3Com WX4400 Reference Manual
3Com WX4400 Reference Manual

3Com WX4400 Reference Manual

Wireless lan mobility system wireless switch manager
Hide thumbs Also See for WX4400:
Table of Contents

Advertisement

Wireless LAN Mobility System
Wireless Switch Manager
Reference Manual
WX4400
3CRWX440095A
WX2200
3CRWX220095A
WX1200
3CRWX120695A
WXR100
3CRWXR10095A
http://www.3Com.com/
Part No. 10015905
Published June 2007

Advertisement

Table of Contents
loading

Summary of Contents for 3Com WX4400

  • Page 1 Wireless LAN Mobility System Wireless Switch Manager Reference Manual WX4400 3CRWX440095A WX2200 3CRWX220095A WX1200 3CRWX120695A WXR100 3CRWXR10095A http://www.3Com.com/ Part No. 10015905 Published June 2007...
  • Page 2 3Com Corporation reserves the right to revise this documentation and to make changes in content from time 01752-3064 to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose.
  • Page 3: Table Of Contents

    ONTENTS BOUT UIDE Conventions Documentation Documentation Comments 3WXM NSTALLING Hardware Requirements Hardware Requirements for 3WXM Client Hardware Requirements for 3WXM Monitoring Service Software Requirements Preparing for Installation User Privileges Serial Number and License Key Installing 3WXM Installing 3WXM on Windows Systems Installing 3WXM on Linux Systems Installation Log File Installing Web-Start Client...
  • Page 4 Menu Bar Options Tool Bar Options Status Counters Copying, Pasting, and Deleting Objects Copy and Paste in the Organizer Panel Copy and Paste Replace in the Organizer Panel Copy and Paste in the Content Panel Enabling Keyboard Shortcut Mnemonics (Windows XP Only) ETTING TARTED Starting 3WXM...
  • Page 5 Converting Auto DAPs into Statically Configured APs Creating a Network Domain LANNING THE OBILITY YSTEM RF Planning Overview Accessing the RF Planning Tools Creating or Modifying a Site Creating or Modifying Buildings in a Site Creating or Modifying Floors Importing or Drawing Floor Details Importing a Drawing of a Floor File Recommendations Preparing a Drawing Before Importing It...
  • Page 6 Showing RF Coverage Placing RF Measurement Points Using RF Interactive Measurement Mode Reading the RF Measurement Table Generating RF Network Design Information WX S ONFIGURING YSTEM ARAMETERS WX Switch Configuration Objects Adding a WX Switch to the Network Plan Creating a WX Switch as Part of RF Planning Creating a WX Switch Using the Create Wireless Switch Wizard Creating a New WX Switch Based on a Configured Switch in the Network Plan...
  • Page 7 Creating a Port Group Changing a Port Group Viewing and Changing Management Settings Viewing Management Service Settings Changing Management Service Settings Configuring SNMP Viewing and Setting Log and Trace Settings Viewing Log Settings Changing Log Settings Viewing and Configuring IP Services Settings Viewing IP Services Setting Creating a Static Route Create an IP Alias...
  • Page 8 Changing a CoS-to-DSCP Mapping Setting a Range of DSCP Values to a Single CoS Value Resetting CoS Mapping to their Default Values ONFIGURING IRELESS ARAMETERS Viewing and Configuring Wireless Services Wireless Service Parameters Viewing Wireless Services Configuring an 802.1X Wireless Service Configuring a Voice over Wireless Service Configuring a Web-Portal (WebAAA) Service Configuring an Open Access Service...
  • Page 9 Changing Radio Settings Viewing and Changing RF Detection Settings Viewing RF Detection Settings Adding an Entry to the Permitted Vendor OUI List Adding an Entry to the Permitted SSID List Adding an Entry to the Ignore List Adding an Entry to the Rogue List Adding an Entry to the Client Black List Enabling Countermeasures Enabling MAP Signatures...
  • Page 10 Viewing Web AAA Network Access Rules Creating a Web AAA Network Access Rule Viewing and Configuring Last-Resort Network Access Rules Viewing Last-Resort Network Access Rules Creating a Last-Resort Network Access Rule Viewing and Configuring WX Administrator Access Rules Viewing WX Administrator Access Rules Creating an Access Rule for Console Access Creating an Access Rule for Telnet or SSH Access Viewing and Configuring AAA Support for Third-Party AP Users...
  • Page 11 Enabling Replacement of Remote Switches Replacing a Switch WX S ANAGING YSTEM MAGES AND ONFIGURATIONS WX File Management Options Devices Tab Task List Options Toolbar Options Synchronizing Local and Network Changes Reviewing Switch Configuration Changes Accepting Network Changes Undoing Local or Network Changes Deploying Switch Configuration Changes Synchronizing When the Network and 3WXM Have Nonmatching Changes...
  • Page 12 ANAGING ERTIFICATES Overview Processing Certificates Managing Certificates Reviewing Certificate Details Deleting Certificates Distributing Certificates to WX Switches ONFIGURING AND PPLYING OLICIES How Changes Are Managed Viewing Policies Creating a Policy Configuring Feature Settings in a Policy Applying Policy Changes to Switches ANAGING LARMS Setting Up the Fault Management System...
  • Page 13 Using Predefined Event Filters Filtering Events by Content Filtering Events by Severity Filtering Events by Facility Creating and Saving Filters Deleting Filters Exporting Filtered Data ENERATING EPORTS Configuration Requirements Overview Generating an Inventory Report Generating a Mobility Domain Configuration Report Generating a WX Configuration Report Generating a Client Summary Report Generating a Client Details Report...
  • Page 14 Alarm Summary Client Summary Traffic Summary Using the Status Summary View Status Monitor or Status Summary Details Using the Alarm Summary View Alarm Summary Details Additional Alarm Options Using the Client Summary View Client Details Additional Client Options Finding a Client Refreshing Client Data Using the Traffic Summary View Traffic Details...
  • Page 15 PTIMIZING A ETWORK Importing RF Measurements Importing the Measurements Applying the RF Measurements to the Floor Plan Locating and Fixing Coverage Holes Locating a Coverage Hole Fixing a Coverage Hole Computing and Placing New MAPs Adding New MAPs that Are Already Installed to the Network Plan 3WXM P HANGING REFERENCES...
  • Page 16 Backing Up a Plan Changing Backup Settings Restoring a Plan from a Backup Copying a Plan Backup from One Server to Another Deleting a Plan Backup BTAINING UPPORT FOR RODUCTS Register Your Product to Gain Service Benefits Solve Problems Online Purchase Extended Warranty and Professional Services Access Software Downloads Contact Us...
  • Page 17: About

    BOUT UIDE This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch Manager (3WXM). Read this manual if you are a network administrator or a person responsible for managing a WLAN.
  • Page 18: Documentation

    BOUT UIDE This manual uses the following text and syntax conventions: Table 2 Text Conventions Convention Description Menu Name > Indicates a menu item that you select. For example, Command File > New indicates that you select New from the File menu.
  • Page 19: Documentation Comments

    Wireless Switch Manager Reference Manual (this guide) This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch Manager (3WXM). Wireless Switch Manager User’s Guide This guide shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch Manager (3WXM).
  • Page 20 Part number 730-9502-0071, Revision B Page 25 Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.
  • Page 21: Nstalling 3Wxm

    3WXM NSTALLING This chapter describes how to install 3Com Wireless Switch Manager (3WXM). Hardware Requirements Hardware Table 3 shows the minimum and recommended requirements to run the Requirements for 3WXM Client on Windows and Linux platforms. 3WXM Client Table 3 Hardware Requirements for Running 3WXM Client...
  • Page 22 1: I 3WXM HAPTER NSTALLING Table 4 Hardware Requirements for Running 3WXM Monitoring Service Hard drive space 1 GB 2 GB available Monitor resolution 1024x768 pixels, 24-bit 1600x1200 pixels, 32-bit color color CD-ROM drive CD-ROM or equivalent CD-ROM Table 5 contains general recommended guidelines for hardware requirements and memory allocation based on the number of radios and WX switches your server will support.
  • Page 23: Software Requirements

    After you have installed 3WXM, you will need to register your license and the serial number with 3Com in order to obtain an activation key. The base key along with its activation key enables you to manage up to 10 wireless LAN switches.
  • Page 24: User Privileges

    License Key To use 3WXM Services, you need to enter the base key and an activation key, which you obtain from 3Com. The base key and activation key enable you to manage up to 10 wireless LAN switches. To manage more than 10 wireless LAN switches, you need an upgrade license.
  • Page 25: Installing 3Wxm

    Installing 3WXM Installing 3WXM To install the 3Com Wireless Switch Manager, follow the instructions for your operating system below. Installing 3WXM on To install 3WXM on a Windows system: Windows Systems The 3WXM install program installs either just the 3WXM Client, or both the 3WXM Client and Services.
  • Page 26 The installation begins. During the installation, the 3Com Wireless Switch Manager installation wizard minimizes. 6 When the installation is complete, maximize the 3Com Wireless Switch Manager installation wizard screen, and then press the Contents button. 7 Press the Exit button to close the wizard, or navigate to the other items on the CD.
  • Page 27: Installing 3Wxm On Linux Systems

    Installing 3WXM Installing 3WXM on The same 3WXM install program installs either 3WXM Client, 3WXM Linux Systems Services, or both. To install 3WXM on a Linux system: Unpack the files Use the Installation Wizard Unpacking Files To unpack files on Linux systems: 1 Log in as superuser.
  • Page 28: Installation Log File

    During installation, an installation log file is created and placed in the 3WXM installation folder. This log file is named 3WXM_InstallLog.log. Double-click the log file icon to read the file. Have this log file available if you need to contact 3Com Technical Support about an installation problem.
  • Page 29: Installing Web-Start Client

    Installing Web-Start Client Installing Web-Start 3WXM version 5.0 provides a Java-based version of the 3WXM Client, Client the Web-Start client. The Web-Start client simplifies installation and upgrade of the client. Because the client and server versions must match, an upgrade to 3WXM Services requires an upgrade of the client on each machine to the same version.
  • Page 30: Upgrading 3Wxm

    Systems version. If you do want to uninstall 3WXM, use the Uninstall wizard. Access the Uninstall wizard from the 3Com program list in the Windows Start menu or the Control Panel. To uninstall 3WXM on Windows systems: 1 Access the Windows Control Panel, and select Add or Remove Programs.
  • Page 31 CAUTION: Do not delete the serial number unless specifically asked to do so by 3Com Technical Support. Your license(s) to use this software are registered against this serial number. If you delete the serial number, the software will generate a new serial number if it is ever reinstalled.
  • Page 32: Uninstalling 3Wxm On Linux Systems

    1: I 3WXM HAPTER NSTALLING To prevent an item from being uninstalled, click on the checkbox next to the item to remove the checkmark. 4 Click Continue. The uninstall program reports its progress. When the uninstall process is complete, the uninstall program reports that the items were successfully deleted.
  • Page 33: Working With The

    3WXM ORKING WITH THE NTERFACE This chapter describes how to use the 3Com Wireless Switch Manager (3WXM) interface. Overview When you start 3WXM client and log into 3WXM Services, the network plan is displayed by the 3WXM Client. Organizer panel...
  • Page 34: Display Panels

    ORKING WITH THE NTERFACE The network plan is the workspace in 3WXM you use to design and manage a 3Com network. The network plan defines the following: Network equipment (WX switches, MAPs, and third-party access points) Network site, including floor plans, RF characteristics of the floors, and...
  • Page 35: Organizer Panel

    Display Panels Organizer Panel The Organizer panel provides a tree-like view of the 3Com equipment and site data managed by 3WXM. The Organizer panel can contain the following object trees, depending on the option selected on the tool bar: Policies (displayed by the Policies tool bar option) — The set of device configuration policies included in your network plan.
  • Page 36: Content Panel

    2: W 3WXM U HAPTER ORKING WITH THE NTERFACE The tree that is displayed depends on the active tool bar option. (See “Tool Bar Options” on page 42.) To expand the view of an object in the tree, click on the plus sign next to the object.
  • Page 37 Display Panels When you click a link to open a configuration wizard, if there are unsaved changes, 3WXM prompts you to apply or cancel the changes. Click Apply to save the buffered changes and open the wizard. The Save, Apply, Finish, and OK buttons do not send configuration changes to the WX switches in the network.
  • Page 38: Task List Panel

    2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Task List Panel The Task List panel displays lists of tasks related to the object selected in the Organizer panel. Click a task to open the configuration wizard required to perform that task. The Task List panel is located to the right of the Content panel.
  • Page 39: Resizing A Display Panel

    Display Panels Some wizards contain multiple pages. Click the Next and Previous buttons at the bottom of a wizard to navigate through the pages. The Finish button saves the changes. If applicable, saving the changes also results in the newly configured object appearing in a table in the Content panel.
  • Page 40: Menu Bar Options

    2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Table 6 Resize Icons (continued) Option Description Maximize the Content panel. The panel fills the entire display area and minimizes the Organizer and Task List panels. This option applies only to the Content panel. Restore the Content panel.
  • Page 41 Open the online help (HTML version of the 3Com WXM Reference Manual). You also can access the help by pressing the F1 key. Report Problem Report a problem to 3Com Technical Support. About 3WXM About 3WXM: 3WXM version information Memory usage...
  • Page 42: Tool Bar Options

    The information appears in the Content panel. To perform site-related tasks, click task links in the Task List panel. (See “Planning the 3Com Mobility System” on page 75.) Configuration Display the tree of configured devices in the Organizer panel.
  • Page 43 Tool Bar Options Table 8 3WXM Tool Bar Options (continued) Option Description Verification Display the Config Verification and Network Verification tabs. The Verification tabs enable you to troubleshoot configuration issues on WX switches in the network plan or in the live network. To display more information about an error or warning message, click on the row containing the message.
  • Page 44: Status Counters

    2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Status Counters Table 9 lists the counters displayed at the bottom of the main 3WXM window. To obtain more information, place the cursor over a counter and click. Table 9 Status Counters Alert Category Description Config...
  • Page 45: Copying, Pasting, And Deleting Objects

    Copying, Pasting, and Deleting Objects Table 9 Status Counters (continued) Alert Category Description Alarms Lists the number of alarms of each severity that have been generated by 3WXM Services or by an WX currently being managed by 3WXM. The severities are indicated by the following colors: Red—Critical Orange—Major...
  • Page 46: Copy And Paste In The Organizer Panel

    2: W 3WXM U HAPTER ORKING WITH THE NTERFACE Copy and Paste in the To create a new object in the Organizer panel: Organizer Panel 1 Select the object you want to copy in the Organizer panel. 2 Right-click on the object and select Copy. 3 Select the parent object where you want the copy to go.
  • Page 47: Enabling Keyboard Shortcut Mnemonics (Windows Xp Only)

    Enabling Keyboard Shortcut Mnemonics (Windows XP Only) 3 Click the paste icon ( A configuration wizard appears. 4 Edit settings to make the new object unique from the object you copied, then click OK or Finish to save the changes and close the configuration wizard.
  • Page 48 2: W 3WXM U HAPTER ORKING WITH THE NTERFACE 4 Clear the box labeled Hide underlined letters for keyboard navigation until I press the Alt key. Clearing this option allows programs to show the underlined character for mnemonics in 3WXM. 5 Click OK.
  • Page 49: Getting Started

    3WXM client on the same machine where the server is installed. To start 3WXM: 1 Select Start > Programs > 3Com > 3WXM > 3WXM, or double-click the 3WXM icon on the desktop. The 3WXM Service Connection dialog appears.
  • Page 50 3: G HAPTER ETTING TARTED 2 In the 3WXM Services Connection dialog box, enter the IP address of the machine on which 3WXM Services is installed. 3 If you or the 3WXM administrator configured 3WXM access control, enter your username and password. 4 Click Next.
  • Page 51 Starting 3WXM Switch to an existing network plan. Open one of the sample plans included with 3WXM or a plan that you or another 3WXM user has saved on the 3WXM Services host. To open an existing network plan, use the Switch Plan page under Services >...
  • Page 52 7 Type the license key that was supplied with the 3WXM CD, and click Next. 8 Click Get Activation Key. A 3Com web page appears. Enter your registration information (and the license key, if you are licensing a purchased copy) in order to obtain an activation key.
  • Page 53 Starting 3WXM 12 Click the Get Activation Key to access the product activation key for your upgrade license. Register your upgrade license in order to obtain its activation key. 13 Copy the activation key for the upgrade license from the web page and paste it into the Activation Key box of the Activation Key page.
  • Page 54: Restricting Access To 3Wxm

    3: G HAPTER ETTING TARTED Restricting Access By default, all users who have been successfully authenticated to a system to 3WXM with 3WXM installed on it can run 3WXM. You can restrict the users allowed to access 3WXM on a system and define their access privileges by creating three types of 3WXM user accounts: Administrator—This account can monitor the network, configure the network, and administer 3WXM.
  • Page 55: Creating An Administrator Account

    Restricting Access to 3WXM Creating an Before you can restrict user access to 3WXM, you must create an Administrator administrator account. After creating an administrator account, you can Account create provision or monitor accounts. To create an administrator account: 1 Select Tools > 3WXM Services Setup. The 3WXM Services Setup dialog box appears.
  • Page 56: Creating Provision Or Monitor Accounts

    3: G HAPTER ETTING TARTED Creating Provision or After creating an administrator account, you can create provision or Monitor Accounts monitor accounts. To create a provision or monitor account: 1 Select Services > Setup to access the 3WXM Services Setup page. 2 Click Access Control in the left column to display the Access Control page.
  • Page 57: Working With Network Plans

    ORKING WITH ETWORK LANS A network plan is the workspace in 3WXM you use to design a 3Com network. In a network plan, you define components of the network (WX switches, MAP access points, and optional third-party access points). Regardless of whether you intend to use physical planning features, you must create a network plan before you can configure or manage WX switches or monitor network data.
  • Page 58: Creating A Network Plan

    4: W HAPTER ORKING WITH ETWORK LANS Creating a Network To create a network plan: Plan 1 Select Services > Plan Management to access the 3WXM Plan Management page. 2 Click New Plan in the left column to display the New Plan page. 3 In the Network Plan Name box, type a name for the network plan.
  • Page 59: Managing Network Plans

    (See “Saving or Discarding Configuration Changes” on page 36.) 3Com recommends that you regularly back up the config-db directory so that you have additional copies of your network plans.
  • Page 60: Opening A Network Plan

    4: W HAPTER ORKING WITH ETWORK LANS Saving a Network Plan with a New Name You can save a network plan with a new name by using the Save As feature. To save a network plan with a new name: 1 Select Services >...
  • Page 61: Importing A Network Plan

    3Com recommends that you save a backup copy of the plan before importing objects from another plan. To save a backup copy, you can use the Save As page.
  • Page 62: Closing A Network Plan

    4: W HAPTER ORKING WITH ETWORK LANS If you do not want to replace the objects in the open plan with their like-named objects in the other plan, click Cancel. 3WXM does not import any objects from the plan. If you do want to replace the objects, click Import. 3WXM imports the objects into the open plan.
  • Page 63: Sharing A Network Plan

    Managing Network Plans Sharing a Network Since the 3WXM plan repository resides on a networked server (the host Plan running 3WXM Services), you can easily share access to network plans among hosts running the 3WXM Client. When you make changes to a network plan, 3WXM locks the part of the plan you are modifying.
  • Page 64: Defining A Mobility Domain

    4: W HAPTER ORKING WITH ETWORK LANS Defining a Mobility A Mobility Domain is a collection of WX switches that work together to Domain support roaming users. One of the WX switches is defined as a seed device, which distributes information to the other WX switches defined in the Mobility Domain.
  • Page 65 Defining a Mobility Domain The client uses the same authorization parameters for the new session as for the old session. For example, changing the Encryption-Type or VLAN-Name parameter might cause a new session to be recorded, rather than a roam within the same session. A disassociated session has a grace period of 5 seconds in which the session history can be retrieved and forwarded.
  • Page 66: Traffic Ports Used By Mss

    ETWORK LANS Traffic Ports Used by When deploying a 3Com wireless network, you might attach 3Com equipment to subnets that have firewalls or access controls between them. 3Com equipment uses various protocol ports to exchange information. To ensure full operation of your network, make sure the equipment can exchange information on the ports listed in Table 10.
  • Page 67: Creating A Mobility Domain

    Defining a Mobility Domain Creating a Mobility The Create Mobility Domain wizard requires you to select the switches to Domain place in the Mobility Domain and to select the seed switch. Add the switches to the network plan before you configure the Mobility Domain. 1 Select the Configuration tool bar option.
  • Page 68: Creating A Wx Switch

    4: W HAPTER ORKING WITH ETWORK LANS Creating a WX To create a WX switch: Switch 1 Select the Configuration tool bar option. 2 In the Organizer panel, select the network plan name. 3 In the Task List panel, select Wireless Switch. 4 Go to “Using the Create Wireless Switch Wizard”...
  • Page 69 Creating a Third-Party AP 12 In the Radio Type drop-down list, select one of the following: 11a, 11b, 11g. The choices available depend on the selection you made in step 11. 13 Click Next. 14 Verify the radio slot number and radio type. For a dual-radio access point, 802.11b/g radios have a slot number of 1.
  • Page 70: Changing The Country Code

    4: W HAPTER ORKING WITH ETWORK LANS Changing the The country code determines the valid radio types as well as channel Country Code numbers and power settings for MAP radios. The country code is one of the parameters you set when you create a network plan. If you need to change the country code of a plan, use the following procedure.
  • Page 71: Uploading A Wx Switch Into The Network Plan

    Uploading a WX Switch into the Network Plan 5 Select the scope: Mobility Domain WX switch Radio profile Individual MAP radio To select a radio profile, display it first by clicking on the plus sign next to the WX switch. To select an individual radio, display it first by displaying its radio profile, then clicking on the plus sign next to the radio profile.
  • Page 72: Converting Auto Daps Into Statically Configured Aps

    4: W HAPTER ORKING WITH ETWORK LANS 10 If 3WXM displayed error or warning messages, select the Verification tool bar option and go to “Verifying Configuration Changes” on page 377. Converting Auto Distributed MAPs that are not configured on any WX switches in the DAPs into Statically Mobility Domain can nonetheless be booted and managed by a switch if Configured APs...
  • Page 73 Mobility Domain the two switches are in. All switches that do not fit either of the descriptions above. 3Com recommends that you allow 3WXM to automatically assign affinity values instead of using the CLI to manually set them. Even if you do use the CLI to set them, 3WXM does not replace the affinity values it automatically sets with values set on individual switches.
  • Page 74 4: W HAPTER ORKING WITH ETWORK LANS...
  • Page 75: Planning The 3C Om Mobility System

    MAP placement, and generate RF network design information. RF Planning The 3WXM planning tools calculate the 3Com equipment you need, how Overview to configure it, and where to install it, all based on the information you provide about your wireless coverage needs.
  • Page 76: Accessing The Rf Planning Tools

    5: P HAPTER LANNING THE OBILITY YSTEM Accessing the RF To access the RF planning tools, select the RF Planning tool bar option and Planning Tools do one of the following: If you are creating a new building, click on the site name in the Organizer panel and select Create Building in the Task List panel.
  • Page 77 RF Planning Overview Table 12 Toolbar icons available in RF Planning Tools (continued) Option Description Change the grid size. Zoom in. Zoom out. Fit view in window. Print the view displayed in the floor display area. Toggle AP label. Copy selected objects. Paste selected objects.
  • Page 78: Creating Or Modifying A Site

    5: P HAPTER LANNING THE OBILITY YSTEM Table 12 Toolbar icons available in RF Planning Tools (continued) Option Description Show 802.11a RF coverage in the floor display area. Show 802.11b RF coverage in the floor display area. Show 802.11g RF coverage in the floor display area. Hide display of 802.11 RF coverage in the floor display area.
  • Page 79 Creating or Modifying a Site 1 In the Site Name box, type a name for the site (1 to 80 alphanumeric characters, with no spaces or tabs). 2 To change the Country Code, select Setup Country Code in the Task List panel, then in the Change Country Code dialog, select the country where the network is to be deployed.
  • Page 80: Creating Or Modifying Buildings In A Site

    5: P HAPTER LANNING THE OBILITY YSTEM Creating or Modifying To create or modify a building in a site: Buildings in a Site 1 Select the RF Planning tool bar option. 2 In the Organizer panel, click the site name. 3 Do one of the following: If you are creating a new building, click on the site name in the Organizer panel and select Create Building in the Task List panel.
  • Page 81 Creating or Modifying Buildings in a Site 1 In the Building Name box, type the name of the building (1 to 30 alphanumeric characters, with no spaces or tabs). 2 In the Task List Panel, under Other, click Edit Building. The Edit Building dialog box is displayed.
  • Page 82: Creating Or Modifying Floors

    5: P HAPTER LANNING THE OBILITY YSTEM 3WXM adjusts the default attenuations based on your selection. 10 To change the default attenuation for radios, type the number of dB in the 802.11a (dB) box or 802.11b/g (dB) box. From the Content panel of the building, you can edit the properties of existing floors in the building.
  • Page 83: Importing Or Drawing Floor Details

    Importing or Drawing Floor Details 4 To change the floor name, type the new name in the Floor Name box (1 to 60 alphanumeric characters, with no tabs). Each floor name in a building must be unique. 5 To change the default attenuation for radios, type the number of dB in the 802.11a (dB) box or 802.11b/g (dB) box.
  • Page 84: File Recommendations

    Drawings in DXF format sometimes import more easily into 3WXM. However, 3Com recommends that you obtain copies of the drawing in both DWG and DXF formats if possible, so that you can try the other format if the first format you try does not import easily.
  • Page 85 Importing or Drawing Floor Details Delete all workspaces or paper layouts that are not required. If the drawing contains multiple paper layouts, delete all but the last one (which cannot be deleted) and delete the contents of that layout. Check for externally referenced files. 3WXM requires the drawing file to be monolithic.
  • Page 86 5: P HAPTER LANNING THE OBILITY YSTEM If you decide to delete a grouped object, ensure that the object does not contain objects to which you will need to assign RF values. Turn visible, unlock, and unfreeze all layers. Then delete unnecessary layers.
  • Page 87 Importing or Drawing Floor Details Create RF-specific layers and move walls, windows, doors, and other objects that affect RF propagation from other layers into the new layers. For example, create a new layer called RF-ExtWalls for external walls, and move all external wall objects into that layer. In 3WXM, you can easily select all objects in the layer and assign the same RF attenuation value to them.
  • Page 88 5: P HAPTER LANNING THE OBILITY YSTEM The operating tips in the previous table refer to specific command names in AutoCAD. The commands are mentioned in 3WXM documentation as a guide for finding the appropriate commands or options in your CAD application.
  • Page 89: Cropping The Paper Space

    Importing or Drawing Floor Details Figure 1 Floor Plan After Importing At this point, you can edit the floor contents. Go to “Cropping the Paper Space”, next, to begin. Cropping the Paper You can crop the paper space of a drawing to remove unneeded space Space and objects around the floor.
  • Page 90 5: P HAPTER LANNING THE OBILITY YSTEM 5 Read the warning. To complete the crop, click Yes. To cancel the crop request, click No. If you click Yes, all objects and paper space outside the area you selected are removed and the image is resized to fill the removed space. Figure 1 on page 89 shows the same floor plan as Figure 2 (below) after cropping the paper space.
  • Page 91: Adjusting The Scale Of A Drawing

    Importing or Drawing Floor Details Adjusting the Scale of If you imported a DWG or DXF drawing, you might need to adjust the a Drawing scale of the drawing because the units used in these drawings might not have a one-to-one correspondence to meters and feet. To adjust the scale of the drawing, you draw a line between two points of known distance and adjust the measurement.
  • Page 92 5: P HAPTER LANNING THE OBILITY YSTEM Origin point...
  • Page 93: Working With Layers

    Importing or Drawing Floor Details In this example, the origin point has been moved to an interior shaft. New location of origin point Working with Layers Most drawings contain multiple layers of information. 3WXM allows you to hide, add and delete individual layers. You also can add and remove objects and move objects from one layer to another.
  • Page 94 LANNING THE OBILITY YSTEM For best performance and simpler planning, 3Com recommends that you hide or remove unnecessary layers and remove unnecessary objects. The Clean Layout option automatically deletes all objects that meet the cleanup criteria, which you can modify. (See “Cleaning Up a Drawing” on page 95.) You also can select and delete individual objects.
  • Page 95: Cleaning Up A Drawing

    Importing or Drawing Floor Details Adding or removing a layer To add a new layer to a drawing, do the following: 1 Right-click the list of layers in the Organizer panel. 2 Select Add Layer from the menu that is displayed. 3WXM adds the new layer to the list and highlights its name so you can edit it.
  • Page 96 5: P HAPTER LANNING THE OBILITY YSTEM To clean up a drawing 1 Display the floor plan in the Content panel. 2 In the Task List panel, under RF Planning, click Clean Layout. The Floor Plan Clean Up wizard appears. 3 In the Remove Lines and Remove Objects group boxes, click next to any items you do not want 3WXM to remove from the drawing during cleanup.
  • Page 97 Importing or Drawing Floor Details 6 To change the maximum size of objects to be removed, type the new horizontal and vertical dimensions in the X-axis and Y-axis boxes. 3WXM removes all objects that fit within both the specified axes. 7 In the Layer List group box, select the layers you want to clean up.
  • Page 98 5: P HAPTER LANNING THE OBILITY YSTEM 10 Perform one of the following: Click Finish to accept the changes. Click Previous to change the cleanup constraints. Go back to step 2 on page 81. Click Cancel to cancel the changes.
  • Page 99: Drawing Floor Objects Manually

    Importing or Drawing Floor Details Drawing Floor You can use the Free Draw palette to add objects to your floor drawing Objects Manually that are not related to RF obstacles (for example, a conference room table). The tools for drawing non-RF objects work the same as the tools for drawing RF objects, but the tools are different.
  • Page 100: Specifying The Rf Characteristics Of A Floor

    (See “Importing RF Obstacle Data from a Site Survey” on page 104.) You also can use site survey data to optimize a network plan after installing 3Com equipment. (See “Optimizing a Network Plan” on page 485.) Recommendations Consider the following when creating RF obstacles: Be aware if a CAD drawing contains overlapping objects.
  • Page 101: Converting Objects Into Rf Obstacles

    Specifying the RF Characteristics of a Floor Converting Objects You have several options when creating RF obstacles: into RF Obstacles Convert all objects in a layer of a CAD drawing into RF obstacles. Convert all objects in an area of the drawing into RF obstacles. Convert multiple objects in the drawing into RF obstacles.
  • Page 102 5: P HAPTER LANNING THE OBILITY YSTEM To create RF obstacles by grouping objects You can group several objects in a drawing to specify them as one RF obstacle. For example, if a wall consists of several lines, the lines can be grouped.
  • Page 103: Drawing Rf Obstacles

    Specifying the RF Characteristics of a Floor 3 In the Attenuation Factor boxes, specify the attenuation factor for 802.11a and 802.11b/g technology (0 to 100 dB). The default is the typical attenuation factor for the material chosen. 4 Click Finish to save the changes and close the dialog box. If you created RF obstacles for all objects in a layer, all objects in the layer are converted into separate RF obstacles.
  • Page 104: Importing Rf Obstacle Data From A Site Survey

    5: P HAPTER LANNING THE OBILITY YSTEM 1 Click at a vertex, then move the cursor to the next vertex. (polygon) 2 Repeat until the polygon takes the shape you want. For a polygon with n sides, click n-1 additional times at the vertices.
  • Page 105 Specifying the RF Characteristics of a Floor To use this method, perform the following tasks: 1 In 3WXM, identify the major RF obstacles and assign an attenuation value to them. You can select any attenuation value. 3WXM will use the RF measurement data from the site survey to correct the attenuation values.
  • Page 106 5: P HAPTER LANNING THE OBILITY YSTEM Site Survey Recommendations This manual does not describe how to use the site survey application. For this information, consult the Ekahau site survey documentation. When conducting the survey, use the following best practices for optimal results: Verify that the scale of the floor plan is correct before generating a work order.
  • Page 107 Specifying the RF Characteristics of a Floor 5 Click Yes next to File. 6 In the File Format listbox, select Ekahau. 7 Click Choose to navigate to the csv file that contains the LOS points. 8 Click Next. The MAC addresses of the LOS points appear.
  • Page 108 5: P HAPTER LANNING THE OBILITY YSTEM 9 Click next to the MAC address of each LOS point you want to import. The MAC addresses are associated with specific radio types. Select the MAC addresses for the radio types you want to use in the network. 10 Click Finish.
  • Page 109 Specifying the RF Characteristics of a Floor LOS points in Organizer Panel LOS point placed in floor location When you place an LOS point onto the floor plan, the icon disappears from the Organizer Panel. To create LOS points in 3WXM 1 Display the floor plan in the Content panel.
  • Page 110 5: P HAPTER LANNING THE OBILITY YSTEM 5 In the Name box, type a name for the LOS point and click Next. 6 In the AP Model listbox, select the type or model of AP you plan to use for the portable AP. If the model is not listed, select AP (Dual Radio) for a dual-radio AP or AP (Single Radio) for a single-radio AP.
  • Page 111 Specifying the RF Characteristics of a Floor 9 In the Channel Number listbox, specify the channel number on which the AP radio will be operating. 10 In the Transmit Power listbox, specify the radio transmit power of the AP. 11 In the MAC Address box, type the MAC address you want to use for this position of the AP.
  • Page 112 5: P HAPTER LANNING THE OBILITY YSTEM To move an LOS point To move an LOS icon, click-and-drag to select the icon and move it to its new location. To temporarily remove an LOS point onto the Objects to Place tab To temporarily remove an LOS point from the floor without deleting it, click and drag the LOS icon to the Objects To Place area of the Organizer panel.
  • Page 113 Specifying the RF Characteristics of a Floor 4 Select the scope for which you want generate a site survey order. You can specify the Network Plan, an individual site, an individual building, or an individual floor. 5 Select the language for the site survey order: English German 6 To specify the output directory for the site survey order, click the button...
  • Page 114 5: P HAPTER LANNING THE OBILITY YSTEM 9 Select a floor to display LOS point information for that floor. Scroll down to view the MAC address assignments for the LOS points. Use the instructions in the Ekahau Site Survey Initial Setup section of the work order to set up the survey.
  • Page 115 Specifying the RF Characteristics of a Floor 4 Click Yes next to File. 5 In the format listbox, select Ekahau. 6 Click Choose to navigate to the csv file that contains the RF measurement data. 7 In the Map Name field, specify the map name. The map name must match the name specified in the site survey work order, and must be the same map name used in the site survey tool.
  • Page 116 5: P HAPTER LANNING THE OBILITY YSTEM Applying the RF Measurements to the Floor Plan 1 Under Site Survey in the Task List panel, click Optimize. A wizard appears, listing the progress of the request. The Total number of RF measurements that did not intersect any object line lists the number of measurements that did not experience attenuation due to an RF obstacle in the path between them.
  • Page 117: Defining Wireless Coverage Areas

    Defining Wireless Coverage Areas Defining Wireless You must define which areas of your enterprise require wireless network Coverage Areas coverage. In 3WXM, you plan for both coverage and capacity requirements in a particular area on the floor. Capacity requirements are determined by the number of users in the area and the amount of wireless network bandwidth desired for every user.
  • Page 118 5: P HAPTER LANNING THE OBILITY YSTEM Each floor plan must have at least one wiring closet, if the floor will use MAPs that are directly connected to their WX switches. However, a floor is not required to have a wiring closet if MAPs will be indirectly attached through the network.
  • Page 119: Defining A Coverage Area

    Defining Wireless Coverage Areas 7 To add a WX switch you previously created to the wiring closet, click the WX switch in the Available Devices box, then click the Add button to move it to the Current Devices box. To remove a WX switch from the wiring closet, click the WX switch in the Current Devices box, then click the Remove button to move it to the Available Devices box.
  • Page 120: Area 1

    5: P HAPTER LANNING THE OBILITY YSTEM Figure 5 shows an example of shared coverage areas. Figure 5 Supported Shared Coverage Areas Example Area 1 Area 2 The coverage areas shown in Figure 6 cannot share coverage and are not supported by 3WXM.
  • Page 121: Drawing A Coverage Area

    Defining Wireless Coverage Areas Drawing a Coverage Area 3WXM supports concave polygons, which have an internal angle greater than 180 degrees. When drawing a polygon, make sure that two sides of the polygon do not intersect each other, as shown in Figure 7. Also make sure start and end points and the vertices are not too close.
  • Page 122 5: P HAPTER LANNING THE OBILITY YSTEM Object Action 1 Click at a vertex, and drag the cursor to the next vertex. (parallelogram) 2 Click again, and drag the cursor until the parallelogram takes the shape you want. 3 Click to finish. 1 Click at a vertex, then move the cursor to the next vertex.
  • Page 123: Specifying The Wireless Technology For A Coverage Area

    Defining Wireless Coverage Areas Go to “Specifying the Wireless Technology for a Coverage Area”. Specifying the Wireless Technology for a Coverage Area (To draw a coverage area, see “Drawing a Coverage Area” on page 121.) To specify wireless technology for a coverage area: 1 In the Technology list, select one of the following: 802.11a 802.11b...
  • Page 124: Specifying Coverage Area Properties

    5: P HAPTER LANNING THE OBILITY YSTEM Specifying Coverage Area Properties To specify coverage area properties: 1 In the Name box for each technology, type a name for the coverage area (1 to 60 characters long, with no tabs). 2 In the Rate [Mb/s] list for each technology, select the average desired association rate for typical clients in this coverage area.
  • Page 125: Specifying Floor Properties For The Coverage Area

    Defining Wireless Coverage Areas Specifying Floor Properties for the Coverage Area You can optionally specify floor properties for the coverage area (if they are different from the defaults for the floor): 1 To change the ceiling height, specify the new height in the Height of the Ceiling box.
  • Page 126: Specifying Default Device Settings For The Coverage Area

    5: P HAPTER LANNING THE OBILITY YSTEM Specifying Default Device Settings for the Coverage Area You can optionally specify the WX switch or MAP models that 3WXM uses when calculating the devices to include in the coverage area. 1 To change the WX switch model, select the model from the WX Model list. 2 To change the default MAP model, select the model from the Default AP Model list.
  • Page 127: Specifying Redundancy Computation For Maps In The Coverage Area

    Defining Wireless Coverage Areas If the MAPs are directly connected to the WX, ensure that UTP Cat 5 cabling distances between the MAP and the WX in the wiring closet do not exceed 100 meters (330 feet). An indirectly attached MAP requires Power over Ethernet (PoE) from a source other than a WX switch, such as a power injector.
  • Page 128 2 To change the MAP connection type for the redundant connection, select Direct or Distributed from the MAP Connection Type list. WX4400 switches support indirect MAP connections only. 3 To change the number of redundant connections for the distributed connection type, type the number in the Redundancy Level box.
  • Page 129: Configuring Capacity Calculation For Data

    The throughput value cannot exceed the value you selected for the baseline association rate. 3Com recommends that per-station throughput values do not exceed 1 Mbps for 802.11b technology and 5 Mbps for 802.11a/g technology. 3 In the Expected Station Count list, specify the number of clients you expect to be in the coverage area.
  • Page 130: Configuring Capacity Calculation For Voice

    5: P HAPTER LANNING THE OBILITY YSTEM Configuring Capacity Calculation for Voice 3WXM can perform multiple calculations for MAP placement. One is based on coverage only. Another is based on capacity for voice over IP service, using the capacity for voice parameters. 3WXM compares the results of the calculations and selects the calculation that results in more MAPs.
  • Page 131 Defining Wireless Coverage Areas 3 In the Active Handsets per AP list, specify the number of voice over IP phones that you want each MAP to handle. 4 In the Expected Handset Count list, specify the number of voice over IP phones you expect to be in the coverage area.
  • Page 132: Editing Coverage Areas

    5: P HAPTER LANNING THE OBILITY YSTEM Specifying Mobility Domain, Radio Profile, and Wiring Closet Associations To specify association information for the coverage area: 1 In the Mobility Domain list, select the Mobility Domain that contains the MAPs used for this coverage area. 2 In the Radio Profile list, select the radio profile used for this coverage area.
  • Page 133 Defining Wireless Coverage Areas 4 Select the coverage area you want to edit and click Properties. The Coverage Area Properties dialog for the selected coverage area appears. (You can also display this dialog by displaying the floor plan, selecting Coverage Areas in the Organizer panel, then right-clicking on the coverage area and selecting Edit Properties from the menu.)
  • Page 134 5: P HAPTER LANNING THE OBILITY YSTEM 5 Under the General tab, you can do the following: In the Name box, edit the name of the coverage area (1 to 60 characters long, with no tabs). In the Technology list, select one of the following: 802.11a 802.11b 802.11g...
  • Page 135 Defining Wireless Coverage Areas In the Active Handsets per AP list, specify the number of voice over IP phones that you want each MAP to handle. In the Expected Handset Count list, specify the number of voice over IP phones you expect to be in the coverage area. In the Handset Oversubscription Ratio list, select the ratio for the average transmit behavior of the voice over IP phones.
  • Page 136 5: P HAPTER LANNING THE OBILITY YSTEM 8 Under the Constraints tab, you can do the following: To change the ceiling height, specify the new height in the Height of the Ceiling box. To change the height where MAPs are mounted, specify the new mounting height in the AP Placement Height box.
  • Page 137: Placing Third-Party Access Points

    Same WX for Redundancy. This option places both of a MAP’s wired connections on the same WX switch. For optimal resiliency, 3Com recommends the use of different WX switches for redundancy. To change the MAP connection type for the redundant connection, select Direct or Distributed from the AP Connection Type list.
  • Page 138: Moving A Third-Party Ap Icon To Its Floor Location

    5: P HAPTER LANNING THE OBILITY YSTEM Moving a Third-Party If you added a third-party access point while using the Configuration tool AP Icon to its Floor bar option, the access point is on the Objects to Place tab. Location 1 In RF Planning, navigate to the floor plan.
  • Page 139 Placing Third-Party Access Points 5 In the Name box, type a name for the access point. You can use 1 to 32 characters, with no punctuation except the following: period (.), hyphen (-), or underscore (_). 6 Optionally, in the Manufacturer ID box, type the manufacturer identification for the access point (1 to 30 characters, with no spaces).
  • Page 140 5: P HAPTER LANNING THE OBILITY YSTEM 12 In the AP Model drop-down list, select one of the following: AP (Dual Radio)—802.11a and 802.11b or 802.11b/g AP (Single Radio)—802.11a, 802.11b, or 802.11g 13 In the Radio Type drop-down list, select one of the following: 11a, 11b, 11g.
  • Page 141 Placing Third-Party Access Points 15 Verify the radio slot number and radio type. For a dual-radio access point, 802.11b/g radios have a slot number of 1. 802.11a radios have a slot number of 2. 16 In the Channel Number list, select the channel number for the radio. 17 In the Transmit Power box, specify the transmit power for the radio.
  • Page 142: Placing Installed And Auto-Configured Maps

    5: P HAPTER LANNING THE OBILITY YSTEM Placing Installed You can place MAPs that are already installed on the floor into the network plan. To do this, you upload the WX configuration into 3WXM, Auto-Configured associate the MAP with a coverage area, then place them on the floor MAPs plan.
  • Page 143: Computing Map Placement

    Computing MAP After providing information about floor plans, RF obstacles, and wireless Placement coverage requirements, 3WXM can design the 3Com wireless network for this floor using the following process: Compute and place MAPs (See “Computing and Placing MAP Access Points for a Coverage Area” on page 143.) Assign channels to MAPs (See “Assigning MAP Channels”...
  • Page 144 5: P HAPTER LANNING THE OBILITY YSTEM If you are modifying an existing coverage area with deployed MAPs or if you need to preserve manual changes made to the current configuration, you can lock the MAPs. Locked MAPs cannot be moved or deleted during the Compute and Place process.
  • Page 145 10 To change the MAP connection type for the redundant connection, select Direct, Distributed, or Distributed (auto) from the AP Connection Type list. WX4400 switches support indirect MAP connections only. 11 To change the number of redundant connections for the distributed connection type, type the number in the Redundant Level box.
  • Page 146 5: P HAPTER LANNING THE OBILITY YSTEM 13 To update all of the constraints for the selected coverage areas, select Update All Constraints. By default, 3WXM applies only changed constraint values to the selected areas. This default behavior preserves any constraint changes you make to individual areas when you configure them.
  • Page 147 Computing MAP Placement To compute and place MAPs 1 Display the floor plan in the Content panel. 2 In the Task List panel, click RF Planning. 3 Under RF Planning, click Compute and Place. The Compute and Place wizard appears. 4 To remove a coverage area from MAP placement and computation, clear the Compute Layout box for the area.
  • Page 148 5: P HAPTER LANNING THE OBILITY YSTEM 10 Go to “To review coverage area computation”. To review coverage area computation 1 Review the number of MAPs required for each coverage area, and the overriding criterion used (coverage or capacity). 2 Click Finish to apply the changes. Icons for the suggested MAP locations appear on the floor plan.
  • Page 149 Computing MAP Placement To see the RF coverage area for an area, right-click on the area (either in the organizer panel or on the floor) and select Display RF Coverage. If the area supports more than one radio technology, you also need to select the technology.
  • Page 150 5: P HAPTER LANNING THE OBILITY YSTEM You must now compute the optimal power. See “Computing Optimal Power” on page 154. Locking and Unlocking Coverage Areas After creating a coverage area, 3WXM automatically locks the area. Unlock the coverage area if you need to move or resize it. To unlock a coverage area 1 Select the coverage area on the floor or from the Coverage Areas list in the Organizer panel.
  • Page 151: Assigning Map Channels

    Computing MAP Placement Locking and Unlocking MAPs After computing and placing the necessary MAPs for a coverage area, you can move them to fine-tune the wireless coverage. If you need to fix a MAP location on the floor, lock its current location when you recompute the necessary coverage.
  • Page 152 5: P HAPTER LANNING THE OBILITY YSTEM Under RF Planning, click Assign Channels. The Channel Assignment wizard appears, showing the current channel assignment constraints. 3 To change the starting floor for channel assignment, select the floor from the Begin On Floor List. By default, 3WXM starts at the top floor and works down.
  • Page 153 Computing MAP Placement 9 Click Finish to accept the channel assignments. The new channel assignments are reflected in the Coverage Areas panel. 10 Do one of the following: To verify the RF network, see “Verifying the Wireless Network” on page 157. Click Finish to save the changes and close the wizard.
  • Page 154: Computing Optimal Power

    3WXM factors in these considerations when calculating optimal power. 3Com recommends that you assign channels before you compute optimal power, to ensure successful power computation. If the MAP is using an external antenna, specify the antenna model and the coverage direction of the antenna before computing power.
  • Page 155 Computing MAP Placement 3 To optimize the AP count, select Optimize AP Count. This option checks for coverage overlaps and removes a MAP if neighboring MAPs provide enough coverage to make the MAP unnecessary. This option applies only to coverage areas that are configured for coverage, not capacity.
  • Page 156 5: P HAPTER LANNING THE OBILITY YSTEM To resolve optimal power computation problems If power levels for one or more coverage areas could not be optimized, show the RF coverage at baseline association and minimum transmit rates for the coverage areas by doing the following: 1 In the Show RF coverage using listbox, select how you want to display the coverage: Baseline Association Rate—Coverage is shown based on the MAP...
  • Page 157: Verifying The Wireless Network

    In most situations, increasing transmit power levels to close the holes will generate more co-channel interference. 3Com recommends that you allow these small holes during the planning process.
  • Page 158: Placing Rf Measurement Points

    5: P HAPTER LANNING THE OBILITY YSTEM 3 In the Display RF coverage using listbox, select how you want to display the coverage: Baseline Association Rate—Coverage is shown based on the MAP radio baseline association rate. The baseline association rate is the typical data rate the radio is expected to support for client associations.
  • Page 159 Verifying the Wireless Network 4 On the floor plan, click where you want the measurement point to be placed. The Create RF Measurement Point dialog box appears. 5 In the Description box, type a description for the measurement point (1 to 60 characters). 6 In the RSSI Options box, select display options for the dialog box: To list access points that cannot be detected from this RF measurement point, select Show Unreachable MAPs.
  • Page 160: Using Rf Interactive Measurement Mode

    5: P HAPTER LANNING THE OBILITY YSTEM 7 Click OK to save the changes and close the box. 8 Do one of the following: To use the RF interactive measurement mode, see “Using RF Interactive Measurement Mode”. To generate network design information, see “Generating RF Network Design Information”...
  • Page 161 Verifying the Wireless Network Table 15 shows the information available in the RF measurement table. Table 15 RF Measurement Information Item Value Distance in the X direction from the 0,0 coordinate (the upper left corner of the panel). Distance in the Y direction from the 0,0 coordinate (the upper left corner of the panel).
  • Page 162: Generating Rf Network Design Information

    Information report provides all of the necessary information for the physical installation of the 3Com Mobility System. A work order shows where the MAPs should be installed, WX initial setup configuration information, and projected RSSI information that is useful when verifying the installation.
  • Page 163 Generating RF Network Design Information 4 Specify whether to include the following information in the work order: RF Coverage RSSI Projections Display Disabled MAPs (only available if RSSI Projections is selected) Display RF Coverage On Entire Floor (only available if RSSI Projections is selected) Show Unreachable MAPs (only available if RSSI Projections is Display)
  • Page 164 5: P HAPTER LANNING THE OBILITY YSTEM...
  • Page 165: Configuring Wx System Parameters

    WX switches using 3WXM. If you want to use 3WXM planning to configure switches for you as part of coverage planning, see “Planning the 3Com Mobility System” on page 75. If you are planning to use 3WXM to configure switches in a remote office, see “Configuring WX Switches Remotely”...
  • Page 166 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Table 16 WX Switch Object Types Category Object Type Description System Ports Settings for individual ports. (See “Viewing and Changing Port Settings” on page 185.) Port Groups Settings for port groups. (See “Viewing and Changing Port Groups” on page 193.) Management Settings for the following management...
  • Page 167 WX Switch Configuration Objects Table 16 WX Switch Object Types (continued) Category Object Type Description System, cont. VLANs Groups of physical ports configured as a distinct Layer 2 broadcast domain. Each VLAN has its own Spanning Tree Protocol (STP) and Internet Group Management Protocol (IGMP) settings.
  • Page 168 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Table 16 WX Switch Object Types (continued) Category Object Type Description Wireless, cont. RF Detection Configuration parameters for rogue detection and countermeasures (See “Viewing and Changing RF Detection Settings” on page 293.) Local User Users configured on the WX switch instead of Database...
  • Page 169: Adding A Wx Switch To The Network Plan

    Import the XML configuration file for the switch. Creating a WX Switch Select the Planning tool bar option and use the instructions in “Planning as Part of RF Planning the 3Com Mobility System” on page 75. Creating a WX Switch Using the Create Wireless Switch Wizard 1 Select the Configuration tool bar option.
  • Page 170: Creating A New Wx Switch Based On A Configured Switch In The Network Plan

    CAUTION: After selecting Managed to enable management of the switch by 3WXM, do not change this option unless advised to do so by 3Com Technical Support. If you change a WX switch to an unmanaged state in a network plan, all network operations (polling) stop for that WX switch.
  • Page 171: Adding A Switch By Uploading Its Configuration From The Network

    Adding a WX Switch to the Network Plan 9 To modify the management interface, select the IP interface and VLAN from the VLAN/IP drop-down list. 10 To modify the enable password, edit the string in the Enable Password box. Use this option when you are creating a new switch in 3WXM. This option modifies the password in the network plan.
  • Page 172: Configuring Basic And Advanced Settings

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Configuring Basic Clicking on an option in the Task List panel opens a configuration wizard. and Advanced Configuration wizards enable the configuration of basic settings for an Settings object. After configuring the settings and close the wizard, the new object is added to a table in the Content panel for most types of WX switch objects.
  • Page 173: Using The Create Wireless Switch Wizard

    Using the Create Wireless Switch Wizard Using the Create Wireless Switch Wizard 1 Access the Create Wireless Switch wizard: a Select the Configuration tool bar option. b In the Organizer panel, select the network plan name. c In the Task List panel, select the Wireless Switch task. 2 In the WX Name box, type the name of the WX switch (1 to 256 alphanumeric characters, with no spaces or tabs).
  • Page 174 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Use this option if you used the Add button instead of the Move button to place the ports in the VLAN. For a port to be a member of more than one VLAN, the port must be tagged. By default, ports are untagged. When you enable tagging, the default tag value is the same as the VLAN 11 Click Next.
  • Page 175: Setting Up A Switch

    Setting Up a Switch Setting Up a Switch After creating a switch, use the System Setup Wizard to configure the following essential operation and management parameters: SNMP settings for monitoring of the switch by 3WXM VLANs RADIUS servers and server groups Wireless services Auto-DAP profile settings The SNMP security level and enabled version configured with this wizard...
  • Page 176 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS a Select the minimum level of security to allow for any SNMP communication with the switch from the Security Level drop-down list: Unsecured—SNMP message exchanges are not secure. This is the default, and is the only value supported for SNMPv1 and SNMPv2c. (This security level is the same as the noAuthNoPriv level described in SNMPv3 RFCs.) Authenticated—SNMP message exchanges are authenticated but...
  • Page 177 Setting Up a Switch Authenticated—SNMP message exchanges are authenticated but are not encrypted. (This security level is the same as the authNoPriv level described in SNMPv3 RFCs.) Encrypted—SNMP message exchanges are authenticated and encrypted. (This security level is the same as the authPriv level described in SNMPv3 RFCs.) f Click Next.
  • Page 178 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 10 Configure wireless services. Wireless services that are already configured are listed. You can modify existing services and create new ones. To create a wireless service: a Click Create and select the type of service you want to create: 802.1X Service Profile—Provides wireless access to 802.1X clients.
  • Page 179: Modifying Basic Switch Parameters

    Task List panel. After selecting Managed to enable management of the switch by 3WXM, do not change this option unless advised to do so by 3Com Technical Support. If you change a WX switch to an unmanaged state in a network plan, all network operations (polling) stop for that WX switch.
  • Page 180: Changing The Wx Software Version

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Use this option when you are creating a new switch in 3WXM. This option modifies the password in the network plan. However, if the switch is already deployed in the network, 3WXM cannot apply configuration changes to the switch unless the enable password in 3WXM matches the enable password already configured on the switch.
  • Page 181: Changing Timezone Properties

    Modifying Basic Switch Parameters Changing Timezone You can specify the number of hours (and optionally the minutes) that Properties the real-time clock for the WX switch is offset from Coordinated Universal Time (UTC)—also known as Greenwich Mean Time (GMT). The Network Time Protocol (NTP) uses the time zone information if it is enabled.
  • Page 182: Changing System Information

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 15 In the End Day list, select the day of the week when the time change ends. 16 In the End Hour box, specify the hour (between 0 and 23) when the time change ends.
  • Page 183: Converting Auto Daps Into Statically Configured Daps

    Modifying Basic Switch Parameters Converting Auto Distributed MAPs that are not configured on any WX switches in the DAPs into Statically Mobility Domain can nonetheless be booted and managed by a switch if Configured DAPs the switch has a profile for Distributed MAPs, and has capacity to manage the MAP.
  • Page 184: Launching A Telnet Management Session With The Switch

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS To remove an Auto DAP 1 Select the Configuration tool bar option. 2 In the Organizer panel, select the WX switch. 3 In the Task List panel, select Remove Auto DAPs. The Remove Auto DAP wizard appears. The MAPs that were configured using a Distributed MAP template are listed.
  • Page 185: Viewing And Changing Port Settings

    Viewing and Changing Port Settings Viewing and You can configure and display information for the following port Changing Port parameters: Settings Name State Type (network, MAP, or wired authentication) Speed and autonegotiation Power over Ethernet (PoE) state Media type (gigabit Ethernet ports only) Load sharing (see “Viewing and Changing Port Groups”...
  • Page 186 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 4 To specify the operating mode of a 10/100 Ethernet port, select Half for half-duplex or Full for full-duplex mode. 5 To enable PoE on a 10/100 Ethernet port, select PoE Enabled. CAUTION: If you enable PoE on a port connected to a device other than a MAP access point, hardware damage can result.
  • Page 187: Configuring A Port For A Directly Connected Ap

    Viewing and Changing Port Settings Configuring a Port for A MAP access port directly connects the WX switch to a MAP. The port a Directly Connected also can provide power to the MAP. A Distributed MAP, which is connected to WX switches through intermediate Layer 2 or Layer 3 networks, does not use a MAP access port.
  • Page 188: Configure A Port For Wired Authentication

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS If RF Auto-Tuning for power configuration is enabled, setting this value has no effect. The power level is controlled by RF Auto-Tuning. 10 Click Finish. Configure a Port for A wired authentication port is an Ethernet port that has 802.1X Wired Authentication authentication enabled for access control.
  • Page 189 Viewing and Changing Port Settings 2 Select the fallthru authentication method from the Fall Through Authentication list box. The WX switch uses the fallthru method to try to authenticate a client if the client name or MAC address does not match the userglob or MAC address glob in an 802.1X or MAC authentication rule for the SSID.
  • Page 190 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Local EAP-TLS External RADIUS Server If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, the EAP Sub-Protocol is None. (For information, see “EAP Type (802.1X Only)” on page 249.) e Click Next.
  • Page 191 Viewing and Changing Port Settings f To configure accounting, select Enabled, select the record type (Start-Stop or Stop-Only), then select LOCAL or a RADIUS server group for the accounting and click Add. g Click Finish. If you selected None in step 2, you are finished with this procedure.
  • Page 192 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS To use an existing rule, leave the rule in the list. c Click Next. d Select the authentication and accounting method (RADIUS server group or local database). (For information, see “AAA Methods (RADIUS Server Groups and the Local User Database)”...
  • Page 193: Viewing And Changing Port Groups

    Viewing and Changing Port Groups Viewing and A port group is a set of physical ports that function together as a single Changing Port link and provide load sharing and link redundancy. Only network ports Groups can participate in a port group. The WX assigns traffic flows to ports based on the source and destination MAC addresses of the traffic, which balances port group traffic among the physical ports of the group.
  • Page 194: Changing A Port Group

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 4 To add a port to the port group, select the Member checkbox for the port. 5 To remove a port from a port group, clear the Member checkbox for the port. 6 To change the membership of a port that is in another port group, select the Member checkbox for the port.
  • Page 195: Viewing And Changing Management Settings

    Viewing and Changing Management Settings Viewing and By default, HTTPS is enabled on the WX, allowing you to use Web Changing Management on port 443 for a secure session. If you disable HTTPS, you Management cannot use Web Management. 3WXM communications also use HTTPS, Settings but 3WXM is not affected by the HTTPS configuration on the WX.
  • Page 196: Configuring Snmp

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS You can specify from 0 to 86400 seconds (one day). The default is 3600 (one hour). If you specify 0, the idle timeout is disabled. The timeout interval is in 30-second increments. For example, the interval can be 0, or 30 seconds, or 60 seconds, or 90 seconds, and so on.
  • Page 197 1 to 32 alphanumeric characters, with no spaces or tabs. Community string names are transmitted in clear text. If you enable SNMP service on the WX, 3Com recommends that you do not use the well-known strings public (for READ) or private (for WRITE).
  • Page 198 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Configuring a USM (SNMP V3) User 1 Access the Create USM User wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System.
  • Page 199 Viewing and Changing Management Settings b If you select Hex or IP, type the hexadecimal string or IP address in the Value box and click Next and go to step 5. Otherwise, click Finish. 5 Select the authentication type used to authenticate communications with the remote SNMP engine: None—No authentication is used.
  • Page 200 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Configuring a Notification Profile A notification profile is a named list of all of the notification types that can be generated by a switch, and for each notification type, the action to take (drop or send) when an event occurs. 1 Access the Create Notification Profile wizard: a Select the Configuration tool bar option.
  • Page 201 Viewing and Changing Management Settings 2 Specify the target ID. 3 Type the IP address of the target. 4 Specify the protocol port on which the target listens for SNMP notifications. The default is 162. 5 Click Next. 6 Select the notification profile that will use this target. Perform the following steps to view, enable, or disable notification types: a Click Properties.
  • Page 202 1 to 32 alphanumeric characters, with no spaces or tabs. Community string names are transmitted in clear text. If you enable SNMP service on the WX, 3Com recommends that you do not use the well-known strings public (for READ) or private (for WRITE).
  • Page 203 Viewing and Changing Management Settings b In the Username box, type the name of the SNMPv3 user. The name can be 1 to 32 alphanumeric characters, with no spaces or tabs. c Select the access type. read-notify—An SNMP management application using the string can get object values on the switch but cannot set them.
  • Page 204 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS b In the Retry Count box, specify the number of times the MSS SNMP engine will resend a notification that has not been acknowledged by the target. You can specify from 0 to 3 retries. The default is 0. 16 Click Finish.
  • Page 205 1 to 32 alphanumeric characters, with no spaces or tabs. Community string names are transmitted in clear text. If you enable SNMP service on the WX, 3Com recommends that you do not use the well-known strings public (for READ) or private (for WRITE).
  • Page 206 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS If a USM user with access type read-write-notify, read-notify, or notify-only is already configured, you can select it. Otherwise, you must create a new one. You also can create a new USM user even if one is already configured.
  • Page 207: Viewing And Setting Log And Trace Settings

    CAUTION: Setting traces can have adverse effects on system performance. 3Com recommends that you use the lowest levels possible for initial trace commands, and slowly increase the levels to get the data you need.
  • Page 208 The default severity level is Error. The debug level produces a lot of messages, many of which can appear to be somewhat cryptic. Debug messages are used primarily by 3Com for troubleshooting and are not intended for administrator use. 3 Configure logging to the console: a To specify that logging messages be sent to the console, select Enabled.
  • Page 209 Viewing and Setting Log and Trace Settings Creating an External Log Server You can specify a syslog server. Syslog facilities are identifiers that allow a syslog server to handle different syslog messages from different sources. You can use a facility in the range of Local 0 through Local 7. 1 Access the Create Syslog Server wizard: a Select the Configuration tool bar option.
  • Page 210: Viewing And Configuring Ip Services Settings

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 3 Optionally, in the Level box, specify the amount of information included in the trace output (0 to 10). 0 provides the minimum amount of information and 10 proves the maximum amount of information. The default is 5.
  • Page 211: Creating A Static Route

    Viewing and Configuring IP Services Settings Creating a Static The IP routing table contains routes that MSS uses for determining the Route external communication interfaces for a WX switch. When you add an IP interface to a VLAN that is up, MSS automatically adds corresponding entries to the IP routing table.
  • Page 212: Create An Ip Alias

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Create an IP Alias You can map an IP address to a name by creating an IP alias. For example, if you create an IP alias carmel for IP address 10.20.30.40, you could type telnet carmel rather than telnet 10.20.30.40.
  • Page 213: Configuring Ntp

    If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes, convergence of the WX time can take many NTP update intervals. 3Com recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence.
  • Page 214: Configuring Arp

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 5 Click OK. 6 To change the interval at which an NTP server is polled, specify its value in seconds (16 to 1024) in the Update Interval box. The default is 64 seconds.
  • Page 215: Viewing And Configuring Vlans

    RADIUS servers or in the local WX user database: Tunnel-Private-Group-ID—This attribute is described in RFC 2868, RADIUS Attributes for Tunnel Protocol Support. VLAN-Name—This attribute is a 3Com vendor-specific attribute (VSA). You cannot configure the Tunnel-Private-Group-ID attribute in the local user database.
  • Page 216: Viewing Vlans

    64.) Because the default VLAN might not be in the same subnet on each switch, 3Com recommends that you do not rename the default VLAN or use it for user traffic. Instead, configure other VLANs for user traffic.
  • Page 217 Viewing and Configuring VLANs 2 In the VLAN Name box, type the name of the VLAN (1 to 16 alphabetic characters long, with no spaces or tabs). You cannot use a number as the first character in a VLAN name. VLAN names must be globally unique across a Mobility Domain to ensure the intended user connectivity as determined through authentication and authorization.
  • Page 218: Changing Vlan Membership

    In addition, the same tag value can be used by different VLANs but on different network ports. If you use a tag value, 3Com recommends that you use the same value as the VLAN number. MSS does not require the VLAN number and tag value to be the same, but some other vendors’...
  • Page 219: Changing Vlan Spanning Tree Settings

    Add. 6 To tag a port or port group, select the Tag checkbox. If you specify a tag value, 3Com recommends that you use the same value as the VLAN number. 3Com switches do not require the VLAN number and tag value to be the same, but some other vendors’...
  • Page 220 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS The IEEE 802.1D spanning tree specifications refer to networking devices that forward Layer 2 traffic as bridges. In this context, a WX switch is a bridge. Where this manual or the product interface uses the term bridge, you can assume the term is applicable to the WX switch.
  • Page 221 Viewing and Configuring VLANs Changing STP Port Settings in a VLAN 1 Access the VLAN table: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System. d Select VLANs.
  • Page 222 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Port fast convergence bypasses both the listening and learning stages and immediately places a port in the forwarding state. Use port fast convergence on network ports that are directly connected to servers, hosts, or other MAC stations.
  • Page 223: Changing Vlan Igmp Settings

    Viewing and Configuring VLANs To enable fast convergence features: 1 Access the VLAN table: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System. d Select VLANs.
  • Page 224 6 If IGMP queriers are not on the subnet (for example, multicast routers), select Querier Enabled. 3Com recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic that is not routed. 7 In the Query Interval box, specify the interval (1 to 65,535 seconds) at which the WX switch sends general IGMP queries on behalf of multicast routers to advertise multicast groups.
  • Page 225 Viewing and Configuring VLANs The router and receiver ports that the WX learns based on multicast traffic age out if they are unused. If necessary, you can statically configure multicast router ports or multicast receiver ports on the WX. You can only add network ports as static multicast router ports or multicast receiver ports.
  • Page 226: Restricting Layer 2 Traffic Among Clients In A Vlan

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Restricting Layer 2 By default, clients within a VLAN are able to communicate with one Traffic Among Clients another directly at Layer 2. You can enhance network security by in a VLAN restricting Layer 2 forwarding among clients in the same VLAN.
  • Page 227: Restricting Layer 3 Traffic Among Clients In A Vlan

    Viewing and Configuring VLANs Restricting Layer 3 To restrict Layer 3 traffic among clients in the same VLAN, use an ACL. Traffic Among Clients You can configure the ACL yourself or use the Restrict L3 Traffic option in in a VLAN 3WXM.
  • Page 228: Configuring The Mss Dhcp Server

    Use of the MSS DHCP server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. 3Com recommends that you do not use the MSS DHCP server to allocate client addresses in a production network.
  • Page 229: Changing The Aging Time For Fdb Entries

    Viewing and Configuring VLANs By default, all addresses except the host address of the VLAN, the network broadcast address, and the subnet broadcast address are included in the range. If you specify the range, the start address must be lower than the stop address, and all addresses must be in the same subnet.
  • Page 230: Viewing And Configuring Acls

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Viewing and An access control list (ACL) filters packets to restrict or permit network Configuring ACLs usage by certain users, network devices, or traffic types. You can also assign a class of service (CoS) level, which allows priority handling, to packets.
  • Page 231: Creating An Acl

    Viewing and Configuring ACLs Creating an ACL The Create ACL wizard enables you to configure ACEs with the following parameters: Match criteria: Source IP address Destination IP address Protocol Source protocol port Destination protocol port Differentiated Services Code Point (DSCP) value or Type Of Service (TOS) and IP precedence values Action: deny or permit Marking: Class of Service (CoS) value...
  • Page 232 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS 3 Click Add Rule. A new ACE (ACL rule) appears above the implicit deny all rule that is at the end of every ACL. Each ACL has a rule at the end that denies all source and destination IP addresses.
  • Page 233 Viewing and Configuring ACLs The following table lists commonly used IP protocol numbers. IP Protocol Number Protocol Internet Control Message Protocol (ICMP) Internet Group Management Protocol (IGMP) Transmission Control Protocol (TCP) Any private interior gateway (used by Cisco for Internet Gateway Routing Protocol) User Datagram Protocol (UDP) IPv6...
  • Page 234 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS d If you selected Range as the comparison operator, type or select the ending port number of the range in the Range End box. The number must be higher than the port number in the Port Number box. e Click OK.
  • Page 235: Configuring Advanced Acl Settings

    Viewing and Configuring ACLs 8 (minimum delay)—Packets with minimum delay TOS defined are filtered. By default, the TOS value is -1 (any). In addition to these specific values, you can specify a number from 1 to 15 that is the sum of TOS option values. For example, to select minimum delay and maximum throughput as the TOS options, type 12, which is the sum of the two values.
  • Page 236 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Capture option, to redirect matching packets to the CPU (applies to ACEs used for Web Portal access) To change the hit sample rate The hit sample rate specifies the time interval, in seconds, at which the packet counter is sampled for each security ACE on which the hit counter is enabled.
  • Page 237 Viewing and Configuring ACLs 3 Select or type the ICMP message type in the Type box. (See Table 17.) 4 Select or type the ICMP message code in the Code box. (See Table 17.) 5 Click OK. Table 17 ICMP Messages and Codes ICMP Message (Type Number) Code (Number) Echo Reply (0)
  • Page 238: Adding A New Ace To A Configured Acl

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Adding a New ACE to To add a new ACE to a configured ACL: a Configured ACL 1 Access the ACL table: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System.
  • Page 239 Viewing and Configuring ACLs 5 To map an ACL to a port: a In the Port list, select the port or port group to which you want to map the ACL. You cannot map an ACL to a MAP port or a wired authentication port.
  • Page 240: Deleting An Acl

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Deleting an ACL To delete an ACL: 1 Access the ACL table: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to System.
  • Page 241: Viewing And Changing Cos Mappings

    Viewing and Changing CoS Mappings Viewing and MSS supports Layer 2 and Layer 3 classification and marking of traffic, to Changing CoS help provide end-to-end QoS throughout the network. QoS support Mappings includes support of Wi-Fi Multimedia (WMM), which provides wireless QoS for time-sensitive applications such as voice and video.
  • Page 242: Changing A Dscp-To-Cos Mapping

    6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS Changing a To change the mapping between a DSCP value in an ingress packet and DSCP-to-CoS its internal CoS value: Mapping 1 Access the QoS tables: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch.
  • Page 243: Setting A Range Of Dscp Values To A Single Cos Value

    Viewing and Changing CoS Mappings Setting a Range of To set a range of DSCP values to a single CoS value: DSCP Values to a Single CoS Value 1 Access the QoS tables: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch.
  • Page 244 6: C WX S HAPTER ONFIGURING YSTEM ARAMETERS...
  • Page 245: Configuring

    ONFIGURING IRELESS ARAMETERS This chapter describes how to view and configure the following wireless parameters for WX switches: Service Set Identifiers (SSIDs), which are managed by service profiles Radio profiles, which assign IEEE 802.11 settings and a service profile to radios Auto-DAP profile MAPs MAP radios...
  • Page 246: Wireless Service Parameters

    7: C HAPTER ONFIGURING IRELESS ARAMETERS Wireless Service A wireless service consists of the following parameters: Parameters Service profile Access rules Service Profiles A service profile configures an SSID. Table 18 lists the parameters. For parameters that are assigned default values by the wizards, the table also lists the default values.
  • Page 247 Default Value Assigned by Parameter Description Service Profile Wizard Custom Web Subdirectory path and filename Blank (default page with 3Com Portal login page of an HTML page customized logo is used) for login to the SSID Security modes For encrypted SSIDs only, the...
  • Page 248 7: C HAPTER ONFIGURING IRELESS ARAMETERS You do not need to select the values for all these parameters when you configure a service. The Service Profile wizards help you configure the essential parameters and assign appropriate values to the rest. Some of the parameters that 3WXM automatically sets are not configurable using the Service Profile wizards.
  • Page 249 Viewing and Configuring Wireless Services For EAP with Transport Layer Security (EAP-TLS) clients, the format is username@domain_name. For example, sydney@example.com specifies the user sydney in the domain name example.com. The *@marketing.example.com glob specifies all users in the marketing department at example.com. The user glob sydney@engineering.example.com specifies the user sydney in the engineering department at example.com.
  • Page 250 7: C HAPTER ONFIGURING IRELESS ARAMETERS PEAP Offload—Protected EAP with Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAP-V2). Select this protocol for wireless clients. Uses TLS for encryption and data integrity checking. Provides MS-CHAP-V2 mutual authentication. Only the server side of the connection needs a certificate. Local EAP-TLS—EAP with TLS.
  • Page 251: Viewing Wireless Services

    Viewing and Configuring Wireless Services The methods you select for authentication are also used for authorization. You also can configure accounting for Start-Stop or Stop-Only messages. The authentication method(s) for accounting can be but are not required to be the same as the method(s) for authentication and authorization.
  • Page 252 7: C HAPTER ONFIGURING IRELESS ARAMETERS Editing the name is optional if this is the first service of this type you are configuring on the switch. 4 Type the SSID name in the SSID box. 5 Click Next. 6 Select the security modes you want the SSID to support. You can select one or more of the following: RSN (WPA2) Dynamic WEP...
  • Page 253: Configuring A Voice Over Wireless Service

    Viewing and Configuring Wireless Services The VLAN and other authorization attributes can be assigned to users in the local database, on remote servers, or in the service profile of the SSID the user logs into. The VLAN you select here is used only if a VLAN attribute is not configured for the user on the RADIUS server or in the local database of a switch.
  • Page 254 7: C HAPTER ONFIGURING IRELESS ARAMETERS 3 Edit the service name in the Name box. Editing the name is optional if this is the first service of this type you are configuring on the switch. 4 Type the SSID name in the SSID box. 5 Select the SSID type from the SSID Type box: Encrypted—Traffic on the SSID is encrypted.
  • Page 255 Viewing and Configuring Wireless Services AES (CCMP)—Usually used with RSN (WPA2) TKIP—Usually used with WPA WEP-104—Used with dynamic WEP WEP-40—Used with dynamic WEP 13 Click Next. 14 If you selected RSN or WPA in step 10, you can select whether to use dynamically generated keys, or static keys based on a passphrase.
  • Page 256: Configuring A Web-Portal (Webaaa) Service

    7: C HAPTER ONFIGURING IRELESS ARAMETERS 21 If you selected MAC Access in step 8, select or create the MAC address globs you want to allow to access the voice VLAN. Otherwise, go to step 23. To create a new rule: a Click Create.
  • Page 257 Viewing and Configuring Wireless Services c Select Wireless Services. d In the Task List panel, select Web-Portal Service Profile. 2 Read the description of the wizard on the first page, then click Next. 3 Edit the service name in the Name box. Editing the name is optional if this is the first service of this type you are configuring on the switch.
  • Page 258 7: C HAPTER ONFIGURING IRELESS ARAMETERS 12 Click Next. 13 If you selected Static WEP in step 7, specify WEP keys. Otherwise, click Next and go to step 15. For each key (up to four), type the key value in the corresponding key box.
  • Page 259 Viewing and Configuring Wireless Services (For information, see “AAA Methods (RADIUS Server Groups and the Local User Database)” on page 250.) If you selected LOCAL as an authentication method, go to step 19. Otherwise, go to step 21. 19 Click Next. 3WXM lists the users in the local database of a switch.
  • Page 260: Configuring An Open Access Service

    7: C HAPTER ONFIGURING IRELESS ARAMETERS Configuring an Open To configure an Open Access service: Access Service 1 Access the Open Access Service Profile wizard: a In the Organizer panel, click on the plus sign next to the WX switch on which you want to configure the service profile.
  • Page 261 Viewing and Configuring Wireless Services 11 Select the encryption algorithms to use: AES (CCMP)—Usually used with RSN (WPA2) TKIP—Usually used with WPA WEP-104—Used with dynamic WEP WEP-40—Used with dynamic WEP 12 Click Next. 13 If you selected Static WEP in step 7, specify WEP keys. Otherwise, go to step 14.
  • Page 262: Configuring A Custom Service

    7: C HAPTER ONFIGURING IRELESS ARAMETERS Configuring a Custom If none of the other service types is appropriate, you can use the Custom Service Service Profile wizard to configure the service. The screens and options that are displayed depend on the access types and other elections you make as you use the wizard.
  • Page 263 Viewing and Configuring Wireless Services Beacon Fall Through Access For descriptions, see Table 18 on page 246. The Service Profile tab also has the following settings: Web-Portal ACL—Specifies the name of the ACL MSS uses to filter a Web-Portal user’s traffic during authentication. This option is applicable only to the Web Portal fallthru authentication type.
  • Page 264 7: C HAPTER ONFIGURING IRELESS ARAMETERS Where applicable, the service profile wizards allow you to specify the default VLAN of the SSID but do not allow configuration of the other default attributes. To change the default VLAN, select it from the VLAN-Name box. To set other default attributes, click in the value column and type the values.
  • Page 265 Viewing and Configuring Wireless Services Static CoS—When enabled, marks all traffic on the SSID with the same CoS value (the Static CoS Value). This option is automatically enabled for Vocera voice service profiles but is disabled for all other service profile types. Static CoS Value—CoS value assigned by the MAP to all traffic on the SSID of the service profile, when static CoS is enabled.
  • Page 266 7: C HAPTER ONFIGURING IRELESS ARAMETERS Web-portal session timeout—Specifies how many seconds MSS waits after a Web-Portal client enters the Disassociated state before terminating the client’s session. This can be useful if you want to allow a client connecting through Web Portal WebAAA to enter standby or hibernation mode, then be able to resume its session after waking up, without having to log in again.
  • Page 267 Viewing and Configuring Wireless Services 802.11g—1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 The default depends on the radio type: 802.11a—6.0, 12.0, and 24.0 802.11b—1.0, and 2.0 802.11g—1.0, 2.0, 5.5, and 11.0 Supported rates—Rates that are not mandatory but that the radio can nonetheless use to send data.
  • Page 268: Viewing Ssid Encryption Settings And Access Rules

    7: C HAPTER ONFIGURING IRELESS ARAMETERS Success Page—Name of the web page served to the user’s browser when the user’s computer successfully completes all of the SODA agent checks. Logout Page—Name of the web page served to the user’s browser when the user logs out of the SODA-protected network.
  • Page 269: Modifying Ssid Encryption Settings And Access Rules

    Viewing and Configuring Wireless Services 3 Select the type of access rule assigned to the service profile: 802.1X Access Rules—for 802.1 service profiles MAC Access Rules—for Voice service profiles Web Access Rules—for Web-Portal (WebAAA) service profiles Last Resort Access Rules—for Open service profiles For a custom service profile, the option to select depends on the access rule type selected when the service profile was created.
  • Page 270 7: C HAPTER ONFIGURING IRELESS ARAMETERS To configure access rules only, select Access Rules and go to “Modifying Access Rules” on page 271. Modifying Encryption Settings 1 Select the security modes you want the SSID to support. You can select one or more of the following: RSN (WPA2) Static WEP...
  • Page 271 Viewing and Configuring Wireless Services 10 Click Next. If the access type is Web Portal, the ACEs (ACL rules) that 3WXM will configure for the Web-Portal service are listed. The ACEs are required to allow DHCP traffic while blocking all other traffic while a user is being authenticated.
  • Page 272: Viewing And Configuring Radio Profiles

    MAPs on different WX switches. 3Com recommends that you create a new radio profile and leave the default radio profile unchanged as a backup. The default radio profile is associated with the MAPs of a WX switch,...
  • Page 273: Creating A Radio Profile

    Viewing and Configuring Radio Profiles The radio profiles appear in the Content panel. Each row in the table shows settings for an individual radio profile. To display all settings for a radio profile, select the radio profile and click Properties. Creating a Radio To create a radio profile: Profile...
  • Page 274: Configuring Advanced Radio Profile Settings

    MSS as interfering devices. A rogue is a device that is in the 3Com network but does not belong there. An interfering device is not part of the 3Com network but also is not a rogue. MSS classifies a device as an...
  • Page 275 Viewing and Configuring Radio Profiles Although the interfering device is not connected to your network, the device might be causing RF interference with MAP radios. Rogue—Radios use countermeasures against devices classified by MSS as rogues, but do not use countermeasures against devices classified by MSS as interfering devices.
  • Page 276 You can specify from 0 to 65535 seconds. The default channel interval is 3600 seconds. 3Com recommends that you use an interval of at least 300 seconds (5 minutes). If you set the interval to 0, RF Auto-Tuning does not reevaluate the channel at regular intervals.
  • Page 277 Viewing and Configuring Radio Profiles Tx. Power Tuning Interval—Interval at which RF Auto-Tuning decides whether to change the power level on radios. You can specify from 1 to 65535 seconds. The default is 300 seconds. Power Ramp Interval—Interval at which power is increased or decreased, in 1 dBm increments, on radios until the optimum power level calculated by RF Auto-Tuning is reached.
  • Page 278 7: C HAPTER ONFIGURING IRELESS ARAMETERS Radio Selection Tab The Radio Selection Tab lists the radios managed by the radio profile. A radio can be managed by only one radio profile. To add a radio to the radio profile, select the radio in the Available Members list.
  • Page 279: Viewing And Changing The Auto-Dap Profile

    Viewing and Changing the Auto-DAP Profile Viewing and You can use an Auto-DAP profile to deploy unconfigured Distributed Changing the MAPs. A Distributed MAP that does not have a configuration on a WX Auto-DAP Profile switch can receive its configuration from the Auto-DAP profile instead. The Auto-DAP profile assigns a Distributed MAP number and name to the MAP, from among the unused valid MAP numbers available on the switch.
  • Page 280 MAPs. For example, if a MAP is dual homed to two WX4400 switches, and one of the switches has 50 active MAPs while the other switch has 60 active MAPs, the new MAP selects the switch that has only 50 active MAPs.
  • Page 281: Converting Auto Daps Into Statically Configured Daps

    Viewing and Configuring MAPs Converting Auto See “Converting Auto DAPs into Statically Configured APs” on page 72. DAPs into Statically Configured DAPs Removing Auto DAPs See “Removing Auto DAPs” on page 183. Viewing and MAPs contain radios that provide networking between your wired Configuring MAPs network and IEEE 802.11 wireless users.
  • Page 282: Viewing The Configured Maps

    MAPs a switch can boot. The numbers are for directly connected and Distributed MAPs combined. Table 20 Maximum MAPs Supported Per Switch WX Switch Model Maximum Configured Maximum Booted WX4400 24, 48, 72, 96, 120, depending on the license. WX1200 WXR100 WX2200...
  • Page 283 Distributed MAP. The range of valid connection numbers depends on the WX switch model: For a WX4400, you can specify a number from 1 to 300. For a WX1200, you can specify a number from 1 to 30.
  • Page 284: Configuring A Directly Connected Map

    MAPs a switch can boot. The numbers are for directly connected and Distributed MAPs combined. Table 21 Maximum MAPs Supported Per Switch WX Switch Model Maximum Configured Maximum Booted WX4400 32, 64, 96 or 128, depending on the license level WX1200 WXR100...
  • Page 285 You cannot configure any gigabit Ethernet port, or port 7 or 8 on a WX1200 switch, or port 1 on a WXR100 switch, as a MAP port. To manage a MAP on a WX4400 switch, configure a Distributed MAP connection on the switch. (See “Creating a Distributed MAP” on page 282.)
  • Page 286: Setting Up Ap Redundancy

    Only AP models that have two Ethernet ports can support redundant direct connections. However, models with one Ethernet port can support redundant distributed connections. WX4400 switches support indirect MAP connections only. To set up AP redundancy: 1 Access the Setup AP Redundancy wizard: a Select the Configuration tool bar option.
  • Page 287 Viewing and Configuring MAPs Bias is the priority of one WX connection over other WX connections to a single MAP for booting, configuration, and data transfer. A configuration with a high bias has priority over a configuration for the same MAP with low bias. The default is High. If the bias for all connections is the same, the MAP selects the switch that has the greatest capacity to add more active MAPs.
  • Page 288: Changing The Map Model

    7: C HAPTER ONFIGURING IRELESS ARAMETERS Changing the MAP To change the model number of an MAP Model 1 Access the Change AP Model wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to Wireless.
  • Page 289: Changing The Map-Wx Security Mode

    Viewing and Configuring MAPs Changing the To change the MAP-WX security mode for all Distributed MAPs, select MAP-WX Security the value from the Security Mode drop-down list: Mode None—Management traffic between Distributed MAPs and the WX is not encrypted, even for MAPs that support encryption. Optional—Distributed MAPs can be managed by the switch even if they do not have encryption keys or their keys have not been verified by an administrator.
  • Page 290 MAPs. For example, if a MAP is dual homed to two WX4400 switches, and one of the switches has 50 active MAPs while the other switch has 60 active MAPs, the new MAP selects the switch that has only 50 active MAPs.
  • Page 291 Viewing and Configuring MAPs 13 To configure settings for a radio, click the 802.11g Radio or 802.11a Radio tab. a To enable the radio, select Enabled. b If the MAP model supports external antennas, select the location and model from the Antenna Location and Antenna Type boxes. To meet regulatory requirements.
  • Page 292: Viewing And Changing Radio Settings

    7: C HAPTER ONFIGURING IRELESS ARAMETERS f In the Transmit Power box, specify the transmit power for the radio. If RF Auto-Tuning for power configuration is enabled, setting this value has no effect. The power level is controlled by RF Auto-Tuning. a To change the maximum power level RF Auto-Tuning can assign to the radio, select the power level from the Max.
  • Page 293: Viewing And Changing Rf Detection Settings

    Viewing and Changing RF Detection Settings (For information about the radio parameters in the table, see step 10 on page 286. For information about the radio parameters in the Radio Properties wizard, see step 13 on page 291.) 3 If you edit settings in the table, click Save. If you configure settings in the Radio Properties wizard, clicking OK to close the wizard also saves the changes.
  • Page 294: Adding An Entry To The Permitted Ssid List

    7: C HAPTER ONFIGURING IRELESS ARAMETERS c Click the plus sign next to Wireless. d Select RF Detection. 2 In the Task List panel, select Vendor OUIs. 3 Select the device type(s): Client 4 Select the vendor from the Vendor drop-down list. 5 Select the specific OUIs you want to allow for the selected vendor.
  • Page 295: Adding An Entry To The Ignore List

    Viewing and Changing RF Detection Settings Adding an Entry to To add an entry to the Ignore list: the Ignore List 1 Access the RF detection settings: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to Wireless.
  • Page 296: Enabling Countermeasures

    All—Radios use countermeasures against devices classified by MSS as rogues and against devices classified by MSS as interfering devices. A rogue is a device that is in the 3Com network but does not belong there. An interfering device is not part of the 3Com network but also is not a rogue.
  • Page 297: Enabling Map Signatures

    A MAP signature is a set of bits in a management frame sent by a MAP Signatures that identifies that MAP to MSS. If someone attempts to spoof management packets from a 3Com MAP, MSS can detect the spoof attempt. 1 Access the RF detection settings: a Select the Configuration tool bar option.
  • Page 298 7: C HAPTER ONFIGURING IRELESS ARAMETERS...
  • Page 299: Configuring

    The WX switch contains a local database that can store user information Managing Users in for a 3Com Mobility System. You can use the local database to create the Local User users and authenticate them, or you can use the local database in Database conjunction with a RADIUS server.
  • Page 300: Viewing Users And Groups In The Local Database

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS You can create two types of users in the local database: Named users — These users are authenticated by username and password and are assigned to specific VLANs. Users include administrators and network users. You can group these users by creating user groups, in order to simplify configuration.
  • Page 301: Creating A Named User

    Creating and Managing Users in the Local User Database Creating a Named To create a named user: User 1 Access the Create Named User wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
  • Page 302: Creating A User Group And Assigning Users To It

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 9 Repeat step 5 through step 7 for each attribute value you want to change. 10 Click Finish. Creating a User To create a user group and assign users to it: Group and Assigning Users To It 1 Access the Create Named User Group wizard: a Select the Configuration tool bar option.
  • Page 303: Creating A Mac User

    Creating and Managing Users in the Local User Database Creating a MAC User To create a MAC user: 1 When creating MAC address users, you configure authentication Access the Create MAC User wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch.
  • Page 304: Creating A Mac User Group And Assigning Users To It

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Creating a MAC User To create a MAC user group and assign users to it: Group and Assigning Users To It 1 Access the Create MAC User Group wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch.
  • Page 305: Authorization Attributes

    CBC-MAC) unauthorized encryption method 2—Reserved are rejected. 4—TKIP (Temporal Key Integrity Encryption-Type is a Protocol) 3Com 8—WEP_104 (the default) vendor-specific (Wired-Equivalent Privacy protocol attribute (VSA). The using 104 bits of key strength) vendor ID is 43, and the vendor 16—WEP_40 (Wired-Equivalent...
  • Page 306 8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Table 22 Authentication Attributes for Local Users (continued) Attribute Description Valid Value(s) filter-id Inbound or If configured in the WX switch’s local outbound ACL to database, this attribute can be an (network access mode apply to the user.
  • Page 307 Mobility Profile that does Profiles” on not exist on the WX switch, the user is page 342.) denied access. Mobility-Profile is a 3Com vendor-specific attribute (VSA). The vendor ID is 43, and the vendor type is 2.
  • Page 308 (network access mode after a service profile, and the service profile only) authentication. must be used by a radio profile assigned to 3Com radios in the Mobility Domain. start-date Date and time at Date and time, in the following which the user...
  • Page 309 Session-Timeout mo—Monday duration (if set) tu—Tuesday expires, whichever is shorter. we—Wednesday Time-Of-Day is a th—Thursday 3Com fr—Friday vendor-specific attribute (VSA). The sa—Saturday vendor ID is 43, su—Sunday and the vendor type is 4. wk—Any day between Monday and Friday...
  • Page 310 The VLAN must be (network access mode configured on a WX switch within the only) VLAN-Name is a Mobility Domain to which this WX 3Com switch belongs. vendor-specific attribute (VSA). The vendor ID is 43, and the vendor type is 1.
  • Page 311: Viewing And Configuring Radius Settings

    3Com Mobility System. Although you can use the local database on the WX switch to authenticate users, 3Com recommends using RADIUS to accommodate the large number of users in an enterprise network. For information about the RADIUS attributes supported by MSS, see the Wireless LAN Switch and Controller Configuration Guide.
  • Page 312 Providing an authorization password is required only for users whose devices are authenticated by their MAC addresses or for last-resort users, neither of which have a regular username or password. The default authorization password is 3Com.
  • Page 313: Modifying A Radius Server

    Providing an authorization password is required only for users whose devices are authenticated by their MAC addresses or for non-802.1X users of third-party APs. Neither of these user types has a regular username or password. The default authorization password is 3Com.
  • Page 314: Creating A Radius Server Group

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Changing the password applies both to MAC users and to last-resort users. All MAC address-authenticated users or last-resort users must share the same authorization password on the RADIUS server. 10 Click OK. Creating a RADIUS A server group is a group of one to four RADIUS servers.
  • Page 315: Changing Default Radius Settings

    Viewing and Configuring RADIUS Settings 6 To reorder the servers, select a server and click Up or Down. If load balancing is enabled, the first AAA request goes to the first RADIUS server in the list. The second AAA request goes to the second RADIUS server in the list, and so on, until the end of the list is reached, after which the first server in the list is used again.
  • Page 316 Providing an authorization password is required only for users whose devices are authenticated by their MAC addresses or for last-resort users, neither of which have a regular username or password. The default authorization password is 3Com. Changing the password applies both to MAC users and to last-resort users.
  • Page 317: Configuring Radius System Accounting

    Viewing and Configuring Global 802.1X Settings Configuring RADIUS You can configure RADIUS system accounting in 3WXM. When system System Accounting accounting is enabled, an Accounting-On message (Acct-Status-Type = 7) is sent to the specified RADIUS server group when the WX switch starts, and an Accounting-Off message (Acct-Status-Type = 8) to the RADIUS server when the WX switch is administratively shut down.
  • Page 318: Changing Global 802.1X Settings

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 3 Click the plus sign next to AAA. 4 Select 802.1X. The global 802.1X settings appear. Changing Global To change global 802.1x settings: 802.1X Settings 1 Access the 802.1X settings: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch.
  • Page 319 Viewing and Configuring Global 802.1X Settings To support SSIDs that have both 802.1X and static WEP clients, MSS sends a maximum of two ID requests, even if this parameter is set to a higher value. Setting the parameter to a higher value does affect all other types of EAP messages.
  • Page 320: Viewing And Configuring 802.1X Network Access Rules

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 14 To specify the number of seconds MSS retains session information for Bonded Auth™ (bonded authentication) purposes for an authenticated machine while waiting for the 802.1X client on the machine to start (re)authentication for the user, specify the value, from 1 to 300 seconds, in the Bonded Period box.
  • Page 321: Creating An 802.1X Network Access Rule

    Viewing and Configuring 802.1X Network Access Rules Creating an 802.1X If the network user name matches the userglob in an 802.1X access rule, Network Access Rule the WX switch attempts to authenticate the client using 802.1X. 1 Access the Create 802.1X Network Access wizard: a Select the Configuration tool bar option.
  • Page 322 Cannot be used with RADIUS server authentication (requires user information to be in the local database of the switch) Pass-Through—No protocol is used by the WX. 3Com Mobility System Software (MSS) sends the EAP processing to a RADIUS server. If you select PEAP, the EAP Sub-Protocol is MS-CHAPV2. For other protocols, there is no the EAP Sub-Protocol to select.
  • Page 323 Viewing and Configuring 802.1X Network Access Rules 7 If the authentication rule is disabled, select Enabled. When a rule is disabled, 3WXM does not add it to the configuration. 8 Select the authentication method(s) in the Available RADIUS Server Groups list and click Add. An authentication method specifies where the switch will look for user information to authenticate users.
  • Page 324: Viewing And Configuring Mac Network Access Rules

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Viewing and MAC network access rules allow users onto the network by Configuring MAC authenticating their MAC addresses instead of their user names. Network Access During log on, if the username does not match an 802.1X authentication Rules rule, but the MAC address of the user’s NIC or Voice-over-IP (VoIP) phone and the SSID (if wireless) do match a MAC authentication rule, MSS...
  • Page 325 Viewing and Configuring MAC Network Access Rules 2 Specify whether the rule is for wireless access to an SSID or access through a wired authentication port: If the rule is for access to an SSID, do one of the following: To match on any SSID name, leave the value any in the SSID box.
  • Page 326 8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS MSS tries the methods in the order they appear in the Current RADIUS Server Groups list. To reorder the methods, select a method and click Up or Down. If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list.
  • Page 327: Viewing And Configuring Webaaa Network Access Rules

    Viewing and Configuring WebAAA Network Access Rules Viewing and Web AAA allows network users to access the network by logging on a Configuring web page. WebAAA Network When a user attempts to access a web page over the network, the WX Access Rules switch intercepts the HTTP or HTTPS request and serves a login Web page to the user.
  • Page 328: Creating A Web Aaa Network Access Rule

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Creating a Web AAA To create a Web AAA network access rule: Network Access Rule 1 Access the Create Web Network Access wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
  • Page 329 Viewing and Configuring WebAAA Network Access Rules For EAP with Transport Layer Security (EAP-TLS) clients, the format is username@domain_name. For example, sydney@example.com specifies the user sydney in the domain name example.com. The *@marketing.example.com glob specifies all users in the marketing department at example.com.
  • Page 330: Viewing And Configuring Last-Resort Network Access Rules

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 11 Select the accounting method(s) in the Available RADIUS Server Groups list and click Add. The options and processing are the same as those for authentication methods. (See step 7.) 12 Click Finish. Viewing and Last resort access allows users to access the network without entering a Configuring...
  • Page 331 Viewing and Configuring Last-Resort Network Access Rules 2 Specify whether the rule is for wireless access to an SSID or access through a wired authentication port: If the rule is for access to an SSID, do one of the following: To match on any SSID name, leave the value any in the SSID box.
  • Page 332: Viewing And Configuring Wx Administrator Access Rules

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 7 To enable this accounting rule for the SSID, select Enabled. By default, accounting rules you configure in 3WXM are disabled, which means 3WXM does not add the rules to the switch’s configuration. 8 Select one of the following record options: Select Start-Stop to specify that records are sent at the start of a session and the end of a session.
  • Page 333: Creating An Access Rule For Console Access

    Viewing and Configuring WX Administrator Access Rules Creating an Access To create an access rule for console access: Rule for Console Access 1 Access the Create Console Admin User wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
  • Page 334: Creating An Access Rule For Telnet Or Ssh Access

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 7 To enable this accounting rule for the SSID, select Enabled. By default, accounting rules you configure in 3WXM are disabled, which means 3WXM does not add the rules to the configuration. 8 Select one of the following record options: Select Start-Stop to specify that records are sent at the start of a session and the end of a session.
  • Page 335 Viewing and Configuring WX Administrator Access Rules MSS tries the methods in the order they appear in the Current RADIUS Server Groups list. To reorder the methods, select a method and click Up or Down. If you specify a RADIUS server group as the first method and a user is denied access by the RADIUS server, no authentication and authorization are attempted with the other methods specified in the list.
  • Page 336: Viewing And Configuring Aaa Support For Third-Party Ap Users

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Viewing and A WX switch can provide network access for users associated with a Configuring AAA third-party AP that has authenticated the users with RADIUS. You can Support for connect a third-party AP to a WX switch and configure the WX to provide Third-Party AP authorization for clients who authenticate and access the network Users...
  • Page 337 Viewing and Configuring AAA Support for Third-Party AP Users For the userglob, type a full or partial username to be matched during authentication (1 to 80 alphanumeric characters, with no spaces or tabs). The format of a user glob depends on the client type and EAP method. For Windows domain clients using Protected EAP (PEAP), the user glob is in the format Windows_domain_name\username.
  • Page 338: Configuring A Radius Proxy For A Client

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Configuring a RADIUS To configure a RADIUS proxy for a client: Proxy for a Client 1 Access the Create RADIUS Proxy Client wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
  • Page 339: Viewing And Changing Location Policy Rules

    Viewing and Changing Location Policy Rules Viewing and During the login process, the AAA authorization process is started immediately Changing Location after clients are authenticated to use the WX switch. During authorization, Policy Rules MSS assigns the user to a VLAN and applies optional user attributes, such as a session timeout value and one or more security ACL filters.
  • Page 340: Creating A Location Policy Rule

    8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Creating a Location To create a location policy rule: Policy Rule 1 Access the Create Location Rule wizard: a Select the Configuration tool bar option. b In the Organizer panel, click the plus sign next to the WX switch. c Click the plus sign next to AAA.
  • Page 341 Viewing and Changing Location Policy Rules 9 Select the Distributed MAPs for which the location policy is applied and click Add. 10 Click Next. 11 In the Action list, select one of the following: Permit—Allows access if the conditions in the location policy rule are matched.
  • Page 342: Viewing And Changing Mobility Profiles

    After creating a Mobility Profile, you can assign it to users created in the local WX user database, or users who are authenticated and authorized by a RADIUS server. You assign the name of the Mobility Profile by using the Mobility-Profile RADIUS attribute, which is a 3Com vendor-specific attribute (VSA). Viewing Mobility...
  • Page 343 Viewing and Changing Mobility Profiles 4 In the Ports drop-down list, select the ports to include in the Mobility Profile: All—Include all MAP or wired authentication ports. Selected—Include a selected list of ports. None—Include no ports. If you select Selected, select the individual ports in the Available Physical Ports list and click Add.
  • Page 344 8: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS...
  • Page 345: Configuring Wx Switches Remotely

    WX S ONFIGURING WITCHES EMOTELY You can use 3WXM Services running in your corporate network to configure WX switches in remote offices. The following remote configuration scenarios are supported: Drop ship—3WXM Services running in the corporate network can configure a WXR100 switch shipped directly to a remote office. This option does not require any preconfiguration of the switch.
  • Page 346: How Remote Wx Configuration Works

    9: C WX S HAPTER ONFIGURING WITCHES EMOTELY How Remote WX Configuration Works Drop Ship (WXR100 Only) 1 The WXR100 is shipped directly to the remote office where it will be deployed. 2 The network administrator at the corporate office preconfigures the switch in a 3WXM network plan.
  • Page 347 How Remote WX Configuration Works Figure 9 shows the location of the Fn switch and the LED. Figure 9 Fn Switch on WXR100 5 Because the Fn switch was pressed while the switch was starting, the WXR100 configures the following items to enable itself to contact 3WXM Services: Ports 1 and 2 in the default VLAN (VLAN 1) DHCP client on VLAN 1 enabled...
  • Page 348: Staged Wx

    9: C WX S HAPTER ONFIGURING WITCHES EMOTELY If the serial number does not match and the Auto-Config IP Subnet Matching option is disabled, 3WXM cannot give the switch a configuration. 3WXM generates a verification warning (on the Network Verification tab). The warning lists the serial number and IP address.
  • Page 349: 3Wxm Requirements

    3WXM Requirements 8 3WXM receives the configuration request, and looks in the currently open network plan for a switch configuration with the same model and serial number as the one in the configuration request. If the network plan contains a configuration with a matching model and serial number, 3WXM sends the configuration to the switch.
  • Page 350: Staging A Wx Switch For Configuration By 3Wxm

    9: C WX S HAPTER ONFIGURING WITCHES EMOTELY Staging a WX The auto-config option must be enabled on a WX switch in order for the Switch for switch to try to contact 3WXM Services for configuration. The Configuration by auto-config option is automatically enabled on an unconfigured WXR100 3WXM when the Fn switch is pressed during power on.
  • Page 351: Example 2: Deployment Site Has No Dhcp And No Dns

    Staging a WX Switch for Configuration by 3WXM 3 Enable the auto-config option: W X1200# set auto-config enable s ucces s : change accept ed. 4 Save the configuration changes: W X1200# save config s ucces s : conf i gur at i on s aved. 5 Power off or restart the switch.
  • Page 352: Example 3: Deployment Site Has Dns But No Dhcp

    9: C WX S HAPTER ONFIGURING WITCHES EMOTELY Example 3: The deployment site in this example does not have a DHCP server but Deployment Site Has does have a local DNS server. The configuration is similar to Example 1, DNS But No DHCP but includes DNS configuration information instead of an IP alias.
  • Page 353: Example 4: Deployment Site Has Dhcp But Local Dns Domain Differs From Corporate Dns Domain

    Staging a WX Switch for Configuration by 3WXM Example 4: The deployment site in this example has a DHCP server, so the DHCP Deployment Site Has client is enabled. Static IP address and default router (gateway) DHCP But Local DNS information are not required.
  • Page 354: Preconfiguring A Switch In 3Wxm

    9: C WX S HAPTER ONFIGURING WITCHES EMOTELY Preconfiguring a If you know the serial number, use the following procedure to set up the Switch in 3WXM configuration in 3WXM. 1 Start 3WXM Services. 2 Start a 3WXM Client and connect to 3WXM Services. 3 Select Services >...
  • Page 355: Uploading A Partially Configured Switch And Completing Its

    Preconfiguring a Switch in 3WXM Uploading a Partially Even if you do not know the serial number of a WX switch, you still can Configured Switch configure the switch in 3WXM. When the switch contacts 3WXM for a and Completing its configuration, 3WXM generates a warning message such as the Configuration with following:...
  • Page 356: Replacing A Switch And Reusing Its Configuration

    9: C WX S HAPTER ONFIGURING WITCHES EMOTELY Replacing a Switch If a remote switch that is configured by 3WXM fails, you can install a new and Reusing its switch in its place and use 3WXM to configure the switch with the Configuration replaced configuration.
  • Page 357: Enabling Replacement Of Remote Switches

    Replacing a Switch and Reusing its Configuration If the switch is a WXR100, the person at the remote office also inserts a paperclip or similar object into the Fn hole of the WXR100 to press the Fn switch. Normally, the Fn LED (the right LED above port 1) remains solidly lit for 3 seconds after power on.
  • Page 358: Replacing A Switch

    Replacing a Switch This task is performed by someone at the remote office and does not require a network administrator. 3Com recommends that you read through the entire procedure before beginning. To replace a switch 1 Remove the power cord from the old switch.
  • Page 359: Wx File Management Options

    WX S ANAGING YSTEM MAGES ONFIGURATIONS This chapter describes the management of WX system files. It includes information about uploading a WX switch configuration into 3WXM, verifying configuration information, synchronizing local and network changes, deploying WX switches from a network plan to the network, distributing image and configuration files, importing and exporting WX switch configuration files, working with domain policies, and rebooting WX switches or MAP access points.
  • Page 360: Devices Tab

    10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Table 23 WX File Management Options in 3WXM (continued) Option Description Synchronize Compares switch configurations in the network with their local and counterparts in the network plan, and enables you to review the network differences, and either deploy the new changes to synchronize the changes...
  • Page 361: Task List Options

    Devices Tab Task List Options The Task List panel in the Devices tab has the following pages: Change Management Device Operations Table 24 lists the tasks you can select on the Devices tab. Table 24 Devices Tasks Task Task Option Group Task Description...
  • Page 362 10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Table 24 Devices Tasks (continued) Task Task Option Group Task Description Other Refresh Refresh the data for the selected device. Network Review Display the configuration changes that have Changes occurred in the network for the selected switch.
  • Page 363 Devices Tab Table 24 Devices Tasks (continued) Task Task Option Group Task Description Device Images Image Install the selected MSS image onto WX Operations Install switches. (See “Distributing System Images” on page 369.) Schedule Schedule installation of the selected MSS Install image onto WX switches in the future.
  • Page 364: Toolbar Options

    10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Table 24 Devices Tasks (continued) Task Task Option Group Task Description Other Refresh Refresh the data for the selected device. Upload Add a WX switch to the network plan by copying its configuration from a live switch in the network.
  • Page 365: Synchronizing Local And Network Changes

    Synchronizing Local and Network Changes Synchronizing Local Whenever configuration changes occur to a switch, 3WXM alerts you and Network that changes have occurred. If a configuration change occurs on a switch Changes in the network or in the network plan, so that the network and network plan are out of sync, 3WXM displays a message in a popup window to alert you that a change has occurred.
  • Page 366: Accepting Network Changes

    10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Accepting Network To accept network changes: Changes 1 Select the Devices tool bar option. 2 At the bottom of the Task List panel, select Change Management. 3 Select one or more WX switches. To select multiple switches, press Shift (for contiguous switches) or Control (for noncontiguous switches) while clicking.
  • Page 367 Synchronizing Local and Network Changes To immediately deploy local changes 1 Select the Devices tool bar option. 2 At the bottom of the Task List panel, select Change Management. 3 Select one or more WX switches. To select multiple switches, press Shift (for contiguous switches) or Control (for noncontiguous switches) while clicking.
  • Page 368: Changes

    10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS 4 In the Task List panel in the Local Changes group, click Schedule Deploy. The Schedule Deploy dialog box appears. 5 Edit the start date and time. (The date and time are based on the date and time on the machine where 3WXM Services is installed.) 6 Click OK.
  • Page 369: Distributing System Images

    To use a new system image, you must reboot the WX. For more information, see “Rebooting WX Switches or MAP Access Points” on page 371. 3Com recommends that you use the Verification tab to resolve any configuration errors or warnings before you distribute system images.
  • Page 370 10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Before you can distribute an image, you must add it to the image repository. (See “Using the Image Repository” on page 369.) To immediately install an image on WX switches 1 Select the Devices tool bar option.
  • Page 371: Rebooting Wx Switches Or Map Access Points

    Rebooting WX Switches or MAP Access Points Rebooting WX You can use 3WXM to reboot WX switches and MAPs. Switches or MAP To reboot WX switches and the MAPs they are managing Access Points 1 Select the Devices tool bar option. 2 At the bottom of the Task List panel, select Device Operations.
  • Page 372: Enabling Or Disabling Management Of A Switch By 3Wxm

    10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Enabling or The Devices tab lists managed switches and unmanaged switches Disabling separately. Managed switches can be deployed to the network and can Management of a be monitored by 3WXM Services. Unmanaged switches can be Switch by 3WXM configured in 3WXM but cannot be deployed to the network or monitored by 3WXM Services.
  • Page 373: Viewing The Operation Log

    Viewing the Operation Log Viewing the The operation log displays information about the operations you perform Operation Log using the Devices options. To display the operation log 1 Select the Devices tool bar option. 2 At the bottom of the Task List panel, select Device Operations. 3 In the Task List panel, select View Operation Log.
  • Page 374: Importing And Exporting Switch Configuration Files

    10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Importing and You can import or export switch configuration files in Extensible Markup Exporting Switch Language (XML) format. Configuration Files The import option enables you to create a WX switch in the network plan by importing configuration files in Extensible Markup Language (XML) format.
  • Page 375 Importing and Exporting Switch Configuration Files 7 Click Import. The status of the import process appears in the Status column. 8 Click Close to save the changes. 9 Enable 3WXM to manage the switch. (See “Modifying Basic Switch Parameters” on page 179.) To export a configuration 1 Select Tools >...
  • Page 376: Modifying Configuration Change Polling Options

    10: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS Modifying By default, 3WXM Client polls WX switches in the network every 15 Configuration minutes for network changes, and displays a popup message if changes Change Polling are detected. The popup message is in addition to notification in the Options Alerts panel.
  • Page 377: Verifying Configuration Changes

    ERIFYING ONFIGURATION HANGES 3WXM uses a set of rules to verify WX switch configurations. Changes to a switch’s configuration in 3WXM or in the live network are automatically evaluated by comparing the changes to the rules. If the evaluation detects any error or warning conditions, the information in the Alerts panel is updated: Errors or warnings in a switch’s configuration in 3WXM affect the Configuration counts.
  • Page 378: Toolbar Options

    11: V HAPTER ERIFYING ONFIGURATION HANGES Toolbar Options Table 27 lists the options on the toolbar of the Verification panel. Table 27 Toolbar Options on Verification Panel Option Description 3WXM Launch Opens the HTML version of this manual HTML Help Refreshes the data for all devices.
  • Page 379: Disabling A Rule From The Message List

    Resolving an Error or Warning To resolve an error or warning 1 Select the error or warning message in the Message column. 2 Read the information in the Error/Warning Details section. For some errors and warnings, this section contains information about how to resolve the error or warning.
  • Page 380: Changing Verification Options

    11: V HAPTER ERIFYING ONFIGURATION HANGES To globally disable a warning or error 1 Select an instance of the warning or error message. 2 In the Resolutions section, click disable this rule for all instances. As soon as you click on this option, all instances of the message disappear from the list.
  • Page 381: Disabling And Reenabling Rules

    Resolving an Error or Warning 3Com recommends that you do not deploy a network plan that contains configuration errors. Allowing configuration errors to be deployed to the network can affect network stability. 3 Click Close to place the changes into effect and close the dialog box.
  • Page 382 11: V HAPTER ERIFYING ONFIGURATION HANGES 6 Reenable the rule or instances: To reenable a rule all of whose instances are disabled, click on the checkbox in the Enabled column. The Disable All Instances option is deselected. To reenable an individual instance of a rule, click on the checkbox next to the instance.
  • Page 383: Managing

    PKS #12 files. Overview A digital certificate is a form of electronic identification for computers. The 3Com Mobility System supports the following types of X.509 digital certificates: Administrative certificate for the monitoring service or a WX switch 802.1X-EAP certificate for a WX switch...
  • Page 384: Processing Certificates

    12: M HAPTER ANAGING ERTIFICATES Before installing a new certificate, verify that the WX switch is set to the correct date, time, and time zone. Otherwise, certificates might not be installed correctly. For more information about certificates on the WX, see the Wireless LAN Switch and Controller Configuration Guide.
  • Page 385: Managing Certificates

    Managing Certificates 2 Do one of the following: Click Accept to allow the connection to the WX switch. If you did not select either of the options in step 1, when you click Accept, a secure connection with these certificate credentials is allowed for this session until you close the network plan.
  • Page 386: Distributing Certificates To Wx Switches

    12: M HAPTER ANAGING ERTIFICATES Distributing You can use 3WXM to distribute certificates from PKCS #12 files to one Certificates to WX or more WX switches. Switches Although you can distribute one PKCS #12 file to many WX switches, as a best practice, you should install a unique certificate and key pair per WX.
  • Page 387: Configuring And Applying Policies

    ONFIGURING AND PPLYING OLICIES A policy is a set of WX configuration parameters that you can define once in 3WXM and then apply to multiple WX switches. When you apply a policy to a set of WX switches, all parameter settings in the policy are applied to the switches and update the settings already on the switches.
  • Page 388: Creating A Policy

    13: C HAPTER ONFIGURING AND PPLYING OLICIES Creating a Policy To create a policy: 1 Access the Create Policy wizard. a Select the Policies tool bar option. b In the Task List panel, select Policy. 2 In the Policy Name box, type a name for the policy. This name will appear in the Organizer panel when the Policies tool bar option is selected.
  • Page 389: Configuring Feature Settings In A Policy

    Configuring Feature Settings in a Policy Configuring To configure feature settings in a policy: Feature Settings in a Policy 1 If you have not already done so, use the procedure in “Creating a Policy” on page 388 to configure a policy and select the switches to which you want to apply the policy.
  • Page 390 13: C HAPTER ONFIGURING AND PPLYING OLICIES Table 28 Feature Categories For This Feature Area See... System Features IP Services “Viewing and Configuring IP Services Settings” on page 210 VLANs, Spanning Trees “Viewing and Configuring VLANs” on page 215 and Port Groups “Changing STP Port Settings in a VLAN”...
  • Page 391: Managing Alarms

    ANAGING LARMS A fault or alarm (these two terms are used interchangeably) is generated by a trap, a rule, a status, or a threshold-exceeded event. 3WXM includes a feature to make it easier to manage faults (alarms) that occur in the system.
  • Page 392 14: M HAPTER ANAGING LARMS Perform the following steps to set up the Fault Management system: 1 Click Setup in the options located on the right side of the Fault Management panel. 2 Select the type of alarms you want to enable by clicking the appropriate check box.
  • Page 393: Classifying And Organizing Alarms

    Classifying and Organizing Alarms Minor—The number of days after which any active minor will be aged. Informational—The number of days after which any active informational will be aged. 5 Click Save. Classifying and When a fault occurs in 3WXM, the Fault Management System offers a Organizing Alarms means to categorize the fault by functional area and severity.
  • Page 394: Search Capabilities

    14: M HAPTER ANAGING LARMS The Events tab in the information pane provides additional details about a specific alarm, as shown in the screen below. Search Capabilities You can sort system faults based on any of the columns in the table. 3WXM sorts fault events on the date of occurrence as Today, Yesterday, Last Week, or Last Month.
  • Page 395 Classifying and Organizing Alarms Menu items include the following options: All Severities Critical Major Minor Info All Categories System Performance Client Security...
  • Page 396: Fault States

    14: M HAPTER ANAGING LARMS Network Plan Mobility Domain Mobility Exchange 10/100 Ethernet Port Gigabit Ethernet Port Distributed AP Radio Site Building Floor Network plan name(s) These options allow you to see a variety of specific alarms for each device in the network.
  • Page 397: Managing Faults

    Managing Faults Managing Faults By performing various tasks, such as acknowledging, unacknowledging, and deleting faults; you can manage all of the various alarms in 3WXM. For some faults, 3WXM provides a predetermined task list that guides you through performing appropriate tasks and resolutions. Furthermore, when the same operation can manage more than one fault, you can select those multiple faults, and then perform the same appropriate fault management operation simultaneously.
  • Page 398: Alarm Summary

    14: M HAPTER ANAGING LARMS The Alarms function displays information retrieved from the 3WXM service. 3WXM presents the data under the 3WXM tool bar option in the following views: Alarm Summary Top 5 Sources of Alarms IDS Alarms DoS Alarms Alarm Summary The 3WXM Fault Management System displays alarm data in three ways: in bar graphs, pie charts, or tables.
  • Page 399 Managing Faults 3 To view a table of all alarms in 3WXM, click Details at the bottom right of the Alarm Summary screen (shown previously). Performing this action produces the same effect as clicking the tabular icon . From the Alarm Summary screen (shown previously), you can also choose to view a summary of alarm information in other formats.
  • Page 400 14: M HAPTER ANAGING LARMS Viewing Alarm Summary Information in Pie Chart Format You can view alarm summary information via pie charts in two different formats: by category and by severity. 1 To view a summary of alarm information by category, from the list at the bottom left of the Alarm Summary screen, select the Show Chart icon, and then click Alarms by Category.
  • Page 401: Top 5 Sources Of Alarms

    Managing Faults Top 5 Sources of Sources are the separate WX switches in the network plan. Alarms 1 To view the top 5 sources of alarms in chart format, click the chart icon at the bottom left corner of the Top 5 Sources of Alarms section of the 3WXM screen.
  • Page 402: Intrusion Detection System (Ids) Alarms

    14: M HAPTER ANAGING LARMS Intrusion Detection SNMP notifications must be enabled on the WX switches. Table 28 lists System (IDS) Alarms the notification types for Intrusion Detection System (IDS) and Denial of Service (DoS) protection. (For more information about DoS notification, see “Denial of Service (DoS) Alarms”...
  • Page 403 Managing Faults 2 To view IDS alarms in table format, click the Table icon at the bottom left corner of the IDS Alarms section of the 3WXM screen. In the table view that displays (shown as follows), hypertext numbers link to filtered lists that contain only the alarms for that row and column that contain the hypertext.
  • Page 404: Denial Of Service (Dos) Alarms

    14: M HAPTER ANAGING LARMS Denial of Service SNMP notifications must be enabled on the WX switches. Table 28 lists (DoS) Alarms the notification types for Intrusion Detection System (IDS) and Denial of Service (DoS) protection. (For more information about IDS notification, see “Intrusion Detection System (IDS) Alarms”...
  • Page 405 Storing Faults and Retrieving Fault History Description Object State 3 Click on a row to view the details of a specific alarm in the tabular view. 4 After clicking on a row, 3WXM will display more information for the specific alarm in the lower pane. Click a row in the lower pane to view all of the details for the alarm, or click Event Details in the Alarms panel on the right.
  • Page 406: Reporting Faults

    14: M HAPTER ANAGING LARMS Close 5 Click in the lower right corner. Reporting Faults 3WXM provides the capability to export fault data in the form of reports. You can generate the following reports: Alarm Summary—The Alarm Summary report provides the total number of current faults in the system and identifies them by type, source, severity or state.
  • Page 407 Reporting Faults Perform the following steps to generate an Alarm Summary report: 1 Click Alarm Summary in the options located on the right side of the Fault Management panel under Reports. The following Alarm Summary Report dialog box appears: 2 Select one of the following Report Scope Types: Network Plan Mobility Domain Site...
  • Page 408: Alarm History Report

    14: M HAPTER ANAGING LARMS Alarm History Report The Alarm History report provides a list of all faults in the system that were active within a specified time period. 3WXM allows you to sort the faults by source, severity, or category. Perform the following steps to generate an Alarm History report: 1 Click Alarm History in the options located on the right side of the Fault Management panel under Reports.
  • Page 409 Reporting Faults 6 Enter the date you would like the report to end in the End Date field or navigate to the desired date from the calendar. 7 Enter the desired End Time in the field or navigate through the up or down arrows.
  • Page 410 14: M HAPTER ANAGING LARMS...
  • Page 411: Using The

    SING THE VENT 3WXM maintains a log of system events. The log contains messages generated by the following: WX switches in the network plan—messages generated by the WX switches in the network plan that are being monitored by the 3WXM service 3WXM Services—messages generated by the 3WXM server the client is in communication with 3WXM Client—messages generated by the instance of the 3WXM...
  • Page 412: Refreshing Event Data

    15: U HAPTER SING THE VENT Refreshing Event By default, the event data is refreshed whenever the 3WXM Client Data generates a new message for itself, or receives a new message from the 3WXM Services. To disable automatic refreshing of events, clear the Auto-update checkbox and click Apply.
  • Page 413: Filtering Events By Content

    Filtering Event Messages Filtering Events by When using the predefined filters, you can limit the events you see in Content Event tab by specifying criteria such as IP address, date, or text in the log message. You can use advanced filters to further limit the events you see. To filter messages by content 1 In the Event Source box, type an event source name or part of an event source name.
  • Page 414 15: U HAPTER SING THE VENT In the Start box, click the arrow to use the calendar to specify the day, month, and year. Specify the end time. After—Only events that occurred after a specified time In the Start box, click the arrow to use the calendar to specify the day, month, and year.
  • Page 415: Filtering Events By Severity

    Filtering Event Messages Filtering Events by You can limit the events you see in Event tab based on event severity. Severity 1 Click on the Severity tab. 2 Select or clear the severity levels to display (the following descriptions are WX-based): Emergency—The WX is unusable.
  • Page 416: Creating And Saving Filters

    15: U HAPTER SING THE VENT Creating and Saving If you have specified additional criteria to filter the events, you can save Filters the criteria as a stored custom filter. 1 In the Stored Filters group box, type a new filter name in the Name box. 2 Type a name for the filter (1 to 80 alphanumeric characters, with no tabs).
  • Page 417: Generating Reports

    ENERATING EPORTS This chapter describes the reports you can generate with 3WXM: Inventory Mobility Domain Configuration WX Configuration Client Summary Client Details Client Errors Network Usage (Radio Traffic) RF Summary Radio Details Network Usage (Port Traffic) Rogue Details Rogue Summary Site Survey Work Order Alarm Summary...
  • Page 418: Configuration Requirements

    16: G HAPTER ENERATING EPORTS Configuration Some reports require specific monitoring options to be enabled in 3WXM Requirements Services. Table 30 lists these requirements for each report type. Table 30 Monitoring Requirements for Reports Report Monitoring Option Requirement Configuration Inventory None.
  • Page 419: Overview

    Overview Overview The Reports option of the 3WXM toolbar enables you to generate reports for network clients, RF usage, rogue devices, and 3Com equipment. Configuration reports: Inventory Mobility Domain Configuration WX Configuration Client monitoring reports: Client Summary Client Details Client Errors...
  • Page 420: Generating An Inventory Report

    16: G HAPTER ENERATING EPORTS Generating an The inventory report lists the WX switches and MAP access points in a Inventory Report specific Mobility Domain or that do not belong to a Mobility Domain. To generate an inventory report 1 Select the Reports tool bar option. 2 In the Reports list, select Inventory.
  • Page 421: Generating A Mobility Domain Configuration Report

    Generating a Mobility Domain Configuration Report Generating a The Mobility Domain configuration report lists information for all the WX Mobility Domain switches in a Mobility Domain, including the VLANs, radio and service Configuration profiles, and RADIUS server groups and servers configured on the WX Report switch(es).
  • Page 422: Generating A Wx Configuration Report

    16: G HAPTER ENERATING EPORTS Generating a WX The WX configuration report lists configuration details for a WX switch. Configuration Report 1 Select the Reports toolbar option. 2 In the Reports list, select WX Configuration. 3 In the Report Scope Instance drop-down list, select the switch for which you want the report.
  • Page 423: Generating A Client Summary Report

    Generating a Client Summary Report Table 33 WX Configuration Report Sections (continued) Section Description Directly connected MAPs configured on the WX switch. Distributed APs Distributed MAPs configured on the WX switch. Radio Profiles Radio profiles configured on the WX switch. Service Profiles Service profiles configured on the WX switch.
  • Page 424: Generating A Client Details Report

    16: G HAPTER ENERATING EPORTS 7 Click Generate. 8 When the report is generated, click the report link to view it. The client summary report contains the following sections: Session Summary Total Num Sessions Average SNR Average RSSI SSID Summary Access Type Summary Top Bandwidth Sessions Low RSSI Sessions...
  • Page 425: Generating A Client Errors Report

    Generating a Client Errors Report 9 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 10 Click Generate. 11 When the report is generated, click the report link to view it. The client details report contains the following sections: Session Properties Location History...
  • Page 426: Generating An Rf Network Usage Report

    16: G HAPTER ENERATING EPORTS 7 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 8 Click Generate. 9 When the report is generated, click the report link to view it. The client errors report contains the following sections: Cumulative errors for the scope of the report Client errors on individual WX switches...
  • Page 427: Generating An Rf Summary Report

    Generating an RF Summary Report 7 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 8 Click Generate. 9 When the report is generated, click the report link to view it. The network usage report contains the following sections: Cumulative statistics for the scope of the report Usage statistics on individual WX switches...
  • Page 428: Generating A Radio Details Report

    16: G HAPTER ENERATING EPORTS 7 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option. 8 Click Generate. 9 When the report is generated, click the report link to view it. The RF summary report contains the following sections: Cumulative data for the scope of the report Detailed data for each WX switch within the scope of the report...
  • Page 429: Generating A Traffic Report

    Generating a Traffic Report Generating a Traffic This network usage report shows port traffic statistics. Report 1 Select the Reports tool bar option. 2 In the Reports list, select Network Usage (Port Traffic). 3 Select the scope type of the report from the Report Scope Type drop-down list: Network Plan Mobility Domain...
  • Page 430: Generating A Rogue Details Report

    16: G HAPTER ENERATING EPORTS Generating a Rogue The rogue details report lists detailed information about rogue devices. Details Report 1 Select the Reports tool bar option. 2 In the Reports list, select Rogue Details. 3 Click Add to add a report filter. The filter configuration fields are activated.
  • Page 431 Generating a Rogue Summary Report 5 Select the time period for the report: 1 Hour 24 Hours 7 Days 30 Days 6 To specify the rogue type, click on the Value field in the Report Filter area of the dialog, and select one of the following from the drop-down list: Rogue Interfering Ad-hoc...
  • Page 432: Generating A Site Survey Order

    16: G HAPTER ENERATING EPORTS Generating a Site The site survey order contains the locations and MAC addresses of the Survey Order line-of-site (LOS) points for use when conducting a site survey, and also provides a GIF image of the floor. For the site survey order to be meaningful, you must specify the line-of-site (LOS) points first.
  • Page 433: Generating A Work Order

    A work order provides all of the necessary information for the physical Order installation of the 3Com Mobility System. A work order shows where the MAP access points should be installed, WX initial setup configuration information, and projected RSSI information that is useful when verifying the installation.
  • Page 434: Generating An Alarm Summary

    16: G HAPTER ENERATING EPORTS The origin reference point used in work orders to indicate MAP placement is the upper left corner of the coverage area. (Typically, this origin point will not match the origin point used on the floor plan itself.) Generating an The alarm summary report provides a summary of alarms.
  • Page 435: Generating A Security Alarm Report

    Generating a Security Alarm Report Site Building Floor 4 Select the instance for which you want the report. For example, if the scope is Building, select the building. 5 Edit or select the start and end dates and times for the history. 6 To select or change the output directory for the report, click Choose, navigate to the new directory, and click Select.
  • Page 436: Generating An Alarm Report For Client Ouis

    16: G HAPTER ENERATING EPORTS Generating an The client OUI report provides information about client-related alarms. Alarm Report for Client OUIs 1 Select the Reports tool bar option. 2 In the Reports list, select Client OUI. 3 To select or change the output directory for the report, click Choose, navigate to the new directory, and click Select.
  • Page 437: Monitoring The Network

    The Monitor tab displays information retrieved from the 3WXM Services. Information is presented in the following windows within the Monitor tab: Status Summary—Shows the high-level status for 3com equipment. Client Summary—Shows activity, errors, and session information for network clients. Alarm Summary—Shows faults (alarms) for WX switches.
  • Page 438: Requirements For Monitoring

    17: M HAPTER ONITORING THE ETWORK Requirements for To enable the 3WXM service to monitor network data, you or the 3WXM Monitoring service administrator must specify the WX switches to monitor. The 3WXM service collects data from the switches and updates the information in the views under the Monitor tool bar option for 3WXM clients.
  • Page 439: Accessing Monitored Data

    Accessing Monitored Data Distributed Networks with Remote Sites Distributed networks with remote sites have a large number, possibly hundreds, of smaller switches, such as WXR100 or WX1200 devices, spread across a variety of sites; for example, branch offices or a chain of stores.
  • Page 440: Using The Monitor View

    17: M HAPTER ONITORING THE ETWORK 3 When you select the Details button in the dashboard panel, 3WXM will display monitored data for the selected view. Using the Monitor When you open the Monitor View, you will notice several different View sections or “views.”...
  • Page 441: Status Summary

    Using the Monitor View 3WXM automatically selects the appropriate graphical display for the type of data, and displays the data using one of the following graphs: Line graph Pie chart Bar chart Stacked-bar charts While 3WXM collects graphical or tabular data, it might take longer to display data in one area than it does in another.
  • Page 442: Alarm Summary

    17: M HAPTER ONITORING THE ETWORK Alarm Summary The Alarm Summary view is located in the upper right corner of the Content panel and shows the current alarms for the selected scope. The alarms are organized by category and alarm type. 3WXM displays the following types of alarms, or faults: System Performance...
  • Page 443: Using The Status Summary View

    Using the Status Summary View 3WXM shows only traffic data for the following scopes: WX switch Mobility Domain Network Plan Using the Status The Status Summary view shows the operational status and property Summary View details of equipment such as WX switches, MAP access points, and MAP radios.
  • Page 444: Status Monitor Or Status Summary Details

    17: M HAPTER ONITORING THE ETWORK Status Monitor or The Status Monitor panel, or Status Summary details, shows more Status Summary detailed information for the devices. There are two ways to navigate to Details the Status Monitor view. In the previous screen, the blue numbers in the table are hyperlinks.
  • Page 445 Using the Status Summary View The following states reveal the complete status of an object: Admin State Locked Unlocked Operational State Up (enabled) Down (disabled) Usage State Active Idle Busy Availability Status Failed Degraded Powered Off Offline Not installed Alarm Status Critical Major Minor...
  • Page 446: Using The Alarm Summary View

    17: M HAPTER ONITORING THE ETWORK Using the Alarm The Alarm Summary view shows alarms organized by category and alarm Summary View type. The default view is the graphical representation of alarms. Click the tabular icon or the graph icon to switch between the chart and table views.
  • Page 447: Alarm Summary Details

    Using the Alarm Summary View Alarm Summary There are three ways to view Alarm Summary details. Like the Status Details Summary table, blue numbers are hyperlinks. Click on a hyperlink to view the details for that item. You can also click the Details button to switch from the Alarm Summary view to the Alarm Monitor panel, or select Alarms from the navigation bar.
  • Page 448 17: M HAPTER ONITORING THE ETWORK By clicking the Details button, the display will show the Alarms dashboard, and your results will be unfiltered. 3WXM will display all of the alarms in tabular format. The results will be similar to those shown in the following screen.
  • Page 449 Using the Alarm Summary View Click on a row to view the details of a specific alarm in the tabular view (shown in the following screen).
  • Page 450 17: M HAPTER ONITORING THE ETWORK After clicking on a row, 3WXM will display more information for the specific alarm in the lower pane. Click a row in the lower pane to view all of the details for the alarm. 3WXM will display a window similar to the one shown in the following screen.
  • Page 451: Additional Alarm Options

    Using the Alarm Summary View Client Security Network Plan Mobility Domain Mobility Exchange 10/100 Ethernet Port Gigabit Ethernet Port Distributed AP Radio Site Building Floor Network plan name(s) These options allow you to see a variety of specific alarms for each device in the network.
  • Page 452 17: M HAPTER ONITORING THE ETWORK Add to Rogue List Add to Ignore List Create Third-Party AP The options are either active or inactive for each alarm. Click on an active option to see more information. Inactive options will be gray. The following screen provides a sample of the Alarm Setup option.
  • Page 453: Using The Client Summary View

    Using the Client Summary View Using the Client The Client Summary view displays information for the following client Summary View information: Clients by WX Clients by Radio Clients by SSID Clients by access type Clients by time Top clients Click the tabular icon or the graph icon to switch between the chart and table views.
  • Page 454: Client Details

    17: M HAPTER ONITORING THE ETWORK Client Details Click the Details button to switch the from the graphical or tabular representation to the Client Monitor dashboard. In the Client Monitor dashboard, you can examine current and trending data for client sessions and launch various actions on a session.
  • Page 455: Additional Client Options

    Using the Client Summary View Additional Client Additional client options are available from the Client Monitor Options dashboard. These options are located in the Task panel on the right side of the screen (shown below) and include the following: View Client Session Session Details Top Clients...
  • Page 456 17: M HAPTER ONITORING THE ETWORK The options are either active or inactive for each alarm. Some data might not be available depending on the scope and the server setup options, but you can retrieve and view details of current sessions. Click on an active option to see more information.
  • Page 457 Using the Client Summary View The following screen provides a sample of the Top Clients option.
  • Page 458: Finding A Client

    17: M HAPTER ONITORING THE ETWORK Finding a Client When the network level polling is disabled, perform the following actions to monitor one or more clients. 1 From the Client Monitor, choose Manage > Find Client in the Task panel to display the Find Client search dialog (shown below). 2 Enter the desired search criteria, select the search scope, and click Next to display the Find Client(s) Result dialog (shown in the next figure).
  • Page 459 Using the Client Summary View You can access the Locate Client, Terminate Client, and Find AeroScout Tag options in the same manner. Locating the User Display the user’s approximate location by performing the following steps: 1 On the Find Client(s) Result screen, click the Locate Client task (under Manage).
  • Page 460 17: M HAPTER ONITORING THE ETWORK Client’s Approximate Location 4 To refresh the list of MAPs that detect the client, click the (Refresh Listeners) button 5 To change the MAPs used for calculating the client’s location, click the Listeners tab and Select or deselect MAPs from the list, then click the (Locate) button.
  • Page 461: Refreshing Client Data

    Using the Client Summary View Refreshing Client 3WXM refreshes client monitor data at regular intervals (every 5 minutes Data by default). The administrator can specify the refresh rate using the client monitor polling interval. (See “Changing Monitoring Settings” on page 510.) Click the refresh icon to refresh the data on demand.
  • Page 462: Using The Traffic Summary View

    17: M HAPTER ONITORING THE ETWORK 2 Choose Manage > RF Link Test in the Task panel to run a link test and display the Link Test results dialog, as shown below. 3 Click the Refresh button to perform another link test and repopulate the RF Link Test table with new data.
  • Page 463 Using the Traffic Summary View The following options are available for Radio, AP, Floor, Building, and Site: 1 Hour (Radio) 24 Hour (Radio) 7 Days (Radio) 30 Days (Radio) 1 Hour (Traffic) 24 Hour (Traffic) 7 Days (Traffic) 30 Days (Traffic) The following screens provide samples of the same information, Traffic - 1 Hour.
  • Page 464: Traffic Details

    17: M HAPTER ONITORING THE ETWORK Traffic Details Click the Details button to switch the view from the Traffic Monitor dashboard to the Traffic Details view. The following screen is a sample of the data available for Traffic - 1 Hour in the Traffic Monitor view.
  • Page 465: Additional Traffic Options

    Using the Traffic Summary View Additional Traffic Additional traffic options are available from the Traffic Monitor Options dashboard. These options are located on the right side of the screen and include the following: Trends Bytes & Packets In/Out Packets Details Reports Traffic Other options may be available, depending on the item selected in the...
  • Page 466: Using The Floor View Monitor

    17: M HAPTER ONITORING THE ETWORK Voice Monitoring with Traffic Views 3WXM 6.0 now includes monitoring functions which can assist with voice deployments. QoS statistics, including per-queue Tx and Rx counts, can be accessed through the Traffic Monitor dashboard, allowing you to perform real-time monitoring of QoS on a specific radio or a specific client.
  • Page 467: On-Demand Statistics Monitoring

    On-Demand Statistics Monitoring On-Demand Each of the Monitor dashboard views offers a way to see on-demand Statistics statistics. For example, selecting a session from the Client Monitor panel Monitoring launches the current statistics for that session. Viewing Performance 3WXM opens a separate window for the statistics panel, and you can Data open multiple statistics panels.
  • Page 468 17: M HAPTER ONITORING THE ETWORK Traffic Reports Network Usage (Port Traffic) Network Usage (Radio Traffic) RF Statistics RF Summary Radio Details Rogue Reports Rogue Details Rogue Summary Alarm Reports Alarm Summary Alarm History Security Client OUI RF Planning reports Site Survey Order Work Order For each report, use the wizard to configure the report scope type, report...
  • Page 469: Detecting And Combatting Rogue Devices

    You can display information about the devices of interest. To identify friendly devices, such as non-3Com access points in yours or your neighbor’s network, you can add them to the known devices list. You also can enable countermeasures to prevent clients from using the devices that truly are rogues.
  • Page 470: Rogue Detection Requirements

    18: D HAPTER ETECTING AND OMBATTING OGUE EVICES Rogue Detection Rogue detection in 3WXM has the following requirements. Requirements The Enable Rogue Detection option must be selected on the Monitoring Settings section of the 3WXM Services Setup dialog. (See “Changing Monitoring Settings” on page 510.) To use countermeasures, they must be enabled.
  • Page 471: Mobility Domain Requirement

    RFDetetSpoofedMacAP Indicates that MSS has detected a wireless packet with the source MAC address of a 3Com MAP, but without the spoofed signature (fingerprint) of the MAP. RFDetectSpoofedSSIDAP Indicates that MSS has detected beacon frames for a valid SSID, but sent by a rogue...
  • Page 472: Rogue Detection Lists

    18: D HAPTER ETECTING AND OMBATTING OGUE EVICES Rogue Detection Rogue detection lists specify the third-party devices and SSIDs that MSS Lists allows on the network, and the devices MSS classifies as rogues. You can configure the following rogue detection lists: Permitted SSID list—A list of SSIDs allowed in the Mobility Domain.
  • Page 473 Rogue Detection Lists MAP radio detects wireless packet. Source MAC in SSID in Permitted Ignore List? SSID List? OUI in Permitted Vendor List? Generate an alarm. Classify device as a rogue. Issue countermeasures (if enabled). Source MAC in Attack List? Rogue classification algorithm deems the device to be a rogue?
  • Page 474: Displaying Rogue Information

    To do this, adjust the selection criteria on the fault dashboard. In the example below, the alarms are filtered so that only alarms from the WX switch AlphaWX1-(WX4400) that contain “rogue” in the Description field are displayed. Each rogue is listed only once, even if multiple entries for the rogue appear in the Events Log.
  • Page 475: Displaying Rogue Details

    Displaying Rogue Information Ad-hoc clients—Wireless clients who are configured to communicate wirelessly outside of the network infrastructure. Ad-hoc clients are not necessarily malicious, but they do steal bandwidth from your infrastructure users. Ad-hoc clients are further categorized into rogues and interfering devices. The word Rogue or Interfering appears in parentheses next to the word Ad-hoc.
  • Page 476 18: D HAPTER ETECTING AND OMBATTING OGUE EVICES Table 35 describes the fields that appear on the Alarm Details tab for a rogue. Table 35 Alarm Details for Rogues Field Description Type The alarm type; for example, Rogue AP Detected. Category The category of alarm;...
  • Page 477 Displaying Rogue Information To display additional details for a rogue, select the rogue in the alarm list, then click Event Details in the Task List panel. Table 36 describes the fields that appear in the Listeners table for the rogue. Table 37 Listeners Columns Column Description...
  • Page 478: Displaying The Geographical Location Of A Rogue

    18: D HAPTER ETECTING AND OMBATTING OGUE EVICES Displaying Rogue Client Information To display details about the clients of rogue devices, select the rogue in the alarm list, then click View Clients in the Task List panel. Table 38 lists the information displayed on about clients of rogue devices. Table 38 Clients Columns Column Description...
  • Page 479 Displaying the Geographical Location of a Rogue Rogue’s Approximate Location 3 To change the MAPs used for calculating the location of a rogue, click the Listeners tab and select or deselect MAPs from the list, then click the (Locate) button. To display the location of a client associated with the rogue: 1 Select the rogue client in the alarm list.
  • Page 480 18: D HAPTER ETECTING AND OMBATTING OGUE EVICES Rogue Client’s Approximate Location 3 To change the MAPs used for calculating the location of a client, click the Listeners tab and select or deselect MAPs from the list, then click the (Locate) button.
  • Page 481: Ignoring Friendly Third-Party Devices

    Ignoring Friendly Third-Party Devices Ignoring Friendly By default, when countermeasures are enabled, MSS considers any Third-Party Devices third-party transmitter to be a rogue device and can send countermeasures to prevent clients from using that device. To prevent MSS from sending countermeasures against a friendly device, add the device to the ignore list.
  • Page 482: Adding A Device To The Rogue List

    18: D HAPTER ETECTING AND OMBATTING OGUE EVICES Adding a Device to The rogue list is a list of AP MAC addresses belonging to a switch. 3WXM the Rogue List will attack the AP MAC addresses in the rogue list whenever they are present on the network.
  • Page 483 Converting a Rogue into a Third Party AP 3 Enter the information for the AP and place the icon for the AP in its floor location, if applicable. (See “Placing Third-Party Access Points” on page 137.) When you have finished, the AP appears under Objects to Place in RF Planning.
  • Page 484: Adding Clients Belonging To A Rogue To The Black List

    18: D HAPTER ETECTING AND OMBATTING OGUE EVICES Adding Clients The client black list is a list of MAC addresses belonging to wireless clients Belonging to a who are not allowed on the network. MSS prevents clients on the list Rogue to the Black from accessing the network through a WX switch.
  • Page 485: Optimizing A Network Plan

    PTIMIZING A ETWORK After deploying a network plan to the 3Com equipment in your live network, optimize the plan based on RF information from the network. The RF information can be from a site survey or from MAP radios. Site survey—RF measurements come from a site survey file generated by the Ekahau Site Survey™...
  • Page 486 19: O HAPTER PTIMIZING A ETWORK 4 You can choose to import measurements from the network, a site survey file, or both: a If you want to use RF neighborhood information imported from a MAP in the network, click Yes next to Network. b If you want to import measurements from a site survey file, click Yes next to File, and in the File Format listbox, select Ekahau.
  • Page 487: Applying The Rf Measurements To The Floor Plan

    Importing RF Measurements Applying the RF To apply the RF measurements to the floor plan: Measurements to the Floor Plan 1 Under Site Survey in the Task List panel, click Optimize. A wizard appears, listing the progress of the request. The Total number of RF measurements that did not intersect any object line lists the number of measurements that did not experience attenuation due to an RF obstacle in the path between them.
  • Page 488: Locating And Fixing Coverage Holes

    19: O HAPTER PTIMIZING A ETWORK The measurements reflect how well the measuring MAPs can hear one another, and do not directly measure how well clients can hear the MAPs. For example, if the MAPs are mounted on the ceiling, attenuation of their signals to one another might be less than the attenuation of the same signals when received by clients on desktops in cubicles and offices.
  • Page 489 Locating and Fixing Coverage Holes 5 On the toolbar, click the radio type for which you want to display coverage: Displays 802.11a coverage for the selected scope(s). Displays 802.11b coverage for the selected scope(s). Displays 802.11g coverage for the selected scope(s).
  • Page 490: Fixing A Coverage Hole

    19: O HAPTER PTIMIZING A ETWORK Fixing a Coverage After importing RF measurements, optimizing, and displaying coverage, Hole observe any wireless coverage holes in the network. Use any of the following methods to fix any coverage holes: Lock the MAPs in place, and use the Compute and Place task to recompute the number of MAPs needed and their recommended placement.
  • Page 491: Overview

    3WXM P HANGING REFERENCES This chapter discusses how to set 3Com Wireless Switch Manager (3WXM) client preferences. It describes how to reset preferences values and change options for network synchronization, user interface, persistence, tools, certificate management, RF planning, and 3WXM logging.
  • Page 492: Changing Network Synchronization Options

    A: C 3WXM P HAPTER HANGING REFERENCES Changing Network By default, 3WXM checks for configuration changes, events, and status Synchronization changes on WX switches. You can configure checking (also called polling) for Options configuration changes in the network made with the CLI, Web View, or another instance of 3WXM.
  • Page 493: Changing Tools Options

    Changing Tools Options 3 To enable a confirmation prompt after closing a wizard, select the Warn checkbox. To disable the confirmation prompt, clear the Warn checkbox. By default, if you close a wizard, a pop-up box appears, asking whether you want to close the wizard.
  • Page 494: Changing Certificate Management Options

    A: C 3WXM P HAPTER HANGING REFERENCES For Windows systems, the default Telnet executable file is C:\WINDOWS\system32\telnet.exe. For Linux systems, the default is /usr/bin/telnet. You can also click Browse to navigate the computer filesystem. 4 To change the Web browser executable file or location used by 3WXM, type the path of the executable file in the Browser Executable box.
  • Page 495: Changing Options For Rf Planning

    Changing Options for RF Planning Changing Options You can change the following RF planning options: for RF Planning Typical transmit power for clients in the 3Com network. Color schemes for showing RF information Configuring the To change the transmit power of a typical client:...
  • Page 496 A: C 3WXM P HAPTER HANGING REFERENCES To Change a Color 1 Select Tools > Preferences. The Preferences dialog box appears. 2 Click the RF tab. 3 Select one of the following tabs: 802.11a Channel Colors 802.11b/g Channel Colors RF Obstacle Colors Data Rate Colors RSSI Band Colors SNR Band Colors...
  • Page 497 Changing Options for RF Planning 4 Do one of the following: Change another color. Click another Preferences tab. Click Close to close the Preferences dialog box. Defining a Color by Changing HSB Properties You can define colors by changing the hue, saturation, and brightness (HSB).
  • Page 498 A: C 3WXM P HAPTER HANGING REFERENCES 5 Click OK to accept the color. The RF Planning Options tab in the Preferences dialog box is active. 6 Do one of the following: Change another color. Click another Preferences tab. Click Close to close the Preferences dialog box. Defining a Color by Changing RGB Properties You can define a color by changing red, blue, and green (RGB) color properties.
  • Page 499: Changing 3Wxm Logging Options

    Info — Informational messages only. No action is required. Debug — All events are shown, including debug messages. Select the Debug option only if 3Com Technical Support has advised you to do so. Debug-level logging significantly impacts network performance and should only be enabled temporarily to troubleshoot problems, as directed by Technical Support.
  • Page 500 A: C 3WXM P HAPTER HANGING REFERENCES...
  • Page 501: Overview

    3WXM S HANGING ERVICES REFERENCES This chapter discusses how to change 3WXM Services preferences. This chapter describes how to change monitoring service preferences. To change 3WXM Client preferences, see “Changing 3WXM Preferences” on page 491. To configure access control for the 3WXM Client, see “Restricting Access to 3WXM”...
  • Page 502: Starting Or Stopping The 3Wxm Services

    3WXM Services. You also can configure the service to start and stop automatically. 3Com recommends that all clients that are using 3WXM Services be closed before you stop the services. If a 3WXM Client is using a network plan on 3WXM Services when you stop the services, you cannot select objects or options in the client.
  • Page 503: Starting Or Stopping 3Wxm Services On Windows Systems

    Starting or Stopping the 3WXM Services Starting or Stopping You can start 3WXM Services from within 3WXM or from Windows 3WXM Services on Services. Windows Systems 1 Display the Services window. Here is an example of the Services window in Windows XP. (The window might look differently on your system.) 2 Scroll down and select 3WXM Services.
  • Page 504: Starting Or Stopping 3Wxm Services On Linux Systems

    SSL and SNMP ports (443 and 162 by default). To connect to 3WXM Services 1 Start 3WXM Client. On Windows systems, select Start > Programs > 3Com Networks > 3WXM > 3WXM, or double-click the 3WXM icon on the desktop. On Linux systems, change directories to...
  • Page 505 Connecting to 3WXM Services The 3WXM Services Connection dialog appears. 2 Enter the IP address or fully-qualified hostname of the machine on which the service is installed. If the service is installed on the same machine as the one you are using to run 3WXM, enter 127.0.0.1 as the IP address.
  • Page 506: Certificate Check

    B: C 3WXM S HAPTER HANGING ERVICES REFERENCES Verify that the service has been started. If the service is running, verify that the certificate on the server is still valid (for example, is not out of date). H TTP 403: For bi dden This message can indicate that the username and password are invalid.
  • Page 507: Verifying That The 3Wxm Client Is Receiving Service Data

    Verifying that the 3WXM Client is Receiving Service Data When you use this option, the Certificate Check dialog box is not shown again for the certificate, even if the certificate becomes out of date. 2 Click Accept. To reject the certificate and refuse the connection, click Reject. The 3WXM ends the connection.
  • Page 508: Changing Service Settings

    B: C 3WXM S HAPTER HANGING ERVICES REFERENCES Changing Service The service settings control the connection parameters, key store Settings information, and access control to 3WXM Services. The port numbers used by 3WXM Services must not be used by other applications on the machine where the 3WXM Services is installed.
  • Page 509: Changing Wx Connection Settings

    Changing WX Connection Settings 6 To change the password that protects access to the key store file, edit the value in the Password box. 7 To specify the file type for the key store file, select one of the following: PKCS12 —...
  • Page 510: Changing Monitoring Settings

    B: C 3WXM S HAPTER HANGING ERVICES REFERENCES When both the Accept all certificates and Accept self-signed certificates options are disabled, 3WXM Services accepts only-CA generated certificates. 7 To specify a key store filename and a password to protect access to that file: a Enter the filename in the File box.
  • Page 511: To Change Monitoring Settings

    Changing Monitoring Settings Table 39 Sources of Monitor Data (continued) 3WXM Client Display Data Source Default Monitor tab — Clients Enable Client Session Collection option Enabled Monitor tab — Traffic Enable Traffic & RF Trending option Enabled Alarms (or Monitor Enable Rogue Detection option, which Enabled tab—Alarms)
  • Page 512 B: C 3WXM S HAPTER HANGING ERVICES REFERENCES 5 To change settings for client-session data collection: a Select Enable Client Session Collection. This option is enabled by default. b To change the number of minutes between data queries, change the value in the Polling interval box.
  • Page 513: Accessing The 3Wxm Services Log

    Accessing the 3WXM Services Log Accessing the 3WXM Services Log 1 Select Services > Setup, if 3WXM Services is not already displayed in a browser window. 2 Select Maintenance, then select Log. Managing Network 3WXM Services regularly backs up network plans, at configurable Plans intervals.
  • Page 514: Backing Up A Plan

    B: C 3WXM S HAPTER HANGING ERVICES REFERENCES Backing Up a Plan To immediately create a backup 1 Select Services > Backup & Restore. If 3WXM Services is already open in the browser window, select Plan Management, then select Backup & Restore. 2 Type a name for the backup in the Backup Name box.
  • Page 515: Copying A Plan Backup From One Server To Another

    Managing Network Plans Copying a Plan Copy a plan to another server by copying the backup file for that plan to Backup from One the other server, then restoring the plan on the other server from the Server to Another backup.
  • Page 516 B: C 3WXM S HAPTER HANGING ERVICES REFERENCES...
  • Page 517: Upport For

    To take advantage of warranty and other service benefits, you must first Product to Gain register your product at: Service Benefits http://eSupport.3com.com/ 3Com eSupport services are based on accounts that are created or that you are authorized to access. Solve Problems 3Com offers the following support tool: Online 3Com Knowledgebase —...
  • Page 518: Purchase Extended Warranty And Professional Services

    3Com as a separately ordered product. Separately orderable software releases and licenses are listed in the 3Com Price List and are available for purchase from your 3Com reseller.
  • Page 519: Contact Us

    Diagnostic error messages Details about recent configuration changes, if applicable To send a product directly to 3Com for repair, you must first obtain a return materials authorization number (RMA). Products sent to 3Com without authorization numbers clearly marked on the outside of the package will be returned to the sender unopened, at the sender’s...
  • Page 520 Vietnam Call the U.S. direct by dialing 1 201 0288, then dialing 800 763 6780 You can also obtain non-urgent support in this region at this email address apr_technical_support@3com.com Or request a return material authorization number (RMA) by FAX using this number:...
  • Page 521 Telephone Number Latin America — Telephone Technical Support and Repair Antigua 1 800 988 2112 Guatemala AT&T +800 998 2112 Argentina 0 810 444 3COM Haiti 57 1 657 0888 Aruba 1 800 998 2112 Honduras AT&T +800 998 2112...
  • Page 522 C: O PPENDIX BTAINING UPPORT FOR RODUCTS...
  • Page 523 NDEX Numbers backbone fast convergence 222 3Com Knowledgebase tool 517 bug fixes 518 3Com Professional Services 518 3Com resources, directory 519 3WXM creating provision or monitor accounts 56 restricting access to 54 certificates deleting 385 software requirements 23 distributing 386...
  • Page 524 NDEX directory of 3Com resources 519 Filter-Id attribute, reassigning with the location Distributed MAP, Auto-AP profile 279 policy 339 Distributed MAPs, mapping ACLs to 238 firewalls, in a Mobility Domain 66 distributing system images 369 distributing WX software images 369...
  • Page 525 NDEX link notification 186 locating users 459 link redundancy 193 on-demand statistics 467 load balancing, RADIUS server group 314 refreshing client data 461 load sharing, configuring 193 requirements 438 status 437 local changes deploying 367 traffic summary view 462 reviewing 365, 366 using status summary view 443 scheduling deployment 367 using the monitor view 440...
  • Page 526 292 Secure Sockets Layer protocol (SSL), management ports 66 RADIUS accounting ports 66 sending products to 3Com for repair 519 authentication 66 service benefits 517, 519 services, repair 519 RADIUS (Remote Authentication Dial-In User Services) sites, defined 78...
  • Page 527 207 STP fast convergence 222 creating 216 definition 215 mapping ACLs to 238 table of 3Com support contact numbers 519 roaming 216 tag type 218 tagging 218 technical support, Asia and Pacific Rim 520 tunnel affinity 227...
  • Page 528 NDEX WX-WX security, enabling 67 X.509 certificate types 383...

Table of Contents