SMC Networks SMC2890W-AN Management Manual
  1. Manuals
  2. Brands
  3. SMC Networks Manuals
  4. Wireless Access Point
  5. SMC2890W-AN
  6. Management manual

SMC Networks SMC2890W-AN Management Manual

802.11a/b/g/n outdoor dual-band wireless access point
Hide thumbs Also See for SMC2890W-AN:
Table of Contents

Advertisement

Quick Links

Download this manual
802.11a/b/g/n Outdoor
Dual-Band Wireless Access Point
MANAGEMENT
GUIDE
SMC2890W-AN, SMC2891W-AN

Advertisement

Table of Contents
loading

Related Manuals for SMC Networks SMC2890W-AN

Summary of Contents for SMC Networks SMC2890W-AN

  • Page 1 MANAGEMENT GUIDE 802.11a/b/g/n Outdoor Dual-Band Wireless Access Point SMC2890W-AN, SMC2891W-AN...
  • Page 2 Outdoor Access Point Management Guide No. 1, Creation Road III, Hsinchu Science Park, January 2013 30077, Taiwan, R.O.C. Pub. # 149100000208A Tel: +886 3 5638888 E012013-CS-R01 Fax: +886 3 6686111...
  • Page 3 Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC.

  • Page 4: Warranty And Product Registration

    Warranty and Product Registration To register SMC products and to review the detailed warranty statement, please refer to the Support Section of the SMC Website at http://www.smc.com. – 4 –...

  • Page 5: How To Use This Guide

    How to Use This Guide This guide includes detailed information on the access point (AP) software, including how to operate and use the management functions of the AP. To deploy this AP effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all its software features.
  • Page 6 How to Use This Guide Conventions The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions. Caution: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment.

  • Page 7: Table Of Contents

    Contents Warranty and Product Registration How to Use This Guide Contents Figures Tables Section I Getting Started 1 Introduction Configuration Options Console Port Connection Console Login Network Connections Connecting to the Web Interface Home Page and Main Menu Common Web Page Buttons 2 Initial Configuration CLI Initial Configuration Steps Setting an IP Address...
  • Page 8 Contents Section II Web Configuration 3 System Settings Administration Settings IPv4 Address IPv6 Address RADIUS Settings Primary and Secondary RADIUS Server Setup RADIUS Accounting System Time SNTP Server Settings Time Zone Setting Daylight Saving Settings VLAN Configuration System Logs Quick Start Wizard System Resource Bridge STP Configuration Spanning Tree Protocol (STP)
  • Page 9 Contents Link Layer Discovery Protocol Access Control Lists Source Address Settings Destination Address Settings Ethernet Type Link Integrity 6 Wireless Settings Authentication Local MAC Authentication RADIUS MAC Authentication Radio Settings Virtual Access Points (VAPs) VAP Basic Settings WDS-STA Mode Wireless Security Settings Wired Equivalent Privacy (WEP) VAP QoS Settings VAP Bandwidth Settings...
  • Page 10 Contents Section III Command Line Interface 9 Using the Command Line Interface Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Negating the Effect of Commands Using Command History Understanding Command Modes Command Line Processing 10 General Commands 11 System Management Commands...
  • Page 11 Contents 22 WDS Bridge Commands 23 Ethernet Interface Commands 24 Wireless Interface Commands 25 Wireless Security Commands 26 Rogue AP Detection Commands 27 Link Integrity Commands 28 Link Layer Discovery Commands 29 VLAN Commands 30 WMM Commands 31 QoS Commands Section IV Appendices A Troubleshooting...

  • Page 12: Figures

    Figures Figure 1: Login Page Figure 2: The Home Page Figure 3: Set Configuration Changes Figure 4: Help Menu Figure 5: Quick Start - Step 1 Figure 6: Quick Start - Step 2 Figure 7: Quick Start - Step 3 Figure 8: Quick Start - Step 4 Figure 9: Administration Figure 10: IPv4 Configuration...
  • Page 13 Figures Figure 30: Destination ACLs Figure 31: Ethernet Type Filter Figure 32: Link Integrity Figure 33: Local Authentication Figure 34: RADIUS Authentication Figure 35: Radio Settings Figure 36: VAP Settings Figure 37: VAP Basic Settings Figure 38: WDS-STA Mode Figure 39: Configuring VAPs - Security Settings Figure 40: WEP Configuration Figure 41: QoS Settings Figure 42: QoS Template Setting...

  • Page 14: Tables

    Tables Table 1: Logging Levels Table 2: WMM Access Categories Table 3: Command Modes Table 4: General Commands Table 5: System Management Commands Table 6: Country Codes Table 7: System Management Commands Table 8: Logging Levels Table 9: System Clock Commands Table 10: DHCP Relay Commands Table 11: SNMP Commands Table 12: Flash/File Commands...
  • Page 15 Tables Table 30: Troubleshooting Chart – 15 –...
  • Page 16 Tables – 16 –...

  • Page 17: Section I

    Section I Getting Started This section provides an overview of the access point, and introduces some basic concepts about wireless networking. It also describes the basic settings required to access the management interface. This section includes these chapters: ◆ “Introduction” on page 18 ◆...

  • Page 18: Introduction

    Introduction The access point (AP) runs software that includes a network management agent. The agent offers a variety of management options, including SNMP and a web- based interface. A PC may also be connected directly to the AP’s console port for configuration using a command line interface (CLI).

  • Page 19: Console Port Connection

    Chapter 1 | Introduction Console Port Connection Console Port Connection The AP provides an RS-232 serial console port that enables a connection to a PC or terminal for monitoring and configuring the AP. A null-modem console cable is provided with the AP. Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the AP.

  • Page 20: Network Connections

    Chapter 1 | Introduction Network Connections At the login prompt, enter “admin. ” At the Password prompt, press <Enter>. There is no default password. The session is opened and the CLI displays the “Accton#” prompt indicating you have access to the CLI commands. Example (none) login: admin Password:...

  • Page 21: Home Page And Main Menu

    Chapter 1 | Introduction Connecting to the Web Interface Log into the interface by entering the default username “admin” with no password, then click Login. Note: It is strongly recommended to change the default user name and password the first time you access the web interface. For information on changing user names and passwords, See “Administration Settings”...

  • Page 22: Common Web Page Buttons

    Chapter 1 | Introduction Connecting to the Web Interface The web interface Main Menu menu provides access to all the configuration settings available for the AP. To configure settings, click the relevant Main Menu item. Each Main Menu item is sumarized below with links to the relevant section in this guide where configuration parameters are described in detail: ◆...

  • Page 23: Figure 4: Help Menu

    Chapter 1 | Introduction Connecting to the Web Interface Figure 4: Help Menu ◆ Logout – Ends the web management session. ◆ Save Config – Saves the current configuration so that it is retained after a restart. – 23 –...

  • Page 24: Initial Configuration

    Initial Configuration The AP’s initial configuration steps can be made through the CLI or web browser interface. If the AP is not configured with an IP address that is compatible with your network. You can first use the command line interface (CLI) as described below to configure a valid IP address.

  • Page 25: Setting A Password

    Chapter 2 | Initial Configuration CLI Initial Configuration Steps Setting a Password If you are logging in to the CLI for the fist time, you should define management access passwords for an administrator and guest (used for CLI and web management), record them, and then keep them in a safe place.

  • Page 26: Web Quick Start

    Chapter 2 | Initial Configuration Web Quick Start BA-BOSNIA, BR-BRAZIL, BN-BRUNEI_DARUSSALAM, BG-BULGARIA, CA-CANADA, CL-CHILE, CN-CHINA, CO-COLOMBIA, CR-COSTA_RICA, HR-CROATIA, CY-CYPRUS, CZ-CZECH_REPUBLIC, DK-DENMARK, DK-DENMARK, DO-DOMINICAN_REPUBLIC, EC-ECUADOR, EG-EGYPT, EE-ESTONIA, FI-FINLAND, FO-FAROE_ISLANDS, FR-FRANCE, F2-FRANCE2, GE-GEORGIA, DE-GERMANY, GR-GREECE, GT-GUATEMALA, HK-HONG_KONG, HN-HONDURAS, HU-HUNGARY, IS-ICELAND, IN-INDIA, ID-INDONESIA, IR-IRAN, IQ-IRAQ, IE-IRELAND, IL-ISRAEL, IT-ITALY, JM-JAMAICA, JP0-JAPAN0, JP3-JAPAN3(including 4.9G channels), JO-JORDAN, KE-KENYA, KZ-KAZAKHSTAN, KP-NORTH KOREA, KR-KOREA_REPUBLIC,...

  • Page 27: Figure 5: Quick Start - Step 1

    The following items are displayed on the first page of the Quick Start wizard: Identification ◆ System Name — The name assigned to the access point. (Default: SMC2890W-AN or SMC2891W-AN) Change Password ◆ Username/Guest Username — The name of the user is fixed as either “admin”...

  • Page 28: Figure 6: Quick Start - Step 2

    Chapter 2 | Initial Configuration Web Quick Start Caution: You must set the country code to the country of operation. Setting the country code restricts operation of the access point to the radio channels and transmit power levels permitted for wireless networks in the specified country. ◆...

  • Page 29: Step 3

    Chapter 2 | Initial Configuration Web Quick Start ◆ Primary and Secondary DNS Address — The IP address of Domain Name Servers on the network. A DNS maps numerical IP addresses to domain names and can be used to identify network hosts by familiar names instead of the IP addresses.
  • Page 30 Chapter 2 | Initial Configuration Web Quick Start Security ◆ Association Mode — Defines the mode with which the VAP will associate with clients. (For more information on security modes, see “Wireless Security Settings” on page 78.) Open System: The VAP is configured by default as an “open system, ” which ■...

  • Page 31: Step 4

    Chapter 2 | Initial Configuration Web Quick Start Authentication ◆ 802.1X — The access point supports 802.1X authentication only for clients initiating the 802.1X authentication process (i.e., the access point does not initiate 802.1X authentication). For clients initiating 802.1X, only those successfully authenticated are allowed to access the network.

  • Page 32: Web Configuration

    Section II Web Configuration This section provides details on configuring the access point using the web browser interface. This section includes these chapters: ◆ “System Settings” on page 33 ◆ “Management Settings” on page 49 ◆ “Advanced Settings” on page 60 ◆...

  • Page 33: System Settings

    System Settings This chapter describes basic system settings on the access point. It includes the following sections: ◆ “Administration Settings” on page 34 ◆ “IPv4 Address” on page 35 ◆ “IPv6 Address” on page 36 ◆ “RADIUS Settings” on page 37 ◆...

  • Page 34: Administration Settings

    The following items are displayed on this page: ◆ System Name — An alias for the AP, enabling the device to be uniquely identified on the network. (Default: SMC2890W-AN or SMC2891W-AN; Range: 1-32 characters) ◆ Username/Guest Username — The name of the user is fixed as either “admin”...

  • Page 35: Ipv4 Address

    Chapter 3 | System Settings IPv4 Address Caution: You must set the country code to the country of operation. Setting the country code restricts operation of the AP to the radio channels and transmit power levels permitted for wireless networks in the specified country. IPv4 Address Configuring the AP with an IPv4 address expands your ability to manage the AP.

  • Page 36: Ipv6 Address

    Chapter 3 | System Settings IPv6 Address If you have management stations, DNS, RADIUS, or other network servers located on another subnet, type the IP address of the default gateway router in the text field provided. ◆ Primary and Secondary DNS Address — The IP address of Domain Name Servers on the network.

  • Page 37: Radius Settings

    Chapter 3 | System Settings RADIUS Settings ◆ DHCP Status — Enables/disables DHCPv6 on the access point. ◆ IP Address — Specifies an IPv6 address for management of the access point. (Default: 2001:db8::1) ◆ Subnet Mask — Indicates the local subnet mask. (Default: 64) ◆...

  • Page 38: Radius Accounting

    Chapter 3 | System Settings RADIUS Settings Figure 12: RADIUS Settings The following items are displayed on the RADIUS Settings page: ◆ RADIUS Status — Enables/disables the primary RADIUS server. ◆ IP Address — Specifies the IP address or host name of the RADIUS server. ◆...

  • Page 39: System Time

    Chapter 3 | System Settings System Time ◆ Port (1024-65535) — The UDP port number used by the RADIUS accounting server for authentication messages. (Range: 1024-65535; Default: 1813) ◆ Key — A shared text string used to encrypt messages between the access point and the RADIUS accounting server.

  • Page 40: Sntp Server Settings

    Chapter 3 | System Settings VLAN Configuration SNTP Server Settings Configures the access point to operate as an SNTP client. When enabled, at least one time server IP address must be specified. ◆ SNTP Status — Enables/disables SNTP. (Default: enabled) ◆...

  • Page 41: Figure 14: Setting The Vlan Identity

    Chapter 3 | System Settings VLAN Configuration Note the following points about the access point’s VLAN support: ◆ The management VLAN is for managing the access point through remote management tools, such as the web interface, SSH, SNMP, or Telnet. The access point only accepts management traffic that is tagged with the specified management VLAN ID.

  • Page 42: System Logs

    Chapter 3 | System Settings System Logs System Logs The access point can be configured to send event and error messages to a System Log Server. The system clock can also be synchronized with a time server, so that all the messages sent to the Syslog server are stamped with the correct time and date.

  • Page 43: Quick Start Wizard

    Chapter 3 | System Settings Quick Start Wizard ◆ Logging Level — Sets the minimum severity level for event logging. (Default: Debug) The system allows you to limit the messages that are logged by specifying a minimum severity level. The following table lists the error message levels from the most severe (Emergency) to least severe (Debug).

  • Page 44: System Resource

    Chapter 3 | System Settings System Resource System Resource The System Resource page displays information on the AP’s current CPU and memory utilization. This page also allows you to set thresholds for the CPU and memory usage, where an SNMP trap can be sent as an alert. Figure 16: System Resource The following items are displayed on this page: ◆...

  • Page 45: Bridge Stp Configuration

    Chapter 3 | System Settings Bridge STP Configuration ◆ Memory Status — Displays detailed information on the current memory utilization. Bridge STP Configuration The Bridge menu enables configuration of the Spanning Tree Protocol (STP) and the address table aging time. Spanning Tree The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.

  • Page 46: Figure 17: Spanning Tree Protocol

    Chapter 3 | System Settings Bridge STP Configuration Figure 17: Spanning Tree Protocol Bridge Sets STP bridge link parameters. The following items are displayed on the STP page: ◆ Spanning Tree Protcol — Enables/disables STP on the AP. (Default: Disabled) ◆...
  • Page 47 Chapter 3 | System Settings Bridge STP Configuration to the network. (Default: 20 seconds; Range: 6-40 seconds) Minimum: The higher of 6 or [2 x (Hello Time + 1)]. Maximum: The lower of 40 or [2 x (Forward Delay - 1)] ◆...

  • Page 48: Bridge Configuration

    Chapter 3 | System Settings Bridge STP Configuration ◆ Link Port Priority — Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the spanning tree.

  • Page 49: Management Settings

    Management Settings This chapter describes management access settings on the access point. It includes the following sections: ◆ “Remote Management Settings” on page 49 ◆ “Access Limitation” on page 51 ◆ “Simple Network Management Protocol” on page 52 Remote Management Settings The Web, Telnet, and SNMP management interfaces are enabled and open to all IP addresses by default.

  • Page 50: Figure 19: Remote Management

    Chapter 4 | Management Settings Remote Management Settings ◆ The client and server generate session keys for encrypting and decrypting data. ◆ The client and server establish a secure encrypted connection. ◆ A padlock icon should appear in the status bar for Internet Explorer. Figure 19: Remote Management The following items are displayed on Admin Interface page: ◆...

  • Page 51: Access Limitation

    Chapter 4 | Management Settings Access Limitation ◆ HTTP Port — Specifies the HTTP port for IP connectivity. (Default: 80; Range 1024-65535) ◆ HTTPS Server — Enables/disables management access from a HTTPS server. (Default: enabled) ◆ HTTPS Port — Specifies the HTTPS port for secure IP connectivity. (Default: 443;...

  • Page 52: Simple Network Management Protocol

    Chapter 4 | Management Settings Simple Network Management Protocol ◆ IP Address — Specifies the IP address. ◆ Subnet Mask — Specifies the subnet mask in the form 255.255.255.x Restrict Management ◆ Enable/Disable — Enables/disables management of the device by a wireless client.

  • Page 53: Figure 21: Snmp Basic Settings

    Chapter 4 | Management Settings Simple Network Management Protocol strings to be configured for authentication. Trap notifications can be enabled and sent to up to four management stations. Figure 21: SNMP Basic Settings The following items are displayed on this page: ◆...

  • Page 54: Snmp Trap Settings

    Chapter 4 | Management Settings Simple Network Management Protocol SNMP Trap Settings Traps indicating status changes are issued by the AP to specified trap managers. You must specify trap managers so that key events are reported by the AP to your management station (using network management platforms).

  • Page 55: View Access Control Model

    Chapter 4 | Management Settings Simple Network Management Protocol View Access Control To configure SNMPv3 management access to the AP, follow these steps: Model Specify read and write access views for the AP MIB tree. Configure SNMP user groups with the required security model (that is, SNMP v1, v2c, or v3) and security level (authentication and privacy).

  • Page 56: Snmpv3 Users

    Chapter 4 | Management Settings Simple Network Management Protocol “1111 1111 1011 1111. ” If applied to the subtree “1.3.6.1.2.1.2.2.1.1.23, ” the zero corresponds to the 10th subtree ID. When there are more subtree IDs than bits in the mask, the mask is padded with ones. ◆...

  • Page 57: Snmpv3 Targets

    Chapter 4 | Management Settings Simple Network Management Protocol The following items are displayed on this page: ◆ User Name — The SNMPv3 user name. (32 characters maximum) ◆ Group — The SNMPv3 group name. ◆ Auth Type — The authentication type used for the SNMP user; either MD5 or none.

  • Page 58: Snmpv3 Notification Filters

    Chapter 4 | Management Settings Simple Network Management Protocol Figure 25: SNMPv3 Targets The following items are displayed on this page: ◆ Target ID — A user-defined name that identifies a receiver of notifications. (Maximum length: 32 characters) ◆ IP Address — Specifies the IP address of the receiving management station. ◆...
  • Page 59 Chapter 4 | Management Settings Simple Network Management Protocol The following items are displayed on this page: ◆ Filter ID — A user-defined name that identifies the filter. (Maximum length: 32 characters) ◆ Subtree — Specifies MIB subtree to be filtered. The MIB subtree must be defined in the form “.1.3.6.1”...

  • Page 60: Advanced Settings

    Advanced Settings This chapter describes advanced settings on the access point. It includes the following sections: ◆ “Local Bridge Filter” on page 60 ◆ “Link Layer Discovery Protocol” on page 61 ◆ “Access Control Lists” on page 63 ◆ “Link Integrity” on page 66 Local Bridge Filter The access point can employ network traffic frame filtering to control access to network resources and increase security.

  • Page 61: Link Layer Discovery Protocol

    Chapter 5 | Advanced Settings Link Layer Discovery Protocol ◆ Prevent Intra VAP client communication — When enabled, clients associated with a specific VAP interface cannot establish wireless communications with each other. Clients can communicate with clients associated to other VAP interfaces.
  • Page 62 Chapter 5 | Advanced Settings Link Layer Discovery Protocol The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner. TTL in seconds is based on the following rule: (Transmission Interval * Hold time) ≤...

  • Page 63: Access Control Lists

    Chapter 5 | Advanced Settings Access Control Lists Access Control Lists Access Control Lists allow you to configure a list of wireless client MAC addresses that are not authorized to access the network. A database of MAC addresses can be configured locally on the access point.

  • Page 64: Destination Address Settings

    Chapter 5 | Advanced Settings Access Control Lists Destination Address The ACL Destination Address Settings page enables traffic filtering based on the Settings destination MAC address in the data frame. Figure 30: Destination ACLs The following items are displayed on this page: ◆...

  • Page 65: Ethernet Type

    Chapter 5 | Advanced Settings Access Control Lists Ethernet Type The Ethernet Type Filter controls checks on the Ethernet type of all incoming and outgoing Ethernet packets against the protocol filtering table. (Default: Disabled) Figure 31: Ethernet Type Filter The following items are displayed on this page: ◆...

  • Page 66: Link Integrity

    Chapter 5 | Advanced Settings Link Integrity Link Integrity The AP provides a link integrity feature that can be used to ensure that wireless clients are connected to resources on the wired network. The AP does this by periodically sending Ping messages to a host device in the wired Ethernet network. If the AP detects that the connection to the host has failed, it can disable the radio interfaces, forcing clients to find and associate with another AP.

  • Page 67: Wireless Settings

    Wireless Settings This chapter describes wireless settings on the access point. It includes the following sections: ◆ “Authentication” on page 68 ◆ “Radio Settings” on page 71 ◆ “Virtual Access Points (VAPs)” on page 75 ◆ “Rogue AP Detection” on page 84 ◆...

  • Page 68: Authentication

    Chapter 6 | Wireless Settings Authentication Authentication Wireless clients can be authenticated for network access by checking their MAC address against the local database configured on the access point, or by using a database configured on a central RADIUS server. Alternatively, authentication can be implemented using the IEEE 802.1X network access control protocol.

  • Page 69: Radius Mac Authentication

    Chapter 6 | Wireless Settings Authentication ◆ Local MAC — The MAC address of the associating station is compared against the local database stored on the access point. The Local MAC Authentication section enables the local database to be set up. ◆...
  • Page 70 Chapter 6 | Wireless Settings Authentication ◆ RADIUS MAC — The MAC address of the associating station is compared against the RADIUS server database. The RADIUS MAC Authentication section enables the RADIUS database to be set up. ◆ Session Timeout — The time period after which a connected client must be re-authenticated.

  • Page 71: Radio Settings

    Chapter 6 | Wireless Settings Radio Settings Radio Settings The IEEE 802.11n wireless interfaces include configuration options for radio signal characteristics and wireless security features. The AP can operate in several radio modes, mixed 802.11b/g/n (2.4 GHz), or mixed 802.11a/n (5 GHz). Note that the radios can operate at 2.4 GHz and 5 GHz at the same time.
  • Page 72 Chapter 6 | Wireless Settings Radio Settings The following items are displayed on this page: ◆ High Throughput Mode — The access point provides a channel bandwidth of 20 MHz by default giving an 802.11g connection speed of 54 Mbps and a 802.11n connection speed of up to 108 Mbps, and ensures backward compliance for slower 802.11b devices.
  • Page 73 Chapter 6 | Wireless Settings Radio Settings Note: Enabling the AP to communicate with 802.11b/g clients in both 802.11b/g/n Mixed and 802.11n modes also requires that HT Operation be set to HT20. ◆ Preamble Length — The radio preamble (sometimes called a header) is a section of data at the head of a packet that contains information that the wireless device and client devices need when sending and receiving packets.
  • Page 74 Chapter 6 | Wireless Settings Radio Settings propagation delays, echoes, and reflections to which digital data is normally very sensitive. Enabling the Short Guard Interval sets it to 400ns. (Default: Disabled) ◆ Aggregate MAC Protocol Data Unit (A-MPDU) — Enables / disables the sending of this four frame packet header for statistical purposes.

  • Page 75: Virtual Access Points (Vaps)

    Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Virtual Access Points (VAPs) The AP supports up to 16 virtual access point (VAP) interfaces per radio, numbered 0 to 15. Each VAP functions as a separate access point, and can be configured with its own Service Set Identification (SSID) and security settings.

  • Page 76: Vap Basic Settings

    Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ Enable — Enables the specified VAP. (Default: Disabled) ◆ Status — Displays the mode of the VAP. The default is set to "AP, " for normal access point services. ◆ Edit Setting —...
  • Page 77 Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ Mode — Selects the mode in which the VAP will function. AP Mode: The VAP provides services to clients as a normal access point. ■ WDS-AP Mode: The VAP operates as an access point in WDS mode, which ■...

  • Page 78: Wds-Sta Mode

    Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ Multicast Enhancement — When a wireless client joins a multicast group, this feature converts multicast packets to unicast packets to improve multicast video quality. WDS-STA Mode Describes additional basic VAP settings when functioning in WDS-STA mode. Figure 38: WDS-STA Mode The following items are displayed in the VAP Basic Settings when WDS-AP mode is selected:...
  • Page 79 Chapter 6 | Wireless Settings Virtual Access Points (VAPs) The following items are available for VAP security: ◆ Association Mode — Defines the mode with which the VAP will associate with clients. Open System: The VAP is configured by default as an “open system, ” which ■...

  • Page 80: Wired Equivalent Privacy (Wep)

    Chapter 6 | Wireless Settings Virtual Access Points (VAPs) ◆ 802.1X — The access point supports 802.1X authentication only for clients initiating the 802.1X authentication process (i.e., the access point does not initiate 802.1X authentication). For clients initiating 802.1X, only those successfully authenticated are allowed to access the network.

  • Page 81: Figure 40: Wep Configuration

    Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Figure 40: WEP Configuration The following items are on this page for WEP configuration: ◆ Default WEP Key Index – Selects the key number to use for encryption for the VAP interface. If the clients have all four WEP keys configured to the same values, you can change the encryption key to any of the settings without having to update the client keys.

  • Page 82: Vap Qos Settings

    Chapter 6 | Wireless Settings Virtual Access Points (VAPs) VAP QoS Settings Click the QoS Setting link from the VAP Settings page to access the QoS priority mapping configuration for traffic on the VAP interface. Figure 41: QoS Settings The following items are displayed in the VAP QoS Settings page: ◆...

  • Page 83: Figure 42: Qos Template Setting

    Chapter 6 | Wireless Settings Virtual Access Points (VAPs) Both “802.1d to 802.1p” mapping and “802.1d to DSCP” mapping can be enabled simultaneously when the default VLAN ID for the VAP is any other value than 1. When only “802.1d to DSCP” mapping is enabled, the default VLAN ID for the VAP must be set to 1.

  • Page 84: Vap Bandwidth Settings

    Chapter 6 | Wireless Settings Rogue AP Detection VAP Bandwidth Click the Bandwidth Setting link from the VAP Settings page to configure rate Settings limiting for traffic on the VAP interface. Figure 43: Bandwidth Settings The following items are displayed on this page: ◆...

  • Page 85: Figure 44: Rogue Ap Detection

    Chapter 6 | Wireless Settings Rogue AP Detection Figure 44: Rogue AP Detection The following items are displayed on this page: ◆ AP Scan Setting — Enables the periodic scanning for other nearby access points. (Default: Disable) ◆ Scan Interval — Sets the time between each rogue AP scan. (Range: 15 -65535 seconds;...

  • Page 86: Wi-Fi Multimedia (Wmm)

    Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) ◆ Rogue AP Scan Result — Displays information of unknown APs detected within the range of the AP running the scan. ◆ Friendly Active AP Scan Result — Displays information of known APs detected within the range of the AP running the scan.

  • Page 87: Table 2: Wmm Access Categories

    Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) Table 2: WMM Access Categories Access Description 802.1D Category Designation Tags AC_VO (AC3) Voice Highest priority, minimum delay. Time-sensitive 7, 6 data such as VoIP (Voice over IP) calls. AC_VI (AC2) Video High priority, minimum delay.

  • Page 88: Figure 45: Wmm Backoff Wait Times

    Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) Figure 45: WMM Backoff Wait Times Time CWMin CWMax High Priority AIFS Random Backoff Minimum Wait Time Random Wait Time CWMin CWMax Low Priority AIFS Random Backoff Minimum Wait Time Random Wait Time For high-priority traffic, the AIFSN and CW values are smaller.
  • Page 89 Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) The following items are displayed on this page: ◆ WMM — Sets the WMM operational mode on the access point. When enabled, the parameters for each AC queue will be employed on the access point and QoS capabilities are advertised to WMM-enabled clients.
  • Page 90 Chapter 6 | Wireless Settings Wi-Fi Multimedia (WMM) ■ Admission Control: The admission control mode for the access category. When enabled, clients are blocked from using the access category. (Default: Disabled) ◆ Set WMM — Applies the new parameters and saves them to RAM memory. Also prompts a screen to inform you when it has taken affect.

  • Page 91: Maintenance Settings

    Maintenance Settings Maintenance settings includes the following sections: ◆ “Upgrading Firmware” on page 91 ◆ “Running Configuration” on page 93 ◆ “Resetting the Access Point” on page 94 ◆ “Scheduled Reboot” on page 95 Upgrading Firmware You can upgrade new access point software from a local file on the management workstation, or from an FTP or TFTP server.

  • Page 92: Figure 47: Firmware

    Chapter 7 | Maintenance Settings Upgrading Firmware Figure 47: Firmware The following items are displayed on this page: ◆ Firmware Version — Displays the software image version that is being used as the runtime image. The “Active” image is the current running software, and the “Backup”...

  • Page 93: Running Configuration

    Chapter 7 | Maintenance Settings Running Configuration ■ New Firmware File: Specifies the name of the code file on the server. The new firmware file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the access point.

  • Page 94: Resetting The Access Point

    Chapter 7 | Maintenance Settings Resetting the Access Point The following items are displayed on this page: ◆ File Backup/Restore — Downloads an operation code image file from a specified remote FTP or TFTP server. After filling in the following fields, click Start Export/Import to proceed.

  • Page 95: Scheduled Reboot

    Chapter 7 | Maintenance Settings Scheduled Reboot Figure 49: Resetting the Access Point The following items are displayed on this page: ◆ Save Runtime config before Reboot — Checking this option saves the current running configuration to the startup file. ◆...

  • Page 96: Figure 51: Reboot Schedule - Countdown Time

    Chapter 7 | Maintenance Settings Scheduled Reboot ◆ Status — Selects a fixed time interval or a countdown time, or disables the feature. ◆ Interval — Specifies the interval in days. (Range: 1~7 days) ◆ Schedule Time — Specifies a time in hours and minutes. (Range: 0~23 hours, 0~59 minutes) Figure 51: Reboot Schedule —...

  • Page 97: Status Information

    Status Information The Information menu displays information on the current system configuration, the wireless interface, the station status and system logs. Status Information includes the following sections: ◆ “AP Status” on page 98 ◆ “Station Status” on page 101 ◆ “Station Statistics”...

  • Page 98: Ap Status

    Chapter 8 | Status Information AP Status AP Status The AP Status window displays basic system configuration settings, as well as the settings for the wireless interfaces. AP System The AP System Configuration table displays the basic system configuration settings Configuration Figure 52: AP System Configuration The following items are displayed on this page:...
  • Page 99 Chapter 8 | Status Information AP Status ◆ System Name — Name assigned to this system. ◆ System Contact — Administrator responsible for the system. ◆ IP Address — IP address of the management interface for this device. ◆ IP Default Gateway — IP address of the gateway router between this device and management stations that exist on other network segments.

  • Page 100: Ap Wireless Configuration

    Chapter 8 | Status Information AP Status AP Wireless The AP Wireless Configuration displays the VAP interface settings for the 2.4 GHz Configuration and 5 GHz radios. Figure 53: AP Wireless Configuration The following items are displayed on this page for the 2.4 GHz and 5 GHz radio interfaces: ◆...

  • Page 101: Station Status

    Chapter 8 | Status Information Station Status Station Status The Station Status window shows the wireless clients currently associated with the 2.4 GHz and 5 GHz radio interfaces. Figure 54: Station Status The following items are displayed on this page: ◆...

  • Page 102: Station Statistics

    Chapter 8 | Status Information Station Statistics Station Statistics The Station Statistics window shows the statistic information for wireless clients currently associated with the 2.4 GHz and 5 GHz radio interfaces. Figure 55: Station Statistics The following items are displayed on this page: ◆...

  • Page 103: Event Logs

    Chapter 8 | Status Information Event Logs Event Logs The Event Logs window shows the log messages generated by the access point and stored in memory. Figure 56: Event Logs The following items are displayed on this page: ◆ Display Event Log — Selects the log entries to display. Up to 20 log messages can be displayed at one time.

  • Page 104: Wds Status

    Chapter 8 | Status Information WDS Status WDS Status The WDS Status window shows the WDS information for the 2.4 GHz and 5 GHz radio interfaces. Figure 57: WDS Status The following items are displayed on this page: ◆ Auto Refresh Setting — Enables the automatic refresh of WDS status information.
  • Page 105 Chapter 8 | Status Information WDS Status ■ RxRate (Mbps) — The data receive rate from the AP client. IP — The IP address assigned to the AP client. ■ Privacy — The data encryption method used by the AP client. ■...
  • Page 106 Chapter 8 | Status Information WDS Status – 106 –...

  • Page 107: Command Line Interface

    Section III Command Line Interface This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: ◆ “Using the Command Line Interface” on page 109 ◆ “General Commands” on page 115 ◆...
  • Page 108 Section III | Command Line Interface ◆ “Wireless Security Commands” on page 232 ◆ “Rogue AP Detection Commands” on page 241 ◆ “Link Integrity Commands” on page 247 ◆ “Link Layer Discovery Commands” on page 250 ◆ “VLAN Commands” on page 254 ◆...

  • Page 109: Using The Command Line Interface

    Using the Command Line Interface When accessing the management interface for the over a direct connection to the console port, or via a Telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. Using the access point’s command-line interface (CLI) is very similar to entering commands on a UNIX system.

  • Page 110: Telnet Connection

    Chapter 9 | Using the Command Line Interface Telnet Connection Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. If the access point does not acquire an IP address from a DHCP server, the default IP address used by the access point is 192.168.2.10.

  • Page 111: Entering Commands

    Chapter 9 | Using the Command Line Interface Entering Commands Entering Commands This section describes how to enter CLI commands. Keywords and A CLI command is a series of keywords and arguments. Keywords identify a Arguments command, and arguments specify configuration parameters. For example, in the command “show interfaces ethernet, ”...

  • Page 112: Negating The Effect Of Commands

    Chapter 9 | Using the Command Line Interface Entering Commands interface Show interface information. line TTY line information. lldp Show lldp parameters. logging Show the logging buffers. long-distance Show the outdoor parameter information. radius Show radius server. rogue-ap Show Rogue AP information. snmp Show snmp configuration.

  • Page 113: Table 3: Command Modes

    Chapter 9 | Using the Command Line Interface Entering Commands current mode. The command classes and associated modes are displayed in the following table: Table 3: Command Modes Class Mode Exec Privileged Configuration Global Interface-ethernet Interface-wireless Interface-wireless-vap Exec Commands When you open a new console session on an access point, the system enters Exec command mode.

  • Page 114: Command Line Processing

    Chapter 9 | Using the Command Line Interface Entering Commands AP#configure AP(config)# To enter Interface mode, you must enter the “interface ethernet” while in Global Configuration mode. The system prompt will change to “AP(if-ethernet)#, ” or “AP(if-wireless 0)” indicating that you have access privileges to the associated commands.

  • Page 115: General Commands

    General Commands This chapter details general commands that apply to the CLI. Table 4: General Commands Command Function Mode Page configure Activates global configuration mode Exec Returns to previous configuration mode GC, IC exit Returns to the previous configuration mode, or exits the cli-session-timeout Sets a timeout for CLI and Telnet sessions Exec...
  • Page 116 Chapter 10 | General Commands This command returns to the previous configuration mode. Default Setting None Command Mode Global Configuration, Interface Configuration Example This example shows how to return to the Configuration mode from the Interface Configuration mode: AP(if-ethernet)#end AP(config)# exit This command returns to the Exec mode or exits the configuration program.
  • Page 117 Chapter 10 | General Commands Command Mode Exec Example The following example disables the CLI timeout. AP(config)# cli-session-timeout disable AP(config)# ping This command sends ICMP echo request packets to another node on the network. Syntax ping <host_name | ip_address> host_name - Alias of the host. ip_address - IP address of the host.

  • Page 118: Table 4: General Commands

    Chapter 10 | General Commands reset This command restarts the system or restores the factory default settings. Syntax reset <board | configuration | configuration-keep-ip> board - Reboots the system. configuration - Resets the configuration settings to the factory defaults, and then reboots the system. configuration-keep-ip - Resets the configuration settings to the factory defaults except for the IP address, and then reboots the system.

  • Page 119: System Management Commands

    System Management Commands These commands are used to configure the password, system logs, browser management options, clock settings, and a variety of other system information. Table 5: System Management Commands Command Function Mode Page country Sets the access point country code Exec prompt Customizes the command line prompt...

  • Page 120: Table 6: Country Codes

    Chapter 11 | System Management Commands Table 5: System Management Commands (Continued) Command Function Mode Page show version Displays version information for the system Exec show config Displays detailed configuration information for the Exec system country This command configures the access point’s country code, which identifies the country of operation and sets the authorized radio channels.
  • Page 121 Chapter 11 | System Management Commands Table 6: Country Codes (Continued) Country Code Country Code Country Code Country Code China Israel Panama Uruguay Colombia Italy Peru Uzbekistan Costa Rica Japan Philippines Yemen Croatia Jordan Poland Venezuela Cyprus Kazakhstan Portugal Vietnam Czech North Korea Puerto Rico...
  • Page 122 Chapter 11 | System Management Commands Default Setting Enterprise AP Command Mode Global Configuration Example AP(config)#prompt RD2 RD2(config)# system name This command specifies or modifies the system name for this device. Syntax system name <name> name - The name of this host. (Maximum length: 32 characters) Default Setting Enterprise AP...
  • Page 123 Chapter 11 | System Management Commands memory-falling - The memory utilization falling threshold in Kbytes. (Range: 0 to less than the memory rising threshold) interval - The utilization check interval in seconds. (Range: 1 to 86400 seconds, 0 is disabled) Default Setting CPU Rising Threshold: 0 (disabled) CPU Falling Threshold: 20 percent...
  • Page 124 Chapter 11 | System Management Commands Default Setting None. There are no admin or guest passwords. Command Mode Global Configuration Example AP(config)#password admin null tpschris AP(config)# reboot-schedule This command restarts the system after a scheduled time. Syntax reboot-schedule {fixed-time <day><hour><minutes> | countdown <minutes>...
  • Page 125 Chapter 11 | System Management Commands Default Setting Enabled Command Mode Global Configuration Command Usage ◆ The access point supports Secure Shell version 2.0 only. ◆ After boot up, the SSH server needs about two minutes to generate host encryption keys. The SSH server is disabled while the keys are being generated. The show system command displays the status of the SSH server.
  • Page 126 Chapter 11 | System Management Commands Default Setting Interface enabled Command Mode Global Configuration Example AP(config)# apmgmtui telnet-server enable AP(config)# apmgmtui http port This command specifies the TCP port number used by the web browser interface. Use the no form to use the default port. Syntax apmgmtui http port <port-number>...
  • Page 127 Chapter 11 | System Management Commands Command Mode Global Configuration Example AP(config)# apmgmtui http server AP(config)# Related Commands apmgmtui http port apmgmtui http This command sets the web browser timeout limit. session-timeout Syntax apmgmtui http session-timeout <seconds> seconds - The web session timeout. (Range: 0-1800 seconds, 0 means disabled) Default Setting 1800 seconds...
  • Page 128 Chapter 11 | System Management Commands Command Mode Global Configuration Command Usage ◆ You cannot configure the HTTP and HTTPS servers to use the same port. ◆ To avoid using common reserved TCP port numbers below 1024, the configurable range is restricted to 443 and between 1024 and 65535. ◆...
  • Page 129 Chapter 11 | System Management Commands ■ The client and server establish a secure encrypted connection. A padlock icon should appear in the status bar for Internet Explorer. Example AP(config)# apmgmtui https server AP(config)# apmgmtui snmp This command enables and disables SNMP management access to the AP. Syntax apmgmtui snmp [enable | disable] enable - Enables SNMP management access.
  • Page 130 Chapter 11 | System Management Commands subnet-mask - Specifies a range of IP addresses allowed management access. Default Setting All addresses Command Mode Global Configuration Command Usage ◆ If anyone tries to access a management interface on the access point from an invalid address, the unit will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.

  • Page 131: Show System Resource

    Chapter 11 | System Management Commands Example AP#show system System Information ============================================================== Serial Number : AC25123456 System Up time : 1 min System Name : SMC2891W-AN System Location : where? System Contact : who? System Country Code : TW - Taiwan MAC Address : 70:72:CF:00:11:70 Radio 0 MAC Address...
  • Page 132 Chapter 11 | System Management Commands iowait (%) 0.00 idle (%) 92.08 =============== Memory ====================================== free (kb) 95820 used (kb) 17256 used (%) 15.26 cached (kb) 4900 ============================================================= show version This command displays the software version for the system. Command Mode Exec Example AP#show version...
  • Page 133 Chapter 11 | System Management Commands HTTP Access : Enable HTTP Port : 80 HTTP Timeout : 1800 HTTPs Access : Enable HTTPs Port : 443 SSH Access : Enable SSH Port : 22 Telnet Access : Enable Telnet Port : 23 Slot Status : Dual band(a/g)
  • Page 134 Chapter 11 | System Management Commands There is no group. ================================== User List: ================================== There is no SNMPv3 User. ================================== Target List: ================================== There is no SNMP target. ================================== Filter List: ================================== There is no notification filter. ================================== Bridge STP Information ================================== Bridge MAC : 70:72:CF:00:11:70...
  • Page 135 Chapter 11 | System Management Commands Destination Filter :DISABLED Destination MAC ========================================== Console Line Information =========================================================== databits parity : none speed : 115200 stop bits =========================================================== Ethernet Interface Information ======================================== IP Address : 192.168.2.10 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.2.254 Primary DNS Secondary DNS...
  • Page 136 Chapter 11 | System Management Commands WPA PSK Key Type : ascii WPA PSK Key : ******** Default Transmit Key Static WEP Keys Key 1 : ***** Key 2 : ***** Key 3 : ***** Key 4 : ***** Pre-Authentication : DISABLE ----------------------------------802.1x----------------------------------- 802.1x...
  • Page 137 Chapter 11 | System Management Commands Maximum Association Client Per Radio : 127 Clients -----------------------------802.11 Parameters----------------------------- Transmit Power : 100%(Tx dBm) Fragmentation Threshold : 2346 RTS Threshold : 2346 Beacon Interval : 100 Authentication Timeout Interval : 3 Mins Association Timeout Interval : 5 Mins DTIM Interval Short Guard Interval Status...
  • Page 138 Chapter 11 | System Management Commands AC0(BE) CwMin: CwMax: AIFSN: TXOP Limit: ACM:Disabled AC1(BK) CwMin: CwMax: AIFSN: TXOP Limit: ACM:Disabled AC2(VI) CwMin: CwMax: AIFSN: TXOP Limit:3008 ACM:Disabled AC3(VO) CwMin: CwMax: AIFSN: TXOP Limit:1504 ACM:Disabled LLDP Information =================================================================== Status :Disabled Message Transmission Hold Time Message Transmission Interval (seconds) :30 Reinitial Delay Time (seconds) Transmission Delay Value (seconds)

  • Page 139: System Logging Commands

    System Logging Commands These commands are used to configure system logging on the access point. Table 7: System Management Commands Command Function Mode Page logging on Controls logging of error messages logging host Adds a syslog server host IP address that will receive logging messages logging console Initiates logging of error messages to the console...
  • Page 140 Chapter 12 | System Logging Commands logging host This command specifies syslog servers host that will receive logging messages. Use the no form to remove syslog server host. Syntax logging host <1 | 2 | 3 | 4> <host_name | host_ip_address> [udp_port] no logging host <1 | 2 | 3 | 4>...

  • Page 141: Table 8: Logging Levels

    Chapter 12 | System Logging Commands logging level This command sets the minimum severity level for event logging. Syntax logging level <Emergency | Alert | Critical | Error | Warning | Notice | Informational | Debug> Default Setting Informational Command Mode Global Configuration Command Usage Messages sent include the selected level down to Emergency level.

  • Page 142: Show Logging

    Chapter 12 | System Logging Commands Example AP(config)#logging clear AP(config)# show logging This command displays the logging configuration. Syntax show logging Command Mode Exec Example AP#show logging Logging Information ===================================================== Syslog State : ENABLE Logging Console State : DISABLE Logging Level : Debug Servers 1: 10.7.16.98, UDP Port: 514, State: DISABLE...
  • Page 143 Chapter 12 | System Logging Commands – 143 –...

  • Page 144: System Clock Commands

    System Clock Commands These commands are used to configure SNTP and system clock settings on the access point. Table 9: System Clock Commands Command Function Mode Page sntp-server ip Specifies one or more time servers sntp-server enabled Accepts time from the specified time servers sntp-server date-time Manually sets the system date and time sntp-server daylight-saving...
  • Page 145 Chapter 13 | System Clock Commands Example AP(config)#sntp-server ip 1 10.1.0.19 Related Commands sntp-server enabled show sntp sntp-server enabled This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests.
  • Page 146 Chapter 13 | System Clock Commands hour - Sets the hour. (Range: 0-23) minute - Sets the minute. (Range: 0-59) Default Setting 00:14:00, January 1, 1970 Command Mode Global Configuration Example This example sets the system clock to 12:10 April 27, 2009. AP(config)# sntp-server date-time 2009 4 27 12 10 AP(config)# Related Commands...
  • Page 147 Chapter 13 | System Clock Commands ◆ Using the command without setting the start and end date enables the daylight-saving feature. Example This sets daylight savings time to be used from the Sunday in the fourth week of April, to the Sunday in the fourth week of October. AP(config)# sntp-server daylight-saving date-week 4 4 0 10 4 0 AP(config)# sntp-server timezone...
  • Page 148 Chapter 13 | System Clock Commands SNTP Information =========================================================== Service State : ENABLED SNTP (server 1) IP : 129.6.15.28 SNTP (server 2) IP : 132.163.4.101 Current Time : Mon Apr 27 13:39:23 UTC 2009 Time Zone : (GMT+08) Hong Kong, Perth, Singapore, Taipei Daylight Saving : DISABLED Daylight Saving Time : From MAR, Fourth Week, Wednesday To NOV, Last Week,...

  • Page 149: Dhcp Relay Commands

    DHCP Relay Commands Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients that broadcast a request. To receive the broadcast request, the DHCP server would normally have to be on the same subnet as the client. However, when the access point’s DHCP relay agent is enabled, received client requests can be forwarded directly by the access point to a known DHCP server on another subnet.
  • Page 150 Chapter 14 | DHCP Relay Commands Related Commands show interface wireless – 150 –...

  • Page 151: Snmp Commands

    SNMP Commands Controls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages. Table 11: SNMP Commands Command Function Mode Page snmp-server community Sets up the community access string to permit access to SNMP commands snmp-server contact Sets the system contact string...
  • Page 152 Chapter 15 | SNMP Commands snmp-server This command defines the community access string for the Simple Network community Management Protocol. Use the no form to remove the specified community string. Syntax snmp-server community string [ro | rw] no snmp-server community string string - Community string that acts like a password and permits access to the SNMP protocol.
  • Page 153 Chapter 15 | SNMP Commands Command Mode Global Configuration Example AP(config)#snmp-server contact Paul AP(config)# Related Commands snmp-server location snmp-server location This command sets the system location string. Use the no form to remove the location string. Syntax snmp-server location <text> no snmp-server location text - String that describes the system location.
  • Page 154 Chapter 15 | SNMP Commands Command Mode Global Configuration Command Usage ◆ This command enables both authentication failure notifications and link-up- down notifications. ◆ The snmp-server host command specifies the host device that will receive SNMP notifications. Example AP(config)#snmp-server enable server AP(config)# Related Commands snmp-server host...
  • Page 155 Chapter 15 | SNMP Commands Example AP(config)#snmp-server host 1 10.1.19.23 batman AP(config)# Related Commands snmp-server enable server snmp-server trap This command enables the access point to send specific SNMP traps (i.e., notifications). Use the no form to disable specific trap messages. Syntax snmp-server trap <trap>...
  • Page 156 Chapter 15 | SNMP Commands include - Defines a filter type that includes objects in the MIB subtree. exclude - Defines a filter type that excludes objects in the MIB subtree. subtree - The part of the MIB subtree that is to be filtered. mask - An optional hexadecimal value bit mask to define objects in the MIB subtree.
  • Page 157 Chapter 15 | SNMP Commands level - The SNMPv3 security level of the group. One of the following: NoAuthNoPriv - A group using no authentication and no data encryption. Users in this group use no security, either authentication or encryption, in SNMP messages they send to the agent. AuthNoPriv - A group using authentication, but no data encryption.
  • Page 158 Chapter 15 | SNMP Commands username - Name of the user connecting to the SNMP agent. (Range: 1-32 characters) groupname - Name of an SNMP group to which the user is assigned. (Range: 1-32 characters) none | md5 - Uses no authentication or MD5 authentication. auth-passphrase - Authentication password.
  • Page 159 Chapter 15 | SNMP Commands port-number - The UDP port that is used on the receiving management station for notifications. notification-filter-id - The name if a defined notification filter. Default Setting None Command Mode Global Configuration Command Usage ◆ The access point supports multiple SNMP v3 target IDs. ◆...

  • Page 160: Show Snmp Target

    Chapter 15 | SNMP Commands ◆ Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects. Note that the filter entries are applied in the sequence that they are defined. ◆...
  • Page 161 Chapter 15 | SNMP Commands Example AP# show snmp target Target List: ================================== Target ID : christraps IP Address : 192.168.1.33 User Name : chris UDP Port : 4321 Filter ID : Not Defined ================================== show snmp filter This command displays the SNMP v3 notification filter settings. Syntax show snmp filter [filter-id] filter-id - A user-defined name that identifies an SNMP v3 notification filter.

  • Page 162: Show Snmp Vacm View

    Chapter 15 | SNMP Commands Example AP# show snmp SNMP Information ============================================== Service State : Enable Community (ro) : ******* Community (rw) : ******** Location : where? Contact : who? ============================================== Trap Destination List: ============================================== Trap Destination: 192.168.1.22, Community : ***** ============================================== Trap Configuration: ==========================================================================...
  • Page 163 Chapter 15 | SNMP Commands show snmp vacm This command displays the configured SNMP v3 groups. group Syntax show snmp vacm group [group-name] group-name - The name of a user-defined SNMPv3 group. Command Mode Exec Example AP# sh snmp vacm group Group List: ================================== Group Name...

  • Page 164: Flash/File Commands

    Flash/File Commands These commands are used to manage the system code or configuration files. Table 12: Flash/File Commands Command Function Mode Page dual-image Specifies the file or image used to start up the system GC copy Copies a code image or configuration between flash Exec memory and a FTP/TFTP server show dual-image...
  • Page 165 Chapter 16 | Flash/File Commands Example AP# dual-image boot-image A Change image to A copy This command copies a boot file, code image, or configuration file between the access point’s flash memory and a FTP/TFTP server. When you save the configuration settings to a file on a FTP/TFTP server, that file can later be downloaded to the access point to restore system operation.
  • Page 166 Chapter 16 | Flash/File Commands ◆ The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the access point.

  • Page 167: Radius Client Commands

    RADIUS Client Commands Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access for RADIUS-aware devices to the network. An authentication server contains a database of credentials, such as users names and passwords, for each wireless client that requires access to the access point.

  • Page 168: Radius-Server Address

    Chapter 17 | RADIUS Client Commands Command Mode Global Configuration Example AP(config)# radius-server primary enable This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server address This command specifies the primary and secondary RADIUS server address. Syntax radius-server {primary | secondary} address <address>...

  • Page 169: Radius-Server Key

    Chapter 17 | RADIUS Client Commands Example AP(config)# radius-server primary port 1810 This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server key This command sets the RADIUS encryption key. Syntax radius-server {primary | secondary] key <key_string>...
  • Page 170 Chapter 17 | RADIUS Client Commands Command Usage When the RADIUS Accounting server UDP address is specified, a RADIUS accounting session is automatically started for each user that is successfully authenticated to the access point. Example AP(config)# radius-server accounting address 192.168.1.19 This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)#...
  • Page 171 Chapter 17 | RADIUS Client Commands Default Setting DEFAULT Command Mode Global Configuration Example AP(config)# radius-server accounting key green This setting has not been effective ! If want to take effect, please execute make-radius-effective command ! AP(config)# radius-server This command sets the interval between transmitting accounting updates to the accounting RADIUS server.

  • Page 172: Global Configuration

    Chapter 17 | RADIUS Client Commands Command Mode Global Configuration Example AP(config)# make-radius-effective It will take several minutes ! Please wait a while... AP(config)# show radius This command displays the current settings for the RADIUS server. Default Setting None Command Mode Exec Example AP#show radius...

  • Page 173: 802.1X Authentication Commands

    802.1X Authentication Commands The access point supports IEEE 802.1X access control for wireless clients. This control feature prevents unauthorized access to the network by requiring an 802.1X client application to submit user credentials for authentication. Client authentication is then verified by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to the network.
  • Page 174 Chapter 18 | 802.1X Authentication Commands Example AP(if-wireless 0: VAP[0])# 802.1x enable This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# Related Commands show interface wireless 802.1x This command sets the time period after which a connected client must be re- reauthentication-time authenticated.

  • Page 175: Mac Address Authentication Commands

    MAC Address Authentication Commands Use these commands to define MAC authentication on the access point. For local MAC authentication, first define the default filtering policy, then enter the MAC addresses to be filtered, indicating if they are allowed or denied. For RADIUS MAC authentication, the MAC addresses and filtering policy must be configured on the RADIUS server.
  • Page 176 Chapter 19 | MAC Address Authentication Commands Example AP(config)#mac-authentication server remote AP(config)# Related Commands mac-authentication server local address entry radius-server address mac-authentication This command sets local filtering to allow or deny listed MAC addresses. server local address default Syntax mac-authentication server local address default <allowed | denied> allowed - Only MAC addresses entered as “denied”...
  • Page 177 Chapter 19 | MAC Address Authentication Commands Default None Command Mode Global Configuration Command Mode ◆ The access point supports up to 1024 MAC addresses. ◆ An entry in the address table may be allowed or denied access depending on the global setting configured for the mac-authentication server local address default...
  • Page 178 Chapter 19 | MAC Address Authentication Commands mac-authentication This command sets the interval at which associated clients will be re-authenticated session-timeout with the RADIUS server authentication database. Use the no form to disable reauthentication. Syntax mac-authentication session-timeout <seconds> no mac-authentication session-timeout seconds - Re-authentication interval.

  • Page 179: Filtering Commands

    Filtering Commands The commands described in this section are used to filter communications between wireless clients, control access to the management interface from wireless clients, and filter traffic using specific Ethernet protocol types. Table 16: Filtering Commands Command Function Mode Page filter local-bridge Disables communication between wireless clients...
  • Page 180 Chapter 20 | Filtering Commands Command Mode Global Configuration Command Usage This command can disable wireless-to-wireless communications between clients via the access point. However, it does not affect communications between wireless clients and the wired network. Example AP(config)#filter local-bridge all-vap AP(config)# filter restrict- This command prevents wireless clients from accessing the management interface...
  • Page 181 Chapter 20 | Filtering Commands Example AP(config)#filter dhcp enable AP(config)# filter acl-source- This command configures ACL filtering based on source MAC addresses in data address frames. Syntax filter acl-source-address {enable | disable | add <mac-address> | delete <mac-address>} enable - Key word that enables ACL filtering on the access point. disable - Key word that disables ACL filtering on the access point.
  • Page 182 Chapter 20 | Filtering Commands delete - Key word that removes a MAC address from the filter table mac-address - Specifies a MAC address in the form xx-xx-xx-xx-xx-xx. Default Disabled Command Mode Global Configuration Example AP(config)#filter acl-destination-address add 00-12-34-56-78-9a AP(config)#filter acl-destination-address enable AP(config)# filter ethernet-type This command checks the Ethernet type on all incoming and outgoing Ethernet...
  • Page 183 Chapter 20 | Filtering Commands protocol - An Ethernet protocol type. (Options: ARP, RARP, Berkeley-Trailer- Negotiation, LAN-Test, X25-Level-3, Banyan, CDP, DEC XNS, DEC-MOP- Dump-Load, DEC-MOP, DEC-LAT, Ethertalk, Appletalk-ARP, Novell-IPX(old), Novell-IPX(new), EAPOL, Telxon-TXP, Aironet-DDP, Enet-Config-Test, IP, IPv6, NetBEUI, PPPoE_Discovery, PPPoE_PPP_Session) Default None Command Mode Global Configuration...
  • Page 184 Chapter 20 | Filtering Commands – 184 –...

  • Page 185: Spanning Tree Commands

    Spanning Tree Commands The commands described in this section are used to set the MAC address table aging time and spanning tree parameters for both the Ethernet and wireless interfaces. Table 17: Spanning Tree Commands Command Function Mode Page bridge stp service Enables the Spanning Tree feature bridge stp br-conf Configures the spanning tree bridge forward time GC...
  • Page 186 Chapter 21 | Spanning Tree Commands bridge stp service This command enables the Spanning Tree Protocol. Use the no form to disable the Spanning Tree Protocol. Syntax [no] bridge stp service Default Setting Enabled Command Mode Global Configuration Example This example globally enables the Spanning Tree Protocol. AP(config)bridge stp service AP(config) bridge stp br-conf...

  • Page 187: Table 17: Spanning Tree Commands

    Chapter 21 | Spanning Tree Commands bridge stp br-conf Use this command to configure the spanning tree bridge hello time globally for the hello-time wireless bridge. Syntax bridge stp br-conf hello-time <time> time - Time in seconds. (Range: 1-10 seconds). The maximum value is the lower of 10 or [(max-age / 2) -1].
  • Page 188 Chapter 21 | Spanning Tree Commands root port, a new root port is selected from among the device ports attached to the network. Example AP(config)#bridge stp max-age 40 AP(config)# bridge stp br-conf Use this command to configure the spanning tree priority globally for the wireless priority bridge.
  • Page 189 Chapter 21 | Spanning Tree Commands Command Usage Use this command to enter STP interface configuration mode. In this mode STP settings for specific VAP interfaces can be configured. Example AP(config)# bridge stp port-conf interface wireless 0 Enter Wireless configuration commands, one per line. AP(stp-if-wireless 0)# bridge-link path-cost Use this command to configure the spanning tree path cost for the Ethernet port.
  • Page 190 Chapter 21 | Spanning Tree Commands Command Mode Interface Configuration (Ethernet) Command Usage ◆ This command defines the priority for the use of a port in the Spanning Tree Protocol. If the path cost for all ports on a wireless bridge are the same, the port with the highest priority (that is, lowest value) will be configured as an active link in the spanning tree.
  • Page 191 Chapter 21 | Spanning Tree Commands Command Usage ◆ This command is used by the Spanning Tree Protocol to determine the best path between devices. Therefore, lower values should be assigned to interfaces with faster media, and higher values assigned to interfaces with slower media. ◆...
  • Page 192 Chapter 21 | Spanning Tree Commands Command Mode Global Configuration Command Usage The AP stores the MAC addresses for all known devices. All the addresses learned by monitoring traffic are stored in a dynamic address table. This information is used to pass traffic directly between inbound and outbound interfaces.
  • Page 193 Chapter 21 | Spanning Tree Commands Example AP# show bridge br-conf all BR0 configuration ======================================== BRIDGE MAC : 00:12:cf:a2:54:30 Priority : 32768 Hello Time Maximum Age : 20 Forward Delay ======================================== show bridge port-conf This command displays spanning tree settings for specified interfaces. interface Syntax show bridge port-conf interface {all | ethernet | wireless index <all | vap...
  • Page 194 Chapter 21 | Spanning Tree Commands ATH3 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH4 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19 ======================================== ATH5 configuration ======================================== Link Port Priority : 32 Link Path Cost : 19...
  • Page 195 Chapter 21 | Spanning Tree Commands Designated Bridge ID : 8000.0012cfa25430 Root Port Path Cost State : FORWARDING eth0 --- port 0x1 Port ID : 0x8001 Designated Root ID : 8000.0012cfa25430 Designated Bridge ID : 8000.0012cfa25430 Root Port Path Cost State : DISABLED =====================================================...

  • Page 196: Show Bridge Mac-Aging

    Chapter 21 | Spanning Tree Commands show bridge mac- This command displays the MAC address table aging time. aging Syntax show bridge mac-aging Command Mode Exec Example AP# show bridge mac-aging mac-aging time 300 – 196 –...

  • Page 197: Wds Bridge Commands

    WDS Bridge Commands The commands described in this section are used to set the operation mode for each access point interface and configure Wireless Distribution System (WDS) forwarding table settings. Table 18: WDS Bridge Commands Command Function Mode Page wds ap Selects the bridge operation mode for a radio IC-W VAP interface...

  • Page 198: Show Wds Wireless

    Chapter 22 | WDS Bridge Commands Default Setting None Command Mode Interface Configuration (Wireless) VAP Command Usage In WDS-STA mode, the VAP operates as a client station in WDS mode, which connects to an access point in WDS-AP mode. The user needs to specify the SSID and MAC address of the VAP to which it intends to connect.

  • Page 199: Ethernet Interface Commands

    Ethernet Interface Commands The commands described in this section configure connection parameters for the Ethernet port and wireless interface. Table 19: Ethernet Interface Commands Command Function Mode Page interface ethernet Enters Ethernet interface configuration mode Specifies the primary and secondary name servers IC-E ip address Sets the IP address for the Ethernet interface IC-E...
  • Page 200 Chapter 23 | Ethernet Interface Commands This command specifies the address for the primary or secondary domain name server to be used for name-to-address resolution. Syntax dns {primary-server | secondary-server} <server-address> primary-server - Primary server used for name resolution. secondary-server - Secondary server used for name resolution. server-address - IP address of domain-name server.
  • Page 201 Chapter 23 | Ethernet Interface Commands Command Mode Interface Configuration (Ethernet) Command Usage ◆ DHCP is disabled by default. If DHCP is enabled, you must first disable the DHCP client with the no ip dhcp command before you manually configure a new IP address.
  • Page 202 Chapter 23 | Ethernet Interface Commands effort to learn its IP address. (DHCP values can include the IP address, subnet mask, and default gateway.) Example AP(config)#interface ethernet Enter Ethernet configuration commands, one per line. AP(if-ethernet)#ip dhcp AP(if-ethernet)# Related Commands ip address ip management This command sets the IP address for management access to the AP.

  • Page 203: Table 19: Ethernet Interface Commands

    Chapter 23 | Ethernet Interface Commands ipv6-address - IPv6 address. netmask - Network mask for the associated IPv6 subnet. This mask identifies the host address bits used for routing to specific subnets. gateway - IPv6 address of the default gateway. Default Setting IP address: 2001:db8::1 Netmask: 64...
  • Page 204 Chapter 23 | Ethernet Interface Commands Command Usage ◆ You must assign an IPv6 address to this device to gain management access over the network or to connect the access point to existing IPv6 subnets. You can manually configure a specific IPv6 address using the ipv6 address command, or direct the device to obtain an address from a DHCPv6 server using this command.
  • Page 205 Chapter 23 | Ethernet Interface Commands show interface This command displays the status for the Ethernet interface. ethernet Syntax show ethernet interface Default Setting Ethernet interface Command Mode Exec Example AP#show interface ethernet Ethernet Interface Information ======================================== IP Address : 192.168.2.10 Subnet Mask : 255.255.255.0 Default Gateway...

  • Page 206: Wireless Interface Commands

    Wireless Interface Commands The commands described in this section configure connection parameters for the wireless interfaces. Table 20: Wireless Interface Commands Command Function Mode Page interface wireless Enters wireless interface configuration mode Provides access to the VAP interface configuration IC-W mode a-mpdu Sets the Aggregate MAC Protocol Data Unit (A-...

  • Page 207: Interface Wireless

    Chapter 24 | Wireless Interface Commands Table 20: Wireless Interface Commands (Continued) Command Function Mode Page assoc- timeout-interval Configures the idle time interval (when no frames IC-W-VAP are sent) after which a client is disassociated from the VAP interface auth- timeout-value Configures the time interval after which clients IC-W-VAP must be re-authenticated...
  • Page 208 Chapter 24 | Wireless Interface Commands Command Mode Global Configuration Example AP(config)# interface wireless 0 Enter Wireless configuration commands, one per line. AP(if-wireless 0)# This command provides access to the VAP (Virtual Access Point) interface configuration mode. Syntax vap <vap-index> vap-index - The number that identifies the VAP interface.
  • Page 209 Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)#a-mpdu enable AP(if-wireless 0)# a-msdu This command enables and sets the Aggregate MAC Service Data Unit (A-MSDU). Syntax a-msdu {enable | disable | length <length>} enable - Enable A-MSDU. disable - Disable A-MSDU. length - 1024-65535 bytes.
  • Page 210 Chapter 24 | Wireless Interface Commands auto - Automatically selects an unoccupied channel (if available). Otherwise, the lowest channel is selected. Default Setting Automatic channel selection Command Mode Interface Configuration (Wireless) Command Usage ◆ The available channel settings are limited by local regulations, which determine the number of channels that are available.
  • Page 211 Chapter 24 | Wireless Interface Commands Default Setting Percentage Mode: Full (100%) dBm Mode: 18 dBm Command Mode Interface Configuration (Wireless) Command Usage ◆ The “min” keyword indicates minimum power. ◆ The longer the transmission distance, the higher the transmission power required.
  • Page 212 Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# min-allowed-rate 1 6 mcs0 mcs8 AP(if-wireless 0)# disable-coexist This command prevents the operation of both 20 MHz and 40 MHz channel bandwidths in the wireless network. Syntax disable-coexist <n | y> n - No, do not disable channel coexistance.
  • Page 213 Chapter 24 | Wireless Interface Commands preamble This command sets the length of the signal preamble that is used at the start of a 802.11b/g data transmission. Syntax preamble [long | short-or-long] long - Sets the preamble to long (192 microseconds). short-or-long - Sets the preamble to short if no 802.11b clients are detected (96 microseconds).
  • Page 214 Chapter 24 | Wireless Interface Commands purpose of a guard interval is to introduce immunity to propagation delays, echoes, and reflections to which digital data is normally very sensitive. Enabling the short guard interval sets it to 400ns. Example AP(if-wireless 0)# short-guard-interval enable This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)#...
  • Page 215 Chapter 24 | Wireless Interface Commands Default Setting Command Mode Interface Configuration (Wireless) Command Usage ◆ The Delivery Traffic Indication Map (DTIM) packet interval value indicates how often the MAC layer forwards broadcast/multicast traffic. This parameter is necessary to wake up stations that are using Power Save mode. ◆...
  • Page 216 Chapter 24 | Wireless Interface Commands Command Usage ◆ If the threshold is set to 1, the access point always sends RTS signals. If set to 2346, the access point never sends RTS signals. If set to any other value, and the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send / Clear to Send) mechanism will be enabled.
  • Page 217 Chapter 24 | Wireless Interface Commands closed-system This command prohibits access to clients without a pre-configured SSID. Use the no form to disable this feature. Syntax [no] closed-system Default Setting Disabled Command Mode Interface Configuration (Wireless-VAP) Command Usage When closed system is enabled, the access point will not include its SSID in beacon messages.
  • Page 218 Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# max-client 64 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0)# max-association This command configures the maximum number of wireless clients that can associate with a VAP interface.
  • Page 219 Chapter 24 | Wireless Interface Commands Command Usage ◆ When enabled, the AP applies a priority order for associating clients when the maximum clients for the VAP has been reached. The priority order is 11n clients, 11a/g clients, then 11b clients. ◆...
  • Page 220 Chapter 24 | Wireless Interface Commands auth-timeout-interval This command configures the time interval within which clients must complete authentication to the VAP interface. Syntax auth-timeout-interval <minutes> minutes - The number of minutes before re-authentication. (Range: 3-60 minutes) Default Setting 3 minutes Command Mode Interface Configuration (Wireless-VAP) Example...
  • Page 221 Chapter 24 | Wireless Interface Commands shutdown (VAP) This command disables the VAP interface. Use the no form to restart the interface. Syntax [no] shutdown Default Setting Interface enabled Command Mode Interface Configuration (Wireless-VAP) Command Usage You must first enable VAP interface 0 before you can enable VAP interfaces 1 to 15. Example AP(if-wireless 0: VAP[0])# shutdown This setting has not been effective !
  • Page 222 Chapter 24 | Wireless Interface Commands antenna-chain This command selects the use of two antennas or a single antenna for radio transmissions. Syntax antenna-chain <right-left | left | right> right-left - The radio transmits from both internal antennas. left - The radio only transmits from one internal antenna. right - The radio only transmits from one internal antenna.
  • Page 223 Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# long-distance enable For making changes effective, please execute make-RF-setting-effective command ! AP(if-wireless 0)# long-distance This command computes settings that allow wireless clients a long distance from reference-data the AP to maintain communications. Syntax long-distance reference-data <distance>...
  • Page 224 Chapter 24 | Wireless Interface Commands Command Mode Interface Configuration (Wireless) Example AP(if-wireless 0)# long-distance slottime 25 For making changes effective, please execute make-RF-setting-effective command after entering all three long distance parameters! AP(if-wireless 0)# long-distance This command sets the acknowledge timeout for long-distance communications. acktimeout Syntax long-distance acktimeout <timeout>...
  • Page 225 Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0)# long-distance ctstimeout 56 For making changes effective, please execute make-RF-setting-effective command after entering all three long distance parameters! AP(if-wireless 0)# bandwidth-control This command enables the downlink bandwidth control for a VAP interface. downlink Syntax bandwidth-control downlink <enable | disable>...
  • Page 226 Chapter 24 | Wireless Interface Commands Example AP(if-wireless 0: VAP[0])# bandwidth-control downlink rate 512 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# bandwidth-control This command enables the uplink bandwidth control for a VAP interface. uplink Syntax bandwidth-control uplink <enable | disable>...
  • Page 227 Chapter 24 | Wireless Interface Commands Command Mode Interface Configuration (Wireless-VAP) Example AP(if-wireless 0: VAP[0])# bandwidth-control uplink rate 512 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# show interface This command displays the status for a specified VAP interface.
  • Page 228 Chapter 24 | Wireless Interface Commands WPA Function : OPEN-SYSTEM, WPA FUNCTION DISABLE WPA PSK Key Type : ascii WPA PSK Key : ******** Default Transmit Key Static WEP Keys Key 1 : ***** Key 2 : ***** Key 3 : ***** Key 4 : *****...
  • Page 229 Chapter 24 | Wireless Interface Commands Station Table Information ======================================== Wireless Interface 0 VAPs List: if-wireless 0 VAP [0] : ADDR RSSI Tx(Mbps) Rx(Mbps) Privacy Authentication fc:25:3f:70:1a:4f 0.0.0.0 Open fc:25:3f:5c:32:49 0.0.0.0 Open if-wireless 0 VAP [1] : if-wireless 0 VAP [2] : if-wireless 0 VAP [3] : if-wireless 0 VAP [4] : if-wireless 0 VAP [5] :...
  • Page 230 Chapter 24 | Wireless Interface Commands Example AP#show station statistics Station Table Information ======================================== Wireless Interface 0 VAPs List: if-wireless 0 VAP [0] : Total Station Number of this vap: 0 if-wireless 0 VAP [1] : Total Station Number of this vap: 0 if-wireless 0 VAP [2] : Total Station Number of this vap: 0 if-wireless 0 VAP [3] :...
  • Page 231 Chapter 24 | Wireless Interface Commands Total Station Number of this vap: 0 if-wireless 1 VAP [12] : Total Station Number of this vap: 0 if-wireless 1 VAP [13] : Total Station Number of this vap: 0 if-wireless 1 VAP [14] : Total Station Number of this vap: 0 if-wireless 1 VAP [15] : Total Station Number of this vap: 0...

  • Page 232: Wireless Security Commands

    Wireless Security Commands The commands described in this section configure parameters for wireless security on the VAP interfaces. Table 21: Wireless Security Commands Command Function Mode Page auth Defines the 802.11 authentication type allowed by the IC-W- access point encryption Defines whether or not WEP encryption is used to IC-W- provide privacy for wireless communications...
  • Page 233 Chapter 25 | Wireless Security Commands wpa2-psk - Clients using WPA2 with a Pre-shared Key are accepted for authentication. wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for authentication. wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Pre-shared Key are accepted for authentication Default Setting open-system...
  • Page 234 Chapter 25 | Wireless Security Commands ◆ WPA2 defines a transitional mode of operation for networks moving from WPA security to WPA2. WPA2 Mixed Mode allows both WPA and WPA2 clients to associate to a common VAP interface. When the encryption cipher suite is set to TKIP, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for each client.
  • Page 235 Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# encryption This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# Related Commands This command sets the keys used for WEP encryption. Use the no form to delete a configured key.
  • Page 236 Chapter 25 | Wireless Security Commands ◆ The WEP key index, length and type configured for the VAP must match those configured for clients. Example AP(if-wireless 0: VAP[0])# key 1 64 hex 1234512345 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# Related Commands...
  • Page 237 Chapter 25 | Wireless Security Commands cipher-suite This command defines the cipher algorithm used to encrypt the global key for broadcast and multicast traffic when using WPA or WPA2 security. Syntax multicast-cipher <aes-ccmp | tkip > aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher. tkip - Use TKIP encryption for the multicast cipher.
  • Page 238 Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# cipher-suite tkip This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# wpa-pre-shared-key This command defines a Wi-Fi Protected Access (WPA/WPA2) Pre-shared-key. Syntax wpa-pre-shared-key <hex | passphrase-key>...
  • Page 239 Chapter 25 | Wireless Security Commands pmksa-lifetime This command sets the time for aging out cached WPA2 Pairwise Master Key Security Association (PMKSA) information for fast roaming. Syntax pmksa-lifetime <minutes> minutes - The time for aging out PMKSA information. (Range: 0 - 14400 minutes) Default Setting 720 minutes Command Mode...
  • Page 240 Chapter 25 | Wireless Security Commands Example AP(if-wireless 0: VAP[0])# make-security-effective It will take several minutes ! Please wait a while... device eth0 left promiscuous mode br0: port 1(eth0) entering disabled state br0: port 3(ath16) entering disabled state br0: port 2(ath0) entering disabled state device ath16 left promiscuous mode br0: port 3(ath16) entering disabled state device ath0 left promiscuous mode...

  • Page 241: Rogue Ap Detection Commands

    Rogue AP Detection Commands A “rogue AP” is either an access point that is not authorized to participate in the wireless network, or an access point that does not have the correct security configuration. Rogue APs can potentially allow unauthorized users access to the network.

  • Page 242: Rogue-Ap Disable

    Chapter 26 | Rogue AP Detection Commands Command Usage ◆ While the access point scans a channel for rogue APs, wireless clients will not be able to connect to the access point. Therefore, avoid frequent scanning or scans of a long duration unless there is a reason to believe that more intensive scanning is required to find a rogue AP.
  • Page 243 Chapter 26 | Rogue AP Detection Commands Command Mode Interface Configuration (Wireless) Command Usage Enter the MAC address/Basic Service Set Identifier (BSSID) of known APs in the network. These MAC addresses will be filtered out of the list of detected APs during a scan.
  • Page 244 Chapter 26 | Rogue AP Detection Commands Command Mode Interface Configuration (Wireless) Command Usage ◆ During a scan, client access may be disrupted and new clients may not be able to associate to the access point. If clients experience severe disruption, reduce the scan duration time.

  • Page 245: Rogue-Ap Instant-Scan

    Chapter 26 | Rogue AP Detection Commands rogue-ap instant-scan This command starts an immediate scan for access points on the radio interface. Default Setting Disabled Command Mode Interface Configuration (Wireless) Command Usage While the access point scans a channel for rogue APs, wireless clients will not be able to connect to the access point.
  • Page 246 Chapter 26 | Rogue AP Detection Commands – 246 –...

  • Page 247: Link Integrity Commands

    Link Integrity Commands The access point provides a link integrity feature that can be used to ensure that wireless clients are connected to resources on the wired network. The access point does this by periodically sending Ping messages to a host device in the wired Ethernet network.
  • Page 248 Chapter 27 | Link Integrity Commands Response Timeout: 2 seconds Retry Counts: 5 Command Mode Global Configuration Command Usage ◆ When link integrity is enabled, the IP address of a host device in the wired network must be specified. ◆ The access point periodically sends an ICMP echo request (Ping) packet to the link host IP address.
  • Page 249 Chapter 27 | Link Integrity Commands Example AP(config)# link-integrity link-fail-action 0 enable AP(config)# show link-integrity This command displays the current link integrity configuration. Command Mode Exec Example AP#show link-integrity Link Integrity Information =================================================================== Link integrity: disabled Destination IP: 192.168.2.254 Detect Interval: Response Timeout: Retry Count if no response: Link fail action - Shutdown Radio 0: disabled...

  • Page 250: Link Layer Discovery Commands

    Link Layer Discovery Commands LLDP allows devices in the local broadcast domain to share information about themselves. LLDP-capable devices periodically transmit information in messages called Type Length Value (TLV) fields to neighbor devices. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
  • Page 251 Chapter 28 | Link Layer Discovery Commands lldp-transmit hold- This command configures the time-to-live (TTL) value sent in LLDP advertisements. muliplier Syntax lldp transmit hold-multiplier <multiplier> multiplier - The hold multiplier number. (Range: 2-10) Default Setting Command Mode Global Configuration Command Usage ◆...
  • Page 252 Chapter 28 | Link Layer Discovery Commands Example AP(config)# lldp transmit interval 30 AP(config)# lldp transmit re-init- This command configures the delay before attempting to re-initialize after LLDP delay ports are disabled or the link goes down. Syntax lldp transmit re-init-delay <seconds> seconds - Time in seconds.
  • Page 253 Chapter 28 | Link Layer Discovery Commands Command Usage ◆ The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission.

  • Page 254: Vlan Commands

    VLAN Commands The access point can enable the support of VLAN-tagged traffic passing between wireless clients and the wired network. VLAN IDs can be mapped to specific VAP interfaces, allowing users to remain within the same VLAN as they move around a campus site.
  • Page 255 Chapter 29 | VLAN Commands ◆ Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point’s management VLAN ID, or with a VLAN tag that matches one of the VAP default VLAN IDs. Example AP(config)# vlan enabled Warning!
  • Page 256 Chapter 29 | VLAN Commands native-vlanid This command configures the default VLAN ID for the LAN port interface. Syntax native-vlanid <vlan-id> vlan-id - Default VLAN ID. (Range: 1-4094) Default Setting Command Mode Global Configuration Command Usage ◆ To implement the default VLAN ID setting for the LAN port, the AP must first enable VLAN support using the vlan command.
  • Page 257 Chapter 29 | VLAN Commands ◆ When VLANs are enabled, the access point tags frames received from wireless clients with the default VLAN ID for the VAP interface. Example AP(if-wireless 0: VAP[0])# vlan-ID 6 This setting has not been effective ! If want to take effect, please execute make-security-effective command ! AP(if-wireless 0: VAP[0])# –...

  • Page 258: Wmm Commands

    WMM Commands The access point implements QoS using the Wi-Fi Multimedia (WMM) standard. Using WMM, the access point is able to prioritize traffic and optimize performance when multiple applications compete for wireless network bandwidth at the same time. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard and it enables the access point to inter-operate with both WMM-enabled clients and other devices that may lack any WMM functionality.
  • Page 259 Chapter 30 | WMM Commands wmm-acknowledge- This command allows the acknowledgement wait time to be enabled or disabled policy for each Access Category (AC). Syntax wmm-acknowledge-policy <ac_number> <ack | noack> ac_number - Access categories. (Range: 0-3) ack - Require the sender to wait for an acknowledgement from the receiver. noack - Does not require the sender to wait for an acknowledgement from the receiver.

  • Page 260: Table 27: Ap Parameters

    Chapter 30 | WMM Commands AP - Access Point BSS - Wireless client ac_number - Access categories (ACs) – voice, video, best effort, and background. These categories correspond to traffic priority levels and are mapped to IEEE 802.1D priority tags as shown in Table 2 on page (Range: 0-3) LogCwMin - Minimum log value of the contention window.

  • Page 261: Table 28: Bss Parameters

    Chapter 30 | WMM Commands Table 28: BSS Parameters WMM Parame- AC0 (Best Effort) AC1 (Back- AC2 (Video) AC3 (Voice) ters ground) LogCwMin LogCwMax AIFS TXOP Limit Admission Control Disabled Disabled Disabled Disabled Command Mode Interface Configuration (Wireless) Example AP(if-wireless 0)# wmmparam ap 0 5 10 3 64 1 This setting has not been effective ! If want to take effect, please execute make-RF-setting-effective command ! AP(if-wireless 0)#...
  • Page 262 Chapter 30 | WMM Commands – 262 –...

  • Page 263: Qos Commands

    QoS Commands The QoS commands configure QoS priority mapping for traffic on VAP interfaces. The AP enables Wi-Fi Multimedia (WMM) 802.1d priorities to be mapped to 802.1p priorities or IP DSCP priorities. Table 29: QoS Commands Command Function Mode Page qos vap-802.1p Enables the setting of VAP traffic to a specific 802.1p IC-W...
  • Page 264 Chapter 31 | QoS Commands Command Usage ◆ To implement this command on a VAP interface the default VLAN ID for the VAP must be set to any other value than 1. ◆ The VAP-to-802.1p priority QoS feature cannot be enabled together with the 802.1d-to-802.1p or 802.1d-to-DSCP features.
  • Page 265 Chapter 31 | QoS Commands qos 802.1d-802.1p This command enables the mapping of WMM 802.1d priority values to 802.1p values on a VAP interface. Syntax qos 802.1d-802.1p <enable | disable> enable - Enables the mapping of WMM 802.1d to 802.1p priority values. disable - Disables the feature.
  • Page 266 Chapter 31 | QoS Commands Command Usage ◆ The AP supports eight QoS priority mapping templates, each identified by an ID number (1 to 8). The templates also have user-defined name that can be configured using the qos qos-template qos-template-name command.
  • Page 267 Chapter 31 | QoS Commands AP(if-wireless 0: VAP[0])# qos 802.1d-dscp This command sets the mapping template to use for the WMM 802.1d to DSCP mapping-template priority mapping on a VAP interface. Syntax qos 802.1d-dscp mapping-template <template-id> template-id - The identifying number of a QoS mapping template. (Range: 1-8) Default Command Mode...
  • Page 268 Chapter 31 | QoS Commands qos qos-template qos- This command sets the name of a QoS priority mapping template. template-name Syntax qos qos-template qos-template-name <template-id> <template-name> template-id - The identifying number of a QoS mapping template. (Range: 1-8) template-name - The user-defined name of a QoS mapping template. (Maximum 32 alphanumeric characters;...

  • Page 269: Qos Qos-Template Qos-Template-Show

    Chapter 31 | QoS Commands Example AP(if-wireless 0: VAP[0])# qos qos-template qos-template-priority 1 10234765 AP(if-wireless 0: VAP[0])# qos qos-template qos- This command displays the user-defined QoS priority mapping templates and their template-show priority mapping configuration. Syntax qos qos-template qos-template-show Default none Command Mode Interface Configuration (Wireless-VAP)
  • Page 270 Chapter 31 | QoS Commands – 270 –...

  • Page 271: Appendices

    Section IV Appendices This section provides additional information and includes these items: ◆ “Troubleshooting” on page 272 – 271 –...

  • Page 272: A Troubleshooting

    Troubleshooting Problems Accessing the Management Interface Table 30: Troubleshooting Chart Symptom Action ◆ Cannot connect using Be sure the AP is powered up. Telnet, web browser, or ◆ Check network cabling between the management station and the SNMP software ◆ Check that you have a valid network connection to the AP and that intermediate switch ports have not been disabled.
  • Page 273 Appendix A | Troubleshooting Using System Logs Designate the SNMP host that is to receive the error messages. Repeat the sequence of commands or other actions that lead up to the error. Make a list of the commands or circumstances that led to the fault. Also make a list of any error messages displayed.

  • Page 274: Index Of Cli Commands

    Index of CLI Commands 802.1x enable 173 filter dhcp 802.1x reauthentication-time filter ethernet-type enabled a-mpdu 208 filter ethernet-type protocol 182 a-msdu filter local-bridge antenna-chain filter restrict-management apmgmgtui ssh enable interface ethernet 199 apmgmtip interface wireless apmgmtui http port interfere-chan-recover apmgmtui http server ip address apmgmtui http session-timeout 127 ip dhcp...
  • Page 275 Index of CLI Commands preamble show system prompt show system resource 131 qos 802.1d-802.1p 265 show version qos 802.1d-802.1p mapping-template show wds wireless qos 802.1d-dscp shutdown (VAP) qos 802.1d-dscp mapping-template shutdown (Ethernet) qos qos-template qos-template-name snmp-server community 152 qos qos-template qos-template-priority snmp-server contact qos qos-template qos-template-show snmp-server enable server...

  • Page 276: Index

    Index authentication filter cipher suite 234 address 176 closed system 217 between wireless clients 179 MAC address 176 local bridge 179 type 217 local or remote 175 management access 180 protocol types 182 VLANs 254 beacon firmware interval 214 displaying version 132 rate 214 upgrading 165 BOOTP 200...
  • Page 277 Index open system 217 time zone 147 transmit power, configuring 210 trap destination 154 trap manager 154 password configuring 123 management 123 port priority upgrading software 165 STA 189 user password 123 radio channel VLAN 802.11a interface 209 configuration 254 802.11g interface 209 RADIUS 167 threshold 215...
  • Page 278 Headquarters No. 1, Creation Rd. III (for Asia-Pacific): Technical Support information at www.smc-asia.com Hsinchu Science Park Taiwan 30077 Tel: +886 3 5638888 Fax: +886 3 6686111 www.smcnetworks.co.kr SMC2890W-AN, SMC2891W-AN www.smc.com...

This manual is also suitable for:

Smc2891w-an

Table of Contents