Page 1: User Guide
USER GUIDE SMCE21011 EliteConnect 802.11 a/b/g/n Access Point...
Page 2: Step
EliteConnect SMCE21011 User Guide May 2009 20 Mason Pub. # 149100000016A Irvine, CA 92618 E052009-CS-R01 Phone: (949) 679-8000...
Page 3 Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC.
Page 4: Warranty And Product Registration
ARRANTY AND RODUCT EGISTRATION To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http:// www.smc.com. – 4 –...
Page 5: Compliances
OMPLIANCES EDERAL OMMUNICATION OMMISSION NTERFERENCE TATEMENT This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Page 6 OMPLIANCES IMPORTANT NOTE: FCC R ADIATION XPOSURE TATEMENT This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator & your body. IC S TATEMENT This Class B digital apparatus complies with Canadian ICES-003.
Page 7 OMPLIANCES AS/NZS 4771 USTRALIA EALAND ACN 066 352010 AIWAN 根據交通部低功率管理辦法規定：第十二條　經型式認證合格之低功率射頻電機，非經許可，公司、商號或使用者均不得擅自變更頻率、加大功率或變更原設計之特性及功能。第十四條　低功率射頻電機之使用不得影響飛航安全及干擾合法通信；經發現有干擾現象時，應立即停用，並改善至無干擾時方得繼續使用。前項合法通信，指依電信法規定作業之無線電通信。低功率射頻電機須忍受合法通信或工業、科學及醫療用電波輻射性電機設備之干擾。 EC C ONFORMANCE ECLARATION Marking by the above symbol indicates compliance with the Essential Requirements of the R&TTE Directive of the European Union (1999/5/EC). This equipment meets the following conformance standards: ◆...
Page 8 OMPLIANCES The user must use the configuration utility provided with this product to ensure the channels of operation are in conformance with the spectrum usage rules for European Community countries as described below. This device requires that the user or installer properly enter the current ◆...
Page 9 Hierbij verklaart SMC dat het toestel Radio LAN device in overeenstemming is met de Nederlands essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG Bij deze SMC dat deze Radio LAN device voldoet aan de essentiële eisen en aan de overige relevante bepalingen van Richtlijn 1999/5/EC. French Par la présente SMC déclare que l'appareil Radio LAN device est conforme aux...
Page 10 1999/5/CE. Latvian Latviski Lithuanian Maltese Malti Spanish Por medio de la presente SMC declara que el Radio LAN device cumple con los requisitos Español esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/ 5/CE Polish Polski Portuguese SMC declara que este Radio LAN device está...
Page 11: About This Guide
BOUT UIDE This guide gives specific information on how to install the 11n wireless URPOSE access point and its physical and performance related characteristics. It also gives information on how to operate and use the management functions of the access point. This guide is intended for use by network administrators who are UDIENCE responsible for installing, operating, and maintaining network equipment;...
Page 12: Table Of Contents
ONTENTS ARRANTY AND RODUCT EGISTRATION OMPLIANCES BOUT UIDE ONTENTS IGURES ABLES CLI C NDEX OF OMMANDS ECTION ETTING TARTED NTRODUCTION Key Hardware Features Description of Capabilities Package Contents Hardware Description Antennas External Antenna Connectors LED Indicators Console Port Ethernet Port Power Connector Reset Button ETWORK...
Page 13 ONTENTS NSTALLING THE CCESS OINT Location Selection Mounting on a Horizontal Surface Mounting on a Wall Connecting and Powering On NITIAL ONFIGURATION Connecting to the Login Page Home Page and Main Menu Common Web Page Buttons Quick Start Step 1 Step 2 Step 3 Main Menu Items...
Page 14 ONTENTS SNMP Basic Settings SNMP Trap Settings View Access Control Model SNMPv3 Users SNMPv3 Targets SNMPv3 Notification Filters DVANCED ETTINGS Local Bridge Filter Link Layer Discovery Protocol Access Control Lists Source Address Settings Destination Address Settings Ethernet Type IRELESS ETTINGS Spanning Tree Protocol (STP) Bridge Ethernet Interface...
Page 15 ONTENTS AP System Configuration AP Wireless Configuration Station Status Event Logs ECTION OMMAND NTERFACE 11 U SING THE OMMAND NTERFACE Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Negating the Effect of Commands Using Command History Understanding Command Modes Exec Commands...
Page 16 ONTENTS 22 F ILTERING OMMANDS 23 S PANNING OMMANDS 24 WDS B RIDGE OMMANDS 25 E THERNET NTERFACE OMMANDS 26 W IRELESS NTERFACE OMMANDS 27 W IRELESS ECURITY OMMANDS 28 L AYER ISCOVERY OMMANDS 29 VLAN C OMMANDS 30 WMM C OMMANDS ECTION PPENDICES...
Page 17: Figures
IGURES Figure 1: Top Panel Figure 2: Rear Panel Figure 3: Ports Figure 4: External Antenna Connectors Figure 5: Screw-off External Antenna Connector - Close Up Figure 6: LEDs Figure 7: Infrastructure Wireless LAN Figure 8: Infrastructure Wireless LAN for Roaming Wireless PCs Figure 9: Bridging Mode Figure 10: Attach Feet Figure 11: Wall Mounting...
Page 18 IGURES Figure 32: SNMPv3 Targets Figure 33: SNMP Notification Filter Figure 34: Local Bridge Filter Figure 35: LLDP Settings Figure 36: Source ACLs Figure 37: Destination ACLs Figure 38: Ethernet Type Filter Figure 39: Spanning Tree Protocol Figure 40: Local Authentication Figure 41: RADIUS Authentication Figure 42: Interface Mode Figure 43: Radio Settings...
Page 19 IGURES Figure 68: Straight Through Wiring Figure 69: Crossover Wiring Figure 70: RJ-45 Console – 19 –...
Page 20: Tables
ABLES Table 1: Key Hardware Features Table 2: LED Behavior Table 3: Logging Levels Table 4: WMM Access Categories Table 5: Command Modes Table 6: Keystroke Commands Table 7: General Commands Table 8: System Management Commands Table 9: Country Codes Table 10: System Management Commands Table 11: Logging Levels Table 12: System Clock Commands...
Page 21 ABLES Table 32: 1000BASE-T MDI and MDI-X Port Pinouts Table 33: Console Port Pinouts – 21 –...
Page 22 ABLES – 22 –...
Page 23: Ndex Of Cli Commands
CLI C NDEX OF OMMANDS UMERICS 802.1x enable 171 dhcp-relay server 802.1x session-timeout 172 dtim-period 207 dual-image 162 address filter default 173 address filter delete address filter entry 174 encryption a-mpdu a-msdu exit apmgmgtui ssh enable apmgmtip apmgmtui http port apmgmtui http server filter acl-destination-address apmgmtui http session-timeout 128...
Page 24 CLI C NDEX OF OMMANDS show sntp show station mac-authentication server show system mac-authentication session-timeout show version show wds wireless make-radius-effective 169 shutdown 198 make-rf-setting-effective 205 shutdown 211 make-security-effective 221 snmp-server community 149 management-vlanid 229 snmp-server contact snmp-server enable server snmp-server filter snmp-server host password...
Page 25 CLI C NDEX OF OMMANDS – 25 –...
Page 26: Ection
ECTION ETTING TARTED This section provides an overview of the access point, and introduces some basic concepts about wireless networking. It also describes the basic settings required to access the management interface. This section includes these chapters: “Introduction” on page 27 ◆...
Page 27: Key Hardware Features
NTRODUCTION The EliteConnect SMCE21011 is an IEEE 802.11n access point (AP) that meets draft 2.0 standards. It is fully interoperable with older 802.11a/b/g standards, providing a transparent, wireless high speed data communication between the wired LAN and fixed or mobile devices. The unit includes three detachable dual-band 2.4/5 GHz antennas with the option to attach alternative antennas that can extend or shape the network coverage area.
Page 28: Package Contents
| Introduction HAPTER Package Contents In addition, the access point offers full network management capabilities through an easy to configure web interface, a command line interface for initial configuration and troubleshooting, and support for Simple Network Management tools. The SMCE21011 utilises MIMO technology and Spatial Multiplexing to achieve the highest possible data rate and throughput on the 802.11n frequency.
Page 29: Hardware Description
| Introduction HAPTER Hardware Description ARDWARE ESCRIPTION Figure 1: Top Panel Antennas LED Indicators Figure 2: Rear Panel Reset Button DC Power Socket RJ-45 PoE Port – 29 –...
Page 30: Antennas
| Introduction HAPTER Hardware Description Figure 3: Ports RJ-45 Console Port DC Power Port RJ-45 PoE Port The access point includes three integrated external MIMO (multiple-input NTENNAS and multiple-output) antennas. MIMO uses multiple antennas for transmitting and receiving radio signals to improve data throughput and link range.
Page 31: Figure 4: External Antenna Connectors
| Introduction HAPTER Hardware Description Figure 4: External Antenna Connectors Figure 5: Screw-off External Antenna Connector - Close Up – 31 –...
Page 32: Led Indicators
| Introduction HAPTER Hardware Description The access point includes four status LED indicators, as described in the LED I NDICATORS following figure and table. Figure 6: LEDs Ethernet System Error Power 802.11 a/b/g/n Link/Activity Link/Activity or Failure Table 2: LED Behavior Status Description Ethernet RJ-45 has no valid link.
Page 33: Console Port
| Introduction HAPTER Hardware Description This port is used to connect a console device to the access point through a ONSOLE serial cable. The console device can be a PC or workstation running a VT- 100 terminal emulator, or a VT-100 terminal. A crossover RJ-45 to DB-9 cable is supplied with the unit for connecting to the console port.
Page 34: Network Topologies
ETWORK OPOLOGIES Wireless networks support a standalone configuration as well as an integrated configuration with 10/100/1000 Mbps Ethernet LANs. The SMCE21011 also provides bridging services that can be configured independently on on any of the virtual AP (VAP) interfaces. Access points can be deployed to support wireless clients and connect wired LANs in the following configurations: Infrastructure for wireless LANs ◆...
Page 35: Infrastructure Wireless Lan For Roaming Wireless Pcs
| Network Topologies HAPTER Infrastructure Wireless LAN for Roaming Wireless PCs The infrastructure configuration extends the accessibility of wireless PCs to the wired LAN. A wireless infrastructure can be used for access to a central database, or for connection between mobile workers, as shown in the following figure. Figure 7: Infrastructure Wireless LAN Wired LAN Extension to Wireless Clients...
Page 36: Infrastructure Wireless Bridge
| Network Topologies HAPTER Infrastructure Wireless Bridge wireless network cards and adapters and wireless access points within a specific ESS must be configured with the same SSID. Figure 8: Infrastructure Wireless LAN for Roaming Wireless PCs Seamless Roaming Between Access Points Server Desktop PC Switch...
Page 37: Figure 9: Bridging Mode
| Network Topologies HAPTER Infrastructure Wireless Bridge Figure 9: Bridging Mode WDS Links Network Between Access Points Core VAP 0 WDS-AP Mode VAP 2 AP Mode VAP 0 WDS-STA Mode VAP 1 WDS-AP Mode VAP 2 AP Mode VAP 1 WDS-AP Mode VAP 0 WDS-STA Mode...
Page 38: Installing The Access Point
NSTALLING THE CCESS OINT This chapter describes how to install the access point. OCATION ELECTION Choose a proper place for the access point. In general, the best location is at the center of your wireless coverage area, within line of sight of all wireless devices.
Page 39: Mounting On A Horizontal Surface
| Installing the Access Point HAPTER Mounting on a Horizontal Surface OUNTING ON A ORIZONTAL URFACE To keep the access point from sliding on the surface, attach the four rubber feet provided in the accessory kit to the marked circles on the bottom of the access point.
Page 40: Mounting On A Wall
| Installing the Access Point HAPTER Mounting on a Wall OUNTING ON A To mount on a wall follow the instructions below. Figure 11: Wall Mounting Mounting Slots The access point should be mounted only to a wall or wood surface that is at least 1/2-inch plywood or its equivalent.
Page 41: Connecting And Powering On
| Installing the Access Point HAPTER Connecting and Powering On ONNECTING AND OWERING Connect the power adapter to the access point, and the power cord to an AC power outlet. Otherwise, the access point can derive its operating power directly from the RJ-45 port when connected to a device that provides IEEE 802.3af compliant Power over Ethernet (PoE).
Page 42: Initial Configuration
NITIAL ONFIGURATION The SMCE21011 offers a user-friendly web-based management interface for the configuration of all the unit’s features. Any PC directly attached to the unit can access the management interface using a web browser, such as Internet Explorer (version 6.0 or above) or Firefox (version 2.0 or above).
Page 43: Home Page And Main Menu
| Initial Configuration HAPTER Home Page and Main Menu AGE AND After logging in to the web interface, the Home page displays. The Home page shows some basic settings for the AP, including Country Code and the management access password. Figure 13: Home Page The web interface Main Menu menu provides access to all the configuration settings available for the access point.
Page 44: Common Web Page Buttons
| Initial Configuration HAPTER Common Web Page Buttons You must set the country code to the country of operation. AUTION Setting the country code restricts operation of the access point to the radio channels and transmit power levels permitted for wireless networks in the specified country.
Page 45: Quick Start
| Initial Configuration HAPTER Quick Start Logout – Ends the web management session. ◆ Save Config – Saves the current configuration so that it is retained ◆ after a restart. UICK TART The Quick Start menu is designed to help you configure the basic settings required to get the access point up and running.
Page 46: Figure 17: Quick Start - Step 2
| Initial Configuration HAPTER Quick Start Old Password — If the unit has been configured with a password ◆ already, enter that password, otherwise enter the default password “smcdamin.” New Password — The password for management access. ◆ (Length: 5-32 characters, case sensitive) Confirm New Password —...
Page 47 | Initial Configuration HAPTER Quick Start The following items are displayed on this page: DHCP DHCP Status — Enables/disables DHCP on the access point. (Default: ◆ disabled) IP Address — Specifies an IP address for management of the access ◆ point.
Page 48: Step
| Initial Configuration HAPTER Quick Start The Step 3 page of the Quick Start configures radio interface settings. Figure 18: Quick Start - Step 3 The following items are displayed on this page: NTERFACE ETTING WiFi Mode — Sets the mode of operation of the radio chip to ◆...
Page 49: Main Menu Items
| Initial Configuration HAPTER Main Menu Items TKIP: TKIP is used as the multicast encryption cipher. ■ AES-CCMP: AES-CCMP is used as the multicast encryption cipher. ■ AES-CCMP is the standard encryption cipher required for WPA2. UTHENTICATION 802.1x — Enables 802.1X authentication. (Default: Disabled) ◆...
Page 50: Ection
ECTION ONFIGURATION This section provides details on configuring the access point using the web browser interface. This section includes these chapters: “System Settings” on page 51 ◆ “Management Settings” on page 62 ◆ “Advanced Settings” on page 73 ◆ “Wireless Settings” on page 79 ◆...
Page 51: System Settings
YSTEM ETTINGS This chapter describes basic system settings on the access point. It includes the following sections: ◆ “Administration Settings” on page 52 “IP Address” on page 53 ◆ “RADIUS Settings” on page 54 ◆ “System Time” on page 56 ◆...
Page 52: Administration Settings
| System Settings HAPTER Administration Settings DMINISTRATION ETTINGS The Administration Settings page configures some basic settings for the AP, such as the system identification name, the management access password, and the wireless operation Country Code. Figure 19: Administration The following items are displayed on this page: ◆...
Page 53: Ip Address
| System Settings HAPTER IP Address You must set the country code to the country of operation. AUTION Setting the country code restricts operation of the access point to the radio channels and transmit power levels permitted for wireless networks in the specified country.
Page 54: Radius Settings
| System Settings HAPTER RADIUS Settings Default Gateway — The default gateway is the IP address of the ◆ router for the access point, which is used if the requested destination address is not on the local subnet. If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided.
Page 55: Radius Accounting
| System Settings HAPTER RADIUS Settings Figure 21: RADIUS Settings The following items are displayed on the RADIUS Settings page: RADIUS Status — Enables/disables the primary RADIUS server. ◆ ◆ IP Address — Specifies the IP address or host name of the RADIUS server.
Page 56: System Time
| System Settings HAPTER System Time Port (1024-65535) — The UDP port number used by the RADIUS ◆ accounting server for authentication messages. (Range: 1024-65535; Default: 1813) Key — A shared text string used to encrypt messages between the ◆ access point and the RADIUS accounting server.
Page 57: Sntp Server Settings
| System Settings HAPTER System Time Configures the access point to operate as an SNTP client. When enabled, at SNTP S ERVER least one time server IP address must be specified. ETTINGS SNTP Status — Enables/disables SNTP. (Default: enabled) ◆ Primary Server —...
Page 58: Spectralink Voice Priority
| System Settings HAPTER SpectraLink Voice Priority PECTRA OICE RIORITY SpectraLink Voice Priority (SVP) is a voice priority mechanism for WLANs. SVP is an open, straightforward QoS approach that has been adopted by most leading vendors of WLAN APs. SVP favors isochronous voice packets over asynchronous data packets when contending for the wireless medium and when transmitting packets onto the wired LAN.
Page 59: Figure 24: Setting The Vlan Identity
| System Settings HAPTER VLAN Configuration When VLAN support is enabled on the access point, traffic passed to the ◆ wired network is tagged with the appropriate VLAN ID, either a VAP default VLAN ID, or the management VLAN ID. Traffic received from the wired network must also be tagged with one of these known VLAN IDs.
Page 60: System Logs
| System Settings HAPTER System Logs YSTEM The access point can be configured to send event and error messages to a System Log Server. The system clock can also be synchronized with a time server, so that all the messages sent to the Syslog server are stamped with the correct time and date.
Page 61: Quick Start Wizard
| System Settings HAPTER Quick Start Wizard Logging Level — Sets the minimum severity level for event logging. ◆ (Default: Debug) The system allows you to limit the messages that are logged by specifying a minimum severity level. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug).
Page 62: Management Settings
ANAGEMENT ETTINGS This chapter describes management access settings on the access point. It includes the following sections: ◆ “Remote Management Settings” on page 62 “Access Limitation” on page 64 ◆ “Simple Network Management Protocol” on page 65 ◆ EMOTE ANAGEMENT ETTINGS The Web, Telnet, and SNMP management interfaces are enabled and open to all IP addresses by default.
Page 63: Figure 26: Remote Management
| Management Settings HAPTER Remote Management Settings The client and server generate session keys for encrypting and ◆ decrypting data. The client and server establish a secure encrypted connection. ◆ A padlock icon should appear in the status bar for Internet Explorer. ◆...
Page 64: Access Limitation
| Management Settings HAPTER Access Limitation HTTPS Server — Enables/disables management access from a HTTPS ◆ server. (Default: enabled) HTTPS Port — Specifies the HTTPS port for secure IP connectivity. ◆ (Default: 443; Range 1024-65535) SNMP Access — Enables/disables management access from SNMP ◆...
Page 65: Snmp Basic Settings
| Management Settings HAPTER Simple Network Management Protocol Subnet Mask — Specifies the subnet mask in the form 255.255.255.x ◆ ESTRICT ANAGEMENT Enable/Disable — Enables/disables management of the device by a ◆ wireless client. (Default: disabled) IMPLE ETWORK ANAGEMENT ROTOCOL Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network.
Page 66: Figure 28: Snmp Basic Settings
| Management Settings HAPTER Simple Network Management Protocol Figure 28: SNMP Basic Settings The following items are displayed on this page: SNMP — Enables or disables SNMP management access and also ◆ enables the access point to send SNMP traps (notifications). (Default: Disable) System Location —...
Page 67: Snmp Trap Settings
| Management Settings HAPTER Simple Network Management Protocol Traps indicating status changes are issued by the AP to specified trap SNMP T ETTINGS managers. You must specify trap managers so that key events are reported by the AP to your management station (using network management platforms).
Page 68: View Access Control Model
| Management Settings HAPTER Simple Network Management Protocol To configure SNMPv3 management access to the AP, follow these steps: CCESS ONTROL ODEL Specify read and write access views for the AP MIB tree. Configure SNMP user groups with the required security model (that is, SNMP v1, v2c, or v3) and security level (authentication and privacy).
Page 69: Snmpv3 Users
| Management Settings HAPTER Simple Network Management Protocol to the subtree “1.3.6.1.2.1.2.2.1.1.23,” the zero corresponds to the 10th subtree ID. When there are more subtree IDs than bits in the mask, the mask is padded with ones. View List – Shows the currently configured object identifiers of ◆...
Page 70: Snmpv3 Targets
| Management Settings HAPTER Simple Network Management Protocol The following items are displayed on this page: User Name — The SNMPv3 user name. (32 characters maximum) ◆ Group — The SNMPv3 group name. ◆ Auth Type — The authentication type used for the SNMP user; either ◆...
Page 71: Snmpv3 Notification Filters
| Management Settings HAPTER Simple Network Management Protocol Figure 32: SNMPv3 Targets The following items are displayed on this page: Target ID — A user-defined name that identifies a receiver of ◆ notifications. (Maximum length: 32 characters) IP Address — Specifies the IP address of the receiving management ◆...
Page 72 | Management Settings HAPTER Simple Network Management Protocol The following items are displayed on this page: Filter ID — A user-defined name that identifies the filter. (Maximum ◆ length: 32 characters) Subtree — Specifies MIB subtree to be filtered. The MIB subtree must ◆...
Page 73: Advanced Settings
DVANCED ETTINGS This chapter describes advanced settings on the access point. It includes the following sections: ◆ “Local Bridge Filter” on page 73 “Link Layer Discovery Protocol” on page 74 ◆ “Access Control Lists” on page 76 ◆ OCAL RIDGE ILTER The access point can employ network traffic frame filtering to control access to network resources and increase security.
Page 74: Link Layer Discovery Protocol
| Advanced Settings HAPTER Link Layer Discovery Protocol Prevent Inter and Intra VAP client communication — When ◆ enabled, clients cannot establish wireless communications with any other client, either those associated to the same VAP interface or any other VAP interface. AYER ISCOVERY ROTOCOL...
Page 75 | Advanced Settings HAPTER Link Layer Discovery Protocol Message Transmission Interval (seconds) — Configures the ◆ periodic transmit interval for LLDP advertisements. (Range: 5-32768 seconds; Default: 30 seconds) This attribute must comply with the following rule: (Transmission Interval * Hold Time) ≤ 65536, and Transmission Interval >= (4 * Delay Interval) ReInitial Delay Time (seconds) —...
Page 76: Access Control Lists
| Advanced Settings HAPTER Access Control Lists CCESS ONTROL ISTS Access Control Lists allow you to configure a list of wireless client MAC addresses that are not authorized to access the network. A database of MAC addresses can be configured locally on the access point. The ACL Source Address Settings page enables traffic filtering based on the OURCE DDRESS...
Page 77: Destination Address Settings
| Advanced Settings HAPTER Access Control Lists The ACL Destination Address Settings page enables traffic filtering based ESTINATION on the destination MAC address in the data frame. DDRESS ETTINGS Figure 37: Destination ACLs The following items are displayed on this page: DA Status —...
Page 78: Ethernet Type
| Advanced Settings HAPTER Access Control Lists The Ethernet Type Filter controls checks on the Ethernet type of all THERNET incoming and outgoing Ethernet packets against the protocol filtering table. (Default: Disabled) Figure 38: Ethernet Type Filter The following items are displayed on this page: Disabled —...
Page 79: Wireless Settings
IRELESS ETTINGS This chapter describes wireless settings on the access point. It includes the following sections: ◆ “Spanning Tree Protocol (STP)” on page 79 “Authentication” on page 82 ◆ “Radio Settings” on page 86 ◆ “Virtual Access Points (VAPs)” on page 89 ◆...
Page 80: Bridge
| Wireless Settings HAPTER Spanning Tree Protocol (STP) Figure 39: Spanning Tree Protocol Sets STP bridge link parameters. RIDGE The following items are displayed on the STP page: ◆ Spanning Tree Protcol — Enables/disables STP on the AP. (Default: Enabled) Priority —...
Page 81: Ethernet Interface
| Wireless Settings HAPTER Spanning Tree Protocol (STP) from among the device ports attached to the network. (Default: 20 seconds; Range: 6-40 seconds) Minimum: The higher of 6 or [2 x (Hello Time + 1)]. Maximum: The lower of 40 or [2 x (Forward Delay - 1)] Hello Time —...
Page 82: Authentication
| Wireless Settings HAPTER Authentication Link Port Priority — Defines the priority used for this port in the ◆ Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the spanning tree.
Page 83: Figure 40: Local Authentication
| Wireless Settings HAPTER Authentication Figure 40: Local Authentication The following items are displayed on Authentication page: MAC Authentication — Selects between, disabled, Local MAC authentication and RADIUS authentication. Local MAC — The MAC address of the associating station is compared ◆...
Page 84: Radius Mac Authentication
| Wireless Settings HAPTER Authentication MAC Authentication Table — Displays current entries in the local ◆ MAC database. The MAC address of the associating station is sent to a configured RADIUS RADIUS MAC server for authentication. When using a RADIUS authentication server for UTHENTICATION MAC address authentication, the server must first be configured on the RADIUS page.
Page 85: Interface Mode
| Wireless Settings HAPTER Interface Mode NTERFACE The access point can operate in two modes, IEEE 802.11a/n only, or 802.11g/n only. Also note that 802.11g is backward compatible with 802.11b, operating in the 2.4 GHz band. The 802.11a/n mode operates in the 5 GHz band.
Page 86: Radio Settings
| Wireless Settings HAPTER Radio Settings ADIO ETTINGS The IEEE 802.11n interfaces include configuration options for radio signal characteristics and wireless security features. The access point can operate in two modes, mixed 802.11g/n (2.4 GHz), or mixed 802.11a/n (5 GHz). Note that the radio cannot not operate at 2.4 GHz and 5 GHz modes at the same time.
Page 87 | Wireless Settings HAPTER Radio Settings The following items are displayed on this page: High Throughput Mode — The access point provides a channel ◆ bandwidth of 20 MHz by default giving an 802.11g connection speed of 54 Mbps and a 802.11n connection speed of up to 108 Mbps, and ensures backward compliance for slower 802.11b devices.
Page 88 | Wireless Settings HAPTER Radio Settings Preamble Length — The radio preamble (sometimes called a header) ◆ is a section of data at the head of a packet that contains information that the wireless device and client devices need when sending and receiving packets.
Page 89: Virtual Access Points (Vaps)
| Wireless Settings HAPTER Virtual Access Points (VAPs) Aggregate MAC Protocol Data Unit (A-MPDU) — Enables / disables ◆ the sending of this four frame packet header for statistical purposes. (Default: Enabled) A-MPDU Length Limit (1024-65535) — Defines the A-MPDU length. ◆...
Page 90: Vap Basic Settings
| Wireless Settings HAPTER Virtual Access Points (VAPs) The following items are displayed on this page: VAP Number — The number associated with the VAP, 0-7. ◆ SSID — The name of the basic service set provided by a VAP interface. ◆...
Page 91: Wds-Sta Mode
| Wireless Settings HAPTER Virtual Access Points (VAPs) Mode — Selects the mode in which the VAP will function. ◆ AP Mode: The VAP provides services to clients as a normal access ■ point. WDS-AP Mode: The VAP operates as an access point in WDS ■...
Page 92: Wireless Security Settings
| Wireless Settings HAPTER Virtual Access Points (VAPs) The following items are displayed in the VAP Basic Settings when WDS-AP mode is selected: WDS-AP (Parent) SSID — The SSID of the VAP on the connecting ◆ access point that is set to WDS-AP mode. WDS-AP (Parent) MAC —...
Page 93 | Wireless Settings HAPTER Virtual Access Points (VAPs) to configure and maintain a RADIUS server, WPA provides a simple operating mode that uses just a pre-shared password for network access. The Pre-Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wireless clients.
Page 94: Wired Equivalent Privacy (Wep)
| Wireless Settings HAPTER Virtual Access Points (VAPs) RADIUS server, the client remains connected the network. Only if re- authentication fails is network access blocked. (Range: 0-65535 seconds; Default: 0 means disabled) WEP provides a basic level of security, preventing unauthorized access to IRED QUIVALENT the network, and encrypting data transmitted between wireless clients and...
Page 95: Quality Of Service (Qos)
| Wireless Settings HAPTER Quality of Service (QoS) The following items are on this page for WEP configuration: Default WEP Key Index – Selects the key number to use for ◆ encryption for the VAP interface. If the clients have all four WEP keys configured to the same values, you can change the encryption key to any of the settings without having to update the client keys.
Page 96: Table 4: Wmm Access Categories
| Wireless Settings HAPTER Quality of Service (QoS) 802.1D priorities is specifically intended to facilitate inter operability with other wired network QoS policies. While the four ACs are specified for specific types of traffic, WMM allows the priority levels to be configured to match any network-wide QoS policy.
Page 97: Figure 49: Wmm Backoff Wait Times
| Wireless Settings HAPTER Quality of Service (QoS) Figure 49: WMM Backoff Wait Times Time CWMin CWMax High Priority AIFS Random Backoff Minimum Wait Time Random Wait Time CWMin CWMax Low Priority AIFS Random Backoff Minimum Wait Time Random Wait Time For high-priority traffic, the AIFSN and CW values are smaller.
Page 98 | Wireless Settings HAPTER Quality of Service (QoS) The following items are displayed on this page: WMM — Sets the WMM operational mode on the access point. When ◆ enabled, the parameters for each AC queue will be employed on the access point and QoS capabilities are advertised to WMM-enabled clients.
Page 99 | Wireless Settings HAPTER Quality of Service (QoS) Admission Control: The admission control mode for the access ■ category. When enabled, clients are blocked from using the access category. (Default: Disabled) Set WMM — Applies the new parameters and saves them to RAM ◆...
Page 100: Maintenance Settings
AINTENANCE ETTINGS Maintenance settings includes the following sections: “Upgrading Firmware” on page 100 ◆ “Running Configuration” on page 103 ◆ ◆ “Resetting the Access Point” on page 104 PGRADING IRMWARE You can upgrade new access point software from a local file on the management workstation, or from an FTP or TFTP server.
Page 101: Figure 51: Firmware
| Maintenance Settings HAPTER Upgrading Firmware Figure 51: Firmware The following items are displayed on this page: Firmware Version — Displays what version of software is being used ◆ as a runtime image - “Active”, and what version is a backup image - “Backup”.
Page 102 | Maintenance Settings HAPTER Upgrading Firmware Remote — Downloads an operation code image file from a specified ◆ remote FTP or TFTP server. After filling in the following fields, click Start Upgrade to proceed. New Firmware File: Specifies the name of the code file on the ■...
Page 103: Figure 52: Running Configuration File
| Maintenance Settings HAPTER Running Configuration UNNING ONFIGURATION A copy of a previous running configuration may be uploaded to the access point as a saved file from a remote location, or the current configuration saved and stored for restoration purposes at a later point. A configuration file may be saved or downloaded to/from a specified remote FTP or TFTP server.
Page 104: Resetting The Access Point
| Maintenance Settings HAPTER Resetting the Access Point IP Address — IP address or host name of FTP or TFTP server. ◆ Username — The user ID used for login on an FTP server. ◆ Password — The password used for login on an FTP server. ◆...
Page 105: Status Information
TATUS NFORMATION The Information menu displays information on the current system configuration, the wireless interface, the station status and system logs. Status Information includes the following sections: “AP Status” on page 105 ◆ “Station Status” on page 107 ◆ “Event Logs” on page 108 ◆...
Page 106 | Status Information HAPTER AP Status The following items are displayed on this page: Serial Number — The serial number of the physical access point. ◆ System Up Time — Length of time the management agent has been ◆ Ethernet MAC Address — The physical layer address for the Ethernet ◆...
Page 107: Ap Wireless Configuration
| Status Information HAPTER Station Status The AP Wireless Configuration displays the VAP interface settings. AP W IRELESS ONFIGURATION Figure 55: AP Wireless Configuration The following items are displayed on this page: VAP — Displays the VAP number. ◆ SSID — The service set identifier for the VAP interface. ◆...
Page 108: Event Logs
| Status Information HAPTER Event Logs VENT The Event Logs window shows the log messages generated by the access point and stored in memory. Figure 57: Event Logs The following items are displayed on this page: Display Event Log — Selects the log entries to display. Up to 20 log ◆...
Page 109 | Status Information HAPTER Event Logs – 109 –...
Page 110: Ection
ECTION OMMAND NTERFACE This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: “Using the Command Line Interface” on page 112 ◆ “General Commands” on page 118 ◆...
Page 111 | Command Line Interface ECTION “VLAN Commands” on page 228 ◆ “WMM Commands” on page 231 ◆ – 111 –...
Page 112: Using The Command Line Interface
SING THE OMMAND NTERFACE When accessing the management interface for the over a direct connection to the console port, or via a Telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. Using the access point’s command-line interface (CLI) is very similar to entering commands on a UNIX system.
Page 113: Telnet Connection
| Using the Command Line Interface HAPTER Telnet Connection ELNET ONNECTION Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods.
Page 114: Entering Commands
| Using the Command Line Interface HAPTER Entering Commands NTERING OMMANDS This section describes how to enter CLI commands. A CLI command is a series of keywords and arguments. Keywords identify EYWORDS AND a command, and arguments specify configuration parameters. For RGUMENTS example, in the command “show interfaces ethernet,”...
Page 115: Negating The Effect Of Commands
| Using the Command Line Interface HAPTER Entering Commands filters Show filters. interface Show interface information. line TTY line information. lldp Show lldp parameters. logging Show the logging buffers. radius Show radius server. snmp Show snmp configuration. sntp Show sntp configuration. station Show 802.11 station table.
Page 116: Exec Commands
| Using the Command Line Interface HAPTER Entering Commands list of the commands available for the current mode. The command classes and associated modes are displayed in the following table: Table 5: Command Modes Class Mode Exec Privileged Configuration Global Interface-ethernet Interface-wireless Interface-wireless-vap...
Page 117: Command Line Processing
| Using the Command Line Interface HAPTER Entering Commands To enter Interface mode, you must enter the “interface ethernet” while in Global Configuration mode. The system prompt will change to “AP(if-ethernet)#,” or “AP(if-wireless 0)” indicating that you have access privileges to the associated commands. You can use the exit command to return to the Exec mode.
Page 118: General Commands
ENERAL OMMANDS This chapter details general commands that apply to the CLI. Table 7: General Commands Command Function Mode Page configure Activates global configuration mode Exec Returns to previous configuration mode GC, IC exit Returns to the previous configuration mode, or exits the CLI cli-session-timeout Sets a timeout for CLI and Telnet sessions...
Page 119 | General Commands HAPTER This command returns to the previous configuration mode. EFAULT ETTING None OMMAND Global Configuration, Interface Configuration XAMPLE This example shows how to return to the Configuration mode from the Interface Configuration mode: AP(if-ethernet)#end AP(config)# This command returns to the Exec mode or exits the configuration exit program.
Page 120 | General Commands HAPTER OMMAND Exec XAMPLE The following example disables the CLI timeout. AP(config)# cli-session-timeout disable AP(config)# This command sends ICMP echo request packets to another node on the ping network. YNTAX ping <host_name | ip_address> host_name - Alias of the host. ip_address - IP address of the host.
Page 121: Show Line
| General Commands HAPTER This command restarts the system or restores the factory default settings. reset YNTAX reset <board | configuration> board - Reboots the system. configuration - Resets the configuration settings to the factory defaults, and then reboots the system. EFAULT ETTING None...
Page 122: System Management Commands
YSTEM ANAGEMENT OMMANDS These commands are used to configure the password, system logs, browser management options, clock settings, and a variety of other system information. Table 8: System Management Commands Command Function Mode Page country Sets the access point country code Exec prompt Customizes the command line prompt...
Page 123: Table 9: Country Codes
| System Management Commands HAPTER This command configures the access point’s country code, which identifies country the country of operation and sets the authorized radio channels. YNTAX country <country_code> country_code - A two character code that identifies the country of operation.
Page 124 | System Management Commands HAPTER EFAULT ETTING US - for units sold in the United States 99 (no country set) - for units sold in other countries OMMAND Exec OMMAND SAGE If you purchased an access point outside of the United States, the ◆...
Page 125 | System Management Commands HAPTER EFAULT ETTING Enterprise AP OMMAND Global Configuration XAMPLE AP(config)#system name AP AP(config)# After initially logging onto the system, you should set the password. password Remember to record it in a safe place. YNTAX password <password> password - Password for management access.
Page 126 | System Management Commands HAPTER After boot up, the SSH server needs about two minutes to generate ◆ host encryption keys. The SSH server is disabled while the keys are being generated. The show system command displays the status of the SSH server.
Page 127 | System Management Commands HAPTER This command specifies the TCP port number used by the web browser apmgmtui http port interface. Use the no form to use the default port. YNTAX apmgmtui http port <port-number> no apmgmtui http port port-number - The TCP port to be used by the browser interface. (Range: 80 or 1024-65535) EFAULT ETTING...
Page 128 | System Management Commands HAPTER This command sets the web browser timeout limit. apmgmtui http session-timeout YNTAX apmgmtui http session-timeout <seconds> seconds - The web session timeout. (Range: 0-1800 seconds, 0 means disabled) EFAULT ETTING 1800 seconds OMMAND Global Configuration XAMPLE AP(config)# apmgmtui http session-timeout 0 AP(config)#...
Page 129 | System Management Commands HAPTER XAMPLE AP(config)# apmgmtui https port 1234 AP(config)# Use this command to enable the secure hypertext transfer protocol apmgmtui https (HTTPS) over the Secure Socket Layer (SSL), providing secure access (that server is, an encrypted connection) to the access point’s web interface. Use the no form to disable this function.
Page 130 | System Management Commands HAPTER This command enables and disables SNMP management access to the AP. apmgmtui snmp YNTAX apmgmtui snmp [enable | disable] enable - Enables SNMP management access. disable - Disables SNMP management access. EFAULT ETTING Enabled OMMAND Global Configuration XAMPLE AP(config)# apmgmtui snmp enable...
Page 131: Show System
| System Management Commands HAPTER OMMAND SAGE ◆ If anyone tries to access a management interface on the access point from an invalid address, the unit will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.
Page 132: System Management Commands
| System Management Commands HAPTER System Contact System Country Code : US - United States MAC Address : 00:22:2d:4d:7b:80 Radio 0 MAC Address : 00:22:2d:4d:7b:81: IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.254 VLAN Status : Disable Management VLAN ID(AP): 1 DHCP Client : static...
Page 133 Admin status : Up Operational status : Up ======================================== Wireless Interface 802.11a Information =========================================================== ----------------Identification----------------------------- Description : SMC 802.11a Access Point SSID : SMC_A 0 Channel : 0 (AUTO) Status : Disable ----------------802.11 Parameters-------------------------- Transmit Power : 100% (5 dBm)
Page 134 | System Management Commands HAPTER Key 1: EMPTY Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Key Length : Key 1: ZERO Key 2: ZERO Key 3: ZERO Key 4: ZERO Authentication Type : OPEN Rogue AP Detection : Disabled Rogue AP Scan Interval : 720 minutes Rogue AP Scan Duration...
Page 135 No 802.11g Channel Stations. System Information ============================================================== Serial Number System Up time : 0 days, 0 hours, 16 minutes, 51 seconds System Name : SMC System Location System Contact : Contact System Country Code : 99 - NO_COUNTRY_SET MAC Address...
Page 136 | System Management Commands HAPTER Boot Rom Version : v3.0.7 Software Version : v4.3.2.2 SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLED WEB Redirect : DISABLED DHCP Relay : DISABLED ============================================================== Version Information ========================================= Version: v4.3.2.2 Date : Dec 20 2005, 18:38:12 =========================================...
Page 137: System Logging Commands
YSTEM OGGING OMMANDS These commands are used to configure system logging on the access point. Table 10: System Management Commands Command Function Mode Page logging on Controls logging of error messages logging host Adds a syslog server host IP address that will receive logging messages logging console Initiates logging of error messages to the console...
Page 138 | System Logging Commands HAPTER This command specifies syslog servers host that will receive logging logging host messages. Use the no form to remove syslog server host. YNTAX logging host <1 | 2 | 3 | 4> <host_name | host_ip_address> [udp_port] no logging host <1 | 2 | 3 | 4>...
Page 139: Table 11: Logging Levels
| System Logging Commands HAPTER This command sets the minimum severity level for event logging. logging level YNTAX logging level <Emergency | Alert | Critical | Error | Warning | Notice | Informational | Debug> EFAULT ETTING Informational OMMAND Global Configuration OMMAND SAGE Messages sent include the selected level down to Emergency level.
Page 140: Show Logging
| System Logging Commands HAPTER This command displays the logging configuration. show logging YNTAX show logging OMMAND Exec XAMPLE AP#show logging Logging Information ===================================================== Syslog State : ENABLE Logging Console State : DISABLE Logging Level : Debug Servers 1: 10.7.16.98, UDP Port: 514, State: DISABLE 2: 10.7.13.48, UDP Port: 514, State: DISABLE 3: 10.7.123.123, UDP Port: 65535, State: DISABLE 4: 10.7.13.77, UDP Port: 5432, State: DISABLE...
Page 141: System Clock Commands
YSTEM LOCK OMMANDS These commands are used to configure SNTP and system clock settings on the access point. Table 12: System Clock Commands Command Function Mode Page sntp-server ip Specifies one or more time servers sntp-server enabled Accepts time from the specified time servers sntp-server date-time Manually sets the system date and time sntp-server daylight-saving...
Page 142 | System Clock Commands HAPTER XAMPLE AP(config)#sntp-server ip 1 10.1.0.19 ELATED OMMANDS sntp-server enabled show sntp This command enables SNTP client requests for time synchronization with sntp-server enabled NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests.
Page 143 | System Clock Commands HAPTER minute - Sets the minute. (Range: 0-59) EFAULT ETTING 00:14:00, January 1, 1970 OMMAND Global Configuration XAMPLE This example sets the system clock to 12:10 April 27, 2009. AP(config)# sntp-server date-time 2009 4 27 12 10 AP(config)# ELATED OMMANDS...
Page 144 | System Clock Commands HAPTER XAMPLE This sets daylight savings time to be used from the Sunday in the fourth week of April, to the Sunday in the fourth week of October. AP(config)# sntp-server daylight-saving date-week 4 4 0 10 4 0 AP(config)# This command sets the time zone for the access point’s internal clock.
Page 145: System Clock Commands
| System Clock Commands HAPTER Time Zone : (GMT+08) Hong Kong, Perth, Singapore, Taipei Daylight Saving : DISABLED Daylight Saving Time : From MAR, Fourth Week, Wednesday To NOV, Last Week, Sunday =========================================================== – 145 –...
Page 146: Dhcp Relay Commands
DHCP R ELAY OMMANDS Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients that broadcast a request. To receive the broadcast request, the DHCP server would normally have to be on the same subnet as the client. However, when the access point’s DHCP relay agent is enabled, received client requests can be forwarded directly by the access point to a known DHCP server on another subnet.
Page 147 | DHCP Relay Commands HAPTER ELATED OMMANDS show interface wireless – 147 –...
Page 148: Snmp Commands
SNMP C OMMANDS Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages. Table 14: SNMP Commands Command Function Mode Page snmp-server community Sets up the community access string to permit access to SNMP commands snmp-server contact Sets the system contact string...
Page 149 | SNMP Commands HAPTER This command defines the community access string for the Simple Network snmp-server Management Protocol. Use the no form to remove the specified community community string. YNTAX snmp-server community string [ro | rw] no snmp-server community string string - Community string that acts like a password and permits access to the SNMP protocol.
Page 150 | SNMP Commands HAPTER OMMAND Global Configuration XAMPLE AP(config)#snmp-server contact Paul AP(config)# ELATED OMMANDS snmp-server location This command sets the system location string. Use the no form to remove snmp-server the location string. location YNTAX snmp-server location <text> no snmp-server location text - String that describes the system location.
Page 151: Snmp-Server Host
| SNMP Commands HAPTER OMMAND SAGE ◆ This command enables both authentication failure notifications and link-up-down notifications. The snmp-server host command specifies the host device that will ◆ receive SNMP notifications. XAMPLE AP(config)#snmp-server enable server AP(config)# ELATED OMMANDS snmp-server host This command specifies the recipient of an SNMP notification.
Page 152 | SNMP Commands HAPTER This command enables the access point to send specific SNMP traps snmp-server trap (i.e., notifications). Use the no form to disable specific trap messages. YNTAX snmp-server trap <trap> no snmp-server trap <trap> trap - One of the following SNMP trap messages: dot11InterfaceAGFail - The 802.11a or 802.11g interface has failed.
Page 153 | SNMP Commands HAPTER sntpServerFail - The access point has failed to set the time from the configured SNTP server. sysConfigFileVersionChanged - The access point’s configuration file has been changed. sysRadiusServerChanged - The access point has changed from the primary RADIUS server to the secondary, or from the secondary to the primary.
Page 154 | SNMP Commands HAPTER OMMAND Global Configuration OMMAND SAGE The access point allows multiple notification filters to be created. Each ◆ filter can be defined by up to 20 MIB subtree ID entries. ◆ Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects.
Page 155: Snmp-Server User
| SNMP Commands HAPTER password for authentication and a DES key/password for encryption. read-view - The name of a defined SNMPv3 view for read access. write-view - The name of a defined SNMPv3 view for write access. EFAULT ETTING None OMMAND Global Configuration OMMAND...
Page 156 | SNMP Commands HAPTER EFAULT ETTING None OMMAND Global Configuration OMMAND SAGE Multiple SNMPv3 users can be configured on the access point. ◆ Users must be assigned to groups that have the same security levels. If ◆ a user who has “AuthPriv” security (uses authentication and encryption) is assigned to a NoAuthNoPriv group, the user will not be able to access the database.
Page 157 | SNMP Commands HAPTER The SNMP v3 user name that is specified in the target must first be ◆ configured using the snmp-server user command. XAMPLE AP(config)#snmp-server target tarname 192.168.1.33 chris 1234 AP(config)# This command configures SNMP v3 notification filters. Use the no form to snmp-server filter delete an SNMP v3 filter or remove a subtree from a filter.
Page 158: Show Snmp Users
| SNMP Commands HAPTER This command displays the SNMP v3 users and settings. show snmp users YNTAX show snmp users OMMAND Exec XAMPLE AP# show snmp users User List: ================================== UserName : chris GroupName : testgroup AuthType : None PrivType : None UserName : david...
Page 159: Show Snmp Filter
| SNMP Commands HAPTER This command displays the SNMP v3 notification filter settings. show snmp filter YNTAX show snmp filter [filter-id] filter-id - A user-defined name that identifies an SNMP v3 notification filter. (Maximum length: 32 characters) OMMAND Exec XAMPLE AP# show snmp filter Filter List: ==================================...
Page 160 | SNMP Commands HAPTER systemUp: Disabled systemDown: Disabled ========================================================================== This command displays the configured SNMP v3 views. show snmp vacm view YNTAX show snmp vacm view [view-name] view-name - The name of a user-defined SNMPv3 view. OMMAND Exec XAMPLE AP# sh snmp vacm view View List: ================================== View Name...
Page 161: Snmp Commands
| SNMP Commands HAPTER ================================== Group Name : testgroup Security Level : NoAuthNoPriv Read-View : defaultview Write-View : defaultview Group Name : group2 Security Level : AuthPriv Read-View : defaultview Write-View : defaultview ================================== – 161 –...
Page 162: Flash /File Commands
LASH OMMANDS These commands are used to manage the system code or configuration files. Table 15: Flash/File Commands Command Function Mode Page dual-image Specifies the file or image used to start up the system copy Copies a code image or configuration between Exec flash memory and a FTP/TFTP server show dual-image...
Page 163 | Flash/File Commands HAPTER XAMPLE AP# dual-image boot-image A Change image to A This command copies a boot file, code image, or configuration file between copy the access point’s flash memory and a FTP/TFTP server. When you save the configuration settings to a file on a FTP/TFTP server, that file can later be downloaded to the access point to restore system operation.
Page 164 | Flash/File Commands HAPTER characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”) Due to the size limit of the flash memory, the access point supports ◆ only two operation code files. The system configuration file must be named “syscfg” in all copy ◆...
Page 165: Radius Client Commands
RADIUS C LIENT OMMANDS Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access for RADIUS-aware devices to the network. An authentication server contains a database of credentials, such as users names and passwords, for each wireless client that requires access to the access point.
Page 166: Table 16: Radius Client Commands
| RADIUS Client Commands HAPTER XAMPLE AP(config)# radius-server primary enable This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# This command specifies the primary and secondary RADIUS server radius-server address. address YNTAX radius-server {primary | secondary} address <address>...
Page 167 | RADIUS Client Commands HAPTER If want to take effect, please execute make-radius-effective command ! AP(config)# This command sets the RADIUS encryption key. radius-server key YNTAX radius-server {primary | secondary] key <key_string> key_string - Encryption key used to authenticate logon access for client.
Page 168 | RADIUS Client Commands HAPTER This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# This command sets the RADIUS Accounting port. radius-server accounting port YNTAX radius-server accounting port <port> port - The port used by the RADIUS Accounting server. (Range: 1024~65535) EFAULT ETTING...
Page 169: Radius-Server Accounting
| RADIUS Client Commands HAPTER XAMPLE AP(config)# radius-server accounting key green This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# This command sets the interval between transmitting accounting updates radius-server to the RADIUS server. accounting timeout-interim YNTAX...
Page 170: Show Radius
| RADIUS Client Commands HAPTER Please wait a while... AP(config)# This command displays the current settings for the RADIUS server. show radius EFAULT ETTING None OMMAND Exec XAMPLE AP#show radius Radius Accounting Information ============================================== : 10.7.16.96 : ********* Port : 1813 timeout-interim : 300 ============================================== Radius Primary Server Information...
Page 171: 802.1X Authentication Commands
802.1X A UTHENTICATION OMMANDS The access point supports IEEE 802.1X access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. Client authentication is then verified by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to the network.
Page 172: Show Interface Wireless
| 802.1X Authentication Commands HAPTER XAMPLE AP(if-wireless 0: VAP[0])# 802.1x enable This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# ELATED OMMANDS show interface wireless This command sets the time period after which a connected client must be 802.1x session- re-authenticated.
Page 173: Mac Address Authentication Commands
MAC A DDRESS UTHENTICATION OMMANDS Use these commands to define MAC authentication on the access point. For local MAC authentication, first define the default filtering policy using the address filter default command. Then enter the MAC addresses to be filtered, indicating if they are allowed or denied. For RADIUS MAC authentication, the MAC addresses and filtering policy must be configured on the RADIUS server.
Page 174 | MAC Address Authentication Commands HAPTER ELATED OMMANDS address filter entry This command enters a MAC address in the filter table. address filter entry YNTAX address filter entry <allowed | denied> <mac-address> allowed - Entry is allowed access. denied - Entry is denied access. mac-address - Physical address of client.
Page 175 | MAC Address Authentication Commands HAPTER EFAULT None OMMAND Global Configuration XAMPLE AP(config)#address filter delete allowed 00-70-50-cc-99-1b AP(config)# This command sets address filtering to be performed with local or remote mac-authentication options. Use the no form to disable MAC address authentication. server YNTAX mac-authentication server [local | remote]...
Page 176: Global Configuration
| MAC Address Authentication Commands HAPTER EFAULT 0 (disabled) OMMAND Global Configuration XAMPLE AP(config)#mac-authentication session-timeout 300 AP(config)# This command shows all authentication settings, as well as the address show authentication filter table. OMMAND Exec XAMPLE AP# show authentication Authentication Information =========================================================== MAC Authentication Server : Disable Session Timeout...
Page 177: Filtering Commands
ILTERING OMMANDS The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types. Table 19: Filtering Commands Command Function Mode Page filter local-bridge Disables communication between wireless clients GC...
Page 178 | Filtering Commands HAPTER OMMAND SAGE This command can disable wireless-to-wireless communications between clients via the access point. However, it does not affect communications between wireless clients and the wired network. XAMPLE AP(config)#filter local-bridge all-vap AP(config)# This command prevents wireless clients from accessing the management filter ap-manage interface on the access point.
Page 179 | Filtering Commands HAPTER OMMAND Global Configuration OMMAND SAGE You can add up to 128 MAC addresses to the filtering table. XAMPLE AP(config)#filter acl-source-address add 00-12-34-56-78-9a AP(config)#filter acl-source-address enable AP(config)# This command configures ACL filtering based on source MAC addresses in filter acl- data frames.
Page 180 | Filtering Commands HAPTER OMMAND Global Configuration OMMAND SAGE This command is used in conjunction with the filter ethernet-type protocol command to determine which Ethernet protocol types are to be filtered. XAMPLE AP(config)#filter ethernet-type enabled AP(config)# ELATED OMMANDS filter ethernet-type protocol This command sets a filter for a specific Ethernet type.
Page 181: Show Filters
| Filtering Commands HAPTER This command shows the filter options and protocol entries in the filter show filters table. YNTAX show filters [acl-source-address | acl-destination-address] OMMAND Exec XAMPLE AP#show filters Protocol Filter Information ======================================================================= Local Bridge :Traffic among all client STAs blocked AP Management :DISABLED EtherType Filter...
Page 182: Spanning Tree Commands
PANNING OMMANDS The commands described in this section are used to set the MAC address table aging time and spanning tree parameters for both the Ethernet and wireless interfaces. Table 20: Spanning Tree Commands Command Function Mode Page bridge stp service Enables the Spanning Tree feature bridge stp br-conf Configures the spanning tree bridge forward...
Page 183 | Spanning Tree Commands HAPTER This command enables the Spanning Tree Protocol. Use the no form to bridge stp service disable the Spanning Tree Protocol. YNTAX [no] bridge stp service EFAULT ETTING Enabled OMMAND Global Configuration XAMPLE This example globally enables the Spanning Tree Protocol. AP(config)bridge stp service AP(config) Use this command to configure the spanning tree bridge forward time...
Page 184 | Spanning Tree Commands HAPTER Use this command to configure the spanning tree bridge hello time globally bridge stp br-conf for the wireless bridge. hello-time YNTAX bridge stp br-conf hello-time <time> time - Time in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1]. EFAULT ETTING 2 seconds...
Page 185 | Spanning Tree Commands HAPTER XAMPLE AP(config)#bridge stp max-age 40 AP(config)# Use this command to configure the spanning tree priority globally for the bridge stp br-conf wireless bridge. priority YNTAX bridge stp br-conf priority <priority> priority - Priority of the bridge. (Range: 0 - 65535) EFAULT ETTING 32768...
Page 186 | Spanning Tree Commands HAPTER XAMPLE AP(config)# bridge stp port-conf interface wireless 0 Enter Wireless configuration commands, one per line. AP(stp-if-wireless 0)# Use this command to configure the spanning tree path cost for the bridge-link path- Ethernet port. cost YNTAX bridge-link path-cost <cost>...
Page 187 | Spanning Tree Commands HAPTER OMMAND SAGE ◆ This command defines the priority for the use of a port in the Spanning Tree Protocol. If the path cost for all ports on a wireless bridge are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.
Page 188: Show Bridge Stp
| Spanning Tree Commands HAPTER XAMPLE AP(stp-if-wireless 0: VAP[0])# path-cost 512 AP(stp-if-wireless 0: VAP[0])# This command sets the spanning tree path cost for the VAP interface. port-priority (STP Interface) YNTAX port-priority <priority> priority - The priority for the VAP interface. (Range: 0-63) OMMAND Global Configuration (STP interface) OMMAND...
Page 189: Show Bridge Br-Conf
| Spanning Tree Commands HAPTER ================================== This command displays spanning tree settings for a specified VLAN. show bridge br-conf YNTAX show bridge br-conf <all | vlan-id> all - Keyword to show the STP configuration for all VLANs. vlan-id - Specifies a VLAN ID. (Range: 0-4095) OMMAND Exec XAMPLE...
Page 190: Spanning Tree Commands
| Spanning Tree Commands HAPTER Link Port Priority : 32 Link Path Cost ======================================== ATH0 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH1 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH2 configuration ========================================...
Page 191 | Spanning Tree Commands HAPTER vlan-id - Specifies a VLAN ID. (Range: 0-4095) OMMAND Exec XAMPLE AP# show bridge status all br0 status ===================================================== Bridge ID : 8000.0012cfa25430 Designated Root ID : 8000.0012cfa25430 Root Port ath0 --- port 0x2 Port ID : 0x8002 Designated Root ID : 8000.0012cfa25430...
Page 192 | Spanning Tree Commands HAPTER OMMAND Exec XAMPLE AP# show bridge forward-addr interface wireless 0 vap 0 MAC ADDRESS INTERFACE VLAN ===================================================== 02:12:cf:a2:54:30 ath0 ===================================================== – 192 –...
Page 193: Wds Bridge Commands
WDS B RIDGE OMMANDS The commands described in this section are used to set the operation mode for each access point interface and configure Wireless Distribution System (WDS) forwarding table settings. Table 21: WDS Bridge Commands Command Function Mode Page wds ap Selects the bridge operation mode for a radio IC-W...
Page 194 | WDS Bridge Commands HAPTER EFAULT ETTING None OMMAND Interface Configuration (Wireless) VAP OMMAND SAGE In WDS-STA mode, the VAP operates as a client station in WDS mode, which connects to an access point in WDS-AP mode. The user needs to specify the SSID and MAC address of the VAP to which it intends to connect.
Page 195: Ethernet Interface Commands
THERNET NTERFACE OMMANDS The commands described in this section configure connection parameters for the Ethernet port and wireless interface. Table 22: Ethernet Interface Commands Command Function Mode Page interface ethernet Enters Ethernet interface configuration mode Specifies the primary and secondary name IC-E servers ip address...
Page 196 | Ethernet Interface Commands HAPTER This command specifies the address for the primary or secondary domain name server to be used for name-to-address resolution. YNTAX dns {primary-server | secondary-server} <server-address> primary-server - Primary server used for name resolution. secondary-server - Secondary server used for name resolution. server-address - IP address of domain-name server.
Page 197 | Ethernet Interface Commands HAPTER OMMAND Interface Configuration (Ethernet) OMMAND SAGE DHCP is enabled by default. To manually configure a new IP address, ◆ you must first disable the DHCP client with the no ip dhcp command. You must assign an IP address to this device to gain management ◆...
Page 198 | Ethernet Interface Commands HAPTER XAMPLE AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. AP(if-ethernet)#ip dhcp AP(if-ethernet)# ELATED OMMANDS ip address This command disables the Ethernet interface. To restart a disabled shutdown interface, use the no form. YNTAX [no] shutdown EFAULT ETTING Interface enabled...
Page 199: Ethernet Interface Commands
| Ethernet Interface Commands HAPTER XAMPLE AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.1.1 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.254 Admin status : Up Operational status : Up ======================================== – 199 –...
Page 200: Wireless Interface Commands
IRELESS NTERFACE OMMANDS The commands described in this section configure connection parameters for the wireless interfaces. Table 23: Wireless Interface Commands Command Function Mode Page interface wireless Enters wireless interface configuration mode Provides access to the VAP interface IC-W configuration mode a-mpdu Sets the Aggregate MAC Protocol Data Unit (A- IC-W...
Page 201 | Wireless Interface Commands HAPTER This command enters wireless interface configuration mode. interface wireless YNTAX interface wireless <index> index - The index of the wireless interface. (Range: 0) EFAULT ETTING None OMMAND Global Configuration XAMPLE AP(config)# interface wireless 0 Enter Wireless configuration commands, one per line. AP(if-wireless 0)# This command provides access to the VAP (Virtual Access Point) interface configuration mode.
Page 202 | Wireless Interface Commands HAPTER EFAULT ETTING Disabled OMMAND Interface Configuration (Wireless) XAMPLE AP(if-wireless 0)#a-mpdu enable AP(if-wireless 0)# This command enables and sets the Aggregate MAC Service Data Unit a-msdu (A-MSDU). YNTAX a-msdu {enable | disable | length <length>} enable - Enable A-MSDU. disable - Disable A-MSDU.
Page 203 | Wireless Interface Commands HAPTER ht40-channel - The 802.11n 40 MHz channel number: 11ng mode: 01Plus, 02Plus, 03Plus, 04Plus, 05Plus, 05Minus, 06Plus, 06Minus, 07Plus, 07Minus, 08Minus, 09Minus, 10Minus, 11Minus 11na mode: 36Plus, 40Minus, 44Plus, 48Minus, 52Plus, 56Minus, 60Plus, 64Minus, 100Plus, 104Minus, 108Plus, 112Minus, 116Plus, 120Minus, 124Plus, 128Minus, 132Plus, 136Minus, 149Plus, 153Minus, 157Plus, 161Minus auto - Automatically selects an unoccupied channel (if available).
Page 204 | Wireless Interface Commands HAPTER This command adjusts the power of the radio signals transmitted from the transmit-power access point. YNTAX transmit-power <signal-strength> signal-strength - Signal strength transmitted from the access point. (Options: full, half, quarter, eighth, min) EFAULT ETTING Full OMMAND Interface Configuration (Wireless)
Page 205 | Wireless Interface Commands HAPTER OMMAND SAGE Both the 802.11g and 802.11b standards operate within the 2.4 GHz band. If you are operating in 11ng mode, any 802.11b devices in the service area will contribute to the radio frequency noise and affect network performance.
Page 206 | Wireless Interface Commands HAPTER OMMAND SAGE Using a short preamble instead of a long preamble can increase data ◆ throughput on the access point, but requires that all clients can support a short preamble. Set the preamble to long to ensure the access point can support all ◆...
Page 207 | Wireless Interface Commands HAPTER This command configures the rate at which beacon signals are transmitted beacon-interval from the access point. YNTAX beacon-interval <interval> interval - The rate for transmitting beacon signals. (Range: 20-1000 milliseconds) EFAULT ETTING OMMAND Interface Configuration (Wireless) OMMAND SAGE The beacon signals allow wireless clients to maintain contact with the...
Page 208 | Wireless Interface Commands HAPTER the access point will save all broadcast/multicast frames for the Basic Service Set (BSS) and forward them after every beacon. Using smaller DTIM intervals delivers broadcast/multicast frames in a ◆ more timely manner, causing stations in Power Save mode to wake up more often and drain power faster.
Page 209 | Wireless Interface Commands HAPTER XAMPLE AP(if-wireless 0)# rts-threshold 0 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)# This command configures the service set identifier (SSID) of the VAP. ssid YNTAX ssid <string>...
Page 210 | Wireless Interface Commands HAPTER OMMAND SAGE When closed system is enabled, the access point will not include its SSID in beacon messages. Nor will it respond to probe requests from clients that do not include a fixed SSID. XAMPLE AP(if-wireless g: VAP[0])#closed-system This setting has not been effective ! If want to take effect, please execute make-security-effective command !
Page 211: Show Interface
| Wireless Interface Commands HAPTER OMMAND Interface Configuration (Wireless-VAP) XAMPLE AP(if-wireless 0: VAP[0])# auth-timeout-interval 10 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# This command disables the VAP interface. Use the no form to restart the shutdown interface.
Page 212: Wireless Interface Commands
| Wireless Interface Commands HAPTER XAMPLE AP# show interface wireless 0 vap 0 ----------------------------------Basic Setting---------------------------- SSID : SMC_VAP_0 Interface Radio Mode : 11ng Auto Channel Select : DISABLE Channel : 11 High Throughput Mode : HT20 Status : ENABLE VLAN-ID Dhcp-Relay Server Ip : 0.0.0.0 ------------------------------------Capacity-------------------------------...
Page 213: Show Station
| Wireless Interface Commands HAPTER This command shows the wireless clients associated with the access point. show station OMMAND Exec XAMPLE AP#show station Station Table Information ======================================== Wireless Interface 0 VAPs List: if-wireless 0 VAP [0] : if-wireless 0 VAP [1] : if-wireless 0 VAP [2] : if-wireless 0 VAP [3] : if-wireless 0 VAP [4] :...
Page 214: Wireless Security Commands
IRELESS ECURITY OMMANDS The commands described in this section configure parameters for wireless security on the VAP interfaces. Table 24: Wireless Security Commands Command Function Mode Page auth Defines the 802.11 authentication type allowed by IC-W- the access point encryption Defines whether or not WEP encryption is used to IC-W- provide privacy for wireless communications...
Page 215 | Wireless Security Commands HAPTER wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for authentication. wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Pre- shared Key are accepted for authentication EFAULT ETTING open-system OMMAND Interface Configuration (Wireless-VAP) OMMAND SAGE The auth command automatically configures settings for each ◆...
Page 216 | Wireless Security Commands HAPTER encryption cipher suite is set to TKIP, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for each client. The access point advertises it’s supported encryption ciphers in beacon frames and probe responses. WPA and WPA2 clients select the cipher they support and return the choice in the association request to the access point.
Page 217 | Wireless Security Commands HAPTER XAMPLE AP(if-wireless 0: VAP[0])# encryption This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# ELATED OMMANDS This command sets the keys used for WEP encryption. Use the no form to delete a configured key.
Page 218 | Wireless Security Commands HAPTER XAMPLE AP(if-wireless 0: VAP[0])# key 1 64 hex 1234512345 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# ELATED OMMANDS encryption transmit-key This command sets the index of the WEP key to be used for encrypting transmit-key data frames transmitted from the VAP to wireless clients.
Page 219 | Wireless Security Commands HAPTER This command defines the cipher algorithm used to encrypt the global key cipher-suite for broadcast and multicast traffic when using WPA or WPA2 security. YNTAX multicast-cipher <aes-ccmp | tkip > aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher.
Page 220 | Wireless Security Commands HAPTER XAMPLE AP(if-wireless 0: VAP[0])# cipher-suite tkip This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# This command defines a Wi-Fi Protected Access (WPA/WPA2) Pre-shared- wpa-pre-shared-key key.
Page 221 | Wireless Security Commands HAPTER This command sets the time for aging out cached WPA2 Pairwise Master pmksa-lifetime Key Security Association (PMKSA) information for fast roaming. YNTAX pmksa-lifetime <minutes> minutes - The time for aging out PMKSA information. (Range: 0 - 14400 minutes) EFAULT ETTING 720 minutes...
Page 222: Wireless Security Commands
| Wireless Security Commands HAPTER XAMPLE AP(if-wireless 0: VAP[0])# make-security-effective It will take several minutes ! Please wait a while... Args: 1 no wireless extensions. eth0 no wireless extensions. no wireless extensions. wifi0 no wireless extensions. no wireless extensions. eth0 no wireless extensions.
Page 223 | Wireless Security Commands HAPTER no wireless extensions. eth0 no wireless extensions. no wireless extensions. wifi0 no wireless extensions. Error for wireless request "Set Fragmentation Threshold" (8B24) : SET failed on device ath0 ; Invalid argument. [: Added ath0 mode master Created ath0 mode ap for SMC_VAP_0: bad number ath0 Link encap:Ethernet HWaddr 00:22:2D:4D:7B:81 killall: udhcpc: no process killed...
Page 224: Link Layer Discovery Commands
AYER ISCOVERY OMMANDS LLDP allows devices in the local broadcast domain to share information about themselves. LLDP-capable devices periodically transmit information in messages called Type Length Value (TLV) fields to neighbor devices. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
Page 225 | Link Layer Discovery Commands HAPTER This command configures the time-to-live (TTL) value sent in LLDP lldp-transmit hold- advertisements. muliplier YNTAX lldp transmit hold-multiplier <multiplier> multiplier - The hold multiplier number. (Range: 2-10) EFAULT ETTING OMMAND Global Configuration OMMAND SAGE This command configures the time-to-live (TTL) value sent in LLDP ◆...
Page 226: Table 25: Link Layer Discovery Commands
| Link Layer Discovery Commands HAPTER XAMPLE AP(config)# lldp transmit interval 30 AP(config)# This command configures the delay before attempting to re-initialize after lldp transmit re-init- LLDP ports are disabled or the link goes down. delay YNTAX lldp transmit re-init-delay <seconds> seconds - Time in seconds.
Page 227: Show Lldp
| Link Layer Discovery Commands HAPTER objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission. This attribute must comply with the rule: (4 * Delay Interval) ≤ ◆ Transmission Interval XAMPLE AP(config)# lldp transmit delay-to-local-change 10 txDelay range is 1 to quter of msgTxInterval AP(config)# This command displays the current LLDP configuration.
Page 228: Vlan Commands
VLAN C OMMANDS The access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network. VLAN IDs can be mapped to specific VAP interfaces, allowing users to remain within the same VLAN as they move around a campus site. When VLANs are enabled, the access point’s Ethernet port drops AUTION all received traffic that does not include a VLAN tag.
Page 229 | VLAN Commands HAPTER Traffic entering the Ethernet port must be tagged with a VLAN ID that ◆ matches the access point’s management VLAN ID, or with a VLAN tag that matches one of the VAP default VLAN IDs. XAMPLE AP(config)# vlan enabled Warning! VLAN's status has been changed now !
Page 230 | VLAN Commands HAPTER This command configures the default VLAN ID for the VAP interface. vlan-id YNTAX vlan-id <vlan-id> vlan-id - Default VLAN ID. (Range: 1-4094) EFAULT ETTING OMMAND Interface Configuration (Wireless-VAP) OMMAND SAGE ◆ To implement the default VLAN ID setting for VAP interface, the access point must enable VLAN support using the vlan command.
Page 231: Wmm Commands
WMM C OMMANDS The access point implements QoS using the Wi-Fi Multimedia (WMM) standard. Using WMM, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard and it enables the access point to inter-operate with both WMM-enabled clients and other devices that may lack any WMM functionality.
Page 232 | WMM Commands HAPTER This command allows the acknowledgement wait time to be enabled or wmm-acknowledge- disabled for each Access Category (AC). policy YNTAX wmm-acknowledge-policy <ac_number> <ack | noack> ac_number - Access categories. (Range: 0-3) ack - Require the sender to wait for an acknowledgement from the receiver.
Page 233: Table 28: Ap Parameters
| WMM Commands HAPTER BSS - Wireless client ac_number - Access categories (ACs) – voice, video, best effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802.1D priority tags as shown in Table 4 on page 96.
Page 234 | WMM Commands HAPTER WMM Parame- AC0 (Best Ef- AC1 (Back- AC2 (Video) AC3 (Voice) ters fort) ground) AIFS TXOP Limit Admission Disabled Disabled Disabled Disabled Control OMMAND Interface Configuration (Wireless) XAMPLE AP(if-wireless 0)# wmmparam ap 0 5 10 3 64 1 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)#...
Page 235 | WMM Commands HAPTER – 235 –...
Page 236: Siv A
ECTION PPENDICES This section provides additional information and includes these items: “Troubleshooting” on page 237 ◆ “WDS Setup Examples” on page 240 ◆ “Hardware Specifications” on page 249 ◆ ◆ “Cables and Pinouts” on page 252 “Glossary” on page 257 ◆...
Page 237: A Troubleshooting
ROUBLESHOOTING LED I IAGNOSING NDICATORS Table 30: LED Indicators Symptom Action Power LED is off ◆ The AC power adapter may be disconnected. Check connections between the unit, the power adapter, and the wall outlet. ◆ The PoE cable may be disconnected. Check connections between the unit and the PoE power source.
Page 238 | Troubleshooting PPENDIX Before Contacting Technical Support If authentication is being performed through IEEE 802.1X, be sure ■ the wireless users have installed and properly configured 802.1X client software. If MAC address filtering is enabled, be sure the client’s address is ■...
Page 239 | Troubleshooting PPENDIX Before Contacting Technical Support If all other recovery measure fail, and the access point is still not functioning properly, take any of these steps: Reset the access point’s hardware using the console interface, web ■ interface, or through a power reset. Reset the access point to its default configuration by using the ■...
Page 240: B Wds Setup Examples
WDS S ETUP XAMPLES The SMCE21011 can use the IEEE 802.11 Wireless Distribution System (WDS) to set up links between APs independently on any of the unit’s eight VAP interfaces. This enables the configuration of multiple links between multiple APs. The SMCE21011 radio can operate in 2.4 GHz mode or 5 GHz mode.
Page 241: Basic Wds Link Between Two Aps
| WDS Setup Examples PPENDIX Basic WDS Link Between Two APs WDS L ASIC ETWEEN Consider the example illustrated in Figure 58. In this example, an SMCE21011 connected to the main wired LAN needs to connect to another SMCE21011 using a WDS link on VAP interface 0. Figure 58: Basic WDS Link Between Two APs Network Core...
Page 242: Figure 59: Wds Example - Access Point A Vap Setting
| WDS Setup Examples PPENDIX Basic WDS Link Between Two APs Figure 59: WDS Example — Access Point A VAP Setting In the VAP Basic Settings, select WDS-AP for the Mode. For security on the WDS link, select WPA-PSK or WPA2-PSK, set the encryption type, then enter the security key.
Page 243: Figure 61: Wds Example - Access Point A Wds-Ap Vap Setting
| WDS Setup Examples PPENDIX Basic WDS Link Between Two APs Figure 61: WDS Example — Access Point A WDS-AP VAP Setting Click the Save Config button to retain the configuration set up when the AP is restarted. CCESS OINT ONFIGURATION Go to the Wireless>VAP Settings page and click Edit to configure VAP 0.
Page 244: Figure 63: Wds Example - Access Point B Vap Details
| WDS Setup Examples PPENDIX Basic WDS Link Between Two APs Click Set to confirm the new settings. Figure 63: WDS Example — Access Point B VAP Details On the VAP Settings page, enable VAP 0 (if not already enabled) and then click Set to implement the new settings.
Page 245: Figure 65: Wds Example - Access Point A Station Status
| WDS Setup Examples PPENDIX Basic WDS Link Between Two APs WDS L HECKING THE TATUS When you have configured both access point VAPs, you can check the status of the link from Access Point A. Go to the Information>Station Status page. For the VAP 0 interface, the Access Point B MAC address displays as a connected station.
Page 246: Wds Links Between Three Or More Aps
| WDS Setup Examples PPENDIX WDS Links Between Three or More APs WDS L INKS ETWEEN HREE OR Consider the example illustrated in Figure 66. In this example, an SMCE21011 connected to the main wired LAN connects to two other units using a WDS links.
Page 247 | WDS Setup Examples PPENDIX WDS Links Between Three or More APs CCESS OINT ONFIGURATION Configure VAP 0 settings: Set VAP 0 to WDS-AP mode. Set security to WPA-PSK or WPA2-PSK and configure a key. Set the SSID and enable the VAP. Configure VAP 1 settings: Set VAP 1 to WDS-AP Mode.
Page 248 | WDS Setup Examples PPENDIX WDS Links Between Three or More APs Configure VAP 1 settings: Set VAP 1 to AP Mode. Set the required security for wireless clients. Set the SSID and enable the VAP. CCESS OINT ONFIGURATION Configure VAP 0 settings: Set VAP 0 to WDS-STA mode.
Page 249: Specifications
ARDWARE PECIFICATIONS 802.11b/g/n: IRELESS RANSMIT 802.11b: 21 dBm (typical) OWER AXIMUM 802.11g: 16 dBm 802.11n HT20 (20MHz, MCS): 20.5 dBm 802.11n HT40 (40MHz, MCS): 21 dBm 802.11a/n: 802.11a: 16 dBm 802.11n HT20 (20MHz, MCS): 18 dBm 802.11n HT40 (40 MHz, MCS): 16 dBm 802.11b/g/n: IRELESS ECEIVE...
Page 250 | Hardware Specifications PPENDIX 802.11b: 1, 2, 5.5, 11 Mbps per channel 802.11g: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel 802.11n: 27, 54, 81, 108, 162, 216, 243, 270, 300 Mbps per channel (40MHz) 802.11a: Normal Mode: 6, 9, 12, 18, 24, 36, 48, 54 Mbps per channel Turbo Mode: 12, 18, 24, 36, 48, 54, 96, 108 Mbps per channel 802.11g/n: PERATING...
Page 251 | Hardware Specifications PPENDIX Operating: 0 to 40 °C (32 to 104 °F) EMPERATURE Storage: -20 to 70 °C (32 to 158 °F) 15% to 95% (non-condensing) UMIDITY FCC Part 15B Class B OMPLIANCES EN 55022B EN 55024 EN 61000-3-2 EN 61000-3-3 FCC Part 15C 15.247, 15.207 (2.4 GHz) ADIO...
Page 252: Ables And Pinouts
ABLES AND INOUTS WISTED ABLE SSIGNMENTS For 10/100BASE-TX connections, a twisted-pair cable must have two pairs of wires. For 1000BASE-T connections the twisted-pair cable must have four pairs of wires. Each wire pair is identified by two different colors. For example, one wire might be green and the other, green with white stripes.
Page 253: Straight-Through Wiring
| Cables and Pinouts PPENDIX Twisted-Pair Cable Assignments Table 31: 10/100BASE-TX MDI and MDI-X Port Pinouts MDI Signal Name MDI-X Signal Name Transmit Data plus (TD+) Receive Data plus (RD+) -48V power (Negative V GND (Positive V port port Transmit Data minus (TD-) Receive Data minus (RD-) -48V power (Negative V GND (Positive V...
Page 254: Crossover Wiring
| Cables and Pinouts PPENDIX Twisted-Pair Cable Assignments If the twisted-pair cable is to join two ports and either both ports are ROSSOVER IRING labeled with an “X” (MDI-X) or neither port is labeled with an “X” (MDI), a crossover must be implemented in the wiring. (When auto-negotiation is enabled for any RJ-45 port on this switch, you can use either straight- through or crossover cable to connect to any device type.) You must connect all four wire pairs as shown in the following diagram to...
Page 255 | Cables and Pinouts PPENDIX Twisted-Pair Cable Assignments Table 32: 1000BASE-T MDI and MDI-X Port Pinouts MDI Signal Name MDI-X Signal Name Bi-directional Pair A Plus (BI_DA+) Bi-directional Pair B Plus (BI_DB+) -48V power (Negative V GND (Positive V port port Bi-directional Pair A Minus (BI_DA-) Bi-directional Pair B Minus (BI_DB-)
Page 256: Console Port Pin Assignments
| Cables and Pinouts PPENDIX Console Port Pin Assignments ONSOLE SSIGNMENTS The RJ-45 console port on the front panel of the access point is used to connect to the access point for out-of-band console configuration to a DB-9 connector on a PC. The command-line configuration program can be accessed from a terminal, or a PC running a terminal emulation program.
Page 257: Glossary
LOSSARY IEEE 802.3-2005 specification for 10 Mbps Ethernet over two pairs of 10BASE-T Category 3 or better UTP cable. IEEE 802.3-2005 specification for 100 Mbps Fast Ethernet over two pairs of 100BASE-TX Category 5 or better UTP cable. IEEE 802.3ab specification for 1000 Mbps Gigabit Ethernet over four pairs 1000BASE-T of Category 5 or better UTP cable.
Page 258 LOSSARY Provides a framework for passing configuration information to hosts on a YNAMIC TCP/IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding ONFIGURATION the capability of automatic allocation of reusable network addresses and (DHCP) ROTOCOL additional configuration options. Data passing between the access point and clients can use encryption to NCRYPTION protect from interception and evesdropping.
Page 259 LOSSARY The physical layer address used to uniquely identify network nodes. MAC A DDRESS NTP provides the mechanisms to synchronize time across the network. The ETWORK time servers operate in a hierarchical-master-slave configuration in order (NTP) ROTOCOL to synchronize local clocks within the subnet and to national time standards via wire or radio.
Page 260 LOSSARY Virtual AP technology multiplies the number of Access Points present within IRTUAL CCESS OINT the RF footprint of a single physical access device. With Virtual AP (VAP) technology, WLAN users within the device.s footprint can associate with what appears to be different access points and their associated network services.
Page 261: Index
NDEX antennas filter authentication address cipher suite between wireless clients closed system local bridge MAC address local or remote type management access protocol types VLANs firmware displaying version beacon upgrading interval rate BOOTP bridge gateway address channel closed system hardware capabilities community name, configuring hardware description community string...
Page 262 NDEX location selection –?? messages interface settings server path cost port priority startup files, setting station status status MAC address, authentication displaying device status mounting on a horizontal surface displaying station status mounting on a wall subnet mask system clock, setting system log enabling network configuration...
Page 263 NDEX – 263 –...
Page 264 SMCE21011 149100000016A R01...

This manual is also suitable for:

Eliteconnect smce21011

SMC Networks E21011 User Manual

Table of Contents

Table of Contents

Ection

Getting Started

Introduction

Network Topologies

Installing the Access Point

Initial Configuration

Ection

Web Configuration

System Settings

Management Settings

Status Information

Ection

Using the Command Line Interface

General Commands

System Management Commands

System Logging Commands

System Clock Commands

Dhcp Relay Commands

Snmp Commands

Flash /File Commands

Radius Client Commands

802.1X Authentication Commands

Mac Address Authentication Commands

Filtering Commands

Spanning Tree Commands

Wds Bridge Commands

Ethernet Interface Commands

Wireless Interface Commands

Wireless Security Commands

Link Layer Discovery Commands

Vlan Commands

Wmm Commands

Siv a

Quick Links

USER GUIDE

Chapters

Related Manuals for SMC Networks E21011

Summary of Contents for SMC Networks E21011