Page 1 Altitude 4700 Series Access Point Product Reference Guide, Software Version 4.1 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: March 2011 Part Number: 100382-00 Rev 01...
Page 2 Unified Access Architecture, Unified Access RF Manager, UniStack, XNV, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, and the Powered by ExtremeXOS logo are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries.
Page 3: Table Of Contents
Table of Contents About This Guide............................15 Introduction................................15 Document Conventions ............................15 Notational Conventions ............................16 Chapter 1: Introduction..........................17 New Features .................................18 Power Management Antenna Configuration File.....................18 Hotspot Customization ............................19 WAN Failover ..............................19 Proxy ARP Support ............................20 Multi Cipher Support ............................20 Dynamic Chain Selection ..........................20 Broadcast/Multicast Transmit Rate Control.....................21 Dedicated Sensor Support ..........................21...
Page 4 Auto Negotiation..............................36 Adaptive AP ..............................36 Rogue AP Detection Enhancement ........................37 RADIUS Time-Based Authentication.......................37 QBSS Support..............................37 Triple Radio Support ............................37 IP Filtering ...............................38 MU Rate Limiting.............................38 Per Radio MU Limit ............................38 Power Setting Configuration ...........................38 AMSDU Transmission Support ........................39 IPSec VPN Support............................39 Theory of Operations..............................39 Wireless Coverage ............................40 MAC Layer Bridging ............................41...
Page 5 Chapter 4: System Configuration ......................77 Configuring System Settings ..........................78 Configuring Power Settings ............................81 Radios at Full Power ............................82 Radios at Low Power ............................83 Adaptive AP Setup ..............................85 Configuring Data Access ............................87 Managing Certificate Authority (CA) Certificates ....................91 Importing a CA Certificate ..........................91 Creating Self Certificates for Accessing the VPN....................92 Creating a Certificate for Onboard Radius Authentication ................95 Configuring SNMP Settings............................97...
Page 6 Configuring VPN Tunnels .............................225 Creating a VPN Tunnel between Two Access Points ...................229 Configuring Manual Key Settings ........................230 Configuring Auto Key Settings ........................233 Configuring IKE Key Settings ........................235 VPN Configuration - Example ........................238 Viewing VPN Status ............................238 Configuring Content Filtering Settings........................240 Configuring Rogue AP Detection .........................243 Moving Rogue APs to the Allowed AP List ....................246 Using MUs to Detect Rogue Devices ......................249...
Page 7 AP4700>admin(network.lan.bridge)>show ....................306 AP4700>admin(network.lan.bridge)>set....................307 AP4700>admin(network.lan.wlan-mapping)> ..................308 AP4700>admin(network.lan.wlan-mapping)>show................309 AP4700>admin(network.lan.wlan-mapping)>set ...................310 AP4700>admin(network.lan.wlan-mapping)>create ................311 AP4700>admin(network.lan.wlan-mapping)>edit ..................312 AP4700>admin(network.lan.wlan-mapping)>delete ................313 AP4700>admin(network.lan.wlan-mapping)>lan-map ................314 AP4700>admin(network.lan.wlan-mapping)>vlan-map .................315 AP4700>admin(network.lan.dhcp)>.......................316 AP4700>admin(network.lan.dhcp)>show ....................317 AP4700>admin(network.lan.dhcp)>set ....................318 AP4700>admin(network.lan.dhcp)>add....................319 AP4700>admin(network.lan.dhcp)>delete .....................320 AP4700>admin(network.lan.dhcp)>list ....................321 AP4700>admin(network.lan.type-filter)>....................322 AP4700>admin(network.lan.type-filter)>show ..................323 AP4700>admin(network.lan.type-filter)>set ...................324 AP4700>admin(network.lan.type-filter)>add..................325 AP4700>admin(network.lan.type-filter)>delete ..................326 Network WAN Commands ..........................327 AP4700>admin(network.wan)>......................327 AP4700>admin(network.wan)>show .....................328 AP4700>admin(network.wan)>set ......................329...
Page 8 AP4700>admin(network.wireless.wlan)>edit ..................361 AP4700>admin(network.wireless.wlan)>delete ..................362 AP4700>admin(network.wireless.wlan.hotspot)> ..................363 AP4700>admin(network.wireless.wlan.hotspot)>show................364 AP4700>admin(network.wireless.wlan.hotspot)>redirection ..............365 AP4700>admin(network.wireless.wlan.hotspot)>radius ................366 AP4700>admin(network.wireless.wlan.hotspot.radius)>set..............367 AP4700>admin(network.wireless.wlan.hotspot.radius)>show ...............368 AP4700>admin(network.wireless.wlan.hotspot)>white-list ..............369 AP4700>admin(network.wireless.wlan.hotspot)>set ................370 AP4700>admin(network.wireless.wlan.hotspot)>hs_import ..............371 AP4700>admin(network.wireless.wlan.hotspot)>hs_export ..............372 AP4700>admin(network.wireless.wlan.hotspot)>default ...............373 AP4700>admin(network.wireless.wlan.hotspot)>delete ................374 AP4700>admin(network.wireless.security)> ..................375 AP4700>admin(network.wireless.security)>show..................376 AP4700>admin(network.wireless.security)>set ..................377 AP4700>admin(network.wireless.security)>create ................378 AP4700>admin(network.wireless.security.edit)> ...................381 AP4700>admin(network.wireless.security)>delete ................382 AP4700>admin(network.wireless.acl)>....................383 AP4700>admin(network.wireless.acl)>show ..................384 AP4700>admin(network.wireless.acl)>create..................385 AP4700>admin(network.wireless.acl.edit)>...
Page 9 AP4700>admin(network.wireless.qos)>delete..................423 AP4700>admin(network.wireless.rate-limiting)>..................424 AP4700>admin(network.wireless.rate-limiting)>show ................425 AP4700>admin(network.wireless.rate-limiting)>set ................426 AP4700>admin(network.wireless.rogue-ap)> ..................427 AP4700>admin(network.wireless.rogue-ap)>show................428 AP4700>admin(network.wireless.rogue-ap)>set ...................429 AP4700>admin(network.wireless.rogue-ap.mu-scan)> .................430 AP4700>admin(network.wireless.rogue-ap.mu-scan)>start ..............431 AP4700>admin(network.wireless.rogue-ap.mu-scan)>show..............432 AP4700>admin(network.wireless.rogue-ap.allowed-list)> ..............433 AP4700>admin(network.wireless.rogue-ap.allowed-list)>show.............434 AP4700>admin(network.wireless.rogue-ap.allowed-list)>add ...............435 AP4700>admin(network.wireless.rogue-ap.allowed-list)>delete ............436 AP4700>admin(network.wireless.wips)> ....................437 AP4700>admin(network.wireless.wips)>show..................438 AP4700>admin(network.wireless.wips)>set ..................439 AP4700>admin(network.wireless.mu-locationing)> ................440 AP4700>admin(network.wireless.mu-locationing)>show...............441 AP4700>admin(network.wireless.mu-locationing>set ................442 Network Firewall Commands ........................443 AP4700>admin(network.firewall)> ......................443 AP4700>admin(network.firewall)>show....................444 AP4700>admin(network.firewall)>set ....................445 AP4700>admin(network.firewall)>access ....................446 AP4700>admin(network.firewall)>advanced ..................447...
Page 10 AP4700>admin(system.aap-setup)>delete....................471 LLDP Commands ............................472 AP4700>admin(system)>lldp .........................472 AP4700>admin(system.lldp)>show .......................473 AP4700>admin(system.lldp)>set ......................474 System Access Commands ..........................475 AP4700>admin(system)>access ......................475 AP4700>admin(system.access)>set .....................476 AP4700>admin(system.access)>show ....................477 System Certificate Management Commands....................478 AP4700>admin(system)>cmgr ......................478 AP4700>admin(system.cmgr)>genreq ....................479 AP4700>admin(system.cmgr)>delself ....................480 AP4700>admin(system.cmgr)>loadself ....................481 AP4700>admin(system.cmgr)>listself....................482 AP4700>admin(system.cmgr)>loadca ....................483 AP4700>admin(system.cmgr)>delca .....................484 AP4700>admin(system.cmgr)>listca .....................485 AP4700>admin(system.cmgr)>showreq ....................486 AP4700>admin(system.cmgr)>delprivkey .....................487 AP4700>admin(system.cmgr)>listprivkey....................488 AP4700>admin(system.cmgr)>expcert....................489...
Page 11 AP4700>admin(system.radius.eap)>peap.....................519 AP4700>admin(system.radius.eap.peap)>set/show ................520 AP4700>admin(system.radius.eap)>ttls ....................521 AP4700>admin(system.radius.eap.ttls)>set/show .................522 AP4700>admin(system.radius)>policy ....................523 AP4700>admin(system.radius.policy)>set.....................524 AP4700>admin(system.radius.policy)>access-time ................525 AP4700>admin(system.radius.policy)>show ..................526 AP4700>admin(system.radius)>ldap .....................527 AP4700>admin(system.radius.ldap)>set ....................528 AP4700>admin(system.radius.ldap)>show all ..................529 AP4700>admin(system.radius)>proxy ....................530 AP4700>admin(system.radius.proxy)>add ....................531 AP4700>admin(system.radius.proxy)>delete ..................532 AP4700>admin(system.radius.proxy)>clearall..................533 AP4700>admin(system.radius.proxy)>set .....................534 AP4700>admin(system.radius)>client ....................535 AP4700>admin(system.radius.client)>add ....................536 AP4700>admin(system.radius.client)>delete ..................537 AP4700>admin(system.radius.client)>show ..................538 System Network Time Protocol (NTP) Commands ..................539 AP4700>admin(system)>ntp ........................539 AP4700>admin(system.ntp)>show ......................540 AP4700>admin(system.ntp)>date-zone ....................541...
Page 12 AP4700>admin.stats.echo)>show ......................568 AP4700>admin.stats.echo)>list ......................569 AP4700>admin.stats.echo)>set ......................570 AP4700>admin.stats.echo)>start......................571 AP4700>admin(stats)>ping ........................572 AP4700>admin.stats.ping)>show ......................573 AP4700>admin.stats.ping)>list ......................574 AP4700>admin.stats.ping)>set ......................575 AP4700>admin.stats.echo)>start......................576 Chapter 9: Configuring Mesh Networking....................577 Mesh Networking Overview..........................577 The Client Bridge Association Process ......................578 Spanning Tree Protocol (STP) ........................579 Defining the Mesh Topology .........................580 Mesh Networking and the Access Point’s Two Subnets ................580 Normal Operation ............................580 Impact of Importing/Exporting Configurations to a Mesh Network ..............581...
Page 13 Appendix A: Technical Specifications ....................625 Physical Characteristics ............................625 Altitude 4710 and Altitude 4750 Physical Characteristics ................625 Electrical Characteristics ............................626 Radio Characteristics ............................626 Altitude 4710 and Altitude 4750 Radio Characteristics .................626 Country Codes ..............................627 Appendix B: Usage Scenarios ......................631 Configuring Automatic Updates using a DHCP or Linux BootP Server..............631 Windows - DHCP Server Configuration ......................632 Linux - BootP Server Configuration.......................635 Configuring an IPSEC Tunnel and VPN FAQs.....................638...
Page 14 Altitude 4700 Series Access Point Product Reference Guide...
Page 15: About This Guide
About This Guide Introduction ® This guide provides configuration and setup information for the Extreme Networks Altitude™ 4710 dual-radio Access Point and Altitude 4750 tri-radio Access Point. For the purposes of this guide, the devices will be called the generic term “Access Point” when identical configuration activities are applied to both models.
Page 16: Notational Conventions
Notational Conventions The following notational conventions are used in this document: Italics are used to highlight specific items in the general text, and to identify chapters and sections in ● this and related documents. Bullets (•) indicate: ● action items ●...
Page 17: Chapter 1: Introduction
Access Point that can be centrally configured and managed via an Extreme Networks wireless controller in either corporate headquarters or a network operations center (NOC). In the event the connection between the Access Point and the wireless controller is lost, a Remote Site Survivability (RSS) feature ensures the delivery of uninterrupted wireless services at the local or remote site.
Page 18: New Features
Once the antenna type and gain are provided, the Access Point calculates the power range. The PMACF contains transmit power data for each Extreme Networks approved antenna type. Professional installers enter the antenna type (using the Access Point’s CLI interface), and the Access Point firmware calculates the transmit power automatically.
Page 19: Hotspot Customization
Hotspot Customization To date, the default hotspot supported on the Access Point does not allow users to change the text on the hotspot portal or the logo for the enterprise where the hotspot is deployed. With this most recent release of the Access Point firmware, users now have the ability to customize the appearance of an Access Point’s WLAN hotspot pages.
Page 20: Proxy Arp Support
Introduction Proxy ARP Support With this most recent release of the Access Point firmware, the Access Point can respond to ARP requests on behalf of an associated MU and protect the MU’s network credentials from being broadcasted on a publicly accessible network. When Proxy ARP is enabled on the Access Point (it’s enabled by default), the Access Point can make an MU physically located on one network appear part of a different network connected to the same Access Point.
Page 21: Broadcast/Multicast Transmit Rate Control
LED Disable Through extensive field research, Extreme Networks has learned that not all customers wish to deploy an Access Point with blinking LEDs. Health care deployments in particular have requested an option to disable blinking LEDs. The Altitude 4700 Access Point firmware contains an option to disable blinking LEDs.
Page 22: Lldp Support
Introduction LLDP Support Linked Layer Discovery Protocol (LLDP) is a Layer 2 protocol (IEEE standard 802.1AB) used to determine the capabilities of devices such as repeaters, bridges, access points, routers and wireless clients. LLDP enables devices to advertise their capabilities and media-specific configurations. LLDP provides a method of discovering and representing the physical network connections of a given network management domain.
Page 23: Support
IPSec VPN Support on page 39 ● 802.11n Support Extreme Networks provides full life-cycle support for either a new or existing 802.11n mobility deployment, from network design to day-to-day support. For information on deploying your 802.11n radio, see “Configuring the 802.11a/n or 802.11b/g/n Radio” on page 174.
Page 24 Introduction The following is a network topology illustrating how a sensor functions within an Access Point supported wireless network: A radio in sensor mode supports the following basic features: NOTE The functions described below are conducted on the WIPS server side, not on the Access Point. Wireless Termination—The Access Point attempts to force an unwanted (or unauthorized) connection ●...
Page 25: Mesh Roaming Client
NOTE Altitude 4750 models never dedicate the third radio to traditional WLAN support. The third radio is either disabled or set exclusively to WIPS support (referred to in the Access Point interface as sensor mode). CAUTION Users cannot define a radio as a WIPS sensor when one of the Access Point radios is functioning as a rogue AP detector.
Page 26: Multiple Mounting Options
Introduction Multiple Mounting Options The access point attaches to a wall, mounts under a ceiling or above a ceiling (attic). Choose a mounting option based on the physical environment of the coverage area. Do not mount the Access Point in a location that has not been approved in a radio coverage site survey.
Page 27: Quality Of Service (Qos) Support
Quality of Service (QoS) Support The QoS implementation provides applications running on different wireless devices a variety of priority levels to transmit data to and from the Access Point. Equal data transmission priority is fine for data traffic from applications such as Web browsers, file transfers or email, but is inadequate for multimedia applications.
Page 28 Introduction traffic and intercept passwords. The use of strong authentication methods that do not disclose passwords is necessary. The Access Point uses the Kerberos authentication service protocol (specified in RFC 1510) to authenticate users/clients in a wireless network environment and to securely distribute the encryption keys used for both encrypting and decrypting.
Page 29 interpret the encrypted data without the appropriate key. Only the sender and receiver of the transmitted data know the key. Wired Equivalent Privacy (WEP) is an encryption security protocol specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b and supported by the AP. WEP encryption is designed to provide a WLAN with a level of security and privacy comparable to that of a wired LAN.
Page 30: Vlan Support
Introduction For detailed information on WPA2-CCMP, see “Configuring WPA2-CCMP (802.11i)” on page 213. Firewall Security A firewall keeps personal data in and hackers out. The Access Point’s firewall prevents suspicious Internet traffic from proliferating the Access Point managed network. The Access Point performs Network Address Translation (NAT) on packets passing to and from the WAN port.
Page 31: Multiple Management Accessibility Options
“Configuring SNMP Settings” on page Power-over-Ethernet Support When users purchase an Extreme Networks WLAN solution, they often need to place Access Points in obscure locations. In the past, a dedicated power source was required for each Access Point in addition to the Ethernet infrastructure.
Page 32: Mu-Mu Transmission Disallow
Introduction The access point can only use a Power-over-Ethernet device when connected to the access point’s LAN (GE1/POE) port. The access point can also support 3af/3at compliant products from other vendors. The Power Injector (Part No. AP-PSBIAS-1P3-AFR) is a single-port Power-over-Ethernet hub combining low-voltage DC with Ethernet data in a single cable connecting to the access point.
Page 33: Statistical Displays
Statistical Displays The Access Point can display robust transmit and receive statistics for the WAN and LAN ports. WLAN stats can be displayed collectively and individually for enabled WLANs. Transmit and receive statistics are available for the Access Point’s 802.11a/n and 802.11b/g/n radios. An advanced radio statistics page is also available to display retry histograms for specific data packet retry information.
Page 34: Dhcp Support
Introduction DHCP Support The Access Point can use Dynamic Host Configuration Protocol (DHCP) to obtain a leased IP address and configuration information from a remote server. DHCP is based on the BOOTP protocol and can coexist or interoperate with BOOTP. Configure the Access Point to send out a DHCP request searching for a DHCP/BOOTP server to acquire HTML, firmware or network configuration files when the Access Point boots.
Page 35: Additional Lan Subnet
For an overview on mesh networking as well as details on configuring the Access Point’s mesh networking functionality, see “Configuring Mesh Networking” on page 577. Additional LAN Subnet In a typical retail or small office environment (wherein a wireless network is available along with a production WLAN) it is often necessary to segment a LAN into two subnets.
Page 36: Routing Information Protocol (Rip)
Introduction For detailed information on configuring the Access Point for Hotspot support, see “Configuring WLAN Hotspot Support” on page 160. Routing Information Protocol (RIP) RIP is an interior gateway protocol that specifies how routers exchange routing-table information. The parent Router screen also allows the administrator to select the type of RIP and the type of RIP authentication used.
Page 37: Rogue Ap Detection Enhancement
For a information overview of the adaptive AP feature as well as how to configure it, refer to “Adaptive AP” on page 605. Rogue AP Detection Enhancement The Access Point can scan for rogues over all channels on both of the Access Point’s radio bands. The switching of radio bands is based on a timer with no user intervention required.
Page 38: Ip Filtering
Introduction NOTE For information on setting the configuration of a three radio model Altitude 4750, see “Configuring the 802.11a/n or 802.11b/g/n Radio” on page 174. IP Filtering IP filtering determines which IP packets are processed normally and which are discarded. If discarded, the packet is deleted and completely ignored (as if never received).
Page 39: Amsdu Transmission Support
The AP’s hardware design uses a complex programmable logic device (CPLD). When an AP is powered on (or performing a cold reset), the CPLD determines the maximum power available to the AP by a POE device. Once an operational power configuration is defined, the AP firmware can read the power setting and configure operating characteristics based on the AP’s SKU and power configuration.
Page 40: Wireless Coverage
Access Point can either transmit in the 2.4 to 2.5-GHz frequency range (802.11b/g/n radio) or the 5 GHz frequency range (802.11a/n radio), the actual range is country-dependent. Extreme Networks devices, like other Ethernet devices, have unique, hardware encoded Media Access Control (MAC) or IEEE addresses.
Page 41: Mac Layer Bridging
MAC Layer Bridging The Access Point provides MAC layer bridging between its interfaces. The Access Point monitors traffic from its interfaces and, based on frame address, forwards the frames to the proper destination. The Access Point tracks source and destination addresses to provide intelligent bridging as MUs roam or network topologies change.
Page 42: Mu Association Process
Introduction established by IEEE 802.11b specifications. The bit redundancy within the chipping sequence enables the receiving MU to recreate the original data pattern, even if bits in the chipping sequence are corrupted by interference. The ratio of chips per bit is called the spreading ratio. A high spreading ratio increases the resistance of the signal to interference.
Page 43: Operating Modes
Operating Modes The Access Point can operate in a couple of configurations. Access Point—As an Access Point, the Access Point functions as a layer 2 bridge. The wired uplink can ● operate as a trunk and support multiple VLANs. Up to 16 WLANs can be defined and mapped to Access Point WLANs.
Page 44 Introduction Radio1 (802.11b/g/n)—Random address located on the Web UI, CLI and SNMP interfaces. ● Radio2 (802.11a/n)—Random address located on the Web UI, CLI and SNMP interfaces. ● The Access Point’s BSS (virtual AP) MAC addresses are calculated as follows: BSS1—The same as the corresponding base radio’s MAC address. ●...
Page 45: Chapter 2: Hardware Installation
Setting Up MUs on page 60 ● CAUTION Extreme Networks recommends conducting a radio site survey prior to installing an Access Point. A site survey is an excellent method of documenting areas of radio interference and providing a tool for device placement. Precautions Before installing an Altitude 4700 Series Access Point, verify the following: Do not install in wet or dusty areas without additional protection.
Page 46: Package Contents
The Access Point façade with 6 Element Antenna is separately orderable and provides an integrated antenna option. The facade connects to the Access Point as illustrated. Once attached, the LEDs continue to illuminate through the facade. Contact your Extreme Networks sales associate for information on ordering a facade with your Access Point.
Page 47: Access Point Placement
Point the Access Point antennas downward if attaching to the ceiling. ● To maximize the Access Point’s radio coverage area, Extreme Networks recommends conducting a site survey to define and document radio interference obstacles before installing the Access Point. Site Surveys A site survey analyzes the installation environment and provides users with recommendations for equipment and placement.
Page 48: Power Options
Hardware Installation R1 defines the Access Point’s radio 1 antenna connectors and R2 defines radio 2 antenna connectors. The supported 2.4 GHz antenna suite and 5 GHz antenna suite are given in the Altitude 35xx/46xx/47xx AP Antenna Selection Guide, Rev.xx. Power Options The power options for an Altitude 4700 Series Access Point include: 48-Volt Power Supply...
Page 49: Installing The Power Injector
An AP4700 access point can also be used with the 3af power injector (AP-PSBIAS-1P2-AFR). However, AP functionality is limited when powered by an AP-PSBIAS-1P2-AFR, since the AP has Ethernet connectivity limited to only the GE1 port. Extreme Networks is reselling Motorola Power Supply (Part No. 50-14000-247R) as an accessory for AP4700. CAUTION The access point supports any standards-based compliant POE sources (802.3at and 802.3af).
Page 50: Mounting An Altitude 4700 Series Access Point
Hardware Installation Preparing for Site Installation The Power Injector can be installed free standing on an even horizontal surface or wall mounted using the unit’s wall mounting key holes. The following guidelines should be adhered to before cabling the Power Injector to an Ethernet source and access point: Do not block or cover airflow to the Power Injector.
Page 51: Wall Mounted Installations
mounting options based on the physical environment of the coverage area. Do not mount the Access Point in a location that has not been approved in a site survey. Refer to the following, depending on how you intend to mount the Access Point: Wall Mounted Installations on page 51 ●...
Page 52 Hardware Installation To mount the Access Point on a wall use the following template: 1 Photocopy the template (on the previous page) to a blank piece of paper. Do not reduce or enlarge the scale of the template. CAUTION If printing the mounting template (on the previous page) from an electronic PDF, dimensionally confirm the template by measuring each value for accuracy.
Page 53: Suspended Ceiling T-Bar Installations
To install the Access Point on a ceiling T-bar: 1 Extreme Networks recommends you loop a safety wire—with a diameter of at least 1.01 mm (.04 in.), but no more than 0.158 mm (.0625 in.)—through the tie post (above the console connector) and secure the loop.
Page 54 Hardware Installation 3 Attach the radio antennas to their correct connectors. For more information on available antennas, see “Antenna Options” on page 4 Cable the Access Point using the approved power supply. CAUTION Do not supply power to the Access Point until the cabling of the unit is complete. a Connect an RJ-45 CAT5e (or CAT6) Ethernet cable between the network data supply (host) and the Access Point’s GE1/POE port.
Page 55: Above The Ceiling (Plenum) Installations
12.7mm (0.5in.) or a suspended ceiling tile with an unsupported span greater than 660mm (26in.). Extreme Networks strongly recommends fitting the Access Point with a safety wire suitable for supporting the weight of the device. The safety wire should be a standard ceiling suspension cable or equivalent steel wire between 1.59mm (.062in.) and 2.5mm (.10in.) in diameter.
Page 56 6 Use a drill to make a hole in the tile the approximate size of the LED light pipe. CAUTION Extreme Networks recommends care be taken not to damage the finished surface of the ceiling tile when creating the light pipe hole and installing the light pipe.
Page 57: Led Indicators
CAUTION Do not supply power to the Access Point until the cabling of the unit is complete. a Connect an RJ-45 CAT5e (or CAT6) Ethernet cable between the network data supply (host) and the Access Point’s GE1/POE port. b Verify the power adapter is correctly rated according the country of operation. c Ensure the cable length from the Ethernet source to the Power Injector and access point does not exceed 100 meters (333 ft).
Page 58: Three Radio Altitude 4750 Leds
Hardware Installation NOTE Depending on how the 5 GHz and 2.4 GHz radios are configured, the LEDs will blink at different intervals between amber and yellow (5 GHz radio) and emerald and yellow (2.4 GHz radio). The LEDs on the top housing of the Access Point are clearly visible in wall and below ceiling installations.
Page 59: Dual Radio (2.4/5 Ghz) Leds
Blinking Red Green defines Green defines Blinking Amber Blinking Emerald Blinking Emerald indicates normal GE1 normal GE2 indicates 802.11a indicates 802.11bg indicates the radio booting. Solid operation. operation. activity. activity. is defined as a Red defines sensor, but is A 5 second Amber A 5 second Emerald the diagnostic disabled.
Page 60: Rear Led
When this occurs, Extreme Networks recommends changing the Windows XP settings so the adapter can use settings defined for legacy (802.11a/bg) adapter operation. Once network conditions improve, use Windows XP to re-enable the adapter for 802.11n support.
Page 61 NOTE If re-enabling the adapter for 802.11 support, ensure additional 802.11n settings (Aggregation, Channel Width, Guard Interval etc.) are also enabled to ensure optimal operation. 9 Click OK to save the updates to the adapter’s configuration. Altitude 4700 Series Access Point Product Reference Guide...
Page 62 Hardware Installation Altitude 4700 Series Access Point Product Reference Guide...
Page 63: Chapter 3: Getting Started
Getting Started C H A P T E R The Access Point should be installed in an area tested for radio coverage using one of the site survey tools available to the field service technician. Once an installation site has been identified, the installer should carefully follow the hardware precautions, requirements, mounting guidelines and power options outlined in “Hardware Installation”...
Page 64: Configuration Options
Getting Started Configuration Options Once installed and powered, the Access Point can be configured using one of several connection techniques. Managing the access point includes viewing network statistics and setting configuration options. The access point requires one of the following connection methods to manage the network: Secure Java-Based WEB UI - (use Sun Microsystems’...
Page 65: Connecting To The Access Point Using The Lan Port
Connecting to the Access Point using the LAN Port To initially connect to the Access Point using the Access Point’s LAN port: 1 The LAN (or GE1/POE) port default is set to DHCP. Connect the Access Point’s GE1/POE port to a DHCP server.
Page 66 Though the access point can have its basic settings defined using a number of different screens, Extreme Networks recommends using the access point Quick Setup screen to set the correct country of operation and define its minimum required configuration from one convenient location.
Page 67: Configuring Device Settings
Configuring Device Settings Configure a set of minimum required device settings within the Quick Setup screen. The values (LAN, WAN etc.) can often be defined in other locations within the menu tree. When you change the settings in the Quick Setup screen, the values also change within the screen where these parameters also exist. Additionally, if the values are updated in these other screens, the values initially set within the Quick Setup screen will be updated.
Page 68 Getting Started 3 Refer to the AP4700 System Settings field to define the following parameters: System Name Assign a System Name to define a title for this Access Point. The System Name is useful if multiple devices are being administered. Country Select the Country for the access point’s country of operation.
Page 69 Radio Button Altitude 4710 Altitude 4750 2.4 GHz WLAN & Radio 1 WLAN, Radio 1 WLAN, 5.0 GHz WLAN Radio 2 WLAN Radio 2 WLAN, only - Radio 3 Disabled no Sensor Sensor only Radio 1 WIPS, Radio 1 WIPS, Spectrum Analysis Radio 2 WIPS Radio 2 WIPS,...
Page 70 IP address, network mask, and gateway. NOTE Extreme Networks recommends that the WAN and LAN ports should not be configured as DHCP clients at the same time. c Specify an IP address for the access point’s WAN connection. An IP address uses a series of four numbers expressed in dot notation, for example, 190.188.12.1 (no DNS names supported).
Page 71 LAN connection. Select the Bootp client option to enable a diskless system to discover its own IP address. NOTE Extreme Networks recommends that the WAN and LAN ports should not both be configured as DHCP clients. c Enter the network-assigned IP Address of the access point.
Page 72 WLAN from within the Quick Setup screen. Policies can be defined over time and saved to be used as needed as security requirements change. Extreme Networks recommends you familiarize yourself with the security options available on the Access Point before defining a security policy.
Page 73 Multiple WLANs can share the same security policy, so be careful not to name security policies after specific WLANs or risk defining a WLAN to single policy. Extreme Networks recommends naming the policy after the attributes of the authentication or encryption type selected.
Page 74: Testing Connectivity
Getting Started Pass Key Specify a 4 to 32 character pass key and click the Generate button. The Access Point, other proprietary routers and MUs use the same algorithm to convert a string to the same hexadecimal number. Motorola clients and devices need to enter WEP keys manually as hexadecimal numbers.
Page 75: Where To Go From Here
Where to Go from Here? Once basic connectivity has been verified, the access point can be fully configured to meet the needs of the network and the users it supports. Refer to the following: For detailed information on access point device access, SNMP settings, network time, importing/ ●...
Page 76 Getting Started Altitude 4700 Series Access Point Product Reference Guide...
Page 77: Chapter 4: System Configuration
System Configuration C H A P T E R The Access Point contains a built-in browser interface for system configuration and remote management using a standard Web browser such as Microsoft Internet Explorer, Netscape Navigator or Mozilla Firefox (version 0.8 or higher is recommended). The browser interface also allows for system monitoring of the Access Point.
Page 78: Configuring System Settings
System Configuration Configuring System Settings Use the System Settings screen to specify the name and location of the access point, assign an email address for the network administrator, restore the AP’s default configuration, restart the AP or disable the Access Point’s LEDs. To configure System Settings for the access point: CAUTION The Access Point’s country of operation is set from within the System Settings screen.
Page 79 The displayed number is the current version of the device firmware. Use this information to determine if the Access Point is running the most recent firmware available from Extreme Networks. Use the Firmware Update screen to keep the AP’s firmware up to date. System Uptime Displays the current uptime of the access point defined in the System Name field.
Page 80 Restart AP4700 Click the Restart access point button to reboot the AP. Restarting the access point resets all data collection values to zero. Extreme Networks does not recommend restarting the AP during significant system uptime or data collection activities. CAUTION After a reboot, static route entries disappear from the AP Route Table if a LAN Interface is set to DHCP Client.
Page 81: Configuring Power Settings
5 Click Apply to save any changes to the System Settings screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost. NOTE The Apply button is not needed for restoring the access point default configuration or restarting the access point.
Page 82: Radios At Full Power
System Configuration NOTE An Altitude 4750 Access Point has different available power from an Altitude 4710 Access Point. An Altitude 4750 model uses 22 watts when its power status is 3af, 23 - 26 watts when its power status is 3at and 27 watts when its power status is Full Power.
Page 83: Radios At Low Power
Maximum Transmit Maximum Transmit Rates (Mbps) MCS Indices Bandwidth Power 2.4 GHz Power 5 GHz MCS6/MCS14 HT20/40 MCS7/MCS15 HT20/40 Radios at Low Power The table below describes the maximum transmit power available to each radio (at varying data rates) when the Access Point is receiving low DC power in either af or at mode. CAUTION Exceeding the limits listed below can cause damage to the Access Point or cause the radio to operate unpredictably.
Page 84 Radio 1 (2.4) on, 2x3 mode with maximum transmit power 18dBm Radio 2 (5.0) on, 2x3 mode with maximum transmit power 18dBm Contact Extreme Networks Support if unsure of your Access Point’s optimal power management settings. Go to https://esupport.extremenetworks.com. Power Status Refer to the (read only) power status field to review the power available to the AP.
Page 85: Adaptive Ap Setup
Power Mode When the Access Point is powered on for the first time, the system determines the power budget available to the Access Point. Using the Auto setting (default setting), the Access Point automatically determines the best power configuration based on the available power budget. If 3af is selected, the AP assumes 12.95 watts are available.
Page 86 System Configuration To configure the Access Point’s controller discovery method and connection medium: 1 Select System Configuration > Adaptive AP Setup from the menu tree. 2 Define the following to prioritize a controller connection scheme and AP interface used to adopt to the controller.
Page 87: Configuring Data Access
To avoid jeopardizing the network data managed by the access point, Extreme Networks recommends enabling only those interfaces used in the routine (daily) management of the network, and disabling all other interfaces until they are required.
Page 88 System Configuration To configure access for the access point: 1 Select System Configuration > AP4700 Access from the menu tree. 2 Use the AP4700 Access field checkboxes to enable/disable the following on the Access Point’s LAN1, LAN2 or WAN interfaces: Applet HTTP (port 80) Select the LAN1, LAN2 and/or WAN checkboxes to enable access to the access point configuration applet using a...
Page 89 4 Configure the Secure Shell field to set timeout values to reduce network inactivity. Authentication Defines the maximum time (between 30 - 120 seconds) Timeout allowed for SSH authentication to occur before executing a timeout. The minimum permissible value is 30 seconds. SSH Keepalive The SSH Keepalive Interval defines a period (in seconds) Interval...
Page 90 System Configuration Message Settings Click the Message Settings button to display a screen used to create a text message. Once displayed, select the Enable Login Message checkbox to allow your customized message to be displayed when the user is logging into the Access Point.
Page 91: Managing Certificate Authority (Ca) Certificates
Managing Certificate Authority (CA) Certificates Certificate management includes the following sections: Importing a CA Certificate on page 91 ● Creating Self Certificates for Accessing the VPN on page 92 ● Importing a CA Certificate A certificate authority (CA) is a network authority that issues and manages security credentials and public keys for message encryption.
Page 92: Creating Self Certificates For Accessing The Vpn
System Configuration To import a CA certificate: 1 Select System Configuration > Certificate Mgmt > CA Certificates from the menu tree. 2 Copy the content of the CA Certificate message (using a text editor such as notepad) and click on Paste from Clipboard.
Page 93 CAUTION Self certificates can only be generated using the Access Point GUI and CLI interfaces. No functionality exists for creating a self-certificate using the Access Point’s SNMP configuration option. To create a self certificate: 1 Select System Configuration > Certificate Mgmt > Self Certificates from the access point menu tree. 2 Click on the Add button to create the certificate request.
Page 94 System Configuration The Certificate Request screen disappears and the ID of the generated certificate request displays in the drop-down list of certificates within the Self Certificates screen. 5 Click the Generate Request button. The generated certificate request displays in Self Certificates screen text box. 6 Click the Copy to Clipboard button.
Page 95: Creating A Certificate For Onboard Radius Authentication
Creating a Certificate for Onboard Radius Authentication The access point can use its on-board RADIUS Server to generate certificates to authenticate MUs for use with the Access Point. In addition, a Windows 2000 or 2003 Server is used to sign the certificate before downloading it back to the Access Point’s on-board RADIUS server and loading the certificate for use with the Access Point.
Page 96 Key Length Defines the length of the key. Possible values are 512, 1024, and 2048. Extreme Networks recommends setting this value to 1024 to ensure optimum functionality. 4 Complete as many of the optional values within the Certificate Request screen as possible.
Page 97: Configuring Snmp Settings
15 Load the certificates on the Access Point CAUTION Ensure the CA Certificate is loaded before the Self Certificate, or risk an invalid certificate load. 16 Open the certificate file and copy its contents into the CA Certificates screen by clicking the Paste from Clipboard button.
Page 98 System Configuration Feature Feature Wireless EXTR-AP4700-MIB-02a02 PPP Over Ethernet EXTR-CC-AP4700-MIB-2.0 Configuration Security EXTR-AP4700-MIB-02a02 NAT Address Mapping EXTR-CC-AP4700-MIB-2.0 Configuration MU ACL EXTR-AP4700-MIB-02a02 VPN Tunnel EXTR-CC-AP4700-MIB-2.0 Configuration Configuration QOS Configuration EXTR-AP4700-MIB-02a02 VPN Tunnel status EXTR-CC-AP4700-MIB-2.0 Radio Configuration EXTR-AP4700-MIB-02a02 Content Filtering EXTR-CC-AP4700-MIB-2.0 Rate Limiting EXTR-AP4700-MIB-02a02 Rogue AP Detection EXTR-CC-AP4700-MIB-2.0...
Page 99 A read-only community string allows a remote device to retrieve information, while a read/write community string allows a remote device to modify settings. Extreme Networks recommends considering adding a community definition using a site-appropriate name and access level. Set up a read/write definition (at a minimum) to facilitate full access by the access point administrator.
Page 100 System Configuration Use the OID (Object Identifier) pull-down list to specify a setting of All or a enter a Custom OID. Select All to assign the user access to all OIDs in the MIB. The OID field uses numbers expressed in dot notation. Access Use the Access pull-down list to specify read-only (R) access or read/write (RW) access for the community.
Page 101: Configuring Snmp Access Control
4 Specify the users who can read and optionally modify the SNMP-capable client. SNMP Access Click the SNMP Access Control button to display the Control SNMP Access Control screen for specifying which users can read SNMP-generated information and potentially modify related settings from an SNMP-capable client. The SNMP Access Control screen's Access Control List (ACL) uses Internet Protocol (IP) addresses to restrict access to the AP’s SNMP interface.
Page 102 System Configuration To configure SNMP user access control for the access point: 1 Select System Configuration > SNMP Access from the access point menu tree. Click on the SNMP Access Control button from within the SNMP Access screen. 2 Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP access.
Page 103: Enabling Snmp Traps
Enabling SNMP Traps SNMP provides the ability to send traps to notify the administrator that trap conditions are met. Traps are network packets containing data relating to network devices, or SNMP agents, that send the traps. SNMP management applications can receive and interpret these packets, and optionally can perform responsive actions.
Page 104 System Configuration Click Add to create a new SNMP v1/v2c Trap Configuration entry. Port Specify a destination User Datagram Protocol (UDP) port for receiving traps. The default is 162. Community Enter a community name specific to the SNMP-capable client that receives the traps. SNMP Version Use the SNMP Version drop-down menu to specify v1 or Some SNMP clients support only SNMP v1 traps, while...
Page 105: Configuring Specific Snmp Traps
Configuring Specific SNMP Traps Use the SNMP Traps screen to enable specific traps on the access point. Extreme Networks recommends defining traps to capture unauthorized devices operating within the access point coverage area. Trap configuration depends on the network machine that receives the generated traps. SNMP v1/v2c and v3 trap configurations function independently.
Page 106 System Configuration 3 Configure the SNMP Traps field to generate traps when SNMP capable MUs are denied authentication privileges or are subject of an ACL violation. When a trap is enabled, a trap is sent every 5 seconds until the condition no longer exists. SNMP Generates a trap when an SNMP-capable client is denied authentication...
Page 107: Configuring Snmp Rf Trap Thresholds
System Cold Start Generates a trap when the access point re-initializes while transmitting, possibly altering the SNMP agent's configuration or protocol entity implementation. VLAN Generates a trap when a change to a VLAN state is detected. LAN Monitor Generates a trap when a change to the LAN monitoring state is detected.
Page 108: Configuring Lldp Settings
SNMP rate trap is sent. for a trap to fire Extreme Networks recommends using the default setting of 1000 as a minimum setting for the field. 4 Click Apply to save any changes to the SNMP RF Traps screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost.
Page 109 The information is in a Type Length Value (TLV) format for each data item. TLV information is transmitted in an LLDP protocol data unit (LLDPDU), enclosed in an Ethernet frame and sent to a destination MAC address. Certain TLVs are mandatory, and always sent once LLDP is enabled, while other TLVs are optionally configured.
Page 110: Configuring Network Time Protocol (Ntp)
System Configuration 7 Click Logout to securely exit the access point Access Point applet. A prompt displays confirming the logout before the applet is closed. Configuring Network Time Protocol (NTP) Network Time Protocol (NTP) manages time and/or network clock synchronization in the access point- managed network environment.
Page 111 To manage clock synchronization on the access point: 1 Select System Configuration > Date/Time from the access point menu tree. 2 From within the Current Time field, click the Refresh button to update the time since the screen was displayed by the user. The Current Time field displays the current time based on the access point system clock.
Page 112: Logging Configuration
System Configuration 5 If using an NTP server to supply system time to the Access Point, configure the NTP Server Configuration field to define the server network address information required to acquire the access point network time. Enable NTP on Select the Enable NTP on access point checkbox to allow AP4700 a connection between the access point and one or more...
Page 113 To configure event logging for the access point: 1 Select System Configuration > Logging Configuration from the access point menu tree. 2 Configure the Log Options field to save event logs, set the log level and optionally port the access point’s log to an external server.
Page 114: Importing/Exporting Configurations
System Configuration Logging Level Use the Logging Level drop-down menu to select the desired log level for tracking system events. Eight logging levels, (0 to 7) are available. Log Level 6: Info is the access point default log level. These are the standard UNIX/LINUX syslog levels.The levels are as follows: 0 - Emergency 1 - Alert...
Page 115 NOTE For configuration file creation and export operations, only the set radio-config (1-8, depending on the SKU) shall be supported. The export function will always export the encrypted Admin User password. The import function will import the Admin Password only if the Access Point is set to factory default. If the Access Point is not configured to factory default settings, the Admin User password WILL NOT get imported.
Page 116 System Configuration SFTP/FTP/TFTP Enter the numerical (non DNS name) IP address of the Server IP destination SFTP, FTP or TFTP server where the configuration file is imported or exported. Filepath (optional) Defines the optional path name used to import/export the target configuration file.
Page 117 NOTE Extreme Networks recommends importing configuration files using the CLI. If errors occur during the import process, they display all at once and are easier to troubleshoot. The Access Point GUI displays errors one at a time, and troubleshooting can be a more time-consuming process.
Page 118: Updating Device Firmware
Updating Device Firmware Extreme Networks periodically releases updated versions of the access point device firmware to the Extreme Networks Web site. If the access point firmware version displayed on the System Settings page (see “Configuring System Settings” on page...
Page 119 If restoring the Access Point’s factory default firmware, you must export the certificate file BEFORE restoring the Access Point’s factory default configuration. Import the file back after the updated firmware is installed. If a firmware update is required, use the Firmware Update screen to specify a filename and define a file location for updating the firmware.
Page 120 System Configuration DHCP options are used for out-of-the-box rapid deployment for Extreme Networks wireless products. The following are the two options available on the Access Point: Enable Automatic Firmware Update ● Enable Automatic Configuration Update ● Both DHCP options are enabled by default.
Page 121 8 Set the following parameters: Username—Specify a username for the FTP or SFTP server login. ● Password—Specify a password for FTP or SFTP server login. Default is admin123. A blank ● password is not supported. NOTE Click Apply to save the settings before performing the firmware update. The user is not able to navigate the access point user interface while the firmware update is in process.
Page 122 System Configuration Altitude 4700 Series Access Point Product Reference Guide...
Page 123: Chapter 5: Network Management
Network Management C H A P T E R Refer to the following for network management configuration activities supported by the Access Point user interface: Configuring the LAN Interface on page 123 ● Configuring WAN Settings on page 135 ● Enabling Wireless LANs (WLANs) on page 146 ●...
Page 124 Network Management To configure the access point LAN interface: 1 Select Network Configuration > LAN from the access point menu tree. 2 Configure the LAN Settings field to enable the access point LAN1 and/or LAN2 interface, assign a timeout value, enable 802.1q trunking, configure WLAN mapping and enable 802.1x port authentication.
Page 125 WLAN Mapping Click the WLAN Mapping button to launch the VLAN Configuration screen to map existing WLANs to one of the two LANs and define the WLAN’s VLAN membership (up to 16 mappings are possible per Access Point). 3 Refer to the LAN Ethernet Timeout field to define how LAN Ethernet inactivity is processed by the Access Point.
Page 126: Configuring Vlan Support
Network Management 6 Click Apply to save any changes to the LAN Configuration screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost if the prompts are ignored. 7 Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the LAN configuration screen to the last saved configuration.
Page 127 Trunk links are required to pass VLAN information between destinations. A trunk port is by default a member of all the VLANs existing on the access point and carry traffic for all those VLANs. Trunking is a function that must be enabled on both sides of a link. 3 Select the VLAN Name button.
Page 128 Access Point forwards untagged traffic with the native VLAN configured for the port. The Native VLAN is VLAN 1 by default. Extreme Networks suggests leaving the Native VLAN set to 1 as other layer 2 devices also have their Native VLAN set to 1.
Page 129: Configuring Lan1 And Lan2 Settings
13 Use the VLAN drop-down menu to select the name of the target VLAN to map to the WLAN listed on the left-hand side of the screen. Extreme Networks recommends mapping VLANs strategically in order to keep VLANs tied to the discipline they most closely match. For example, If WLAN1 is comprised of MUs supporting the sales area, then WLAN1 should be mapped to sales if a sales VLAN has been already been created.
Page 130 Ensure the primary address is the same as the IP address of the LAN. NOTE Extreme Networks recommends the WAN and LAN ports should not both be configured as DHCP clients. Altitude 4700 Series Access Point Product Reference Guide...
Page 131 Enter the Primary DNS numerical (non DNS name) IP Server address. Secondary DNS Extreme Networks recommends entering the numerical IP Server address of an additional DNS server (if available), used if the primary DNS server goes down. A maximum of two DNS servers can be used.
Page 132: Configuring Advanced Dhcp Server Settings
Network Management WINS Server Enter the numerical (non DNS name) IP address of the WINS server. WINS is a Microsoft NetBIOS name server. Using a WINS server eliminates the broadcasts needed to resolve computer names to IP addresses by providing a cache or database of translations.
Page 133 To generate a list of client MAC address to IP address mappings for the access point: 1 Select Network Configuration > LAN > LAN1 (or LAN2) from the access point menu tree. 2 Click the Advanced DHCP Server button from within the LAN1 or LAN2 screen. 3 Specify a lease period in seconds for available IP addresses using the DHCP Lease Time (Seconds) parameter.
Page 134 Packet types supported for the type filtering function include 16-bit DIX Ethernet types as well as Extreme Networks proprietary types. Select an Ethernet type from the drop down menu, or enter the Ethernet type’s hexadecimal value. See your System Administrator if unsure of the implication of adding or omitting a type from the list for either LAN1 or LAN2.
Page 135: Configuring Wan Settings
5 Click Apply to save any changes to the LAN1 or LAN2 Ethernet Type Filter Configuration screen. Navigating away from the screen without clicking Apply results in all changes to the screens being lost. 6 Click Cancel to securely exit the LAN1 or LAN2 Ethernet Type Filter Configuration screen without saving your changes.
Page 136 2 Refer to the WAN IP Configuration field to enable the WAN interface, and set network address information for the WAN connection. NOTE Extreme Networks recommends that the WAN and LAN ports should not both be configured as DHCP clients. Altitude 4700 Series Access Point Product Reference Guide...
Page 137 Enable WAN Select the Enable WAN Interface checkbox to enable a access point Interface connection between the and a larger network or outside world through the WAN port. access Disable this option to effectively isolate the point ’s WAN. No connections to a larger network or the Internet are possible.
Page 138 Network Management More IP Addresses Click the More IP Addresses button to specify additional static IP addresses for the access point. Additional IP addresses are required when users within the WAN need dedicated IP addresses, or when servers need to be accessed (addressed) by the outside world.
Page 139 NOTE Be aware that the Access Point can (incorrectly) carry over previously configured static IP information and maintain two connected routes once it gets an IP address from a PPPOE connection. Enable Use the checkbox to enable Point-to-Point over Ethernet (PPPoE) for a high-speed connection that supports this protocol.
Page 140 Telstra Turbo 7 Series Express Card (Aircard 880E) ● NOTE Extreme Networks recommends express cards be initially activated on a Windows machine using a SIM card subscribed to an appropriate service plan. Operation Mode Enable WWAN failover by selecting the Fail-over radio button.
Page 141: Configuring Network Address Translation (Nat) Settings
WWAN CRM Optionally define a numerical IP address for a third WWAN Remote Gateway 3 remote gateway. If the Access Point detects the loss of the wired WAN connection, it establishes the WWAN connection and uses a remote gateway to route traffic. Traffic that used go to the wired WAN is redirected to the WWAN over this third choice remote gateway, if the first two gateways addresses prove unavailable.
Page 142 Network Management To configure IP address mappings for the access point: 1 Select Network Configuration > WAN > NAT from the access point menu tree. 2 Configure the Address Mappings field to generate a WAN IP address, define the NAT type and set outbound/inbound NAT mappings.
Page 143: Configuring Port Forwarding
Outbound When 1 to 1 NAT is selected, a single IP address can be Mappings entered in the Outbound Mappings area. This address provides a 1 to 1 mapping of the WAN IP address to the specified IP address. When 1 to Many is selected as the NAT Type, the Outbound Mappings area displays a 1 to Many Mappings button.
Page 144 Network Management 4 Configure the Port Forwarding screen to modify the following: Click Add to create a local map that includes the name, transport protocol, start port, end port, IP address and Translation Port for incoming packets. Delete Click Delete to remove a selected local map entry. Name Enter a name for the service being forwarded.
Page 145: Configuring Dynamic Dns
Configuring Dynamic DNS The Access Point supports the Dynamic DNS service. Dynamic DNS (or DynDNS) is a feature offered by www.dyndns.com which allows the mapping of domain names to dynamically assigned IP addresses via the WAN port. When the dynamically assigned IP address of a client changes, the new IP address is sent to the DynDNS service and traffic for the specified domain(s) is routed to the new IP address.
Page 146: Enabling Wireless Lans (Wlans)
Network Management 3 Enter the DynDNS Username for the account you wish to use for the Access Point. 4 Enter the DynDNS Password for the account you wish to use for the Access Point. 5 Provide the Hostname for the DynDNS account you wish to use for the Access Point. 6 Click the Update DynDNS button to update the Access Point’s current WAN IP address with the DynDNS service.
Page 147 To configure WLANs on the access point: 1 Select Network Configuration > Wireless from the access point menu tree. If a WLAN is defined, that WLAN displays within the Wireless Configuration screen. When the access point is first booted, WLAN1 exists as a default WLAN available immediately for connection. 2 Refer to the information within the Wireless Configuration screen to view the name, ESSID, access point radio designation, VLAN ID and security policy of existing WLANs.
Page 148: Creating/Editing Individual Wlans
Network Management Security Policy The Security Policy field displays the security profile configured for the target WLAN. For information on configuring security for a WLAN, QoS Policy The QoS Policy field displays the quality of service currently defined for the WLAN. This policy outlines which data types receive priority for the user base comprising the WLAN.
Page 149 NOTE Before editing the properties of an existing WLAN, ensure it is not being used by an access point radio, or is a WLAN that is needed in its current configuration. Once updated, the previous configuration is not available unless saved. Use the New WLAN and Edit WLAN screens as required to create/modify a WLAN.
Page 150 Network Management ESSID Enter the Extended Services Set Identification (ESSID) associated with the WLAN. The WLAN name is auto- generated using the ESSID until changed by the user. The maximum number of characters that can be used for the ESSID is 32. Do not use any of the following characters for an ESSID <...
Page 151 Access Point’s ESSID. If a hacker tries to find an ESSID via an MU, the ESSID does not display since the ESSID is not in the beacon. Extreme Networks recommends keeping the option enabled to reduce the likelihood of hacking into the WLAN.
Page 152: Configuring Wlan Security Policies
Network Management Enable Rate Select this checkbox to set MU rate limiting values for this Limiting WLAN in both the upstream and downstream direction. Once selected, two fields display enabling you to set MU radio bandwidth for each associated MU in both the wired- to-wireless and wireless-to-wired directions.
Page 153 Edit WLAN screens to assign to specific WLANs based on MU interoperability requirements. Extreme Networks recommends using the New MU ACL Policy or Edit MU ACL Policy screens strategically to name and configure ACL policies meeting the requirements of the particular WLANs...
Page 154 Network Management they may map to. However, be careful not to name policies after specific WLANs, as individual ACL policies can be used by more than one WLAN. For detailed information on assigning ACL policies to specific WLANs, see “Creating/Editing Individual WLANs” on page 148.
Page 155 Either the New MU ACL Policy or Edit MU ACL Policy screen displays. 3 Assign a name to the new or edited ACL policy that represents an inclusion or exclusion policy specific to a particular type of MU traffic you may want to use with a single or group of WLANs. More than one WLAN can use the same ACL policy.
Page 156 WLANs based on MU interoperability requirements. Extreme Networks recommends using the New QoS Policy and Edit QoS Policy screens strategically to name and configure QoS policies meeting the requirements of the particular WLANs they may belong to.
Page 157 2 Click the Create button to configure a new QoS policy, or select a policy and click the Edit button to modify an existing QoS policy. The Access Point supports a maximum of 16 QoS policies. 3 Assign a name to the new or edited QoS policy that makes sense to the access point traffic receiving priority.
Page 158 CAUTION Extreme Networks recommends using the drop-down menu to define the intended radio traffic within the WLAN. Once an option is selected, you do not need to adjust the values for the Access Categories, unless qualified to do so. Changing the Access Category default values could negatively impact the performance of the Access Point.
Page 159 Background Background traffic is typically of a low priority (file transfers, print jobs ect.). Background traffic typically does not have strict latency (arrival) and throughput requirements. Best Effort Best Effort traffic includes traffic from legacy devices or applications lacking QoS capabilities. Best Effort traffic is negatively impacted by data transfers with long delays as well as multimedia traffic.
Page 160 Network Management U-APSD (WMM Power Save) Support The Access Point now supports Unscheduled Automatic Power Save Delivery (U-APSD), often referred to as WMM Power Save. U-APSD provides a periodic frame exchange between a voice capable MU and the Access Point during a VoIP call, while legacy power management is still utilized for typical data frame exchanges.
Page 161 CAUTION When using the Access Point’s hotspot functionality, ensure MUs are re-authenticated when changes are made to the characteristics of a hotspot enabled WLAN, as MUs within the WLAN will be dropped from Access Point device association. To configure hotspot functionality for an Access Point WLAN: 1 Ensure the Enable Hotspot checkbox is selected from within the target WLAN screen, and ensure the WLAN is properly configured.
Page 162 Network Management Use External URL Select the Use External URL checkbox to define a set of external URLs for hotspot users to access the login, welcome and fail pages. To create a redirected page, you need to have a TCP termination locally. On receiving the user credentials from the login page, the Access Point connects to a RADIUS server, determines the identity of the connected wireless user and allows the user to access...
Page 163 NOTE If using an external Web Server over the WAN port, and the hotspot’s HTTP pages (login or welcome) redirect to the Access Point’s WAN IP address for CGI scripts, the IP address of the external Web server and the Access Point’s WAN IP address should be entered in the White List. 7 Refer to the Radius Accounting field to enable RADIUS accounting and specify the a timeout and retry value for the RADIUS server.
Page 164 Network Management Defining the Hotspot White List To host a Login, Welcome or Fail page on the external Web server, the IP address of that Web server should be in Access Point’s White List. NOTE If using an external Web Server over the WAN port, and the hotspot’s HTTP pages (login or welcome) redirect to the Access Point’s WAN IP address for CGI scripts, the IP address of the external Web server and the Access Point’s WAN IP address should be entered in the White List.
Page 165 Extreme Networks provides a default set of HTML files for the login, welcome and fail pages, and one css file that’s referenced by these HTML files. The professional installer is also provided two default images which can be manipulated as required.
Page 166 Network Management The HTML Editor enables you to customize the hotspot html code. It displays the login.html, welcome.html and fail.html files (depending on user selection) in an editable text area. CAUTION No file in a hotspot directory can exceed 10 kb. The maximum number of characters that can be entered into the text area is 10240.
Page 167 CAUTION Once updated, the CSS file must not exceed 12500 bytes, or it cannot be exported back onto the Access Point for effective deployment with the hotspot. 7 Select the FTP Transfer tab to define the configuration of the FTP server configuration and target filename used to import or export the CSS and logo banners to and from the hosting Access Point.
Page 168 Network Management Filename(s) Provide the name of the target file either imported or exported from the FTP server. Up to 10 files can be used, and each must not exceed 39 characters. Filepath(optional) Optionally provide the path to the hotspot files specified within the Filenames field.
Page 169: Setting The Wlan's Radio Configuration
WLAN and replace them with the default files provided with the Access Point firmware. CAUTION Extreme Networks recommends exporting any file present required for further development on to an external FTP server since they will all be lost during the restore operation.
Page 170 Network Management Altitude 4750 Description Three Radios Two radios supporting either WLAN or WIPS. Radio three dedicated to WIPS. For radios 1 and 2, WIPS and WLAN modes are mutually exclusive. In WLAN mode, a radio functions as a traditional Access Point, providing wireless bridging. In WIPS mode a radio provides no wireless bridging.
Page 171 To set the access point radio configuration (this example is for a dual-radio Access Point): 1 Select Network Configuration > Wireless > Radio Configuration from the access point menu tree. Review the Radio Function to assess if this radio is currently functioning as a WLAN radio or has been dedicated as a sensor.
Page 172 WLAN (ESS) the client bridge uses to establish a wireless link. The default setting, is (WLAN1). Extreme Networks recommends creating (and naming) a WLAN specifically for mesh networking support to differentiate the Mesh supported WLAN from non-Mesh supported WLANs.
Page 173 CAUTION An Access Point in client bridge mode cannot use a WLAN configured with a Kerberos or EAP 802.1x based security scheme, as these authentication types secure user credentials not the mesh network itself. NOTE Ensure you have verified the radio configuration for both Radio 1 and Radio 2 before saving the existing settings and exiting the Radio Configuration screen.
Page 174 Network Management 8 Click Apply to save any changes to the Radio Configuration screen. Navigating away from the screen without clicking Apply results in all changes to the screens being lost. CAUTION When defining a Mesh configuration and changes are saved, the mesh network temporarily goes down. The Mesh network is unavailable because the Access Point radio is reconfigured when applying changes.
Page 175 To configure the access point’s 802.11a/n or 802.11b/g/n radio: 1 Select Network Configuration > Wireless > Radio Configuration > Radio1 (default name) from the access point menu tree. 2 Configure the Properties field to assign a name and placement designation for the radio. Placement Use the Placement drop-down menu to specify whether the radio is located outdoors or indoors.
Page 176 3 Configure the Channel, Power and Rate Settings field to assign a channel, antenna diversity setting, radio transmit power level and data rate. CAUTION When deploying a mesh network, Extreme Networks recommends manually configuring channels and not using the Automatic or Uniform options. 802.11 b/g/n mode For radio1, specify B, G and N, B and G, G Only, B only or N Only to define whether the 802.11b/g/n radio...
Page 177 Channel Width Select the Channel Width (MHz) from the drop-down menu. The AP radio can support 20 and 40 MHz channel widths. 20 MHz is the default setting for the 2.4 GHz radio. 20/40 MHz operation (the default setting for the 5 GHz radio) allows the Access Point to receive packets from clients using 20 MHz of bandwidth while transmitting a packet using 40 MHz bandwidth.
Page 178 Network Management Antenna Gain Set the antenna gain used with the selected antenna type between 0.00–15.00 dBm. The Access Point’s Power Management Antenna Configuration File (PMACF) automatically configures the Access Point’s radio transmit power based on the antenna type (provided in the CLI), its antenna gain (provided here) and the deployed country’s regulatory domain restrictions.
Page 179 Set Rates Click the Set Rates button to define minimum and maximum data transmit rates for the radio. Use the Basic Rates drop-down menu to select the rates available for either the 2.4 GHz or 5 GHz radio band. The menu options differ, based on the radio band.
Page 180 Network Management 4 Configure the Performance field to set the preamble, thresholds values and QoS values for the radio. Support Short The preamble is approximately 8 bytes of packet header Preamble Interval generated by the Access Point and attached to a packet prior to transmission from the 802.11b radio.
Page 181 QoS policies configured for the WLAN (as created or edited from the Quality of Service Configuration screen). Extreme Networks recommends only advanced users manually set these values. If the type of data-traffic is known, use the drop-down menu to select an option representative of the intended radio band support.
Page 182 Access Point BSSIDs. If a system has an abundance of broadcast traffic and it needs to be delivered quickly, Extreme Networks recommends decreasing the DTIM interval for that specific BSSID. However, decreasing the DTIM interval decreases the battery life on power save stations.
Page 183 8 Refer to the Broadcast/Multicast Transmit Control field to define the broadcast/multicast transmission configuration. The Optimized for Range radio button is selected by default. This default option is ideal when range is preferred over performance for broadcast/multicast (group) traffic. The data rates used for range are the lowest defined basic rates selected from this radio’s Set Rates screen.
Page 184: Configuring Mu Rate Limiting
Network Management NOTE If using a dual-radio Access Point, 4 BSSIDs for the 802.11b/g/n radio and 4 BSSIDs for the 802.11a/n radio are available. WLAN Lists the WLAN names available to the 802.11a/n or 802.11b/g/n radio that can be assigned to a BSSID. BSSID Assign a BSSID value of 1 through 4 to a WLAN in order to map the WLAN to a specific BSSID.
Page 185 To define MU rate limits for specific WLANs on an Access Point radio: 1 Select Network Configuration > Wireless > Rate Limiting from the access point menu tree. 2 Select the Enable Rate Limiting option to globally enable MU rate limiting for each of the Access Point’s 16 WLANs.
Page 186: Configuring Router Settings
Network Management protection functions. More specifically, see, “Configuring Firewall Settings” on page 218 “Configuring Rogue AP Detection” on page 243. Configuring Router Settings The access point router uses routing tables and protocols to forward data packets from one network to another.
Page 187: Setting The Rip Configuration
4 To set or view the RIP configuration, click the RIP Configuration button. Routing Information Protocol (RIP) is an interior gateway protocol that specifies how routers exchange routing-table information. The Router screen also allows the administrator to select the type of RIP and the type of RIP authentication used by the controller.
Page 188: Configuring Ip Filtering
Network Management 3 If RIP v2 or RIP v2 (v1 compat) is the selected RIP type, the RIP v2 Authentication field becomes active. Select the type of authentication to use from the Authentication Type drop-down menu. Available options include: None This option disables the RIP authentication.
Page 189 IP filtering supports the creation of up to 20 filter rules enforced at layer 3. Once defined (using the Access Point’s SNMP, GUI or CLI), filtering rules can be enforced on the Access Point’s LAN1 or LAN2 interfaces and within any of the 16 Access Point WLANs. An additional default action is also available denying traffic when filter rules fail.
Page 190 Network Management To filter packets against undesired data traffic: 1 Select Network Configuration > IP Filtering from the access point menu tree. When the IP Filtering screen is initially displayed, there are no default filtering policies, and they must be created. NOTE With IP Filtering, users can only define a destination port, not a source port.
Page 191: Applying A Filter To Lan1, Lan2 Or A Wlan (1-16)
Src Start Creates a range beginning source IP address to be either allowed or denied IP packet forwarding. The source address is where the packet originated. Setting the Src End value the same as the Src Start allows or denies just this address without defining a range.
Page 192: Ip Filter Configuration - Example
Network Management From the Wireless screen: a Select Network Configuration > Wireless from the access point menu tree. b Click the Create button to apply the filter to a new WLAN, or highlight an existing WLAN and click the Edit button. Either the New WLAN or Edit WLAN screen displays. c Select the Enable IP Filtering button in the lower portion of the screen.
Page 193 admin(network.ipfilter)>add icmp1 ICMP ALL ALL 10.1.1.1 10.1.1.10 11.1.1.1 11.1.1.10 admin(network.ipfilter)>show ------------------------------------------------------------------------------- Idx Name Protocol Port-Start-End SrcIP-Start-End DstIP-Start-End In-Use ------------------------------------------------------------------------------- icmp1 ICMP 10.1.1.1 11.1.1.1 10.1.1.10 11.1.1.10 admin(network.ipfilter)> Once created, the filter displays within the Network Configuration > IP Filtering screen. Applying the Filter to a WLAN or LAN Once created, filters in the IP Filter Table can be applied to a WLAN or LAN.
Page 194 Network Management Adding a filter to LAN 1 for outbound traffic results in the inspection of packets at point A. Both packets out the physical port and wireless transmissions are checked. Adding a filter to WLAN 1 for inbound traffic results in the inspection of packets at point B. Even though WLAN 2 is on LAN 1, its packets are unaffected.
Page 195 Creating a LAN IP Filter Policy. The following example uses the Access Point CLI: admin(network.lan.ipfpolicy)>add 1 icmp1 incoming deny admin(network.lan.ipfpolicy)>show 1 ------------------------------------------------------------------ Idx Filter-Name Direction Action ------------------------------------------------------------------ icmp1 incoming deny IP Filter Mode : enable Default Incoming Action : deny Default Outgoing Action : deny admin(network.lan.ipfpolicy)>...
Page 196 Network Management Dropped Packets : 0.00 % %Undecryptable Packets : 0.00 % IP Filtering: Incoming: icmp1 : 0 denied Default Action : 64 allowed Outgoing: Default Action : 75 allowed admin(stats)>show lan 1 LAN Interface Information LAN Interface 1 : enable IP Address 1 : 192.168.0.1 Network Mask...
Page 197: Chapter 6: Configuring Access Point Security
Configuring Access Point Security C H A P T E R Security measures for the access point and its WLANs are critical. Use the available access point security options to protect the access point LAN from wireless vulnerabilities, and safeguard the transmission of RF packets between the access point and its associated MUs.
Page 198: Setting Passwords
Configuring Access Point Security To configure a security policy supporting KeyGuard, see, “Configuring KeyGuard Encryption” on ● page 209. To define a security policy supporting WPA-TKIP, see “Configuring WPA/WPA2 Using TKIP” on ● page 211. To create a security policy supporting WPA2-CCMP, see “Configuring WPA2-CCMP (802.11i)”...
Page 199: Resetting The Access Point Password
Access Point’s security, radio and power management configuration to their default settings. Only an installation professional should reset the Access Point’s password and promptly define a new restrictive password. To contact Extreme Networks Support in the event of a password reset requirement, go to http://esupport.extremenetworks.com CAUTION Only a qualified installation professional should set or restore the Access Point’s radio and power...
Page 200: Enabling Authentication And Encryption Schemes
Remember, multiple WLANs can share the same security policy, so be careful not to name security policies after specific WLANs or risk defining a WLAN to single policy. Extreme Networks recommends naming the policy after the attributes of the authentication or encryption type selected (for example, WPA2 Allow TKIP).
Page 201 4 Enable and configure an Authentication option if necessary for the target security policy. Manually Pre- Select this button to disable authentication. This is the Shared Key / No default value for the Authentication field. Authentication Kerberos Select the Kerberos button to display the Kerberos Configuration field within the New Security Policy screen.
Page 202: Configuring Kerberos Authentication
Configuring Access Point Security For access point encryption: To create a security policy supporting WEP, see “Configuring WEP Encryption” on page 208. ● To define a security policy supporting KeyGuard, see, “Configuring KeyGuard Encryption” on ● page 209. To configure a security policy supporting WPA/TKIP, see “Configuring WPA/WPA2 Using ●...
Page 203 4 Ensure the Name of the security policy entered suits the intended configuration or function of the policy. 5 Set the Kerberos Configuration field as required to define the parameters of the Kerberos authentication server and access point. Realm Name Specify a realm name that is case-sensitive, for example, extremenetworks.com.
Page 204: Configuring 802.1X Eap Authentication
Configuring Access Point Security Remote KDC Optionally, specify a numerical (non-DNS) IP address and port for a remote KDC. Kerberos implementations can use an administration server allowing remote manipulation of the Kerberos database. This administration server usually runs on the KDC. Port Specify the ports on which the Primary, Backup and Remote KDCs reside.
Page 205 6 Configure the Server Settings field as required to define address information for the authentication server. The appearance of the Server Settings field varies depending on whether Internal or External has been selected from the Radius Server drop-down menu. Radius Server If using an External RADIUS Server, specify the numerical Address (non-DNS) IP address of a primary Remote Dial-In User...
Page 206 Configuring Access Point Security Radius Port If using an External Radius Server, specify the port on which the primary Radius server is listening. Optionally, specify the port of a secondary (failover) server. Older Radius servers listen on ports 1645 and 1646. Newer servers listen on ports 1812 and 1813.
Page 207 Enable Select the Enable Reauthentication checkbox to configure Reauthentication a wireless connection policy so MUs are forced to reauthenticate periodically. Periodic repetition of the EAP process provides ongoing security for current authorized connections. Period (30-9999) Set the EAP reauthentication period to a shorter interval secs for tighter security on the WLAN's connections.
Page 208: Configuring Wep Encryption
Configuring Access Point Security Configuring WEP Encryption Wired Equivalent Privacy (WEP) is a security protocol specified in the IEEE Wireless Fidelity (Wi-Fi) standard. WEP is designed to provide a WLAN with a level of security and privacy comparable to that of a wired LAN.
Page 209: Configuring Keyguard Encryption
5 Configure the WEP 64 Settings or WEP 128 Settings field as required to define the Pass Key used to generate the WEP keys. These keys must be the same between the Access Point and its MU to encrypt packets between the two devices. Pass Key Specify a 4 to 32 character pass key and click the Generate button.
Page 210 Configuring Access Point Security The KeyGuard Settings field displays within the New Security Policy screen. 4 Ensure the Name of the security policy entered suits the intended configuration or function of the policy. 5 Configure the KeyGuard Settings field as required to define the Pass Key used to generate the WEP keys used with the KeyGuard algorithm.
Page 211: Configuring Wpa/Wpa2 Using Tkip
Key 4 404142434445464748494A4B4C 6 Select the Allow WEP128 Clients checkbox (from within the KeyGuard Mixed Mode field) to enable WEP128 clients to associate with an Access Point’s KeyGuard supported WLAN. The WEP128 clients must use the same keys as the KeyGuard clients to interoperate within the Access Point’s KeyGuard supported WLAN.
Page 212 Configuring Access Point Security 5 Configure the Key Rotation Settings area as needed to broadcast encryption key changes to MUs and define the broadcast interval. Broadcast Key Select the Broadcast Key Rotation checkbox to enable or Rotation disable broadcast key rotation. When enabled, the key indices used for encrypting/decrypting broadcast traffic will be alternatively rotated on every interval specified in the Broadcast Key Rotation Interval.
Page 213: Configuring Wpa2-Ccmp (802.11I)
256-bit Key To use a hexadecimal value (and not an ASCII passphrase), select the checkbox and enter 16 hexadecimal characters into each of the four fields displayed. Default (hexadecimal) 256-bit keys for WPA/TKIP include: 1011121314151617 ● 18191A1B1C1D1E1F ● 2021222324252627 ● 28292A2B2C2D2E2F ●...
Page 214 Configuring Access Point Security WPA2/CCMP is based on the concept of a Robust Security Network (RSN), which defines a hierarchy of keys with a limited lifetime (similar to TKIP). Like TKIP, the keys the administrator provides are used to derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. The end result is an encryption scheme as secure as any the access point provides.
Page 215 Enabling this option allows backwards compatibility for clients that support WPA-TKIP and WPA2- TKIP but do not support WPA2-CCMP. Extreme Networks recommends enabling this feature if WPA-TKIP or WPA2-TKIP supported MUs operate within a WLAN populated by WPA2-CCMP enabled clients.
Page 216: Configuring Multi Cipher Support
Configuring Access Point Security Opportunistic PMK Select the Opportunistic Pairwise Master Key (PMK) Caching Caching option to reduce handoff latency by pre- establishing security associations between an MU and the AP4700 Access Points in the wireless network. NOTE PMK key caching is enabled internally by default when 802.1x EAP authentication is enabled. 9 Click the Apply button to save any changes made within this New Security Policy screen.
Page 217 IP address. NOTE Since the AP supports a maximum of 4 different BSSID groups, Extreme Networks recommends grouping WLANs with common security schemes under the same BSSID group to support a greater number of WLANs.
Page 218: Configuring Firewall Settings
Configuring Access Point Security This results in the AP beaconing the same ESSID but different WLAN BSSIDs and security schemes. Configuring Firewall Settings The access point's firewall is a set of related programs located in the gateway on the WAN side of the access point.
Page 219 To configure the access point firewall settings: 1 Select Network Configuration > Firewall from the access point menu tree. 2 Refer to the Global Firewall Disable field to enable or disable the access point firewall. Disable Firewall Select the Disable Firewall checkbox to disable all firewall functions on the access point.
Page 220: Configuring Lan To Wan Access
Configuring Access Point Security 4 Refer to the Configurable Firewall Filters field to set the following firewall filters: SYN Flood Attack A SYN flood attack requests a connection and then fails to Check promptly acknowledge a destination host's response, leaving the destination host vulnerable to a flood of connection requests.
Page 221 Color Access Type Description Green Full Access No protocol exceptions (rules) are specified. All traffic may pass between these two areas. Yellow Limited Access One or more protocol rules are specified. Specific protocols are either enabled or disabled between these two areas. Click the table cell of interest and look at the exceptions area in the lower half of the screen to determine the protocols that are either allowed or denied.
Page 222 Configuring Access Point Security Pre configured The following protocols are preconfigured with the access Rules point. To enable a protocol, check the box next to the protocol name. • HTTP—Hypertext Transfer Protocol is the protocol for transferring files on the Web. HTTP is an application protocol running on top of the TCP/IP suite of protocols, the foundation protocols for the Internet.
Page 223: Configuring Advanced Subnet Access
Available Protocols Protocols that are not pre-configured can be specified using the drop down list within the Transport column within the Subnet Access and Advanced Subnet Access screens. They include: ALL—Enables all of the protocol options displayed in the drop-down menu (as described below). ●...
Page 224 Configuring Access Point Security To configure access point Advanced Subnet Access: 1 Select Network Configuration > Firewall > Advanced Subnet Access from the access point menu tree. 2 Configure the Settings field as needed to override the settings in the Subnet Access screen and import firewall rules into the Advanced Subnet Access screen.
Page 225: Configuring Vpn Tunnels
Insert Click the Insert button to insert a new rule directly above a selected rule in the table. Clicking on a field in the row displays a new window with configuration options. Del (Delete) Click Del to remove the selected rule from the table. The index numbers for all the rows below the deleted row decrease by 1.
Page 226 Configuring Access Point Security The access point allows up to 25 VPN tunnels to either a VPN endpoint or to another access point. VPN tunnels allow all traffic on a local subnet to route securely through an IPSec tunnel to a private network. A VPN port is a virtual port which handles tunneled traffic.
Page 227 Click Del to delete a highlighted VPN tunnel. There is no confirmation before deleting the tunnel. Tunnel Name The Tunnel Name column lists the name of each VPN access point tunnel on the Remote Subnet The Remote Subnet column lists the remote subnet for each tunnel.
Page 228 Configuring Access Point Security Remote Gateway Enter a numerical (non-DNS) remote gateway IP address for the tunnel. The remote gateway IP address is the gateway address on the remote network the VPN tunnel connects to. Default Gateway Displays the WAN interface's default gateway IP address. Manual Key Selecting Manual Key Exchange requires you to manually Exchange...
Page 229: Creating A Vpn Tunnel Between Two Access Points
Creating a VPN Tunnel between Two Access Points This section describes how to define a simple configuration using two Access Points to create an IPSec tunnel. To create a IPSec VPN tunnel between two Access Points: 1 Ensure the WAN ports are connected via the internet 2 Select Network Configuration >...
Page 230: Configuring Manual Key Settings
Configuring Access Point Security Notice the status displays “NOT_ACTIVE”. This screen automatically refreshes to get the current status of the VPN tunnel. Once the tunnel is active, the IKE_STATE changes from NOT_CONNECTED to SA_MATURE. 19 On AP #2, repeat the same steps as above. However, replace AP #2 information with AP #1 information.
Page 231 To configure manual key settings for the access point: 1 Select Network Configuration > WAN > VPN from the access point menu tree. 2 Refer to the VPN Tunnel Config field, select the Manual Key Exchange radio button and click the Manual Key Settings button.
Page 232 Configuring Access Point Security Inbound AH Configure a key for computing the integrity check on Authentication Key inbound traffic with the selected authentication algorithm. The key must be 32/40 (for MD5/SHA1) hexadecimal (0-9, A-F) characters in length. The key value must match the corresponding outbound key on the remote security gateway.
Page 233: Configuring Auto Key Settings
ESP Authentication Select the authentication algorithm to use with ESP. This Algorithm option is available only when ESP with Authentication was selected for the ESP type. Options include: • MD5—Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexadecimal) keys. •...
Page 234 Configuring Access Point Security To configure auto key settings for the access point: 1 Select Network Configuration > WAN > VPN from the access point menu tree. 2 Refer to the VPN Tunnel Config field, select the Auto (IKE) Key Exchange radio button and click the Auto Key Settings button.
Page 235: Configuring Ike Key Settings
ESP Encryption Use this menu to select the encryption and authentication Algorithm algorithms for this VPN tunnel. • DES—Selects the DES algorithm.No keys are required to be manually provided. • 3DES—Selects the 3DES algorithm. No keys are required to be manually provided. •...
Page 236 Configuring Access Point Security 3 Configure the IKE Key Settings screen to modify the following: Operation Mode The Phase I protocols of IKE are based on the ISAKMP identity-protection and aggressive exchanges. IKE main mode refers to the identity-protection exchange, and IKE aggressive mode refers to the aggressive exchange.
Page 237 Remote ID Type Select the type of ID to be used for the access point end of the tunnel from the Remote ID Type drop-down menu. • IP—Select the IP option if the remote ID type is the IP address specified as part of the tunnel. •...
Page 238: Vpn Configuration - Example
Configuring Access Point Security Diffie Hellman Select a Diffie-Hellman Group to use. The Diffie-Hellman Group key agreement protocol allows two users to exchange a secret key over an insecure medium without any prior secrets. Two algorithms exist, 768-bit and 1024-bit. Select one of the following options: •...
Page 239 To view VPN status: 1 Select Network Configuration > WAN > VPN > VPN Status from the access point menu tree. 2 Reference the Security Associations field to view the following: Tunnel Name The Tunnel Name column lists the names of all the tunnels configured on the access point.
Page 240: Configuring Content Filtering Settings
Configuring Access Point Security Tx Bytes The Tx Bytes column lists the amount of data (in bytes) transmitted through each configured tunnel. Rx Bytes The Rx Bytes column lists the amount of data (in bytes) received through each configured tunnel. 3 Click the Reset VPNs button to reset active VPNs.
Page 241 To configure content filtering for the access point: 1 Select Network Configuration > WAN > Content Filtering from the access point menu tree. 2 Configure the HTTP field to configure block Web proxies and URL extensions. Block Outbound HyperText Transport Protocol (HTTP) is the protocol used HTTP to transfer information to and from Web sites.
Page 242 Configuring Access Point Security 3 Configure the SMTP field to disable or restrict specific kinds of network mail traffic. Block Outbound Simple Mail Transport Protocol (SMTP) is the Internet SMTP Commands standard for host-to-host mail transport. SMTP generally operates over TCP on port 25. SMTP filtering allows the blocking of any or all outgoing SMTP commands.
Page 243: Configuring Rogue Ap Detection
4 Configure the FTP field to block or restrict various FTP traffic on the network. Block Outbound File Transfer Protocol (FTP) is the Internet standard for FTP Actions host-to-host mail transport. FTP generally operates over TCP port 20 and 21. FTP filtering allows the blocking of any or all outgoing FTP functions.
Page 244 CAUTION Using an antenna other than the Dual-Band Antenna could render the access point’s Rogue AP Detector Mode feature inoperable. Contact your Extreme Networks sales associate for specific information. To configure Rogue AP detection for the access point: 1 Select Network Configuration > Wireless > Rogue AP Detection from the access point menu tree.
Page 245 3 Use the Allowed AP List field to restrict Extreme Networks APs from Rogue AP detection and create a list of device MAC addresses and ESSIDs approved for interoperability with the access point.
Page 246: Moving Rogue Aps To The Allowed Ap List
Configuring Access Point Security 4 Click Apply to save any changes to the Rogue AP Detection screen. Navigating away from the screen without clicking Apply results in all changes to the screens being lost. 5 Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Rogue AP Detection screen to the last saved configuration.
Page 247 7 To remove the Rogue AP entries displayed within the Rogue APs field, click the Clear Rogue AP List button. Extreme Networks only recommends clearing the list of Rogue APs when the devices displaying within the list do not represent a threat to the Access Point managed network.
Page 248 Displays the MAC address of the rogue AP. This information could be useful if the MAC address is determined to be an Extreme Networks MAC address and the device is interpreted as non-hostile and the device should be defined as an allowed AP.
Page 249: Using Mus To Detect Rogue Devices
Using MUs to Detect Rogue Devices The Access Point can use an associated MU that has its rogue AP detection feature enabled to scan for rogue APs. Once detected, the rogue AP(s) can be moved to the list of allowed devices (if appropriate) within the Active APs screen.
Page 250: Configuring User Authentication
Configuring Access Point Security you are sure all of the devices detected and displayed within the Scan Results table are non-hostile APs. 5 Highlight a different MU from the Rogue AP enabled MUs field as needed to scan for additional rogue APs.
Page 251 2 From within the Data Source Configuration field, use the Data Source drop-down menu to select the data source for the RADIUS server. Local An internal user database serves as the data source. Use the User Database screen to enter the user data. For more information, see “Managing the Local User Database”...
Page 252 Configuring Access Point Security Default Specify a PEAP and/or TTLS Authentication Type for EAP Authentication Type to use from the drop-down menu to the right of each checkbox item. PEAP options include: • GTC—EAP Generic Token Card (GTC) is a challenge handshake authentication protocol using a hardware token card to provide the response string.
Page 253: Configuring Ldap Authentication
Time Based Rule restriction feature. NOTE The LDAP screen displays with unfamiliar alphanumeric characters (if new to LDAP configuration). Extreme Networks recommends only qualified administrators change the default values within the LDAP screen. Altitude 4700 Series Access Point Product Reference Guide...
Page 254 Configuring Access Point Security 2 Enter the appropriate information within the LDAP Configuration field to allow the Access Point to interoperate with the LDAP server. Consult with your LDAP server administrator for details on how to define the values in this screen. LDAP Server IP Enter the IP address of the external LDAP server acting as the data source for the RADIUS server.
Page 255: Configuring A Proxy Radius Server
Group Member Enter the Group Member Attribute sent to the LDAP server Attribute when authenticating users. CAUTION Windows Active Directory users must set their Login Attribute to “sAMAccountName” in order to successfully login to the LDAP server. 3 Click Apply to save any changes to the LDAP screen. Navigating away from the screen without clicking Apply results in all changes to the screen being lost.
Page 256 Configuring Access Point Security To configure the proxy RADIUS server for the access point: 1 Select System Configuration > User Authentication > Radius Server > Proxy from the menu tree. 2 Refer to the Proxy Configuration field to define the proxy server’s retry count and timeout values. Retry Count Enter a value between 3 and 6 to indicate the number of times the Access Point attempts to reach a proxy server...
Page 257: Managing The Local User Database
6 Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Proxy screen to the last saved configuration. 7 Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 258 Configuring Access Point Security The Users table displays the entire list of users. Up to 100 users can be entered here. The users are listed in the order added. Users can be added and deleted, but there is no capability to edit the name of a group.
Page 259: Defining User Access Permissions By Group
3 To add the user to a group, select the group in the Available list (on the right) and click the <-Add button. Assigned users will display within the Assigned table. Map one or more groups as needed for group authentication access for this particular user.
Page 260 Configuring Access Point Security time based authentication will not work properly. For information on setting the time zone for the Access Point, see “Configuring Network Time Protocol (NTP)” on page 110. 1 Select User Authentication > Radius Server > Access Policy from the menu tree. The Access Policy screen displays the following fields: Groups The Groups field displays the names of those existing...
Page 261 2 Review the existing access intervals assigned to each group by selecting the group from amongst those displayed. To modify a group’s permissions, see “Editing Group Access Permissions” on page 261. 3 Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 262 Configuring Access Point Security NOTE Groups have a strict start and end time (as defined using the Edit Access Policy screen). Only during this period of time can authentication requests from users be honored (with no overlaps). Any authentication request outside of this defined interval is denied regardless of whether a user’s credentials match or not. 5 Refer to the WLANs field to select existing WLANs to apply to the selected group’s set of access permissions.
Page 263: Chapter 7: Monitoring Statistics
Monitoring Statistics C H A P T E R The access point has functionality to display robust transmit and receive statistics for its WAN and LAN port. Wireless Local Area Network (WLAN) stats can also be displayed collectively for each enabled WLAN as well as individually for up to 16 specific WLANs.
Page 264 Monitoring Statistics To view access point WAN Statistics: 1 Select Status and Statistics > WAN Stats from the access point menu tree. 2 Refer to the Information field to reference the following access point WAN data: Status The Status field displays Enabled if the WAN interface is enabled on the WAN screen.
Page 265 RX Packets RX packets are data packets received over the WAN port. The displayed number is a cumulative total since the WAN interface was last enabled or the access point was last restarted. RX Bytes RX bytes are bytes of information received over the WAN port.
Page 266: Viewing Lan Statistics
Monitoring Statistics Viewing LAN Statistics Use the LAN Stats screen to monitor the activity of the access point’s LAN1 or LAN2 connection. The Information field of the LAN Stats screen displays network traffic information as monitored over the access point LAN1 or LAN2 port. The Received and Transmitted fields of the screen display statistics for the cumulative packets, bytes, and errors received and transmitted over the LAN1 or LAN2 port since it was last enabled or the access point was last restarted.
Page 267 Link The Link parameter displays Up if the LAN connection is active between the access point and network, and Down if the LAN connection is interrupted or lost. Use this information to assess the current connection status of LAN 1 or LAN2. Speed The LAN 1 or LAN 2 connection speed is displayed in Megabits per second (Mbps), for example, 54Mbps.
Page 268: Viewing A Lan's Stp Statistics
Monitoring Statistics TX Overruns TX overruns are buffer overruns on the LAN port. TX overruns occur when packets are sent faster than the LAN connection can handle. If TX overruns are excessive, consider reducing the data rate, TX Carrier The TX Carrier field displays the number of TCP/IP data carrier errors.
Page 269 2 Refer to the Spanning Tree Info field to for details on spanning tree state, and root Access Point designation. Spanning Tree Displays whether the spanning tree state is currently State enabled or disabled. The spanning tree state must be enabled for a unique spanning-tree calculation to occur when the bridge is powered up or when a topology change is detected.
Page 270: Viewing A Lan's Ip Filter Statistics
Monitoring Statistics Designated Cost Displays the unique distance between each Access Point MAC address listed in the Designated Bridge column and the Access Point MAC address listed in the Designated Root column. 4 Click the Logout button to securely exit the Access Point applet. There will be a prompt confirming logout before the applet is closed.
Page 271: Viewing Wireless Statistics
3 Refer to the Outgoing Policies field to assess the number of packets either allowed or denied access by the Access Point’s filtering rules. These are packets that are outgoing from the Access Point LAN. 4 Click the Clear LAN Stats button to reset each of the data collection counters to zero in order to begin new data collections.
Page 272: Viewing Wlan Statistics
Monitoring Statistics Name Displays the names of all the enabled WLANs on the access point. Displays the total number of MUs currently associated with each enabled WLAN. Use this information to assess if the MUs are properly grouped by function within each enabled WLAN.
Page 273 signal averages from the associated MUs. The Error field displays RF traffic errors based on retries, dropped packets, and undecryptable packets. The WLAN Stats screen is view-only with no user configurable data fields. To view statistics for an individual WLAN: 1 Select Status and Statistics >...
Page 274 Monitoring Statistics 3 Refer to the Traffic field to view performance and throughput information for the WLAN selected from the access point menu tree. Pkts per second The Total column displays the average total packets per second crossing the selected WLAN. The Rx column displays the average total packets per second received on the selected WLAN.
Page 275: Viewing A Wlan's Ip Filter Statistics
5 Refer to the Errors field to view MU association error statistics for the WLAN selected from the access point menu tree. Avg Num of Retries Displays the average number of retries for all MUs associated with the selected WLAN. The number in black represents average retries for the last 30 seconds and the number in blue represents average retries for the last hour.
Page 276: Viewing Radio Statistics Summary
Monitoring Statistics To view access point LAN’s IP filter statistics: 1 Select Status and Statistics > Wireless Stats > WLAN1 Stats (or any other WLAN) > IP Filter Stats from the access point menu tree. 2 Refer to the Incoming Policies field to assess the number of packets either allowed or denied access by the Access Point’s filtering rules.
Page 277 To view high-level access point radio statistics: 1 Select Status and Statistics > Radio Stats from the access point menu tree. 2 Refer to the Radio Summary field to reference access point radio information. Type Displays the type of radio (either 802.11a/n or 802.11b/g/n) currently deployed by the access point.
Page 278: Viewing Radio Statistics
Monitoring Statistics Do not clear the radio stats if currently in an important data gathering activity or risk losing all data calculations to that point. For information on viewing radio statistics particular to the access point radio type displayed within the AP Stats Summary screen, see “Viewing Radio Statistics”...
Page 279 HW Address The Media Access Control (MAC) address of the access point housing the 802.11a/n radio. The MAC address is set at the factory and can be found on the bottom of the Access Point. Radio Type Displays the radio type (either 802.11a/n or 802.11b/g/n). Power The power level in milliwatts (mW) for RF signal strength.
Page 280: Retry Histogram
Monitoring Statistics 4 Refer to the RF Status field to view the following MU signal, noise and performance information for the target access point 802.11a/n or 802.11b/g/n radio. Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the radio.
Page 281: Viewing Mu Statistics Summary
The table’s first column shows 0 under Retries. The value under the Packets column directly to the right shows the number of packets transmitted by this Access Point radio that required 0 retries (delivered on the first attempt). As you go down the table you can see the number of packets requiring 1 retry, 2 retries etc.
Page 282 Monitoring Statistics To view access point overview statistics for all of the MUs associated to the access point: 1 Select Status and Statistics > MU Stats from the access point menu tree. 2 Refer to the MU List field to reference associated MU address, throughput and retry information. IP Address Displays the IP address of each of the associated MU.
Page 283: Viewing Mu Details
CAM indicates the MU is continuously aware of all radio traffic. Extreme Networks recommends CAM for those MUs transmitting with the AP frequently and for periods of time of two hours.
Page 284 Monitoring Statistics Radio Association Displays the name of the AP MU is currently associated with. QoS Client Type Displays the data type transmitted by the mobile unit. Possible types include Legacy, Voice, WMM Baseline and Power Save. Encryption Displays the encryption scheme deployed by the associated MU.
Page 285: Pinging Individual Mus
Dropped Packets Displays the percentage of packets the AP gave up as not received on for the selected MU. The number in black represents the percentage of packets for the last 30 seconds and the number in blue represents the percentage of packets for the last hour.
Page 286: Viewing The Mesh Statistics Summary
Monitoring Statistics To view access point authentication statistics for a specific MU: 1 Select Status and Statistics > MU Stats from the access point menu tree. 2 Highlight a target MU from within the MU List field. 3 Click the MU Authentication Statistics button Use the displayed statistics to determine if the target MU would be better served with a different access point WLAN or access point radio.
Page 287 MAC Address The unique 48-bit, hard-coded Media Access Control address, known as the devices station identifier. This value is hard coded at the factory by the manufacturer and cannot be changed. WLAN Displays the WLAN name each wireless bridge is interoperating with.
Page 288: Viewing Known Access Point Statistics
Monitoring Statistics Viewing Known Access Point Statistics The access point has the capability of detecting and displaying the properties of other Extreme Networks Access Points located within its coverage area. Detected access point’s transmit a WNMP message indicating their channel, IP address, firmware version, etc. This information is used to create a known AP list.
Page 289 A ping test initiated from the access point Known AP Statistics screen uses WNMP pings. Therefore, target devices that are not Extreme Networks Access Points are unable to respond to the ping test. 5 Click the Send Cfg to APs button to send the your Access Point’s configuration to other Access Point’s.
Page 290 Monitoring Statistics Additionally, LAN1 and LAN2 IP mode settings will only be sent if the sender’s AP mode is DHCP or BOOTP. The WAN’s IP mode will only be sent if the sender’s IP mode is DHCP. 6 Click the Start Flash button to flash the LEDs of other access points detected and displayed within the Known AP Statistics screen.
Page 291: Chapter 8: Cli Reference
CLI Reference C H A P T E R The access point Command Line Interface (CLI) is accessed through the serial port or a Telnet session. The access point CLI follows the same conventions as the Web-based user interface. The CLI does, however, provide an “escape sequence”...
Page 292: Accessing The Cli Via Telnet
CLI Reference Accessing the CLI via Telnet To connect to the access point CLI through a Telnet connection: 1 If this is your first time connecting to your access point, keep in mind the access point uses a static IP WAN address (10.1.1.1). Additionally, the access point’s LAN port is set as a DHCP client. 2 Enter the default username of admin and the default password of admin123.
Page 293: Admin And Common Commands
Admin and Common Commands AP4700>admin> Displays admin configuration options. The items available under this command are shown below. Syntax help Displays general user interface help. passwd Changes the admin password. summary Shows a system summary. network Goes to the network submenu system Goes to the system submenu.
Page 294: Ap4700>Admin>Help
CLI Reference AP4700>admin>help Displays general CLI user interface help. Syntax help Displays command line help using combinations of function keys for navigation. Example admin>help : display command help - Eg. ?, show ?, s? * Restriction of “?”: : “?” after a function argument is treated : as an argument : Eg.
Page 295: Ap4700>Admin>Passwd
AP4700>admin>passwd Changes the password for the admin login. Syntax passwd Changes the admin password for access point access. This requires typing the old admin password and entering a new password and confirming it. Passwords can be up to 11 characters. The access point CLI treats the following as invalid characters: ' "...
Page 296: Ap4700>Admin>Summary
CLI Reference AP4700>admin>summary Displays the access point’s system summary. Syntax summary Displays a summary of high-level characteristics and settings for the WAN, LAN and WLAN. Example admin>summary AP4700 firmware version : 4.1.1.0-022R country code : us ap-mode : independent serial number : 10289-80867 model : AP4750-US...
Page 297: Ap4700>Admin
AP4700>admin>.. Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure. Example admin(network.lan)>.. admin(network)> Altitude 4700 Series Access Point Product Reference Guide...
Page 298: Ap4700>Admin
CLI Reference AP4700>admin> / Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure. Example admin(network.lan)>/ admin>...
Page 299: Ap4700>Admin>Save
AP4700>admin>save Saves the configuration to system flash. The save command appears in all of the submenus under admin. In each case, it has the same function, to save the current configuration. Syntax save Saves configuration settings. The save command works at all levels of the CLI. The save command must be issued before leaving the CLI for updated settings to be retained.
Page 300: Ap4700>Admin>Quit
CLI Reference AP4700>admin>quit Exits the command line interface session and terminates the session. The quit command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI. Once the quit command is executed, the login prompt displays again. Example admin>quit Altitude 4700 Series Access Point Product Reference Guide...
Page 301: Network Commands
Network Commands AP4700>admin(network)> Displays the network submenu. The items available under this command are shown below. : go to LAN sub menu : go to WAN sub menu wireless : go to Wireless sub menu firewall : go to Firewall sub menu router : go to Router sub menu ipfilter...
Page 302: Network Lan Commands
CLI Reference Network LAN Commands AP4700>admin(network.lan)> Displays the LAN submenu. The items available under this command are shown below. show Shows current access point LAN parameters. Sets LAN parameters. bridge Goes to the mesh configuration submenu. wlan-mapping Goes to the WLAN/Lan/Vlan Mapping submenu. dhcp Goes to the LAN DHCP submenu.
Page 303: Ap4700>Admin(Network.lan)>Show
AP4700>admin(network.lan)>show Displays the access point LAN settings. Syntax show Shows the settings for the access point LAN1 and LAN2 interfaces. Example admin(network.lan)>show LAN On Ethernet Port : LAN1 LAN Ethernet Timeout : disable 802.1x Port Authentication: Username : admin Password : ******** Auto-negoitation : disable...
Page 304: Ap4700>Admin(Network.lan)>Set
CLI Reference AP4700>admin(network.lan)>set Sets the LAN parameters for the LAN port. Syntax <mode> Enables or disables the access point LAN interface. name <idx-name > Defines the LAN name by index. ethernet-port-lan <idx> Defines which LAN (LAN1 or LAN2) is active on the Ethernet port. timeout <seconds>...
Page 305: Ap4700>Admin(Network.lan.bridge)
Network LAN, Bridge Commands AP4700>admin(network.lan.bridge)> Displays the access point Bridge submenu. show Displays the mesh configuration parameters for the access point’s LANs. Sets the mesh configuration parameters for the access point’s LANs. Moves to the parent menu. Goes to the root menu. save Saves the configuration to system flash.
Page 306: Ap4700>Admin(Network.lan.bridge)>Show
CLI Reference AP4700>admin(network.lan.bridge)>show Displays the mesh bridge configuration parameters for the access point’s LANs. Syntax show Displays mesh bridge configuration parameters for the access point’s LANs. Example admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority :63335 Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds) :15 Entry Ageout Time (seconds) :300...
Page 307: Ap4700>Admin(Network.lan.bridge)>Set
AP4700>admin(network.lan.bridge)>set Sets the mesh configuration parameters for the access point’s LANs. Syntax priority <LAN-idx> <seconds> Sets bridge priority time in seconds (0-65535) for specified LAN. hello <LAN-idx> <seconds> Sets bridge hello time in seconds (0-10) for specified LAN. msgage <LAN-idx> <seconds>...
Page 308: Ap4700>Admin(Network.lan.wlan-Mapping)
CLI Reference Network LAN, WLAN-Mapping Commands AP4700>admin(network.lan.wlan-mapping)> Displays the WLAN/Lan/Vlan Mapping submenu. show Displays the VLAN list currently defined for the access point. Sets the access point VLAN configuration. create Creates a new access point VLAN. edit Edits the properties of an existing access point VLAN. delete Deletes a VLAN.
Page 309: Ap4700>Admin(Network.lan.wlan-Mapping)>Show
AP4700>admin(network.lan.wlan-mapping)>show Displays the VLAN list currently defined for the access point. These parameters are defined with the set command. Syntax show name Displays the existing list of VLAN names. vlan-cfg Shows WLAN-VLAN mapping and VLAN configuration. lan-wlan Displays a WLAN-LAN mapping summary. wlan Displays the WLAN summary list.
Page 310: Ap4700>Admin(Network.lan.wlan-Mapping)>Set
CLI Reference AP4700>admin(network.lan.wlan-mapping)>set Sets VLAN parameters for the access point. Syntax mgmt- tag <id> Defines the Management VLAN tag index (1 or 2) to tag number (1-4095). native-tag <id> Sets the Native VLAN tag index (1 or 2) to tag number (1-4095). mode <wlan-idx>...
Page 311: Ap4700>Admin(Network.lan.wlan-Mapping)>Create
AP4700>admin(network.lan.wlan-mapping)>create Creates a VLAN for the access point. Syntax create vlan-id <id> Defines the VLAN ID (1-4095). vlan-name <name> Specifies the name of the VLAN (1-31 characters in length). Example admin(network.lan.wlan-mapping)> admin(network.lan.wlan-mapping)>create 5 vlan-5 For information on creating VLANs using the applet (GUI), see “Configuring VLAN Support”...
Page 312: Ap4700>Admin(Network.lan.wlan-Mapping)>Edit
CLI Reference AP4700>admin(network.lan.wlan-mapping)>edit Modifies a VLAN’s name and ID. Syntax edit name <name> Modifies an existing VLAN name (1-31 characters in length) <id> Modifies an existing VLAN ID (1-4095) characters in length) For information on editing VLANs using the applet (GUI), see “Configuring VLAN Support”...
Page 313: Ap4700>Admin(Network.lan.wlan-Mapping)>Delete
AP4700>admin(network.lan.wlan-mapping)>delete Deletes a specific VLAN or all VLANs. Syntax delete < VLAN id> Deletes a specific VLAN ID (1-16). Deletes all defined VLAN entries. For information on deleting VLANs using the applet (GUI), see “Configuring VLAN Support” on page 126. Altitude 4700 Series Access Point Product Reference Guide...
Page 314: Ap4700>Admin(Network.lan.wlan-Mapping)>Lan-Map
CLI Reference AP4700>admin(network.lan.wlan-mapping)>lan-map Maps an access point VLAN to a WLAN. Syntax lan-map <wlan name> Maps an existing WLAN to an enabled LAN. All names and IDs are case-sensitive. <lan name> Defines enabled LAN name. All names and IDs are case-sensitive. Example admin(network.lan.wlan-mapping)>lan-map wlan1 lan1 For information on mapping VLANs using the applet (GUI), see...
Page 315: Ap4700>Admin(Network.lan.wlan-Mapping)>Vlan-Map
AP4700>admin(network.lan.wlan-mapping)>vlan-map Maps an access point VLAN to a WLAN. Syntax vlan-map <wlan name> Maps an existing WLAN to an enabled LAN. All names and IDs are case-sensitive. <vlan name> Defines the existing VLAN name. All names and IDs are case-sensitive. Example admin(network.lan.wlan-mapping)>vlan-map wlan1 vlan1 For information on mapping VLANs using the applet (GUI), see...
Page 316: Ap4700>Admin(Network.lan.dhcp)
CLI Reference Network LAN, DHCP Commands AP4700>admin(network.lan.dhcp)> Displays the access point DHCP submenu. The items available are displayed below. show Displays DHCP parameters. Sets DHCP parameters. Adds static DHCP address assignments. delete Deletes static DHCP address assignments. list Lists static DHCP address assignments. Goes to the parent menu.
Page 317: Ap4700>Admin(Network.lan.dhcp)>Show
AP4700>admin(network.lan.dhcp)>show Shows DHCP parameter settings. Syntax show Displays DHCP parameter settings for the access point. These parameters are defined with the set command. Example admin(network.lan.dhcp)>show **LAN1 DHCP Information** DHCP Address Assignment Range: Starting IP Address : 192.168.0.100 Ending IP Address : 192.168.0.254 Lease Time : 86400...
Page 318: Ap4700>Admin(Network.lan.dhcp)>Set
CLI Reference AP4700>admin(network.lan.dhcp)>set Sets DHCP parameters for the LAN port. Syntax range <LAN-idx> <ip1> <ip2> Sets the DHCP assignment range from IP address <ip1> to IP address <ip2> for the specified LAN (1-lan1, 2-lan2). lease <LAN-idx> <lease> Sets the DHCP lease time <lease> in seconds (1-999999) for the specified LAN.
Page 319: Ap4700>Admin(Network.lan.dhcp)>Add
AP4700>admin(network.lan.dhcp)>add Adds static DHCP address assignments. Syntax <LAN-idx> <mac> <ip> Adds a reserved static IP address to a MAC address for the specified LAN. Example admin(network.lan.dhcp)>add 1 00A0F8112233 192.160.24.6 admin(network.lan.dhcp)>add 1 00A0F1112234 192.169.24.7 admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- Index MAC Address IP Address ----------------------------------------------------------------------------- 00A0F8112233 192.160.24.6...
Page 320: Ap4700>Admin(Network.lan.dhcp)>Delete
CLI Reference AP4700>admin(network.lan.dhcp)>delete Deletes static DHCP address assignments. Syntax delete <LAN-idx> <entry> Deletes the static DHCP address entry (1-30) for the specified LAN. <LAN-idx> all Deletes all static DHCP addresses. Example admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- Index MAC Address IP Address ----------------------------------------------------------------------------- 00A0F8112233 10.1.2.4 00A0F8102030...
Page 321: Ap4700>Admin(Network.lan.dhcp)>List
AP4700>admin(network.lan.dhcp)>list Lists static DHCP address assignments. Syntax list <LAN-idx> Lists the static DHCP address assignments for the specified LAN (1-LAN1, 2 LAN2). Example admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- Index MAC Address IP Address ----------------------------------------------------------------------------- 00A0F8112233 10.1.2.4 00A0F8102030 10.10.1.2 00A0F8112234 10.1.2.3 00A0F8112235 192.160.24.6 00A0F8112236 192.169.24.7 admin(network.lan.dhcp)>...
Page 322: Ap4700>Admin(Network.lan.type-Filter)
CLI Reference Network Type Filter Commands AP4700>admin(network.lan.type-filter)> Displays the access point Type Filter submenu. The items available under this command include: show Displays the current Ethernet Type exception list. Defines Ethernet Type Filter parameters. Adds an Ethernet Type Filter entry. delete Removes an Ethernet Type Filter entry.
Page 323: Ap4700>Admin(Network.lan.type-Filter)>Show
AP4700>admin(network.lan.type-filter)>show Displays the access point’s current Ethernet Type Filter configuration. Syntax show <LAN-idx> Displays the existing Type-Filter configuration for the specified LAN. Example admin(network.lan.type-filter)>show 1 Ethernet Type Filter mode : allow ----------------------------------------------------------------------------- index ethernet type ----------------------------------------------------------------------------- 8137 For information on displaying the type filter configuration using the applet, see “Setting the Type Filter Configuration”...
Page 324: Ap4700>Admin(Network.lan.type-Filter)>Set
CLI Reference AP4700>admin(network.lan.type-filter)>set Defines the access point Ethernet Type Filter configuration. Syntax mode <LAN-idx> <mode> Allows or denies the access point from processing a allow or deny specified Ethernet data type for the specified LAN. Example admin(network.lan.type-filter)>set mode 1 allow For information on configuring the type filter settings using the applet (GUI), see “Setting the Type Filter Configuration”...
Page 325: Ap4700>Admin(Network.lan.type-Filter)>Add
AP4700>admin(network.lan.type-filter)>add Adds an Ethernet Type Filter entry. Syntax add <LAN-idx> <type> Adds entered Ethernet Type to list of data types either allowed or denied access point processing permissions for the specified LAN (either LAN1 or LAN2). Example admin(network.lan.type-filter)> admin(network.wireless.type-filter)>add 1 8137 admin(network.wireless.type-filter)>add 2 0806 admin(network.wireless.type-filter)>show 1 Ethernet Type Filter mode...
Page 326: Ap4700>Admin(Network.lan.type-Filter)>Delete
CLI Reference AP4700>admin(network.lan.type-filter)>delete Removes an Ethernet Type Filter entry individually or the entire Type Filter list. Syntax delete <LAN-idx> <index> Deletes the specified Ethernet Type index entry (1 through 16). <LAN-idx> Deletes all Ethernet entries currently in list. Example admin(network.lan.type-filter)>delete 1 1 admin(network.lan.type-filter)>show 1 Ethernet Type Filter mode : allow...
Page 327: Network Wan Commands
Network WAN Commands AP4700>admin(network.wan)> Displays the WAN submenu. The items available under this command are shown below. show : show WAN, PPPoE and 3G WWAN configuration : set WAN, PPPoE and 3G WWAN configuration delete : delete WWAN CRM Remote Gateways clear : clear WWAN AP name : go to NAT menu...
Page 328: Ap4700>Admin(Network.wan)>Show
CLI Reference AP4700>admin(network.wan)>show Displays the access point WAN port parameters. Syntax show Shows the general IP parameters for the WAN port along with settings for the WAN interface. Example admin(network.wan)>show Status : enable WAN DHCP Client Mode : disable IP Address : 10.1.1.1 Network Mask : 255.0.0.0...
Page 329: Ap4700>Admin(Network.wan)>Set
AP4700>admin(network.wan)>set Defines the configuration of the access point WAN port. Syntax enable/disable Enables or disables the access point WAN port. dhcp enable/disable Enables or disables WAN DHCP Client mode. ipadr <idx> <a.b.c.d> Sets up to 8 (using <indx> from to 8) IP addresses <a.b.c.d>...
Page 330 CLI Reference For an overview of the WAN configuration options available using the applet (GUI), see “Configuring WAN Settings” on page 135. Altitude 4700 Series Access Point Product Reference Guide...
Page 331: Ap4700>Admin(Network.wan.nat)
Network WAN NAT Commands AP4700>admin(network.wan.nat)> Displays the NAT submenu. The items available under this command are shown below. show Displays the access point’s current NAT parameters for the specified index. Defines the access point NAT settings. Adds NAT entries. delete Deletes NAT entries.
Page 332: Ap4700>Admin(Network.wan.nat)>Show
CLI Reference AP4700>admin(network.wan.nat)>show Displays access point NAT parameters. Syntax show <idx> <cr> Displays access point NAT parameters for the specified NAT index (1-8). Example admin(network.wan.nat)>show 2 WAN IP Mode : enable WAN IP Address : 157.235.91.2 NAT Type : 1-to-many Inbound Mappings : Port Forwarding unspecified port forwarding mode...
Page 333: Ap4700>Admin(Network.wan.nat)>Set
AP4700>admin(network.wan.nat)>set Sets NAT inbound and outbound parameters. Syntax set type <index> <type> Sets the type of NAT translation for WAN address index <idx> (1-8) to <type> (none, 1-to-1, or 1-to-many). <index> <ip> Sets NAT IP mapping associated with WAN address <idx> to the specified IP address <ip>.
Page 334: Ap4700>Admin(Network.wan.nat)>Add
CLI Reference AP4700>admin(network.wan.nat)>add Adds NAT entries. Syntax <idx> <name> <tran> <port1> <port2> <ip> <dst_port> Sets an inbound network address translation (NAT) for WAN address <idx>, where <name> is the name of the entry (1 to 7 characters), <tran> is the transport protocol (one of tcp, udp, icmp, ah, esp, gre, or all), <port1>...
Page 335: Ap4700>Admin(Network.wan.nat)>Delete
AP4700>admin(network.wan.nat)>delete Deletes NAT entries. Syntax delete <idx> <entry> Deletes a specified NAT index entry <entry> associated with the WAN. <idx> Deletes all NAT entries associated with the WAN. Example admin(network.wan.nat)>list 1 ----------------------------------------------------------------------------- index name Transport start port end port internal ip translation ----------------------------------------------------------------------------- special tcp...
Page 336: Ap4700>Admin(Network.wan.nat)>List
CLI Reference AP4700>admin(network.wan.nat)>list Lists access point NAT entries for the specified index. Syntax list <idx> Lists the inbound NAT entries associated with the WAN index (1-8). Example admin(network.wan.nat)>list 1 ----------------------------------------------------------------------------- index name Transport start port end port internal ip translation ----------------------------------------------------------------------------- special tcp 192.168.42.16...
Page 337: Ap4700>Admin(Network.wan.vpn)
Network WAN, VPN Commands AP4700>admin(network.wan.vpn)> Displays the VPN submenu. The items available under this command include: Adds VPN tunnel entries. Sets key exchange parameters. delete Deletes VPN tunnel entries. list Lists VPN tunnel entries reset Resets all VPN tunnels. stats Lists security association status for the VPN tunnels.
Page 338: Ap4700>Admin(Network.wan.vpn)>Add
CLI Reference AP4700>admin(network.wan.vpn)>add Adds a VPN tunnel entry. Syntax add <name> <idx> <LWanIP> <RSubnetIP> <RSubnetMask> <RGatewayIP> Creates a tunnel <name> (1 to 13 characters) to gain access through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP> and subnet mask <RSubnetMask> using the remote gateway <RGatewayIP>.
Page 339: Ap4700>Admin(Network.wan.vpn)>Set
AP4700>admin(network.wan.vpn)>set Sets VPN entry parameters. Syntax type <name> <tunnel type> Sets the tunnel type <name> to Auto or Manual for the specified tunnel name. authalgo <name> <authalgo> Sets the authentication algorithm for <name> to (None, MD5, or SHA1). authkey <name> <dir>...
Page 340 CLI Reference opmode <name> <opmode> Sets the Operation Mode of IKE for <name> to Main or Aggr(essive). myidtype <name> <idtype> Sets the Local ID type for IKE authentication for <name> (1 to 13 characters) to <idtype> (IP, FQDN, or UFQDN). remidtype <name>...
Page 341: Ap4700>Admin(Network.wan.vpn)>Delete
AP4700>admin(network.wan.vpn)>delete Deletes VPN tunnel entries. Syntax delete Deletes all VPN entries. <name> Deletes VPN entries <name>. Example admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP -------------------------------------------------------------------------- Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 SJSharkey Manual 206.107.22.45/27 206.107.22.2 209.235.12.55 admin(network.wan.vpn)>delete Eng2EngAnnex admin(network.wan.vpn)>list --------------------------------------------------------------------------...
Page 342: Ap4700>Admin(Network.wan.vpn)>List
CLI Reference AP4700>admin(network.wan.vpn)>list Lists VPN tunnel entries. Syntax list <cr> Lists all tunnel entries. <name> Lists detailed information about tunnel named <name>. The <name> must match case with the name of the VPN tunnel entry. Example admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type Remote IP/Mask Remote Gateway...
Page 343: Ap4700>Admin(Network.wan.vpn)>Reset
AP4700>admin(network.wan.vpn)>reset Resets all of the access point’s VPN tunnels. Syntax reset Resets all VPN tunnel states. Example admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)> For information on configuring VPN using the applet (GUI), see “Configuring VPN Tunnels” on page 225. Altitude 4700 Series Access Point Product Reference Guide...
Page 344: Ap4700>Admin(Network.wan.vpn)>Stats
CLI Reference AP4700>admin(network.wan.vpn)>stats Lists statistics for all active tunnels. Syntax stats Display statistics for all VPN tunnels. Example admin(network.wan.vpn)>stats ----------------------------------------------------------------------------- Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) ----------------------------------------------------------------------------- Eng2EngAnnex Not Active SJSharkey Not Active For information on displaying VPN information using the applet (GUI), see “Viewing VPN Status”...
Page 345: Ap4700>Admin(Network.wan.vpn)>Ikestate
AP4700>admin(network.wan.vpn)>ikestate Displays statistics for all active tunnels using Internet Key Exchange (IKE). Syntax ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key.
Page 346: Ap4700>Admin(Network.wan.content)
CLI Reference AP4700>admin(network.wan.content)> Displays the Outbound Content Filtering menu. The items available under this command include: addcmd Adds control commands to block outbound traffic. delcmd Deletes control commands to block outbound traffic. list Lists application control commands. Goes to the parent menu. Goes to the root menu.
Page 347: Ap4700>Admin(Network.wan.content)>Addcmd
AP4700>admin(network.wan.content)>addcmd Adds control commands to block outbound traffic. Syntax addcmd Adds WEB commands to block outbound traffic. proxy Adds a Web proxy command. activex Adds activex files. file Adds Web URL extensions (10 files maximum) smtp Adds SMTP commands to block outbound traffic. helo helo command mail...
Page 348: Ap4700>Admin(Network.wan.content)>Delcmd
CLI Reference AP4700>admin(network.wan.content)>delcmd Deletes control commands to block outbound traffic. Syntax delcmd Deletes WEB commands to block outbound traffic. proxy Deletes a Web proxy command. activex Deletes activex files. file Deletes Web URL extensions (10 files maximum) smtp Deletes SMTP commands to block outbound traffic. helo helo command mail...
Page 349: Ap4700>Admin(Network.wan.content)>List
AP4700>admin(network.wan.content)>list Lists application control commands. Syntax list Lists WEB application control record. smtp Lists SMTP application control record. Lists FTP application control record. Example admin(network.wan.content)>list web HTTP Files/Commands Web Proxy : deny ActiveX : allow filename admin(network.wan.content)>list smtp SMTP Commands HELO : deny MAIL...
Page 350: Ap4700>Admin(Network.wan.dyndns)
CLI Reference Network WAN, Dynamic DNS Commands AP4700>admin(network.wan.dyndns)> Displays the Dynamic DNS submenu. The items available under this command include: : set dyndns parameters update : manual dyndns update show : show dyndns parameters save : save cfg to system flash quit : quit cli : go to parent menu...
Page 351: Ap4700>Admin(Network.wan.dyndns)>Set
AP4700>admin(network.wan.dyndns)>set Sets the access point’s Dynamic DNS configuration. Syntax mode enable/disable Enables or disbales the Dynamic DNS service for the access point. username <name> Enter a 1–32 character username for the account used for the access point. password <password> Enter a 1–32 character password for the account used for the access point.
Page 352: Ap4700>Admin(Network.wan.dyndns)>Update
CLI Reference AP4700>admin(network.wan.dyndns)>update Updates the access point’s current WAN IP address with the DynDNS service. Syntax update Updates the access point’s current WAN IP address with the DynDNS service. Example admin(network.wan.dyndns)>update IP Address : 157.235.91.231 Hostname : greengiant For an overview of the Dynamic DNS options available using the applet (GUI), see “Configuring Dynamic DNS”...
Page 353: Ap4700>Admin(Network.wan.dyndns)>Show
AP4700>admin(network.wan.dyndns)>show Shows the current Dynamic DNS configuration. Syntax show Shows the access point’s current Dynamic DNS configuration. Example admin(network.wan.dyndns)>show DynDNS Configuration Mode : enable Username : percival Password : ******** Hostname : greengiant DynDNS Update Response IP Address : 157.235.91.231 Hostname : greengiant Status...
Page 354: Network Wireless Commands
CLI Reference Network Wireless Commands AP4700>admin(network.wireless) Displays the access point wireless submenu. The items available under this command include: Sets the access point’s wireless (proxy arp) configuration. show Displays the access point’s wireless (proxy arp) configuration. wlan Displays the WLAN submenu used to create and configure up to 16 WLANs per access point. security Displays the security submenu used to create encryption and authentication based security policies for use with access point WLANs.
Page 355: Ap4700>Admin(Network.wireless)>Set
AP4700>admin(network.wireless)>set Sets the access point’s wireless (proxy arp) configuration. Syntax show <mode> enable/disable Enables/disables proxy-arp support. Example admin(network.wireless)>set proxy-arp enable For informarton on configuring proxy arp support using the applet (GUI), see “Enabling Wireless LANs (WLANs)” on page 146. Altitude 4700 Series Access Point Product Reference Guide...
Page 356: Ap4700>Admin(Network.wireless)>Show
CLI Reference AP4700>admin(network.wireless)>show Displays the access point’s wireless (proxy arp) configuration. Syntax show Displays the access point’s wireless (proxy arp) configuration. Example admin(network.wireless)>show Proxy ARP : dynamic For informarton on configuring proxy arp support using the applet (GUI), see “Enabling Wireless LANs (WLANs)”...
Page 357: Ap4700>Admin(Network.wireless.wlan)
Network WLAN Commands AP4700>admin(network.wireless.wlan)> Displays the access point wireless LAN (WLAN) submenu. The items available under this command include: show Displays the access point’s current WLAN configuration. create Defines the parameters of a new WLAN. edit Modifies the properties of an existing WLAN. delete Deletes an existing WLAN.
Page 358: Ap4700>Admin(Network.wireless.wlan)>Show
CLI Reference AP4700>admin(network.wireless.wlan)>show Displays the access point’s current WLAN configuration. Syntax show summary Displays the current configuration for existing WLANs. wlan <number> Displays the configuration for the requested WLAN (WLAN 1 through 16). Example admin(network.wireless.wlan)>show summary WLAN1 WLAN Name : Lobby ESSID : 101 Radio Band(s)
Page 359: Ap4700>Admin(Network.wireless.wlan)>Create
AP4700>admin(network.wireless.wlan)>create Defines the parameters of a new WLAN. Syntax create show wlan <number> Displays newly created WLAN and policy number. <essid> Defines the ESSID for a target WLAN. wlan-name <name> Determines the name of this particlular WLAN (1-32). 5.0GHz <mode> Enables or disables access to the access point 5.0 GHz radio.
Page 360 CLI Reference Client Bridge Mesh Backhaul : not available Hotspot : not available Maximum MUs : 127 MU Idle Timeout : 30 Security Policy : Default MU Access Control Kerberos User Name : Default Kerberos Password : ******** disallow MU to MU : disable Use Secure Beacon : disable...
Page 361: Ap4700>Admin(Network.wireless.wlan)>Edit
AP4700>admin(network.wireless.wlan)>edit Edits the properties of an existing WLAN policy. Syntax edit <index> Edits the properties of an existing (and specified) WLAN policy (1 -16). show Displays the WLANs pamaters and summary. Edits the same WLAN parameters that can be modified using the create command. change Completes the WLAN edits and exits the CLI session.
Page 362: Ap4700>Admin(Network.wireless.wlan)>Delete
CLI Reference AP4700>admin(network.wireless.wlan)>delete Deletes an existing WLAN. Syntax delete <wlan-name> Deletes a target WLAN using the name supplied. Deletes all WLANs defined (except default WLAN). For information on deleting a WLAN using the applet (GUI), see “Creating/Editing Individual WLANs” on page 148.
Page 363: Ap4700>Admin(Network.wireless.wlan.hotspot)
AP4700>admin(network.wireless.wlan.hotspot)> Displays the Hotspot submenu. The items available under this command include: show Show hotspot parameters. redirection Goes to the hotspot redirection menu. radius Goes to the hotspot RADIUS menu. white-list Goes to the hotspot white-list menu. Sets the WLAN’s hotspot configuration. hs_import Imports hotspot configuraiton files from a dedicated server.
Page 364: Ap4700>Admin(Network.wireless.wlan.hotspot)>Show
CLI Reference AP4700>admin(network.wireless.wlan.hotspot)>show Displays the current access point Rogue AP detection configuration. Syntax show hotspot <idx> Shows hotspot parameters per wlan index (1-16). Example admin(network.wireless.wlan.hotspot)>show hotspot 1 WLAN1 Hotspot Mode : enable Hotspot Page Location : default External Login URL : www.sjsharkey.com External Welcome URL External Fail URL...
Page 365: Ap4700>Admin(Network.wireless.wlan.hotspot)>Redirection
AP4700>admin(network.wireless.wlan.hotspot)>redirection Goes to the hotspot redirection menu. Syntax redirection <page-loc> Sets the hotspot http-re-direction by index (1-16) for the specified URL. <exturl> Shows hotspot http-redirection details for specifiec index (1-16) for specified page (login, welcome, fail) and target URL. show Shows hotspot http-redirection details.
Page 366: Ap4700>Admin(Network.wireless.wlan.hotspot)>Radius
CLI Reference AP4700>admin(network.wireless.wlan.hotspot)>radius Goes to the hotspot RADIUS menu. Syntax Sets the RADIUS hotspot configuration. show Shows RADIUS hotspot server details. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu. Goes to the root menu. For information on configuring the Hotspot options available to the access point using the applet (GUI), “Configuring WLAN Hotspot Support”...
Page 367: Ap4700>Admin(Network.wireless.wlan.hotspot.radius)>Set
AP4700>admin(network.wireless.wlan.hotspot.radius)>set Sets the RADIUS hotspot configuration. Syntax server <idx> <srvr_type> <ipadr> Sets the RADIUS hotpost server IP address per wlan index (1-16) port <idx> <srvr_type> <port> Sets the RADIUS hotpost server port per wlan index (1-16) secret <idx> <srvr_type> <secret> Sets the RADIUS hotspot server shared secret password.
Page 368: Ap4700>Admin(Network.wireless.wlan.hotspot.radius)>Show
CLI Reference AP4700>admin(network.wireless.wlan.hotspot.radius)>show Shows RADIUS hotspot server details. Syntax show radius <idx> Displays RADIUS hotspot server details per index (1-16) Example admin(network.wireless.wlan.hotspot.radius)>show radius 1 WLAN 1 Hotspot Mode : enable Primary Server Ip adr : 157.235.12.12 Primary Server Port : 1812 Primary Server Secret : ****** Secondary Server Ip adr...
Page 369: Ap4700>Admin(Network.wireless.wlan.hotspot)>White-List
AP4700>admin(network.wireless.wlan.hotspot)>white-list Goes to the hotspot white-list menu. Syntax white-list <rule> Adds hotspot whitelist rules by index (1-16) for specified IP address. clear Clears hotspot whitelist rules for specified index (1-16). show Shows hotspot whitelist rules for specified index (1-16). save Saves the updated hotspot configuration to flash memory.
Page 370: Ap4700>Admin(Network.wireless.wlan.hotspot)>Set
CLI Reference AP4700>admin(network.wireless.wlan.hotspot)>set Goes to the hotspot white-list menu. Syntax file <wlan-idx> Sets the hotspot customized file name(s) for the specified WLAN index <wlan- <file1> <file2> idx>. There’s a maximum of 10 files and file names should be separated by a space.
Page 371: Ap4700>Admin(Network.wireless.wlan.hotspot)>Hs_Import
AP4700>admin(network.wireless.wlan.hotspot)>hs_import Imports hotspot configuration parameters for a specified WLAN index <wlan-idx>. Syntax hs_import <wlan-idx> Imports hotspot configuration parameters for a specified WLAN index <wlan-idx> (1-16). Example admin(network.wireless.wlan.hotspot)>hs_import 2 Import Operation : [Started] File Transfer : [In Progress] File Transfer : [Completed] For information on configuring the Hotspot options available to the access point using the applet (GUI), “Configuring WLAN Hotspot Support”...
Page 372: Ap4700>Admin(Network.wireless.wlan.hotspot)>Hs_Export
CLI Reference AP4700>admin(network.wireless.wlan.hotspot)>hs_export Exports hotspot configuration parameters for a specified WLAN index <wlan-idx>. Syntax hs_export <wlan-idx> Exports hotspot configuration parameters for a specified WLAN index <wlan-idx> (1-16). Example admin(network.wireless.wlan.hotspot)>hs_export 2 Export Operation : [Started] File Transfer : [In Progress] File Transfer : [Completed] For information on configuring the Hotspot options available to the access point using the applet (GUI), “Configuring WLAN Hotspot Support”...
Page 373: Ap4700>Admin(Network.wireless.wlan.hotspot)>Default
AP4700>admin(network.wireless.wlan.hotspot)>default Restores default hotspot files to a specified WLAN index <wlan-idx>. Syntax default <wlan-idx> Restores default hotspot files to a specified WLAN index <wlan-idx>. Example admin(network.wireless.wlan.hotspot)>default 2 For information on configuring the Hotspot options available to the access point using the applet (GUI), “Configuring WLAN Hotspot Support”...
Page 374: Ap4700>Admin(Network.wireless.wlan.hotspot)>Delete
CLI Reference AP4700>admin(network.wireless.wlan.hotspot)>delete Deletes hotspot files from a specified WLAN index <wlan-idx>. Syntax delete <wlan-idx> Deletes hotspot files from a specified WLAN index <wlan-idx>. Example admin(network.wireless.wlan.hotspot)>delete 2 Warning: This will delete all the files from the corresponding directory. For information on configuring the Hotspot options available to the access point using the applet (GUI), “Configuring WLAN Hotspot Support”...
Page 375: Ap4700>Admin(Network.wireless.security)
Network Security Commands AP4700>admin(network.wireless.security)> Displays the access point wireless security submenu. The items available under this command include: show Displays the access point’s current security configuration. Enables/disables the WPA countermeasure. create Creates a security policy. edit Edits the properties of an existing security policy. delete Removes a specific security policy.
Page 376: Ap4700>Admin(Network.wireless.security)>Show
CLI Reference AP4700>admin(network.wireless.security)>show Displays the access point’s current security configuration. Syntax show summary Displays list of existing security policies (1-16). policy <id> Displays the specified security policy <id>. Example admin(network.wireless.security)>show summary ---------------------------------------------------------------------- Secu Policy Name Authen Encryption Associated WLANs ---------------------------------------------------------------------- 1 Default Manual no encrypt...
Page 377: Ap4700>Admin(Network.wireless.security)>Set
AP4700>admin(network.wireless.security)>set Enables/disables the WPA countermeasure. Syntax <mode> Enables/disables WPA countermeasures. Example admin(network.wireless.security)set wpa-countermeasure enable admin(network.wireless.security)>show summary ---------------------------------------------------------------------- Secu Policy Name Authen Encryption Associated WLANs ---------------------------------------------------------------------- 1 Default Manual no encrypt Lobby 2 WEP Demo Manual WEP 64 2nd Floor 3 Open Manual no encrypt 1st Floor...
Page 378: Ap4700>Admin(Network.wireless.security)>Create
CLI Reference AP4700>admin(network.wireless.security)>create Defines the parameter of access point security policies. Syntax create Defines the parameters of a security policy. show Displays new or existing security policy parameters. sec- <name> Sets the name of the security name policy. auth <authtype> Sets the authentication type for WLAN <idx>...
Page 379 secret <secret> Set external RADIUS server shared secret password. timeout <period> Defines MU timout period in seconds (1-255). retry <number> Sets the maximum number of MU retries to <retry> (1-10). syslog <mode> Enable or disable syslog messages. <ip> Defines syslog server IP address.
Page 380 CLI Reference tkip rotate-mode <mode> Enables or disabled the broadcast key. interval <time> Sets the broadcast key rotation interval to <time> in seconds (300-604800). allow-wpa2- <mode> Enables or disables the tkip interoperation with wpa2-tkip clients. preauth <mode> Enables or disables preauthentication (fast roaming).
Page 381: Ap4700>Admin(Network.wireless.security.edit)
AP4700>admin(network.wireless.security.edit)> Edits the properties of a specific security policy. Syntax show Displays the new or modified security policy parameters. <index> Edits security policy parameters. The values subject to modification, are the same ones created using the “AP4700>admin(network.wireless.security)>create” command. change Completes policy changes and exits the session. Cancels the changes made and exits the session.
Page 382: Ap4700>Admin(Network.wireless.security)>Delete
CLI Reference AP4700>admin(network.wireless.security)>delete Deletes a specific security policy. Syntax delete <sec-name> Removes the specified security policy from the list of supported policies. <all> Removes all security policies except the default policy. For information on configuring the encryption and authentication options available to the access point using the applet (GUI), see “Configuring Security Options”...
Page 383: Ap4700>Admin(Network.wireless.acl)
Network ACL Commands AP4700>admin(network.wireless.acl)> Displays the access point Mobile Unit Access Control List (ACL) submenu. The items available under this command include: show Displays the access point’s current ACL configuration. create Creates an MU ACL policy. edit Edits the properties of an existing MU ACL policy. delete Removes an MU ACL policy.
Page 384: Ap4700>Admin(Network.wireless.acl)>Show
CLI Reference AP4700>admin(network.wireless.acl)>show Displays the access point’s current ACL configuration. Syntax show summary Displays the list of existing MU ACL policies. policy <index> Displays the requested MU ACL index policy. Example admin(network.wireless.acl)>show summary ---------------------------------------------------------------------- ACL Policy Name Associated WLANs ---------------------------------------------------------------------- 1 Default Front Lobby, WLAN1 2 Admin...
Page 385: Ap4700>Admin(Network.wireless.acl)>Create
AP4700>admin(network.wireless.acl)>create Creates an MU ACL policy. Syntax create show <acl- Displays the parameters of a new ACL policy. name> acl-name <index> Sets the MU ACL policy name. mode <acl- Sets the ACL mode for the defined index (1-16). mode> Allowed MUs can access the access point managed LAN.
Page 386: Ap4700>Admin(Network.wireless.acl.edit)
CLI Reference AP4700>admin(network.wireless.acl.edit)> Edits the properties of an existing MU ACL policy. Syntax show Displays MU ACL policy and its parameters. Modifies the properties of an existing MU ACL policy. add-addr Adds an MU ACL table entry. delete Deletes an MU ACL table entry, including starting and ending MAC address ranges. change Completes the changes made and exits the session.
Page 387: Ap4700>Admin(Network.wireless.acl)>Delete
AP4700>admin(network.wireless.acl)>delete Removes an MU ACL policy. Syntax delete <name> Deletes a partilcular MU ACL policy. Deletes all MU ACL policies. For information on configuring the ACL options available to the access point using the applet (GUI), see “Configuring a WLAN Access Control List (ACL)” on page 153.
Page 388: Ap4700>Admin(Network.wireless.radio)
CLI Reference Network Radio Configuration Commands AP4700>admin(network.wireless.radio)> Displays the access point Radio submenu. The items available under this command include: show Summarizes access point radio parameters at a high-level. Defines the access point radio configuration. radio1 Displays the 2.4 GHz radio submenu. radio2 Displays the 5.0 GHz radio submenu.
Page 389: Ap4700>Admin(Network.wireless.radio)>Show
AP4700>admin(network.wireless.radio)>show Displays the access point’s current radio configuration. Syntax show Displays the access point’s current radio configuration. Example admin(network.wireless.radio)>show Radio Configuration Radio 1 Name : Radio 1 Radio Mode : enable Radio Function : WLAN RF Band of Operation : 802.11n(2.4 GHz) Maximum MUs : 127 Wireless AP Configuration:...
Page 390 CLI Reference For information on configuring the Radio Configuration options available to the access point using the applet (GUI), see “Setting the WLAN’s Radio Configuration” on page 169. Altitude 4700 Series Access Point Product Reference Guide...
Page 391: Ap4700>Admin(Network.wireless.radio)>Set
AP4700>admin(network.wireless.radio)>set Sets the access point’s radio configuration and defines the RF band of operation. Syntax radio-config <mode> Sets the radio configuration. The options available differ depending on the single, dual or three radio configuration deployed (see examples below). max-mus <mus>> Defines the maximum number of MUs assigned to the specified radio (idx 1 or 2).
Page 392 CLI Reference Radio 1 Disabled, Radio 2 WLAN, Radio 3 Disabled Radio 1 Disabled, Radio 2 Disabled, Radio 3 Disabled Two Radio SKU radio-config <value 1- 7> Radio 1 WLAN, Radio 2 WIPS Radio 1 WIPS, Radio 2 WLAN Radio 1 WLAN, Radio 2 WLAN Radio 1 WIPS, Radio 2 WIPS Radio 1 WLAN, Radio 2 Disabled Radio 1 Disabled, Radio 2 WLAN...
Page 393: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz])
AP4700>admin(network.wireless.radio.802-11n[2.4 GHz])> Displays a specific 802.11n 2.4 GHz radio 1 submenu. The items available under this command include: Syntax show : show 802.11n radio parameters : set 802.11n radio parameters delete : delete 802.11n radio parameters advanced : go to Advanced Settings sub-menu mesh : go to Mesh Connections sub-menu : go to parent menu...
Page 394: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz])>Show
CLI Reference AP4700>admin(network.wireless.radio.802-11n[2.4 GHz])>show Displays specific 802.11n (2.4 GHz) radio settings. Syntax show radio Displays specific 802.11n (2.4 GHz) radio settings. rates Displays specific 802.11n (2.4 GHz) radio rate settings. aggr Displays specific 802.11n (2.4 GHz) aggregation settings. Displays specific 802.11n (2.4 GHz) radio WMM QoS settings. Example admin(network.wireless.radio.802-11n[2.4 GHz])>show radio Radio Setting Information...
Page 395 Supported 39.0 Mbps 81.0 Mbps Supported 52.0 Mbps 108.0 Mbps Supported 58.5 Mbps 121.5 Mbps Supported 65.0 Mbps 135.0 Mbps Supported 13.0 Mbps 27.0 Mbps Supported 26.0 Mbps 54.0 Mbps Supported 39.0 Mbps 81.0 Mbps Supported 52.0 Mbps 108.0 Mbps Supported 78.0 Mbps 162.0 Mbps...
Page 396: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz])>Set
CLI Reference AP4700>admin(network.wireless.radio.802-11n[2.4 GHz])>set Defines specific 802.11n (2.4 GHz) radio parameters. Syntax placement Defines the access point radio placement as indoors or outdoors. ch-mode Determines how the radio channel is selected (user, auto-20 or auto-40). channel Defines the radio channel used. Channel allowed depends on actual country of operation.
Page 397 admin(network.wireless.radio.802-11n[2.4 GHz])>set dtim 1 40 admin(network.wireless.radio.802-11n[2.4 GHz])>set aggr ampdu enable admin(network.wireless.radio.802-11n[2.4 GHz])>set shortgi disable admin(network.wireless.radio.802-11n[2.4 GHz])>set single-antenna disable admin(network.wireless.radio.802-11n[2.4 GHz])>set preamble disable admin(network.wireless.radio.802-11n[2.4 GHz])>set rts 2341 admin(network.wireless.radio.802-11n[2.4 GHz])>set qos cwmin 125 admin(network.wireless.radio.802-11n[2.4 GHz])>set qos cwmax 255 admin(network.wireless.radio.802-11n[2.4 GHz])>set qos aifsn 7 admin(network.wireless.radio.802-11n[2.4 GHz])>set qos txops 0 admin(network.wireless.radio.802-11n[2.4 GHz])>set qbss-beacon 110 admin(network.wireless.radio.802-11n[2.4 GHz])>set qbss-mode enable...
Page 398: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz].Advanced)
CLI Reference AP4700>admin(network.wireless.radio.802-11n[2.4 GHz].advanced)> Displays the advanced submenu for the 802.11n (2.4 GHz) radio. The items available under this command include: Syntax show Displays advanced radio settings for the 802.11n (2.4 GHz) radio. Defines advanced parameters for the 802.11n (2.4 GHz) radio. Goes to the parent menu.
Page 399: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz].Advanced)> Show
AP4700>admin(network.wireless.radio.802-11n[2.4 GHz].advanced)> show Displays the BSSID to WLAN mapping for the 802.11n (2.4 GHz) radio. Syntax show advanced Displays advanced settings for the 802.11n (2.4 GHz) radio. wlan Displays WLAN summary list for the 802.11n (2.4 GHz) radio. Example admin(network.wireless.radio.802-11n[2.4 GHz].advanced)>show advanced ----------------------------------------------------------------------------- WLAN BSS ID...
Page 400: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz].Advanced)>Set
CLI Reference AP4700>admin(network.wireless.radio.802-11n[2.4 GHz].advanced)>set Defines advanced parameters for the target 802.11n (2.4 GHz) radio. Syntax wlan <wlan-name> <bssid> Defines advanced WLAN to BSSID mapping for the target radio. <bss-id> <wlan name> Sets the BSSID to primary WLAN definition. Example admin(network.wireless.radio.802-11n[2.4 GHz].advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11n[2.4 GHz].advanced)>set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the access point using the applet (GUI), see...
Page 401: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz].Mesh)
AP4700>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)> Displays the mesh configuration submenu for the 802.11n (2.4 GHz) radio. The items available under this command include: Syntax show Displays mesh settings and status for the 802.11n (2.4 GHz) radio. Defines mesh parameters for the 802.11n (2.4 GHz) radio. Adds a 802.11n (2.4 GHz) radio mesh connection.
Page 402: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz].Mesh)>Show
CLI Reference AP4700>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>show Displays mesh settings and status for the 802.11n (2.4 GHz) radio. Syntax show config Displays the connection list configuration. status Shows the available mesh connection status. Example admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>show config Mesh Connection Auto Select : enable admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>show status ----------------------------------------------------------------------------- AP MAC Address...
Page 403: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz].Mesh)>Set
AP4700>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>set Defines mesh parameters for the 802.11n (2.4 GHz) radio. Syntax <auto-select> Enables or disables auto select mesh connections. Example admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>set auto-select enable admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>show config Mesh Connection Auto Select : enable Altitude 4700 Series Access Point Product Reference Guide...
Page 404: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz].Mesh)>Add
CLI Reference AP4700>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>add Adds a 802.11n (2.4 GHz) radio mesh connection. Syntax <priority> Defines the connection priority (1-16). <mac> Sets the access point MAC address. Example admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>add 2 AA21DCDD12DE Altitude 4700 Series Access Point Product Reference Guide...
Page 405: Ap4700>Admin(Network.wireless.radio.802-11N[2.4 Ghz].Mesh)>Delete
AP4700>admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>delete Deletes a 802.11n (2.4 GHz) radio mesh connection by specified index or by removing all entries. Syntax delete <idx> Deletes a mesh connection by specified index (1-16). <all> Removes all mesh connections. Example admin(network.wireless.radio.802-11n[2.4 GHz].mesh)>delete 2 Altitude 4700 Series Access Point Product Reference Guide...
Page 406: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz])
CLI Reference AP4700>admin(network.wireless.radio.802-11n[5.0 GHz])> Displays a specific 802.11n (5.0 GHz) radio 2 submenu. The items available under this command include: Syntax show : show 802.11n radio parameters : set 802.11n radio parameters delete : delete 802.11n radio parameters advanced : go to Advanced Settings sub-menu mesh : go to Mesh Connections sub-menu : go to parent menu...
Page 407: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz])>Show
AP4700>admin(network.wireless.radio.802-11n[5.0 GHz])>show Displays specific 802.11n (5.0 GHz) radio settings. Syntax show radio Displays specific 802.11n (5.0 GHz) radio settings. rates Displays specific 802.11n (5.0 GHz) radio rate settings. aggr Displays specific 802.11n (5.0 GHz) aggregation settings. Displays specific 802.11n (5.0 GHz) radio WMM QoS settings. Example admin(network.wireless.radio.802-11n[5.0 GHz])>show radio Radio Setting Information...
Page 408 CLI Reference Supported 13.0 Mbps 27.0 Mbps Supported 26.0 Mbps 54.0 Mbps Supported 39.0 Mbps 81.0 Mbps Supported 52.0 Mbps 108.0 Mbps Supported 78.0 Mbps 162.0 Mbps Supported 104.0 Mbps 216.0 Mbps Supported 117.0 Mbps 243.0 Mbps Supported 130.0 Mbps 270.0 Mbps admin(network.wireless.radio.802-11n[5.0 GHz])>...
Page 409: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz])>Set
AP4700>admin(network.wireless.radio.802-11n[5.0 GHz])>set Defines specific 802.11n (5.0 GHz) radio parameters. Syntax placement Defines the access point radio placement as indoors or outdoors. ch-mode Determines how the radio channel is selected. channel Defines the actual channel used by the radio. Channel allowed depends on actual country of operation.
Page 410 CLI Reference admin(network.wireless.radio.802-11n[5.0 GHz])>set rts 2341 admin(network.wireless.radio.802-11n[5.0 GHz])>set range 40 admin(network.wireless.radio.802-11n[5.0 GHz])>set qbss-beacon 110 admin(network.wireless.radio.802-11n[5.0 GHz])>set qbss-mode enable admin(network.wireless.radio.802-11n[5.0 GHz])>set single-antenna disable admin(network.wireless.radio.802-11n[5.0 GHz])>set dynamic-chain-selection enable admin(network.wireless.radio.802-11n[5.0 GHz])>set tkip-ht-compatibility disable admin(network.wireless.radio.802-11n[5.0 GHz])>set bcmc-tx-speed range CAUTION A 40 MHz channel is composed of two 20 MHz subchannels. If the firmware detects radar within the FCC 80 % detection band of the 40 MHz channel;...
Page 411: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz].Advanced)
AP4700>admin(network.wireless.radio.802-11n[5.0 GHz].advanced)> Displays the advanced submenu for the 802.11n (5.0 GHz) radio. The items available under this command include: Syntax show Displays advanced radio settings for the 802.11n (5.0 GHz) radio. Defines advanced parameters for the 802.11n (5.0 GHz) radio. Goes to the parent menu.
Page 412: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz].Advanced)> Show
CLI Reference AP4700>admin(network.wireless.radio.802-11n[5.0 GHz].advanced)> show Displays the BSSID to WLAN mapping for the 802.11n (5.0 GHz) radio. Syntax show advanced Displays advanced settings for the 802.11n (5.0 GHz) radio. wlan Displays WLAN summary list for 802.11n (5.0 GHz) radio. Example admin(network.wireless.radio.802-11n[5.0 GHz].advanced)>show advanced ----------------------------------------------------------------------------- WLAN...
Page 413: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz].Advanced)> Set
AP4700>admin(network.wireless.radio.802-11n[5.0 GHz].advanced)> Defines advanced parameters for the target 802.11n (5.0 GHz) radio. Syntax wlan <wlan-name> <bssid> Defines advanced WLAN to BSSID mapping for the target 5.0 GHz radio. <bss-id> <wlan name> Sets the BSSID to primary WLAN definition. Example admin(network.wireless.radio.802-11n[5.0 GHz].advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11n[5.0 GHz].advanced)>set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the access point using the applet (GUI), see...
Page 414: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz].Mesh)
CLI Reference AP4700>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)> Displays the mesh configuration submenu for the 802.11n (5.0 GHz) radio. The items available under this command include: Syntax show Displays mesh settings and status for the 802.11n (5.0 GHz) radio. Defines mesh parameters for the 802.11n (5.0 GHz) radio. Adds a 802.11n (5.0 GHz) radio mesh connection.
Page 415: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz].Mesh)>Show
AP4700>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>show Displays mesh settings and status for the 802.11n (5.0 GHz) radio. Syntax show config Displays the connection list configuration. status Shows the available mesh connection status. Example admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>show config Mesh Connection Auto Select : enable admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>show status ----------------------------------------------------------------------------- AP MAC Address Channel...
Page 416: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz].Mesh)>Set
CLI Reference AP4700>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>set Defines mesh parameters for the 802.11n (5.0 GHz) radio. Syntax <auto-select> Enables or disables auto select mesh connections. Example admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>set auto-select enable admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>show config Mesh Connection Auto Select : enable Altitude 4700 Series Access Point Product Reference Guide...
Page 417: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz].Mesh)>Add
AP4700>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>add Adds a 802.11n (5.0 GHz) radio mesh connection. Syntax <priority> Defines the connection priority (1-16). <mac> Sets the access point MAC address. Example admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>add 2 AA21DCDD12DE Altitude 4700 Series Access Point Product Reference Guide...
Page 418: Ap4700>Admin(Network.wireless.radio.802-11N[5.0 Ghz].Mesh)>Delete
CLI Reference AP4700>admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>delete Deletes a 802.11n (5.0 GHz) radio mesh connection by specified index or by removing all entries. Syntax delete <idx> Deletes a mesh connection by specified index (1-16). <all> Removes all mesh connections. Example admin(network.wireless.radio.802-11n[5.0 GHz].mesh)>delete 2 Altitude 4700 Series Access Point Product Reference Guide...
Page 419: Ap4700>Admin(Network.wireless.qos)
Network Quality of Service (QoS) Commands AP4700>admin(network.wireless.qos)> Displays the access point Quality of Service (QoS) submenu. The items available under this command include: show Displays access point QoS policy information. create Defines the parameters of the QoS policy. edit Edits the settings of an existing QoS policy. delete Removes an existing QoS policy.
Page 420: Ap4700>Admin(Network.wireless.qos)>Show
CLI Reference AP4700>admin(network.wireless.qos)>show Displays the access point’s current QoS policy by summary or individual policy. Syntax show summary Displays all exisiting QoS policies that have been defined. policy <index> Displays the configuration for the requested QoS policy. Example admin(network.wireless.qos)>show summary ---------------------------------------------------------------------- QOS Policy Name Associated WLANs...
Page 421: Ap4700>Admin(Network.wireless.qos.create)
AP4700>admin(network.wireless.qos.create)> Defines an access point QoS policy. Syntax show Displays QoS policy parameters. qos-name <index> Sets the QoS name for the specified index entry. <index> Enables or disables support (by index) for legacy VOIP devices. mcast <mac> Defines primary and secondary Multicast MAC address. wmm-qos <index>...
Page 422: Ap4700>Admin(Network.wireless.qos.edit)
CLI Reference AP4700>admin(network.wireless.qos.edit)> Edits the properties of an existing QoS policy. Syntax show Displays QoS policy parameters. qos-name <index> Sets the QoS name for the specified index entry. <index> Enables or disables support (by index) for legacy VOIP devices. mcast <mac>...
Page 423: Ap4700>Admin(Network.wireless.qos)>Delete
AP4700>admin(network.wireless.qos)>delete Removes a QoS policy. Syntax delete <qos-name> Deletes the specified QoS polciy index, or all of the policies (except <all> default policy). For information on configuring the WLAN QoS options available to the access point using the applet (GUI), see “Setting the WLAN Quality of Service (QoS) Policy”...
Page 424: Ap4700>Admin(Network.wireless.rate-Limiting)
CLI Reference Network Rate Limiting Commands AP4700>admin(network.wireless.rate-limiting)> Displays the access point Rate Limiting submenu. The items available under this command include: show Displays Rate Limiting information for how data is processed by the access point. Defines Rate Limiting parameters for the access point. Goes to the parent menu.
Page 425: Ap4700>Admin(Network.wireless.rate-Limiting)>Show
AP4700>admin(network.wireless.rate-limiting)>show Displays the access point’s current Rate Limiting configuration. Syntax show summary Displays the current Rate Limiting configuration for defined WLANs. wlan Example admin(network.wireless.rate-limiting>show summary Per MU Rate Limiting : disable admin(network.wireless.rate-limiting)>show wlan WLAN 1 WLAN Name WLAN1 ESSID Radio Band(s) 2.4 and 5.0 GHz VLAN <none>...
Page 426: Ap4700>Admin(Network.wireless.rate-Limiting)>Set
CLI Reference AP4700>admin(network.wireless.rate-limiting)>set Defines the access point Rate Limiting configuration. Syntax mode <mode> Enables or disables Rate Limiting. For information on configuring the Rate Limiting options available to the access point using the applet (GUI), see “Configuring MU Rate Limiting” on page 184.
Page 427: Ap4700>Admin(Network.wireless.rogue-Ap)
Network Rogue-AP Commands AP4700>admin(network.wireless.rogue-ap)> Displays the Rogue AP submenu. The items available under this command include: show Displays the current access point Rogue AP detection configuration. Defines the Rogue AP detection method. mu-scan Goes to the Rogue AP mu-uscan submenu. allowed-list Goes to the Rogue AP Allowed List submenu.
Page 428: Ap4700>Admin(Network.wireless.rogue-Ap)>Show
CLI Reference AP4700>admin(network.wireless.rogue-ap)>show Displays the current access point Rogue AP detection configuration. Syntax show Displays the current access point Rogue AP detection configuration. Example admin(network.wireless.rogue-ap)>show MU Scan : disable MU Scan Interval : 60 minutes On-Channel : disable Detector Radio Scan : enable Auto Authorize Extreme APs : disable...
Page 429: Ap4700>Admin(Network.wireless.rogue-Ap)>Set
: enable/disable Detector Scan on Both Bands : (2.4 & 5.0 GHz) extreme networks-ap : enable/disable Authorization of Any AP : having Extreme Networks Defined MAC Addresses applst-ageout : set the approved AP age out time roglst-ageout : set the rogue AP age out time Example admin(network.wireless.rogue-ap)>...
Page 430: Ap4700>Admin(Network.wireless.rogue-Ap.mu-Scan)
CLI Reference AP4700>admin(network.wireless.rogue-ap.mu-scan)> Displays the Rogue-AP mu-scan submenu. Syntax Add all or just one scan result to Allowed AP list. show Displays all APs located by the MU scan. start The access point initiates an immediate scan for known and associated MUs. Goes to the parent menu.
Page 431: Ap4700>Admin(Network.wireless.rogue-Ap.mu-Scan)>Start
AP4700>admin(network.wireless.rogue-ap.mu-scan)>start Initiates an MU scan from a user provided MAC address. Syntax start <mu-mac> Initiates MU scan from user provided MAC address. For information on configuring the Rogue AP options available to the access point using the applet (GUI), see “Configuring Rogue AP Detection”...
Page 432: Ap4700>Admin(Network.wireless.rogue-Ap.mu-Scan)>Show
CLI Reference AP4700>admin(network.wireless.rogue-ap.mu-scan)>show Displays the results of an MU scan. Syntax show Displays all APs located by the MU scan. For information on configuring the Rogue AP options available to the access point using the applet (GUI), see “Configuring Rogue AP Detection” on page 243.
Page 433: Ap4700>Admin(Network.wireless.rogue-Ap.allowed-List)
AP4700>admin(network.wireless.rogue-ap.allowed-list)> Displays the Rogue-AP allowed-list submenu. show Displays the rogue AP allowed list Adds an AP MAC address and ESSID to the allowed list. delete Deletes an entry or all entries from the allowed list. Goes to the parent menu. Goes to the root menu.
Page 434: Ap4700>Admin(Network.wireless.rogue-Ap.allowed-List)>Show
CLI Reference AP4700>admin(network.wireless.rogue-ap.allowed-list)>show Displays the Rogue AP allowed List. Syntax show Displays the rogue-AP allowed list. Example admin(network.wireless.rogue-ap.allowed-list)>show Allowed AP List ----------------------------------------------------------------------------- index ap mac essid ----------------------------------------------------------------------------- 00:A0:F8:71:59:20 00:A0:F8:33:44:55 00:A0:F8:40:20:01 Marketing For information on configuring the Rogue AP options available to the access point using the applet (GUI), see “Configuring Rogue AP Detection”...
Page 435: Ap4700>Admin(Network.wireless.rogue-Ap.allowed-List)>Add
AP4700>admin(network.wireless.rogue-ap.allowed-list)>add Adds an AP MAC address and ESSID to existing allowed list. Syntax <mac-addr> Adds an AP MAC address and ESSID to existing allowed list. <ess-id> “fffffffffffffffff” means any MAC Use a “*” for any ESSID. Example admin(network.wireless.rogue-ap.allowed-list)>add 00A0F83161BB 103 admin(network.wireless.rogue-ap.allowed-list)>show ----------------------------------------------------------------------------- index...
Page 436: Ap4700>Admin(Network.wireless.rogue-Ap.allowed-List)>Delete
CLI Reference AP4700>admin(network.wireless.rogue-ap.allowed-list)>delete Deletes an AP MAC address and ESSID to existing allowed list. Syntax delete <idx> (1-50) Deletes an AP MAC address and ESSID (or all addresses) from the allowed <all> list. For information on configuring the Rogue AP options available to the access point using the applet (GUI), see “Configuring Rogue AP Detection”...
Page 437: Ap4700>Admin(Network.wireless.wips)
WIPS Commands AP4700>admin(network.wireless.wips)> Displays the WIPS submenu. The items available under this command include: show Displays the current WLAN Intrusion Prevention configuration. Sets WLAN Intrusion Prevention parameters. Goes to the parent menu. Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
Page 438: Ap4700>Admin(Network.wireless.wips)>Show
CLI Reference AP4700>admin(network.wireless.wips)>show Shows the WLAN Intrusion Prevention configuration. Syntax show Displays the existing Wireless Intrusion Protection System (WIPS) configuration. Example admin(network.wireless.wips>show WIPS Server #1 IP Address : 192.168.0.21 WIPS Server #2 IP Address : 10.1.1.1 admin(network.wireless.wips> Altitude 4700 Series Access Point Product Reference Guide...
Page 439: Ap4700>Admin(Network.wireless.wips)>Set
AP4700>admin(network.wireless.wips)>set Sets the WLAN Intrusion Prevention configuration. Syntax <idx 1 and 2> Defines the WLAN Intrusion Prevention Server IP Address (for server IPs 1 and 2). <ip> Example admin(network.wireless.wips)>set server 1 192.168.0.21 admin(network.wireless.wips)> Altitude 4700 Series Access Point Product Reference Guide...
Page 440: Ap4700>Admin(Network.wireless.mu-Locationing)
CLI Reference Network MU Locationing Commands AP4700>admin(network.wireless.mu-locationing)> Displays the MU Locationing submenu. The items available under this command include: show Displays the current MU Locationing configuration. Defines MU Locationing parameters. Goes to the parent menu. Goes to the root menu. save Saves the configuration to system flash.
Page 441: Ap4700>Admin(Network.wireless.mu-Locationing)>Show
AP4700>admin(network.wireless.mu-locationing)>show Displays the MU probe table configuration. Syntax show Displays the MU locationing probe table configuration. Example admin(network.wireless.mu-locationing)>show MU Probe Table Mode : disable MU Probe Table Size : 200 admin(network.wireless.mu-locationing)> Altitude 4700 Series Access Point Product Reference Guide...
Page 442: Ap4700>Admin
CLI Reference AP4700>admin(network.wireless.mu-locationing>set Defines the MU probe table configuration used for locating MUs. Syntax Defines the MU probe table configuration. mode Enables/disables MU locationing. size Defines the number of MUs in the locationing table (the maximum allowed is 200). Example admin(network.wireless.mu-locationing)>set admin(network.wireless.mu-locationing)>set mode enable admin(network.wireless.mu-locationing)>set size 200...
Page 443: Network Firewall Commands
Network Firewall Commands AP4700>admin(network.firewall)> Displays the access point firewall submenu. The items available under this command include: show Displays the access point’s current firewall configuration. Defines the access point’s firewall parameters. access Enables/disables firewall permissions through the LAN and WAN ports. advanced Displays interoperaility rules between the LAN and WAN ports.
Page 444: Ap4700>Admin(Network.firewall)>Show
CLI Reference AP4700>admin(network.firewall)>show Displays the access point firewall parameters. Syntax show Shows all access point firewall settings. Example admin(network.firewall)>show Firewall Status : disable NAT Timeout : 10 minutes Configurable Firewall Filters: ftp bounce attack filter : enable syn flood attack filter : enable unaligned ip timestamp filter : enable...
Page 445: Ap4700>Admin(Network.firewall)>Set
AP4700>admin(network.firewall)>set Defines the access point firewall parameters. Syntax mode <mode> Enables or disables the firewall. nat-timeout <interval> Defines the NAT timeout value. <mode> Enables or disables SYN flood attack check. <mode> Enables or disables source routing check. <mode> Enables or disables Winnuke attack check. <mode>...
Page 446: Ap4700>Admin(Network.firewall)>Access
CLI Reference AP4700>admin(network.firewall)>access Enables or disables firewall permissions through LAN to WAN ports. Syntax show Displays LAN to WAN access rules. Sets LAN to WAN access rules. Adds LAN to WAN exception rules. delete Deletes LAN to WAN access exception rules. list Displays LAN to WAN access exception rules.
Page 447: Ap4700>Admin(Network.firewall)>Advanced
AP4700>admin(network.firewall)>advanced Displays whether an access point firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface. Syntax show Shows advanced subnet access parameters. Sets advanced subnet access parameters. import Imports rules from subnet access. inbound Goes to the Inbound Firewall Rules submenu.
Page 448: Network Router Commands
CLI Reference Network Router Commands AP4700>admin(network.router)> Displays the router submenu. The items available under this command are: show Displays the existing access point router configuration. Sets the RIP parameters. Adds user-defined routes. delete Deletes user-defined routes. list Lists user-defined routes. Goes to the parent menu.
Page 449: Ap4700>Admin(Network.router)>Show
AP4700>admin(network.router)>show Shows the access point route table. Syntax show Displays the rounter’s RIP parameters. routes Displays connected routes. Example admin(network.router)>show rip rip type : off rip direction : both rip authentication type : none rip simple auth password : ********* rip md5 id 1 rip md5 key 1 : *********...
Page 450: Ap4700>Admin(Network.router)>Set
CLI Reference AP4700>admin(network.router)>set Shows the access point route table. Syntax auth Sets the RIP authentication type (none, simple or MD5). Sets RIP direction (rx, tx or both) Sets MD5 authetication ID (1-256) for specific index (1-2). Sets MD5 authetication key (up to 16 characters) for specified inded (1-2). passwd Sets the password (up to 16 characters) for simple authentication.
Page 451: Ap4700>Admin(Network.router)>Add
AP4700>admin(network.router)>add Adds user-defined routes. Syntax add <dest> <netmask> <gw> <iface> <metric> Adds a route with destination IP address <dest>, IP netmask <netmask>, destination gateway IP address <gw>, interface LAN1, LAN2 or WAN <iface>, and metric set <metric> to (1-65536). Example admin(network.router)>add 192.168.3.0 255.255.255.0 192.168.2.1 LAN1 1 admin(network.router)>list ----------------------------------------------------------------------------...
Page 452: Ap4700>Admin(Network.router)>Delete
CLI Reference AP4700>admin(network.router)>delete Deletes user-defined routes. Syntax delete <idx> Deletes the user-defined route <idx> (1-20) from list. Deletes all user-defined routes. Example admin(network.router)>list ---------------------------------------------------------------------------- index destination netmask gateway interface metric ---------------------------------------------------------------------------- 192.168.2.0 255.255.255.0 192.168.0.1 lan1 192.168.1.0 255.255.255.0 0.0.0.0 lan2 192.168.0.0 255.255.255.0 0.0.0.0 lan2...
Page 453: Ap4700>Admin(Network.router)>List
AP4700>admin(network.router)>list Lists user-defined routes. Syntax list Displays a list of user-defined routes. Example admin(network.router)>list ---------------------------------------------------------------------------- index destination netmask gateway interface metric ---------------------------------------------------------------------------- 192.168.2.0 255.255.255.0 192.168.0.1 lan1 192.168.1.0 255.255.255.0 0.0.0.0 lan2 192.168.0.0 255.255.255.0 0.0.0.0 lan1 For information on configuring the Router options available to the access point using the applet (GUI), “Configuring Router Settings”...
Page 454: Network Ip Filter Commands
CLI Reference Network IP Filter Commands AP4700>admin(network.ipfilter)> Displays the ipfilter submenu. The items available under this command are: show Displays Global IP Filter table entries. Sets Global IP Filter table entries. Adds a filter to the Global IP Filter table delete Deletes a filter from the Global IP Filter table.
Page 455: Ap4700>Admin(Network.ipfilter)>Show
AP4700>admin(network.ipfilter)>show Displays Global IP Filter table entries. Syntax show Displays Global IP Filter table entries. Example admin(network.ipfilter)>show ---------------------------------------------------------------------------- Idx name Protocol Port-Start-End SrcIP-Start-End DestIP-Start-End In-Use ---------------------------------------------------------------------------- admin(network.ipfilter)> Altitude 4700 Series Access Point Product Reference Guide...
Page 456: Ap4700>Admin(Network.ipfilter)>Set
CLI Reference AP4700>admin(network.ipfilter)>set Sets Global IP Filter table entries. Syntax Sets Global IP Filter table entries. Example admin(network.ipfilter)>set name : Sets name of IP Filters protocol : Sets the protocol of the IP filter port-start : Sets the starting port of the IP Filter port-end : Sets the end port of the IP Filter saddr-start...
Page 457: Ap4700>Admin(Network.ipfilter)>Add
AP4700>admin(network.ipfilter)>add Adds a filter to the Global IP Filter table. Syntax add filter-name <name> Adds name to IP Filter (up to 20 characters). protocol <loc> Adds protocol for IP Filter. start-port <port> Adds a starting port for IP Filter. end-port <port>...
Page 458: Ap4700>Admin(Network.ipfilter)>Delete
CLI Reference AP4700>admin(network.ipfilter)>delete Deletes a filter from the Global IP Filter table. Syntax delete index <idx> Deletes a filter index from the Global IP Filter table. Deletes all filters from the Global IP Filter table. Example admin(network.ipfilter)>delete all admin(network.ipfilter)> Altitude 4700 Series Access Point Product Reference Guide...
Page 459: System Commands
System Commands AP4700>admin(system)> Displays the System submenu. The items available under this command are shown below. restart Restarts the access point. show Shows access point system parameter settings. Defines access point system parameter settings. lastpw Displays last debug password. exec Goes to a Linux command menu.
Page 460: Ap4700>Admin(System)>Restart
CLI Reference AP4700>admin(system)>restart Restarts the access point access point. Syntax restart Restarts the access point. Example admin(system)>restart ********************************WARNING*********************************** ** Unsaved configuration changes will be lost when the access point is reset. ** Please be sure to save changes before resetting. ************************************************************************** Are you sure you want to restart the AP4700?? (yes/no): AP4700 Boot Firmware Version 4.1.0.0-xxx...
Page 461: Ap4700>Admin(System)>Show
AP4700>admin(system)>show Displays high-level system information helpful to differentiate this access point. Syntax show Displays access point system information. Example admin(system)>show system name : AP-00-04-96-54-A0-10 system location : AP-00-04-96-54-A0-10-Location admin email address system uptime : 3 days 23 hours 17 minutes 14 seconds DNS Relay Mode : enable SSLv2 support from HTTP server...
Page 462: Ap4700>Admin(System)>Set
CLI Reference AP4700>admin(system)>set Sets access point system parameters. Syntax name <name> Sets the access point system name to <name> (1 to 59 characters). The access point does not allow intermediate space characters between characters within the system name. For example, “AP4700 sales” must be changed to “AP4700sales”...
Page 463: Ap4700>Admin(System)>Lastpw
AP4700>admin(system)>lastpw Displays last expired debug password. Example admin(system)>lastpw AP-4700 MAC Address is 00:15:70:02:7A:66 Last debug password was extreme Current debug password used 0 times, valid 4 more time(s) admin(system)> Altitude 4700 Series Access Point Product Reference Guide...
Page 464: Ap4700>Admin(System)>Arp
CLI Reference AP4700>admin(system)>arp Dispalys the access point’s arp table. Example admin(system)>arp IP Address HWtype HWaddress Flags Mask Device 157.235.92.210 ether 00:11:25:14:61:A8 157.235.92.179 ether 00:14:22:F3:D7:39 157.235.92.248 ether 00:11:25:B2:09:60 157.235.92.180 ether 00:0D:60:D0:06:90 157.235.92.3 ether 00:D0:2B:A0:D4:FC 157.235.92.181 ether 00:15:C5:0C:19:27 157.235.92.80 ether 00:11:25:B2:0D:06 157.235.92.95 ether 00:14:22:F9:12:AD 157.235.92.161...
Page 465: Power Setup Commands
Power Setup Commands AP4700>admin(system)>power-setup Displays the Power Setup submenu. show Displays the current power setting configuration. Defines the access point’s power setting configuration. Goes to the parent menu. Goes to the root menu. save Saves the current configuration to the access point system flash. quit Quits the CLI and exits the current session.
Page 466: Ap4700>Admin(System.power-Setup)>Show
CLI Reference AP4700>admin(system.power-setup)>show Displays the access point’s current power configuration. Syntax show Displays the access point’s current power configuration. Example admin(system.power-setup)>show Power Mode : Auto Power Status : Full Power 3af Power Option : default 3at Power Option : default Default Radio : Radio1 “Configuring...
Page 467: Ap4700>Admin(System.power-Setup)>Set
AP4700>admin(system.power-setup)>set Sets access point’s power consumption configuration. Syntax mode Sets the power mode to either Auto or 3af. Changing the mode requires restarting the access point. power-option Defines the power option. def-radio Defines the access point’s default radio (1-Radio1, 2-Radio2). admin(system.power-setup)>set mode Auto admin(system.power-setup)>set power-option 3af option admin(system.power-setup)>set def-radio 1...
Page 468: Adaptive Ap Setup Commands
CLI Reference Adaptive AP Setup Commands AP4700>admin(system)>aap-setup Displays the Adaptive AP submenu. show Displays Adaptive AP information. Defines the Adaptive AP configuration. delete Deletes static controller address assignments. Goes to the parent menu. Goes to the root menu. save Saves the current configuration to the access point system flash. quit Quits the CLI and exits the current session.
Page 469: Ap4700>Admin(System.aap-Setup)>Show
AP4700>admin(system.aap-setup)>show Displays the access point’s Adaptive AP configuration. Syntax show Displays the access point’s Adaptive AP configuration. Example admin(system.aap-setup)>show Auto Discovery Mode : disable Controller Name : greg Static IP Port : 24576 Static IP Address IP Address 1 : 0.0.0.0 IP Address 2 : 0.0.0.0 IP Address 3...
Page 470: Ap4700>Admin(System.aap-Setup)>Set
CLI Reference AP4700>admin(system.aap-setup)>set Sets access point’s Adaptive AP configuration. Syntax auto-discovery Sets the controller auto-discovery mode (enable/disable). ipadr Defines the controller IP address used. name Defines the controller name for DNS lookups (up to 127 characters). port Sets the port. passphrase Defines the pass phrase or key for controller connection.
Page 471: Ap4700>Admin(System.aap-Setup)>Delete
AP4700>admin(system.aap-setup)>delete Deletes static controller address assignments. Syntax delete <idx> Deletes static controller address assignments by selected index. <all> Deletes all assignments. Example admin(system.aap-setup)>delete 1 admin(system.aap-setup)> For information on configuring Adaptive AP using the applet (GUI), see “Adaptive AP Setup” on page For an overview of adaptive AP functionality and its implications, see “Adaptive AP Overview”...
Page 472: Lldp Commands
CLI Reference LLDP Commands AP4700>admin(system)>lldp Displays the LLDP submenu. show Displays LLDP information. Sets LLDP parameters. Goes to the parent menu. Goes to the root menu. save Saves the current configuration to the access point system flash. quit Quits the CLI and exits the current session. For information on configuring LLDP using the applet (GUI), see “Configuring LLDP Settings”...
Page 473: Ap4700>Admin(System.lldp)>Show
AP4700>admin(system.lldp)>show Displays LLDP information. Syntax show Displays LLDP information. admin(system.lldp)>show LLDP Status :enable LLDP Refresh Interval LLDP Holdtime Mutiplier admin(system.lldp)> For information on configuring LLDP using the applet (GUI), see “Configuring LLDP Settings” on page 108. Altitude 4700 Series Access Point Product Reference Guide...
Page 474: Ap4700>Admin(System.lldp)>Set
CLI Reference AP4700>admin(system.lldp)>set Sets the LLDP configuration. Syntax Sets the LLDP configurarion. lldp-mode Sets AP lldp mode. lldp-refresh Sets the LLDP Refresh Interval. lldp-holdtime Sets the LLDP HoldTime Multiplier. admin(system.lldp)>set lldp-mode enable admin(system.lldp)>set lldp-refresh 100 admin(system.lldp)>set lldp-holdtime 2 admin(system.lldp)> For information on configuring LLDP using the applet (GUI), see “Configuring LLDP Settings”...
Page 475: System Access Commands
System Access Commands AP4700>admin(system)>access Displays the access point access submenu. show Displays access point system access capabilities. Goes to the access point system access submenu. Goes to the parent menu. Goes to the root menu. save Saves the current configuration to the access point system flash. quit Quits the CLI and exits the current session.
Page 476: Ap4700>Admin(System.access)>Set
CLI Reference AP4700>admin(system.access)>set Defines the permissions to access the access point applet, CLI, SNMP as well as defining their timeout values. Syntax applet Defines the applet HTTP/HTTPS access parameters. app-timeout <minutes> Sets the applet timeout. Default is 300 Mins. sslv2 <mode>...
Page 477: Ap4700>Admin(System.access)>Show
AP4700>admin(system.access)>show Displays the current access point access permissions and timeout values. Syntax show Shows all of the current system access settings for the access point. Example admin(system.access)>show -------------------------------From LAN1-------From LAN2-------From WAN applet http access enable enable enable applet http access enable enable enable...
Page 478: System Certificate Management Commands
CLI Reference System Certificate Management Commands AP4700>admin(system)>cmgr Displays the Certificate Manager submenu. The items available under this command include: genreq Generates a Certificate Request. delself Deletes a Self Certificate. loadself Loads a Self Certificate signed by CA. listself Lists the self certificate loaded. loadca Loads trusted certificate from CA.
Page 479: Ap4700>Admin(System.cmgr)>Genreq
AP4700>admin(system.cmgr)>genreq Generates a certificate request. Syntax genreq <IDname <Subject> [-ou [-on [-cn <City>] [-st <State>] . . . > <OrgUnit>] <OrgName>] . . . [-cc <CCode>] [-e <Email>] [-i <IP>] [-sa <SAlgo>] <PostCode>] <Domain>] Generates a self-certificate request for a Certification Authority (CA), where: <IDname>...
Page 480: Ap4700>Admin(System.cmgr)>Delself
CLI Reference AP4700>admin(system.cmgr)>delself Deletes a self certificate. Syntax delself <IDname> Deletes the self certificate named <IDname>. Example admin(system.cmgr)>delself MyCert2 For information on configuring self certificate settings using the applet (GUI), see “Creating Self Certificates for Accessing the VPN” on page Altitude 4700 Series Access Point Product Reference Guide...
Page 481: Ap4700>Admin(System.cmgr)>Loadself
AP4700>admin(system.cmgr)>loadself Loads a self certificate signed by the Certificate Authority. Syntax loadself <IDname> Load the self certificate signed by the CA with name <IDname> (7 characters). For information on configuring self certificate settings using the applet (GUI), see “Creating Self Certificates for Accessing the VPN”...
Page 482: Ap4700>Admin(System.cmgr)>Listself
CLI Reference AP4700>admin(system.cmgr)>listself Lists the loaded self certificates. Syntax listself Lists all self certificates that are loaded. For information on configuring self certificate settings using the applet (GUI), see “Creating Self Certificates for Accessing the VPN” on page Altitude 4700 Series Access Point Product Reference Guide...
Page 483: Ap4700>Admin(System.cmgr)>Loadca
AP4700>admin(system.cmgr)>loadca Loads a trusted certificate from the Certificate Authority. Syntax loadca Loads the trusted certificate (in PEM format) that is pasted into the command line. For information on configuring certificate settings using the applet (GUI), see “Importing a CA Certificate” on page Altitude 4700 Series Access Point Product Reference Guide...
Page 484: Ap4700>Admin(System.cmgr)>Delca
CLI Reference AP4700>admin(system.cmgr)>delca Deletes a trusted certificate. Syntax delca <IDname> Deletes the trusted certificate. For information on configuring certificate settings using the applet (GUI), see “Importing a CA Certificate” on page Altitude 4700 Series Access Point Product Reference Guide...
Page 485: Ap4700>Admin(System.cmgr)>Listca
AP4700>admin(system.cmgr)>listca Lists the loaded trusted certificate. Syntax listca Lists the loaded trusted certificates. For information on configuring certificate settings using the applet (GUI), see “Importing a CA Certificate” on page Altitude 4700 Series Access Point Product Reference Guide...
Page 486: Ap4700>Admin(System.cmgr)>Showreq
CLI Reference AP4700>admin(system.cmgr)>showreq Displays a certificate request in PEM format. Syntax showreq <IDname> Displays a certificate request named <IDname> generated from the genreq command. For information on configuring certificate settings using the applet (GUI), see “Importing a CA Certificate” on page Altitude 4700 Series Access Point Product Reference Guide...
Page 487: Ap4700>Admin(System.cmgr)>Delprivkey
AP4700>admin(system.cmgr)>delprivkey Deletes a private key. Syntax delprivkey <IDname> Deletes private key named <IDname>. For information on configuring certificate settings using the applet (GUI), see “Creating Self Certificates for Accessing the VPN” on page Altitude 4700 Series Access Point Product Reference Guide...
Page 488: Ap4700>Admin(System.cmgr)>Listprivkey
CLI Reference AP4700>admin(system.cmgr)>listprivkey Lists the names of private keys. Syntax listprivkey Lists all private keys and displays their certificate associations. For information on configuring certificate settings using the applet (GUI), see “Importing a CA Certificate” on page Altitude 4700 Series Access Point Product Reference Guide...
Page 489: Ap4700>Admin(System.cmgr)>Expcert
AP4700>admin(system.cmgr)>expcert Exports the certificate file to a user defined location. Syntax expcert Exports the access point’s CA or Self certificate file. To export certificate information from an Altitude 4700 access point: admin(system.cmgr)>expcert ? <type> <file name> <cr> : type: ftp/tftp : file name: Certificate file name : Server options for this file are the same : as that for the configuration file...
Page 490: Ap4700>Admin(System.cmgr)>Impcert
CLI Reference AP4700>admin(system.cmgr)>impcert Imports the target certificate file. Syntax impcert Imports the target certificate file. To import certificate information from an Altitude 4700 Access Point: admin(system.cmgr)>impcert ? <type> <file name> <cr> : type: ftp/tftp : file name: Certificate file name : Server options for this file are the same : as that for the configuration file admin(system.cmgr)>impcert tftp AP-4700certs.txt...
Page 491: System Snmp Commands
System SNMP Commands AP4700>admin(system)> snmp Displays the SNMP submenu. The items available under this command are shown below. access Goes to the SNMP access submenu. traps Goes to the SNMP traps submenu. Goes to the parent menu. Goes to the root menu. save Saves the configuration to system flash.
Page 492: Ap4700>Admin(System.snmp.access)
CLI Reference System SNMP Access Commands AP4700>admin(system.snmp.access) Displays the SNMP Access menu. The items available under this command are shown below. show Shows SNMP v3 engine ID. Adds SNMP access entries. delete Deletes SNMP access entries. list Lists SNMP access entries. Goes to the parent menu.
Page 493: Ap4700>Admin(System.snmp.access)>Show
AP4700>admin(system.snmp.access)>show Shows the SNMP v3 engine ID. Syntax show Shows the SNMP v3 Engine ID. Example admin(system.snmp.access)>show eid AP4700 snmp v3 engine id : 000001846B8B4567F871AC68 admin(system.snmp.access)> For information on configuring SNMP access settings using the applet (GUI), see “Configuring SNMP Access Control”...
Page 494: Ap4700>Admin(System.snmp.access)>Add
CLI Reference AP4700>admin(system.snmp.access)>add Adds SNMP access entries for specific v1v2 and v3 user definitions. Syntax add acl <ip1> <ip2> Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2> and as the ending IP address. v1v2c <comm>...
Page 495: Ap4700>Admin(System.snmp.access)>Delete
AP4700>admin(system.snmp.access)>delete Deletes SNMP access entries for specific v1v2 and v3 user definitions. Syntax delete <idx> Deletes entry <idx> (1-10) from the access control list. Deletes all entries from the access control list. v1v2c <idx> Deletes entry <idx> (1-10) from the v1/v2 configuration list. Deletes all entries from the v1/v2 configuration list.
Page 496: Ap4700>Admin(System.snmp.access)>List
CLI Reference AP4700>admin(system.snmp.access)>list Lists SNMP access entries. Syntax list Lists SNMP access control list entries. v1v2c Lists SNMP v1/v2c configuration. <idx> Lists SNMP v3 user definition by index <idx> (1-10). Lists all SNMP v3 user definitions. Example admin(system.snmp.access)>list acl ---------------------------------------------------------------- index start ip end ip...
Page 497: Ap4700>Admin(System.snmp.traps)
System SNMP Traps Commands AP4700>admin(system.snmp.traps) Displays the SNMP traps submenu. The items available under this command are shown below. show Shows SNMP trap parameters. Sets SNMP trap parameters. Adds SNMP trap entries. delete Deletes SNMP trap entries. list Lists SNMP trap entries. Goes to the parent menu.
Page 498: Ap4700>Admin(System.snmp.traps)>Show
CLI Reference AP4700>admin(system.snmp.traps)>show Shows SNMP trap parameters. Syntax show trap Shows SNMP trap parameter settings. rate-trap Shows SNMP rate-trap parameter settings. Example admin(system.snmp.traps)>show trap SNMP MU Traps mu associated : enable mu unassociated : disable mu denied association : disable mu denied authentication : disable SNMP Traps...
Page 499: Ap4700>Admin(System.snmp.traps)>Set
AP4700>admin(system.snmp.traps)>set Sets SNMP trap parameters. Syntax mu-assoc enable/disable Enables/disables the MU associated trap. mu-unassoc enable/disable Enables/disables the MU unassociated trap. mu-deny-assoc enable/disable Enables/disables the MU association denied trap. mu-deny-auth enable/disable Enables/disables the MU authentication denied trap. snmp-auth enable/disable Enables/disables the authentication failure trap.
Page 500: Ap4700>Admin(System.snmp.traps)>Add
CLI Reference AP4700>admin(system.snmp.traps)>add Adds SNMP trap entries. Syntax add v1v2 <ip> <port> <comm> <ver> Adds an entry to the SNMP v1/v2 access list with the destination IP address set to <ip>, the destination UDP port set to <port>, the community string set to <comm> (1 to 31 characters), and the SNMP version set to <ver>.
Page 501: Ap4700>Admin(System.snmp.traps)>Delete
AP4700>admin(system.snmp.traps)>delete Deletes SNMP trap entries. Syntax delete v1v2c <idx> Deletes entry <idx> from the v1v2c access control list. Deletes all entries from the v1v2c access control list. <idx> Deletes entry <idx> from the v3 access control list. Deletes all entries from the v3 access control list. Example admin(system.snmp.traps)>delete v1v2 all For information on configuring SNMP traps using the applet (GUI), see...
Page 502: Ap4700>Admin(System.snmp.traps)>List
CLI Reference AP4700>admin(system.snmp.traps)>list Lists SNMP trap entries. Syntax list v1v2c Lists SNMP v1/v2c access entries. <idx> Lists SNMP v3 access entry <idx 1-10> . Lists all SNMP v3 access entries. Example admin(system.snmp.traps)>add v1v2 203.223.24.2 162 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index dest ip dest port...
Page 503: System User Database Commands
System User Database Commands AP4700>admin(system)> userdb Goes to the user database submenu. Syntax user Goes to the user submenu. group Goes to the group submenu. save Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu. For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group”...
Page 504: Ap4700>Admin(System.userdb)>User
CLI Reference Adding and Removing Users from the User Databse AP4700>admin(system.userdb)>user Adds and removes users from the user database and defines user passwords. Syntax Adds a new user. delete Deletes a new user. clearall Removes all existing user IDs from the system. Sets a password for a user.
Page 505: Ap4700>Admin(System.userdb.user)>Add
AP4700>admin(system.userdb.user)>add Adds a new user to the user database. Syntax Adds a new user ID <userid> and password <passwd> string to the user database. Example admin(system.userdb.user>add george password admin(system.userdb.user> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group”...
Page 506: Ap4700>Admin(System.userdb.user)>Delete
CLI Reference AP4700>admin(system.userdb.user)>delete Removes a new user to the user database. Syntax delete Removes a user ID <id> and password <pw> string from the user database. Example admin(system.userdb.user>delete george admin(system.userdb.user> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group”...
Page 507: Ap4700>Admin(System.userdb.user)>Clearall
AP4700>admin(system.userdb.user)>clearall Removes all existing user IDs from the system. Syntax clearall Removes all existing user IDs from the system. Example admin(system.userdb.user>clearall admin(system.userdb.user> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group” on page 259.
Page 508: Ap4700>Admin(System.userdb.user)>Set
CLI Reference AP4700>admin(system.userdb.user)>set Sets a password for a user. Syntax <userid> <passwd> Sets user <userid> and password <passwd> string for a specific user. Example admin(system.userdb.user>set george password admin(system.userdb.user> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group”...
Page 509: Ap4700>Admin(System.userdb)>Group
Adding and Removing Groups from the User Databse AP4700>admin(system.userdb)>group Adds and removes groups from the user database. Syntax create Creates a group name. delete Deletes a group name. clearall Removes all existing group names from the system. Adds a user to an existing group. remove Removes a user from an existing group.
Page 510: Ap4700>Admin(System.userdb.group)>Create
CLI Reference AP4700>admin(system.userdb.group)>create Creates a group name. Once defined, users can be added to the group. Syntax create Creates a group name string. Once defined, users can be added to the group. Example admin(system.userdb.group>create 2 admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group”...
Page 511: Ap4700>Admin(System.userdb.group)>Delete
AP4700>admin(system.userdb.group)>delete Deletes an existing group. Syntax delete Deletes an existing group name string. Example admin(system.userdb.group>delete 2 admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group” on page 259. Altitude 4700 Series Access Point Product Reference Guide...
Page 512: Ap4700>Admin(System.userdb.group)>Clearall
CLI Reference AP4700>admin(system.userdb.group)>clearall Removes all existing group names from the system. Syntax clearall Removes all existing group names from the system. Example admin(system.userdb.group>clearall admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group” on page 259.
Page 513: Ap4700>Admin(System.userdb.group)>Add
AP4700>admin(system.userdb.group)>add Adds a user to an existing group. Syntax <userid> Adds a user <userid> to an existing group <group>. <group> Example admin(system.userdb.group>add lucy group x admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group”...
Page 514: Ap4700>Admin(System.userdb.group)>Remove
CLI Reference AP4700>admin(system.userdb.group)>remove Removes a user from an existing group. Syntax remove <userid> Removes a user <userid> from an existing group<group>. <group> Example admin(system.userdb.group>remove lucy group x admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group”...
Page 515: Ap4700>Admin(System.userdb.group)>Show
AP4700>admin(system.userdb.group)>show Displays existing groups. Syntax show Displays existing groups and users, users Displays configured user IDs for a group. groups Displays configured groups. Example admin(system.userdb.group>show groups List of Group Names : engineering : marketing : demo room admin(system.userdb.group> For information on configuring User Database permissions using the applet (GUI), see “Defining User Access Permissions by Group”...
Page 516: System Radius Commands
CLI Reference System RADIUS Commands AP4700>admin(system)>radius Goes to the RADIUS system submenu. Syntax Goes to the EAP submenu. policy Goes to the access policy submenu. ldap Goes to the LDAP submenu. proxy Goes to the proxy submenu. client Goes to the client submenu. Sets RADIUS parameters.
Page 517: Ap4700>Admin(System.radius)>Set/Show
AP4700>admin(system.radius)>set/show Sets or displays the RADIUS user database. Syntax Sets the RADIUS user database. show all Displays the RADIUS user database. Example admin(system.radius)>set database local admin(system.radius)>show all Database : local admin(system.radius)> For information on configuring RADIUS using the applet (GUI), see “Configuring User Authentication”...
Page 518: Ap4700>Admin(System.radius)>Eap
CLI Reference AP4700>admin(system.radius)>eap Goes to the EAP submenu. Syntax peap Goes to the Peap submenu. ttls Goes to the TTLS submenu. import Imports the requested EAP certificates. Defines EAP parameters. show Displays the EAP configuration. save Saves the configuration to system flash. quit Quits the CLI.
Page 519: Ap4700>Admin(System.radius.eap)>Peap
AP4700>admin(system.radius.eap)>peap Goes to the Peap submenu. Syntax Defines Peap parameters. show Displays the Peap configuration. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu. Goes to the root menu. For information on configuring PEAP RADIUS using the applet (GUI), see “Configuring User Authentication”...
Page 520: Ap4700>Admin(System.radius.eap.peap)>Set/Show
CLI Reference AP4700>admin(system.radius.eap.peap)>set/show Defines and displays Peap parameters Syntax Sets the Peap authentication <peap type> (to either gtc or mschapv2). show Displays the Peap authentication type. Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc For information on configuring EAP PEAP RADIUS values using the applet (GUI), see “Configuring User Authentication”...
Page 521: Ap4700>Admin(System.radius.eap)>Ttls
AP4700>admin(system.radius.eap)>ttls Goes to the TTLS submenu. Syntax Defines TTLS parameters. show Displays the TTLS configuration. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu. Goes to the root menu. For information on configuring EAP TTLS RADIUS values using the applet (GUI), see “Configuring User Authentication”...
Page 522: Ap4700>Admin(System.radius.eap.ttls)>Set/Show
CLI Reference AP4700>admin(system.radius.eap.ttls)>set/show Defines and displays TTLS parameters Syntax Sets the default TTLS authentication <ttls type> (to either pap, md5 or mschapv2). show Displays the TTLS authentication <type>. Example admin(system.radius.eap.ttls)>set auth pap admin(system.radius.eap.ttls)>show TTLS Auth Type : pap For information on configuring EAP TTLS RADIUS values using the applet (GUI), see “Configuring User Authentication”...
Page 523: Ap4700>Admin(System.radius)>Policy
AP4700>admin(system.radius)>policy Goes to the access policy submenu. Syntax Sets a group’s WLAN access policy. access-time Goes to the time based login submenu. show Displays the group’s access policy. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu. Goes to the root menu.
Page 524: Ap4700>Admin(System.radius.policy)>Set
CLI Reference AP4700>admin(system.radius.policy)>set Defines the group’s WLAN access policy. Syntax <group> <wlan(s) > Defines a group’s <group> WLAN access policy (defined as a string) delimited by a space. Example admin(system.radius.policy)>set engineering 16 admin(system.radius.policy)> For information on configuring RADIUS WLAN policy values using the applet (GUI), see “Configuring User Authentication”...
Page 525: Ap4700>Admin(System.radius.policy)>Access-Time
AP4700>admin(system.radius.policy)>access-time Goes to the time-based login submenu. Syntax <group> Defines a target group’s access time permissions. Access time is in <access-time> DayDDDD-DDDD format. show Displays the group’s access time rule. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu.
Page 526: Ap4700>Admin(System.radius.policy)>Show
CLI Reference AP4700>admin(system.radius.policy)>show Displays a group’s access policy. Syntax show Displays a group’s access policy. Example admin(system.radius.policy)>show List of Access Policies engineering : 16 marketing : 10 demo room test demo : No Wlans admin(system.radius.policy)> For information on configuring RADIUS WLAN policy values using the applet (GUI), see “Configuring User Authentication”...
Page 527: Ap4700>Admin(System.radius)>Ldap
AP4700>admin(system.radius)>ldap Goes to the LDAP submenu. Syntax Defines the LDAP parameters. show all Displays existing LDAP parameters. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu. Goes to the root menu. For information on configuring a RADIUS LDAP server using the applet (GUI), see “Configuring LDAP Authentication”...
Page 528: Ap4700>Admin(System.radius.ldap)>Set
CLI Reference AP4700>admin(system.radius.ldap)>set Defines the LDAP parameters. Syntax Defines the LDAP parameters. ipadr Sets LDAP IP address. port Sets LDAP server port. binddn Sets LDAP bind distinguished name. basedn Sets LDAP base distinguished name. passwd Sets LDAP server password. login Sets LDAP login attribute.
Page 529: Ap4700>Admin(System.radius.ldap)>Show All
AP4700>admin(system.radius.ldap)>show all Displays existing LDAP parameters. Syntax show all Displays existing LDAP parameters. Example admin(system.radius.ldap)>show all LDAP Server IP : 0.0.0.0 LDAP Server Port : 389 LDAP Bind DN : cn=manager, o=trion LDAP Base DN : 0=trion LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User-Name}}) LDAP Password attribute : userPassword...
Page 530: Ap4700>Admin(System.radius)>Proxy
CLI Reference AP4700>admin(system.radius)>proxy Goes to the RADIUS proxy server submenu. Syntax Adds a proxy realm. delete Deletes a proxy realm. clearall Removes all proxy server records. Sets proxy server parameters. show Displays current RADIUS proxy server parameters. save Saves the configuration to system flash. quit Quits the CLI.
Page 531: Ap4700>Admin(System.radius.proxy)>Add
AP4700>admin(system.radius.proxy)>add Adds a proxy. Syntax Adds a proxy realm. name <name> Realm name. <ip1> Authentication server IP address. port <port> Authentication server port. <sec> Shared secret password. Example admin(system.radius.proxy)>add lancelot 157.235.241.22 1812 muddy admin(system.radius.proxy)> For information on configuring RADIUS proxy server values using the applet (GUI), see “Configuring a Proxy Radius Server”...
Page 532: Ap4700>Admin(System.radius.proxy)>Delete
CLI Reference AP4700>admin(system.radius.proxy)>delete Adds a proxy. Syntax delete <realm> Deletes a realm name. Example admin(system.radius.proxy)>delete lancelot admin(system.radius.proxy)> For information on configuring RADIUS proxy server values using the applet (GUI), see “Configuring a Proxy Radius Server” on page 255. Altitude 4700 Series Access Point Product Reference Guide...
Page 533: Ap4700>Admin(System.radius.proxy)>Clearall
AP4700>admin(system.radius.proxy)>clearall Removes all proxy server records from the system. Syntax clearall Removes all proxy server records from the system. Example admin(system.radius.proxy)>clearall admin(system.radius.proxy)> For information on configuring RADIUS proxy server values using the applet (GUI), see “Configuring a Proxy Radius Server” on page 255.
Page 534: Ap4700>Admin(System.radius.proxy)>Set
CLI Reference AP4700>admin(system.radius.proxy)>set Sets Radius proxy server parameters. Syntax Sets RADIUS proxy server parameters. delay Defines retry delay time (in seconds) for the proxy server. count Defines retry count value for the proxy server. Example admin(system.radius.proxy)>set delay 10 admin(system.radius.proxy)>set count 5 admin(system.radius.proxy)>...
Page 535: Ap4700>Admin(System.radius)>Client
AP4700>admin(system.radius)>client Goes to the RADIUS client submenu. Syntax Adds a RADIUS client to list of available clients. delete Deletes a RADIUS client from list of available clients. show Displays a list of configured clients. save Saves the configuration to system flash. quit Quits the CLI.
Page 536: Ap4700>Admin(System.radius.client)>Add
CLI Reference AP4700>admin(system.radius.client)>add Adds a RADIUS client to those available to the RADIUS server. Syntax Adds a proxy. <ip> Client’s IP address. mask <ip1> Network mask address of the client. secret <sec> Shared secret password. Example admin(system.radius.client)>add 157.235.132.11 255.255.255.225 muddy admin(system.radius.client)>...
Page 537: Ap4700>Admin(System.radius.client)>Delete
AP4700>admin(system.radius.client)>delete Removes a specified RADIUS client from those available to the RADIUS server. Syntax delete Removes a specified RADIUS client <ipadr> from those available to the RADIUS server. Example admin(system.radius.client)>delete 157.235.132.11 admin(system.radius.client)> For information on configuring RADIUS client values using the applet (GUI), see “Configuring the Radius Server”...
Page 538: Ap4700>Admin(System.radius.client)>Show
CLI Reference AP4700>admin(system.radius.client)>show Displays a list of configured RADIUS clients. Syntax show Removes a specified RADIUS client from those available to the RADIUS server. Example admin(system.radius.client)>show ---------------------------------------------------------------------------- Subnet/Host Netmask SharedSecret ---------------------------------------------------------------------------- 157.235.132.11 255.255.255.225 ***** admin(system.radius.client)> For information on configuring RADIUS client values using the applet (GUI), see “Configuring the Radius Server”...
Page 539: System Network Time Protocol (Ntp) Commands
System Network Time Protocol (NTP) Commands AP4700>admin(system)>ntp Displays the NTP menu. The correct network time is required for numerous functions to be configured accurately on the access point. Syntax show Shows NTP parameters settings. date-zone Show date, time and time zone. zone-list Displays list of time zones.
Page 540: Ap4700>Admin(System.ntp)>Show
CLI Reference AP4700>admin(system.ntp)>show Displays the NTP server configuration. Syntax show Shows all NTP server settings. Example admin(system.ntp)>show current time : 2006-07-31 14:35:20 time zone: : UTC ntp mode : enable For information on configuring NTP using the applet (GUI), see “Configuring Network Time Protocol (NTP)”...
Page 541: Ap4700>Admin(System.ntp)>Date-Zone
AP4700>admin(system.ntp)>date-zone Show date, time and time zone. Syntax date-zone Show date, time and time zone. Example admin(system.ntp)>date-zone Date/Time : Sat 1970-Jan-03 20:06:22 +0000 UTC Time Zone : UTC For information on configuring NTP using the applet (GUI), see “Configuring Network Time Protocol (NTP)”...
Page 542: Ap4700>Admin(System.ntp)>Zone-List
CLI Reference AP4700>admin(system.ntp)>zone-list Displays an extensive list of time zones for countries around the world. Syntax zone-list Displays list of time zone indexes for every known zone. Example admin(system.ntp)> zone-list For information on configuring NTP using the applet (GUI), see “Configuring Network Time Protocol (NTP)”...
Page 543: Ap4700>Admin(System.ntp)>Set
AP4700>admin(system.ntp)>set Sets NTP parameters for access point clock synchronization. Syntax mode <ntp-mode> Enables or disables NTP. server <idx> <ip> Sets the NTP sever IP address. port <idx> <port> Defines the port number. intrvl <period> Defines the clock synchronization interval used between the access point and the NTP server in minutes (15 - 65535).
Page 544: System Log Commands
CLI Reference System Log Commands AP4700>admin(system)>logs Displays the access point log submenu. Logging options include: Syntax show Shows logging options. Sets log options and parameters. view Views system log. delete Deletes the system log. send Sends log to the designated FTP Server. Goes to the parent menu.
Page 545: Ap4700>Admin(System.logs)>Show
AP4700>admin(system.logs)>show Displays the current access point logging settings. Syntax show Displays the current access point logging configuration. Example admin(system.logs)>show log level : L6 Info syslog server logging : enable syslog server ip address : 192.168.0.102 For information on configuring logging settings using the applet (GUI), see “Logging Configuration”...
Page 546: Ap4700>Admin(System.logs)>Set
CLI Reference AP4700>admin(system.logs)>set Sets log options and parameters. Syntax level <level> Sets the level of the events that will be logged. All events with a level at or above <level> (L0-L7) will be saved to the system log. L0:Emergency L1:Alert L2:Critical L3:Errors L4:Warning...
Page 547: Ap4700>Admin(System.logs)>View
AP4700>admin(system.logs)>view Displays the access point system log file. Syntax view Displays the entire access point system log file. Example admin(system.logs)>view 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance 7 16:15:43 (none) last message repeated 2 times 7 16:16:01 (none) CC: 4:16pm...
Page 548: Ap4700>Admin(System.logs)>Delete
CLI Reference AP4700>admin(system.logs)>delete Deletes the log files. Syntax delete Deletes the access point system log file. Example admin(system.logs)>delete For information on configuring logging settings using the applet (GUI), see “Logging Configuration” on page 112. Altitude 4700 Series Access Point Product Reference Guide...
Page 549: Ap4700>Admin(System.logs)>Send
AP4700>admin(system.logs)>send Sends log and core file to an FTP Server. Syntax send Sends the system log file via FTP to a location specified with the set command. Refer to the command set under the AP4700>admin(fw update) command for information on setting up an FTP server and login information.
Page 550: System Configuration-Update Commands
CLI Reference System Configuration-Update Commands AP4700>admin(system.config)> Displays the access point configuration update submenu. Syntax default Restores the default access point configuration. partial Restores a partial default access point configuration. show Shows import/export parameters. Sets import/export access point configuration parameters. export Exports access point configuration to a designated system.
Page 551: Ap4700>Admin(System.config)>Default
AP4700>admin(system.config)>default Restores the full access point factory default configuration. Syntax default Restores the access point to the original (factory) configuration. Example admin(system.config)>default Are you sure you want to default the configuration? <yes/no>: For information on importing/exporting access point configurations using the applet (GUI), see “Importing/Exporting Configurations”...
Page 552: Ap4700>Admin(System.config)>Partial
CLI Reference AP4700>admin(system.config)>partial Restores a partial factory default configuration. The access point’s LAN, WAN and SNMP settings are unaffected by the partial restore. Syntax default Restores a partial access point configuration. Example admin(system.config)>partial Are you sure you want to partially default AP4700? <yes/no>: For information on importing/exporting access point configurations using the applet (GUI), see “Importing/Exporting Configurations”...
Page 553: Ap4700>Admin(System.config)>Show
AP4700>admin(system.config)>show Displays import/export parameters for the access point configuration file. Syntax show Shows all import/export parameters. Example admin(system.config)>show cfg filename : cfg.txt cfg filepath ftp/tftp server ip address : 192.168.0.101 ftp user name : myadmin ftp password : ******** For information on importing/exporting access point configurations using the applet (GUI), see “Importing/Exporting Configurations”...
Page 554: Ap4700>Admin(System.config)>Set
CLI Reference AP4700>admin(system.config)>set Sets the import/export parameters. Syntax file <filename> Sets the configuration file name (1 to 39 characters in length). path <path> Defines the path used for the configuration file upload. server <ipaddress> Sets the FTP/TFTP server IP address. user <username>...
Page 555: Ap4700>Admin(System.config)>Export
AP4700>admin(system.config)>export Exports the configuration from the system. Syntax export Exports the access point configuration to the FTP server. Use the set command to set the server, user, password, and file name before using this command. tftp Exports the access point configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command.
Page 556: Ap4700>Admin(System.config)>Import
In turn, a dual-radio model access point cannot import/export its configuration to a single-radio access point. CAUTION Extreme Networks discourages importing a 1.0 baseline configuration file to a 1.1 (or later) version access point. Similarly, a 2.0 baseline configuration file should not be imported to a 1.0 version access point. Importing configurations between different version access point’s results in broken configurations, since new features added to...
Page 557: Firmware Update Commands
Firmware Update Commands AP4700>admin(system)>fw-update Displays the firmware update submenu. The items available under this command are shown below. NOTE The access point must complete the reboot process to successfully update the device firmware, regardless of whether the reboot is conducted uing the GUI or CLI interfaces. show Displays the current access point firmware update settings.
Page 558: Ap4700>Admin(System.fw-Update)>Show
CLI Reference AP4700>admin(system.fw-update)>show Displays the current access point firmware update settings. Syntax show Shows the current system firmware update settings for the access point. Example admin(system.fw-update)>show automatic firmware upgrade : enable automatic config upgrade : enable firmware filename : apn.bin firmware path : /tftpboot/ ftp/tftp server ip address...
Page 559: Ap4700>Admin(System.fw-Update)>Set
AP4700>admin(system.fw-update)>set Defines access point firmware update settings and user permissions. Syntax fw-auto <mode> When enabled, updates device firmware each time the firmware versions are found to be different between the access point and the specified firmware on the remote system. cfg-auto <mode>...
Page 560: Ap4700>Admin(System.fw-Update)>Update
CLI Reference AP4700>admin(system.fw-update)>update Executes the access point firmware update over the WAN or LAN ports using either ftp, tftp or SFTP. Syntax update <mode><iface> Defines the ftp ot tftp mode used to conduct the firmware update. Specifies whether the update is executed over the access point’s WAN, LAN1 or LAN2 interface <iface>. NOTE The access point must complete the reboot process to successfully update the device firmware, regardless of whether the reboot is conducted uing the GUI or CLI interfaces.
Page 561: Statistics Commands
Statistics Commands AP4700>admin(stats) Displays the access point statistics submenu. The items available under this command are: show Displays access point WLAN, MU, LAN and WAN statistics. send-cfg-ap Sends a config file to another access point within the known AP table. send-cfg-all Sends a config file to all access points within the known AP table.
Page 562: Ap4700>Admin(Stats)>Show
CLI Reference AP4700>admin(stats)>show Displays access point system information. Syntax show Displays stats for the access point WAN port. Displays stats for the access point LAN port Displays LAN Spanning Tree Status wlan Displays WLAN status and statistics summary. s-wlan Displays status and statistics for an individual WLAN radio Displays a radio statistics transmit and receive summary.
Page 563: Ap4700>Admin(Stats)>Send-Cfg-Ap
AP4700>admin(stats)>send-cfg-ap Copies the access point’s configuration to another access point within the known AP table. Syntax send-cfg-ap <index> Copies the access point’s configuration to the access points within the known AP table. Mesh configuration attributes do not get copied using this command and must be configured manually.
Page 564: Ap4700>Admin(Stats)>Send-Cfg-All
CLI Reference AP4700>admin(stats)>send-cfg-all Copies the access point’s configuration to all of the access points within the known AP table. Syntax send-cfg-all Copies the access point’s configuration to all of the access points within the known AP table. Example admin(stats)>send-cfg-all admin(stats)> NOTE The send-cfg-all command copies all existing configuration parameters except Mesh settings, LAN IP data, WAN IP data and DHCP Server parameter information.
Page 565: Ap4700>Admin(Stats)>Clear
AP4700>admin(stats)>clear Clears the specified statistics counters to zero to begin new data calculations. Syntax clear Clears WAN statistics counters. Clears LAN statistics counters for specified LAN index (either clear lan 1 or clear lan 2). all-rf Clears all RF data. all-wlan Clears all WLAN summary information.
Page 566: Ap4700>Admin(Stats)>Flash-All-Leds
CLI Reference AP4700>admin(stats)>flash-all-leds Starts and stops the illumination of a specified access point’s LEDs. Syntax flash-all-leds <index> Defines the Known AP index number of the target AP to flash. <stop/start> Begins or terminates the flash activity. Example admin(stats)> admin(stats)>flash-all-leds 1 start Password ******** admin(stats)>flash-all-leds 1 stop admin(stats)>...
Page 567: Ap4700>Admin(Stats)>Echo
AP4700>admin(stats)>echo Defines the echo test values used to conduct a ping test to an associated MU. Syntax show Shows the Mobile Unit Statistics Summary. list Defines echo test parameters and result. Determines echo test packet data. start Begins echoing the defined station. Goes to parent menu.
Page 568: Ap4700>Admin.stats.echo)>Show
CLI Reference AP4700>admin.stats.echo)>show Shows Mobile Unit Statistics Summary. Syntax show Shows Mobile Unit Statistics Summary. Example admin(stats.echo)>show ---------------------------------------------------------------------------- IP Address MAC Address WLAN Radio T-put Retries ---------------------------------------------------------------------------- 192.168.2.0 00:A0F8:72:57:83 demo For information on MU Echo and Ping tests using the applet (GUI), see “Pinging Individual MUs”...
Page 569: Ap4700>Admin.stats.echo)>List
AP4700>admin.stats.echo)>list Lists echo test parameters and results. Syntax list Lists echo test parameters and results. Example admin(stats.echo)>list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 admin(stats.echo)> For information on MU Echo and Ping tests using the applet (GUI), see “Pinging Individual MUs”...
Page 570: Ap4700>Admin.stats.echo)>Set
CLI Reference AP4700>admin.stats.echo)>set Defines the parameters of the echo test. Syntax station <mac> Defines MU target MAC address. request <num> Sets number of echo packets to transmit (1-539). length <num> Determines echo packet length in bytes (1-539). data <hex> Defines the particular packet data. For information on MU Echo and Ping tests using the applet (GUI), see “Pinging Individual MUs”...
Page 571: Ap4700>Admin.stats.echo)>Start
AP4700>admin.stats.echo)>start Initiates the echo test. Syntax start Initiates the echo test. Example admin(stats.echo)>start admin(stats.echo)>list Station Address : 00A0F843AABB Number of Pings : 10 Packet Length : 100 Packet Data (in HEX) Number of MU Responses For information on MU Echo and Ping tests using the applet (GUI), see “Pinging Individual MUs”...
Page 572: Ap4700>Admin(Stats)>Ping
CLI Reference AP4700>admin(stats)>ping Defines the ping test values used to conduct a ping test to an AP with the same ESSID. Syntax ping show Shows Known AP Summary details. list Defines ping test packet length. Determines ping test packet data. start Begins pinging the defined station.
Page 573: Ap4700>Admin.stats.ping)>Show
AP4700>admin.stats.ping)>show Shows Known AP Summary Details. Syntax show Shows Known AP Summary Details. Example admin(stats.ping)>show ---------------------------------------------------------------------------- IP Address MAC Address KBIOS Unit Name ---------------------------------------------------------------------------- 192.168.2.0 00:A0F8:72:57:83 Access Point Altitude 4700 Series Access Point Product Reference Guide...
Page 574: Ap4700>Admin.stats.ping)>List
CLI Reference AP4700>admin.stats.ping)>list Lists ping test parameters and results. Syntax list Lists ping test parameters and results. Example admin(stats.ping)>list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 admin(stats.ping)> For information on Known AP tests using the applet (GUI), see “Pinging Individual MUs”...
Page 575: Ap4700>Admin.stats.ping)>Set
AP4700>admin.stats.ping)>set Defines the parameters of the ping test. Syntax station Defines the AP target MAC address. request Sets number of ping packets to transmit (1-539). length Determines ping packet length in bytes (1-539). data Defines the particular packet data. Example admin(stats.ping)>set station 00A0F843AABB admin(stats.ping)>set request 10 admin(stats.ping)>set length 100...
Page 576: Ap4700>Admin.stats.echo)>Start
CLI Reference AP4700>admin.stats.echo)>start Initiates the ping test. Syntax start Initiates the ping test. Example admin(stats.ping)>start admin(stats.ping)>list Station Address : 00A0F843AABB Number of Pings : 10 Packet Length : 100 Packet Data (in HEX) Number of AP Responses For information on Known AP tests using the applet (GUI), see “Pinging Individual MUs”...
Page 577: Chapter 9: Configuring Mesh Networking
Configuring Mesh Networking C H A P T E R Mesh provides a network that is robust and reliable. In this network, each node is connected to its neighbor by more than one path. The multiple paths provide the network with its robustness. If a node goes down, there are other paths available for the data to traverse through the network.
Page 578: The Client Bridge Association Process
MUs using the second independent radio. CAUTION Only Extreme Networks AP4700 or AP3500 series model access points can be used as base bridges, client bridges or repeaters within an access point supported mesh network. If utilizing a mesh network, Extreme Networks recommends considering a dual-radio model to optimize channel utilization and throughput.
Page 579: Spanning Tree Protocol (Stp)
The association and authentication process is identical to the MU association process. The client Access Point sends 802.11 authentication and association frames to the base Access Point. The base Access Point responds as if the client is an actual mobile unit. Depending on the security policy, the two Access Point’s engage in the normal handshake mechanism to establish keys.
Page 580: Defining The Mesh Topology
NOTE Extreme Networks recommends using the Mesh STP Configuration screen to define a base bridge as a root. Only advanced users should use the Advanced Client Bridge Settings screen’s Preferred List to define the mesh topology, as omitting a bridge from the preferred list could break connections within the mesh network.
Page 581: Impact Of Importing/Exporting Configurations To A Mesh Network
The user does not necessarily have to change these settings, as the default settings will work. However, Extreme Networks encourages the user to define an Access Point as a base bridge and root (using the base bridge priority settings within the Bridge STP Configuration screen). Members of the mesh network can be configured as client bridges or additional base bridges with a higher priority value.
Page 582 (commonly referred to as the root). Extreme Networks recommends assigning a Base Bridge AP with the lowest bridge priority so it becomes the root in the STP. If a root already exists, set the Bridge Priorities of new APs accordingly so the root of the STP doesn't get altered.
Page 583: Configuring A Wlan For Mesh Networking Support
WLAN in order to share the same ESSID, radio designation, security policy, MU ACL and Quality of Service policy. If intending to use the Access Point for mesh networking support, Extreme Networks recommends configuring at least one WLAN (of the 16 WLANs available) specifically for mesh networking support.
Page 584 Configuring Mesh Networking Extreme Networks recommends assigning a unique name to a WLAN supporting a mesh network to differentiate it from WLANs defined for non mesh support. The name assigned to the WLAN is what is selected from the Radio Configuration screen for use within the mesh network.
Page 585: Configuring The Access Point Radio For Mesh Support
If a hacker tries to find an ESSID via an MU, the Access Point’s ESSID does not display since the ESSID is not in the beacon. Extreme Networks recommends keeping the option enabled to reduce the likelihood of hacking into the WLAN.
Page 586 Configuring Mesh Networking 1 Select Network Configuration > Wireless > Radio Configuration from the menu tree. 2 Refer to the Radio Function parameter to ensure the radio has been designated for WLAN Radio support. Refer to RF Band of Operation parameter to ensure you are enabling the correct 802.11a/n or 802.11b/g/n radio.
Page 587 WLAN (ESS) the client bridge uses to establish a wireless link. The default setting, is (WLAN1). Extreme Networks recommends creating (and naming) a WLAN specifically for mesh networking support to differentiate the Mesh supported WLAN from non-Mesh supported WLANs.
Page 588 Auto link selection is based on the RSSI and load. The client bridge will select the best available link when the Automatic Link Selection checkbox is selected. Extreme Networks recommends you do not disable this option, as (when enabled) the Access Point will select the best base bridge for connection.
Page 589 15 Click Cancel to undo any changes made within the Advanced Client Bridge Settings screen. This reverts all settings for the screen to the last saved configuration. 16 If using a dual-radio model Access Point, refer to the Mesh Timeout drop-down menu (from within the Radio Configuration screen) to define whether one of the Access Point’s radio’s beacons on an existing WLAN or if a client bridge radio uses an uplink connection.
Page 590: Mesh Network Deployment - Quick Setup
Configuring Mesh Networking For additional information on configuring the Access Point’s radio, see “Configuring the 802.11a/n or 802.11b/g/n Radio” on page 174. For two fictional deployment scenarios, see “Mesh Network Deployment - Quick Setup” on page 590. Mesh Network Deployment - Quick Setup This section provides instructions on how to quickly setup and demonstrate mesh functionality using three Access Points.
Page 591 Configuring AP#1: 1 Provide a known IP address for the LAN1 interface. NOTE Enable the LAN1 Interface of AP#1 as a DHCP Server if you intend to associate MUs and require them to obtain an IP address via DHCP. 2 Assign a Mesh STP Priority of 40000 to LAN1 Interface. Altitude 4700 Series Access Point Product Reference Guide...
Page 592 Configuring Mesh Networking 3 Define a mesh supported WLAN. Altitude 4700 Series Access Point Product Reference Guide...
Page 593 4 Enable base bridge functionality on the 802.11a/n radio (Radio 2). 5 Define a channel of operation for the 802.11a/n radio. Altitude 4700 Series Access Point Product Reference Guide...
Page 594 Configuring Mesh Networking 6 If needed, create another WLAN mapped to the 802.11b/g/n radio if 802.11b/g/n support is required for MUs on that 802.11 band. Configuring AP#2 AP#2 can be configured the same as AP#1 with the following exceptions: Assign an IP Address to the LAN1 Interface different than that of AP#1 ●...
Page 595 Configuring AP#3 To define the configuration for AP#3 (a client bridge connecting to both AP#1 and AP#2 simultaneously): 1 Provide a known IP address for the LAN1 interface. 2 Assign the maximum value (65535) for the Mesh STP Priority. Altitude 4700 Series Access Point Product Reference Guide...
Page 596 Configuring Mesh Networking 3 Create a mesh supported WLAN with the Enable Client Bridge Backhaul option selected. NOTE This WLAN should not be mapped to any radio. Therefore, leave both of the “Available On” radio options unselected. 4 Select the Client Bridge checkbox to enable client bridge functionality on the 802.11a/n radio. Use the Mesh Network Name drop-down menu to select the name of the WLAN created in step 3.
Page 597: Scenario 2 - Two Hop Mesh Network With A Base Bridge Repeater And A Client Bridge
Verifying Mesh Network Functionality for Scenario #1 You now have a three AP mesh network ready to demonstrate. Associate a single MU on each AP WLAN configured for 802.11b/g/n radio support. Once completed, pass traffic among the three APs comprising the mesh network. Scenario 2 - Two Hop Mesh Network with a Base Bridge Repeater and a Client Bridge By default, the mesh algorithm runs an automatic link selection algorithm to determine the best possible...
Page 598 Configuring Mesh Networking Configuring AP#2 AP#2 requires the following modifications from AP#2 in the previous scenario to function in base bridge/client bridge repeater mode. 1 Enable client bridge backhaul on the mesh supported WLAN. Altitude 4700 Series Access Point Product Reference Guide...
Page 599 2 Enable client and base bridge functionality on the 802.11a/n radio Configuring AP#3 To define AP #3’s configuration: 1 The only change needed on AP#3 (with respect to the configuration used in scenario #1), is to disable the Auto Link Selection option. Click the Advanced button within the Mesh Client Bridge Settings field.
Page 600 Configuring Mesh Networking 2 Add the 802.11a/n Radio MAC Address. In scenario #2, the mesh WLAN is mapped to BSS1 on the 802.11a/n radio if each AP. The Radio MAC Address (the BSSID#1 MAC Address) is used for the AP#2 Preferred Base Bridge List. Ensure both the AP#1 and AP#2 Radio MAC Addresses are in the Available Base Bridge List.
Page 601: Mesh Networking Frequently Asked Questions
Verifying Mesh Network Functionality for Scenario #2 You now have a three AP demo multi-hop mesh network ready to demonstrate. Associate an MU on the WLANs configured on the 802.11b/g/n radio for each AP and pass traffic among the members of the mesh network.
Page 602 Configuring Mesh Networking Resolution: Check the mesh backhaul radio channel configuration on both base bridges (AP1, AP2). They need to use the same channel so the client bridge can connect to both simultaneously. Mesh Deployment Issue 2 - Faulty Client Bridge Connectivity You have configured three Access Points in mesh mode;...
Page 603 Resolution: Yes, MUs on a mesh APs can roam seemlessly throughout the mesh network as well as with non-mesh Access Points on the wired network. Mesh Deployment Issue 8 - Can I mesh between an AP4700 and an AP3500? Can I mesh between these models? Resolution: Yes, the Access Points are fairly close from a software deployment standpoint.
Page 604 Configuring Mesh Networking Altitude 4700 Series Access Point Product Reference Guide...
Page 605: Chapter 10: Adaptive Ap
Adaptive AP C H A P T E R An adaptive AP (AAP) is an access point that can adopt like a thin AP in layer 2 or layer 3. The management of an AAP is conducted by the controller, once the access point connects to an Extreme Networks WM3000 series wireless controller and receives its AAP configuration.
Page 606: Where To Go From Here
Adaptive AP WAN Survivability—Local WLAN services at a remote sites are unaffected in the case of a WAN ● outage. Securely extend corporate WLAN's to stores for corporate visitors—Small home or office deployments can ● utilize the feature set of a corporate WLAN from their remote location. Maintain local WLAN's for in store applications—WLANs created and supported locally can be ●...
Page 607: Controller Discovery
Controller Discovery For an Access Point to function as an AAP (regardless of mode), it needs to connect to a controller to receive its configuration. There are two methods of controller discovery: Auto Discovery Using DHCP on page 607 ● Manual Adoption Configuration on page 608v ●...
Page 608: Securing A Configuration Channel Between Controller And Ap
Adaptive AP tunnel-to-controller enable Manual Adoption Configuration A manual controller adoption of an AAP can be conducted using: Static FQDN—A controller fully qualified domain name can be specified to perform a DNS lookup ● and controller discovery. Static IP addresses—Up to 12 controller IP addresses can be manually specified in an ordered list the ●...
Page 609: Adaptive Ap Wlan Topology
the network. If the controller is on the Access Point’s LAN, ensure the LAN subnet is on a secure channel. The AP will connect to the controller and request a configuration. Adaptive AP WLAN Topology An AAP can be deployed in the following WLAN topologies: Extended WLANs—Extended WLANs are the centralized WLANs created on the controller.
Page 610: Remote Site Survivability (Rss)
Adaptive AP If a new controller is located, the AAP synchronizes its configuration with the located controller once adopted. If Remote Site Survivability (RSS) is disabled, the independent WLAN is also disabled in the event of a controller failure. Remote Site Survivability (RSS) RSS can be used to turn off RF activity on an AAP if it loses adoption (connection) to the controller.
Page 611: Topology Deployment Considerations
LAN1. If the WAN Interface is used, explicitly configure WAN as the default gateway interface. Extreme Networks recommends using the LAN1 interface for adoption in multi-cell deployments. ● If you have multiple independent WLANs mapped to different VLANs, the AAP's LAN1 interface ●...
Page 612: Extended Wlans With Independent Wlans
Adaptive AP Extended WLANs with Independent WLANs An AAP can have both extended WLANs and independent WLANs operating in conjunction. When used together, MU traffic from extended WLANs go back to the controller and traffic from independent WLANs is bridged locally by the AP. All local WLANs are mapped to LAN1, and all extended WLANs are mapped to LAN2.
Page 613: Configuring The Adaptive Ap For Adoption By The Controller
“Adaptive AP Configuration” on page 614. Configuring the Controller for Adaptive AP Adoption The tasks described below are configured on an Extreme Networks controller. For information on configuring the controller for AAP support, see http://www.extremenetworks.com/go/documentation To adopt an AAP on a controller: 1 Ensure enough licenses are available on the controller to adopt the required number of AAPs.
Page 614: Establishing Basic Adaptive Ap Connectivity
Adaptive AP Establishing Basic Adaptive AP Connectivity This section defines the activities required to configure basic AAP connectivity with a Summit WM3400, Summit WM3600 or Summit WM3700 controller. In establishing a basic AAP connection, both the Access Point and controller require modifications to their respective default configurations. For more information, see: Adaptive AP Configuration on page 614 ●...
Page 615 Adopting an Adaptive AP Manually To manually enable the Access Point’s controller discovery method and connection medium required for adoption: 1 Select System Configuration > Adaptive AP Setup from the Access Point’s menu tree. 2 Select the Auto Discovery Enable checkbox. Enabling auto discovery will allow the AAP to be detected by a controller once its connectivity medium has been configured (by completing steps 3-6) 3 Enter up to 12 Controller IP Addresses constituting the target controllers available for AAP connection.
Page 616: Controller Configuration
Adaptive AP NOTE The manual AAP adoption described above can also be conducted using the Access Point’s CLI interface using the admin(system.aapsetup)> command. Adopting an Adaptive AP Using a Configuration File To adopt an AAP using a configuration file: 1 Refer to “Adopting an Adaptive AP Manually”...
Page 617 To disable automatic adoption on the controller: 1 Select Network > Access Port Radios from the controller main menu tree. 2 Select the Configuration tab (should be displayed be default) and click the Global Settings button. 3 Ensure the Adopt unconfigured radios automatically option is NOT selected. When disabled, there is no automatic adoption of non-configured radios on the network.
Page 618 Adaptive AP NOTE Additionally, a WLAN can be defined as independent using the "wlan <index> independent" command from the config-wireless context. Once an AAP is adopted by the controller, it displays within the controller Access Port Radios screen (under the Network parent menu item) as an Access Point within the AP Type column. Altitude 4700 Series Access Point Product Reference Guide...
Page 619: Adaptive Ap Deployment Considerations
Adaptive AP Deployment Considerations Before deploying your controller/AAP configuration, refer to the following usage caveats to optimize its effectiveness: Extended WLANs are mapped to the AP’s LAN2 interface and all independent WLANs are mapped ● to the AP’s LAN1 Interface. If deploying multiple independent WLANs mapped to different VLANs, ensure the AP’s LAN1 ●...
Page 620: Sample Controller Configuration File For Ipsec And Independent Wlan
Adaptive AP Sample Controller Configuration File for IPSec and Independent WLAN The following constitutes a sample Summit WM3700 wireless LAN controller configuration file supporting an AAP IPSec with Independent WLAN configuration. Please note new AAP specific CLI commands in and relevant comments in blue. NOTE In addition to the sample configuration below, a WMM policy should be enabled and configured for the Access Point in AAP mode.
Page 621 ip http server ip http secure-trustpoint default-trustpoint ip http secure-server ip ssh no service pm sys-restart timezone America/Los_Angeles license AP xyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxx yxyxyx wireless no adopt-unconf-radio enable manual-wlan-mapping enable wlan 1 enable wlan 1 ssid qs5-ccmp wlan 1 vlan 200 wlan 1 encryption-type ccmp wlan 1 dot11i phrase 0 admin123 wlan 2 enable wlan 2 ssid qs5-tkip...
Page 622 Adaptive AP radio 2 base-bridge max-clients 12 radio 2 base-bridge enable radio add 3 00-15-70-00-79-12 11bg aap4700 radio 3 bss 1 3 radio 3 bss 2 4 radio 3 bss 3 2 radio 3 channel-power indoor 6 8 radio 3 rss enable radio add 4 00-15-70-00-79-12 11a aap4700 radio 4 bss 1 5 radio 4 bss 2 6...
Page 623 interface ge4 controllerport access vlan 1 interface me1 ip address dhcp interface sa1 controllerport mode trunk controllerport trunk native vlan 1 controllerport trunk allowed vlan none controllerport trunk allowed vlan add 1-9,100,110,120,130,140,150,160,170, controllerport trunk allowed vlan add 180,190,200,210,220,230,240,250, interface vlan1 ip address dhcp To attach a Crypto Map to a VLAN Interface crypto map AAP-CRYPTOMAP...
Page 624 Adaptive AP Altitude 4700 Series Access Point Product Reference Guide...
Page 625: Appendix A: Technical Specifications
Technical Specifications A P P E N D I X This appendix section provides technical specifications for the following: Physical Characteristics on page 625 ● Electrical Characteristics on page 626 ● Radio Characteristics on page 626 ● Country Codes on page 627 ●...
Page 626: Electrical Characteristics
Electrical Characteristics The Altitude 4700 Series Access Points have the following electrical characteristics: Table 3: Electrical Characteristics Operating Voltage 38-54V DC Operating Current Not to exceed 600mA @ 48VDC Radio Characteristics This section describes the radio characteristics of the Altitude 4700 Series Access Points: Altitude 4710 and Altitude 4750 Radio Characteristics on page 626 ●...
Page 627: Country Codes
Country Codes The following list of countries and their country codes is useful when using the Access Point configuration file, CLI or the MIB to configure the Access Point: Table 5: Country Codes Country Code Algeria Anguilla Argentina Australia Austria Bahamas Bahrain Barbados...
Page 628 Table 5: Country Codes (Continued) Country Code Greece Guadeloupe Guatemala Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Ireland Italy Jamaica Japan Jordan Kazakhstan Kenya Kuwait Latvia Lebanon Liechtenstein Lithuania Luxembourg Macau Macedonia Malaysia Malta Martinique Mexico Moldova Montenegro Morocco Nambia Netherlands...
Page 629 Table 5: Country Codes (Continued) Country Code Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia Singapore Slovak Republic Slovenia South Africa South Korea Spain Sri Lanka Sweden Switzerland Taiwan Thailand Trinidad and Tobago Tunisia Turkey Ukraine...
Page 630 Altitude 4700 Series Access Point Product Reference Guide...
Page 631: Appendix B: Usage Scenarios
Usage Scenarios A P P E N D I X This appendix section provides practical usage scenarios for many of the Access Point’s key features. This information should be referenced as a supplement to the information contained within this Product Reference Guide.
Page 632: Windows - Dhcp Server Configuration
Windows - DHCP Server Configuration See the following sections for information on these DHCP server configurations in the Windows environment: Embedded Options - Using Option 43 on page 632 ● Global Options - Using Extended/Standard Options on page 633 ● DHCP Priorities on page 635 ●...
Page 633 5 While the Access Point boots, verify the Access Point: Obtains and applies the expected IP Address from the DHCP Server ● Downloads both the firmware and configuration files from the TFTP Server and updates both as ● needed. Verify the file versions within the System Settings screen. NOTE If the firmware files are the same, the firmware will not get updated.
Page 634 d Under the General tab, check all 3 options mentioned within the Extended Options table and enter a value for each option. 3 Copy both the firmware and configuration files to the appropriate directory on the TFTP Server. By default, auto update is enabled on the Access Point (since the LAN Port is a DHCP Client, out-of-the-box auto update support is on the LAN Port).
Page 635: Linux - Bootp Server Configuration
DHCP Priorities The following flowchart indicates the priorities used by the Access Point when the DHCP server is configured for multiple options. -------------------------------------------------------------------------------------------- If the DHCP Server is configured for options 186 and 66 (to assign TFTP Server IP addresses) the Access Point uses the IP address configured for option 186.
Page 636 The setup example described in this section includes: 1 Access Point (either an Altitude 4710 or Altitude 4750 model) ● 1 Linux/Unix BOOTP Server ● 1 TFTP Server ● To configure BootP options using a Linux/Unix BootP Server: 1 Set the Linux/Unix BootP Server and Access Point on the same Ethernet segment. 2 Configure the bootptab file (/etc/bootptab) on the Linux/Unix BootP Server in any one of the formats that follows: Using options 186, 187 and 188:...
Page 637 5 While the Access Point boots, verify the Access Point: Sends a true BootP request. ● Obtains and applies the expected IP Address from the BootP Server. ● Downloads both the firmware and configuration files from the TFTP Server and updates them as ●...
Page 638: Configuring An Ipsec Tunnel And Vpn Faqs
Configuring an IPSEC Tunnel and VPN FAQs The Access Point has the capability to create a tunnel between an Access Point and a VPN endpoint. The Access Point can also create a tunnel from one Access Point to another Access Point. The following instruction assumes the reader is familiar with basic IPSEC and VPN terminology and technology.
Page 639 5 Enter the WAN port IP address of AP #1 for the Local WAN IP. 6 Within the Remote Subnet and Remote Subnet Mask fields, enter the LAN IP subnet and mask of AP #2 /Device #2. 7 Enter the WAN port IP address of AP #2/ Device #2 for a Remote Gateway. 8 Click Apply to save the changes.
Page 640 11 For the ESP Type, select ESP with Authentication and use AES 128-bit as the ESP encryption algorithm and MD5 as the authentication algorithm. Click OK. 12 Select the IKE Settings button. 13 Select Pre Shared Key (PSK) from the IKE Authentication Mode drop-down menu. 14 Enter a Passphrase.
Page 641: Configuring A Cisco Vpn Device
NOTE Ensure the IKE authentication Passphrase is the same as the Pre-shared key on the Cisco PIX device. 15 Select AES 128-bit as the IKE Encryption Algorithm. 16 Select Group 2 as the Diffie-Hellman Group. Click OK. This will take you back to the VPN screen. 17 Click Apply to make the changes 18 Check the VPN Status screen.
Page 642: Frequently Asked Vpn Questions
The figure below shows how the Access Point VPN Status screen should look if the entire configuration is set up correctly once the VPN tunnel is active. The status field should display “ACTIVE”. Frequently Asked VPN Questions The following are common questions that arise when configuring a VPN tunnel. Question 1: Does the Access Point IPSec tunnel support multiple subnets on the other end of a ●...
Page 643 Question 2: Even if a wildcard entry of “0.0.0.0” is entered in the Remote Subnet field in the VPN ● configuration page, can the AP access multiple subnets on the other end of a VPN concentrator for the APs LAN/WAN side? No.
Page 644 UFQDN—tries to match the user entered remote ID data string to the email address field of the ● received certificate. Question 8: I am using a direct cable connection between my two VPN gateways for testing and ● cannot get a tunnel established, yet it works when I set them up across another network or router. Why? The packet processing architecture of the Access Point VPN solution requires the WAN default gateway to work properly.
Page 645 Question 11: My tunnel works fine when I use the LAN-WAN Access page to configure my ● firewall. Now that I use Advanced LAN Access, my VPN stops working. What am I doing wrong? VPN requires certain packets to be passed through the firewall. Subnet Access automatically inserts these rules for you when you do VPN.
Page 646 Altitude 4700 Series Access Point Product Reference Guide...
Page 647: Appendix C: Customer Support
A P P E N D I X NOTE Services can be purchased from Extreme Networks or through one of its channel partners. If you are an end-user who has purchased service through an Extreme Networks channel partner, please contact your partner first for support.
Page 648 Altitude 4700 Series Access Point Product Reference Guide...

Extreme Networks Altitude 4700 Series Product Reference Manual

About this Guide

Chapter 1: Introduction

Chapter 2: Hardware Installation

Chapter 3: Getting Started

Chapter 4: System Configuration

Chapter 5: Network Management

Chapter 6: Configuring Access Point Security

Chapter 7: Monitoring Statistics

Chapter 8: CLI Reference

Quick Links

Related Manuals for Extreme Networks Altitude 4700 Series

Summary of Contents for Extreme Networks Altitude 4700 Series