is supporting more than one BSSID.
Page 447: Displaying The Activity Log
Using the RF Monitor View Displaying the The activity log displays RF Auto-Tuning and countermeasures activity for Activity Log the radio. To display the activity log, in the RF Monitor view, select the Activity tab at the bottom of the window. Table 55 lists the information displayed on the tab.
Page 448: Displaying Rf Environment Statistics
16: M HAPTER ONITORING THE ETWORK Displaying RF To display RF environment statistics, in the RF Monitor window, select the Environment RF Environment tab at the bottom of the window. Statistics Table 56 lists the information displayed on the tab. Table 56 RF Monitor Environment Columns Column Description...
Page 449: Using The Rf Trends View
Using the RF Trends View Table 56 RF Monitor Environment Columns (continued) Column Description Pkt Re-transmissions Number of retransmitted packets sent from the client to the radio on the active channel. Retransmissions can indicate that the client is not receiving ACKs from the MAP radio.
Page 450 16: M HAPTER ONITORING THE ETWORK Table 57 RF Trends Columns Column Description Radio MAP name and radio number. Signal-to-noise ratio of the last data packet received by the radio. Throughput Rate at which data is transmitted by the radio, in bits per second.
Page 451: Refreshing Rf Trend Data
Accessing Realtime Performance Statistics To change how you view data values, select Absolute to see absolute values or Deltas to see rate-of-change values. Refreshing RF Trend The data displayed in the RF Trends view is refreshed at regular intervals Data (every 5 minutes by default).
Page 452 16: M HAPTER ONITORING THE ETWORK 2 Select the scope to monitor from the list on the left side of the dialog box. 3 Select the specific object(s) to monitor from the list on the right side of the dialog box. To select multiple contiguous objects, click Shift while selecting.
Page 453: Viewing Performance Data
Accessing Realtime Performance Statistics Generally, the scope is an aggregate object, which means that it is made up of sub-objects. (The exception is when a scope is a set of ports.) When you see performance data for the aggregate object, you are seeing the sum of the data of the sub-objects.
Page 454 16: M HAPTER ONITORING THE ETWORK For example, if the number of octets in is 11,101,288 at the beginning of the polling period, the number of octets in is 11,146,904 at the end of the polling period, and the time difference is 60 seconds, the delta value is 760.267.
Page 455 Accessing Realtime Performance Statistics To reset counters in the current view For absolute values, you can reset the counters in the current view by clicking Reset Counters In View. Resetting counters applies to the current view only. The performance data continues to be collected. The view shows when you reset the counters.
Page 456 16: M HAPTER ONITORING THE ETWORK Viewing Data in Percentages To see a set of objects in a particular category of data as percentages in a pie chart, click the Percent tab. Data for the pie chart is captured when you click the tab and is based on the polling interval you selected.
Page 457 Accessing Realtime Performance Statistics Exporting Performance Data You can export performance data (absolute values only) to a file in comma-delimited text (.csv) format. To export data to a file 1 In the Statistics tab, click Export Absolute. The Export Data dialog box appears.
Page 458 16: M HAPTER ONITORING THE ETWORK 2 To specify a directory and name for the file, click Choose. On Linux systems, the default directory is the home directory of the user running 3WXM. 3WXM remembers the directory you select when you next access the Export Data dialog box.
Page 459: Detecting And Combatting Rogue Devices
You can display information about the devices of interest. To identify friendly devices, such as non-3Com access points in your network or neighbor’s network, you can add them to the known devices list. You also can enable countermeasures to prevent clients from using the devices that truly are rogues.
Page 460: Rogue Detection Requirements
17: D HAPTER ETECTING AND OMBATTING OGUE EVICES Rogue Detection Rogue detection in 3WXM has the following requirements. Requirements The Enable Rogue Detection option must be selected on the Monitoring Settings tab of the 3WXM Services Setup dialog. (See “Changing Monitoring Settings” on page 503.) To use countermeasures, they must be enabled.
Page 461: Mobility Domain Requirement
RFDetetSpoofedMacAP Indicates that MSS has detected a wireless packet with the source MAC address of a 3Com MAP, but without the spoofed MAP’s signature (fingerprint). RFDetectSpoofedSSIDAP Indicates that MSS has detected beacon frames for a valid SSID, but sent by a rogue...
Page 462: Rogue Detection Lists
17: D HAPTER ETECTING AND OMBATTING OGUE EVICES Rogue Detection Rogue detection lists specify the third-party devices and SSIDs that MSS Lists allows on the network, and the devices MSS classifies as rogues. You can configure the following rogue detection lists: Permitted SSID list—A list of SSIDs allowed in the Mobility Domain.
Page 463 Rogue Detection Lists MAP radio detects wireless packet. Source MAC in SSID in Permitted Ignore List? SSID List? OUI in Permitted Vendor List? Generate an alarm. Classify device as a rogue. Issue countermeasures (if enabled). Source MAC in Attack List? Rogue classification algorithm deems the device to be a rogue?
Page 464: Using The Rogue Detection Screen
17: D HAPTER ETECTING AND OMBATTING OGUE EVICES Using the Rogue To display rogue information, select the Rogue Detection option in the Detection Screen main 3WXM tool bar. The Rogue Detection screen lists information about the rogue devices detected in the network. The rogue list section lists all rogues detected within the time period specified in the filter section.
Page 465: Toolbar Options
Using the Rogue Detection Screen Activity Log — Lists activity (appearance or disappearance) of the rogue selected in the rogue list. The entries in the Activity Log tab come from either of the following sources: Notification data received from a switch 3WXM Services, if they detect the appearance or disappearance of the rogue when compared to the previous set of rogue data 3WXM Services keeps events in a circular log.
Page 466: Filtering The Rogue List
Rogue List Filter Options dialog box appears. 2 Select the type of entries you want to display: Rogue APs—APs that are on the 3Com network but do not belong there. Interfering APs—Devices that are not part of the 3Com network but also are not rogues.
Page 467: Displaying Rogue Details
Using the Rogue Detection Screen Ad-hoc clients—Wireless clients who are configured to communicate wirelessly outside of the network infrastructure. Ad-hoc clients are not necessarily malicious, but they do steal bandwidth from your infrastructure users. Ad-hoc clients are further categorized into rogues and interfering devices.
Page 468 17: D HAPTER ETECTING AND OMBATTING OGUE EVICES Each rogue is listed only once, even if multiple entries for the rogue appear in the Activity Log tab. For example, if a rogue is detected during three polling intervals, separate entries for each polling interval appear in the Activity Log.
Page 469 Using the Rogue Detection Screen Table 61 Listeners Columns Column Description MAP whose radio detected the rogue or noted its absence. This column has data only if the radio that detected the rogue or its disappearance is modeled in a floor plan. Floor Floor on which the rogue was detected or disappeared, if the network plan contains floor information.
Page 470: Displaying A Rogue's Geographical Location
17: D HAPTER ETECTING AND OMBATTING OGUE EVICES Displaying a If building and floor information for the site is modeled in the network Rogue’s plan, you can display the likely physical location of a rogue. 3WXM Geographical displays the floor plan for the floor where the rogue is believed to be Location located, and displays the areas where the rogue is probably located.
Page 471 Displaying a Rogue’s Geographical Location 2 Select the client under the Clients tab. 3 Click on the toolbar. The Device Location screen appears, indicating the approximate location of the client. The client is most likely in the vicinity of the area indicated by the red squares in the floor plan.
Page 472: Ignoring Friendly Third-Party Devices
17: D HAPTER ETECTING AND OMBATTING OGUE EVICES Ignoring Friendly By default, when countermeasures are enabled, MSS considers any Third-Party Devices third-party transmitter to be a rogue device and can send countermeasures to prevent clients from using that device. To prevent MSS from sending countermeasures against a friendly device, add the device to the ignore list.
Page 473: Adding A Device To The Attack List
Adding a Device to the Attack List Adding a Device to An attack list is a switch’s list of AP MAC addresses to attack whenever the Attack List they are present on the network. 1 In the Filtered List of rogues on the Rogue Detection screen, select the devices you want to attack.
Page 474 17: D HAPTER ETECTING AND OMBATTING OGUE EVICES 3 Enter the information for the AP and place the icon for the AP in its floor location, if applicable. (See “Placing Third-Party Access Points” on page 132.) When you have finished, the AP appears under Objects to Place in RF Planning.
Page 475: Adding A Rogue's Clients To The Black List
Adding a Rogue’s Clients to the Black List Adding a Rogue’s The client black list is a switch’s list of MAC addresses of wireless clients Clients to the Black who are not allowed on the network. MSS prevents clients on the list List from accessing the network through a WX switch.
Page 476 17: D HAPTER ETECTING AND OMBATTING OGUE EVICES...
Page 477: Optimizing A Network Plan
PTIMIZING A ETWORK After you deploy a network plan to the 3Com equipment in your live network, you can optimize the plan based on RF information from the network. The RF information can be from a site survey or from MAP radios.
Page 478 18: O HAPTER PTIMIZING A ETWORK 5 You can choose to import measurements from the network, a site survey file, or both: a If you want to use RF neighborhood information imported from a MAP in the network, click Yes next to Network. b If you want to import measurements from a site survey file, click Yes next to File, and in the File Format listbox, select Ekahau.
Page 479: Applying The Rf Measurements To The Floor Plan
Importing RF Measurements Applying the RF To apply the RF measurements to the floor plan: Measurements to the Floor Plan 1 Under Site Survey in the Task List panel, click Optimize. A wizard appears, listing the progress of the request. The Total number of RF measurements that did not intersect any object line lists the number of measurements that did not experience attenuation due to an RF obstacle in the path between them.
Page 480: Locating And Fixing Coverage Holes
18: O HAPTER PTIMIZING A ETWORK The measurements reflect how well the measuring MAPs can hear one another, and do not directly measure how well clients can hear the MAPs. For example, if the MAPs are mounted on the ceiling, attenuation of their signals to one another might be less than the attenuation of the same signals when received by clients on desktops in cubicles and offices.
Page 481 Locating and Fixing Coverage Holes 6 On the toolbar, click the radio type for which you want to display coverage: Displays 802.11a coverage for the selected scope(s). Displays 802.11b coverage for the selected scope(s). Displays 802.11g coverage for the selected scope(s). You also can show coverage by right-clicking on the scope in the Coverage Areas section, then selecting Show RF Coverage.
Page 482: Fixing A Coverage Hole
18: O HAPTER PTIMIZING A ETWORK Fixing a Coverage After you import RF measurements, optimize, and display coverage, you Hole can observe any wireless coverage holes in the network. To fix a coverage hole, use any of the following methods: Lock the MAPs in place, and use the Compute and Place task to recompute the number of MAPs needed and their recommended placement.
Page 483: Changing 3Wxm P
3WXM P HANGING REFERENCES This chapter discusses how to set 3Com Wireless LAN Switch Manager (3WXM) client preferences. It describes how to reset preferences values and change options for network synchronization, user interface, persistence, tools, certificate management, RF planning, and 3WXM logging.
Page 484: Changing Network Synchronization Options
A: C 3WXM P HAPTER HANGING REFERENCES Changing Network By default, 3WXM checks for configuration changes, events, and status Synchronization changes on WX switches. You can configure checking (also called polling) for Options configuration changes in the network made with the CLI, Web Manager, or another instance of 3WXM.
Page 485: Changing Persistence Options
Changing Persistence Options 3 To enable a confirmation prompt after you close a wizard, select the Warn checkbox. To disable the confirmation prompt, clear the Warn checkbox. By default, if you close a wizard, a pop-up box appears, asking whether you want to close the wizard.
Page 486: Changing Tools Options
A: C 3WXM P HAPTER HANGING REFERENCES Changing Tools You can change the Telnet and Web browser applications that start from Options the 3WXM Tools menu. The default Telnet application is Microsoft Telnet Client. The default Web browser is Microsoft Internet Explorer. To change tools options: 1 Select Tools >...
Page 487: Changing Options For Rf Planning
Changing Options You can change the following RF planning options: for RF Planning Typical transmit power for clients in the 3Com network. Color schemes for showing RF information Configuring the To change the typical client’s transmit power: Typical Client’s...
Page 488 A: C 3WXM P HAPTER HANGING REFERENCES For each scheme, you can change a color using any of the following methods: Select a color from a predefined palette. Change the hue, saturation, and brightness (HSB) properties of a color. Change the red, blue, and green (RGB) properties of a color. To Change a Color 1 Select Tools >...
Page 489 Changing Options for RF Planning In the Preview box, you can see the swatches and text in the color you chose. The Recent box shows the colors you have chosen so far. Click Reset to choose the original predefined color and clear the Recent box. 3 Click OK to accept the color you last chose.
Page 490 A: C 3WXM P HAPTER HANGING REFERENCES 3 To change the saturation value, select the S option and do one of the following: In the S box, specify a value between 0 and 100 percent. Use the slider to specify the saturation value. 4 To change the brightness value, select the B option and do one of the following: In the B box, specify a value between 0 and 100 percent.
Page 491: Changing 3Wxm Logging Options
Info — Informational messages only. No action is required. Debug — All events are shown, including debug messages. Select the Debug option only if 3Com Technical Support has advised you to do so. Debug-level logging significantly impacts network performance and should only be enabled temporarily to troubleshoot problems, as directed by Technical Support.
Page 492 A: C 3WXM P HAPTER HANGING REFERENCES...
Page 493: Overview
3WXM S HANGING ERVICES REFERENCES This chapter discusses how to change 3WXM Services preferences. Overview To set 3WXM Services preferences, select Tools > 3WXM Services Setup from the toolbar in the main 3WXM window. See the figure at the bottom of this page. This chapter describes how to change monitoring service preferences.
Page 494: Starting Or Stopping The 3Wxm Services
3WXM Services. You also can configure the service to start and stop automatically. 3Com recommends that all clients that are using 3WXM Services be closed before you stop the services. If a 3WXM client is using a network plan on 3WXM Services when you stop the services, you cannot select objects or options in the client.
Page 495: Starting Or Stopping 3Wxm Services On Windows Systems
Starting or Stopping the 3WXM Services Starting or Stopping You can start 3WXM Services from within 3WXM or from Windows 3WXM Services on Services. Windows Systems 1 Display the Services window. Here is an example of the Services window in Windows XP. (The window might look differently on your system.) 2 Scroll down and select 3WXM Services.
Page 496: Starting Or Stopping 3Wxm Services On Linux Systems
The following examples show methods you can use to configure 3WXM Services to automatically start and stop. Other methods might also work. These are the ones that 3Com has tested. Linux Example—SUSE 9.1 The recommended way to add services to a SUSE 9.1 installation is with the insserv command.
Page 497: Connecting To 3Wxm Services
SSL and SNMP ports (443 and 162 by default). To connect to 3WXM Services 1 Start 3WXM client. Select Start -> Programs -> 3Com -> 3WXM -> 3WXM. The 3WXM Services Connection dialog appears. 2 Enter the IP address or fully-qualified hostname of the machine on which the service is installed.
Page 498: Certificate Check
B: C 3WXM S HAPTER HANGING ERVICES REFERENCES If the Certificate Check dialog is displayed, click Accept. (For more certificate options, see the next section, “Certificate Check”.) If the Finish button does not become available, read the last message in the message area of the page to determine why the service could not be reached.
Page 499: Verifying That The 3Wxm Client Is Receiving Service Data
Monitor. The Monitor tab appears in the Content panel. 2 Wait 60 seconds for 3WXM to retrieve updates from the server, then check the color of the objects for 3Com equipment displayed in the Explore window. If the status color is blue, then 3WXM is not receiving status data from the server yet.
Page 500: Changing Service Settings
B: C 3WXM S HAPTER HANGING ERVICES REFERENCES Changing Service The service settings control the connection parameters, key store Settings information, and access control to 3WXM Services. The port numbers used by 3WXM Services must not be used by other applications on the machine where the 3WXM Services is installed.
Page 501: Changing Wx Connection Settings
Changing WX Connection Settings (For more information about this option, see “Replacing a Switch and Reusing its Configuration” on page 344.) 7 To change the name of the key store file that contains the encryption keys the 3WXM Services uses for authentication with 3WXM, edit the name in the File box.
Page 502 B: C 3WXM S HAPTER HANGING ERVICES REFERENCES By default, 3WXM Services accepts certificates from WX switches regardless of whether they are generated by a certificate authority (CA) or they are self-signed certificates. When you disable this option, the Accept self-signed certificates option remains enabled. 6 To prevent 3WXM Services from accepting self-signed certificates from the WX switches it monitors, click Accept self-signed certificates to disable the option.
Page 503: Changing Monitoring Settings
Changing Monitoring Settings Changing By default, status monitoring and monitoring of WX notifications is Monitoring enabled. Status monitoring supplies data for the Explore and Status Settings Summary windows of the Monitor tab. SNMP notifications (traps) generated by WX switches supply data for the Client Monitor, RF Monitor, and RF Trends windows.
Page 504: To Change Monitoring Settings
B: C 3WXM S HAPTER HANGING ERVICES REFERENCES To change To change monitoring settings, use the following procedure. monitoring settings 1 Select Tools > 3WXM Services Setup. The 3WXM Services Setup dialog box appears. 2 Click the Monitoring Settings tab. 3 To change the number of minutes between status queries from 3WXM Services to the WX switches it monitors, change the value in the Polling interval box.
Page 505: Accessing The 3Wxm Services Log
Accessing the 3WXM Services Log Max Receiver Adjustment specifies the maximum amount a radio’s hearing sensitivity can increase without triggering a TCA. You can specify from 0 to 20 decibels (dB). The default is 6 dB. When a TCA is triggered, the alert is displayed as a red flag in the link view of the Explore window of the Monitor tab.
Page 506: Managing Network Plans
B: C 3WXM S HAPTER HANGING ERVICES REFERENCES Managing Network 3WXM Services regularly backs up network plans, at configurable Plans intervals. In addition to these regular backups, you can create a backup at any time. You can create a backup from within 3WXM or at a command line. From within 3WXM, you also can change the settings for automatic backups.
Page 507: Changing Backup Settings
File—Activates the box in the File area of the dialog. This option allows you to save a copy of the backup in another folder. For example, if 3Com Technical Support requests a copy of the backup for troubleshooting, this option enables you to save the backup to a location from which your FTP application can access the file.
Page 508: Deleting A Plan Backup
B: C 3WXM S HAPTER HANGING ERVICES REFERENCES 5 Type the IP address of the host where the other instance of 3WXM Services is installed. 3WXM Services must be running on the host to which you want to transfer the backup. 6 If the port on which the other instance of 3WXM Services listens for traffic from 3WXM is different from the default, edit the number in the Service Port box to match.
Page 509: Upport For
To take advantage of warranty and other service benefits, you must first Product to Gain register your product at: Service Benefits http://eSupport.3com.com/ 3Com eSupport services are based on accounts that are created or that you are authorized to access. Solve Problems 3Com offers the following support tool: Online 3Com Knowledgebase —...
Page 510: Purchase Extended Warranty And Professional Services
3Com as a separately ordered product. Separately orderable software releases and licenses are listed in the 3Com Price List and are available for purchase from your 3Com reseller.
Page 511: Telephone Technical Support And Repair
Diagnostic error messages Details about recent configuration changes, if applicable To send a product directly to 3Com for repair, you must first obtain a return materials authorization number (RMA). Products sent to 3Com without authorization numbers clearly marked on the outside of the package will be returned to the sender unopened, at the sender’s...
Page 512 Latin America — Telephone Technical Support and Repair Antigua 1 800 988 2112 Guatemala AT&T +800 998 2112 Argentina 0 810 444 3COM Haiti 57 1 657 0888 Aruba 1 800 998 2112 Honduras AT&T +800 998 2112 Bahamas...
Page 513 Contact Us Country Telephone Number Country Telephone Number US and Canada — Telephone Technical Support and Repair All locations: Network Jacks; Wired or Wireless Network Interface Cards: 1 847-262-0070 1 800 876 3266 All other 3Com products:...
Page 514 C: O PPENDIX BTAINING UPPORT FOR RODUCTS...
Page 515 NDEX Numbers backbone fast convergence 215 3Com Knowledgebase tool 509 bug fixes 510 3Com Professional Services 510 3Com resources, directory 511 3WXM restricting access to 52 software requirements 23 certificates deleting 373 uninstalling distributing 374 UNIX and Linux systems 30...
Page 516 NDEX diagnostics 200 Guardian services contract 510 directory of 3Com resources 511 Distributed MAP Auto-AP profile 271 hardware requirements for installation 21, 22 Distributed MAPs mapping ACLs to 230 HTTPS, enabling 188 distributing system images 356 distributing WX software images 357...
Page 517 NDEX scheduling deployment 355 synchronizing 352 verifying 365 named user groups creating 292 local configuration changes deploying 354 named users creating 291 undoing 353 local user database 289 network changes accepting 353 location policies checking for 484 configuring 327 reviewing 352, 354 location policy synchronizing 352 defined 327...
Page 518 484 saving network plans 57 product registration 509, 510 with new name 58 Professional Services from 3Com 510 sending products to 3Com for repair 511 profile service benefits 509, 511 Auto-AP 271 services, repair 510 purchasing license keys 510...
Page 519 200 DHCP server 221 IGMP 216 static multicast ports 217 STP fast convergence 215 table of 3Com support contact numbers 510 creating 209 tag type 211 definition 208 technical support, Asia and Pacific Rim 511 mapping ACLs to 230...
Page 520 NDEX...

This manual is also suitable for:

Wx2200 Wx4400 Wxr100

3Com WX1200 Reference Manual

Table of Contents

About

Nstalling 3Wxm

Working with the

Getting Started

Working with Network Plans

Planning the 3C Om Mobility System

Defining a Coverage Area

Configuring Wx System Parameters

Configuring

Configuring

Configuring Wx Switches Remotely

Verifying Configuration Changes

Managing

Configuring and Ap

Event Log

Generating Reports

Monitoring the Network

Detecting and Combatting Rogue Devices

Optimizing a Network Plan

Changing 3Wxm P

B Changing 3Wxm Services

Quick Links

Chapters

Related Manuals for 3Com WX1200

Summary of Contents for 3Com WX1200