Page 1 AP-51xx Access Point Product Reference Guide...
Page 3 AP-51xx Access Point Product Reference Guide 72E-92949-01 Revision A January 2007...
Page 5 Symbol reserves the right to make changes to any software or product to improve reliability, function, or design. Symbol does not assume any product liability arising out of, or in connection with, the application or use of any product, circuit, or application described herein.
Page 7: Table Of Contents
Contents About This Guide Introduction............vii Document Conventions.
Page 8 AP-51xx Access Point Product Reference Guide Feature Overview ........... 1-6 Single or Dual Mode Radio Options.
Page 9 Management Access Options ........1-24 AP-51xx MAC Address Assignment ....... . 1-24 Chapter 2.
Page 10 AP-51xx Access Point Product Reference Guide Chapter 3. Getting Started Installing the Access Point ..........3-1 Configuration Options.
Page 11 Setting the Type Filter Configuration ......5-14 Configuring WAN Settings ......... . . 5-16 Configuring Network Address Translation (NAT) Settings .
Page 12 AP-51xx Access Point Product Reference Guide Viewing VPN Status ..........6-50 Configuring Content Filtering Settings .
Page 13 Network LAN Commands ........8-12 Network LAN, Bridge Commands .
Page 14 Mesh Networking Overview......... . . 9-1 The AP-51xx Client Bridge Association Process ..... . . 9-3 Client Bridge Configuration Process Example .
Page 15 Appendix B. Usage Scenarios Configuring Automatic Updates using a DHCP or Linux BootP Server ...B-1 Windows - DHCP Server Configuration.......B-2 Embedded Options - Using Option 43 .
Page 16 AP-51xx Access Point Product Reference Guide...
Page 17: About This Guide
This guide provides configuration and setup information for the AP-5131 and AP-5181 model access points. For the purposes of this guide, the devices will be called AP-51xx or the generic term “access point” when identical conifiguration activities are applied to both models.
Page 18: Notational Conventions
Symbol Technologies is not responsible for any damages incurred during shipment if the approved shipping container is not used. Shipping the units improperly can possibly void the warranty. If the original shipping container was not kept, contact Symbol to have another sent to you.
Page 19: Chapter 1. Introduction
Introduction This AP-51xx Product Reference Guide contains setup and advanced configuration instructions for both the AP-5131 and AP-5181 model access points. Both the AP-5131 and AP-5181 model access points share the same Web UI, CLI and MIB interfaces, thus there is no difference in how the devices are configured using the instructions within this guide.
Page 20: New Features
The access point (AP) provides a bridge between Ethernet wired LANs or WANs and wireless networks. It provides connectivity between Ethernet wired networks and radio-equipped mobile units (MUs). MUs include the full line of Symbol terminals, bar-code scanners, adapters (PC cards, Compact Flash cards and PCI adapters) and other devices.
Page 21: Additional Lan Subnet
Introduction adds the connection as a port on its bridge module. This causes the access point (in client bridge mode) to begin forwarding configuration packets to the base bridge. An access point in base bridge mode allows the access point radio to accept client bridge connections. The two bridges communicate using the Spanning Tree Protocol (STP).
Page 22: On-Board Radius Server Authentication
AP-51xx Access Point Product Reference Guide each LAN can have its own Ethernet Type Filter configuration, and subnet access (HTTP, SSH, SNMP and telnet) configuration. For detailed information on configuring the access point for additional LAN subnet support, see Configuring the LAN Interface on page 5-1.
Page 23: Routing Information Protocol (Rip)
Introduction For detailed information on configuring the access point for Hotspot support, see Configuring WLAN Hotspot Support on page 5-45. 1.1.5 Routing Information Protocol (RIP) With the release of the 1.1 version access point, Routing Information Protocol (RIP) functionality has been added to the existing Router screen.
Page 24: Feature Overview
AP-51xx Access Point Product Reference Guide 1.2 Feature Overview The Symbol access point has the following existing features carried forward from its initial 1.0 release: • Single or Dual Mode Radio Options • Separate LAN and WAN Ports • Multiple Mounting Options •...
Page 25: Single Or Dual Mode Radio Options
Viewing LAN Statistics on page 7-6. For information on access point MAC address assignments, see AP-51xx MAC Address Assignment on page 1-24. 1.2.3 Multiple Mounting Options The access point rests on a flat surface, attaches to a wall, mounts under a ceiling or above a ceiling...
Page 26: Antenna Support For 2.4 Ghz And 5.2 Ghz Radios
AP-51xx Access Point Product Reference Guide mount the access point in a location that has not been approved in an either an AP-5131 or outdoor AP-5181 radio coverage site survey. For detailed information on the mounting options available for the access point, see...
Page 27: Quality Of Service (Qos) Support
Introduction BSSID #4 00:A0:F8:72:20:DF Radio MAC address +3 For detailed information on strategically mapping BSSIDs to WLANs, see Configuring the 802.11a or 802.11b/g Radio on page 5-55. For information on access point MAC address assignments, see 51xx MAC Address Assignment on page 1-24.
Page 28: Kerberos Authentication
The use of strong authentication methods that do not disclose passwords is necessary. Symbol uses the Kerberos authentication service protocol (specified in RFC 1510), to authenticate users/clients in a wireless network environment and to securely distribute the encryption keys used for both encrypting and decrypting.
Page 29: Wep Encryption
1-11 Introduction Using EAP, a user requests connection to a WLAN through the access point. The access point then requests the identity of the user and transmits that identity to an authentication server. The server prompts the AP for proof of identity (supplied to the access point by the user) and then transmits the user data back to the server to complete the authentication.
Page 30: Keyguard Encryption
Use KeyGuard to shield the master encryption keys from being discovered through hacking. KeyGuard negotiation takes place between the access point and MU upon association. The access point can use KeyGuard with Symbol MUs. KeyGuard is only supported on Symbol MUs making it a Symbol proprietary security mechanism.
Page 31: Firewall Security
1-13 Introduction to derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. the end result is an encryption scheme as secure as any the access point provides. For detailed information on WPA2-CCMP configurations, see Configuring WPA2-CCMP (802.11i) on page 6-24.
Page 32: Multiple Management Accessibility Options
• Command Line Interface (CLI) accessed via RS-232 or Telnet. Use the access point DB-9 serial port for direct access to the command-line interface from a PC. Use Symbol's Null- Modem cable (Part No. 25-632878-0) for the best fitting connection.
Page 33: Power-Over-Ethernet Support
4-20. 1.2.13 Power-over-Ethernet Support When users purchase a Symbol WLAN solution, they often need to place access points in obscure locations. In the past, a dedicated power source was required for each access point in addition to the Ethernet infrastructure. This often required an electrical contractor to install power drops at each access point location.
Page 34: Mu-Mu Transmission Disallow
DTIM (Delivery Traffic Indication Message) and the TIM (Traffic Indication Map). PSP (Power Save Polling) MUs power off their radios for short periods. When a Symbol MU in PSP mode associates with an access point, it notifies the access point of its activity status. The access point responds by buffering packets received for the MU.
Page 35: Statistical Displays
1-17 Introduction 1.2.17 Statistical Displays The access point can display robust transmit and receive statistics for the WAN and LAN ports. WLAN stats can be displayed collectively and individually for enabled WLANs. Transmit and receive statistics are available for the access point’s 802.11a and 802.11b/g radios. An advanced radio statistics page is also available to display retry histograms for specific data packet retry information.
Page 36: Default Configuration Restoration
1-18 AP-51xx Access Point Product Reference Guide 1.2.21 Default Configuration Restoration The access point has the ability to restore its default configuration or a partial default configuration with the exception of current WAN and SNMP settings. Restoring the default configuration is a good way to create new WLANs if the MUs the access point supports have been moved to different radio coverage areas.
Page 37: Theory Of Operations
2.4 to 2.5-GHz frequency range (802.11b/g radio) or the 5.2 GHz frequency range (802.11a radio), the actual range is country-dependent. Symbol devices, like other Ethernet devices, have unique, hardware encoded Media Access Control (MAC) or IEEE addresses.
Page 38: Cellular Coverage
1-20 AP-51xx Access Point Product Reference Guide 1.3.1 Cellular Coverage An access point establishes an average communication range with MUs called a Basic Service Set (BSS) or cell. When in a particular cell, the MU associates and communicates with the access point supporting the radio coverage area of that cell.
Page 39: Media Types
Spread spectrum (broadband) uses a narrowband signal to spread the transmission over a segment of the radio frequency band or spectrum. Direct-sequence is a spread spectrum technique where the transmitted signal is spread over a particular frequency range. The Symbol access point uses Direct- Sequence Spread Spectrum (DSSS) for radio communication.
Page 40: Mu Association Process
1-22 AP-51xx Access Point Product Reference Guide Intercepting and decoding a direct-sequence transmission requires a predefined algorithm to associate the spreading code used by the transmitting access point to the receiving MU. This algorithm is established by IEEE 802.11b specifications. The bit redundancy within the chipping sequence enables the receiving MU to recreate the original data pattern, even if bits in the chipping sequence are corrupted by interference.
Page 41: Operating Modes
• Access Point - As an Access Point, the access point functions as a layer 2 bridge (similar to Symbol’s existing AP-4131 access point). The wired uplink can operate as a trunk and support multiple VLANs. Up to 16 WLANs can be defined and mapped to access point WLANs.
Page 42: Management Access Options
1-24 AP-51xx Access Point Product Reference Guide • Firewall - In between the WAN and Wireless interfaces, a Firewall protects against a number of known attacks. 1.3.7 Management Access Options Managing the access point includes viewing network statistics and setting configuration options.
Page 43 1-25 Introduction • BSS2 - Base radio MAC address +1 • BSS3 - Base radio MAC address +2 • BSS4 - Base radio MAC address +3...
Page 44 1-26 AP-51xx Access Point Product Reference Guide...
Page 45: Chapter 2. Hardware Installation
See the following sections for more details: • Precautions • Requirements • Access Point Placement • Power Options • Symbol Power Injector and Power Tap Systems • Mounting an AP-5131 • AP-5131 LED Indicators • Mounting an AP-5181 • AP-5181 LED Indicators •...
Page 46: Precautions
2.1 Precautions Before installing an AP-5131 or AP-5181 model access point verify the following: • Do not install in wet or dusty areas without additional protection. Contact a Symbol representative for more information. • Verify the environment has a continuous temperature range between -20° C to 50° C.
Page 47 (2) Dual-Band Antennae (Part No. ML-2452-APA2-01) Accessories Bag Verify the model indicated on the bottom of the AP-5131 is correct. Contact the Symbol Support Center to report missing or improperly functioning items. The Symbol Power Injector (Part No. AP-PSBIAS-1P2-AFR) is included in certain orderable configurations, but can be added to any configuration.
Page 48: Ap-5181 Configurations
KT-5181-HW-01R). This kit shields an AP-5181 from wind and rain damage resulting from driving rain. NOTE Though the AP-5181 can use the standard Symbol Power Injector solution (Part No. AP-PSBIAS-1P2-AFR), Symbol recommends using the AP-5181 Power Tap (Part No. AP-PSBIAS-5181-01R), designed specifically for...
Page 49: Requirements
• An AP-5131 (either a dual or single radio model) or AP-5181 model access point • 48 Volt Power Supply Part No. 50-24000-050 (AP-5131 models only) or Symbol Power Injector (Part No. AP-PSBIAS-1P2-AFR or AP-PSBIAS-5181-01R) • a power outlet •...
Page 50: Site Surveys
Symbol recommends conducting a new site survey and developing a new coverage area floor plan when switching from 2 or 11Mbps access points (AP-3021 or AP-4131 models) to 54Mbps access points (AP-5131 and AP-5181 models), as the device placement requirements are significantly different.
Page 51 Yagi Antenna 13.9 ML-2452-APA2-01 Dual-Band NOTE An additional adapter is required to use ML-2499-11PNA2-01 and ML-2499-BYGA2-01 model antennae. Please contact Symbol for more information. The AP-5131 5.2 GHz antenna suite includes the following models: Symbol Part Number Antenna Type Nominal Net Gain (dBi)
Page 52: Ap-5181 Antenna Options
Two antennae per radio provides diversity that can improve performance and signal reception. Symbol supports two antenna suites for the AP-5181. One antenna suite supporting the 2.4 GHz band and another antenna suite supporting the 5.2 GHz band. Select an antenna model best suited to the intended operational environment of your AP-5181.
Page 53: Power Options
2.5.1 AP-5131 Power Options The power options for the AP-5131 include: • Symbol Power Injector (Part No. AP-PSBIAS-1P2-AFR) • Symbol 48-Volt Power Supply (Part No. 50-24000-050) • Any standard 802.3af compliant device. 2.5.2 AP-5181 Power Options The power options for the AP-5181 include: CAUTION An AP-5181 model access point cannot use the AP-5131 recommended Symbol 48-Volt Power Supply (Part No.
Page 54: Symbol Power Injector And Power Tap Systems
An AP-5131 or AP-5181 access point can receive power via an Ethernet cable connected to the access point’s LAN port (using the 802.3af standard). When users purchase a Symbol WLAN solution, they often need to place access points in obscure locations. In the past, a dedicated power source was required for each access point in addition to the Ethernet infrastructure.
Page 55: Preparing For Site Installation
2-11 Hardware Installation • Preparing for Site Installation • Cabling the Power Injector and Power Tap • Power Injector LED Indicators 2.6.1.1 Preparing for Site Installation The Power Injector or Power Tap can be installed free standing, on an even horizontal surface or wall mounted using the unit’s wall mounting key holes.
Page 56: Power Injector Led Indicators
The Power Injector is overloaded or has a short circuit. For more information and device specifications for the Symbol Power Injector, refer to the Power Injector Quick Install Guide (Part No. 72-70762-01) available from the Symbol Web site. 2.7 Mounting an AP-5131 The AP-5131 can rest on a flat surface, attach to a wall, mount under a suspended T-Bar or above a ceiling (plenum or attic).
Page 57: Desk Mounted Installations
2-13 Hardware Installation Refer to the following, depending on how you intend to mount the AP-5131: • Desk Mounted Installations • Wall Mounted Installations • Suspended Ceiling T-Bar Installations • Above the Ceiling (Plenum) Installations 2.7.1 Desk Mounted Installations The desk mount option uses rubber feet allowing the unit to sit on most flat surfaces. The four (4) round rubber feet can be found in the AP-5131 (main) box in a separate plastic bag.
Page 58 2-14 AP-51xx Access Point Product Reference Guide 4. Cable the AP-5131 using either the Symbol Power Injector solution or an approved line cord and power supply. CAUTION Do not supply power to the AP-5131 until the cabling of the unit is complete.
Page 59: Wall Mounted Installations
2-15 Hardware Installation 5. Verify the behavior of the AP-5131 LEDs. For more information, see AP-5131 LED Indicators on page 2-22. 6. Return the AP-5131 to an upright position and place it in the location you wish it to operate. Ensure the AP-5131 is sitting evenly on all four rubber feet.
Page 60 Radio 1, and two dots designate the secondary antenna for Radio 1. 8. Cable the AP-5131 using either the Symbol Power Injector solution or an approved line cord and power supply.
Page 61: Suspended Ceiling T-Bar Installations
NOTE If the AP-5131 is utilizing remote management antennae, a wire cover can be used to provide a clean finished look to the installation. Contact Symbol for more information. 9. Verify the behavior of the AP-5131 LEDs. For more information, see...
Page 62 2-18 AP-51xx Access Point Product Reference Guide 4. Cable the AP-5131 using either the Symbol Power Injector solution or an approved line cord and power supply. CAUTION Do not supply power to the AP-5131 until the cabling of the unit is complete.
Page 63: Above The Ceiling (Plenum) Installations
NOTE If the AP-5131 is utilizing remote management antennae, a wire cover can be used to provide a clean finished look to the installation. Contact Symbol for more information. 2.7.4 Above the Ceiling (Plenum) Installations An AP-5131 above the ceiling installation requires placing the AP-5131 above a suspended ceiling and installing the provided light pipe under the ceiling tile for viewing the rear panel status LEDs of the unit.
Page 64 6. Use a drill to make a hole in the tile the approximate size of the AP-5131 LED light pipe. CAUTION Symbol recommends care be taken not to damage the finished surface of the ceiling tile when creating the light pipe hole and installing the light pipe.
Page 65 AP-5131’s lock port. 14. Align the ceiling tile into its former ceiling space. 15. Cable the AP-5131 using either the Symbol Power Injector solution or an approved line cord and power supply. CAUTION Do not supply power to the AP-5131 until the cabling of the unit is...
Page 66: Ap-5131 Led Indicators
Power Injector, see Symbol Power Injector and Power Tap Systems on page 2-10. For standard Symbol 48-Volt Power Adapter (Part No. 50-24000-050) and line cord installations: a. Connect RJ-45 Ethernet cable between the network data supply (host) and the AP-5131 LAN port.
Page 67 2-23 Hardware Installation Power and Error Conditions (Split LED) Data Over Ethernet 802.11a Radio Activity 802.11b/g Radio Activity The five LEDs on the top housing of the AP-5131 are clearly visible in table-top, wall and below ceiling installations. The five AP-5131 top housing LEDs have the following display and functionality: AP-5131 Solid white indicates the is adequately powered.
Page 68: Mounting An Ap-5181
2-24 AP-51xx Access Point Product Reference Guide AP-5131 Solid white indicates the is adequately powered. Boot and Power Status AP-5131 Solid red indicates the is experiencing a problem condition requiring immediate attention. Error Conditions Blinking red indicates the AP-5131 Rogue AP Detection feature has located a...
Page 69 2-25 Hardware Installation Fit the edges of the V-shaped part into the slots Tighten the securing bolts 3. Attach the square mounting plate to the bridge with the supplied screws. Attach the square plate to the bridge 4. Attach the AP-5181 and mounting plate to the bracket already fixed to the pole. 5.
Page 70 2-26 AP-51xx Access Point Product Reference Guide 7. Cable the AP-5181 using either the AP-5181 Power Tap (Part No. AP-PSBIAS-5181-01R) or the Symbol Power Injector (Part No. AP-PSBIAS-1P2-AFR). NOTE The access point must be mounted with the RJ45 cable connectors oriented upwards to ensure proper operation.
Page 71: Ap-5181 Wall Mounted Installations
4-1. NOTE If installing the AP-5181 in an outdoor area prone to high winds and rain, Symbol recommends using the AP-5181 Heavy Weather Kit (Part No. KT-5181-HW-01R). This kit shields an AP-5181 from high winds and water damage as a result of driving rain.
Page 72 2-28 AP-51xx Access Point Product Reference Guide 4. Attach the square mounting plate to the bridge with the supplied screws. Attach the bridge to the plate on the pole. 5. Use the included nuts to tightly secure the wireless bridge to the bracket. Fit the edges of the V-shaped clamp into the slots on the flat side of the rectangular plate.
Page 73: Ap-5181 Led Indicators
4-1. NOTE If installing the AP-5181 in an outdoor area prone to high winds and rain, Symbol recommends using the AP-5181 Heavy Weather Kit (Part No. KT-5181-HW-01R). This kit shields an AP-5181 from high winds and water damage as a result of driving rain.
Page 74 2-30 AP-51xx Access Point Product Reference Guide Power and error conditions (split LED) Data over Ethernet 802.11a radio activity 802.11b/g radio activity AP-5131 Solid white indicates the is adequately powered. Power Status AP-5131 Solid red indicates the is experiencing a problem condition requiring immediate attention.
Page 75: Setting Up Mus
3-14. Refer to the LA-5030 & LA-5033 Wireless Networker PC Card and PCI Adapter Users Guide, available from the Symbol Web site, for installing drivers and client software if operating in an 802.11a/g network environment. Refer to the Spectrum24 LA-4121 PC Card, LA-4123 PCI Adapter & LA-4137 Wireless Networker User Guide, available from the Symbol Web site, for installing drivers and client software if operating in an 802.11b network environment.
Page 76 2-32 AP-51xx Access Point Product Reference Guide...
Page 77: Chapter 3. Getting Started
The access point should be installed in an area tested for radio coverage using one of the site survey tools available to the Symbol field service technician. Once an installation site has been identified, the installer should carefully follow the hardware precautions, requirements, mounting guidelines...
Page 78: Configuration Options
For information on the 802.11a and 802.11b/g radio antenna suite available to the access point, see Antenna Options on page 2-6. For more information on using a Symbol Power Injector to combine Ethernet and power in one cable to an AP-5131 model access point, see...
Page 79: Default Configuration Changes For The Access Point
MIB Browser. The access point download package contains the following 2 MIB files: • Symbol-CC-WS2000-MIB-2.0 (standard Symbol MIB file) • Symbol-AP-5131-MIB (can be used for both an AP-5131 and AP-5181 model access point, an AP-5181 does not have its own MIB) 3.3 Default Configuration Changes for the Access Point...
Page 80: Initially Connecting To The Access Point
AP-51xx Access Point Product Reference Guide 3.4 Initially Connecting to the Access Point NOTE The procedures described below assume this is the first time you are connecting to the either an AP-5131 or AP-5181 model access point. 3.4.1 Connecting to the Access Point using the WAN Port To initially connect to the using the access point’s WAN port:...
Page 81: Basic Device Configuration
Getting Started 5. Enter the default username of “admin” and the default password of “symbol.” As this is the first time you are logging into the access point, you are prompted to enter a new password and set the county code. Refer to...
Page 82 AP-51xx Access Point Product Reference Guide 2. If the default login is successful, the Change Admin Password window displays. Change the password. Enter the current password and a new admin password in fields provided, and click Apply. Once the admin password has been updated, a warning message displays stating the access...
Page 83: Configuring Device Settings
Admin User password WILL NOT get imported. NOTE Though the access point can have its basic settings defined using a number of different screens, Symbol recommends using the access point Quick Setup screen to set the correct country of operation and define its minimum required configuration from one convenient location.
Page 84 AP-51xx Access Point Product Reference Guide The System Name is useful if multiple Symbol devices are being administered. 3. Select the Country for the access point’s country of operation from the drop-down menu The access point prompts the user for the correct country code on the first login. A warning message also displays stating that an incorrect country settings may result in illegal radio operation.
Page 85 DHCP server to a host. Some of these parameters are IP address, network mask, and gateway. NOTE Symbol recommends that the WAN and LAN ports should not both be configured as DHCP clients.
Page 86 DHCP server over the LAN connection. Select the Bootp client option to enable a diskless system to discover its own IP address. NOTE Symbol recommends that the WAN and LAN ports should not both be configured as DHCP clients.
Page 87 3-11 Getting Started c. If using the static or DHCP Server option, enter the network-assigned IP Address of the access point. NOTE DNS names are not supported as a valid IP address for the access point. The user is required to enter a numerical IP address. d.
Page 88: Configuring Wlan Security Settings
Quick Setup screen. Policies can be defined over time and saved to be used as needed as security requirements change. Symbol recommends you familiarize yourself with the security options available on the access point before defining a security policy. Refer to Configuring WLAN Security Settings on page 3-12.
Page 89 Multiple WLANs can share the same security policy, so be careful not to name security policies after specific WLANs or risk defining a WLAN to single policy. Symbol recommends naming the policy after the attributes of the authentication or encryption type selected.
Page 90: Testing Connectivity
(WNMP) ping packets to the associated MU. Use the Echo Test screen to specify a target MU and configure the parameters of the test. The WNMP ping test only works with Symbol MUs. Only use a Symbol MU to test access point connectivity using WNMP.
Page 91: Where To Go From Here
3-15 Getting Started Packet Length Specifies the length of each packet transmitted to the MU during the test. The default length is 100 bytes. 4. Click the Ping button to begin transmitting packets to the specified MU address. Refer to the Number of Responses value to assess the number of responses from the MU versus the number of ping packets transmitted by the access point.
Page 92 3-16 AP-51xx Access Point Product Reference Guide...
Page 93: Chapter 4. System Configuration
WAN port, the default static IP address is 10.1.1.1. The default password is “ .” If connected symbol to the access point using the LAN port, the default setting is DHCP client. The user is required to know the IP address to connect to the access point using a Web browser.
Page 94: Configuring System Settings
AP-51xx Access Point Product Reference Guide System configuration topics include: • Configuring System Settings • Configuring Data Access • Managing Certificate Authority (CA) Certificates • Configuring SNMP Settings • Configuring Network Time Protocol (NTP) • Logging Configuration • Importing/Exporting Configurations •...
Page 95 System Name Specify a device name for the . Symbol recommends access selecting a name serving as a reminder of the user base the point supports (engineering, retail, etc.).
Page 96 CAUTION Restoring the access point’s configuration back to default settings changes the administrative password back to “symbol.” If restoring the configuration back to default settings, be sure you change the...
Page 97 LAN, WAN, SNMP settings and IP address used to launch the browser. If selected, a message displays warning the user all current configuration settings will be lost with the exception of WAN and SNMP settings. Before using this feature, Symbol recommends using the Config Import/Export...
Page 98: Configuring Data Access
(daily) management of the network, and disabling all other interfaces until they are required. The AP-51XX Access screen also has a new facility allowing customers to create a login message with customer generated text. When enabled (using either the access point Web UI or CLI), the login message displays when the user is logging into the access point.
Page 99 System Configuration 2. Use the access point Access field checkboxes to enable/disable the following on the access point’s LAN1, LAN2 or WAN interfaces: Applet HTTP (port 80) Select the LAN1, LAN2 and/or WAN checkboxes to enable access access point to the configuration applet using a Web browser.
Page 100 AP-51xx Access Point Product Reference Guide 3. Refer to the Applet Timeout field to set an HTTPS timeout interval. Disables access to the access point if no data activity is detected HTTP/S Timeout over Applet HTTPS (port 443) after the user defined interval.
Page 101 Radius-enabled device configured with the same shared secret. Apply the qualifications of a well-chosen password to the generation of a shared secret. Generate a random, case-sensitive string using letters, numbers and symbols. The default is symbol. 7. Update the Administrator Access field to change the administrative password used to access the access point configuration settings.
Page 102: Managing Certificate Authority (Ca) Certificates
Access screen to the last saved configuration. 11. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.3 Managing Certificate Authority (CA) Certificates Certificate management includes the following sections: •...
Page 103 4-11 System Configuration private key. The corresponding public key is contained within the certificate and is called a CA certificate. A browser must contain this CA certificate in its Trusted Root Library so that it can trust certificates “signed” by the CA's private key. Depending on the public key infrastructure, the digital certificate includes the owner's public key, the certificate expiration date, the owner's name and other public key owner information.
Page 104 4-12 AP-51xx Access Point Product Reference Guide 2. Copy the content of the CA Certificate message (using a text editor such as notepad) and then click on Paste from Clipboard. The content of the certificate displays in the Import a root CA Certificate field.
Page 105: Creating Self Certificates For Accessing The Vpn
4-13 System Configuration 4.3.2 Creating Self Certificates for Accessing the VPN The access point requires two kinds of certificates for accessing the VPN, CA certificates and self certificates. Self certificates are certificate requests you create, send to a Certificate Authority (CA) to be signed, then import the signed certificate into the management system.
Page 106 4-14 AP-51xx Access Point Product Reference Guide Certificate Request screen displays. 3. Complete the request form with the pertinent information. Only 4 values are required, the others optional: Key ID Enter a logical name for the certificate to help distinguish between certificates.
Page 107 4-15 System Configuration Signature Algorithm Use the drop-down menu to select the signature algorithm used for the certificate. Options include: • MD5-RSA - Message Digest 5 algorithm in combination with RSA encryption. • SHA1-RSA - Secure Hash Algorithm 1 in combination with RSA encryption.
Page 108: Creating A Certificate For Onboard Radius Authentication
4-16 AP-51xx Access Point Product Reference Guide The content of certificate request is copied to the clipboard. Create an email to your CA, paste the content of the request into the body of the message and send it to the CA.
Page 109 4-17 System Configuration 2. Click on the button to create the certificate request. Certificate Request screen displays. 3. Complete the request form with the pertinent information. Key ID (required) Enter a logical name for the certificate to help distinguish between certificates.
Page 110 RSA encryption. Key Length Defines the length of the key. Possible values are 512, 1024, and 2048. Symbol recommends setting this value to 1024 to ensure optimum functionality. 4. Complete as many of the optional values within the Certificate Request screen as possible.
Page 111 4-19 System Configuration 12. Paste the content of certificate in the Saved Request field (within the Submit a Saved Request screen). NOTE An administrator must make sure the Web Server option is available as a selectable option for those without administrative privileges. If you do not have administrative privileges, ensure the Web Server option has been...
Page 112: Configuring Snmp Settings
The remaining portion of the Symbol-AP-5131-MIB contains supplemental information unique to the access point feature set. If using the Symbol-CC-WS2000-MIB-2.0 and/or Symbol-AP-5131-MIB to configure the AP-5131, use the table below to locate the MIB where the feature can be configured.
Page 113 Symbol-CC-WS2000-MIB-2.0 Radio Configuration Symbol-AP-5131-MIB Content Filtering Symbol-CC-WS2000-MIB-2.0 Bandwidth Symbol-AP-5131-MIB Rogue AP Detection Symbol-CC-WS2000-MIB-2.0 Management SNMP Trap Selection Symbol-AP-5131-MIB Firewall Configuration Symbol-CC-WS2000-MIB-2.0 SNMP RF Trap Symbol-AP-5131-MIB LAN to WAN Access Symbol-CC-WS2000-MIB-2.0 Thresholds Config Import/Export Symbol-AP-5131-MIB Advanced LAN Access Symbol-CC-WS2000-MIB-2.0 MU Authentication...
Page 114 4-22 AP-51xx Access Point Product Reference Guide users and configuring the access point. All the fields available within the access point are also configurable within the MIB. The access point SNMP agent functions as a command responder and is a multilingual agent responding to SNMPv1, v2c and v3 managers (command generators).
Page 115 A read-only community string allows a remote device to retrieve information, while a read/ write community string allows a remote device to modify settings. Symbol recommends considering adding a community definition using a site-appropriate name and access level. Set up a read/write definition (at a minimum) to facilitate full access by the access point administrator.
Page 116 4-24 AP-51xx Access Point Product Reference Guide Use the Community field to specify a site-appropriate name for Community the community. The name is required to match the name used within the remote network management software. Use the (Object Identifier) pull-down list to specify a setting of All or a enter a Custom OID.
Page 117 Configuring SNMP Access Control on page 4-26. 5. If configuring SNMP v3 user definitions, set the SNMP v3 engine ID. access point AP-51xx SNMP v3 SNMP v3 Engine ID field lists the unique access point Engine ID SNMP v3 Engine ID for the .
Page 118: Configuring Snmp Access Control
SNMP Access screen to the last saved configuration. 8. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. For additional SNMP configuration information, see: •...
Page 119 4-27 System Configuration 2. Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP access. Access Control List Enter Start IP and End IP addresses (numerical addresses only, no DNS names supported) to specify a range of user that can access access point SNMP interface.
Page 120: Enabling Snmp Traps
4-28 AP-51xx Access Point Product Reference Guide Click to return to the SNMP Access screen. Click Apply within the SNMP Access screen to save any changes made on the SNMP Access Control screen. Cancel Click Cancel to undo any changes made on the SNMP Access Control screen.
Page 121 4-29 System Configuration 2. Configure the SNMP v1/v2c Trap Configuration field (if SNMP v1/v2c Traps are used) to modify the following: Click to create a new SNMP v1/v2c Trap Configuration entry. Delete Delete Click to remove a selected SNMP v1/v2c Trap Configuration entry.
Page 122 4-30 AP-51xx Access Point Product Reference Guide Click to create a new SNMP v1/v2c Trap Configuration entry. SNMP Version Use the SNMP Version drop-down menu to specify v1 or v2. Some SNMP clients support only SNMP v1 traps, while others support SNMP v2 traps and possibly both, verify the correct traps are in use with clients that support them.
Page 123: Configuring Specific Snmp Traps
SNMP Trap Configuration screen to the last saved configuration. 6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.4.3 Configuring Specific SNMP Traps...
Page 124 4-32 AP-51xx Access Point Product Reference Guide 2. Configure the MU Traps field to generate traps for MU associations, MU association denials and MU authentication denials. When a trap is enabled, a trap is sent every 10 seconds until the condition no longer exists.
Page 125 4-33 System Configuration Generates a trap whenever the status changes on the access point. Physical port status The physical port status changes when a link is lost between the change access point and a connected device. DynDNS Update Generates a trap whenever domain name information is updated as a result of the IP address associated with that domain being modified.
Page 126: Configuring Snmp Rf Trap Thresholds
4-34 AP-51xx Access Point Product Reference Guide 8. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.4.4 Configuring SNMP RF Trap Thresholds Use the SNMP RF Trap Threshold screen as a means to track RF activity and the access point’s...
Page 127 Enter the minimum number of packets that must pass through the packets required for a device before an SNMP rate trap is sent. Symbol recommends trap to fire using the default setting of 1000 as a minimum setting for the field.
Page 128: Configuring Network Time Protocol (Ntp)
AP-51xx Access Point Product Reference Guide 6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.5 Configuring Network Time Protocol (NTP) Network Time Protocol (NTP) manages time and/or network clock synchronization in the access point- managed network environment.
Page 129 4-37 System Configuration 2. From within the Current Time field, click the Refresh button to update the time since the screen was displayed by the user. The Current Time field displays the current time based on the access point system clock. If NTP is disabled or if there are no servers available, the system time displays the access point uptime starting at 1970-01-01 00:00:00, with the time and date advancing.
Page 130 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on Date and Time Settings screen to the last saved configuration. 8. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 131: Logging Configuration
4-39 System Configuration 4.6 Logging Configuration The access point provides the capability for periodically logging system events that prove useful in assessing the throughput and performance of the access point or troubleshooting problems on the access point managed Local Area Network (LAN). Use the Logging Configuration screen to set the desired logging level (standard syslog levels) and view or save the current access point system log.
Page 132 4-40 AP-51xx Access Point Product Reference Guide access point View Log Click View to save a log of events retained on the The system displays a prompt requesting the administrator password before saving the log. After the password has been...
Page 133: Importing/Exporting Configurations
Logging Configuration screen to the last saved configuration. 5. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.7 Importing/Exporting Configurations All of the configuration settings for an access point can be obtained from another access point in the form of a text file.
Page 134 4-42 AP-51xx Access Point Product Reference Guide CAUTION Symbol discourages importing a 1.0 baseline configuration file to a 1.1 version access point. Similarly, a 1.1 baseline configuration file should not be imported to a 1.0 version access point. Importing configuration files between different version access point’s results in broken configurations, since new features added to the 1.1 version...
Page 135 4-43 System Configuration Filepath (optional) Defines the optional path name used to import/export the target configuration file. Select the FTP radio button if using an FTP server to import or export the configuration. TFTP Select the TFTP radio button if using an FTP server to import or export the configuration.
Page 136 4-44 AP-51xx Access Point Product Reference Guide CAUTION For HTTP downloads (exports) to be successful, pop-up messages must be disabled. Upload and Apply A Click the Upload and Apply A Configuration File button to Configuration File upload a configuration file to this access point using HTTP.
Page 137 4-45 System Configuration Status After executing an operation (by clicking any of the buttons in the window), check the Status field for a progress indicator and messages about the success or errors in executing the Import/ Export operation. Possible status messages include: ambiguous input before marker: line <number >...
Page 138: Updating Device Firmware
Replacing an AP-4131 with an AP-5131 or AP-5181 on page B-20. 4.8 Updating Device Firmware Symbol periodically releases updated versions of the access point device firmware to the Symbol Web site. If the access point firmware version displayed on the System Settings...
Page 139 For subsequent upgrades, a single download will suffice. Using Auto Update, the access point will automatically update itself twice when upgrading. Upgrading from v1.0 to v1.1/v1.1.1 retains existing settings. Symbol recommends that users export their 1.0 configuration for backup purposes prior to upgrading.
Page 140 DHCP Options checkboxes to enable/disable automatic firmware and/or configuration file updates. DHCP options are used for out-of-the-box rapid deployment for Symbol wireless products. The following are the two options available on the access point: • Enable Automatic Firmware Update • Enable Automatic Configuration Update...
Page 141 4-49 System Configuration These options can be used to update newer firmware and configuration files on the access point. For more information on how to configure a DHCP or BootP Server for the automatic upgrade process, see Usage Scenarios on page B-1.
Page 142 •Username - Specify a username for the FTP server login. • Password - Specify a password for FTP server login. Default is symbol. A blank password is not supported. NOTE Click Apply to save the settings before performing the firmware update.
Page 143: Upgrade/Downgrade Considerations
Firmware Update screen to the last saved configuration. 14. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.8.1 Upgrade/Downgrade Considerations When upgrading or downgrading access point configurations between the 1.0.0.0-xx (or 1.0.1.0-xx) and 1.1.0.0-xx baselines, the following should be taken into consideration as certain functionalities...
Page 144 If discarded, a new certificate request would be required. NOTE For a discussion on the implications of replacing an existing Symbol AP-4131 deployment with an AP-5131 or AP-5181, see Replacing an AP-4131 with an AP-5131 or AP-5181 on page B-20.
Page 145: Chapter 5. Network Management
Network Management Configuring network management includes configuring network aspects in numerous areas. See the following sections for more information on access point network management: • Configuring the LAN Interface • Configuring WAN Settings • Enabling Wireless LANs (WLANs) • Configuring Router Settings 5.1 Configuring the LAN Interface The access point has one physical LAN port supporting two unique LAN interfaces.
Page 146 AP-51xx Access Point Product Reference Guide Use the LAN Configuration screen to enable one (or both) of the access point’s LAN interfaces, assign them names, define which LAN is currently active on the access point Ethernet port and assign a timeout value to disable the LAN connection if no data traffic is detected within a defined interval.
Page 147 802.1x supplicant to authenticate to a server on the network. If using 802.1x authentication, enter the authentication server user name and password. The default password is “symbol.” For information on enabling and configuring authentication schemes on the access point, see Enabling Authentication and Encryption Schemes on page 6-5.
Page 148 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the LAN configuration screen to the last saved configuration. 8. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 149: Configuring Vlan Support
Network Management 5.1.1 Configuring VLAN Support A Virtual Local Area Network (VLAN) is a means to electronically separate data on the same access point from a single broadcast domain into separate broadcast domains. The access point can group devices on one or more WLANs so that they can communicate as if they were attached to the same wire, when in fact they are located on a different LAN segment.
Page 150 AP-51xx Access Point Product Reference Guide 1. Select Network Configuration -> from the access point menu tree. 2. Ensure the Enable 802.1q Trunking button is selected from within the LAN Setting field. Trunk links are required to pass VLAN information between destinations. A trunk port is by default a member of all the VLANs existing on the access point and carry traffic for all those VLANs.
Page 151 5. Define a 32 ASCII character maximum VLAN Name. Enter a unique name that identifies members of the VLAN. Symbol recommends selecting the name carefully, as the VLAN name should signify a group of clients with a common set of requirements independent of their physical location.
Page 152 By default, the access point forwards untagged traffic with the native VLAN configured for the port. The Native VLAN is VLAN 1 by default. Symbol suggests leaving the Native VLAN set to 1 as other layer 2 devices also have their Native VLAN set to 1.
Page 153: Configuring Lan1 And Lan2 Settings
VLAN to map to the WLAN listed on the left-hand side of the screen. Symbol recommends mapping VLANs strategically in order to keep VLANs tied to the discipline they most closely match. For example, If WLAN1 is comprised of MUs supporting the sales area, then WLAN1 should be mapped to sales if a sales VLAN has been already been created.
Page 154 2. Configure the DHCP Configuration field to define the DHCP settings used for the LAN. NOTE Symbol recommends the WAN and LAN ports should not both be configured as DHCP clients. This interface is a Select this button to enable DHCP to set network address DHCP Client information via this LAN1 or LAN2 connection.
Page 155 5-11 Network Management access point Select this button to enable BOOTP to set network This interface is a address information via this LAN1 or LAN2 connection. BOOTP Client access When selected, only BOOTP responses are accepted by the point . If both DHCP and BOOTP services are required, do not select BOOTP Client.
Page 156: Configuring Advanced Dhcp Server Settings
LAN1 or LAN2 screen to the last saved configuration. 5. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 5.1.2.1 Configuring Advanced DHCP Server Settings...
Page 157 5-13 Network Management available IP addresses. This is useful, for example, in education and customer environments where MU users change frequently. Use longer leases if there are fewer users. To generate a list of client MAC address to IP address mappings for the access point: 1.
Page 158: Setting The Type Filter Configuration
5-14 AP-51xx Access Point Product Reference Guide 5. Click the (delete) button to remove a selected table entry. 6. Click to return to the LAN1 or LAN2 page, where the updated settings within the Advanced DHCP Server screen can be saved by clicking the Apply button.
Page 159 5-15 Network Management 2. Use the all ethernet types, except drop-down menu to designate whether the Ethernet Types defined for the LAN are allowed or denied for use by the access point. 3. To add an Ethernet type, click the button.
Page 160: Configuring Wan Settings
Packet types supported for the type filtering function include 16-bit DIX Ethernet types as well as Symbol proprietary types. Select an Ethernet type from the drop down menu, or enter the Ethernet type’s hexadecimal value. Consult with your System Administrator if unsure of the implication of adding or omitting a type from the list for either LAN1 or LAN2.
Page 161 WAN IP Configuration field to enable the WAN interface, and set network address information for the WAN connection. NOTE Symbol recommends that the WAN and LAN ports should not both be configured as DHCP clients. Enable WAN Interface Select the...
Page 162 5-18 AP-51xx Access Point Product Reference Guide access point This interface is a This checkbox enables DHCP for the DHCP Client connection. This is useful, if the larger corporate network or Internet Service Provider (ISP) uses DHCP. DHCP is a protocol that includes mechanisms for IP address allocation and delivery of host-specific configuration parameters from a DHCP server to a host.
Page 163 5-19 Network Management More IP Addresses Click the More IP Addresses button to specify additional static IP access point addresses for the . Additional IP addresses are required when users within the WAN need dedicated IP addresses, or when servers need to be accessed (addressed) by the outside world.
Page 164 5-20 AP-51xx Access Point Product Reference Guide half duplex Select this option to transmit data to and from the access point, but not at the same time. Using a half duplex transmission, the access point can send data over its WAN port then immediately receive data from the same direction in which the data was transmitted.
Page 165: Configuring Network Address Translation (Nat) Settings
WAN screen to the last saved configuration. 7. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 5.2.1 Configuring Network Address Translation (NAT) Settings Network Address Translation (NAT) converts an IP address in one network to a different IP address or set of IP addresses in another network.
Page 166 5-22 AP-51xx Access Point Product Reference Guide requests, and minimizes the number of WAN IP addresses needed when a range of local IP addresses is mapped to each WAN IP address. NAT can be applied in one of two ways: •...
Page 167 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the NAT screen to the last saved configuration. 5. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 168: Configuring Port Forwarding
5-24 AP-51xx Access Point Product Reference Guide 5.2.1.1 Configuring Port Forwarding Use the Port Forwarding screen to configure port forwarding parameters for inbound traffic from the associated WAN IP address. To configure port forwarding for the access point: 1. Select Network Configuration ->...
Page 169: Configuring Dynamic Dns
5-25 Network Management Transport Use the Transport pull-down menu to specify the transport protocol used in this service. The choices are ALL, TCP, UDP, ICMP, AH, ESP, and GRE. Start Port and End Port Enter the port or ports used by the port forwarding service. To specify a single port, enter the port number in the Start Port area.
Page 170 5-26 AP-51xx Access Point Product Reference Guide To configure dynamic DNS for the access point: 1. Select Network Configuration -> -> DynDNS from the access point menu tree. 2. Select the Enable checkbox to allow domain name information to be updated when the IP address associated with that domain changes.
Page 171: Enabling Wireless Lans (Wlans)
5-27 Network Management NOTE DynDNS supports devices directly connected to the Internet. Having VPN enabled, and the DynDNS Server on the other side of the VPN is not supported. 7. Once the DynDNS configuration has been updated, click the Show Update Response button to open a sub-screen displaying the hostname, IP address and any messages received during an update from the DynDNS Server.
Page 172 5-28 AP-51xx Access Point Product Reference Guide If a WLAN is defined, that WLAN displays within the Wireless Configuration screen. When the access point is first booted, WLAN1 exists as a default WLAN available immediately for connection. 2. Refer to the information within the Wireless Configuration screen to view the name, ESSID, access point radio designation, VLAN ID and security policy of existing WLANs.
Page 173: Creating/Editing Individual Wlans
16 WLANs available per access point. 6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 5.3.1 Creating/Editing Individual WLANs If the WLANs displayed within the...
Page 174 5-30 AP-51xx Access Point Product Reference Guide NOTE Before editing the properties of an existing WLAN, ensure it is not being used by an access point radio, or is a WLAN that is needed in its current configuration. Once updated, the previous configuration is not available unless saved.
Page 175 5-31 Network Management 3. Set the parameters in the Configuration field as required for the WLAN. ESSID Enter the Extended Services Set Identification (ESSID) associated with the WLAN. The WLAN name is auto-generated using the ESSID until changed by the user. The maximum number of characters that can be used for the ESSID is 32.
Page 176 5-32 AP-51xx Access Point Product Reference Guide Name Define or revise the name for the WLAN. The name should be logical representation of WLAN coverage area (engineering, marketing etc.). The maximum number of characters that can be used for the name is 31.
Page 177 5-33 Network Management CAUTION A WLAN cannot be enabled for both mesh and hotspot support at the same time. Only one of these two options can be enabled at one time, as the GUI and CLI will prevent both from being enabled. NOTE If 802.11a is selected as the radio used for the WLAN, the WLAN cannot use a Kerberos supported security policy.
Page 178: Configuring Wlan Security Policies
ESSID. If a hacker tries to find an ESSID via an MU, the ESSID does not display since the ESSID is not in the beacon. Symbol recommends keeping the option enabled to reduce the likelihood of hacking into the WLAN.
Page 179 5-35 Network Management security requirements of the WLAN. Once new policies are defined, they are available within the New WLAN Edit WLAN screens and can be mapped to any WLAN. A single security policy can be used by more than one WLAN if its logical to do so. For example, there may be two or more WLANs within close proximity of each other requiring the same data protection scheme.
Page 180: Configuring A Wlan Access Control List (Acl)
WLANs based on MU interoperability requirements. Symbol recommends using the New MU ACL Policy or Edit MU ACL Policy screens strategically to name and configure ACL policies meeting the requirements of the particular WLANs they may map to.
Page 181 5-37 Network Management 2. Click the Create button to configure a new ACL policy, or select a policy and click the Edit button to modify an existing ACL policy. The access point supports a maximum of 16 MU ACL policies.
Page 182 5-38 AP-51xx Access Point Product Reference Guide Either the New MU ACL Policy Edit MU ACL Policy screens display. 3. Assign a name to the new or edited ACL policy that represents an inclusion or exclusion policy specific to a particular type of MU traffic you may want to use with a single or group of WLANs.
Page 183: Setting The Wlan Quality Of Service (Qos) Policy
WLANs based on MU interoperability requirements. Symbol recommends using the New QoS Policy and Edit QoS Policy screens strategically to name and configure QoS policies meeting the requirements of the particular WLANs they may map to. However, be careful not to name policies after specific WLANs, as individual QoS policies can be used by more than one WLAN.
Page 184 5-40 AP-51xx Access Point Product Reference Guide NOTE When the access point is first launched, a single QoS policy (default) is available and mapped to WLAN 1. It is anticipated additional QoS policies will be created as the list of WLANs grows.
Page 185 5-41 Network Management 3. Assign a name to the new or edited QoS policy that makes sense to the access point traffic receiving priority. More than one WLAN can use the same QoS policy. 4. Select the Support Voice prioritization checkbox to allow legacy voice prioritization.
Page 186 11b voice Use this setting for “Voice-Over-IP” traffic over the 802.11b radio. CAUTION Symbol recommends using the drop-down menu to define the intended radio traffic within the WLAN. Once an option is selected, you do not need to adjust the values for the Access Categories. Unless qualified to do so, changing the Access Category default values could negatively impact the performance of the access point.
Page 187 5-43 Network Management Best Effort Best Effort traffic includes traffic from legacy devices or applications lacking QoS capabilities. Best Effort traffic is negatively impacted by data transfers with long delays as well as multimedia traffic. Video Video traffic includes music streaming and application traffic requiring priority over all other types of network traffic.
Page 188 11. Click Logout within the Quality of Service Configuration screen to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. U-APSD (WMM Power Save) Support The access point now supports Unscheduled Automatic Power Save Delivery (U-APSD), often referred to as WMM Power Save.
Page 189: Configuring Wlan Hotspot Support
5-45 Network Management 5.3.1.4 Configuring WLAN Hotspot Support The access point enables hotspot operators to provide user authentication and accounting without a special client application. The access point uses a traditional Internet browser as a secure authentication device. Rather than rely on built-in 802.11security features to control access point association privileges, configure a WLAN with no WEP (an open network).
Page 190 5-46 AP-51xx Access Point Product Reference Guide 3. Refer to the HTTP Redirection field to specify how the Login, Welcome, and Fail pages are maintained for this specific WLAN. The pages can be hosted locally or remotely Use Default Files...
Page 191 5-47 Network Management Use External URL Select the Use External URL checkbox to define a set of external URLs for hotspot users to access the login, welcome and fail pages. To create a redirected page, you need to have a TCP termination locally.
Page 192 5-48 AP-51xx Access Point Product Reference Guide the hotspot again to access to the hotspot supported WLAN. The default timeout interval is 15 minutes. NOTE The Enable Hotspot User Timeout option is only available if using the access point’s internal Radius Server for user authentication.
Page 193 5-49 Network Management 8. Refer to the Radius Configuration field to define a primary and secondary Radius server port and shared secret password. Select mode Use the Select mode drop-down menu to define whether an Internal or External server is to be used for the primary server. Pri Server IP Define the IP address of the primary Radius server.
Page 194 5-50 AP-51xx Access Point Product Reference Guide When a client requests a URL from a Web server, the login handler returns an HTTP redirection status code (for example, 301 Moved Permanently), which indicates to the browser it should look for the page at another URL.
Page 195: Setting The Wlan's Radio Configuration
5-51 Network Management 5.3.2 Setting the WLAN’s Radio Configuration Each access point WLAN can have a separate 802.11a or 802.11b/g radio configured and mapped to that WLAN. The first step is to enable the radio. One of two possible radio configuration pages are available on the access point depending on which model SKU is purchased.
Page 196 5-52 AP-51xx Access Point Product Reference Guide 2. Enable the radio(s) using the Enable checkbox(es). Refer to RF Band of Operation parameter to ensure you are enabling the correct 802.11a or 802.11b/g radio. After the settings are applied within this Radio Configuration screen, the...
Page 197 WLAN (ESS) the client bridge uses to establish a wireless link. The default setting, is (WLAN1). Symbol recommends creating (and naming) a WLAN specifically for mesh networking support to differentiate the Mesh supported WLAN from non-Mesh supported WLANs.
Page 198 5-54 AP-51xx Access Point Product Reference Guide within the BBs Connected field. If this is an existing radio within a mesh network, these values update in real-time. 6. Click the Advanced button to define a prioritized list of access points to define Mesh Connection links.
Page 199: Configuring The 802.11A Or 802.11B/G Radio
Radio Configuration screen to the last saved configuration. 10. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. Once the target radio has been enabled from the...
Page 200 5-56 AP-51xx Access Point Product Reference Guide 2. Configure the Properties field to assign a name and placement designation for the radio. Placement Placement Use the drop-down menu to specify whether the radio is located outdoors or indoors. Default placement depends on...
Page 201 5-57 Network Management Radio Type Radio Type parameter simply displays the radio type as 802.11a or 802.11b/g. This field is read only and always displays access point the radio type selected from the menu tree under the Radio Configuration item. ERP Protection Extended Rate PHY (ERP) allows 802.11g MUs to interoperate with 802.11b only MUs.
Page 202 802.11b/g radio configuration screen. Clicking Cancel reverts the Set Rates screen to the last saved configuration. Symbol recommends using the default rates unless qualified to understand the performance risks of changing them. The appearance of the Set Rates screen varies depending on the 802.11a or 802.11b/g used,...
Page 203 BSSIDs. If a system has an abundance of broadcast traffic and it needs to be delivered quickly, Symbol recommends decreasing the DTIM interval for that specific BSSID. However, decreasing the DTIM interval decreases the battery life on power save stations.
Page 204 802.11b/g radio, not the QoS policies configured for the WLAN (as created or edited from the Quality of Service Configuration screen). Symbol recommends only advanced users manually set these values. If the type of data-traffic is known, use the drop-down menu to select a 11g-wifi, 11b-wifi, 11g-default,...
Page 205 5-61 Network Management 6. Select the Advanced Settings tab to strategically map BSSIDs to WLANs in order to define them as primary WLANs.
Page 206 5-62 AP-51xx Access Point Product Reference Guide Defining Primary WLANs allows an administrator to dedicate BSSIDs (4 BSSIDs are available for mapping) to WLANs. From that initial BSSID assignment, Primary WLANs can be defined from within the WLANs assigned to BSSID groups 1 through 4. Each BSSID beacons only on the primary WLAN.
Page 207: Configuring Bandwidth Management Settings
Undo Changes reverts the settings to the last saved configuration. 10. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 5.3.3 Configuring Bandwidth Management Settings The access point can be configured to grant individual WLAN’s network bandwidth priority levels.
Page 208 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Bandwidth Management screen to the last saved configuration. 6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 209: Configuring Router Settings
5-65 Network Management NOTE Though the Rogue AP and Firewall features appear after the Bandwidth Management features within the access point menu tree, they are described in Chapter 6, Configuring Access Point Security on page 6-1, as both items are data protection functions. More specifically, see, Configuring Firewall Settings on page 6-27 Configuring Rogue AP Detection on page...
Page 210: Setting The Rip Configuration
Apply button to save the changes. 7. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 5.4.1 Setting the RIP Configuration To set the RIP configuration:...
Page 211 5-67 Network Management 1. From within the RIP Configuration field, select the RIP Type from the drop-down menu. The following options are available: No RIP No RIP option prevents the access point’s router from exchanging routing information with other routers. Routing information may not be appropriate to share, for example, if the access point manages a private LAN.
Page 212 5-68 AP-51xx Access Point Product Reference Guide 3. If RIP v2 or RIP v2 (v1 compat) is the selected RIP type, the RIP v2 Authentication field becomes active. Select the type of authentication to use from the Authentication Type drop-down menu. Available options include: None This option disables the RIP authentication.
Page 213 5-69 Network Management 5. If the MD5 authentication method is selected, fill in the Key #1 field (Key #2 is optional). Enter any numeric value between 0 and 256 into the MD5 ID area. Enter a string consisting of up to 16 alphanumeric characters in the MD5 Auth Key area.
Page 214 5-70 AP-51xx Access Point Product Reference Guide...
Page 215: Chapter 6. Configuring Access Point Security
Configuring Access Point Security Security measures for the access point and its WLANs are critical. Use the available access point security options to protect the access point LAN from wireless vulnerabilities, and safeguard the transmission of RF packets between the access point and its associated MUs. WLAN security can be configured on an ESS by ESS basis on the access point.
Page 216: Configuring Security Options
AP-51xx Access Point Product Reference Guide NOTE Security for the access point can be configured in various locations throughout the access point menu structure. This chapter outlines the security options available to the access point, and the menu locations and steps required to configure specific security measures.
Page 217: Setting Passwords
NOTE DNS names are not supported as a valid IP address for the access point. The user is required to enter a numerical IP address. 4. Log in using the “admin” as the default Username and “symbol” as the default Password.
Page 218: Resetting The Access Point Password
6.2.1 Resetting the Access Point Password The access point Command Line Interface (CLI) enables users who forget their password to reset it to the factory default (symbol). From there, a new password can be defined. To reset the password back to its default setting: 1.
Page 219: Enabling Authentication And Encryption Schemes
When the access point re-boots again, the password will return to its default value of “symbol.” You can now access the access point. 6.3 Enabling Authentication and Encryption Schemes To complement the built-in firewall filters on the WAN side of the access point, the WLAN side of the access point supports authentication and encryption schemes.
Page 220 AP-51xx Access Point Product Reference Guide secret-key information. The access point provides two schemes for authenticating users: 802.1x EAP and Kerberos. Encryption applies a specific algorithm to alter its appearance and prevent unauthorized reading. Decryption applies the algorithm in reverse to restore the data to its original form. Sender and receiver must employ the same encryption/decryption method to interoperate.
Page 221 Remember, multiple WLANs can share the same security policy, so be careful not to name security policies after specific WLANs or risk defining a WLAN to single policy. Symbol recommends naming the policy after the attributes of the authentication or encryption type selected (for example, WPA2 Allow TKIP).
Page 222: Configuring Kerberos Authentication
AP-51xx Access Point Product Reference Guide WPA/WPA2 TKIP Select the WPA/WPA2 TKIP button to display the WPA/TKIP Settings field within the New Security Policy screen. For specific information on configuring WPA/WPA2 TKIP, see Configuring WPA/WPA2 Using TKIP on page 6-21.
Page 223 Configuring Access Point Security Once a client and server use Kerberos to prove their identity, they can encrypt all communications to assure privacy and data integrity. Kerberos can only be used on the access point with Symbol 802.11b clients. CAUTION Kerberos makes no provisions for host security. Kerberos assumes that it is running on a trusted host with an untrusted network.
Page 224 Realm Name Specify a realm name that is case-sensitive, for example, SYMBOL.COM. The realm name is the name domain/realm name of the KDC Server. A realm name functions similarly to a DNS domain name. In theory, the realm name is arbitrary. However, in practice a Kerberos realm is named by uppercasing the DNS domain name that is associated with hosts in the realm.
Page 225: Configuring 802.1X Eap Authentication
6-11 Configuring Access Point Security Backup KDC Optionally, specify a numerical (non-DNS) IP address and port for a backup KDC. Backup KDCs are referred to as slave servers. The slave server periodically synchronizes its database with the primary (or master) KDC. Remote KDC Optionally, specify a numerical (non-DNS) IP address and port for a remote KDC.
Page 226 6-12 AP-51xx Access Point Product Reference Guide 3. Select the 802.1x EAP radio button. 802.1x EAP Settings field displays within the New Security Policy screen. 4. Ensure the Name of the security policy entered suits the intended configuration or function of the policy.
Page 227 6-13 Configuring Access Point Security Radius Server If using an External Radius Server, specify the numerical (non-DNS) Address IP address of a primary Remote Dial-In User Service (Radius) server. Optionally, specify the IP address of a secondary server. The secondary server acts as a failover server if the primary server cannot be contacted.
Page 228 6-14 AP-51xx Access Point Product Reference Guide 7. Select the Accounting tab as required to define a timeout period and retry interval Syslog for MUs interoperating with the access point and EAP authentication server. The items within this tab could be enabled or disabled depending on whether Internal or External has been selected from the Radius Server drop-down menu.
Page 229 6-15 Configuring Access Point Security Max. Retries (1-99) Define the maximum number of MU retries to reauthenticate after retries failing to complete the EAP process. Failure to reauthenticate in the specified number of retries results in a terminated connection. The default is 2 retries.
Page 230: Configuring Wep Encryption
6-16 AP-51xx Access Point Product Reference Guide 11. Click the Cancel button to undo any changes made within the 802.1x EAP Settings field and return to the WLAN screen. This reverts all settings for the 802.1x EAP Settings field to the last saved configuration.
Page 231 The pass key can be any alphanumeric string. The other proprietary routers and Symbol MUs use the algorithm to convert an ASCII string to the same hexadecimal number. MUs without Symbol adapters need to use WEP keys manually...
Page 232: Configuring Keyguard Encryption
6.7 Configuring KeyGuard Encryption KeyGuard is a proprietary encryption method developed by Symbol Technologies. KeyGuard is Symbol's enhancement to WEP encryption, and was developed before the finalization of WPA-TKIP. This encryption implementation is based on the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11i.
Page 233 6-19 Configuring Access Point Security 1. Select Network Configuration -> Wireless -> Security from the access point menu tree. If security policies supporting KeyGuard exist, they appear within the Security Configuration screen. These existing policies can be used as is, or their properties edited by clicking the Edit button.
Page 234 The pass key can be any alphanumeric string. The other proprietary routers, and Symbol MUs use the algorithm to convert an ASCII string to the same hexadecimal number. MUs without Symbol adapters need to use WEP keys manually configured as hexadecimal numbers.
Page 235: Configuring Wpa/Wpa2 Using Tkip
6-21 Configuring Access Point Security 6.8 Configuring WPA/WPA2 Using TKIP Wi-Fi Protected Access (WPA) is a robust encryption scheme specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11i. WPA provides more sophisticated data encryption than WEP. WPA is designed for corporate networks and small-business environments where more wireless traffic allows quicker discovery of encryption keys by an unauthorized person.
Page 236 6-22 AP-51xx Access Point Product Reference Guide 5. Configure the Key Rotation Settings area as needed to broadcast encryption key changes to MUs and define the broadcast interval. Broadcast Key Select the Broadcast Key Rotation checkbox to enable or disable Rotation broadcast key rotation.
Page 237 6-23 Configuring Access Point Security 6. Configure the Key Settings area as needed to set an ASCII Passphrase and key values. ASCII Passphrase To use an ASCII passphrase (and not a hexadecimal value), select the checkbox and enter an alphanumeric string of 8 to 63 characters.
Page 238: Configuring Wpa2-Ccmp (802.11I)
6-24 AP-51xx Access Point Product Reference Guide NOTE PMK key caching is enabled internally by default for WPA2-TKIP when 802.1x EAP authentication is enabled. 9. Click the Apply button to save any changes made within this New Security Policy screen.
Page 239 6-25 Configuring Access Point Security 5. Configure the Key Rotation Settings field as required to set Broadcast Key Rotation and the update interval. Broadcast Key Select the Broadcast Key Rotation checkbox to enable or disable Rotation broadcast key rotation. When enabled, the key indices used for encrypting/decrypting broadcast traffic will be alternatively rotated on every interval specified in the Broadcast Key Rotation Interval.
Page 240 WPA-TKIP and WPA2-TKIP but do not support WPA2-CCMP. Symbol recommends enabling this feature if WPA-TKIP or WPA2-TKIP supported MUs operate within a WLAN populated by WPA2-CCMP enabled clients. 8. Configure the Fast Roaming (802.1x only)
Page 241: Configuring Firewall Settings
6-27 Configuring Access Point Security NOTE PMK key caching is enabled internally by default when 802.1x EAP authentication is enabled. 9. Click the Apply button to save any changes made within this New Security Policy screen. 10. Click the Cancel button to undo any changes made within the WPA2/CCMP Settings field and return to the WLAN...
Page 242 6-28 AP-51xx Access Point Product Reference Guide 2. Refer to the Global Firewall Disable field to enable or disable the access point firewall. Disable Firewall Select the Disable Firewall checkbox to disable all firewall access point functions on the . This includes firewall filters, NAT, access VP, content filtering, and subnet access.
Page 243 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Firewall screen to the last saved configuration. 7. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 244: Configuring Lan To Wan Access
6-30 AP-51xx Access Point Product Reference Guide 6.10.1 Configuring LAN to WAN Access The access point LAN can be configured to communicate with the WAN side of the access point. Use Subnet Access screen to control access from the LAN1 (or LAN2) interfaces to the WAN interface.
Page 245 6-31 Configuring Access Point Security 3. Configure the Rules field as required to allow or deny access to selected (enabled) protocols. Allow or Deny all Use the drop-down menu to select either Allow Deny. protocols, except selected setting applies to all protocols except those with enabled checkboxes and any traffic that is added to the table.
Page 246 6-32 AP-51xx Access Point Product Reference Guide access point Pre configured Rules The following protocols are preconfigured with the To enable a protocol, check the box next to the protocol name. • HTTP - Hypertext Transfer Protocol is the protocol for transferring files on the Web.
Page 247: Available Protocols
Subnet Access screen to the last saved configuration. 6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.10.1.1 Available Protocols Protocols that are not pre-configured can be specified using the drop down list within the Transport column within the Subnet Access and Advanced Subnet Access screens.
Page 248: Configuring Advanced Subnet Access
6-34 AP-51xx Access Point Product Reference Guide between two end points. ESP can also be used in tunnel mode, providing security like that of a Virtual Private Network (VPN). • GRE - General Routing Encapsulation supports VPNs across the Internet. GRE is a mechanism for encapsulating network layer protocols over any other network layer protocol.
Page 249 6-35 Configuring Access Point Security 2. Configure the Settings field as needed to override the settings in the Subnet Access screen and import firewall rules into the Advanced Subnet Access screen. Override Subnet Select this checkbox to enable advanced subnet access rules and Access settings disable existing subnet access rules, port forwarding, and 1 to many mappings from the system.
Page 250: Configuring Vpn Tunnels
Advanced Subnet Access screen to the last saved configuration. 6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.11 Configuring VPN Tunnels The access point allows up to 25 VPN tunnels to either a VPN endpoint or to another access point.
Page 251 6-37 Configuring Access Point Security Use the screen to add and remove VPN tunnels. To configure an existing VPN tunnel, select it from the list in the VPN Tunnels field. The selected tunnel’s configuration displays in a VPN Tunnel Config field.
Page 252 6-38 AP-51xx Access Point Product Reference Guide Tunnel Name Tunnel Name column lists the name of each VPN tunnel on access point Remote Subnet Remote Subnet column lists the remote subnet for each tunnel. The remote subnet is the subnet the remote network uses for connection.
Page 253 6-39 Configuring Access Point Security Subnet name Use the drop-down menu to specify the LAN1 or LAN2 connection used for routing VPN traffic. Remember, only one LAN connection can be active on the access point Ethernet port at a time. The LAN connection specified from the LAN screen to receive priority for Ethernet port connectivity may be the better subnet to select for VPN traffic.
Page 254: Configuring Manual Key Settings
6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.11.1 Configuring Manual Key Settings A transform set is a combination of security protocols and algorithms applied to IPSec protected traffic.
Page 255 6-41 Configuring Access Point Security 3. Configure the Manual Key Settings screen to modify the following: NOTE When entering Inbound or Outbound encryption or authentication keys, an error message could display stating the keys provided are “weak”. Some WEP attack tools invoke a dictionary to hack WEP keys based on commonly used words.
Page 256 6-42 AP-51xx Access Point Product Reference Guide AH Authentication AH provides data authentication and anti-replay services for the VPN tunnel. Select the required authentication method from the drop-down menu: • None - Disables AH authentication. The rest of the fields are not active.
Page 257 6-43 Configuring Access Point Security ESP Encryption Select the encryption and authentication algorithms for the VPN Algorithm tunnel using the drop-down menu. • DES - Uses the DES encryption algorithm requiring 64-bit (16-character hexadecimal) keys. • 3DES - Uses the 3DES encryption algorithm requiring 192-bit (48-character hexadecimal) keys.
Page 258: Configuring Auto Key Settings
6-44 AP-51xx Access Point Product Reference Guide Inbound SPI (Hex) Define an up to six-character (maximum) hexadecimal value to identify the inbound security association created by the encryption algorithm. The value must match the corresponding outbound SPI value configured on the remote security gateway.
Page 259 6-45 Configuring Access Point Security 3. Configure the Auto Key Settings screen to modify the following: Use Perfect Forward Forward secrecy is a key-establishment protocol guaranteeing the Secrecy discovery of a session key or long-term private key does not compromise the keys of other sessions. Select to enable Perfect Forward Secrecy.
Page 260: Configuring Ike Key Settings
6-46 AP-51xx Access Point Product Reference Guide ESP Type ESP provides packet encryption, optional data authentication and anti-replay services for the VPN tunnel. Use the drop-down menu to select the ESP type. • None - Disables ESP. The rest of the fields are not active.
Page 261 6-47 Configuring Access Point Security authentication for communication between two or more parties. In essence, IKE manages IPSec keys automatically for the parties. To configure IKE key settings for the access point: 1. Select Network Configuration -> -> from the access point menu tree. 2.
Page 262 • FQDN - Select FQDN if the remote ID type is a fully qualified domain name (such as sj.symbol.com). The setting for this field does not have to be fully qualified, however it must match the setting for the Certificate Authority.
Page 263 6-49 Configuring Access Point Security IKE Authentication Select the appropriate IKE authentication mode: Mode • Pre-Shared Key (PSK) - Specify an authenticating algorithm and passcode used during authentication. • RSA Certificates - Select this option to use RSA certificates for authentication purposes. See the CA Certificates and Self certificates screens to create and import certificates into the system.
Page 264: Viewing Vpn Status
6-50 AP-51xx Access Point Product Reference Guide Diffie Hellman Group Select a Diffie-Hellman Group to use. The Diffie-Hellman key agreement protocol allows two users to exchange a secret key over an insecure medium without any prior secrets. Two algorithms exist, 768-bit and 1024-bit. Select one of the following options: •...
Page 265 6-51 Configuring Access Point Security 2. Reference the Security Associations field to view the following: Tunnel Name Tunnel Name column lists the names of all the tunnels access point configured on the . For information on configuring a tunnel, see Configuring VPN Tunnels on page 6-36.
Page 266: Configuring Content Filtering Settings
5. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.12 Configuring Content Filtering Settings Content filtering allows system administrators to block specific commands and URL extensions from going out through the access point WAN port.
Page 267 6-53 Configuring Access Point Security To configure content filtering for the access point: 1. Select Network Configuration -> -> Content Filtering from the access point menu tree. 2. Configure the HTTP field to configure block Web proxies and URL extensions. Block Outbound HTTP HyperText Transport Protocol (HTTP) is the protocol used to transfer information to and from Web sites.
Page 268 6-54 AP-51xx Access Point Product Reference Guide Block Outbound URL Enter a URL extension or file name per line in the format of Extensions filename.ext. An asterisk (*) can be used as a wildcard in place of the filename to block all files with a specific extension.
Page 269: Configuring Rogue Ap Detection
It is possible that not all of the devices identified by the access point are operating legitimately within the access point’s radio coverage area. A rogue AP is a device located nearby an authorized Symbol access point but recognized as having properties rendering its operation illegal and threatening to the access point and the LAN.
Page 270 6-56 AP-51xx Access Point Product Reference Guide The rogue detection interval is used in conjunction with Symbol MUs that identify themselves as rogue detection capable to the access point. The detection interval defines how often the access point requests these MUs to scan for a rogue AP. A shorter interval can effect the performance of the MU, but it will also decrease the time it takes for the access point to scan for a rogue AP.
Page 271 “detector radio.” 3. Use the field to restrict Symbol AP’s from Rogue AP detection and create a Allowed AP List list of device MAC addresses and ESSID’s approved for interoperability with the access point.
Page 272: Moving Rogue Aps To The Allowed Ap List
Rogue AP Detection screen to the last saved configuration. 6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.13.1 Moving Rogue APs to the Allowed AP List...
Page 273 6-59 Configuring Access Point Security The Active APs screen displays with detected rogue devices displayed within the Rogue table. 2. Enter a value (in minutes) in the Allowed APs field to indicate the number of Age Out Time elapsed minutes before an AP will be removed from the approved list and reevaluated. A zero (0) for this value (default value) indicates an AP can remain on the approved AP list permanently.
Page 274: Displaying Rogue Ap Details
7. To remove the Rogue AP entries displayed within the e Rogue APs field, click the Clear Rogue AP List button. Symbol only recommends clearing the list of Rogue APs when the devices displaying within the list do not represent a threat to the access point managed network. 8. Click Apply to save any changes to the Active APs screen.
Page 275 BSSID/MAC Displays the MAC address of the rogue AP. This information could be useful if the MAC address is determined to be a Symbol MAC address and the device is interpreted as non-hostile and the device should be defined as an allowed AP.
Page 276: Using Mus To Detect Rogue Devices
6-62 AP-51xx Access Point Product Reference Guide Detection Method Displays the RF Scan by RF On-Channel Detection Scan by Detector Radio method selected from the Rogue AP screen to detect rogue devices. For information on detection methods, see Configuring Rogue AP Detection on page 6-55.
Page 277 6-63 Configuring Access Point Security 2. Highlight an MU from within the Rogue AP enabled MUs field and click the scan button. The target MU begins scanning for rogue devices using the detection parameters defined within the Rogue AP Detection screen. To modify the detection parameters, see Configuring Rogue AP Detection on page 6-55.
Page 278: Configuring User Authentication
6-64 AP-51xx Access Point Product Reference Guide 6. Click Logout to return to the Rogue AP Detection screen. 6.14 Configuring User Authentication The access point can work with external Radius and LDAP Servers (AAA Servers) to provide user database information and user authentication.
Page 279 6-65 Configuring Access Point Security Local An internal user database serves as the data source. Use the User Database screen to enter the user data. For more information, see Managing the Local User Database on page 6-71. LDAP If LDAP is selected, the switch will use the data in an LDAP server. Configure the LDAP server settings on the LDAP screen under RADIUS Server on the menu tree.
Page 280 6-66 AP-51xx Access Point Product Reference Guide Default Specify a PEAP and/or TTLS Authentication Type for EAP to use Authentication from the drop-down menu to the right of each checkbox item. Type PEAP options include: • GTC - EAP Generic Token Card (GTC) is a challenge handshake authentication protocol using a hardware token card to provide the response string.
Page 281: Configuring Ldap Authentication
Radius Server screen to the last saved configuration. 7. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.14.2 Configuring LDAP Authentication...
Page 282 NOTE The LDAP screen displays with unfamiliar alphanumeric characters (if new to LDAP configuration). Symbol recommends only qualified administrators change the default values displayed within the LDAP screen. 2. Enter the appropriate information within the LDAP Configuration field to allow the access point to interoperate with the LDAP server.
Page 283: Configuring A Proxy Radius Server
LDAP screen to the last saved configuration. 5. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.14.3 Configuring a Proxy Radius Server The access point has the capability to proxy authentication requests to a remote Radius server based on the suffix of the user ID (such as myisp.com or company.com).
Page 284 6-70 AP-51xx Access Point Product Reference Guide CAUTION If using a proxy server for Radius authentication, the field Data Source within the Radius server screen must be set to . If set to LDAP, Local the proxy server will not be successful when performing the authentication.
Page 285: Managing The Local User Database
Proxy screen to the last saved configuration. 7. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.14.4 Managing the Local User Database...
Page 286 6-72 AP-51xx Access Point Product Reference Guide Refer to the Groups field for a list of all groups in the local Radius database. The groups are listed in the order added. Although groups can be added and deleted, there is no capability to edit a group name.
Page 287: Mapping Users To Groups
Users screen to the last saved configuration. 10. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.14.4.1 Mapping Users to Groups...
Page 288: Defining The User Access Policy
6-74 AP-51xx Access Point Product Reference Guide 3. To add the user to a group, select the group in the Available list (on the right) and click the <-Add button. Assigned users will display within the Assigned table. Map one or more groups as needed for group authentication access for this particular user.
Page 289 6-75 Configuring Access Point Security and users, see Managing the Local User Database on page 6-71. For information on creating a new WLAN or editing the properties of an existing WLAN, see Creating/Editing Individual WLANs on page 5-29 1. Select User Authentication ->...
Page 290 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Access Policy screen to the last saved configuration. 7. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 291: Chapter 7. Monitoring Statistics
Monitoring Statistics The access point has functionality to display robust transmit and receive statistics for its WAN and LAN port. Wireless Local Area Network (WLAN) stats can also be displayed collectively for each enabled WLAN as well as individually for up to 16 specific WLANs. Transmit and receive statistics can also be displayed for the access point’s 802.11a and 802.11b/g radios.
Page 292: Viewing Wan Statistics
AP-51xx Access Point Product Reference Guide See the following sections for more details on viewing statistics for the access point: • Viewing WAN Statistics • Viewing LAN Statistics • Viewing Wireless Statistics • Viewing Radio Statistics Summary • Viewing MU Statistics Summary •...
Page 293 The Media Access Control (MAC) address of the WAN port. The WAN port MAC address is hard coded at the factory and cannot be changed. For more information on how access point MAC addresses are assigned, see AP-51xx MAC Address Assignment on page 1-24. access point...
Page 294 AP-51xx Access Point Product Reference Guide access Mask Mask field displays the subnet mask number for the point ’s WAN connection. This value is set on the screen. Refer to Configuring WAN Settings on page 5-16 to change the subnet mask.
Page 295 Do not clear the WAN stats if currently in an important data gathering activity or risk losing all data calculations to that point. 6. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 296: Viewing Lan Statistics
AP-51xx Access Point Product Reference Guide 7.2 Viewing LAN Statistics Use the LAN Stats screen to monitor the activity of the access point LAN1 or LAN2 connection. The Information field of the LAN Stats screen displays network traffic information as monitored over the access point LAN1 or LAN2 port.
Page 297 . The MAC address is hard coded at the factory and cannot be changed. For more information on how access point MAC addresses are assigned, see AP-51xx MAC Address Assignment on page 1-24. WLANs Connected WLANs Connected table lists the WLANs using this LAN (Either LAN1 or LAN2) as their LAN interface.
Page 298 AP-51xx Access Point Product Reference Guide access point RX Overruns RX overruns are buffer overruns on the LAN port. RX overruns occur when packets are received faster than the LAN connection can handle them. If RX overruns are excessive, consider...
Page 299 Monitoring Statistics 6. Click the Logout button to securely exit the access point Symbol Access Point applet. There will be a prompt confirming logout before the applet is closed.
Page 300: Viewing A Lan's Stp Statistics
7-10 AP-51xx Access Point Product Reference Guide 7.2.1 Viewing a LAN’s STP Statistics Each access point LAN has the ability to track its own unique STP statistics. Refer to the LAN STP Stats page when assessing mesh networking functionality for each of the two access point LANs.
Page 301 7-11 Monitoring Statistics Spanning Tree State Displays whether the spanning tree state is currently enabled or disabled. The spanning tree state must be enabled for a unique spanning-tree calculation to occur when the bridge is powered up or when a topology change is detected. Designated Root Displays the access point MAC address of the bridge defined as the root bridge in the Bridge STP Configuration screen.
Page 302: Viewing Wireless Statistics
MAC address listed in the Designated Root column. 4. Click the Logout button to securely exit the access point Symbol Access Point applet. There will be a prompt confirming logout before the applet is closed. 7.3 Viewing Wireless Statistics...
Page 303 7-13 Monitoring Statistics To view access point WLAN Statistics: 1. Select Status and Statistics -> Wireless Stats from the access point menu tree. 2. Refer to the WLAN Summary field to reference high-level data for each enabled WLAN. access point Name Displays the names of all the enabled WLANs on the For information on enabling a WLAN, see...
Page 304 5. Click the Logout button to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 305: Viewing Wlan Statistics
7-15 Monitoring Statistics 7.3.1 Viewing WLAN Statistics Use the WLAN Stats screen to view detailed statistics for individual WLANs.The WLAN Stats screen is separated into four fields; Information, Traffic, RF Status, and Errors. The Information field displays basic information such as number of associated Mobile Units, ESSID and security information.
Page 306 7-16 AP-51xx Access Point Product Reference Guide ESSID Displays the Extended Service Set ID (ESSID) for the target WLAN. Radio/s Displays the name of the 802.11a or 802.11b/g radio the target access point WLAN is using for transmissions. Authentication Type Displays the authentication type (802.1x EAP or Kerberos) defined...
Page 307 7-17 Monitoring Statistics Avg. Bit Speed Total column displays the average bit speed in Mbps for a given time period on the selected WLAN.This includes all packets that are sent and received. The number in black represents statistics for the last 30 seconds and the number in blue represents statistics for the last hour.
Page 308: Viewing Radio Statistics Summary
Do not clear the WLAN stats if currently in an important data gathering activity or risk losing all data calculations to that point. 7. Click the Logout button to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 7.4 Viewing Radio Statistics Summary Select the...
Page 309 7-19 Monitoring Statistics 2. Refer to the Radio Summary field to reference access point radio information. Type Displays the type of radio (either 802.11a or 802.11b/g) currently access point deployed by the . To configure the radio type, see Setting the WLAN’s Radio Configuration on page 5-51.
Page 310: Viewing Radio Statistics
Viewing Radio Statistics on page 7-20. 4. Click the Logout button to securely exit the access point Symbol Access Point applet. 7.4.1 Viewing Radio Statistics Refer to the Radio Stats screen to view detailed information for the access point radio (either 802.11a or 802.11b/g) displayed within the Radio Summary screen.
Page 311 802.11a radio. The MAC address is set at the factory and can be found on the bottom of the access point. For more information on how access point MAC addresses are assigned, see AP-51xx MAC Address Assignment on page 1-24. Radio Type Displays the radio type (either 802.11a or 802.11b/g).
Page 312 7-22 AP-51xx Access Point Product Reference Guide access point Placement Lists whether the radio is indoors or outdoors. To change the placement setting, see Configuring the 802.11a or 802.11b/g Radio on page 5-55. access Current Channel Indicates the channel for communications between the point radio and its associated MUs.
Page 313 7-23 Monitoring Statistics 4. Refer to the RF Status field to view the following MU signal, noise and performance information for the target access point 802.11a or 802.11b/g radio. Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the radio.
Page 314: Retry Histogram
7-24 AP-51xx Access Point Product Reference Guide 7. Click the Logout button to securely exit the access point Symbol Access Point applet. 7.4.1.1 Retry Histogram Refer to the Retry Histrogram screen for an overview of the retries transmitted by an access point radio and whether those retries contained any data packets.
Page 315: Viewing Mu Statistics Summary
(if necessary) to undo any changes made to the screen. Undo Changes reverts the settings to the last saved configuration. 4. Click Logout to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 7.5 Viewing MU Statistics Summary Use the...
Page 316 7-26 AP-51xx Access Point Product Reference Guide 2. Refer to the MU List field to reference associated MU address, throughput and retry information. IP Address Displays the IP address of each of the associated MU. MAC Address Displays the MAC address of each of the associated MU.
Page 317: Viewing Mu Details
7-30 NOTE An echo test initiated from the access point MU Stats Summary screen uses WNMP pings. Therefore, target clients that are not Symbol MUs are unable to respond to the echo test. 5. Click the MU Authentication Statistics button to display a screen with detailed authentication statistics for the an MU.
Page 318 Save Protocol mode. In PSP, the MU runs enough power to check for beacons and is otherwise inactive. CAM indicates the MU is continuously aware of all radio traffic. Symbol recommends CAM for those MUs transmitting with the AP frequently and for periods of time of two hours.
Page 319 7-29 Monitoring Statistics Throughput Total column displays the average total packets per second crossing the selected MU. The column displays the average total packets per second received on the MU. The column displays the average total packets per second sent on the MU. The number in black represents throughput for the last 30 seconds, the number in blue represents throughput for the last hour.
Page 320: Pinging Individual Mus
NOTE An echo test initiated from the access point MU Stats Summary screen uses WNMP pings. Therefore, target clients that are not Symbol MUs are unable to respond to the echo test. To ping a specific MU to assess its connection with an access point: 1.
Page 321: Mu Authentication Statistics
7-31 Monitoring Statistics 4. Click the Ping button to begin transmitting ping packets to the station address specified. Refer to the Number of Responses parameter to assess the number of responses from the target MU versus the number of pings transmitted by the access point. Use the ratio of packets sent versus packets received to assess the link quality between MU and the access point Click the...
Page 322: Viewing The Mesh Statistics Summary
7-32 AP-51xx Access Point Product Reference Guide 7.6 Viewing the Mesh Statistics Summary The access point has the capability of detecting and displaying the properties of other access points in mesh network (either base bridges or client bridges) mode. This information is used to create a list of known wireless bridges.
Page 323: Viewing Known Access Point Statistics
7.7 Viewing Known Access Point Statistics The access point has the capability of detecting and displaying the properties of other Symbol access points located within its coverage area. Detected access point’s transmit a WNMP message indicating their channel, IP address, firmware version, etc.
Page 324 7-34 AP-51xx Access Point Product Reference Guide Known AP Statistics screen displays the following information: IP Address The network-assigned Internet Protocol address of the located AP. MAC Address The unique 48-bit, hard-coded Media Access Control address, known as the devices station identifier. This value is hard coded at the factory by the manufacturer and cannot be changed.
Page 325 4. Click the Ping button to display a screen for verifying the link with a highlighted Symbol access point. NOTE A ping test initiated from the access point...
Page 326 LEDs on the selected access point go back to normal operation. 7. Click the Logout button to securely exit the access point Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 327: Chapter 8. Command Line Interface Reference
Command Line Interface Reference The access point Command Line Interface (CLI) is accessed through the serial port or a Telnet session. The access point CLI follows the same conventions as the Web-based user interface. The CLI does, however, provide an “escape sequence” to provide diagnostics for problem identification and resolution.
Page 328: Accessing The Cli Via Telnet
If this is your first time logging into the access point, you are unable to access any of the access point’s commands until the country code is set. A new password will also need to be created.
Page 329: Admin And Common Commands
Command Line Interface Reference 8-3 8.2 Admin and Common Commands AP51xx>admin> Description: Displays admin configuration options. The items available under this command are shown below. Syntax: help Displays general user interface help. passwd Changes the admin password. summary Shows a system summary. network Goes to the network submenu system...
Page 330 AP-51xx Access Point Product Reference Guide AP51xx>admin>help Description: Displays general CLI user interface help. Syntax: help Displays command line help using combinations of function keys for navigation. Example: admin>help : display command help - Eg. ?, show ?, s? * Restriction of “?”: : “?”...
Page 331 Command Line Interface Reference 8-5 AP51xx>admin>passwd Description: Changes the password for the admin login. Syntax: passwd Changes the admin password for access point access. This requires typing the old admin password and entering a new password and confirming it. Passwords can be up to 11 characters. The access point CLI treats the following as invalid characters: "...
Page 332 AP-51xx Access Point Product Reference Guide AP51xx>admin>summary Description: Displays the access point’s system summary. Syntax: summary Displays a summary of high-level characteristics and settings for the WAN, LAN and WLAN. Example: admin>summary AP-51xx firmware version 1.1.0.0-xxx country code serial number...
Page 333 Command Line Interface Reference 8-7 AP51xx>admin>.. Description: Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure.
Page 334 AP-51xx Access Point Product Reference Guide AP51xx>admin> / Description: Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure.
Page 335 Command Line Interface Reference 8-9 AP51xx>admin>save Description: Saves the configuration to system flash. The save command appears in all of the submenus under admin. In each case, it has the same function, to save the current configuration. Syntax: save Saves configuration settings. The save command works at all levels of the CLI. The save command must be issued before leaving the CLI for updated settings to be retained.
Page 336 8-10 AP-51xx Access Point Product Reference Guide AP51xx>admin>quit Description: Exits the command line interface session and terminates the session. The quit command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI. Once the quit command is executed, the login prompt displays again.
Page 337: Network Commands
Command Line Interface Reference 8-11 8.3 Network Commands AP51xx>admin(network)> Description: Displays the network submenu. The items available under this command are shown below. Goes to the LAN submenu. Goes to the WAN submenu. wireless Goes to the Wireless Configuration submenu. firewall Goes to the firewall submenu.
Page 338: Network Lan Commands
8-12 AP-51xx Access Point Product Reference Guide 8.3.1 Network LAN Commands AP51xx>admin(network.lan)> Description: Displays the LAN submenu. The items available under this command are shown below. show Shows current access point LAN parameters. Sets LAN parameters. bridge Goes to the mesh configuration submenu.
Page 339 Command Line Interface Reference 8-13 AP51xx>admin(network.lan)> show Description: Displays the access point LAN settings. Syntax: show Shows the settings for the access point LAN1 and LAN2 interfaces. Example: admin(network.lan)>show LAN On Ethernet Port : LAN1 LAN Ethernet Timeout : disable 802.1x Port Authentication: Username : admin...
Page 340 8-14 AP-51xx Access Point Product Reference Guide IP Address : 192.168.1.1 Network Mask : 255.255.255.255 Default Gateway : 192.168.1.1 Domain Name Primary DNS Server : 192.168.0.2 Secondary DNS Server : 192.168.0.3 WINS Server : 192.168.0.255 admin(network.lan)> For information on displaying LAN information using the applet (GUI), see Configuring the LAN Interface on page 5-1.
Page 341 Command Line Interface Reference 8-15 AP51xx>admin(network.lan)> set Description: Sets the LAN parameters for the LAN port. Syntax: <mode> Enables or disables the access point LAN interface. name <idx-name > Defines the LAN name by index. ethernet-port-lan <idx> Defines which LAN (LAN 1 or LAN 2) is active on the Ethernet port. timeout <seconds>...
Page 342 8-16 AP-51xx Access Point Product Reference Guide Related Commands: show Shows the current settings for the access point LAN port. For information on configuring the LAN using the applet (GUI), see Configuring the LAN Interface on page 5-1.
Page 343: Network Lan, Bridge Commands
Command Line Interface Reference 8-17 8.3.1.1 Network LAN, Bridge Commands AP51xx>admin(network.lan.bridge)> Description: Displays the access point Bridge submenu. show Displays the mesh configuration parameters for the access point’s LANs. Sets the mesh configuration parameters for the access point’s LANs.. Moves to the parent menu. Goes to the root menu.
Page 344 8-18 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.bridge)> show Description: Displays the mesh bridge configuration parameters for the access point’s LANs. Syntax: show Displays the mesh bridge configuration parameters for the access point’s LANs. Example: admin(network.lan.bridge)>show ** LAN1 Bridge Configuration **...
Page 345 Command Line Interface Reference 8-19 AP51xx>admin(network.lan.bridge)> set Description: Sets the mesh configuration parameters for the access point’s LANs. Syntax: set priority <LAN-idx> <seconds> Sets bridge priority time in seconds (0-65535) for specified LAN. hello <LAN-idx> <seconds> Sets bridge hello time in seconds (0-10) for specified LAN. msgage <LAN-idx>...
Page 346: Network Lan, Wlan-Mapping Commands
8-20 AP-51xx Access Point Product Reference Guide 8.3.1.2 Network LAN, WLAN-Mapping Commands AP51xx>admin(network.lan.wlan-mapping)> Description: Displays the WLAN/Lan/Vlan Mapping submenu. show Displays the VLAN list currently defined for the access point. Sets the access point VLAN configuration. create Creates a new access point VLAN.
Page 347 Command Line Interface Reference 8-21 AP51xx>admin(network.lan.wlan-mapping)> show Description: Displays the VLAN list currently defined for the access point.. These parameters are defined with the set command. Syntax: show name Displays the existing list of VLAN names. vlan-cfg Shows WLAN-VLAN mapping and VLAN configuration. lan-wlan Displays a WLAN-LAN mapping summary.
Page 348 8-22 AP-51xx Access Point Product Reference Guide admin(network.lan.wlan-mapping)>show wlan WLAN1: WLAN Name :WLAN1 ESSID :101 Radio VLAN Security Policy :Default QoS Policy :Default For information on displaying the VLAN screens using the applet (GUI), see Configuring VLAN Support on page...
Page 349 Command Line Interface Reference 8-23 AP51xx>admin(network.lan.wlan-mapping)> set Description: Sets VLAN parameters for the access point. Syntax: set mgmt- tag <id> Defines the Management VLAN tag (1-4095). native-tag <id> Sets the Native VLAN tag (1-4095). mode <wlan-idx> Sets WLAN VLAN mode (WLAN 1-16) to either dynamic or static. Example: admin(network.lan.wlan-mapping)>set mgmt-tag 1 admin(network.lan.wlan-mapping)>set native-tag 2...
Page 350 8-24 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.wlan-mapping)> create Description: Creates a VLAN for the access point. Syntax: create vlan-id <id> Defines the VLAN ID (1-4095). vlan-name <name> Specifies the name of the VLAN (1-31 characters in length). Example: admin(network.lan.wlan-mapping)>...
Page 351 Command Line Interface Reference 8-25 AP51xx>admin(network.lan.wlan-mapping)> edit Description: Modifies a VLAN’s name and ID. Syntax: edit name <name> Modifies an exisiting VLAN name (1-31 characters in length) <id> Modifies an existing VLAN ID (1-4095) characters in length). For information on editing VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
Page 352 8-26 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.wlan-mapping)> delete Description: Deletes a specific VLAN or all VLANs. Syntax: delete < VLAN id> Deletes a specific VLAN ID (1-16). Deletes all defined VLANs. For information on deleting VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
Page 353 Command Line Interface Reference 8-27 AP51xx>admin(network.lan.wlan-mapping)> lan-map Description: Maps an access point VLAN to a WLAN. Syntax: .. lan-map <wlan name> <lan name> Maps an existing WLAN to an enabled LAN. All names and IDs are case-sensitive. admin(network.lan.wlan-mapping)>lan-map wlan1 lan1 For information on mapping VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
Page 354 8-28 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.wlan-mapping)> vlan-map Description: Maps an access point VLAN to a WLAN. Syntax: vlan-map <wlan name> <vlan name> Maps an existing WLAN to an enabled LAN. All names and IDs are case-sensitive. admin(network.lan.wlan-mapping)>vlan-map wlan1 vlan1...
Page 355: Network Lan, Dhcp Commands
Command Line Interface Reference 8-29 8.3.1.3 Network LAN, DHCP Commands AP51xx>admin(network.lan.dhcp)> Description: Displays the access point DHCP submenu. The items available are displayed below. show Displays DHCP parameters. Sets DHCP parameters. Adds static DHCP address assignments. delete Deletes static DHCP address assignments. list Lists static DHCP address assignments.
Page 356 8-30 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.dhcp)> show Description: Shows DHCP parameter settings. Syntax: show Displays DHCP parameter settings for the access point. These parameters are defined with the set command. Example: admin(network.lan.dhcp)>show **LAN1 DHCP Information** DHCP Address Assignment Range: Starting IP Address : 192.168.0.100...
Page 357 Command Line Interface Reference 8-31 AP51xx>admin(network.lan.dhcp)> set Description: Sets DHCP parameters for the LAN port. Syntax: set range <LAN-idx> <ip1> <ip2> Sets the DHCP assignment range from IP address <ip1> to IP address <ip2> for the specified LAN. lease <LAN-idx> <lease> Sets the DHCP lease time <lease>...
Page 358 8-32 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.dhcp)> add Description: Adds static DHCP address assignments. Syntax: <LAN-idx> <mac> <ip> Adds a reserved static IP address to a MAC address for the specified LAN. Example: admin(network.lan.dhcp)>add 1 00A0F8112233 192.160.24.6 admin(network.lan.dhcp)>add 1 00A0F1112234 192.169.24.7 admin(network.lan.dhcp)>list 1...
Page 359 Command Line Interface Reference 8-33 AP51xx>admin(network.lan.dhcp)> delete Description: Deletes static DHCP address assignments. Syntax: delete <LAN-idx> <entry> Deletes the static DHCP address entry for the specified LAN. <LAN-idx> Deletes all static DHCP addresses. Example: admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- Index MAC Address IP Address ----------------------------------------------------------------------------- 00A0F8112233...
Page 360 8-34 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.dhcp)> list Description: Lists static DHCP address assignments. Syntax: list <LAN-idx> Lists the static DHCP address assignments for the specified LAN. Example: admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------- Index MAC Address IP Address ----------------------------------------------------------------------------- 00A0F8112233 10.1.2.4 00A0F8102030 10.10.1.2...
Page 361: Network Type Filter Commands
Command Line Interface Reference 8-35 8.3.1.4 Network Type Filter Commands AP51xx>admin(network.lan.type-filter)> Description: Displays the access point Type Filter submenu. The items available under this command include: show Displays the current Ethernet Type exception list. Defines Ethernet Type Filter parameters. Adds an Ethernet Type Filter entry. delete Removes an Ethernet Type Filter entry.
Page 362 8-36 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.type-filter)> show Description: Displays the access point’s current Ethernet Type Filter configuration. Syntax: show <LAN-idx> Displays the existing Type-Filter configuration for the specified LAN. Example: admin(network.lan.type-filter)>show 1 Ethernet Type Filter mode : allow...
Page 363 Command Line Interface Reference 8-37 AP51xx>admin(network.lan.type-filter)> set Description: Defines the access point Ethernet Type Filter configuration. Syntax: set mode <LAN-idx> allow deny Allows or denies the access point from processing a specified Ethernet data type for the specified LAN. Example: admin(network.lan.type-filter)>set mode 1 allow For information on configuring the type filter settings using the applet (GUI), see Setting the Type Filter Configuration on page...
Page 364 8-38 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.lan.type-filter)> add Description: Adds an Ethernet Type Filter entry. Syntax: <LAN-idx> <type> Adds entered Ethernet Type to list of data types either allowed or denied access point processing permissions for the specified LAN.
Page 365 Command Line Interface Reference 8-39 AP51xx>admin(network.lan.type-filter)> delete Description: Removes an Ethernet Type Filter entry individually or the entire Type Filter list. Syntax: delete <LAN-idx> <index> Deletes the specified Ethernet Type index entry (1 through 16). <LAN-idx> Deletes all Ethernet Type entries currently in list. Example: admin(network.lan.type-filter)>delete 1 1 admin(network.lan.type-filter)>show 1...
Page 366: Network Wan Commands
8-40 AP-51xx Access Point Product Reference Guide 8.3.2 Network WAN Commands AP51xx>admin(network.wan)> Description: Displays the WAN submenu. The items available under this command are shown below. show Displays the access point WAN configuration and the access point’s current PPPoE configuration.
Page 367 Command Line Interface Reference 8-41 AP51xx>admin(network.wan)> show Description: Displays the access point WAN port parameters. Syntax: show Shows the general IP parameters for the WAN port along with settings for the WAN interface.. Example: admin(network.wan)>show Status : enable WAN DHCP Client Mode : disable IP address : 0.0.0.0...
Page 368 8-42 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wan)> set Description: Defines the configuration of the access point WAN port. Syntax: set wan enable/disable Enables or disables the access point WAN port. dhcp enable/disable Enables or disables WAN DHCP Client mode.
Page 369: Network Wan Nat Commands
Command Line Interface Reference 8-43 8.3.2.1 Network WAN NAT Commands AP51xx>admin(network.wan.nat)> Description: Displays the NAT submenu. The items available under this command are shown below. show Displays the access point’s current NAT parameters for the specified index. Defines the access point NAT settings. Adds NAT entries.
Page 370 8-44 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wan.nat)> show Description: Displays access point NAT parameters. Syntax: show <idx> Displays access point NAT parameters for the specified NAT index. Example: admin(network.wan.nat)>show 2 WAN IP Mode : disable WAN IP Address : 157.235.91.2...
Page 371 Command Line Interface Reference 8-45 AP51xx>admin(network.wan.nat)> set Description: Sets NAT inbound and outbound parameters. Syntax: set type <index> <type> Sets the type of NAT translation for WAN address index <idx> (1-8) to <type> (none, 1-to-1, or 1-to-many). <index> <ip> Sets NAT IP mapping associated with WAN address <idx> to the specified IP address <ip>.
Page 372 8-46 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wan.nat)> add Description: Adds NAT entries. Syntax: <idx> <name> <tran> <port1> <port2> <ip> <dst_port> Sets an inbound network address translation (NAT) for WAN address <idx>, where <name> is the name of the entry (1 to 7 characters), <tran>...
Page 373 Command Line Interface Reference 8-47 AP51xx>admin(network.wan.nat)> delete Description: Deletes NAT entries. Syntax: delete <idx> <entry> Deletes a specified NAT index entry <entry> associated with the WAN. <idx> Deletes all NAT entries associated with the WAN. Example: admin(network.wan.nat)>list 1 ----------------------------------------------------------------------------- index name prot start port...
Page 374 8-48 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wan.nat)> list Description: Lists access point NAT entries for the specified index. Syntax: list <idx> Lists the inbound NAT entries associated with WAN port. Example: admin(network.wan.nat)>list 1 ----------------------------------------------------------------------------- index name Transport start port...
Page 375: Network Wan, Vpn Commands
Command Line Interface Reference 8-49 8.3.2.2 Network WAN, VPN Commands AP51xx>admin(network.wan.vpn)> Description: Displays the VPN submenu. The items available under this command include: Adds VPN tunnel entries. Sets key exchange parameters. delete Deletes VPN tunnel entries. list Lists VPN tunnel entries reset Resets all VPN tunnels.
Page 376 8-50 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wan.vpn)> add Description: Adds a VPN tunnel entry. Syntax: <name> <LAN idx> <LWanIP> <RSubnetIP> <RSubnetMask <RGatewayIP> Creates a tunnel <name> (1 to 13 characters) to gain access through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP>...
Page 377 Command Line Interface Reference 8-51 AP51xx>admin(network.wan.vpn)> set Description: Sets VPN entry parameters. Syntax: set type <name> <tunnel type> Sets the tunnel type <name> to Auto Manual for the specified tunnel name. authalgo <name> <authalgo> Sets the authentication algorithm for <name> to (None, MD5, or SHA1).
Page 378 8-52 AP-51xx Access Point Product Reference Guide salife <name> <lifetime> Defines the name of the tunnnel <name> the Security Association Life Time <300-65535> applies to in seconds. opmode <name> <opmode> Sets the Operation Mode of IKE for <name> to Main or Aggr(essive).
Page 379 Command Line Interface Reference 8-53 AP51xx>admin(network.wan.vpn)> delete Description: Deletes VPN tunnel entries. Syntax: delete Deletes all VPN entries. <name> Deletes VPN entries <name>. Example: admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP -------------------------------------------------------------------------- Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 SJSharkey...
Page 380 8-54 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wan.vpn)> list Description: Lists VPN tunnel entries. Syntax: list <cr> Lists all tunnel entries. <name> Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name of...
Page 381 Command Line Interface Reference 8-55 AP51xx>admin(network.wan.vpn)> reset Description: Resets all of the access point’s VPN tunnels. Syntax: reset Resets all VPN tunnels. Example: admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)> For information on configuring VPN using the applet (GUI), see Configuring VPN Tunnels on page 6-36.
Page 382 8-56 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wan.vpn)> stats Description: Lists statistics for all active tunnels. Syntax: stats Display statistics for all VPN tunnels. Example: admin(network.wan.vpn)>stats ----------------------------------------------------------------------------- Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) ----------------------------------------------------------------------------- Eng2EngAnnex Not Active SJSharkey Not Active...
Page 383 Command Line Interface Reference 8-57 AP51xx>admin(network.wan.vpn)> ikestate Description: Displays statistics for all active tunnels using Internet Key Exchange (IKE). Syntax: ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key. Example: admin(network.wan.vpn)>ikestate ----------------------------------------------------------------------...
Page 384: Network Wan, Dynamic Dns Commands
8-58 AP-51xx Access Point Product Reference Guide 8.3.2.3 Network WAN, Dynamic DNS Commands AP51xx>admin(network.wan.dyndns)> Description: Displays the Dynamic DNS submenu. The items available under this command include: Sets Dynamic DNS parameters. update Sets key exchange parameters. show Shows the Dynamic DNS configuration.
Page 385 Command Line Interface Reference 8-59 AP51xx>admin(network.wan.dyndns)> set Description: Sets the access point’s Dynamic DNS configuration. Syntax: mode enable/disable Enables or disbales the Dynamic DNS service for the access point. username <name> Enter a 1 - 32 character username for the account used for the access point. password <password>...
Page 386 8-60 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wan.dyndns)> update Description: Updates the access point’s current WAN IP address with the DynDNS service. Syntax: update Updates the access point’s current WAN IP address with the DynDNS service. Example: admin(network.wan.dyndns)>update IP Address : 157.235.91.231...
Page 387 Command Line Interface Reference 8-61 AP51xx>admin(network.wan.dyndns)> show Description: Shows the current Dynamic DNS configuration. Syntax: show Shows the access point’s current Dynamic DNS configuration. Example: admin(network.wan.dyndns)>show DynDNS Configuration Mode : 157.235.91.231 Username : percival Password : ******** Hostname : greengiant DynDNS Update Response IP Address : 157.235.91.231...
Page 388: Network Wireless Commands
8-62 AP-51xx Access Point Product Reference Guide 8.3.3 Network Wireless Commands AP51xx>admin(network.wireless) Description: Displays the access point wireless submenu. The items available under this command include: wlan Displays the WLAN submenu used to create and configure up to 16 WLANs per access point.
Page 389: Network Wlan Commands
Command Line Interface Reference 8-63 8.3.3.1 Network WLAN Commands AP51xx>admin(network.wireless.wlan)> Description: Displays the access point wireless LAN (WLAN) submenu. The items available under this command include: show Displays the access point’s current WLAN configuration. create Defines the parameters of a new WLAN. edit Modifies the properties of an existing WLAN.
Page 390 8-64 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.wlan)> show Description: Displays the access point’s current WLAN configuration. Syntax: show summary Displays the current configuration for existing WLANs. wlan <number> Displays the configuration for the requested WLAN (WLAN 1 through 16).
Page 391 Enables or disables MUs associated to the same WLAN to not communicate with each other. sbeacon <mode> Enables or disables the AP-51xx from transmitting the ESSID in the beacon. bcast <mode> Enables or disables the access point from accepting broadcast IDs from MUs.
Page 392 8-66 AP-51xx Access Point Product Reference Guide Accept Broadcast ESSID : disable QoS Policy : Default admin(network.wireless.wlan.create)>show security ---------------------------------------------------------------------- Secu Policy Name Authen Encryption Associated WLANs ---------------------------------------------------------------------- 1 Default Manual no encrypt Front Lobby 2 WEP Demo Manual WEP 64...
Page 393 Command Line Interface Reference 8-67 AP51xx>admin(network.wireless.wlan)> edit Description: Edits the properties of an existing WLAN policy. Syntax: edit <index> Edits the properties of an existing WLAN policy. show Displays the WLANs pamaters and summary. Edits the same WLAN parameters that can be modified using the create command. change Completes the WLAN edits and exits the CLI session.
Page 394 8-68 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.wlan)> delete Description: Deletes an existing WLAN. Syntax: delete <wlan-name> Deletes a target WLAN by name supplied. Deletes all WLANs defined. For information on deleting a WLAN using the applet (GUI), see Creating/Editing Individual WLANs on page...
Page 395 Command Line Interface Reference 8-69 AP51xx>admin(network.wireless.wlan.hotspot)> Description: Displays the Hotspot submenu. The items available under this command include: show Show hotspot parameters. redirection Goes to the hotspot redirection menu. radius Goes to the hotspot Radius menu. white-list Goes to the hotspot white-list menu. save Saves the configuration to system flash.
Page 396 8-70 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.wlan.hotspot)> show Description: Displays the current access point Rogue AP detection configuration. Syntax: show hotspot <idx> Shows hotspot parameters per wlan index (1-16). Example: admin(network.wireless.wlan.hotspot)>show hotspot 1 WLAN1 Hotspot Mode : enable Hotspot Page Location...
Page 397 Command Line Interface Reference 8-71 AP51xx>admin(network.wireless.wlan.hotspot)> redirection Description: Goes to the hotspot redirection menu. Syntax: redirection set <page-loc> Sets the hotspot http-re-direction by index (1-16) for the specified URL. <exturl> Shows hotspot http-redirection details for specifiec index (1-16) for specified page (login, welcome, fail) and target URL..
Page 398 8-72 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.wlan.hotspot)> radius Description: Goes to the hotspot Radius menu. Syntax: Sets the Radius hotspot configuration. show Shows Radius hotspot server details. save Saves the configuration to system flash. quit Quits the CLI. Goes to the parent menu.
Page 399 Command Line Interface Reference 8-73 AP51xx>admin(network.wireless.wlan.hotspot.radius)> set Description: Sets the Radius hotspot configuration. Syntax: server <idx> <srvr_type> <ipadr> Sets the Radius hotpost server IP address per wlan index (1-16) port <idx> <srvr_type> <port> Sets the Radius hotpost server port per wlan index (1-16) secret <idx>...
Page 400 8-74 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.wlan.hotspot.radius)> show Description: Shows Radius hotspot server details. Syntax: show radius <idx> Displays Radius hotspot server details per index (1-16) Example: admin(network.wireless.wlan.hotspot.radius)>show radius 1 Primary Server Ip adr : 157.235.12.12 Primary Server Port...
Page 401 Command Line Interface Reference 8-75 AP51xx>admin(network.wireless.wlan.hotspot)> white-list Description: Goes to the hotspot white-list menu. Syntax: white-list add <rule> Adds hotspot whitelist rules by index (1-16) for specified IP address. clear Clears hotspot whitelist rules for specified index (1-16). show Shows hotspot whitelist rules for specified index (1-16). save Saves the updated hotspot configuration to flash memory.
Page 402: Network Security Commands
8-76 AP-51xx Access Point Product Reference Guide 8.3.3.2 Network Security Commands AP51xx>admin(network.wireless.security)> Description: Displays the access point wireless security submenu. The items available under this command include: show Displays the access point’s current security configuration. create Defines the parameters of a security policy.
Page 403 Command Line Interface Reference 8-77 AP51xx>admin(network.wireless.security)> show Description: Displays the access point’s current security configuration. Syntax: show summary Displays list of existing security policies (1-16). policy <id> Displays the specified security policy <id>. Example: admin(network.wireless.security)>show summary ---------------------------------------------------------------------- Secu Policy Name Authen Encryption Associated WLANs...
Page 404 8-78 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.security)> create Description: Defines the parameter of access point security policies.
Page 405 Command Line Interface Reference 8-79 Syntax: create Defines the parameters of a security policy. show Displays new or existing security policy parameters. sec-name <name> Sets the name of the security policy. auth <authtype> Sets the authentication type for WLAN <idx> to <type>...
Page 406 8-80 AP-51xx Access Point Product Reference Guide retry <number> Sets the maximum number of reauthentication retries <retry> (1-99). accounting mode <mode> Enable or disable Radius accounting. server <ip> Set external Radius server IP address. port <port> Set external Radius server port number.
Page 407 Command Line Interface Reference 8-81 wep- passkey <passkey> The passkey used as a text abbreviation for the entire key length (4-32). keyguard index <key index> Selects the WEP/KeyGuard key (from one of the four potential values of <key index> (1-4). hex-key <kidx>...
Page 408 8-82 AP-51xx Access Point Product Reference Guide mixed-mode <mode> Enables or disables mixed mode (allowing WPA- TKIP clients). preauth <mode> Enables or disables preauthentication (fast roaming). add-policy Adds the policy and exits. Disregards the policy creation and exits the CLI session.
Page 409 Command Line Interface Reference 8-83 AP51xx>admin(network.wireless.security.edit)> Description: Edits the properties of a specific security policy. Syntax: show Displays the new or modified security policy parameters. <index> Edits security policy parameters. change Completes policy changes and exits the session. Cancels the changes made and exits the session. Example: admin(network.wireless.security)>edit 1 admin(network.wireless.security.edit)>show...
Page 410 8-84 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.security)> delete Description: Deletes a specific security policy. Syntax: delete <sec-name> Removes the specified security policy for the list supported. <all> Removes all security policies except the default policy. For information on configuring the encryption and authentication options available to the access point using the applet (GUI), see Configuring Security Options on page 6-2.
Page 411: Network Acl Commands
Command Line Interface Reference 8-85 8.3.3.3 Network ACL Commands AP51xx>admin(network.wireless.acl)> Description: Displays the access point Mobile Unit Access Control List (ACL) submenu. The items available under this command include: show Displays the access point’s current ACL configuration. create Creates an MU ACL policy. edit Edits the properties of an existing MU ACL policy.
Page 412 8-86 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.acl)> show Description: Displays the access point’s current ACL configuration. Syntax: show summary Displays the list of existing MU ACL policies. policy <index> Displays the requested MU ACL index policy. Example: admin(network.wireless.acl)>show summary...
Page 413 Command Line Interface Reference 8-87 AP51xx>admin(network.wireless.acl)> create Description: Creates an MU ACL policy. Syntax: create show <acl-name> Displays the parameters of a new ACL policy. acl-name <index> Sets the MU ACL policy name. mode <acl-mode> Sets the ACL mode for the defined index (1-16). Allowed MUs can access the access point managed LAN.
Page 414 8-88 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.acl.edit)> Description: Edits the properties of an existing MU ACL policy. Syntax: show Displays MU ACL policy and its parameters. Modifies the properties of an existing MU ACL policy. add-addr Adds an MU ACL table entry.
Page 415 Command Line Interface Reference 8-89 AP51xx>admin(network.wireless.acl)> delete Description: Removes an MU ACL policy. Syntax: delete <acl name> Deletes a partilcular MU ACL policy. Deletes all MU ACL policies. For information on configuring the ACL options available to the access point using the applet (GUI), see Configuring a WLAN Access Control List (ACL) on page 5-36.
Page 416: Network Radio Configuration Commands
8-90 AP-51xx Access Point Product Reference Guide 8.3.3.4 Network Radio Configuration Commands AP51xx>admin(network.wireless.radio)> Description: Displays the access point Radio submenu. The items available under this command include: show Summarizes access point radio parameters at a high-level. Defines the access point radio configuration.
Page 417 Command Line Interface Reference 8-91 AP51xx>admin(network.wireless.radio)> show Description: Displays the access point’s current radio configuration. Syntax: show Displays the access point’s current radio configuration. Example: admin(network.wireless.radio)>show Radio Configuration Radio 1 Name : Radio 1 Radio Mode : enable RF Band of Operation : 802.11b/g (2.4 GHz) Wireless AP Configuration: Base Bridge Mode...
Page 418 8-92 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.radio)> set Description: Enables an access point Radio and defines the RF band of operation. Syntax: set 11a <mode> Enables or disables the access point’s 802.11a radio. 11bg <mode> Enables or disables the access point’s 802.11b/g radio.
Page 419 Command Line Interface Reference 8-93 AP51xx>admin(network.wireless.radio.radio1)> Description: Displays a specific 802.11b/g radio submenu. The items available under this command include: Syntax: show Displays 802.11b/g radio settings. Defines specific 802.11b/g radio parameters. advanced Displays the Adavanced radio settings submenu. mesh Goes to the Wireless AP Connections submenu. Goes to the parent menu.
Page 420 8-94 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.radio.radio1)> show Description: Displays specific 802.11b/g radio settings. Syntax: show radio Displays specific 802.11b/g radio settings. Displays specific 802.11b/g radio WMM QoS settings. Example: admin(network.wireless.radio.radio1)>show radio Radio Setting Information Placement : indoor MAC Address...
Page 421 Command Line Interface Reference 8-95 admin(network.wireless.radio.radio1)>show qos Radio QOS Parameter Set 11g-default ----------------------------------------------------------------------------- Access Category CWMin CWMax AIFSN TXOPs (32 usec) TXOPs ms ----------------------------------------------------------------------------- Background 1023 0.000 Best Effort 0.992 Video 3.008 Voice 1.504 CAUTION If you do NOT include the index number (for example, "set dtim 50"), the DTIMs for all four BSSIDs will be changed to 50.
Page 422 8-96 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.radio.802-11bg)> set Description: Defines specific 802.11b/g radio parameters. Syntax: set placement Defines the access point radio placement as indoors or outdoors. ch-mode Determines how the radio channel is selected. channel Defines the actual channel used by the radio.
Page 423 Command Line Interface Reference 8-97 AP51xx>admin(network.wireless.radio.802-11bg.advanced)> Description: Displays the advanced submenu for the 802.11b/g radio. The items available under this command include: Syntax: show Displays advanced radio settings for the 802.11b/g radio. Defines advanced parameters for the 802.11b/g radio. Goes to the parent menu. Goes to the root menu.
Page 424 8-98 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.radio.802-11bg.advanced)> show Description: Displays the BSSID to WLAN mapping for the 802.11b/g radio. Syntax: show advanced Displays advanced settings for the 802.11b/g radio. wlan Displays WLAN summary list for the 802.11b/g radio. Example: admin(network.wireless.radio.802-11bg.advanced)>show advanced...
Page 425 Command Line Interface Reference 8-99 AP51xx>admin(network.wireless.radio.802-11bg.advanced)> set Description: Defines advanced parameters for the target 802.11b/g radio. Syntax: <wlan-name> <bssid> set wlan Defines advanced WLAN to BSSID mapping for the target radio. <bss-id> <wlan name> Sets the BSSID to primary WLAN definition. Example: admin(network.wireless.radio.802-11bg.advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11bg.advanced)>set bss 1 demoroom...
Page 426 8-100 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.radio.radio2)> Description: Displays a specific 802.11a radio submenu. The items available under this command include: Syntax: show Displays 802.11a radio settings Defines specific 802.11a radio parameters. advanced Displays the Advanced radio settings submenu.
Page 427 Command Line Interface Reference 8-101 AP51xx>admin(network.wireless.radio.802-11a)> show Description: Displays specific 802.11a radio settings. Syntax: show radio Displays specific 802.11a radio settings. Displays specific 802.11a radio WMM QoS settings. Example: admin(network.wireless.radio.802-11a)>show radio Radio Setting Information Placement : indoor MAC Address : 00A0F8715920 Radio Type : 802.11a Channel Setting...
Page 428 8-102 AP-51xx Access Point Product Reference Guide admin(network.wireless.radio.802-11a)>show qos Radio QOS Parameter Set: 11a default ----------------------------------------------------------------------------- Access Category CWMin CWMax AIFSN TXOPs (32 sec) TXOPs ms ----------------------------------------------------------------------------- Background 1023 0.000 Best Effort 0.992 Video 3.008 Voice 1.504 For information on configuring Radio 2 Configuration options available to the access point using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page...
Page 429 Command Line Interface Reference 8-103 AP51xx>admin(network.wireless.radio.802-11a)> set Description: Defines specific 802.11a radio parameters. Syntax: set placement Defines the access point radio placement as indoors or outdoors. ch-mode Determines how the radio channel is selected. channel Defines the actual channel used by the radio. antenna Sets the radio antenna power.
Page 430 8-104 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.radio.802-11a.advanced)> Description: Displays the advanced submenu for the 802-11a radio. The items available under this command include: Syntax: show Displays advanced radio settings for the 802-11a radio. Defines advanced parameters for the 802-11a radio.
Page 431 Command Line Interface Reference 8-105 AP51xx>admin(network.wireless.radio.802-11a.advanced)> show Description: Displays the BSSID to WLAN mapping for the 802.11a radio. Syntax: show advanced Displays advanced settings for the 802.11a radio. wlan Displays WLAN summary list for 802.11a radio. Example: admin(network.wireless.radio.802-11a.advanced)>show advanced ----------------------------------------------------------------------------- WLAN BSS ID BC/MC Cipher...
Page 432 8-106 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.radio.802-11a.advanced)> set Description: Defines advanced parameters for the target 802..11a radio. Syntax: <wlan-name> <bssid> set wlan Defines advanced WLAN to BSSID mapping for the target radio. <bss-id> <wlan name> Sets the BSSID to primary WLAN definition.
Page 433: Network Quality Of Service (Qos) Commands
Command Line Interface Reference 8-107 8.3.3.5 Network Quality of Service (QoS) Commands AP51xx>admin(network.wireless.qos)> Description: Displays the access point Quality of Service (QoS) submenu. The items available under this command include: show Displays access point QoS policy information. create Defines the parameters of the QoS policy. edit Edits the settings of an existing QoS policy.
Page 434 8-108 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.qos)> show Description: Displays the access point’s current QoS policy by summary or individual policy. Syntax: show summary Displays all exisiting QoS policies that have been defined. policy <index> Displays the configuration for the requested QoS policy.
Page 435 Command Line Interface Reference 8-109 AP51xx>admin(network.wireless.qos.create)> Description: Defines an access point QoS policy. Syntax: show Displays QoS policy parameters. qos-name <index> Sets the QoS name for the specified index entry. <index> Enables or disables support (by index) for legacy VOIP devices. mcast <mac>...
Page 436 8-110 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.qos.edit)> Descripton: Edits the properties of an existing QoS policy. Syntax: show Displays QoS policy parameters. qos-name <index> Sets the QoS name for the specified index entry. <index> Enables or disables support (by index) for legacy VOIP devices.
Page 437 Command Line Interface Reference 8-111 AP51xx>admin(network.wireless.qos)> delete Description: Removes a QoS policy. Syntax: delete <qos-name> Deletes the specified QoS polciy index, or all of the policies. <all> For information on configuring the WLAN QoS options available to the access point using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page 5-39.
Page 438: Network Bandwith Management Commands
8-112 AP-51xx Access Point Product Reference Guide 8.3.3.6 Network Bandwith Management Commands AP51xx>admin(network.wireless.bandwidth)> Description: Displays the access point Bandwidth Management submenu. The items available under this command include: show Displays Bandwidth Management information for how data is processed by the access point.
Page 439 Command Line Interface Reference 8-113 AP51xx>admin(network.wireless.bandwidth)> show Description: Displays the access point’s current Bandwidth Management configuration. Syntax: show Displays the current Bandwidth Management configuration for defined WLANs and how they are weighted. Example: admin(network.wireless.bandwidth)>show Bandwidth Share Mode : First In First Out For information on configuring the Bandwidth Management options available to the access point using the applet (GUI), see Configuring Bandwidth Management Settings on page 5-63.
Page 440 8-114 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.bandwidth)> set Description: Defines the access point Bandwidth Management configuration. Syntax: set mode <bw-mode> Defines bandwidth share mode of First In First Out <fifo>, Round Robin <rr> or Weighted Round Robin <wrr> weight <num>...
Page 441: Network Rogue-Ap Commands
Command Line Interface Reference 8-115 8.3.3.7 Network Rogue-AP Commands AP51xx>admin(network.wireless.rogue-ap)> Description: Displays the Rogue AP submenu. The items available under this command include: show Displays the current access point Rogue AP detection configuration. Defines the Rogue AP detection method. mu-scan Goes to the Rogue AP mu-uscan submenu.
Page 442 8-116 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.rogue-ap)> show Description: Displays the current access point Rogue AP detection configuration. Syntax: show Displays the current access point Rogue AP detection configuration. Example: admin(network.wireless.rogue-ap)>show MU Scan : disable MU Scan Interval : 60 minutes...
Page 443 Enables or disables on-channel detection. detector-scan <mode> Enables or disables AP detector scan (dual-radio model only). symbol-ap <mode> Enables or disables the Authorize Any AP with a Symbol MAC address option. applst-ageout <minutes> Sets the approved AP age out time. roglst-ageout <minutes>...
Page 444 8-118 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.rogue-ap.mu-scan)> Description: Displays the Rogue-AP mu-scan submenu. Syntax: show Displays all APs located by the MU scan. start Initiates scan immediately by the MU. Goes to the parent menu. Goes to the root menu.
Page 445 Command Line Interface Reference 8-119 AP51xx>admin(network.wireless.rogue-ap.mu-scan)> start Description: Initiates an MU scan from a user provided MAC address. Syntax: start <mu-mac> Initiates MU scan from user provided MAC address. For information on configuring the Rogue AP options available to the access point using the applet (GUI), see Configuring Rogue AP Detection on page 6-55.
Page 446 8-120 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.rogue-ap.mu-scan)> show Description: Displays the results of an MU scan. Syntax: show Displays all APs located by the MU scan. For information on configuring the Rogue AP options available to the access point using the applet (GUI), see Configuring Rogue AP Detection on page 6-55.
Page 447 Command Line Interface Reference 8-121 AP51xx>admin(network.wireless.rogue-ap.allowed-list)> Description: Displays the Rogue-AP allowed-list submenu. show Displays the rogue AP allowed list Adds an AP MAC address and ESSID to the allowed list. delete Deletes an entry or all entries from the allowed list. Goes to the parent menu.
Page 448 8-122 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.rogue-ap.allowed-list)> show Description: Displays the Rogue AP allowed List. Syntax: show Displays the rogue-AP allowed list. Example: admin(network.wireless.rogue-ap.allowed-list)>show ----------------------------------------------------------------------------- index essid ----------------------------------------------------------------------------- 00:A0:F8:71:59:20 00:A0:F8:33:44:55 00:A0:F8:40:20:01 Marketing For information on configuring the Rogue AP options available to the access point using the applet (GUI), see...
Page 449 Command Line Interface Reference 8-123 AP51xx>admin(network.wireless.rogue-ap.allowed-list)> add Description: Adds an AP MAC address and ESSID to existing allowed list. Syntax: <mac-addr> Adds an AP MAC address and ESSID to existing allowed list. Use a “*” for any ESSID. <ess-id> Example: admin(network.wireless.rogue-ap.allowed-list)>add 00A0F83161BB 103 admin(network.wireless.rogue-ap.allowed-list)>show -----------------------------------------------------------------------------...
Page 450 8-124 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.wireless.rogue-ap.allowed-list)> delete Description: Deletes an AP MAC address and ESSID to existing allowed list. Syntax: delete <idx> Deletes an AP MAC address and ESSID (or all addresses) from the allowed list. <all> For information on configuring the Rogue AP options available to the access point using the applet (GUI), see...
Page 451: Network Firewall Commands
Command Line Interface Reference 8-125 8.3.4 Network Firewall Commands AP51xx>admin(network.firewall)> Description: Displays the access point firewall submenu. The items available under this command include: show Displays the access point’s current firewall configuration. Defines the access point’s firewall parameters. access Enables/disables firewall permissions through the LAN and WAN ports. advanced Displays interoperaility rules between the LAN and WAN ports.
Page 452 8-126 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.firewall)> show Description: Displays the access point firewall parameters. Syntax: show Shows all access point’s firewall settings. Example: admin(network.firewall)>show Firewall Status : disable NAT Timeout : 10 minutes Configurable Firewall Filters: ftp bounce attack filter...
Page 453 Command Line Interface Reference 8-127 AP51xx>admin(network.firewall)> set Description: Defines the access point firewall parameters. Syntax: set mode <mode> Enables or disables the firewall. nat-timeout <interval> Defines the NAT timeout value. <mode> Enables or disables SYN flood attack check. <mode> Enables or disables source routing check. <mode>...
Page 454 8-128 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.firewall)> access Description: Enables or disables firewall permissions through LAN to WAN ports. Syntax: show Displays LAN to WAN access rules. Sets LAN to WAN access rules. Adds LAN to WAN exception rules.
Page 455 Command Line Interface Reference 8-129 AP51xx>admin(network.firewall)> advanced Description: Displays whether an access point firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface.. Syntax: show Shows advanced subnet access parameters. Sets advanced subnet access parameters. import Imports rules from subnet access.
Page 456: Network Router Commands
8-130 AP-51xx Access Point Product Reference Guide 8.3.5 Network Router Commands AP51xx>admin(network.router)> Description: Displays the router submenu. The items available under this command are: show Displays the existing access point router configuration. Sets the RIP parameters. Adds user-defined routes. delete Deletes user-defined routes.
Page 457 Command Line Interface Reference 8-131 AP51xx>admin(network.router)> show Description: Shows the access point route table. Syntax: show Shows the access point route table. Example: admin(network.router)>show routes ---------------------------------------------------------------------------- index destination netmask gateway interface metric ---------------------------------------------------------------------------- 192.168.2.0 255.255.255.0 0.0.0.0 lan1 192.168.1.0 255.255.255.0 0.0.0.0 lan2 192.168.0.0 255.255.255.0...
Page 458 8-132 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.router)> set Description: Shows the access point route table. Syntax: set auth Sets the RIP authentication type. Sets RIP direction. Sets MD5 authetication ID. Sets MD5 authetication key. passwd Sets the password for simple authentication.
Page 459 Command Line Interface Reference 8-133 AP51xx>admin(network.router)> add Description: Adds user-defined routes. Syntax: <dest> <netmask> <gw> <iface> <metric> Adds a route with destination IP address <dest>, IP netmask <netmask>, destination gateway IP address <gw>, interface LAN1, LAN2 or WAN <iface>, and metric set to <metric> (1-15). Example: admin(network.router)>add 192.168.3.0 255.255.255.0 192.168.2.1 LAN 1 1 admin(network.router)>list...
Page 460 8-134 AP-51xx Access Point Product Reference Guide AP51xx>admin(network.router)> delete Description: Deletes user-defined routes. Syntax: delete <idx> Deletes the user-defined route <idx> (1-20) from list. Deletes all user-defined routes. Example: admin(network.router)>list ---------------------------------------------------------------------------- index destination netmask gateway interface metric ---------------------------------------------------------------------------- 192.168.2.0 255.255.255.0 192.168.0.1...
Page 461 Command Line Interface Reference 8-135 AP51xx>admin(network.router)> list Description: Lists user-defined routes. Syntax: list Displays a list of user-defined routes. Example: admin(network.router)>list ---------------------------------------------------------------------------- index destination netmask gateway interface metric ---------------------------------------------------------------------------- 192.168.2.0 255.255.255.0 192.168.0.1 lan1 192.168.1.0 255.255.255.0 0.0.0.0 lan2 192.168.0.0 255.255.255.0 0.0.0.0 lan1 For information on configuring the Router options available to the access point using the applet (GUI), see Configuring Router Settings on page...
Page 462: System Commands
8-136 AP-51xx Access Point Product Reference Guide 8.4 System Commands AP51xx>admin(system)> Description: Displays the System submenu. The items available under this command are shown below. restart Restarts the access point. show Shows access point system parameter settings. Defines access point system parameter settings.
Page 463 Are you sure you want to restart the ? (yes/no): access point Boot Firmware Version 1.1.0.0-xxx Copyright(c) Symbol Technologies Inc. 2006. All rights reserved. Press escape key to run boot firmware ..Power On Self Test testing ram : pass...
Page 464 8-138 AP-51xx Access Point Product Reference Guide AP51xx>admin(system)>show Description: Displays high-level access point system information. Syntax: show Displays access point system information. Example: admin(system)>show system name : BldgC system location : Atlanta Field Office admin email address : johndoe@mycompany.com system uptime...
Page 465 Example: admin(system)>show system name : AP51xx system location : San Jose Engineering admin email address : SJSharkey@symbol.com system uptime : 0 days 4 hours 33 minutes access point firmware version : 1.1.0.0-30D country code : us For information on configuring System Settings using the applet (GUI), see Configuring System Settings on page 4-2.
Page 466: System Debug And Last Password Commands
8-140 AP-51xx Access Point Product Reference Guide 8.4.1 System Debug and Last Password Commands AP51xx>admin(system)>debug Description: Accesses access point debug information. This information is designed for field service use only, and should not be used by unqualified personnel. Example: admin(system)>debug...
Page 467: Display Arp Table
Command Line Interface Reference 8-141 8.4.2 Display arp Table AP51xx>admin(system)>arp Description: Displays the output access point’s arp table. Example: admin(system)>arp Address HWtype HWaddress Flags Mask Iface 157.235.92.210 ether 00:11:25:14:61:A8 ixp1 157.235.92.179 ether 00:14:22:F3:D7:39 ixp1 157.235.92.248 ether 00:11:25:B2:09:60 ixp1 157.235.92.180 ether 00:0D:60:D0:06:90 ixp1 157.235.92.3...
Page 468: System Access Commands
8-142 AP-51xx Access Point Product Reference Guide 8.4.3 System Access Commands AP51xx>admin(system)>access Description: Displays the access point access submenu. show Displays access point system access capabilities. Goes to the access point system access submenu. Goes to the parent menu. Goes to the root menu.
Page 469 Command Line Interface Reference 8-143 AP51xx>admin(system.access)>set Description: Defines the permissions to access the access point applet, CLI, SNMP as well as defining their timeout values. Syntax: set applet Defines the applet HTTP/HTTPS access parameters. app-timeout <minutes> Sets the applet timeout. Default is 300 Mins. Defines CLI Telnet access parameters.
Page 470 8-144 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.access)>show Description: Displays the current access point access permissions and timeout values. Syntax: show Shows all of the current system access settings for the access point.. Example: admin(system.access)>show -------------------------------From LAN1-------From LAN2-------From WAN applet http access from lan...
Page 471: System Certificate Management Commands
Command Line Interface Reference 8-145 8.4.4 System Certificate Management Commands AP51xx>admin(system)>cmgr Description: Displays the Certificate Manager submenu. The items available under this command include: genreq Generates a Certificate Request. delself Deletes a Self Certificate. loadself Loads a Self Certificate signed by CA. listself Lists the self certificate loaded.
Page 472 8-146 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.cmgr)> genreq Description: Generates a certificate request. Syntax: genreq <IDname> <Subject> [-ou <OrgUnit>] [-on <OrgName>] [-cn <City>] [-st <State>] ..[-p <PostCode>] [-cc <CCode>] [-e <Email>] [-d <Domain>] [-i <IP>]...
Page 473 Command Line Interface Reference 8-147 AP51xx>admin(system.cmgr)> delself Description: ) Deletes a self certificate. Syntax: delself <IDname> Deletes the self certificate named <IDname>. Example: admin(system.cmgr)>delself MyCert2 For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on page 4-13.
Page 474 8-148 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.cmgr)> loadself Description: Loads a self certificate signed by the Certificate Authority. Syntax: loadself <IDname> Load the self certificate signed by the CA with name <IDname>. For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on page 4-13.
Page 475 Command Line Interface Reference 8-149 AP51xx>admin(system.cmgr)> listself Description: Lists the loaded self certificates. Syntax: listself Lists all self certificates that are loaded. For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on page 4-13.
Page 476 8-150 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.cmgr)> loadca Description: Loads a trusted certificate from the Certificate Authority. Syntax: loadca Loads the trusted certificate (in PEM format) that is pasted into the command line. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-10.
Page 477 Command Line Interface Reference 8-151 AP51xx>admin(system.cmgr)> delca Description: Deletes a trusted certificate. Syntax: delca <IDname> Deletes the trusted certificate. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-10.
Page 478 8-152 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.cmgr)> listca Description: Lists the loaded trusted certificate. Syntax: listca Lists the loaded trusted certificates. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-10.
Page 479 Command Line Interface Reference 8-153 AP51xx>admin(system.cmgr)> showreq Description: Displays a certificate request in PEM format. Syntax: showreq <IDname> Displays a certificate request named <IDname> generated from the genreq command. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-10.
Page 480 8-154 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.cmgr)> delprivkey Description: Deletes a private key. Syntax: delprivkey <IDname> Deletes private key named <IDname>. For information on configuring certificate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on page 4-13.
Page 481 Command Line Interface Reference 8-155 AP51xx>admin(system.cmgr)> listprivkey Description: Lists the names of private keys. Syntax: listprivkey Lists all private keys. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-10.
Page 482 8-156 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.cmgr)> expcert Description: Exports the certificaqte file. Syntax: expcert Exports the access point’s CA or Self certificate file. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page...
Page 483 Command Line Interface Reference 8-157 AP51xx>admin(system.cmgr)> impcert Description: Imports the target certificate file. Syntax: impcert Imports the target certificate file. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-10.
Page 484: System Snmp Commands
8-158 AP-51xx Access Point Product Reference Guide 8.4.5 System SNMP Commands AP51xx>admin(system)> snmp Description: Displays the SNMP submenu. The items available under this command are shown below. access Goes to the SNMP access submenu. traps Goes to the SNMP traps submenu.
Page 485: System Snmp Access Commands
Command Line Interface Reference 8-159 8.4.5.1 System SNMP Access Commands AP51xx>admin(system.snmp.access) Description: Displays the SNMP Access menu. The items available under this command are shown below. show Shows SNMP v3 engine ID. Adds SNMP access entries. delete Deletes SNMP access entries. list Lists SNMP access entries.
Page 486 8-160 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.snmp.access)> show Description: Shows the SNMP v3 engine ID. Syntax: show Shows the SNMP v3 Engine ID. Example: admin(system.snmp.access)>show eid access point snmp v3 engine id : 000001846B8B4567F871AC68 admin(system.snmp.access)> For information on configuring SNMP access settings using the applet (GUI), see Configuring SNMP Access Control on page 4-26.
Page 487 Command Line Interface Reference 8-161 AP51xx>admin(system.snmp.access)> add Description: Adds SNMP access entries for specific v1v2 and v3 user definitions. Syntax: add acl <ip1> <ip2> Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2> and as the ending IP address.
Page 488 8-162 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.snmp.access)> delete Description: Deletes SNMP access entries for specific v1v2 and v3 user definitions. Syntax: delete acl <idx> Deletes entry <idx> (1-10) from the access control list. Deletes all entries from the access control list.
Page 489 Command Line Interface Reference 8-163 AP51xx>admin(system.snmp.access)> list Description: Lists SNMP access entries. Syntax: list acl Lists SNMP access control list entries. v1v2c Lists SNMP v1/v2c configuration. <idx> Lists SNMP v3 user definition with index <idx>. Lists all SNMP v3 user definitions. Example: admin(system.snmp.access)>list acl ----------------------------------------------------------------...
Page 490: System Snmp Traps Commands
8-164 AP-51xx Access Point Product Reference Guide 8.4.5.2 System SNMP Traps Commands AP51xx>admin(system.snmp.traps) Description: Displays the SNMP traps submenu. The items available under this command are shown below. show Shows SNMP trap parameters. Sets SNMP trap parameters. Adds SNMP trap entries.
Page 491 Command Line Interface Reference 8-165 AP51xx>admin(system.snmp.traps)> show Description: Shows SNMP trap parameters. Syntax: show trap Shows SNMP trap parameter settings. rate-trap Shows SNMP rate-trap parameter settings. Example: admin(system.snmp.traps)>show trap SNMP MU Traps mu associated : enable mu unassociated : disable mu denied association : disable mu denied authentication...
Page 492 8-166 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.snmp.traps)> set Description: Sets SNMP trap parameters. Syntax: set mu-assoc enable/disable Enables/disables the MU associated trap. mu-unassoc enable/disable Enables/disables the MU unassociated trap. mu-deny-assoc enable/disable Enables/disables the MU association denied trap. mu-deny-auth enable/disable Enables/disables the MU authentication denied trap.
Page 493 Command Line Interface Reference 8-167 AP51xx>admin(system.snmp.traps)> add Description: Adds SNMP trap entries. Syntax: add v1v2 <ip> <port> <comm> <ver> Adds an entry to the SNMP v1/v2 access list with the destination IP address set to <ip>, the destination UDP port set to <port>, the community string set to <comm>...
Page 494 8-168 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.snmp.traps)> delete Description: Deletes SNMP trap entries. Syntax: delete v1v2c <idx> Deletes entry <idx> from the v1v2c access control list. Deletes all entries from the v1v2c access control list. <idx> Deletes entry <idx> from the v3 access control list.
Page 495 Command Line Interface Reference 8-169 AP51xx>admin(system.snmp.traps)> list Description: Lists SNMP trap entries. Syntax: list v1v2c Lists SNMP v1/v2c access entries. <idx> Lists SNMP v3 access entry <idx>. Lists all SNMP v3 access entries. Example: admin(system.snmp.traps)>add v1v2 203.223.24.2 162 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index...
Page 496: System Network Time Protocol (Ntp) Commands
8-170 AP-51xx Access Point Product Reference Guide 8.4.6 System Network Time Protocol (NTP) Commands AP51xx>admin(system)> ntp Description: Displays the NTP menu. The correct network time is required for numerous functions to be configured accuaretly on the access point. Syntax: show Shows NTP parameters settings.
Page 497 Command Line Interface Reference 8-171 AP51xx>admin(system.ntp)> show Description: Displays the NTP server configuration. Syntax: show Shows all NTP server settings. Example: admin(system.ntp)>show current time (UTC) : 2006-07-31 14:35:20 Time Zone: ntp mode : enable preferred Time server ip : 203.21.37.18 preferred Time server port : 123 first alternate server ip...
Page 498 8-172 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.ntp)> date-zone Description: Show date, time and time zone. Syntax: date-zone Show date, time and time zone. Example: date-zone admin(system.ntp)> Date/Time : Sat 1970-Jan-03 20:06:22 +0000 UTC Time Zone...
Page 499 Command Line Interface Reference 8-173 AP51xx>admin(system.ntp)> zone-list Description: Displays an extensive list of time zones for countries around the world. Syntax: zone-list Displays list of time zones for every known zone. Example: zone-list admin(system.ntp)>...
Page 500 8-174 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.ntp)> set Description: Sets NTP parameters for access point clock synchronization. Syntax: set mode <ntp-mode> Enables or disables NTP. server <idx> <ip> Sets the NTP sever IP address. port <idx> <port> Defines the port number.
Page 501: System Log Commands
Command Line Interface Reference 8-175 8.4.7 System Log Commands AP51xx>admin(system)> logs Description: Displays the access point log submenu. Logging options include: Syntax: show Shows logging options. Sets log options and parameters. view Views system log. delete Deletes the system log. send Sends log to the designated FTP Server.
Page 502 8-176 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.logs)> show Description: Displays the current access point logging settings. Syntax: show Displays the logging options. Example: admin(system.logs)>show log level : L6 Info syslog server logging : enable syslog server ip address : 192.168.0.102...
Page 503 Command Line Interface Reference 8-177 AP51xx>admin(system.logs)> set Description: Sets log options and parameters. Syntax: level <level> Sets the level of the events that will be logged. All events with a level at or above <level> (L0-L7) will be saved to the system log. L0:Emergency L1:Alert L2:Critical...
Page 504 8-178 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.logs)> view Description: Displays the access point system log file. Syntax: view Displays the entire access point system log file. Example: admin(system.logs)>view 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance...
Page 505 Command Line Interface Reference 8-179 AP51xx>admin(system.logs)> delete Description: Deletes the log files. Syntax: delete Deletes the access point system log file. Example: admin(system.logs)>delete For information on configuring logging settings using the applet (GUI), see Logging Configuration on page 4-39.
Page 506 8-180 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.logs)> send Description: Sends log and core file to an FTP Server. Syntax: send Sends the system log file via FTP to a location specified with the set command. Refer to the command set under the AP51xx>admin(config) command for information on setting up an FTP server and login information.
Page 507: System Configuration-Update Commands
Command Line Interface Reference 8-181 8.4.8 System Configuration-Update Commands AP51xx>admin(system.config)> Description: Displays the access point configuration update submenu. Syntax: default Restores the default access point configuration. partial Restores a partial default access point configuration. show Shows import/export parameters. Sets import/export access point configuration parameters. export Exports access point configuration to a designated system.
Page 508 8-182 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.config)> default Description: Restores the full access point factory default configuration. Syntax: default Restores the access point to the original (factory) configuration. Example: admin(system.config)>default Are you sure you want to default the configuration? <yes/no>:...
Page 509 Command Line Interface Reference 8-183 AP51xx>admin(system.config)> partial Description: Restores a partial factory default configuration. The access point’s LAN, WAN and SNMP settings are uneffected by the partial restore. Syntax: default Restores a partial access point configuration. Example: admin(system.config)>partial Are you sure you want to partially default the access point? <yes/no>: For information on importing/exporting access point configurations using the applet (GUI), see Importing/Exporting Configurations on page 4-41.
Page 510 8-184 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.config)> show Description: Displays import/export parameters for the access point configuration file. Syntax: show Shows all import/export parameters. Example: admin(system.config)>show cfg filename : cfg.txt cfg filepath ftp/tftp server ip address : 192.168.0.101 ftp user name...
Page 511 Command Line Interface Reference 8-185 AP51xx>admin(system.config)> set Description: Sets the import/export parameters. Syntax: file <filename> Sets the configuration file name (1 to 39 characters in length). path <path> Defines the path used for the configuration file upload. server <ipaddress> Sets the FTP/TFTP server IP address. user <username>...
Page 512 8-186 AP-51xx Access Point Product Reference Guide AP51xx>admin(system.config)> export Description: Exports the configuration from the system. Syntax: export Exports the access point configuration to the FTP server. Use the set command to set the server, user, password, and file name before using this command.
Page 513 In turn, a dual-radio model access point cannot import/export its configuration to a single-radio access point. CAUTION Symbol discourages importing a 1.0 baseline configuration file to a 1.1 version access point. Similarly, a 1.1 baseline configuration file should not be imported to a 1.0 version access point. Importing configuration files between different version access point’s results in broken configurations, since...
Page 514: Firmware Update Commands
8-188 AP-51xx Access Point Product Reference Guide 8.4.9 Firmware Update Commands AP51xx>admin(system)>fw-update Description: Displays the firmware update submenu. The items available under this command are shown below. NOTE The access point must complete the reboot process to successfully update the device firmware, regardless of whether the reboot is conducted uing the GUI or CLI interfaces.
Page 515 Command Line Interface Reference 8-189 AP51xx>admin(system.fw-update)>show Description: Displays the current access point firmware update settings. Syntax: show Shows the current system firmware update settings for the access point. Example: admin(system.fw-update)>show automatic firmware upgrade : enable automatic config upgrade : enable automatic upgrade interface : WAN firmware filename...
Page 516 Specifies a username for FTP server login (1 to 39 characters).. passwd <password> Specifies a password for FTP server login (1 to 39 characters).. Default is symbol. For information on updating access point device firmware using the applet (GUI), see Updating Device Firmware on page...
Page 517 Command Line Interface Reference 8-191 AP51xx>admin(system.fw-update)>update Description: Executes the access point firmware update over the WAN or LAN port using either ftp or tftp. Syntax: update <mode><iface> Defines the ftp ot tftp mode used to conduct the firmware update. Specifies whether the update is executed over the access point’s WAN, LAN1 or LAN2 interface <iface>.
Page 518: Statistics Commands
8-192 AP-51xx Access Point Product Reference Guide 8.5 Statistics Commands AP51xx>admin(stats) Description: Displays the access point statistics submenu. The items available under this command are: show Displays access point WLAN, MU, LAN and WAN statistics. send-cfg-ap Sends a config file to another access point within the known AP table.
Page 519 Command Line Interface Reference 8-193 AP51xx>admin(stats)> show Description: Displays access point system information. Syntax: show Displays stats for the access point WAN port. Displays stats for the access point LAN port Displays LAN Spanning Tree Status wlan Displays WLAN status and statistics summary. s-wlan Displays status and statistics for an individual WLAN radio...
Page 520 8-194 AP-51xx Access Point Product Reference Guide AP51xx>admin(stats)> send-cfg-ap Description: Copies the access point’s configuration to another access point within the known AP table. Syntax: send-cfg-ap <index> Copies the access point’s configuration to the access points within the known AP table. Mesh configuration attributes do not get copied using this command and must be configured manually.
Page 521 Command Line Interface Reference 8-195 AP51xx>admin(stats)> send-cfg-all Description: Copies the access point’s configuration to all of the access points within the known AP table. Syntax: send-cfg-all Copies the access point’s configuration to all of the access points within the known AP table. Example: admin(stats)>send-cfg-all admin(stats)>...
Page 522 8-196 AP-51xx Access Point Product Reference Guide AP51xx>admin(stats)> clear Description: Clears the specified statistics counters to zero to begin new data calculations. Syntax: clear Clears WAN statistics counters. Clears LAN statistics counters. all-rf Clears all RF data. all-wlan Clears all WLAN summary information.
Page 523 Command Line Interface Reference 8-197 AP51xx>admin(stats)> flash-all-leds Description: Starts and stops the illumination of a specified access point’s LEDs. Syntax: flash-all-leds <index> Defines the Known AP index number of the target AP to flash. <stop/start> Begins or terminates the flash activity. Example: admin(stats)>...
Page 524 8-198 AP-51xx Access Point Product Reference Guide AP51xx>admin(stats)> echo Description: Defines the echo test values used to conduct a ping test to an associated MU. Syntax: show Shows the Mobile Unit Statistics Summary. list Defines echo test parameters and result.
Page 525 Command Line Interface Reference 8-199 AP51xx>admin.stats.echo)> show Description: Shows Mobile Unit Statistics Summary. Syntax: show Shows Mobile Unit Statistics Summary. Example: admin(stats.echo)>show ---------------------------------------------------------------------------- IP Address MAC Address WLAN Radio T-put Retries ---------------------------------------------------------------------------- 192.168.2.0 00:A0F8:72:57:83 demo...
Page 526 8-200 AP-51xx Access Point Product Reference Guide AP51xx>admin.stats.echo)> list Description: Lists echo test parameters and results. Syntax: list Lists echo test parameters and results. Example: admin(stats.echo)>list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 admin(stats.echo)>...
Page 527 Command Line Interface Reference 8-201 AP51xx>admin.stats.echo)>set Description: Defines the parameters of the echo test. Syntax: station <mac> Defines MU target MAC address. request <num> Sets number of echo packets to transmit (1-539). length <num> Determines echo packet length in bytes (1-539). data <hex>...
Page 528 8-202 AP-51xx Access Point Product Reference Guide AP51xx>admin.stats.echo)> start Description: Initiates the echo test. Syntax: start Initiates the echo test. Example: admin(stats.echo)>start admin(stats.echo)>list Station Address : 00A0F843AABB Number of Pings : 10 Packet Length : 100 Packet Data (in HEX)
Page 529 Command Line Interface Reference 8-203 AP51xx>admin(stats)> ping Description: Defines the ping test values used to conduct a ping test to an AP with the same ESSID. Syntax: ping show Shows Known AP Summary details. list Defines ping test packet length. Determines ping test packet data.
Page 530 8-204 AP-51xx Access Point Product Reference Guide AP51xx>admin.stats.ping)> show Description: Shows Known AP Summary Details. Syntax: show Shows Known AP Summary Details. Example: admin(stats.ping)>show ---------------------------------------------------------------------------- IP Address MAC Address KBIOS Unit Name ---------------------------------------------------------------------------- 192.168.2.0 00:A0F8:72:57:83 access point...
Page 531 Command Line Interface Reference 8-205 AP51xx>admin.stats.ping)> list Description: Lists ping test parameters and results. Syntax: list Lists ping test parameters and results. Example: admin(stats.ping)>list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 admin(stats.ping)>...
Page 532 8-206 AP-51xx Access Point Product Reference Guide AP51xx>admin.stats.ping)> set Description: Defines the parameters of the ping test. Syntax: station Defines the AP target MAC address. request Sets number of ping packets to transmit (1-539). length Determines ping packet length in bytes (1-539).
Page 533 Command Line Interface Reference 8-207 AP51xx>admin.stats.echo)> start Description: Initiates the ping test. Syntax: start Initiates the ping test. Example: admin(stats.ping)>start admin(stats.ping)>list Station Address : 00A0F843AABB Number of Pings : 10 Packet Length : 100 Packet Data (in HEX) Number of AP Responses For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-30.
Page 534 8-208 AP-51xx Access Point Product Reference Guide...
Page 535: Chapter 9. Configuring Mesh Networking
Configuring Mesh Networking 9.1 Mesh Networking Overview An AP-51xx can be configured in two modes to support the new mesh networking functionality. The access point can be set to a client bridge mode and/or a base bridge mode (which accepts connections from client bridges).
Page 536 A mesh network must use one of the two access point LANs. If intending to use the access point for mesh networking support, Symbol recommends configuring at least one WLAN (of the 16 WLANs available) specifically for mesh networking support.
Page 537: The Ap-51Xx Client Bridge Association Process
MU traffic with its associated devices. CAUTION Only Symbol AP-5131 or AP-5181 model access points can be used as base bridges, client bridges or repeaters within an access point supported mesh network. If utilizing a mesh network, Symbol recommends considering a dual-radio model to optimize channel utilization and throughput.
Page 538: Client Bridge Configuration Process Example
9.1.2 Spanning Tree Protocol (STP) The access point performs mesh networking using STP as defined in the 802.1d standard. NOTE The Symbol AP-4131 access point uses a non-standard form of 802.1d STP, and is therefore not compatible as a base bridge or client bridge within an access point managed network.
Page 539: Defining The Mesh Topology
Configuring Mesh Networking Support on page 9-6. 9.1.4 Mesh Networking and the AP-51xx’s Two Subnets The access point now has a second subnet on the LAN side of the system. This means wireless clients communicating through the same radio can reside on different subnets. The addition of this feature adds another layer of complexity to the access point’s mesh networking functionality.
Page 540: Normal Operation
AP-51xx Access Point Product Reference Guide 9.1.5 Normal Operation Once the mesh network is defined, all normal access point operations are still allowed. MUs are still allowed to associate with the access point as usual. The user can create WLANs, security polices and VLANs as with any other access point.
Page 541 The user does not necessarily have to change these settings, as the default settings will work. However, Symbol encourages the user to define an access point as a base bridge and root (using the base bridge priority settings within the Bridge STP Configuration screen). Members of the mesh network can be configured as client bridges or additional base bridges with a higher priority value.
Page 542 (commonly referred to as the root). Symbol recommends assigning a Base Bridge AP with the lowest bridge priority so it becomes the root in the STP. If a root already exists, set the Bridge Priorities of new APs accordingly so the root of the STP doesn't get altered.
Page 543: Configuring A Wlan For Mesh Networking Support
WLAN in order to share the same ESSID, radio designation, security policy, MU ACL and Quality of Service policy. If intending to use the access point for mesh networking support, Symbol recommends configuring at least one WLAN (of the 16 WLANs available) specifically for mesh networking support.
Page 544 WLAN that each access point will share when using this WLAN within their mesh network. Symbol recommends assigning a unique name to a WLAN supporting a mesh network to differentiate it from WLANs defined for non mesh support. The name assigned to the...
Page 545 (one set between the Base Bridge and repeater and another between the repeater and Client Bridge). However, for ease of management and to not waste network bandwidth, Symbol recommends using the same ESSID across the entire mesh network.
Page 546 9-12 AP-51xx Access Point Product Reference Guide Kerberos and 802.1x EAP, as these authentication schemes are not supported within a mesh network. If none of the existing policies are suitable, select the Create button to the right of the Security Policy drop-down menu and configure a policy suitable for the mesh network.
Page 547: Configuring The Access Point Radio For Mesh Support
If a hacker tries to find an ESSID via an MU, the AP- 5131’s ESSID does not display since the ESSID is not in the beacon. Symbol recommends keeping the option enabled to reduce the likelihood of hacking into the WLAN.
Page 548 9-14 AP-51xx Access Point Product Reference Guide To configure the access point radio for mesh networking support: NOTE The dual-radio model access point affords users better optimization of the mesh network feature by allowing the access point to transmit to other...
Page 549 9-15 Configuring Mesh Networking Radio Status MUs connected values update. If this is an existing radio within a mesh network, these values update in real-time. CAUTION If a radio is disabled, be careful not to accidentally configure a new WLAN, expecting the radio to be operating when you have forgotten it was disabled.
Page 550 WLAN (ESS) the client bridge uses to establish a wireless link. The default setting, is (WLAN1). Symbol recommends creating (and naming) a WLAN specifically for mesh networking support to differentiate the Mesh supported WLAN from non-Mesh supported WLANs.
Page 551 NOTE Auto link selection is based on the RSSI and load. The client bridge will select the best available link when the Automatic Link Selection checkbox is selected. Symbol recommends you do not disable this option, as (when enabled) the access point will select the best base bridge for connection.
Page 552 9-18 AP-51xx Access Point Product Reference Guide 12. Highlight a MAC address from the Preferred Base Bridge List and click the button to assign that device’s MAC address a higher priority and a greater likelihood of joining the mesh network if an association with another device is lost.
Page 553 Radio Configuration screen to the last saved configuration. 19. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. Once the target radio has been enabled from the...
Page 554: Usage Scenario - Trion Enterprises
AP1 and be placed on a wall of a receiving shack (a remote building in the shipping yard) with antennas oriented into the shipping yard. AP2 also is also connected to a Symbol ES3000 wireless switch providing connectivity (on its own local subnet) to laptops within the receiving shack.
Page 555 9-21 Configuring Mesh Networking 2. The Trion IT Department installs the AP1 on a wall with the antennas orienting outward into the shipping and receiving yard. The team then installs the AP2 on a wall on the receiving shack in the shipping yard. The Trion IT department follows the instructions in Wall Mounted Installations on page 2-15 to install AP1 and AP2.
Page 556 9-22 AP-51xx Access Point Product Reference Guide 3. The Trion IT department selects Network Configuration -> LAN from the AP-5131 menu tree. 4. The Trion IT department verifies the LAN used to support the mesh network is enabled for both AP1 and AP2, (by selecting the Enable checkbox).
Page 557 9-23 Configuring Mesh Networking 6. The IT team selects the Mesh STP Configuration button on the bottom off the screen. 7. The Trion IT department sets the Priority setting to 10000 (for AP1) in order for future members of the mesh network to defer to AP1 as the AP defining the mesh network configuration (thus defining AP1 to what is commonly referred to as the root).
Page 558 9-24 AP-51xx Access Point Product Reference Guide Wireless Configuration screen displays with those existing WLANs displayed within the table. This is Trion’s first deployment for this new dual-radio access point, upon reviewing the Wireless Page they determine the existing default WLAN should be left as is and a new WLAN should be created that can be dedicated to the mesh network supporting the shipping yard.
Page 559 9-25 Configuring Mesh Networking 11. The Trion IT team assigns the WLAN a unique ESSID (103) used by each new base bridge, client bridge and repeater joining the mesh network. 12. The team assigns the name of “trion mesh” to the WLAN so it will not be confused with other WLANs used in other areas of the Trion facility.
Page 560 9-26 AP-51xx Access Point Product Reference Guide 19. The Broadcast Key Rotation checkbox is selected, as the IT team plans to change the keys from time to time (for security purposes) and wants these keys to be broadcasted using the default interval 86400 seconds.
Page 561 9-27 Configuring Mesh Networking 22. From back at the Edit WLAN screen, the IT team selects the Create button (to the right of MU Access Control drop-down menu. New MU ACL Policy screen displays with no existing MAC address ranges. 23.
Page 562 9-28 AP-51xx Access Point Product Reference Guide Now a QoS policy needs to be defined for the shipping and receiving mesh network WLAN. The IT Team envisions little if any video or voice traffic within the shipping yard as the MUs within primarily scan bar codes and upload data.
Page 563 9-29 Configuring Mesh Networking 30. The IT Team assigns the name of “mesh network qos” to the QoS policy to eliminate any confusion with the policy’s intended function. 31. The IT Team does not plan on supporting any legacy 802.11b voice enabled devices, so they leave the Support Voice prioritization checkbox unselected.
Page 564 9-30 AP-51xx Access Point Product Reference Guide 37. For AP2, the IT Team enables both Radio 1 and Radio 2 and defines Radio 2 as a client bridge. NOTE The Trion IT team is aware it is not a good idea to dedicate both radios (of a dual-radio model access point) to support mesh networking.
Page 565: Adding 2 Client Bridges To Expand The Coverage Area
9-31 Configuring Mesh Networking For the next six months, Trion Enterprises’ mesh network only consists of AP1 and AP2. AP1 has already been defined as the root bridge in the mesh network when it was assigned a Priority value of 1 within the Bridge STP Configuration screen. 41.
Page 566 9-32 AP-51xx Access Point Product Reference Guide broadcast range (see the illustration below). The Trion IT department follows the instructions in Wall Mounted Installations on page 2-15 to install AP3 and AP4. 3. The Trion IT department selects Network Configuration -> LAN from the AP-5131 menu tree.
Page 567 9-33 Configuring Mesh Networking 5. The Trion IT department then selects Network Configuration -> LAN -> trion from the AP-5131 menu tree. 6. The IT team selects the Mesh STP Configuration button on the bottom of the screen. 7. The Trion IT department adjusts the Priority setting to at 15000 for AP3 and 16000 for AP4 to defer to AP1 (which was assigned a priority of 10000) as the access point defining the...
Page 568 9-34 AP-51xx Access Point Product Reference Guide 9. The team selects the Edit button to revise (and rename) the existing default WLAN to support mesh networking. 10. The Trion IT team assigns AP3 and AP4 an ESSID of 103. Therefore, AP1 and AP2 should be able to “see”...
Page 569 9-35 Configuring Mesh Networking 13. The team wants to limit the number of MUs connecting to the mesh WLAN (for the present time). Therefore, the team sets the Maximum MUs field to 10, and will use the Radio Configuration page to control the number of client bridge connections. 14.
Page 570 9-36 AP-51xx Access Point Product Reference Guide 21. Now a QoS policy needs to be defined for the shipping and receiving mesh WLAN. The IT Team still envisions little (if any) video or voice traffic within the shipping as the MUs within primarily scan bar codes and upload data.
Page 571 9-37 Configuring Mesh Networking 24. The IT Team leaves each radio’s Max # Client Bridge setting at the default setting of 12. This ensures as client bridges are added to the growing mesh network that they can be accounted for. 25.
Page 572: Adding 2 More Client Bridges To The Trion Network
9-38 AP-51xx Access Point Product Reference Guide 9.3.3 Adding 2 More Client Bridges to the Trion Network After an additional six months with their existing 4 access point mesh network, Trion Enterprises needs and approves the addition of two additional access points (AP5 and AP6) to be configured as client bridges.
Page 573 9-39 Configuring Mesh Networking 3. The Trion IT department selects Network Configuration -> LAN from the AP-5131 menu tree. 4. The Trion IT department verifies the LAN used to support the mesh network is enabled for both AP5 and AP6, (by selecting the Enable checkbox).
Page 574 9-40 AP-51xx Access Point Product Reference Guide 7. The Trion IT department adjusts the Priority setting to at 21000 for AP5 and 22000 for AP6 for both to defer to AP1 (which was assigned a priority of 10000) as the access point defining the mesh network configuration.
Page 575 9-41 Configuring Mesh Networking 9. The team selects the Edit button to revise (and rename) the existing default WLAN to support mesh networking. 10. The Trion IT team assigns the WLAN an ESSID of 103 to be consistent with the trion mesh WLAN ESSID of the other four access points within the mesh network.
Page 576 9-42 AP-51xx Access Point Product Reference Guide Thus, MU traffic will be segregated from the mesh traffic proliferating each AP’s 802.11a radio. 13. again, the team wants to limit the number of MUs connecting to the mesh WLAN (for the present time).
Page 577 9-43 Configuring Mesh Networking The team now needs to define the radio configurations for AP5 and AP6. 22. The IT team selects Network Configuration -> Wireless -> Radio Configuration from the AP-5131 menu tree. Radio Configuration screen displays. 23. For both AP5 and AP6, the IT Team enables Radio 2 and defines the radio as a client bridge. 24.
Page 578 9-44 AP-51xx Access Point Product Reference Guide coverage area. But for now, the 802.11a radio of both AP5 and AP6 can remain defined as a client bridge to support the outer fringes of the Trion Enterprises shipping yard.
Page 579: Appendix A. Technical Specifications
Technical Specifications This appendix provides technical specifications in the following areas: • Physical Characteristics • Electrical Characteristics • Radio Characteristics • Antenna Specifications • Country Codes...
Page 580: Physical Characteristics
AP-51xx Access Point Product Reference Guide A.1 Physical Characteristics A.1.1 AP-5131 Physical Characteristics The AP-5131 has the following physical characteristics: Dimensions 5.32 inches long x 9.45 inches wide x 1.77 inches thick. 135 mm long x 240 mm wide x 45 mm thick.
Page 581: Ap-5181 Physical Characteristics
Technical Specifications A.1.2 AP-5181 Physical Characteristics The AP-5181 has the following physical characteristics: Dimensions 12 inches long x 8.25 inches wide x 3.5 inches thick. Housing Aluminum Weight 4 lbs. Operating -30 to 55° Celsius Temperature Storage Temperature -40 to 85° Celsius Altitude 8,000 feet/2438 m @ 28°...
Page 582: Electrical Characteristics
Both the AP-5131 and the AP-5181 access points have the following electrical characteristics: CAUTION An AP-5181 model access point cannot use the AP-5131 recommended Symbol 48-Volt Power Supply (Part No. 50-24000-050). However, Symbol does recommend the AP-PSBIAS-5181-01R model power supply for use the AP-5181.
Page 583: Antenna Specifications
AP-5181 model access point. CAUTION Using an antenna other than the Dual-Band Antenna (Part No. ML-2452-APA2-01) could render the AP-5131’s Rogue AP Detector Mode feature inoperable. Contact your Symbol sales associate for specific information. A.4.1.1 2.4 GHz Antenna Matrix The following table describes each 2.4 GHz antenna approved for use with the AP-5131.
Page 584: Ghz Antenna Matrix
Antenna ML-2452-APA2-01 Dual-Band A.4.1.3 AP-5131 Additional Antenna Components The following table lists the Symbol part number for various antenna accessories. This table also includes the loss for each accessory at both 2.4 and 5.2 GHz. Loss (db) Loss (db) Item...
Page 585: Ap-5181 Antenna Specifications
Technical Specifications Item Connector1 Connector2 Length (meters) Cable Type LAK1 RPBNC-F 0.305 RG-58 LAK2 10JK 3.05 RG-8 25JK 7.62 RG-8 50JK 15.24 RG-8 100JK 30.48 RG-8 A.4.2 AP-5181 Antenna Specifications The AP-5181 2.4 GHz antenna suite includes the following models: Nominal Net Gain Part Number Antenna Type...
Page 586 AP-51xx Access Point Product Reference Guide The AP-5181 5.2 GHz antenna suite includes the following models: Nominal Net Gain Part Number Antenna Type (dBi) Description ML-5299-FHPA6-01R Omni-Directional Antenna 4.900-5.850 GHz, Type N connector, no pigtail ML-5299-FHPA10-01R Omni-Directional Antenna 10.0 5.8 GHz,...
Page 587: Country Codes
Technical Specifications A.5 Country Codes The following list of countries and their country codes is useful when using the access point configuration file, CLI or the MIB to configure the access point: Country Code Country Code Argentina Mexico Australia Montenegro Austria Morocco Bahamas...
Page 588 A-10 AP-51xx Access Point Product Reference Guide Cypress Serbia Czech Rep. Singapore Denmark Slovak Republic Dominican Republic Slovenia Ecuador South Africa El Salvador South Korea Estonia Spain Egypt Sri Lanka Falkland Islands Sweden Finland Switzerland France Taiwan Germany Thailand Greece...
Page 589 A-11 Technical Specifications Japan Jordan Kazakhstan Kuwait Latvia Lebanon Liechtenstein Lithuania Luxembourg Macedonia Malaysia Malta Martinique...
Page 590 A-12 AP-51xx Access Point Product Reference Guide...
Page 591: Appendix B. Usage Scenarios
Usage Scenarios This appendix provides practical usage scenarios for many of the access point’s key features. This information should be referenced as a supplement to the information contained within this Product Reference Guide. The following scenarios are described: • Configuring Automatic Updates using a DHCP or Linux BootP Server •...
Page 592: Windows - Dhcp Server Configuration
(01) when making a comparison. Change the last two characters to update the configuration. The two characters can be alpha-numeric. NOTE A Symbol AP-5181 model access point does not support firmware prior to version 1.1.1.x.
Page 593 To configure the DHCP Server for automatic updates: 1. Set the Windows DHCP Server and access point on the same Ethernet segment. 2. Configure the Windows based DHCP Server as follows: a. Highlight the Server Domain Name (for example, apfw.symbol.com). From the Action menu, select Define Vendor Classes.
Page 594: Global Options - Using Extended/Standard Options
To configure Global options using extended/standard options: 1. Set the Windows DHCP Server and access point on the same Ethernet segment. 2. Configure the Windows based DHCP Server as follows: a. Highlight the Server Domain Name (for example, apfw.symbol.com). From the Action menu, select Set Predefined Options.
Page 595: Dhcp Priorities
Usage Scenarios NOTE If using Standard Options and the configuration of the access point needs to be changed, use option 129 or 188 as specified in the Extended Options table. Standard options 66 and 67 are already present in the DHCP Standard Options Class by default.
Page 596: Linux - Bootp Server Configuration
AP-51xx Access Point Product Reference Guide -------------------------------------------------------------------------------------------- If the DHCP Server is configured for options 186 and 66 (to assign TFTP Server IP addresses) the access point uses the IP address configured for option 186. Similarly, if the DHCP Server is configured for options 187 and 67 (for the firmware file) the access point uses the file name configured for option 187.
Page 597: Bootp Options
Usage Scenarios B.1.2.1 BootP Options This section contains instructions for the automatic update of the access point firmware and configuration file using a BootP Server. The setup example described in this section includes: • 1 AP-5131 or AP-5181 model access point •...
Page 598 AP-51xx Access Point Product Reference Guide Using options sa, bf and 136: AP-5131:ha=00a0f88aa6d8\ < LAN M AC Address> :sm =255.255.255.0\ <Subnet M ask> :ip=157.235.93.128\ <IP A ddress> :gw =157.235.93.2\ <gatew ay> :sa=157.235.93.250\ <TFTP Server IP> :bf=/tftpboot/cfg.txt\ <Configuration file> :T136=”/tftpboot/”: <TFTP root directory>...
Page 599: Bootp Priorities
Usage Scenarios NOTE If the firmware files are the same, the firmware will not get updated. If the configuration file name matches the last used configuration file on the access point or if the configuration file versions are the same, the access point configuration will not get updated.
Page 600: Configuring A Vpn Tunnel Between Two Access Points
B-10 AP-51xx Access Point Product Reference Guide • Frequently Asked VPN Questions B.2.1 Configuring a VPN Tunnel Between Two Access Points The access point can connect to a non-AP device supporting IPSec, such as a Cisco VPN device - labeled as "Device #2".
Page 601 B-11 Usage Scenarios 5. Enter the WAN port IP address of AP #1 for the Local WAN 6. Within the Remote Subnet Remote Subnet Mask fields, enter the LAN IP subnet and mask of AP #2 /Device #2. 7. Enter the WAN port IP address of AP #2/ Device #2 for a Remote Gateway.
Page 602 B-12 AP-51xx Access Point Product Reference Guide 13. Select Pre Shared Key (PSK) from the IKE Authentication Mode drop-down menu. 14. Enter a Passphrase. Passphrases must match on both VPN devices. NOTE Ensure the IKE authentication Passphrase is the same as the Pre-shared key on the Cisco PIX device.
Page 603: Configuring A Cisco Vpn Device
B-13 Usage Scenarios B.2.2 Configuring a Cisco VPN Device This section includes general instructions for configuring a Cisco PIX Firewall 506 series device. For the usage scenario described in this section, you will require the following: • 1 Cisco VPN device •...
Page 604: Frequently Asked Vpn Questions
B-14 AP-51xx Access Point Product Reference Guide B.2.3 Frequently Asked VPN Questions The following are common questions that arise when configuring a VPN tunnel. • Question 1: Does the access point IPSec tunnel support multiple subnets on the other end of a VPN concentrator? Yes.
Page 605 B-15 Usage Scenarios • Question 3: Can the AP be accessed via its LAN interface of AP#1 from the local subnet of AP#2 and vice versa? Yes. • Question 4: Will the default "Manual Key Exchange" settings work without making any changes? No.
Page 606 B-16 AP-51xx Access Point Product Reference Guide Yes. Only packets that match the VPN Tunnel Settings will be sent through the VPN tunnel. All other packets will be handled by whatever firewall rules are set. • Question 8: How do I specify which certificates to use for an IKE policy from the...
Page 607 B-17 Usage Scenarios • Question 9: I am using a direct cable connection between my two VPN gateways for testing and cannot get a tunnel established, yet it works when I set them up across another network or router. Why? The packet processing architecture of the access point VPN solution requires the WAN default gateway to work properly.
Page 608 B-18 AP-51xx Access Point Product Reference Guide • Verify you can ping each of the remote Gateway IP addresses from clients on either side. Failed pings can indicate general network connection problems. • Pinging the internal gateway address of the remote subnet should run the ping through the tunnel as well.
Page 609 B-19 Usage Scenarios Transport Scr port 1:65535 Dst port Rev NAT None These three rules should be configured above all other rules (default or user defined). When Advanced LAN Access is used, certain inbound/outbound rules need to be configured to control incoming/outgoing packet flow for IPSec to work properly (with Advanced LAN Access).
Page 610: Replacing An Ap-4131 With An Ap-5131 Or Ap-5181
The access point’s modified default configuration enables an AP-5131or AP-5181 to not only operate in a single-cell environment, but also function as a replacement for legacy Symbol AP-4131 model access points. You cannot port an AP-4131’s configuration file to an AP-5131 or AP-5181, but you can configure an AP-5131 or AP-5181 similarly and provide an improved data rate and feature set.
Page 611: Appendix C. Customer Support
Customer Support Symbol Technologies provides its customers with prompt and accurate customer support. Use the Symbol Support Center as the primary contact for any technical problem, question or support issue involving Symbol products. If the Symbol Customer Support specialists cannot solve a problem, access to all technical disciplines within Symbol becomes available for further assistance and support.
Page 612 North American Contacts Inside North America: Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 Telephone: 1-631-738-2400/1-800-SCAN 234 Fax: 1-631-738-5990 Symbol Support Center (for warranty and service information): telephone: 1-800-653-5350 fax: (631) 738-5410 Email: support@symbol.com International Contacts Outside North America:...
Page 613 Customer Support Web Support Sites MySymbolCare http://www.symbol.com/services/msc/msc.html Symbol Services Homepage http://symbol.com/services Manual Updates http://symbol.com/legacy_manuals/wire/accesspoints.html Symbol Developer Program http://devzone.symbol.com Additional Information Obtain additional information by contacting Symbol at: 1-800-722-6234, inside North America +1-516-738-5200, in/outside North America http://www.symbol.com/...
Page 614 AP-51xx Access Point Product Reference Guide...
Page 615: Index
AP-5181 Antenna Specifications ....A-7 addresses, Symbol......viii AP-5181 LED Indicators .
Page 616 IN-6 AP-51xx Access Point Product Reference Guide CLI, WAN VLAN Commands ....8-49, 8-58 Command Line Interface (CLI) bandwidth management ......5-63 configuration .
Page 617 LEDs ........1-18, 2-22 phone numbers, Symbol......viii logging configuration.
Page 618 IN-8 AP-51xx Access Point Product Reference Guide SNMP, v3 user definitions ..... .4-24 statistics, AP-5131 ......7-33 QoS support .
Page 619 IN-9 VPN, manual key settings ..... . 6-40 WLAN, ACL ....... . . 5-36 VPN, status .
Page 620 IN-10 AP-51xx Access Point Product Reference Guide...
Page 622 Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 http://www.symbol.com 72E-92949-01 Revision A - January 2007...

Symbol AP-51xx Product Reference Manual

About this Guide

Chapter 1. Introduction

Chapter 2. Hardware Installation

Chapter 3. Getting Started

Chapter 4. System Configuration

Chapter 5. Network Management

Chapter 6. Configuring Access Point Security

Chapter 7. Monitoring Statistics

Chapter 8. Command Line Interface Reference

Chapter 9. Configuring Mesh Networking

Appendix A. Technical Specifications

Appendix B. Usage Scenarios

Appendix C. Customer Support

Index

Quick Links

Related Manuals for Symbol AP-51xx

Summary of Contents for Symbol AP-51xx