Download  Print this page

Samsung WEC8500 Operation Manual

Wireless enterprise access point controllers (apc)
Hide thumbs
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673

Advertisement

Table of Contents
WEC8050 / WEC8500 Operation Manual
Version 7.1
Samsung Wireless Enterprise
Access Point Controllers (APC)
WEC8500 & WEC8050
Operation Manual

Advertisement

Table of Contents
loading

  Also See for Samsung WEC8500

  Related Manuals for Samsung WEC8500

  Summary of Contents for Samsung WEC8500

  • Page 1 WEC8050 / WEC8500 Operation Manual Version 7.1 Samsung Wireless Enterprise Access Point Controllers (APC) WEC8500 & WEC8050 Operation Manual...
  • Page 2 SAMSUNG ELECTRONICS AMERICA reserves the right without prior notice to revise information in this publication for any reason. SAMSUNG ELECTRONICS AMERICA also reserves the right without prior notice to make changes in design or components of equipment as engineering and...
  • Page 3 This manual describes the overview, management, and setup of Samsung Wireless Enterprise Access Point Controllers (APC) models WEC8500 & WEC8050. This manual is written for WEC8500 version 3.1.8R, WEC8050 version 3.1.8R. Document Content and Organization This manual consists of ten Chapters, three Annexes, and a list of Abbreviations.
  • Page 4 Open source list used in the APC and its license notices. ANNEX C. Open Source Announcement (WEA300/WEA400 Series) Open source list used in the Samsung Wireless Enterprise WLAN AP and its license notice. ABBREVIATION Describes the acronyms used in this manual.
  • Page 5 WEC8050 / WEC8500 Operation Manual Version 7.1 Conventions The following types of paragraphs contain special information that must be carefully read and thoroughly understood. Such information may or may not be enclosed in a rectangular box, separating it from the main text, but is always preceded by an icon and/or a bold title.
  • Page 6 Updated the content overall in accordance with the package version 2.0.0 01. 2014 - Changed contents  1.3.1 WEC8500 Configuration and Functions  4.2.6.3 Tech Support Information 10. 2013 - Updated the content overall in accordance with the package version (WEC8500 version 1.4.4, WEC8050 version 1.0.0)
  • Page 7 Basic Configuration .....................33 1.4.2 Configuration of Multiple APC for Redundancy ............34 1.4.3 Clustering Configuration using Multiple APC (WEC8500) ...........35 1.4.4 Configuration of Multiple Sites Consisting of Headquarters and Branches ....38 NAT Configuration between AP and APC ................40 CHAPTER 2. Basic System Configuration Basic System Configuration ....................41...
  • Page 8 WEC8050 / WEC8500 Operation Manual Version 7.1 Initial Setup Wizard ......................... 49 2.3.1 Overview ........................49 2.3.2 Connecting ........................49 2.3.3 How to Use ........................50 CHAPTER 3. Data Network Function Port Configuration ........................53 3.1.1 Port management ......................53 Interface Configuration ......................
  • Page 9 WEC8050 / WEC8500 Operation Manual Version 7.1 3.9.3 Checking Statistics by Category ................137 3.10 mDNS Snooping ........................145 CHAPTER 4. AP Connection Management APC Management ........................148 4.1.1 Managing APC List ....................148 4.1.2 Management Interface Configuration ................150 4.1.3 CAPWAP Configuration .....................151 4.1.4 AP Registration (Auto Discovery) Configuration ............153...
  • Page 10 WEC8050 / WEC8500 Operation Manual Version 7.1 5.4.3 DHCP Proxy ......................258 5.4.4 Option 82 Configuration .................... 259 5.4.5 Primary/Secondary Server Configuration ..............261 Radio Service Configuration ....................264 CHAPTER 6. Wi-Fi Configuration 802.11a/b/g/n/ac Radio Property ..................266 6.1.1 802.11a/b/g Configuration ..................266 6.1.2...
  • Page 11 WEC8050 / WEC8500 Operation Manual Version 7.1 Location Tracking ........................320 7.5.1 Configure Location Tracking ..................320 7.5.2 Configure Location Tracking Scan ................320 7.5.3 Configure Location Tracking Scan ................321 Spectrum Analysis .........................322 7.6.1 Retrieving Spectrum Analysis Data ................322 7.6.2 Spectrum Analysis Configuration ................325 7.6.3...
  • Page 12 WEC8050 / WEC8500 Operation Manual Version 7.1 8.2.2 Detection ........................378 8.2.3 Enabling Blocking Function ..................398 8.2.4 Blocking........................398 Captive Portal ........................402 8.3.1 Configuring Web Authentication User................ 402 8.3.2 Configuring Pre-Auth ACL ..................404 8.3.3 Configuring Web Authentication ................406 8.3.4...
  • Page 13 WEC8050 / WEC8500 Operation Manual Version 7.1 Telnet/SSH ..........................456 Utilities ............................458 CHAPTER 10. System Management 10.1 SNMP Configuration ......................459 10.1.1 SNMP Community .....................459 10.1.2 SNMP Trap ........................460 10.2 System Management ......................462 10.2.1 Retrieving System Information ...................462 10.2.2 System Reboot ......................467 10.3 System Resource Management ....................469...
  • Page 14 WEC8050 / WEC8500 Operation Manual Version 7.1 10.12.4 Retrieve File Content ....................507 10.12.5 File Download and Upload ..................508 10.12.6 Package File ......................508 10.12.7 Retrieving Storage Media ..................510 10.12.8 Managing File in Web UI ................... 511 10.12.9 Statistics Function ..................... 514 ANNEX A.
  • Page 15: Table Of Contents

    WEC8050 / WEC8500 Operation Manual Version 7.1 LIST OF FIGURES Figure 1. System Structure for Wireless Enterprise Solution ............23 Figure 2. Wireless Enterprise Network Configuration ..............24 Figure 3. WEC8500 Interface-Front/Back ...................27 Figure 4. System LED Configuration ...................27 Figure 5. Management Port Configuration ..................28 Figure 6.
  • Page 16 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 35. VRRP-Operation Window ..................113 Figure 36. VRRP-Circuit Failover Window (1) ................113 Figure 37. VRRP-Circuit Failover Window (2) ................113 Figure 38. IPWATCHD Configuration Window ................114 Figure 39. ACL Configuration Window ..................116 Figure 40.
  • Page 17 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 74. AP retrieving window ....................158 Figure 75. AP redundancy Configuration Window ..............159 Figure 76. AP groups configuration Window ................161 Figure 77. AP Group Addition Window ..................161 Figure 78. General Configuration Window for AP Group ............164 Figure 79.
  • Page 18 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 113. WLAN basic configuration (2) ................221 Figure 114. WLAN-based ACL configuration ................225 Figure 115. Root service management (1)................227 Figure 116. Root service management (2)................228 Figure 117. MCS by WLAN: 802.11a/n/ac Configuration Management window ....... 230 Figure 118.
  • Page 19 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 152. Configuring voice optimization by each AP ............285 Figure 153. Configuring 802.11h ....................287 Figure 154. Country code window (1) ..................290 Figure 155. AP Country Code Configuration ................291 Figure 156. AP Group Contry Code Configuration ..............291 Figure 157.
  • Page 20 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 191. List Window to Manually Remove................385 Figure 192. Manual Remove Change Window in AP Detail Screen ......... 386 Figure 193. Configuration Window for Unauthorized AP Detection Option ....... 388 Figure 194. Configuration Window for Unauthorized Station Detection Option......389 Figure 195.
  • Page 21 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 230. Derivation Profile Configuration ................433 Figure 231. Derivation Profile Add Configuration ..............433 Figure 232. Derivation Profile Configuration ................434 Figure 233. Derivation Profile Add Configuration ..............434 Figure 234. Wlan Derivation Profile Configuration ..............435 Figure 235.
  • Page 22 LAN AP and provides the functions for Wireless LAN (WLAN) services such as handover and QoS, security/authentication, etc. The Samsung WEC8500 provides its services up to 500 APs. It can provide its services up to 10,000 connected user devices. Meanwhile, the WEC8050 can accommodate a maximum of 200 APs and provides service to a maximum of 1500 user devices.
  • Page 23: Figure 1. System Structure For Wireless Enterprise Solution

    Access Points (AP), Wireless Enterprise AP Controller (APC), and Wireless Enterprise WLAN Manager (WEM). The Samsung APC and Wireless Enterprise wireless LAN AP are core devices that provide various services such as user authentication, wireless management, voice and data service, etc.
  • Page 24: Figure 2. Wireless Enterprise Network Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 Network Configuration The network configuration of Samsung Wireless Enterprise solution that includes APC is shown below. IP-PBX WEC8050/WEC8500 Router Internet … Ethernet Switch Wireless … Enterprise FMC client Figure 2. Wireless Enterprise Network Configuration...
  • Page 25 Terminal that provides the 802.11a/b/g/n interface such as smart phone, tablet PC, or notebook computer, etc. In an Android smart phone, an enterprise Voice over IP (VoIP) application equipped with the Samsung voice engine is called a FMC client (The FMC client is an option).
  • Page 26 WEC8050 / WEC8500 Operation Manual Version 7.1 WES (Wireless Enterprise Security) (WIPS Solution) It monitors the properness of the implementation of the wireless network infrastructure by detecting penetration via unauthorized wireless equipment installed in the internal network, the detoured gateway segment of the internal officers and employees who illegally connect to the commercial WLAN service, etc.
  • Page 27: Figure 3. Wec8500 Interface-Front/Back

    WEC8050 / WEC8500 Operation Manual Version 7.1 APC Configuration and Functions 1.3.1 WEC8500 Configuration and Functions The Configuration and the purpose of each item of WEC8500 are as follows: Console port USB port System LED Management port 1G Optic port...
  • Page 28: Figure 5. Management Port Configuration

    2 is installed. Power module 2 is not installed. Console port (RS232C) A console port is used to check the operational status of WEC8500 or for input through the CLI. Its basic requirements are as follows:  Baud rate: 115200 bps ...
  • Page 29: Figure 6. Optic Port Configuration

    - Blinking for data exchange 1G 1~1G 8 1 GbE Optic module connector USB port (Host 2.0) The WEC8500 provides a USB host port that supports the upgrade of WEC8500 operation software. A typical USB memory stick is supported. page 29 of 673...
  • Page 30: Figure 7. Power Module Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 Power module AC LED DC LED Power Power input connector switch Figure 7. Power module configuration Configuration item Description Power input connector Connector to connect the power cable to Power switch Switch to turn on/off power AC LED Turned on when there is a normal AC power input.
  • Page 31: Figure 8. Wec8050 Interface-Front/Back

    WEC8050 / WEC8500 Operation Manual Version 7.1 1.3.2 WEC8050 Configuration and Functions The configuration and the purpose of each item of WEC8050 are as follows: Status LED Console Port Ethernet Port Ground hole Power Figure 8. WEC8050 interface-Front/Back Status LED This LED indicates the various statuses of system.
  • Page 32: Figure 10. Ethernet Port Configurations

    WEC8050 / WEC8500 Operation Manual Version 7.1 Console port (RS232C) A console port is provided to check the operational status of WEC8050 or for input through the CLI. Its basic requirements are as follows:  Default baud rate: 115200 bps ...
  • Page 33: Figure 11. Basic Configuration Of Wireless Enterprise Wireless Lan System

    LAN. With this, the wire/wireless integrated voice service can be provided. An example of service configuration diagram using the Wireless Enterprise wireless LAN system is shown in the below figure. The configuration diagram is based on Samsung APC (WEC8500).
  • Page 34: Figure 12. Example Of System Configuration For Redundancy

    WEC8050 / WEC8500 Operation Manual Version 7.1 The basic Wireless Enterprise wireless LAN network configuration is a centralized structure where all the wireless user traffics go through tunneling between APC and Wireless Enterprise wireless LAN AP. Therefore, the network information such as subnet information allocated to a wireless user depends on the configuration of backbone network where the APC is connected.
  • Page 35 If only a single APC is required for service and management, the complexity of network configuration or management is not high. However, if the capacity of a single APC is not sufficient, multiple APC s must be installed for service. The WEC8500 is a Samsung APC model providing the clustering environment.
  • Page 36 1.4.3.1 Configuration of Distributed Clustering Service The configuration of distributed clustering is to install each WEC8500 in a building or a local site according to its capacity. This option can be used when there is no integrated backbone configuration in a site or networks are separated for each building. It is suitable for a site where several buildings are apart from each other.
  • Page 37 WEC8050 / WEC8500 Operation Manual Version 7.1 1.4.3.2 Configuration of Centralized Clustering Service In the centralized cluster configuration, all the WEC8500s in a site are installed in the center. This is suitable when all the networks in a site are configured around the backbone.
  • Page 38 WEC8050 / WEC8500 Operation Manual Version 7.1 1.4.4 Configuration of Multiple Sites Consisting of Headquarters and Branches The Wireless Enterprise wireless LAN network environment usually consists of one headquarters and several branches. In this case, there are two types of network configuration.
  • Page 39 WEC8050 / WEC8500 Operation Manual Version 7.1 If user traffic is concentrated on a single centralized APC when there are many branches or they are far from headquarters, performance may be deteriorated due to the time delay of packet transmission, etc. Therefore, use different operation schemes according to the location of Wireless Enterprise wireless LAN AP in the configuration of headquarters and branches.
  • Page 40: Figure 16. Ap-Apc Nat Environment Configuration Diagram

    WEC8050 / WEC8500 Operation Manual Version 7.1 NAT Configuration between AP and APC The APC system provides the same services even when the APC or AP is in a NAT environment. If the APC system is in a NAT environment and obtaining a public IP address is difficult,...
  • Page 41 2) After the first login, you must change the password. Use the changed password for the next login. The default ID of APC is set to ‘samsung’ that has an administrator privilege. page 41 of 673 © Samsung Electronics America...
  • Page 42 WEC8050 / WEC8500 Operation Manual Version 7.1 2.1.2 Managing Operator Account An operator who has an administrator privilege (level 1) can create or delete a new operator account. When creating an account, specify the account’s privilege level (level 1-4). To set up operator account related functions, go to configure mode by executing the following command.
  • Page 43 WEC8050 / WEC8500 Operation Manual Version 7.1 2.1.3 APC Management Port Configuration To connect to the APC remotely using telnet/SSH or web, it is necessary to set up an IP address to the management port. Set up the management port as follows: 1) Go to configure ...
  • Page 44 WEC8050 / WEC8500 Operation Manual Version 7.1 A usage example is given below. WEC8500# show ? 80211a Display 802.11a network settings 80211bg Display 802.11bg network settings 80211h Display 802.11h configuration access-list List IP access lists alarm Show alarm information Show ap information...
  • Page 45 WEC8050 / WEC8500 Operation Manual Version 7.1 Command error When a command that is not supported by the system is entered, an error message is displayed. WEC8500# command-unknown Error : Command ‘command-unknown’ does not exist When a parameter that is not supported by a command is entered, an error message according to the situation is displayed.
  • Page 46: Figure 17. Web Ui Connection Window

    When connecting to the IP address of APC ethernet port in a web browser, the below login window is displayed. Log in using a default connection account ‘samsung’. After the first login, you go through the course of changing the password. If you have changed the password by connecting to the CLI, you don't have to go through the course of changing the password.
  • Page 47: Figure 18. Wec Main Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 2.2.2 WEC Main Window The WEC Main window consists of menu bar, sub-menus, and detail windows of each menu. Menu Bar Sub-menus Figure 17. WEC Main Window Menu bar The menu bar consists of the following items: ...
  • Page 48: Figure 19. Operator Account Management Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 2.2.3 Managing Operator Account To add a operator account in Web UI, follow the below procedure. In the menu bar of <WEC Main window>, select <Administration> and then select <Local Management Users> menu in the sub menu. The subtree shows the <APC> and <AP>...
  • Page 49 WEC8050 / WEC8500 Operation Manual Version 7.1 Initial Setup Wizard 2.3.1 Overview The initial setup wizard aims to finish the basic settings by guiding the settings required for the basic WLAN service in order when the APC is installed. It supports only the basic settings to operate the WLAN service and the settings which are additional or are not frequently used are not supported here.
  • Page 50: Figure 21. Initial Setup Wizard Welcome Screen

    WEC8050 / WEC8500 Operation Manual Version 7.1 2.3.3 How to Use If the access to the APC is made through the web browser, follow the login procedure as shown in ‘2.2.1 Web UI Connection’. After that, you can see the Welcome message by connecting to the wizard.
  • Page 51 WEC8050 / WEC8500 Operation Manual Version 7.1  : Show the current setup step and the whole setup step by being located on the top of the screen. When you hover the mouse over each number, it shows the name of the step and you can click to move to the step just before or after the current step.
  • Page 52 WEC8050 / WEC8500 Operation Manual Version 7.1  The APC gets DNS information from a DNS server and provides the DNS relay function that relays the DNS server and a client. If a DNS server is connected to the APC and a UE connected to the APC configures the DNS server as the APC, the DNS service can be received.
  • Page 53 3.1.1 Port management The WEC8500 Management port is used to manage the WEC8500. It does not support VLAN and its interface name is ‘mgmt0’. The 8 ports at the right side of Management port are 10/100/1000 BASE T-ports and their names are GE1-8.
  • Page 54 WEC8050 / WEC8500 Operation Manual Version 7.1 The port related CLI commands are as follows: [auto-nego, speed, duplex] The commands used to configure an auto-nego, speed, and duplex addresses are shown below. To delete the configuration, enter the ‘no’ parameter.
  • Page 55: Figure 23. Port Management Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Ports> menu in the sub-menus. Operator can configure the ports. The Ports initial window is shown below.
  • Page 56: Figure 24. Port Configuration Change Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 23. Port Configuration Change Window page 56 of 673 © Samsung Electronics America...
  • Page 57 3.2.1 Interface management The WEC8500 Management port is used to manage the WEC8500. It does not support VLAN and its interface name is ‘mgmt0’. The 8 ports at the right side of Management port are 10/100/1000 BASE T-ports and their names are GE1-8.
  • Page 58: Figure 25. Interfaces Window (1)

    WEC8050 / WEC8500 Operation Manual Version 7.1 [shutdown] This is a command that makes the interface not working. The ‘no’ parameter is used to restart the interface.  shutdown  no shutdown Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>...
  • Page 59: Figure 27. Interfaces Window (3)

    WEC8050 / WEC8500 Operation Manual Version 7.1 3) Perform detail configuration in the VLAN detail configuration window. If you specify PRIMARY DHCP SERVER or SECONDARY DHCP SERVER in the DHCP area, you can specify the configuration of a DHCP server.
  • Page 60: Figure 28. Interface Group Window (1)

    WEC8050 / WEC8500 Operation Manual Version 7.1 3.2.2 Managing Interface Group To use WLAN and other services, it is necessary to configure an interface into an interface group. Configuration using CLI An example of entering into the group configuration mode of ifg_01 interface is shown below.
  • Page 61: Figure 29. Interface Group Window (2)

    WEC8050 / WEC8500 Operation Manual Version 7.1 Follow the below procedure to add an interface group. 1) In the Interface group initial window, click the <Add> button. 2) Enter information on GROUP NAME and GROUP DESCRIPTION and then add or delete an interface to or from an interface group.
  • Page 62 WEC8050 / WEC8500 Operation Manual Version 7.1 VLAN Configuration 3.3.1 VLAN Configuration using CLI To configure VLAN, go to the VLAN interface mode by executing the following command. WEC8500# configure terminal WEC8500/configure# interface vlan WEC8500/configure/interface vlan# The related command is shown below and the range of VLAN ID is 1-4094.
  • Page 63 WEC8050 / WEC8500 Operation Manual Version 7.1 [switchport trunk allowed vlan] This command configures the mode of switch port to trunk. The ‘no’ parameter is used to delete the configuration.  switchport trunk allowed vlan: Configure VLAN to the trunk mode.
  • Page 64 WEC8050 / WEC8500 Operation Manual Version 7.1 3.3.2 Bridge To set up bridge related functions, go to configure mode by executing the following command WEC8500# configure terminal The bridge related commands are as follows: [bridge address] This command configures a bridge address. The ‘no’ parameter is used to clear the configuration.
  • Page 65 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description - rstp: RSTP [clear mac address-table] This command deletes the filtering database of a default bridge.  clear mac address-table [OPTION] [KIND] [WORD] Parameter Description OPTION Filtering database option (static/multicast) - static: Filtering database item that is configured as static...
  • Page 66 WEC8050 / WEC8500 Operation Manual Version 7.1 [show bridge] This command retrieves bridge information.  show bridge [show interface switchport bridge] This command retrieves the bridge information, i.e. the layer 2 protocol characteristic information of the current VLAN, of a switch port.
  • Page 67 WEC8050 / WEC8500 Operation Manual Version 7.1 3.3.3 Spanning Tree Configuration using CLI To set up spanning tree related functions, go to configure mode by executing the following command. WEC8500# configure terminal The related command is as follows. [bridge forward-time] This command configures the forward time of a bridge.
  • Page 68 WEC8050 / WEC8500 Operation Manual Version 7.1 [bridge max-age] This command configures the max-age of a bridge. The ‘no’ parameter is used for default configuration.  bridge 1 max-age [MAXAGE]  no bridge 1 max-age Parameter Description MAXAGE Configures a maximum time (range: 6-40 s)
  • Page 69: Figure 30. Spanning Tree Configuration Window (1)

    WEC8050 / WEC8500 Operation Manual Version 7.1 [bridge priority] This command configures the priority of a bridge. The ‘no’ parameter is used to delete a priority.  bridge 1 priority [PRIORITY]  no bridge 1 priority Parameter Description PRIORITY Bridge priority (range: 0-61440) [bridge shutdown] This command clears bridge settings.
  • Page 70: Figure 31. Spanning Tree Configuration Window (2)

    WEC8050 / WEC8500 Operation Manual Version 7.1 [Managing the MSTP VLAN instance] When you select the <Instance> menu, the configured MSTP VLAN Instance list is displayed on the window. Click the <Add> or <Delete> button to add or delete an instance.
  • Page 71 WEC8050 / WEC8500 Operation Manual Version 7.1 Layer 3 Protocol Configuration This provides the IP address configuration and static/dynamic routing configuration of an interface. The APC provides the Open Shortest Path First (OSPF) routing protocol. 3.4.1 IP Address Configuration The procedure for IP address configuration is given below.
  • Page 72: Figure 33. Static Routing Configuration Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <Static Route> menu in the sub-menus. The configured static route list is displayed on the window. When you click the <Add> or <Delete>...
  • Page 73 WEC8050 / WEC8500 Operation Manual Version 7.1 3.4.4 PIM Configuration The procedure for Protocol Independent Multicast (PIM) configuration is given below. 1) Go to configure  interface configuration mode of CLI. WEC8500# configure terminal WEC8500/configure# interface ge2 2) Configure the PIM sparse mode to an interface.
  • Page 74: Figure 34. Ospf Configuration Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <OSPF>  <General> menu in the sub-menus. The OSPF initial window is shown below.
  • Page 75 Use reference bandwidth method to assign OSPF cost WEC8500/configure/router/ospf 2# auto-cost reference-bandwidth ? 1 - 4294967 The reference bandwidth in terms of Mbits per second WEC8500/configure/router/ospf 2# auto-cost reference-bandwidth 200 ? <cr> WEC8500/configure/router/ospf 2# auto-cost reference-bandwidth 200 Parameter Description reference-bandwidth Enter a value from 1-4294967.
  • Page 76 WEC8050 / WEC8500 Operation Manual Version 7.1 5) CAPABILITY OPAQUE configuration Enter the capability opaque. WEC8500/configure/router/ospf 2# capability ? opaque Opaque LSA WEC8500/configure/router/ospf 2# capability opaque ? <cr> WEC8500/configure/router/ospf 2# capability opaque Parameter Description Capability opaque Enabled when the CLI is entered.
  • Page 77 WEC8500/configure/router/ospf 2# timers spf exp 3 ? 0 - 2147483647 Maximum Delay between receiving a change to SPF calculation in milliseconds WEC8500/configure/router/ospf 2# timers spf exp 3 100 ? <cr> WEC8500/configure/router/ospf 2# timers spf exp 3 100 page 77 of 673 © Samsung Electronics America...
  • Page 78 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <OSPF>  <General> menu in the sub-menus. Click a PROCESS ID that user wants to configure. The OSPF configuration window is shown below.
  • Page 79 WEC8050 / WEC8500 Operation Manual Version 7.1 3.4.5.2 Default Information Configuration of General Settings Configuration using CLI 1) Detail configuration of OSPF default-information WEC8500/configure/router/ospf 2# default-information ? originate Distribute a default route WEC8500/configure/router/ospf 2# default-information originate ? always Always advertise default route...
  • Page 80 WEC8050 / WEC8500 Operation Manual Version 7.1 4) Configuration of default-information METRIC-TYPE Configure the OSPF metric-type (1/2) value. WEC8500/configure/router/ospf 2# default-information originate metric- type ? Set OSPF External Type 1 metrics Set OSPF External Type 2 metrics WEC8500/configure/router/ospf 2# default-information originate metric- type 1 ? <cr>...
  • Page 81 WEC8500/configure/router/ospf 2# distance ospf ? external External routes inter-area Inter-area routes intra-area Intra-area routes WEC8500/configure/router/ospf 2# distance ospf external ? 1 - 255 <1-255> Distance for external/inter- area/intra-area routes WEC8500/configure/router/ospf 2# distance ospf external 50 WEC8500/configure/router/ospf 2# page 81 of 673...
  • Page 82 Enter the OSPF INTER-AREA distance value. WEC8500/configure/router/ospf 2# distance ospf inter-area ? 1 - 255 <1-255> Distance for external/inter- area/intra-area routes WEC8500/configure/router/ospf 2# distance ospf inter-area 50 ? <cr> WEC8500/configure/router/ospf 2# distance ospf inter-area 50 WEC8500/configure/router/ospf 2# 5) Configuration of INTRA-AREA distance ospf Enter the OSPF INTRA-AREA distance value.
  • Page 83 Maximum number of LSAs WEC8500/configure/router/ospf 2# overflow database external 3 ? 0 - 65535 Time to recover (0 not recover) WEC8500/configure/router/ospf 2# overflow database external 3 10 ? <cr> WEC8500/configure/router/ospf 2# overflow database external 3 10 3) Configuration of maximum number of LSAs Enter the maximum number of LSAs and hard limit value.
  • Page 84 Soft limit; Warning will be given if exceed <cr> WEC8500/configure/router/ospf 2# overflow database 100 hard ? <cr> WEC8500/configure/router/ospf 2# overflow database 100 hard Enter the maximum number of LSAs and soft limit value. WEC8500/configure/router/ospf 2# overflow ? database...
  • Page 85 WEC8050 / WEC8500 Operation Manual Version 7.1 3.4.5.5 Network Configuration Configuration using CLI Go to configure  ospf configuration mode of CLI. WEC8500/configure/router/ospf 2# ? area OSPF area parameters auto-cost Calculate OSPF interface cost according to bandwidth capability Enable specific OSPF feature...
  • Page 86 Network number A.B.C.D/M OSPF network prefix WEC8500/configure/router/ospf 2# network 100.100.100.1 ? A.B.C.D OSPF wild card bits(network mask) WEC8500/configure/router/ospf 2# network 100.100.100.1 255.255.255.0 ? area Set the OSPF area ID WEC8500/configure/router/ospf 2# network 100.100.100.1 255.255.255.0 ? area Set the OSPF area ID WEC8500/configure/router/ospf 2# network 100.100.100.1 255.255.255.0...
  • Page 87 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <OSPF>  <Network> menu in the sub-menus. Enter the NETWORK ADDRESS, NETMASK, and AREA ID and click the <Apply>...
  • Page 88 Set tag for routes redistributed into OSPF <cr> WEC8500/configure/router/ospf 2# redistribute connected metric ? 1 - 16777214 OSPF metric WEC8500/configure/router/ospf 2# redistribute connected metric 3 ? <cr> WEC8500/configure/router/ospf 2# redistribute connected metric 3 page 88 of 673 © Samsung Electronics America...
  • Page 89 Description metric-type Select 1 or 2. 4) Route-map configuration WEC8500/configure/router/ospf 2# redistribute connected route-map ? <WORD> Pointer to route-map entries WEC8500/configure/router/ospf 2# redistribute connected route-map a ? <cr> WEC8500/configure/router/ospf 2# redistribute connected route-map a Parameter Description route-map entries Enter <WORD>.
  • Page 90 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <OSPF>  <Redistribute> menu in the sub-menus. After configuring Redistribute default, select a PROCESS ID for detail configuration.
  • Page 91 Configuration using CLI WEC8500/configure/router/ospf 2# area 1 stub ? no-summary Do not inject inter-area routes into stub <cr> WEC8500/configure/router/ospf 2# area 1 stub no-summary ? <cr> WEC8500/configure/router/ospf 2# area 1 stub no-summary Parameter Description no-summary Select Stub or No Summary.
  • Page 92 WEC8050 / WEC8500 Operation Manual Version 7.1 2) NSSA configuration Configuration using CLI WEC8500/configure/router/ospf 2# area 1 nssa ? default-information-originate Originate Type 7 default into NSSA area no-redistribution No redistribution into this NSSA area no-summary Do not send summary LSA into NSSA...
  • Page 93 WEC8050 / WEC8500 Operation Manual Version 7.1 Metric-type configuration of NSSA default-information-originate WEC8500/configure/router/ospf 1# area 2 nssa default-information- originate metric-type ? 1 - 2 OSPF Link State type WEC8500/configure/router/ospf 1# area 2 nssa default-information- originate metric-type 2 WEC8500/configure/router/ospf 1# Parameter...
  • Page 94 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuring translator-role of NSSA default-information-originate WEC8500/configure/router/ospf 1# area 2 nssa default-information- originate translator-role ? always Translate always candidate Candidate for translator (default) never Do not translate WEC8500/configure/router/ospf 1# area 2 nssa default-information- originate translator-role always ?
  • Page 95 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <OSPF>  <Area>  <NSSA> menu in the sub- menus. The default window is shown below.
  • Page 96 Define a virtual link and its parameters WEC8500/configure/router/ospf 1# area 2 virtual-link ? A.B.C.D ID (IP addr) associated with virtual link neighbor WEC8500/configure/router/ospf 1# area 2 virtual-link 10.10.10.1 ? authentication Enable authentication authentication-key Set authentication key dead-interval Dead router detection time...
  • Page 97 10 sec., the dead-interval will be 40 seconds if the hello-interval is not configured. In addition, operator can change it to a value between 1 second and 65535 seconds. WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.1 dead- interval ? 1 - 65535 Seconds WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.1 dead-...
  • Page 98 WEC8050 / WEC8500 Operation Manual Version 7.1 WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.1 message-digest-key 2 md5 ? <WORD> Authentication key (16 chars) WEC8500/configure/router/ospf 2# area 2 virtual-link 10.10.10.1 message-digest-key 2 md5 b WEC8500/configure/router/ospf 2# Retransmit-interval configuration The default retransmit-interval is 5 seconds. In addition, operator can change it to a value between 1 second and 65535 seconds.
  • Page 99 WEC8050 / WEC8500 Operation Manual Version 7.1 Unlike other configurations, there are two tabs at the top; General page and Authentication page. Start configuration in the General page for the basic configuration of Virtual-Link. In the default configuration page, configure PROCESS ID, AREA ID, or LINK ID.
  • Page 100 To configure the Range detail items, start detail configuration after entering an Area range prefix value. WEC8500/configure/router/ospf 2# area 2 range ? A.B.C.D/M Area range prefix WEC8500/configure/router/ospf 2# area 2 range 10.10.10.1/16 ? advertise Advertise this range (default) not-advertise DoNotAdvertise this range <cr>...
  • Page 101 Configure OSPF area as stub virtual-link Define a virtual link and its parameters Authentication configuration Operator can select whether to use authentication or message-digest function. WEC8500/configure/router/ospf 2# area 2 authentication ? message-digest Use message-digest authentication <cr> WEC8500/configure/router/ospf 2# area 2 authentication message-digest <cr>...
  • Page 102 ‘% The area is neither stub, nor NSSA’ WEC8500/configure/router/ospf 2# area 0.0.0.1 default-cost ? 0 - 16777215 Stub's advertised default summary cost WEC8500/configure/router/ospf 2# area 0.0.0.1 default-cost 3 ? <cr> WEC8500/configure/router/ospf 2# area 0.0.0.1 default-cost 3 Shortcut configuration For Shortcut configuration, operator can select one out of 3 selections including default, disable, and enable.
  • Page 103 A tag is a user-defined 32-bit tag value between 0 and 4294967295. A tag also has a default value and it is 0. WEC8500/configure/router/ospf 2# summary-address 11.1.1.1/16 WEC8500/configure/router/ospf 2# summary-address 11.1.1.1/16 tag ? 0 - 4294967295 32-bit tag value WEC8500/configure/router/ospf 2# summary-address 11.1.1.1/16 tag 3 page 103 of 673 ©...
  • Page 104 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <OSPF>  <Summary> menu in the sub-menus. The configuration page is as follows: After default configuration, select a PROCESS ID for detail configuration.
  • Page 105 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <OSPF>  <Passive Interface> menu in the sub- menus. The configuration page is as follows: After selecting a PROCESS ID that a user will use, select an interface to apply.
  • Page 106 Link state transmit delay DISABLE OSPF configuration WEC8500/configure/interface ge2# ip ospf disable ? All functionality WEC8500/configure/interface ge2# ip ospf disable all ? <cr> WEC8500/configure/interface ge2# ip ospf disable all MTU configuration The default does not use Maximum Transmission Unit (MTU) configuration.
  • Page 107 WEC8500/configure/interface ge2# ip ospf database-filter ? Filter all LSA WEC8500/configure/interface ge2# ip ospf database-filter all ? Outgoing LSA WEC8500/configure/interface ge2# ip ospf database-filter all out ? <cr> WEC8500/configure/interface ge2# ip ospf database-filter all out Dead-interval configuration The default value of dead-interval is 4 times of hello-interval. Because the default hello-interval is configured to 10 sec., the dead-interval will be 40 seconds if the hello-...
  • Page 108 WEC8050 / WEC8500 Operation Manual Version 7.1 WEC8500/configure/interface ge2# ip ospf dead-interval 30 ? <cr> WEC8500/configure/interface ge2# ip ospf dead-interval 30 Hello-interval configuration The default hello-interval is 10 seconds. In addition, operator can change it to a value between 1 second and 65535 seconds.
  • Page 109 Version 7.1 PRIORITY configuration The default OSPF Priority value is 1. A user can configure the priority between 1 and 255. WEC8500/configure/interface ge2# ip ospf priority ? 0 - 255 Priority WEC8500/configure/interface ge2# ip ospf priority 2 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration>...
  • Page 110 WEC8050 / WEC8500 Operation Manual Version 7.1 The detail item configuration page is as follows: When you select the name of an enabled interface, the below detail item configuration page is displayed. After entering a value that a user wants for the item configured in the above CLI, click the <Apply>...
  • Page 111 WEC8050 / WEC8500 Operation Manual Version 7.1 3.4.6 VRRP Configuration The Virtual Router Redundancy Protocol (VRRP) is an Internet protocol that provides the backup router operation method in a LAN. If a fault occurs with a router that transmits a packet from a host in a LAN, decide a virtual IP address in a DHCP manually or by default by using a virtual router fault recovery protocol and share it among routers.
  • Page 112 WEC8050 / WEC8500 Operation Manual Version 7.1 [preempt-delay] This command configures the preempt delay time.  preempt-delay [DELAY_TIME] Parameter Description DELAY_TIME Preempt delay time (range: 0-3600 s) [preempt-mode] This command configures whether to use the preempt mode.  preempt-mode [MODE]...
  • Page 113 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Network>  <VRRP> menu in the sub-menus. The VRRP menu provides two sub menus, i.e. Operation and Circuit Failover.
  • Page 114 WEC8050 / WEC8500 Operation Manual Version 7.1 3.4.7 Configuring IPWATCHD The IP WATCH Deamon (IPWATCHD) provides the function of detecting active or passive IP collision. Regardless of IP collision attacker or victim, the information including source ip/mac is transmitted as an evm fault event when the IP collision occurs. At the collision time, the Gratuitous Address Resolution Protocol (GARP) reply is transmitted 3 times to the unicast at every 1 second.
  • Page 115 WEC8050 / WEC8500 Operation Manual Version 7.1 The Access Control List (ACL) allows or blocks a specific network traffic based on an operator’s configuration. The APC provides QoS using ACL. 3.5.1 ACL Configuration 3.5.1.1 Access List Configuration You can create or delete an access list for ACL configuration. To delete an access list, an operator can enter the name of an access list directly or enter a command by copying a value retrieved from the ‘show running-config network’.
  • Page 116 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Security>  <Access Control Lists>  <IP ACL> menu in the sub-menus. The initial window of ACL rule configuration is shown below. When you click the <Add>...
  • Page 117 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description ACL_NAME ACL name to configure An example of entering a command that configures ‘acl1’ to the ‘ge2’ interface is shown below. APC# configure terminal APC/configure# interface ge2 APC/configure/interface ge2#ip access-group fqm in acl1 3) To check the configuration information, use the ‘show running-config network’...
  • Page 118 WEC8050 / WEC8500 Operation Manual Version 7.1 3.5.1.3 WLAN ACL Configuration 1) Go to the fqm mode to configure the configure  ACL rule of CLI. APC# configure terminal APC/configure# fqm-mode 2) Configure WLAN ACL by entering the ‘ip access-group wireless’ command.
  • Page 119 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 42. Admin ACL Configuration Window 3.5.2 Class-map Configuration 1) Go to the fqm mode to configure the configure  ACL rule of CLI. APC# configure terminal APC/configure# fqm-mode 2) Go to Class-map mode.
  • Page 120 WEC8050 / WEC8500 Operation Manual Version 7.1 3.5.3 Policy-map Configuration 1) Go to the fqm mode to configure the configure  ACL rule of CLI. APC# configure terminal APC/configure# fqm-mode 2) Go to policy-map mode. To delete a policy map, enter ‘no’ parameter in front of the command.
  • Page 121 WEC8050 / WEC8500 Operation Manual Version 7.1 3.5.4 Service Policy Configuration Apply the policy configured in the policy-map to an interface. 1) Go to configure  interface configuring mode to apply the service policy of CLI. APC# configure terminal APC/configure# interface ge2 APC/configure/interface ge2# 2) Apply the policy configured in the policy-map to an interface.
  • Page 122 WEC8050 / WEC8500 Operation Manual Version 7.1 3.5.5 Time Profile The procedure of configuring a time profile and applying it to ACL is described. 3.5.5.1 Time Profile Configuration Configuration using CLI 1) Go to configure of CLI fqm mode. APC# configure terminal APC/configure# fqm-mode 2) Configure a time profile.
  • Page 123 WEC8050 / WEC8500 Operation Manual Version 7.1 Select an item in the list and perform detail configuration. Figure 44. Time Profile Configuration Window (2) After finishing configuration in the window, click the <Apply> button to apply it to the system.
  • Page 124 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Security>  <Access Control Lists>  <IP ACL> menu in the sub-menus. To change the configuration of ACL rule, click ACLNAME to change. You can change the configuration using the <Add>...
  • Page 125 WEC8050 / WEC8500 Operation Manual Version 7.1 3.5.6 OS-AWARE OS-AWARE is a function to use the option value of the DHCP Discover/Request transmitted from a station to check the type of the operating system used by the station. The procedures to set OS-AWARE and apply the OS-AWARE settings to ACL are described below.
  • Page 126 WEC8050 / WEC8500 Operation Manual Version 7.1 os-aware ‘window7’ modification: APC# configure terminal APC/configure# os-aware APC/configure/os-aware # os-aware window7 seq 8 dhcp-option 2 eq FF os-type windows os-aware ‘window7’ deletion: APC# configure terminal APC/configure# os-aware APC/configure/os-aware # no os-aware window7 3) Check the settings by using the ‘show OS-AWARE-all’...
  • Page 127 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description OS_AWARE NAME os-aware name to configure An example of applying ‘window7’ to ‘acl’ is as follows. APC# configure terminal APC/configure# fqm-mode access-list ip acl1 permit seq 1 icmp any any os-aware window7 3) To check the configuration information, use the ‘show running-config network’...
  • Page 128 PIM Configuration As a multicast layer3 transmission protocol, the PIM has two modes, i.e. Dense mode and Sparse mode. The WEC8500 supports only PIM Sparse mode and the PIM Sparse mode can be configured for each interface. Configuration using CLI 1) Go to configure of CLI ...
  • Page 129 WEC8050 / WEC8500 Operation Manual Version 7.1 2) Perform PIM configuration.  ip pim sparse-mode: Enable  no ip pim sparse-mode: Disable Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>...
  • Page 130 WEC8050 / WEC8500 Operation Manual Version 7.1 3) Select an interface to add. Figure 49. PIM-SM Configuration Window (3) 4) The selected interface is displayed on the window. Click the <Apply> button to apply the configuration. Figure 50. PIM-SM Configuration Window (4) page 130 of 673 ©...
  • Page 131 WEC8050 / WEC8500 Operation Manual Version 7.1 IGMP Snooping Configuration using CLI Use the ‘ip igmp snooping’ command to enable or disable Internet Group Management Protocol (IGMP) Snooping.  ip igmp snooping  no ip igmp snooping When this command is executed in the Configure mode, the IGMP Snooping of a bridge is enabled or disabled.
  • Page 132 WEC8050 / WEC8500 Operation Manual Version 7.1 [ip igmp snooping mroute] This command enables or disables the Mroute function.  ip igmp snooping mroute [INTERFACE]  no ip igmp snooping mroute [INTERFACE] Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>...
  • Page 133 WEC8050 / WEC8500 Operation Manual Version 7.1 3) Select a VLAN interface that will be added to the Mroute. Figure 54. IGMP Snooping Mroute Creation Window (3) 4) The selected interface is displayed on the window. Click the <Apply> button to apply the configuration.
  • Page 134 WEC8050 / WEC8500 Operation Manual Version 7.1 Deep Packet Inspection It supports QoS by application. It may allow drop, bandwidth contract, and DSCP marking and it provides statistics by detailed category. The application of DPI in a unit of WLAN is possible and it also provides a monitoring function.
  • Page 135 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description NAME Profile name WLAN ID Configuration using Web UI In the menu bar of <WEC Main Window>, select <Configuration>, and then select <Wireless QoS > Application QoS> in the submenus. Select <Profile>.
  • Page 136 WEC8050 / WEC8500 Operation Manual Version 7.1 3.9.2 Configuring Application Group Possible to configure one or more applications as a group. Configuration using CLI 1) Enter the DPI Configuration mode. APC# configure terminal APC/configure# dpi APC/configure/dpi# 2) Make a group and add an application.
  • Page 137 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 59. Application Group Configuration Screen 3.9.3 Checking Statistics by Category The category provides statistical information by application, WLAN, station, device-os- type, and group. Configuration using CLI 1) Check the statistical information on all applications.
  • Page 138 WEC8050 / WEC8500 Operation Manual Version 7.1 BITTORRENT | FTP_DATA | TELNET | TFTP | VIMEO | YAHOO_MSG_VOIP | YOUTUBE | VSHARE | FLASH_YAHOO | BING | DNS | FLASH | FTP | GMAIL | GOOGLE | GOOGLE_EARTH | GOOGLE_GROUPS |...
  • Page 139 WEC8050 / WEC8500 Operation Manual Version 7.1 KAKAOTALK_VOIP | COMMON_PATTERNS | ------------------------------------------------------------------- ---------------------------------------------------------------------- --------- Top 10 Applications ------------------------------------------------------------------- ---------------------------------------------------------------------- --------- | RANK ID | Application Name Upstream Packet Count | Upstream Byte | Downstream Packet Count Downstream Byte ---------------------------------------------------------------------- ----------------------------------------------------------------------...
  • Page 140 WEC8050 / WEC8500 Operation Manual Version 7.1 | Top 10 Stations |----1----2-- --3----4----5----6----7----8----9---|% | 1. 00:12:47:F3:CF:A4 100.00% 355 bytes |||||||||||||||||||||||||||||||||||||||||||||||||| | Top 10 Stations(History) |----1----2-- --3----4----5----6----7----8----9---|% | Top 10 WLANs |----1----2-- --3----4----5----6----7----8----9---|% | 1. 1 100.00% 355 bytes |||||||||||||||||||||||||||||||||||||||||||||||||| | Top 10 Device types...
  • Page 141 WEC8050 / WEC8500 Operation Manual Version 7.1 6) Check the statistical information on specific stations. APC# show dpi stat station [MAC] Parameter Description Station MAC 7) Check the statistical information on all device-os-types. APC# show dpi stat device-os-type 8) Check the statistical information on specific device-os-types.
  • Page 142 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Monitor> and then select <Application> submenu. Figure 60. WLAN/Device Statistics Screen page 142 of 673 © Samsung Electronics America...
  • Page 143 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 61. WLAN Statistics Screen page 143 of 673 © Samsung Electronics America...
  • Page 144 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 62. Device Statistics Screen page 144 of 673 © Samsung Electronics America...
  • Page 145 WEC8050 / WEC8500 Operation Manual Version 7.1 3.10 mDNS Snooping Bonjour is a zero-configuration support protocol by Apple Inc. The Bonjour protocol supports service and device discovery in home networks. To support the Bonjour protocol on enterprise networks, the APC mDNS snooping supports the following functions.
  • Page 146 WEC8050 / WEC8500 Operation Manual Version 7.1 3) Configure the mDNS snooping profile object in the WLAN and the wired interface.  The Bonjour service configured in the mDNS snooping profile is forwarded to the configured WLAN and wired interface.
  • Page 147 WEC8050 / WEC8500 Operation Manual Version 7.1 3) Create an mDNS snooping profile object and configure a service object. Select <Controller>  <mDNS Snooping>  <Profile>. Figure 65. mDNS Snooping Profile Configuration Click the <Add> button to create a new mDNS snooping profile object.
  • Page 148 WEC8050 / WEC8500 Operation Manual Version 7.1 CHAPTER 4. AP Connection Management This chapter describes the various configuration methods to manage the connection between the APC and AP. APC Management 4.1.1 Managing APC List To enable the APC system to provide cluster or redundancy service, several APC systems must be installed at a site and each APC must have the information of other APC systems.
  • Page 149 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using CLI The procedures for configuration are as follows. 1) Go to the configure mode of the CLI. WEC8500# configure terminal WEC8500/configure# apc WEC8500/configure/apc/apc-list# 2) Go to the apc-list item of CLI.
  • Page 150 WEC8050 / WEC8500 Operation Manual Version 7.1 4.1.2 Management Interface Configuration The APC can communicate with a Wireless Enterprise wireless LAN AP using management interface. This is one of the information that must be configured first of all for wireless LAN service.
  • Page 151 WEC8050 / WEC8500 Operation Manual Version 7.1 4.1.3 CAPWAP Configuration A secured tunnel is created between APC and Wireless Enterprise wireless LAN AP using Control And Provisioning Wireless Access Point (CAPWAP), i.e. a standard protocol, and data is transmitted through the tunnel. An encrypted data is used for both wire and wireless sections, high security is provided.
  • Page 152 WEC8050 / WEC8500 Operation Manual Version 7.1  discovery-by-multicast: Configures whether to allow connection to CAPWAP multicast. (The ‘add-multicast-if’ must be configured before configuring whether to allow multicast connection.)  discovery-del-timer: If the Join message is not received after receiving a Discovery message, this configures the timeout to discard the previously received Discovery messages.
  • Page 153 WEC8050 / WEC8500 Operation Manual Version 7.1 4.1.4 AP Registration (Auto Discovery) Configuration The APC provides the AP auto-discovery function that automatically registers APs in the same network without having to configure any settings in advance. To configure the function, execute the following commands.
  • Page 154 WEC8050 / WEC8500 Operation Manual Version 7.1 4.1.5 Managing AP File Transmission It provides the configuration and transmission management function for the tech support file of the AP. 4.1.5.1 Tech Support Information File 1) Go to configure  APC mode of CLI.
  • Page 155 WEC8050 / WEC8500 Operation Manual Version 7.1 Operator can also configure fallback to return to the original APC from the backup APC during the service. If the fallback operation is configured, the AP periodically performs health check to check whether the primary APC can be connected. When the connection is required, it can immediately perform fallback according to the fallback option or can perform fallback on a specified time.
  • Page 156 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description PORT CAPWAP PORT number of the APC to add This port number is required by an AP to connect to the APC. If no port number is entered, it is set to 5246, the default port number of CAPWAP protocol.
  • Page 157 WEC8050 / WEC8500 Operation Manual Version 7.1 4) To check the configured apc list, execute the ‘show apc summary’ command. 5) To check the redundancy information, execute the ‘show redundancy summary’ command. 6) To check the configured AP profile, execute the ‘show ap detail [AP_PROFILE_ NAME]’...
  • Page 158: Figure 74. Ap Retrieving Window

    After configuring the DISCOVERY TYPE of AP to ‘APC Referal’, select the PRIMARY CONTROLLER NAME, SECONDARY CONTROLLER NAME, and TERTIARY CONTROLLER NAME. For the WEC8500 model, the TERTIARY CONTROLLER NAME is not shown in the menu.
  • Page 159: Figure 75. Ap Redundancy Configuration Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 74. AP redundancy Configuration Window Parameter Description APC_NAME Enter the name of an APC registered to redundancy. - Primary apc: The first APC that the AP attempts to connect. It is usually configured with the currently connected APC.
  • Page 160 WEC8050 / WEC8500 Operation Manual Version 7.1 AP Management 4.2.1 AP Group Configuration The APC manages the services provided to the AP by group. An operator can add or delete several APs to/from a group. It is also possible to add/remove WLANs to/from an AP group so that the same WLAN services can be provided for each group.
  • Page 161: Figure 76. Ap Groups Configuration Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 2) Create or delete an AP group. Use ‘no’ parameter in front of the command to delete an AP group.  ap-group [AP_GROUP_NAME]  no ap-group [AP_GROUP_NAME] 3) Add or delete an AP to or from the AP group. Use ‘no’ parameter in front of the command to delete an AP from the AP group.
  • Page 162: Ap-Group [Ap_Group_Name]

    WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.1.1 General AP Group Settings To aid management of APs in groups, the APC allows configuration of settings which can be applied commonly to each group. The following functions are provided: Parameter Description Description This configures the description of the AP group.
  • Page 163 WEC8050 / WEC8500 Operation Manual Version 7.1  overwrite-ip-mode  no overwrite-ip-mode  ip-mode  overwrite-state  no overwrite-state  shutdown  no shutdown  no overwrite-redundancy  discovery  primary-apc  no primary-apc  secondary-apc  no secondary-apc ...
  • Page 164: Figure 78. General Configuration Window For Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description AP are used. - apc-referral: The APC list configured for the APC is used as the discovery list. - DHCP: The APC list information relayed by DHCP option 138 (IPv4) or option 52 (IPv6) is used as the discovery list.
  • Page 165: Add-Ap [Ap_Name]

    WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.1.2 Adding/Removing APs To aid management of APs in groups, the APC allows addition/removal of APs to/from AP groups. Configuration using CLI 1) Go to the configure mode of the CLI. WEC8500# configure terminal WEC8500/configure# 2) Create an AP group or enter the AP group configuration mode.
  • Page 166: Figure 79. Ap Add/Remove Window For Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main Window>, select <Configuration>, select <AP Groups> in the submenu, and then select an AP group to configure. Under the ‘APs’ tab of the AP group, APs can be added or removed.
  • Page 167: Figure 80. Wlan Add/Remove Window For Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1 4) Use the ‘show ap-group summary’ command to check the AP group information. Configuration using Web UI In the menu bar of <WEC Main Window>, select <Configuration>, select <AP Groups> in the submenu, and then select an AP group to configure. Under the ‘WLANs’ tab of the AP group, WLANs can be added or removed.
  • Page 168: Figure 81. 802.11A/N/Ac Window For Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.1.4 802.11a/n/ac Configuration Configuration using Web UI In the menu bar of <WEC Main Window>, select <Configuration>, select <AP Groups> in the submenu, and then select an AP group to configure. Settings can be configured under the ‘802.11a/n/ac’...
  • Page 169 WEC8050 / WEC8500 Operation Manual Version 7.1 [Channel Configuration]  CURRENT CHANNEL: Channel configuration (range: 36-165)  CHANNEL FIX: The configured channel is configured as fixed and it is not affected by automatic adjustment functions such as RRM. When the <Monitor>  <Access Points>...
  • Page 170: Figure 82. 802.11B/G/N Window For Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.1.5 802.11b/g/n Configuration Configuration using Web UI In the menu bar of <WEC Main Window>, select <Configuration>, select <AP Groups> in the submenu, and then select an AP group to configure. Settings can be configured under the ‘802.11b/g/n’...
  • Page 171 WEC8050 / WEC8500 Operation Manual Version 7.1 To check the configured channel and TX power information, go to <Monitor>  <Access Points>  <Radio>  <802.11b/g/n>. [General]  Max. Allowed Stations on an AP: Define max allowed stationsfor each Radio.
  • Page 172 WEC8050 / WEC8500 Operation Manual Version 7.1  no ssh-enable  overwrite-console  no overwrite-console  console-enable  no console-enable  overwrite-dtls  no overwrite-dtls  dtls-policy  overwrite-led-control  no overwrite-led-control  led-config  overwrite-vlan  no overwrite-vlan ...
  • Page 173 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description information provided by the CAPWAP (unit: seconds). RETRANSMIT-INTERVAL The APC waits for this length of time before retransmitting an echo request message when there is no response. The APC sets double the length of echo-interval as the echo timeout time. If no...
  • Page 174 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description OVERWRITE- If the overwrite-temperature-alarm is activated, the temperature TEMPERATURE-ALARM alarm information set in the AP group is applied to all APs in the group. TEMPERATURE-ALARM-ON- If the temperature of the AP exceeds the Temperature-Alarm-On- LEVEL Level, the temperature alarm occurs.
  • Page 175 WEC8050 / WEC8500 Operation Manual Version 7.1  target-ap: This option is used for selecting APs which will be applied with the changes made to the group settings. If 'all' is selected, changes are applied to all APs and config priority of the APs also change to group. If 'keep-ap-config' is selected, only the APs whose config priority is set to group have the airmove value of the group applied to them.
  • Page 176 WEC8050 / WEC8500 Operation Manual Version 7.1 5) Use the ‘show airmove group [ap_group_name]’ command to check the AP group information. WEC8500# show airmove group default Airmove Group Configurations ---------------------------- Airmove State Disable Target AP Keep Ap Config Scan trigger level...
  • Page 177 WEC8050 / WEC8500 Operation Manual Version 7.1 number-of-channel Set the number of channel required during one time scanning number-of-proreq Set the number of probe request required during one time scanning scan-time-channel Set time required for one channel scanning scan-time-interleave Set interval time required for new...
  • Page 178: Figure 83. Ap Group Ssl Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 Scan trigger level -70 dBm Scanning time for one channel 5 ms Service time during scanning 100 ms Scanning interval time 1000 ms Number of probe requests Number of scanning channels Value of station roam delta WEC8500# Figure 82.
  • Page 179 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description OVERWRITE-IP-SEC If overwrite-ip-sec is enabled, the ip-sec information set for the AP group is applied to all APs within the group. ENABLE Enables/disables the IPSec function. PRIMARY-IP Configures the address of the primary security gateway.
  • Page 180: Figure 84. Advanced Configuration Window For Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 83. Advanced Configuration Window for AP Group page 180 of 673 © Samsung Electronics America...
  • Page 181 WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.2 Configuring Remote AP Group If the APs are located in an area where the APC is not located, those APs must be classified into a separate group for service. The APC can manage the APs in another area by grouping them into a remote AP group.
  • Page 182: Figure 85. Remote Ap Group Add/Remove Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 3) Designate remote AP group properties to the AP group.  group-type remote 4) When the remote AP group is deleted, use the 'no' parameter in front of the ap-group command to delete the remote AP group.
  • Page 183: Figure 86. Local Authentication Configuration Window For Remote Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1  no remote secondary-radius[RADIUS_SERVER_INDEX]  remote tertiary-radius[RADIUS_SERVER_INDEX]  no remote tertiary-radius[RADIUS_SERVER_INDEX] 3) Add or delete users (stations) connecting to the remote AP.  add-user [USER NAME]  no add-user [USER NAME] 4) Execute the ‘show remote-ap-group detail [REMOTE AP GROUP NAME]’ command to check the AP group information.
  • Page 184: Acl-Profile

    WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.2.3 Role-based Access Control Configuration of Remote AP Group Explanation on the configuration of the role based access control of the remote AP group is separately made in the “Role Based Access Control” chapter.
  • Page 185: Figure 87. Window For Configuring Tunneling Forwarding Of Remote Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 86. Window for Configuring Tunneling Forwarding of Remote AP Group 4.2.2.5 Configuring Local Bridging Forwarding of Remote AP Group You can configure the VLAN ID, ACL, and PreAuth ACL to a WLAN set with local bridging among WLANs included in the remote AP group.
  • Page 186: Figure 88. Window For Configuring Local Bridging Forwarding Of Remote Ap Group

    WEC8050 / WEC8500 Operation Manual Version 7.1 4) Use the ‘send-remote-acl-to-ap profile-only’ command to send the ACL Profile information of the remote AP group to APs. 5) Use the ‘send-remote-acl-to-ap all’ command to send the information on the ACL Profile, Tunneling Forwarding and Local Bridging Forwarding of the remote AP group to APs.
  • Page 187 WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.3 AP Time Synchronization per Group The AP can configure its time information using either the time stamp method or the NTP method. In the Time Stamp type, the APC periodically transmits the time of APC to an AP and the AP is operating based on the received time.
  • Page 188: Figure 89. Ap Time Synchronization Configuration Options

    WEC8050 / WEC8500 Operation Manual Version 7.1  add-ntp [NTP_SERVER_ADDRESS]  no add-ntp [NTP_SERVER_ADDRESS]  ntp-interval [NUMBER] 3) Configure the method of transmitting the time information to an AP as ‘ntp’.  mode ntp 4) Use the ‘show apc ap-time-config’ command to check the configured information.
  • Page 189: Figure 90. Adding Access Points

    WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.4 AP Configuration The management interface of APC must be configured for the connection between APC and Wireless Enterprise AP. 4.2.4.1 Configuring MAC address Configuration using CLI To configure AP information, execute the command as follows: 1) Go to configure ...
  • Page 190 WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.4.2 Configuring AP Profile Configuration using CLI To configure an AP profile configuration, execute the command as follows: 1) Go to configure  AP configuration  AP profile mode of CLI. WEC8500# configure terminal...
  • Page 191 WEC8050 / WEC8500 Operation Manual Version 7.1  edge-ap: Configures whether to enable the Edge AP function.  edge-ap-opmode: Smart Handover is enabled as operation mode of the edge AP. In RSSI mode, handover is determined by looking up the RSSI value. In Force mode, handover is performed by force.
  • Page 192 WEC8050 / WEC8500 Operation Manual Version 7.1  ssh-enable: Configures whether to enable the SSH server of an AP.  static-ip [IP_ADDRESS] [NETMASK] [GATEWAY]: Configures the static IP address of an AP.  statistics-timer [TIMER]: Configures the time interval of transmitting the statistics information provided by CAPWAP (unit: seconds) ...
  • Page 193 WEC8050 / WEC8500 Operation Manual Version 7.1  primary-ip  right-subnet  right-subnet-mask  auth-mode  ike-version  ike-lifetime  ipsec-lifetime Parameter Description ENABLE Enables/disables the IPSec function. PRIMARY-IP Configures the address of the primary security gateway. RIGHT-SUBNET Configures the address of the traffic selector for IPSec.
  • Page 194: Figure 91. Ap Profile Setting (1)

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Access Points>  AP selection  <General> menu in the sub-menus. The setting options in the General tab are as follows. Click the <Apply> button to apply the settings.
  • Page 195 WEC8050 / WEC8500 Operation Manual Version 7.1  IP SEC: IPSec service specific features In the menu bar of <WEC Main window>, select <Configuration> and then select the <Access Points>  AP  <Advanced> menu in the sub-menus. he setting options in the Advance tab are as follows. Fill in each item and click the <Apply>...
  • Page 196: Figure 92. Ap Profile Setting (2)

    WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 91. AP Profile Setting (2) 4.2.4.3 AP Mode Configuration Configuration using CLI To configure AP mode, execute the command as follows. 1) Go to configure  AP configuration  AP profile mode of CLI.
  • Page 197: Figure 93. Ap Mode Configuration

    The APC operator can add or remove account information relating to the AP CLI. When the APC is first installed, a default account is provided (id: root, password: samsung). Up to three AP CLI accounts can be added, and at least one account must be configured.
  • Page 198: Figure 94. Ap Cli Account Add/Remove Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using CLI Execute the following commands to configure the AP access account. 1) Go to configure  APC mode of CLI. WEC8500# configure terminal WEC8500/configure# apc WEC8500/configure/apc # 2) Add an AP CLI account.
  • Page 199 WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.4.5 AP SNMP Agent Configuration The APC operator can configure SNMP Agent settings for all APs. Configuration using CLI Execute the following commands to configure the SNMP Agent settings of the AP. 1) Go to configure  snmp  ap mode of CLI.
  • Page 200: Figure 95. Ap Snmp V1/V2C Community Configuration Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description PRIVATE KEY A number in the range of 8 to 20 can be entered. 3) Use the ‘show snmp ap’ command to retrieve the agent information configured for the Configuration using Web UI In the menu bar of <WEC Main Window>, select <Administration>, select <AP>...
  • Page 201 WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.5 Information Management The APC manages the history statistics information, real-time interface statistics information, and tech support information of the AP. AP History Statistics The AP transmits the interface (WAN and WLAN) and CPU load/memory usage statistics information collected for 5 min.
  • Page 202: Figure 97. Ap Ports Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 4.2.5.2 Real-time Interface Statistics Information Configuration using CLI 1) Go to configure  AP configuration. WEC8500# configure terminal WEC8500/configure# ap ap_1 WEC8500/configure/ap ap_1# 2) Configure to make real-time interface statistics information updated periodically.
  • Page 203: Figure 99. Ap Tech Support Information Receiving Window

    WEC8500# configure terminal WEC8500/configure# ap [ap profile name] WEC8500/configure/ap ap_1# tech-support WEC8500/configure/ap ap_1/tech-support# 2) Request the coredump file of the AP. WEC8500/configure/ap ap_1/tech-support# get-coredump (system / radio- coredump) 3) Request the crashfile of the AP. WEC8500/configure/ap ap_1/tech-support# get-crash-file (system / radio-coredump) 4) Request the log file of the AP.
  • Page 204 1) Outdoor APs are not included in the AP count of the APC license. 2) Outdoor APs are not included in the ordinary AP count. 3) The maximum up-ported outdoor AP count is 300 for the WEC8500 model and 75 for the WEC8050 model.
  • Page 205: Figure 100. Outdoor Ap Create Window

    Are you sure you want to continue? (y/n) : y WEC8500/configure/ap ap_1# 3) To check the upgrade file information of the requested AP, use the following command. WEC8500/configure/ap ap_1# show ap upgrade list /* (RC/FR/RC) : RetryCount/FailReason/RebootCause /* Pri : VersionPriority (MD-model,A-AP config)
  • Page 206 - keeping-individual: While maintaining individually configured ap version, perform upgrade for the rest APs. [transfer-protocol] This command selects a transmission protocol that is used to transmit the package file of an AP from the WEC8500 to the AP.  Transfer-protocol [AP TRANSFER MODE] Parameter...
  • Page 207 WEC8050 / WEC8500 Operation Manual Version 7.1 [max-download] This command configures the maximum number of simultaneous downloads when transmitting the package file of an AP from the APC to the AP.  Max-download [COUNT] Parameter Description COUNT Maximum number of simultaneous downloads of AP image...
  • Page 208: Figure 101. Ap Upgrade

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Administrator> and then select <Package Upgrade>  <AP> menu in the sub menu. You can perform AP upgrade in the AP Upgrade tab and configure upgrade related environment in the Advanced tab.
  • Page 209: Figure 103. Ap Upgrade-Individual

    WEC8050 / WEC8500 Operation Manual Version 7.1  SCOPE: Selects upgrade method. To make the AP working as the package immediately after upgrade, select Quick Upgrade. To download the package to the AP, select the Predownload menu.  TARGE AP: Select an AP target to upgrade. If you select <Keeping individual setting>, an AP that is configured as individual is excluded from upgrade.
  • Page 210: Figure 104. Ap Upgrade-Advanced

    WEC8050 / WEC8500 Operation Manual Version 7.1 [Advanced tab] Configures AP upgrade related environment settings. Figure 103. AP upgrade-advanced  TRANSFER MODE: Selects a protocol that transmits an AP package.  MAX DOWNLOAD: Configures maximum number of sessions that can be downloaded simultaneously.
  • Page 211: Figure 105. Remote Ap Group Upgrade Activation_1

    WEC8050 / WEC8500 Operation Manual Version 7.1 CLI for checking configuration: WEC8500 # show remote-ap-group upgrade config rUpgrade ================== Remote Ap Group Upgrade Config ================= Group Name : rUpgrade Enable : Enable Type : Default Mode : FTP Path : package/ap...
  • Page 212: Figure 106. Remote Ap Group Upgrade Activation_2

    WEC8500/configure/ap-group rUpgrade# remote WEC8500/configure/ap-group rUpgrade/remote# upgrade WEC8500/configure/ap-group rUpgrade/remote/upgrade# select-masterAP ap_1 WEC8500/configure/ap-group rUpgrade/remote/upgrade# delete-masterAP [weafama/weafamb] CLI for checking configuration: WEC8500# show remote-ap-group upgrade config rUpgrade ================== Remote Ap Group Upgrade Config ================= Group Name : rUpgrade Enable : Enable Type Default...
  • Page 213: Figure 107. Checking Master Ap Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 WEC8500# show remote-ap-group upgrade list rUpgrade /* (RC/FR/RC) : RetryCount/FailReason/RebootCause AP_ID Model Version(config/current) Status(RC/FR/RC) MasterAp WEA303i Global/1.7.0.U2 None( 0/ 0/128) MasterApCfg WEA312i Global/1.7.0.U2 None( 0/ 0/146) WEA303i Global/1.7.0.U1 None( 0/ 0/146) Configuration using Web UI Administration >...
  • Page 214 WEC8500/configure/ap-group rUpgrade# remote WEC8500/configure/ap-group rUpgrade/remote# upgrade WEC8500/configure/ap-group rUpgrade/remote/upgrade# select-package weafama weafama_1.7.0.U.bin WEC8500/configure/ap-group rUpgrade/remote/upgrade#delete-package [weafama/weafamb] CLI for checking configuration: WEC8500# show remote-ap-group upgrade config rUpgrade ================== Remote Ap Group Upgrade Config ================= Group Name : rUpgrade Enable : Enable Type : Default...
  • Page 215: Figure 109. Ap Package Configuration

    WEC8500/configure# ap-group rUpgrade WEC8500/configure/ap-group rUpgrade# remote WEC8500/configure/ap-group rUpgrade/remote# upgrade WEC8500/configure/ap-group rUpgrade/remote/upgrade# start WEC8500/configure/ap-group rUpgrade/remote/upgrade# stop CLI for checking configuration: WEC8500# show remote-ap-group upgrade config rUpgrade ================== Remote Ap Group Upgrade Config ================= Group Name : rUpgrade Enable : Enable Type...
  • Page 216: Figure 110. Starting Ap Upgrade

    ForceOption : Disable weafama : ap_1 (APID:1, IP:10.10.10.160) : weafama_1.7.0.U.bin (1.7.0.U) weafamb : (APID:0, IP:0.0.0.0) : () WEC8500# show remote-ap-group upgrade list rUpgrade /* (RC/FR/RC) : RetryCount/FailReason/RebootCause AP_ID Model Version(config/current) Status(RC/FR/RC) MasterAp WEA303i Remote/1.7.0.U2 DownloadSuccess( 0/ 0/128) MasterApCfg WEA312i Remote/1.7.0.U2 DownloadSuccess( 0/ 0/146) - WEA303i Remote/1.7.0.U2...
  • Page 217 Configuration using CLI Example: WEC8500# configure terminal WEC8500/configure# ap-group rUpgrade WEC8500/configure/ap-group rUpgrade# remote WEC8500/configure/ap-group rUpgrade/remote# reboot upgrade CLI for checking configuration: WEC8500# show remote-ap-group upgrade config rUpgrade ================== Remote Ap Group Upgrade Config ================= Group Name : rUpgrade Enable : Enable Type...
  • Page 218: Figure 111. Restarting And Upgrading Ap

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI Administration > Package Upgrade > Remote AP Group Example: Figure 110. Restarting and Upgrading AP page 218 of 673 © Samsung Electronics America...
  • Page 219 WEC8050 / WEC8500 Operation Manual Version 7.1 CHAPTER 5. WLAN Management This chapter describes how to create and configure WLAN that is the most fundamental basis for Wireless Enterprise wireless LAN service. WLAN Configuration 5.1.1 Basic WLAN Configuration The WLAN profile helps configure and manage the WLAN connection service of an AP in the APC.
  • Page 220 WEC8050 / WEC8500 Operation Manual Version 7.1 A newly created WLAN is added to the ‘default’ AP group if the WLAN ID is in the range of 1-16. If its WLAN ID is 17 or above, the WLAN is not included in the AP group.
  • Page 221: Figure 112. Wlan Basic Configuration (1)

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs> menu in the sub-menus. Select a WLAN ID to change in the WLANs screen and go to the <General>...
  • Page 222 WEC8050 / WEC8500 Operation Manual Version 7.1  AAA OVERRIDE: If the WLAN is enabled with the device authentication function using a AAA server, the AAA-override function can be enabled so that the user- specific settings configured in the AAA server are applied with priority over the APC settings.
  • Page 223 WEC8050 / WEC8500 Operation Manual Version 7.1 6) Select a radio bandwidth to provide the WLAN service.  radio [RADIO] Parameter Description RADIO - 1: 5 GHz - 2: 2.4 GHz - 3: Supports both 5/2.4 GHz 7) Select whether to provide the SSID as hidden. If it is set to ‘hidden’, the SSID is not found when other devices do searching.
  • Page 224 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs> menu in the sub-menus. For more information about configuration, see ‘5.1 Basic WLAN Configuration’.
  • Page 225 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs> menu in the sub-menus. Select a WLAN ID to change in the WLANs screen and go to the <Advanced>...
  • Page 226 3) Go to AP configuration mode to change to a Root AP. WEC8500/configure# ap ap_1 4) Configure it to a Root AP. WEC8500/ configure/ap ap_1# profile ap-mode rootAp 5) Restart the configured AP. page 226 of 673 © Samsung Electronics America...
  • Page 227 WEC8050 / WEC8500 Operation Manual Version 7.1 [Changing to Repeater AP] The procedure of changing a Wireless Enterprise AP to a Repeater AP is as follows: 1) Go to the configure mode of the CLI. WEC8500# configure terminal 2) Check the registered AP list.
  • Page 228 WEC8050 / WEC8500 Operation Manual Version 7.1 In the menu bar of <WEC Main window>, select <Configuration> and then select the <Access Points>  AP selection  <General> menu in the sub-menus. After selecting AP MODE item, click the <Apply> button and restart the AP.
  • Page 229 WEC8050 / WEC8500 Operation Manual Version 7.1 5.1.5 MCS Configuration Management by WLAN This is a function of configuring data rate and MCS by WLAN. You can configure MCS, etc. by each WLAN differently because it is necessary to configure MCS, etc. differently depending on the types of services such as FMC.
  • Page 230 WEC8050 / WEC8500 Operation Manual Version 7.1 5) Configure the 802.11ac Modulation and Coding Scheme (MCS) rate. Only 5G bandwidth for 802.11ac MCS is configurable. WEC8500/configure/wlan 1/80211a# mcs-11ac num-ss 2/3 enter the maximum MCS(7~9) for 1 spatial stream(s): 7 the maximum MCS : 7...
  • Page 231 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 117. MCS by WLAN: 802.11b/g/n Configuration Management window page 231 of 673 © Samsung Electronics America...
  • Page 232 WEC8050 / WEC8500 Operation Manual Version 7.1 Local Switching The APC provides the local switching function to support a service to an individual network such as a branch office. The local switching function enables an AP to be connected to WAN for external connection in an individual network where the APC is not installed.
  • Page 233 WEC8050 / WEC8500 Operation Manual Version 7.1 WEC8500# configure terminal WEC8500/configure# ap ap_1 WEC8500/configure/ap ap_1# profile WEC8500/configure/ap ap_1/profile#  local-bridging [WLAN_ID][VLAN_ID/ACL_NAME/PRE_AUTH_ACL_NAME] Parameter Description WLAN_ID WLAN ID (Range: 1-254) (available only for WLANs the tunnel-mode of which is local-bridging) VLAN_ID VLAN ID (Range: 1-4094)
  • Page 234 WEC8050 / WEC8500 Operation Manual Version 7.1 In the menu bar of <WEC Main window>, select <Configuration> and then select the <Access Points> menu in the sub-menus. In the Access Points screen, select an AP to change and go to the <Remote AP> tab.
  • Page 235 WEC8050 / WEC8500 Operation Manual Version 7.1 Security and Authentication The Samsung Wireless Enterprise AP/APC supports the security and authentication function defined in the IEEE 802.11-based wireless LAN security standard and its main mechanism is as follows:  Wired Equivalent Privacy (WEP) ...
  • Page 236 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs> menu in the sub-menus. Select a WLAN ID to change in the WLANs screen and go to the <Security>...
  • Page 237 WEC8050 / WEC8500 Operation Manual Version 7.1 Item Description - 64-characters of hexadecimal value PMK LIFETIME PMK effective time (unit: s, range: 0-1000000, default: 43200) EAPOL REAUTHENTICATION EAP re-authentication interval (unit: s, range: 0-100000, PERIOD default: 0) PROTECTED MANAGEMENT Protected management frames (802.11w) function...
  • Page 238 WEC8050 / WEC8500 Operation Manual Version 7.1 2) Go to security configuration mode and initialize the configuration. WEC8500/configure/wlan 1# security WEC8500/configure/wlan 1/security# setDefault 3) Configure the WPA type. WEC8500/configure/wlan 1/security# [WPA_TYPE] Parameter Description WPA_TYPE WPA type (wpa/wpa2): WPA Version 2 must be enabled at all times.
  • Page 239 WEC8050 / WEC8500 Operation Manual Version 7.1 6) Configure the key management algorithm to PSK. WEC8500/configure/wlan 1/security# keymgmt psk 7) Disable the 802.1x key management algorithm. WEC8500/configure/wlan 1/security# no keymgmt ieee8021x 8) Disable the 802.1x authentication. WEC8500/configure/wlan 1/security# no ieee8021x 9) After applying the changed configuration, exit the security configuration mode.
  • Page 240 WEC8050 / WEC8500 Operation Manual Version 7.1 For more information about detail configuration item, see ‘5.3.1 Initialization of WLAN Security Function’. 5.3.3 WPA/WPA2 802.1x Configuration The WPA/WPA2 802.1x, one of wireless LAN authentication types does authentication through an authentication server such as a Remote Authentication Dial-In User Service (RADIUS) server.
  • Page 241 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description configured before. WPA Version 2 must be enabled at all times. - wpa: WPA Version 1 - wpa2: WPA Version 2 ENC_TYPE Encryption type (tkip/ ccmp) - tkip: TKIP type. TKIP cannot be configured for WPA Version 2.
  • Page 242 WEC8050 / WEC8500 Operation Manual Version 7.1 10) After applying the changed configuration, exit the security configuration mode. WEC8500/configure/wlan 1/security# apply WEC8500/configure/wlan 1/security# exit 11) To check the configuration information, use the following command. WEC8500/configure# show wlan security summary 12) To check configuration information, use the ‘show wlan security summary’ command.
  • Page 243 WEC8050 / WEC8500 Operation Manual Version 7.1 Item Description ACCOUNTI Enable/ Whether the accounting function is enabled. Disable - Enable: The accounting function is enabled. SERVER - Disable: The accounting function is disabled. RADIUS Accounting server that will be used as the first priority SERVER 1 (Can select one out of pre-configured RADIUS servers.)
  • Page 244 WEC8050 / WEC8500 Operation Manual Version 7.1 5.3.4 Static WEP Configuration The WEP is a security algorithm defined in the initial wireless LAN standard. It provides security by using a cryptographic key and Initial Vector (IV) to encrypt the wireless transmission data exchanged between an AP and a wireless terminal connected to a wireless LAN.
  • Page 245 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description KEY_TYPE WEP key Input format of WEP cryptographic key (ascii/hex) - ASCII: ASCII character string - HEX: Hexadecimal value KEY STRING WEP cryptographic key KEY_INDEX Key index (range: 1-4) KEY_LENGTH Key length (Bit unit)
  • Page 246 WEC8050 / WEC8500 Operation Manual Version 7.1 5.3.5 Dynamic WEP Configuration The Dynamic WEP is a security algorithm that improves the security vulnerabilities of a static WEP by using 802.1x authentication. Unlike the static WEP that is based on a configured fixed key, it creates a cryptographic key by executing 802.1x authentication...
  • Page 247 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description RADIUS_SERVER_ID_LIST RADIUS server ID list (Up to 3 IDs can be configured.) 6) After enabling the RADIUS server function for accounting, specify the index of account RADIUS server. The RADIUS server information must be configured in advance.
  • Page 248 WEC8050 / WEC8500 Operation Manual Version 7.1 Select the L2 Security Type as Dynamic WEP. After configuring the rest values as required, click the <Apply> button. For more information about detail configuration item of L2 tab, see ‘5.3.1 Initialization of WLAN Security Function’.
  • Page 249 WEC8050 / WEC8500 Operation Manual Version 7.1 DHCP Configuration The DHCP service of APC consists of DHCP server, DHCP relay, and DHCP proxy. 5.4.1 DHCP Server 5.4.1.1 DHCP Server Configuration A DHCP server in the APC dynamically allocates an IP address to a client.
  • Page 250 To configure the DHCP Pool related function, execute the command as follows to go to the DHCP pool mode. WEC8500# configure terminal WEC8500/configure # ip dhcp pool test WEC8500/configure/ip/dhcp/pool test# [Configuring IP address] Before configuring a DHCP pool, you should configure a network first. If the network is not configured, you cannot execute other commands.
  • Page 251 DNS Server’s IP address IP_ADDRESS [Configuring Domain Name] This command configures or deletes a domain name.  domain-name [DOMAIN]  no domain-name [DOMAIN] Parameter Description DOMAIN Domain name to configure (e.g. samsung APC.co.kr) page 251 of 673 © Samsung Electronics America...
  • Page 252 WEC8050 / WEC8500 Operation Manual Version 7.1 [Configuring Fixed IP Address to MAC Address] This command configures a fixed IP address to a specific MAC address or deletes the configuration. The ‘range’ of IP address to configure cannot be overlapped with the IP range and maximum 255 IP addresses can be configured.
  • Page 253 WEC8050 / WEC8500 Operation Manual Version 7.1 [Ping check] When a DHCP server allocates an IP address to a client, ping check can be used to check if an IP address to allocate is being used in the current network.
  • Page 254 - no user-option [1-254] ipaddress A.B.C.D [active/passive] no user-option all Deletes all the configured options. A usage example is given below. WEC8500/configure/ip/dhcp/pool test# user-option 3 string “hi, there” active WEC8500/configure/ip/dhcp/pool test# user-option 200 octet 33:4A:5C:6F:DD passive WEC8500/configure/ip/dhcp/pool test# user-option 201 int -3000...
  • Page 255 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <DHCP>  <Internal Server> menu in the sub-menus. Click the <Add> or <Delete> button to add or delete a DHCP pool.
  • Page 256 WEC8050 / WEC8500 Operation Manual Version 7.1  POOL NAME: DHCP pool name (mandatory input item)  NETWORK: Network bandwidth IP that a DHCP server will serve (mandatory input item)  MASK: Netmask length IP of an IP that is entered into the NETWORK item (mandatory input item) ...
  • Page 257 The relay and proxy are operating in the switching mode. If a proxy is not used, it is operating in the relay mode. WEC8500/configure # no ip dhcp-proxy enable 3) To check the configured DHCP information, use the ‘show ip dhcp-proxy’ command.
  • Page 258 WEC8050 / WEC8500 Operation Manual Version 7.1 5.4.3 DHCP Proxy The procedure of changing to the DHCP proxy is as follows. Configuration using CLI The CLI configuring a DHCP proxy is located as a command under ‘ip dhcp-proxy’ in the configure mode.
  • Page 259 WEC8050 / WEC8500 Operation Manual Version 7.1 5.4.4 Option 82 Configuration The APC uses the DHCP Option 82 to provide various services during IP allocation by forwarding the information such as access control, QoS, or security policy, etc. when a wireless terminal connected to an AP receives an IP address.
  • Page 260 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Interfaces> menu in the sub-menus. In the interface, you can see the page where you can change the Option 82.
  • Page 261 WEC8050 / WEC8500 Operation Manual Version 7.1 5.4.5 Primary/Secondary Server Configuration The DHCP relay/proxy can transmit a DHCP packet received from a client through broadcast to maximum two DHCP servers. Here, the two servers are called a primary server and a secondary server.
  • Page 262 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI [Configuration at Interface] In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Interfaces> menu in the sub-menus. In the interface, you can see the page where you can change the Option 82.
  • Page 263 WEC8050 / WEC8500 Operation Manual Version 7.1 [Configuration at Global] In the menu bar of <WEC Main window>, select <Configuration> and then select the <DHCP>  <Proxy> menu in the sub-menus. Configure the PRIMARY SERVER and SECONDARY SERVER of the Global Parameter.
  • Page 264 WEC8050 / WEC8500 Operation Manual Version 7.1 Radio Service Configuration The APC supports WLAN-based radio configuration. You can enable or disable WMM based on WLAN and change DTIM and station idle timeout. Configuration using CLI 1) Go to configure  wlan-radio-service mode of CLI.
  • Page 265 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs> menu in the sub-menus. Select a WLAN ID to change in the WLANs screen and go to the <Advanced>...
  • Page 266 WEC8050 / WEC8500 Operation Manual Version 7.1 CHAPTER 6. Wi-Fi Configuration This chapter describes how to manage the 802.11a, 80211.bg, 802.11n or 80211ac device of Wireless Enterprise AP. An 802.11n device supports 2.4 GHz and 5 GHz wireless bandwidth and high data processing speed.
  • Page 267 WEC8050 / WEC8500 Operation Manual Version 7.1 3) Configure channel of multiple APs belonging to the group.  channel [CHANNEL] group [GROUP_ID] all-ap/active-ap: Channel is configured for multiple APs.  channel [CHANNEL] group [GROUP_ID] all-ap/active-ap fixed: Channel is fixed and is not affected by automatic adjustment functions such as RRM. (Channel values are indicated as * when retrieved by ‘show 80211a summary’...
  • Page 268 WEC8050 / WEC8500 Operation Manual Version 7.1 6) To check the configured channel and TX power information, use the following command. WEC8500# show 80211a[|80211bg] summary AP Name MAC Address Operation State Channel TxPower ----------------- ----------------- --------------- -------- -------- AP_f4d9fb23bfb9 F4:D9:FB:23:BF:B9 1...
  • Page 269 WEC8050 / WEC8500 Operation Manual Version 7.1 11) Configure the bandwidth of the AP. Bandwidth can be configured only for 80211a/n/ac.  bandwidth [BANDWIDTH] ap [AP_ID]: Bandwidth is configured for a specific AP.  bandwidth [BANDWIDTH] global: Bandwidth is configured for all APs.
  • Page 270 WEC8050 / WEC8500 Operation Manual Version 7.1  CHANNEL FIX: The configured channel is configured as fixed and it is not affected by the automatic adjustment function such as RRM. When selecting the <Monitor>  <Access Points>  <Radio>  <802.11a/n/ac> or <802.11b/g/n> menu, the channel value is displayed as *.
  • Page 271 WEC8050 / WEC8500 Operation Manual Version 7.1  Supported: A connected terminal that supports the supported rate can communicate with an AP at the supported rate.  Data Rates: data rate  Range for 80211a: 6, 9, 12, 18, 24, 36, 48, or 54 Mbps ...
  • Page 272 WEC8050 / WEC8500 Operation Manual Version 7.1 6.1.2 802.11n Configuration The 802.11n configuration is as follows: Configuration using CLI 1) Go to configure  radio mode (80211a or 80211bg) to configure of CLI. WEC8500# configure terminal WEC8500/configure# 80211a 2) Go to the 11n-support mode.
  • Page 273 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Access Points>  <802.11a/n/ac> or <802.11b/g/n>  <General> menu in the sub- menus. Select <Configuration> in the menu bar of <WEC Main Window> and select <WLANs>...
  • Page 274 Applies to all APs in the group active-ap Applies to all live APs in the group 4) Configure the Modulation and Coding Scheme (MCS) rate. WEC8500/configure/80211a/11ac-support# mcs num-ss [SPATIAL STREAM ] global Parameter Description SPATIAL STREAM Number of spatial streams (range: 2~3)
  • Page 275 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main Window>, select <Configuration> and select <Access Points>  <802.11a/n/ac> or <802.11b/g/n>  <General> submenus. Select <Configuration> in the menu bar of <WEC Main Window> and select <WLANs>...
  • Page 276 WEC8050 / WEC8500 Operation Manual Version 7.1 [OPERATIONAL TYPE] Enable/disable 11ac operation. [VHT (802.11AC) MCS SETTING]  Determine the spatial stream count for each AP model and enter maximum MCS value for each spatial stream count.  Example: maximum of seven MCS for one spatial stream, maximum of eight MCS for two spatial streams, and maximum of nine MCS for three spatial streams ...
  • Page 277 WEC8050 / WEC8500 Operation Manual Version 7.1 Wi-Fi QoS Configuration The APC provides various QoS in the wire/wireless section for every packet type (voice, video, best-effort, or background). The QoS can be configured for each wireless section (2.4 GHz, 5 GHz).
  • Page 278 WEC8050 / WEC8500 Operation Manual Version 7.1 [Wired tab] Figure 145. QoS configuration of a wireless terminal (1) [Wireless tab] Figure 146. QoS configuration of a wireless terminal (2) page 278 of 673 © Samsung Electronics America...
  • Page 279 WEC8050 / WEC8500 Operation Manual Version 7.1 6.2.2 QoS Configuration of AP 6.2.2.1 Wire Section The APC provides QoS in a wire section using 802.1p and Differentiated Services Code Point (DSCP) marking and it can adjust packet traffics because it can adjust queue length depending on packet type.
  • Page 280 WEC8050 / WEC8500 Operation Manual Version 7.1 4) Configure a default DSCP value per packet.  dscp-tag [PACKET_TYPE] [DSCP TAG] Parameter Description PACKET_TYPE Packet type configuration (voice/video/best_effort/background) DSCP_TAG Default DSCP value 5) Configure a protocol to distinguish packet types. ...
  • Page 281 WEC8050 / WEC8500 Operation Manual Version 7.1 4) Select one out of None/802.1p/DSCP in the PROTOCOL drop-down list. 5) Enter 802.1p or a DSCP value into the QoS Default Values. 6) Click the <Apply> button to apply. 6.2.2.2 Wireless Section The system can provide QoS service in a wireless section for each AP downward packet type (voice, video, best effort, background).
  • Page 282 WEC8050 / WEC8500 Operation Manual Version 7.1 In the Access Point tab, enter 802.1p or a DSCP value into the QoS Default Values. Click the <Apply> button to apply. 6.2.3 Configuring QoS Profile of a Specific Terminal You can configure a QoS profile that is applied to a specific wireless terminal.
  • Page 283 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <User QoS> menu in the sub-menus. To create a QoS profile to apply to a terminal, click the <Add>...
  • Page 284 WEC8050 / WEC8500 Operation Manual Version 7.1 6.2.4 Voice Optimization Configuration The APC configures an EDCA parameter value that is optimized for voice service to an AP in real-time. Configuration using CLI 1) Go to configure  radio cvo mode to configure of CLI.
  • Page 285 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 150. Configuring voice optimization by each AP Group 3) Configure for each AP In the menu bar of <WEC Main window>, select <Configuration> and then select the <Radio>  <802.11a/n> or <802.11b/g/n>  <General> menu in the sub- menus.
  • Page 286 WEC8050 / WEC8500 Operation Manual Version 7.1 802.11h Configuration The APC supports the configuration and transmission power limitation for the Dynamic Frequency Selection (DFS) function in an AP. When the AP detects radar, an event is sent to the WEM and a detouring channel can be configured in the AP.
  • Page 287 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Radio>  <802.11a/n>  <802.11h> menu in the sub-menus. Figure 152. Configuring 802.11h  POWER CONSTRAINT: Power constraint value (0-100) ...
  • Page 288 WEC8050 / WEC8500 Operation Manual Version 7.1 Country Code You can use a country code to restrict the number of channels that can be used in an AP and the maximum transmission power of each channel. Configuration using CLI To configure the country code function, go to country mode first by executing the following command.
  • Page 289 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description AP group ID AP group ID (range: 1-3000) COUNTRY_CODE Country code to configure VALUE Environment configuration (both/outdoor/indoor/none) To check the configuration information, use the ‘show country group-config[AP group ID]’command. [Editing Country Code] You can add or delete an operation channel per country and change maximum transmission power per channel.
  • Page 290 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>  <Country> menu in the sub-menus. Figure 153. Country code window (1) [Global Country Code Configuration] 1) Select a country in the DEFAULT COUNTRY drop-down list of Configured Country Code item.
  • Page 291 WEC8050 / WEC8500 Operation Manual Version 7.1 [AP Country Code Configuration] In the menu bar of <WEC Main window>, select <Configuration> and then select the <Access Points>  <Advanced> menu in the sub-menus. Figure 154. AP Country Code Configuration After selecting COUNTRY and ENVIRONMENT, click the <Apply> button.
  • Page 292 WEC8050 / WEC8500 Operation Manual Version 7.1 CHAPTER 7. WLAN Additional Services This chapter covers how to configure WLAN additional services such as wireless terminal management, spectrum analysis, Call Admission Control (CAC) and Radio Resource Management (RRM), etc. Managing Wireless Terminal 7.1.1...
  • Page 293 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Monitor> and then select the <Stations> menu in the sub-menus. The brief information of each station is displayed in the window.
  • Page 294 AirMove handover is performed by the collaboration between wireless terminals compatible with the APC. Therefore, the packet loss or handover time is optimized. Some Samsung smartphones such as Galaxy S2 or S3, etc. provide the AirMove function.
  • Page 295 WEC8050 / WEC8500 Operation Manual Version 7.1 AirMove Configuration Item Description scan interleaving time Configures the scanning interval of a wireless terminal. - OPTION: scan-time-interleave - OPTION_DETAIL: Time (ms) Service time in scanning period Configures a period when an wireless terminal transmits/receives an actual data traffic after scanning.
  • Page 296 WEC8050 / WEC8500 Operation Manual Version 7.1 [AirMove Enable/Disable Configuration] The AirMove is enabled by default, so use the following command to disable it.  no handover mode NCHO To check the configuration information, use the ‘show handover configuration’ command.
  • Page 297 WEC8050 / WEC8500 Operation Manual Version 7.1 Call Admission Control (CAC) Configuration The CAC function is provided to protect existing calls from the calls incoming to a wireless LAN. The APC does not allow an additional call when maximum allowed number of calls per radio is reached.
  • Page 298 WEC8050 / WEC8500 Operation Manual Version 7.1 2) Enable the SIP ALG. APC/configure# sipalg enable 3) To check the configuration information, use the ‘show sipalg configuration’ command. Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Controller>...
  • Page 299 WEC8050 / WEC8500 Operation Manual Version 7.1 7.3.2 Voice CAC Configuration To protect existing calls, the voice CAC function configures maximum allowed number of calls and rejects any call request when the maximum number is exceeded. You can configure the number of marginal voice calls for handover.
  • Page 300 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Radio> <802.11a/n> or <802.11b/g/n>  <Admission Control> menu in the sub- menus. Figure 159. Admission control configuration of 802.11a/n After configuring the below item in the Call Admission Control, click the <Apply>...
  • Page 301 WEC8050 / WEC8500 Operation Manual Version 7.1 7.3.3 Video CAC Configuration To protect existing video calls, the video CAC function configures the maximum allowed number of video calls and rejects any call request when the maximum number is exceeded. You can configure the number of marginal calls for handover.
  • Page 302 WEC8050 / WEC8500 Operation Manual Version 7.1 6) Configure the maximum allowed usage of channels.  max-chan-util [VALUE] Parameter Description VALUE Maximum allowed usage of channels 7) Configure the usage of marginal channels with consideration for handover.  reserved-ho-chan-util [VALUE]...
  • Page 303 WEC8050 / WEC8500 Operation Manual Version 7.1 consideration for handover (range: 0-25) page 303 of 673 © Samsung Electronics America...
  • Page 304 WEC8050 / WEC8500 Operation Manual Version 7.1 Radio Resource Management (RRM) RRM performs automatic setup function for AP’s channel and Tx Power. RRM is functionally divided into Dynamic Channel Selection (DCS), Dynamic Power control (DPC), and Coverage Hole Detection and Control (CHDC). The DCS automatically sets the channels of the APs.
  • Page 305 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Radio>  <802.11a/n/ac> or <802.11b/g/n>  <RRM> menu in the sub-menus. Enable or disable the RRM service at the top of the menu. The RRM can be set in either 802.11a/n/ac screen or 802.11b/g/n screens.
  • Page 306 7) Execute the following command to change the Tx Power range which is automatically set by DPC. The default minimum is 3 and the default maximum is 30 for both 80211a and 80211b. WEC8500/configure/rrm/80211a/dpc# txPower min [value] max [value] 8) Check the settings using the ‘show rrm config-summary’ command. Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration>...
  • Page 307 WEC8050 / WEC8500 Operation Manual Version 7.1 7.4.3 DCS Configuration This section describes the setting options of the DCS function which automatically sets the channel of the AP. Configuration using CLI 1) Go to configure  rrm configuration mode of CLI.
  • Page 308 4, end time 5. If both start time and end time are set to the same time, Anchor Run function is disabled. WEC8500/configure/rrm/80211a/dcs# anchor-time start [value] end [value] 9) Execute the following command to change the channels that is automatically set by the DCS.
  • Page 309 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Radio>  <802.11a/n/ac> or <802.11b/g/n>  <RRM> menu in the sub-menus. Enable or disable the DCS in the SERVICE field in Dynamic Channel Selection.
  • Page 310 WEC8050 / WEC8500 Operation Manual Version 7.1 WEC8500/configure/rrm/80211a/chdc# statsCollectEnable Success: DBI set for DPC 11A Stats collect Enable : 1 5) If a coverage hole is estimated from the statistics for the pre-alarm function, a warning can be transmitted. After entering into the chdc configuration mode, complete configuration (statsWarningEnable).
  • Page 311 WEC8050 / WEC8500 Operation Manual Version 7.1 10) Configure a value that requests an interval to an AP to collect statistics for the pre- alarm function. The default is 120 seconds and it can be 30~3600 seconds. WEC8500/configure/rrm/80211a/chdc# statsCollectInterval 60...
  • Page 312 WEC8050 / WEC8500 Operation Manual Version 7.1 Statistics Action Enable Enabled Enabled RSSI Voice Threshold RSSI Data Threshold Minimum Failed Client Count Percentage Min. Failed Count Minimum Idle time-out Count Statistics Collect Interval Neighbor List Management -------------------- ----------------- WLAN Neighbor Priority...
  • Page 313 WEC8050 / WEC8500 Operation Manual Version 7.1 7.4.5 Sleeping Cell Detection This is a function that allows the APC to detect the statuses of APs that are not performing basic functions and transmit an alarm/warning. Configuration using CLI 1) Enable/Disable: Configure whether the silent alarm detection function will be performed.
  • Page 314 WEC8050 / WEC8500 Operation Manual Version 7.1 WEC8500/configure/rrm/sleep-cell-detect# period_all page 314 of 673 © Samsung Electronics America...
  • Page 315 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI From the menu bar of <WEC Main Window>, select <Configuration> and then select <Radio>  <Advanced>  <Sleeping Cell Detection> in the submenus. page 315 of 673 © Samsung Electronics America...
  • Page 316 WEC8050 / WEC8500 Operation Manual Version 7.1 7.4.6 Energy Saving Groups  The purpose is to reduce the power consumption of the APC by turning off the RF radios of APs without any connected STA at a specific time when the number of STAs connected to the APC drops drastically.
  • Page 317 WEC8050 / WEC8500 Operation Manual Version 7.1 6) DEL-AP: Delete AP members from the energy saving group. WEC8500/configure/rrm/energy-saving-group 1# del-ap Configuration using Web UI From the menu bar of <WEC Main Window>, select <Configuration> and then select <Radio>  <Advanced>  <Energy Saving Groups>  <GROUP NAME> in the submenus.
  • Page 318 WEC8050 / WEC8500 Operation Manual Version 7.1 Up to 20 groups can be designated (Same as WEC8500/WEC8050). Energy Saving Auto Classification is not a method under which the operator configures a standby group but a method under which the system automatically classifies an energy saving group by using the analysis of each AP.
  • Page 319 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select <Radio>  <Advanced>  <Energy Saving>  <Automatic Classification> menus in the sub-menus. page 319 of 673...
  • Page 320 WEC8050 / WEC8500 Operation Manual Version 7.1 Location Tracking The APC tracks the location information of several terminals in a wireless LAN network based on the wireless data collected from Wireless Enterprise wireless LAN APs. To configure the location tracking function, execute the command as follows: 7.5.1...
  • Page 321 WEC8050 / WEC8500 Operation Manual Version 7.1 3) The scanning interval for location tracking can be configured using the following command.  scan-report-intv[NUM] Parameter Description NUM (range: 5-3600) default: 10 4) To check the configuration information, execute the following command.
  • Page 322 WEC8050 / WEC8500 Operation Manual Version 7.1 Spectrum Analysis A non-802.11 device such as a microwave oven, bluetooth, or Closed Circuit Television (CCTV), etc. deteriorates data transmitting/receiving performance because it causes interference in a wireless LAN environment. As a function that measures surrounding interference, the spectrum analysis analyzes wireless or Radio Frequency (RF) signals to resolve interference problem instantly.
  • Page 323 WEC8050 / WEC8500 Operation Manual Version 7.1 Operational Status....... Up Map Location........Channel Information: Channel Interval........2000 ms Channel........... 1 2 3 4 5 6 7 8 9 10 11 12 13 Channel ID........... 1 ----------------------------- Num Maximum RSSI Average RSSI...
  • Page 324 WEC8050 / WEC8500 Operation Manual Version 7.1 IP Address........100.100.100.220 Mode..........General Operational Status....... Up Map Location........Affected Channels: Channel Interval......... 2000 ms Channel.......... 1 2 3 4 5 6 7 8 9 10 11 12 13 Real Time Duty Cycle Report:...
  • Page 325 WEC8050 / WEC8500 Operation Manual Version 7.1 802.11bgn Video Camera......Enabled ZigBee........... Enabled 802.11an Continuous Transmitter....Enabled 802.11an DECT-like Phone......Enabled 802.11an Video Camera......Enabled Real Time Interference Report: Number of Interferers......... 1 Num Evoke Time Interferer Type RSSI Minimum Frequency Maximum...
  • Page 326 WEC8050 / WEC8500 Operation Manual Version 7.1 [Enable/Disable Spectrum] The command that enables or disables the spectrum analysis function is shown below.  service [MODE] Parameter Description MODE Enables or disables spectrum analysis - enable: Enable (default) - disable: Disable [Spectrum Analysis Report Configuration] The command used to enable or disable each spectrum analysis data item is shown below.
  • Page 327 WEC8050 / WEC8500 Operation Manual Version 7.1 7.6.3 Interference Type Configuration The interference type of 2.4 GHz or 5 GHz that can be detected by the Wireless Enterprise wireless LAN is shown below. Wireless bandwidth Interference type 2.4 GHz continuous_transmitter, cordless_phone, video_camera...
  • Page 328 WEC8050 / WEC8500 Operation Manual Version 7.1 Controlling Usage per User A wireless terminal can control traffic usage per user by receiving a QoS profile that specifies traffic usage (bandwidth) from the RADIUS server at the authentication stage. You can configure upward and downward usage per wireless terminal.
  • Page 329 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <QoS> menu in the sub-menus. To create a QoS profile to apply to a terminal, click the <Add>...
  • Page 330 WEC8050 / WEC8500 Operation Manual Version 7.1 Remote Packet Capture APC can capture a packet exchanged between the wireless terminals on a remote PC in real-time by using the remote packet capture protocol. To configure the remote packet capture function, you must go to the pcap mode by...
  • Page 331 WEC8050 / WEC8500 Operation Manual Version 7.1 Starting Service You must start the remote packet capture service to connect to a device using a program that supports the remote packet capture protocol on a remote PC. The related commands are given below.
  • Page 332 [Cluster Setting] To use the clustering function, you must configure each APC according to the following procedure. Maximum 12 WEC8500 can be grouped in a cluster. Maximum 2 WEC8050 can be grouped in a cluster. 1) Go to the configure mode of the CLI.
  • Page 333 WEC8050 / WEC8500 Operation Manual Version 7.1 ENABLE : YES OWN-APC-INDEX ======================================================== [Adding APC to APC List] To add an APC to the cluster, the APC must be added to the APC list first. APC information is automatically added to the APC list.
  • Page 334 WEC8050 / WEC8500 Operation Manual Version 7.1 [Deleting APC from cluster] Delete the APC added in cluster. To delete an APC from a cluster, you must delete the APC from the cluster configuration of all the APCs in the cluster.
  • Page 335 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Mobility Management>  <Clustering> menu in the sub-menus. The Clustering window is shown below. Figure 167. Clustering window Configure a clustering configuration value in the <Information>...
  • Page 336 WEC8050 / WEC8500 Operation Manual Version 7.1 7.10 Limiting the Number of Connected Users The Wireless Enterprise wireless LAN system limits the number of wireless terminals connected to each AP. The limitation is per radio (2.4/5 GHz bandwidth) or WLAN for each AP.
  • Page 337 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI [Configures per Radio] In the menu bar of <WEC Main window>, select <Configuration> and then select the <Radio>  <802.11a/n> or <802.11b/g/n>  <General> menu in the sub-menus. Figure 169. Configuring connection limitation per radio After configuring MAX CLIENT COUNTS, click the <Apply>...
  • Page 338 WEC8050 / WEC8500 Operation Manual Version 7.1 7.10.2 Connection Limitation per WLAN Configuration using CLI To configure connection limitation per WLAN, execute the command as follows: 1) Go to configure  wlan configuration mode of CLI. APC# configure terminal APC/configure# wlan 1 APC/configure/wlan 1# 2) Disable the WLAN.
  • Page 339 WEC8050 / WEC8500 Operation Manual Version 7.1 After configuring MAXIMUM CONNECTIONS, click the <Apply> button. page 339 of 673 © Samsung Electronics America...
  • Page 340 WEC8050 / WEC8500 Operation Manual Version 7.1 7.11 Voice Statistics and Communication Failure Detection Because APC provides voice statistics and the WLAN-based communication failure detection function, you can easily know communication failure reason. 7.11.1 Voice Statistics Function It provides the number of successful voice communication and call time.
  • Page 341 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Monitor> and then select the <Access Points>  <Radio>  <802.11a/n> or <802.11b/g/n>  AP menu in the sub-menus. Figure 173. Voice statistics page 341 of 673 ©...
  • Page 342 WEC8050 / WEC8500 Operation Manual Version 7.1 7.11.2 Detecting WLAN-based Communication Failure You can configure whether to detect WLAN-based communication failure. Configuration using CLI 1) Go to the configure mode of the CLI. APC# configure terminal APC/configure# 2) Enable or disable communication failure detection.
  • Page 343 WEC8050 / WEC8500 Operation Manual Version 7.1 7.12 Voice Signal and Media Monitoring For voice call fault analysis, the APC provides VoIP wireless terminal, call information, event and RTP media voice quality statistics. 7.12.1 Checking Voice Related Wireless Information Configuration using CLI Execute the following command to check voice related fault analysis statistics.
  • Page 344 WEC8050 / WEC8500 Operation Manual Version 7.1 3) Check the information of a completed call. WEC8500# show voice complete-call summary CONN Start Time SSID MAC Address Tel-no IPv4 Address Port Rat MOS LQ/CQ/PQ Pkt Cnt ==== ==================== ==== ==== =============== === ==============...
  • Page 345 0 0.0 5 Min 0 0.0 0 0.0 15 Min 0 0.0 0 0.0 1 Hour 0 0.0 0 0.0 1 Day 0 0.0 0 0.0 WEC8500# show voice statistics wlan 1 page 345 of 673 © Samsung Electronics America...
  • Page 346 WEC8050 / WEC8500 Operation Manual Version 7.1 WLAN (A_toanyone_1) Voice Statistis ------ ------ ------- ------ ----- --- ------ ------ --- ------ ------ Type Total Success Failed Active UpstreamTime Downstream Calls Call Call Call MOS Jitter Delay MOS Jitter Delay ------ ------ ----- ------ ------ --- ------ ------ --- ------ ------ Total 2 0.0...
  • Page 347 WEC8050 / WEC8500 Operation Manual Version 7.1 Model Name OS Version Build Version ---- -------------------- -------------------- -------------------- SHV-E160S 4.0.4 VH29 SHV-E210S E210SKSUGND1 SHV-E300L 4.2.2 E300LKSANMH3 SHV-E330S E330SKSUBMK4 SHV-E250S E250SKSUENC3 SHV-E300S 4.2.2 E300SKSANMH3 SHV-E160S 4.1.2 E160SKSJMJ1 SHW-M250S 4.1.2 M250SKSJMJ1 SHW-M440S M440SKSUGNK2 SHV-E120S 4.1.2...
  • Page 348 WEC8050 / WEC8500 Operation Manual Version 7.1 2) Check the connection status of an active call. In the menu bar of <WEC Main window>, select <Monitor> and then select the <VoIP Call>  <Active Calls>menu in the sub-menus. Figure 176. Active Call Retrieval Screen 3) Check the information of a completed call.
  • Page 349 WEC8050 / WEC8500 Operation Manual Version 7.1 [Configures Device Type] 1) In the menu bar of <WEC Main window>, select <Statistics> and then select the <Network Quality> <Device Types> menu in the sub-menus. page 349 of 673 © Samsung Electronics America...
  • Page 350 WEC8050 / WEC8500 Operation Manual Version 7.1 2) Configure the Registration screen in the top left corner, and enter a model name and an OS version for the devices to monitor. page 350 of 673 © Samsung Electronics America...
  • Page 351 Execute the following command to check the voice related quality analysis (Voice Quality Monitoring) information. 1) Operator can check the voice quality analysis information of a wireless terminal that has an active call. WEC8500# show voice vqm current-stats brief ======================================================== [CONN-740 Start Time=2013/7/19.14:47:27, Duration=47 sec(s) Call-ID[f03c77b50564418855587192e12b889d <-> ca371fce-6e10-401a- 9a4e-dd53678804c6@ug1.scm.com] Session id :0...
  • Page 352 WEC8050 / WEC8500 Operation Manual Version 7.1 ssid [Ajay_2_2_4GAjay_2_2_4G] Direction [12] wlanId [22] startApId [22] endApId [22] Session id :1 SRC [I/F=ge4 Call-ID=035be38a40032eb8edb0b94e944d58d4 Phone-No=9910, IP=20.20.20.25:25407] DST [I/F=ge4 Call-ID=917a913e-83ae-497f-ad84-bf0ee80edf36@ug1.scm.com Phone-No=9960, IP=20.20.20.30:22458] RTP Flow Quality Metrics: [Flow-1] DIR==Forward Quality Ratings=Fair [MOS-LQ=3.73, MOS-CQ=3.65, MOS-PQ=3.72]...
  • Page 353 Upload Fail Count = 0 Requested Count = 1141 WEC8500# 4) Operator can check the alarm information that occurs during call. WEC8500# show voice vqm alarms brief ======================================================== VQM ActiveRfactor/ActivePktLoss/ActivePktDly/ActiveMos = 1/1/1/1 VQM QualityThresh/LossThresh/DelayThresh/MOSThresh = 50/50/195/35 ALARMS REPORTED : Src Call Id = f03c77b50564418855587192e12b889d Dst Call Id = ca371fce-6e10-401a-9a4e-dd53678804c6@ug1.scm.com Session = 0...
  • Page 354 WEC8050 / WEC8500 Operation Manual Version 7.1 7.13 Multicast Stream Admission Control The multicast stream admission control is provided to protect the currently running multicast streams from new streams that flow into the wireless LAN. When the maximum allowed usage of streams or channels per radio is reached, the APC does not allow any additional streams.
  • Page 355 WEC8050 / WEC8500 Operation Manual Version 7.1 4) Set the maximum allowed usage of channels.  max-chan-util [VALUE] Parameter Description VALUE Maximum allowed usage of channels 5) Configure the number of marginal streams with consideration for handover.  reserved-ho-streams [VALUE]...
  • Page 356 WEC8050 / WEC8500 Operation Manual Version 7.1 After configuring the items below in the Multicast Stream Admission Control, click the <Apply> button.  ADMISSION CONTROL: Configure the CAC function  METHOD: Select the method of admission control  MAX STREAMS: Maximum allowed number of streams (range: 1-20) ...
  • Page 357 WEC8050 / WEC8500 Operation Manual Version 7.1 7.14 Wi-Fi Band Steering This is a function of leading a UE which supports the Dual Band (2.4/5.0 GHz) to be connected to 2.4 GHz or 5.0 GHz to secure more stabilized performance if many resources are used in a specific radio.
  • Page 358 WEC8050 / WEC8500 Operation Manual Version 7.1 4) Add an entry to the dual band station database.  band-steering add-station [MAC] Parameter Description Station MAC Address WEC8500/configure/wlan 1# band-steering add-station 00:00:00:00:00:01 WLAN(1): add station(00:00:00:00:00:01), prefer a band(5-GHz) are set 5) Delete an entry from the dual band station database.
  • Page 359 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI WLAN > Advanced > BAND STEERING [Disable][2.4 GHz preferred][5 GHz preferred] Figure 179. Band Steering Function On/Off and Band Setting page 359 of 673 © Samsung Electronics America...
  • Page 360 WEC8050 / WEC8500 Operation Manual Version 7.1 7.15 Wi-Fi Load Balancing The load balancing function in the AP Controller is a function of load balancing by transferring the message that the connections to wireless stations among APs have been permitted or cannot be permitted based on the set threshold value and then controlling the number of stations connected to APs.
  • Page 361 WEC8050 / WEC8500 Operation Manual Version 7.1 WEC8500/configure/wlan 1# load-balancing threshold_station 100 Wi-Fi Load Balancing threshold: 100 stations 4) Configure the maximum denial count value.  load-balancing denial_count [VALUE] Parameter Description VALUE 1-10 (2 by default) WEC8500/configure/wlan 1# load-balancing denial_count 4...
  • Page 362 WEC8050 / WEC8500 Operation Manual Version 7.1 7.16 Station-based Adaptive Load Balancing Station-based Adaptive Load Balancing performs load balancing based on the number of stations and RSSI in an individual radio unit of the AP group. Configuring Basic Function and Setting Load Balancing Parameters of AP Group are available and the settings of the load balancing parameters in individual APs are available to apply a different value set only for a specific AP.
  • Page 363 WEC8050 / WEC8500 Operation Manual Version 7.1 6) To calibrate the RSSI value depending on types of stations, the calibration value must be set.  calibration mobile [NUMBER]  calibration pc [NUMBER]  calibration others [NUMBER] Parameter Description NUMBER RSSI calibration value (-dbm)
  • Page 364 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description NUMBER Interval for performing load balancing (sec) 5) Set the station threshold to perform the Load Balancing function.  threshold [NUMBER] Parameter Description NUMBER Station threshold as the standard for the performance of load balancing 6) Set the time of blocking the reconnection after the load of the station is now balanced.
  • Page 365 WEC8050 / WEC8500 Operation Manual Version 7.1 7.16.3 Setting AP Parameters Station-based Adaptive Load Balancing operates as the default value of the setting of the AP group but it is possible to set other parameter value to an individual AP. Because it operates in a radio unit, the parameters to change must be set to the individual radio of the corresponding AP must be set.
  • Page 366 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description NUMBER Reconnection limit time (0~100 sec.) 7) To lead the station which performs load balancing to connect to a specific AP, set the probe response limit time to other APs. ...
  • Page 367 WEC8050 / WEC8500 Operation Manual Version 7.1 CHAPTER 8. Security The Wireless Enterprise wireless LAN system supports security functions, required in a wire/wireless network environment, such as RADIUS server interoperation function, system user management, guest connection service, unauthorized AP/terminal detection and simple blocking function, firewall, access control (ACL), etc.
  • Page 368 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description IP_ADDRESS The IP address of a RADIUS server 3) Configure the key of a RADIUS server. WEC8500/configure/security/radius 1# secret [KEY_TYPE] [KEY_STRING] Parameter Description KEY_TYPE RADIUS server key input format - ASCII: ASCII character string...
  • Page 369 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description RETRY_INTERVAL Retransmission interval for a RADIUS message (unit: seconds, range: 1-60, default value: 2) RETRY_COUNT Maximum retransmission count of a RADIUS message (range: 1-20, default value: 10) FO_RETRY_COUNT Maximum retransmission count of a RADIUS message before...
  • Page 370 WEC8050 / WEC8500 Operation Manual Version 7.1 Item Description - Auth: Performs authentication - Acct: Performs accounting - Auth/Acct: Performs authentication and accounting IP ADDRESS IP address of the RADIUS server SHARED SECRET FORMAT Key input format for communications with the RADIUS server...
  • Page 371 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description PW_TYPE Password type (default value: mac) - mac: MAC address of the device. Note: it must be a string whose type must be the same as that of the MAC string which is used as a...
  • Page 372 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select <Security>  <AAA>  <RADIUS> menus in the sub-menus. After selecting a RADIUS server to configure, configure the MAC authentication item.
  • Page 373 RADIUS server. To use the internal RADIUS server, operator can add, delete, or edit a user (WEC8500: maximum 2048 users, WEC8050: maximum 512 users). Configuration using CLI To configure a local network user related function, enter into the ‘radiuscm’ of configure mode by executing the following command.
  • Page 374 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description - Korean is not allowed. - Special characters ‘, *, ?, \, ; cannot be used. department Division information - Character varying (1-63) - OPTIONAL - Korean is not allowed. - Special characters ‘, *, ?, \, ; cannot be used.
  • Page 375 WEC8050 / WEC8500 Operation Manual Version 7.1 [Importing User] To import the Local Net Users list file, execute the following command.  Import-local-userdb {filename} Parameter Description Filename File to import - CSV file format - Filename (1-512) [Exporting User] To export the Local Net Users list file, execute the following command.
  • Page 376 WEC8050 / WEC8500 Operation Manual Version 7.1 To add a user, click the <Add> button. 1) Enter an item according to each parameter description, and click the <Apply> button.  ID: ID of a user to add PASSWORD: User’s initial password ...
  • Page 377 WEC8050 / WEC8500 Operation Manual Version 7.1 Unauthorized AP/Terminal Detection and Blocking As the security function, the Wireless Enterprise wireless LAN device provides the detection service for an unauthorized AP using the Wireless Intrusion Detection System (WIDS)/WIPS function. This function detects any AP that is illegally installed without an administrator’s approval and also any wireless terminals connected to the AP.
  • Page 378 WEC8050 / WEC8500 Operation Manual Version 7.1 8.2.2 Detection The Wireless Enterprise wireless LAN system detects all the packets in a wireless LAN network, classifies unauthorized APs and wireless terminals, and creates related alarms and logs. The detected unauthorized APs are classified as follows according to the configured classification policy.
  • Page 379 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description SSID_NAME is classified as a friendly type unauthorized AP.) SSID_NAME SSID that is used when the SSID_TYPE is entered as user-configured-ssid 3) To check the configured information, use the ‘show wids device rule managed’...
  • Page 380 WEC8050 / WEC8500 Operation Manual Version 7.1 8.2.2.2 Configuring the unmanaged AP classification policy To configure the unmanaged type unauthorized AP classification policy, execute the command as follows: Configuration using CLI 1) Go to configure  wi  device configuration mode of CLI.
  • Page 381 WEC8050 / WEC8500 Operation Manual Version 7.1 3) To check the configured information, use the ‘show wids device rule unmanaged’ command. Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Wireless Intrusion>  <Policy>  <User Defined Rule> menu in the sub-menus. And then, select <Unmanaged>...
  • Page 382 WEC8050 / WEC8500 Operation Manual Version 7.1 8.2.2.3 Manual configuration (Move) A user can change the classification of an unauthorized AP that is detected by the WI or that is classified according to the rule configured by a user. Configuration using CLI 1) Go to configure ...
  • Page 383 WEC8050 / WEC8500 Operation Manual Version 7.1 1) In the AP list screen, go to the detail view screen by clicking a MAC address. Figure 188. List Window to Manually Change Classification 2) In the AP detail screen, change the classification and click Apply, then the configuration is changed.
  • Page 384 WEC8050 / WEC8500 Operation Manual Version 7.1 8.2.2.4 Manual configuration (Remove) A user can manually change the status of an unauthorized AP to ‘Removed’, that is detected by the WIDS or that is classified according to the rule configured by a user.
  • Page 385 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 190. List Window to Manually Remove page 385 of 673 © Samsung Electronics America...
  • Page 386 WEC8050 / WEC8500 Operation Manual Version 7.1 2) If you change the setting of REMOVE MANUALLY to ‘On’ in the AP detail screen and click Apply, the AP status is changed to ‘Removed’. Figure 191. Manual Remove Change Window in AP Detail Screen 8.2.2.5...
  • Page 387 WEC8050 / WEC8500 Operation Manual Version 7.1 The description of OPTION parameter is as follows: Parameter Description ap-blacklist-check Allocates Rogue ID = 101 by checking a rogue included in the black list. managed_ssid_invalid_security Allocates Rogue ID = 102 for an AP that uses a managed SSID and its managed client is in the association status.
  • Page 388 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 192. Configuration Window for Unauthorized AP Detection Option 8.2.2.6 Unauthorized client detection option Operator can enable or disable the client detection option pre-defined in the system. Configuration using CLI 1) Go to configure  wi  device  client configuration mode.
  • Page 389 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description threshold as an unauthorized client. auth-request-det Classifies a client that exceeds the authentication request threshold as an unauthorized client. deauth-request-det Classifies a client that exceeds the de-authentication request threshold as an unauthorized client.
  • Page 390 WEC8050 / WEC8500 Operation Manual Version 7.1 8.2.2.7 Unauthorized Channel Validation Configuration The unauthorized channel validation function helps an operator detect an AP that uses an unauthorized channel other than configured channels. The configuration procedure is as follows: Configuration using CLI 1) Go to configure ...
  • Page 391 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 194. Configuration Window for Channel Validation 8.2.2.8 Configuring and Searching Black/White List Operator can configure classification to distinguish authorized and unauthorized APs/stations. The administrator configurable lists include <AP black-list, Station black-list, Managed OUI, Managed/Neighbor AP>. The <Managed AP, Managed Station, Managed SSID>...
  • Page 392 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description First 3 bytes of station MAC address 5) Configure the Managed/Neighbor AP.  Managed [MAC] [TYPE] Parameter Description AP MAC address of Managed/Neighbor AP TYPE - Managed: Indicates that the address is located internally...
  • Page 393 WEC8050 / WEC8500 Operation Manual Version 7.1 2) In the [Managed AP] tab, operator can search for a Managed AP. Figure 196. Managed AP Window 3) In the [Station Blacklist] tab, operator can add a station blacklist by entering a MAC and click Add.
  • Page 394 WEC8050 / WEC8500 Operation Manual Version 7.1 4) In the [Managed Station] tab, operator can search Managed Station. Figure 198. Managed Station Search Window 5) In the [Managed OUI] tab, operator can add a Managed OUI by entering an OUI and click Add.
  • Page 395 WEC8050 / WEC8500 Operation Manual Version 7.1 6) In the [Managed SSID] tab, you can check the SSID that the WLAN is using. Figure 199. Managed SSID Window 7) If you click Add in the [Managed/Neighbor AP] tab, operator can go to the Managed/ Neighbor AP list addition screen and can add a Managed/Neighbor AP list.
  • Page 396 WEC8050 / WEC8500 Operation Manual Version 7.1  Managed/Neighbor AP list addition screen Figure 201. Managed/Neighbor AP List Addition Window 8.2.2.9 Station Allow Limit The WIDS counts the number of frames and number of authentication failures to distinguish a station that generates too many management frames in a network or that is continuously failed for authentication.
  • Page 397 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Wireless Intrusion>  <Station Allow Limit> menu in the sub-menus. And then, enter a threshold value and click Apply to configure the value in the screen.
  • Page 398 WEC8050 / WEC8500 Operation Manual Version 7.1 8.2.3 Enabling Blocking Function The setting of enabling the blocking function is as follows: Configuration using CLI 1) Go to the configure mode of the CLI. WEC8500# configure terminal 2) Enable the blocking function.
  • Page 399 WEC8050 / WEC8500 Operation Manual Version 7.1 8.2.4.1 Configuring Manual Blocking To configure manual blocking, execute the command as follows: Configuration using CLI 1) Go to configure  wids  containment configuration mode of CLI. WEC8500# configure terminal WEC8500/configure# wids...
  • Page 400 WEC8050 / WEC8500 Operation Manual Version 7.1 2) After selecting a station in the station list, possible to block by using the containment. Figure 205. List Window for Blocking Station 8.2.4.2 Configuring Automatic Blocking To configure automatic blocking, execute the command as follows: Configuration using CLI 1) Go to configure ...
  • Page 401 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description unmanaged-ap-uses-managed- If the honeypot is detected, it is automatically blocked. ssid unmanaged-ap If the unmanaged AP is detected, it is automatically blocked. 3) To check the configuration of automatic blocking, it is possible to use the following command: ...
  • Page 402 WEC8050 / WEC8500 Operation Manual Version 7.1 Captive Portal The Wireless Enterprise WLAN system provides the Captive Portal function. A Web Certified user can receive a normal service after connected to a specific WLAN (SSID) and going through user authentication.
  • Page 403 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select <Security>  <AAA>  <Local Net Users>  <Web Authentication Users> menus in the sub-menus. Figure 207. Web Certification User Configuration Window The operator can check and delete a Web Certification User created in the <Web...
  • Page 404 WEC8500/configure# fqm-mode 2) Configure an access list. WEC8500/configure/fqm-mode# WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 1 udp any eq * any eq 53 os-aware * WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 2 tcp 192.168.20.10 255.255.255.255 eq 80 any eq * os-aware * WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 3 tcp any eq * 192.168.20.10 255.255.255.255 eq 80 os-aware *...
  • Page 405 WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 209. Access List Addition Window Figure 210. Access List Entry Addition Window page 405 of 673 © Samsung Electronics America...
  • Page 406 WEC8050 / WEC8500 Operation Manual Version 7.1 8.3.3 Configuring Web Authentication To provide the web authentication service, the security L3 item of the WLAN and the web authentication of the captive portal must be configured. Configuration using CLI [WLAN Configuration] To configure web authentication in the WLAN, execute the command as follows: 1) Go to configure ...
  • Page 407  after-auth-redirect-url [URL] Parameter Description Redirect URL if after auth type is redirect 10) The configuration can be checked using the ‘show wlan security detail’ command. WEC8500# show wlan security detail 1 page 407 of 673 © Samsung Electronics America...
  • Page 408 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs> menu in the sub-menus. Select a WLAN ID in the WLANs screen and go to <L3>...
  • Page 409 WEC8050 / WEC8500 Operation Manual Version 7.1 8.3.4 Configuring Web Authentication on MAC Authentication Failure To provide the service of Web Authentication on MAC Authentication Failure, the MAC Authentication of security L2 of the WLAN must be enabled and the web policy of L3 and the web authentication of the captive portal must be configured.
  • Page 410 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs> menu in the sub-menus. In the WLANs screen, select WLAN ID and go to the <L2> of the <Security> tab.Enable <MAC AUTHENTICATION>.
  • Page 411 WEC8050 / WEC8500 Operation Manual Version 7.1 8.3.5 Configuring Web Pass-through The APC provides the web pass-through function to move to a specific address all the time when the user uses the web. Configuration using CLI [WLAN Configuration] To configure web pass-through in the WLAN, execute the command as follows: 1) Go to configure ...
  • Page 412 WEC8050 / WEC8500 Operation Manual Version 7.1 6) The configuration can be checked using the ‘show wlan security detail’ command. WEC8500# show wlan security detail 1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs>...
  • Page 413 WEC8050 / WEC8500 Operation Manual Version 7.1 8.3.6 Configuring One Time Redirection To provide the One Time Redirection service, the security L3 of the WLAN must be configured. Configuration using CLI [WLAN Configuration] To configure one time redirection in the WLAN, execute the command as follows: 1) Go to configure ...
  • Page 414 WEC8050 / WEC8500 Operation Manual Version 7.1 6) To check the configuration, use the ‘show wlan security detail’ command. WEC8500# show wlan security detail 1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <WLANs>...
  • Page 415 WEC8050 / WEC8500 Operation Manual Version 7.1 8.3.7 Redirection Address Format The Captive Portal attempts at first redirection for the request of the web service of the station. The redirection address transmitted by the station in the APC to perform redirection is...
  • Page 416 WEC8050 / WEC8500 Operation Manual Version 7.1 WEB PAGE TYPE Description Customized Editing internal web pages Logo, Header, Body, Footer, etc. can be edited on internal web pages. After enabling the GUEST SELF REGISTRATION option in Customized, the user only needs to enter the name, email, etc. to access the Internet service.
  • Page 417 1) Go to the configure mode of the CLI. WEC8500# configure terminal 2) Create an access-list. WEC8500/configure# access-list fw fw4 deny tcp any any eq 23 3) Configure a firewall to the interface using an access-list. WEC8500/configure# interface vlan1.10 WEC8500/configure/interface vlan1.10# ip access-group fw forward fw4 WEC8500/configure/interface vlan1.10# exit...
  • Page 418 WEC8050 / WEC8500 Operation Manual Version 7.1 In the menu bar of <WEC Main window>, select <Configuration> and then select the <Security>  <Firewall>  <Interface> menu in the sub-menus. You can configure an interface for which a firewall will be applied by clicking the <Add>...
  • Page 419 4) Configure a NAT to the interface. WEC8500/configure# interface vlan1.30 WEC8500/configure/interface vlan1.30# ip nat inside WEC8500/configure/interface vlan1.30#exit 5) Add the NAT rule by using access-list and pool. WEC8500/configure# ip nat outside source list fw1 pool pool1 page 419 of 673 © Samsung Electronics America...
  • Page 420 3) Configure a NAT to the interface. WEC8500/configure# interface vlan1.30 WEC8500/configure/interface vlan1.30#ip nat outside WEC8500/configure/interface vlan1.30#exit 4) Add the NAT rule by using access-list and pool. WEC8500/configure# ip nat outside destination list fw6 pool pool2 page 420 of 673 © Samsung Electronics America...
  • Page 421 WEC8500/configure/interface vlan1.30#ip nat outside WEC8500/configure/interface vlan1.30#exit 3) Configure a NAT rule using a static IP (A port can be also specified for DNAT). WEC8500/configure# ip nat outside destination static tcp 10.10.10.1 4300 30.30.30.2 23 [Checking NAT Configuration] To check the created NAT, use the following command.
  • Page 422 WEC8050 / WEC8500 Operation Manual Version 7.1 2) Click the <Add> button in the Translation Rule window and configure the Translation Rule. Select NAT TYPE as either SNAT or DANT. Select STATIC checkbox to configure Static and configure the values of Original IP Addr: Port and Translated IP Addr: Port.
  • Page 423 WEC8050 / WEC8500 Operation Manual Version 7.1 MAC Filter The Wireless Enterprise wireless LAN system provides the MAC filter function. A user may experience connection restriction due to MAC filtering when connecting to a specific WLAN (SSID). Configuration using CLI...
  • Page 424 WEC8050 / WEC8500 Operation Manual Version 7.1 WEC8500/configure/wlan 1/security# mac-filter <MAC_FILTER_ID> page 424 of 673 © Samsung Electronics America...
  • Page 425 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description MAC_FILTER_ID MAC FILTER ID (range: 1-20) 6) You can check the configured information below. show security mac-filter summary WEC8500# show security mac-filter detail Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <Security>...
  • Page 426 WEC8050 / WEC8500 Operation Manual Version 7.1 2) Configure the policy in the Edit configuration screen by selecting the index of MAC filter list. Figure 223. MAC entry configuration(2) 3) Select a WLAN for which the MAC filter will be applied. Check a MAC FILTER ID to apply in the Security >...
  • Page 427 WEC8050 / WEC8500 Operation Manual Version 7.1 Operator Authentication through Interoperation with TACACS+ Server A Wireless Enterprise wireless LAN system provides an operator authentication function by interoperating with an external TACACS+ server. 8.6.1 Configuring External TACACS+ Server A Wireless Enterprise wireless LAN system provides an operator authentication function by interoperating with an external TACACS+ server and the procedure detailed below is carried out for interoperation with a TACACS+ server.
  • Page 428 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description PORT_NUMBER Port number of the TACACS+ server (range: 1-65,535, default value: 49) 5) Configure the items related to retransmissions in TACACS+ communications. You can use default values without changing configuration. WEC8500/configure/security/tacacs 1# retransmit-interval...
  • Page 429 WEC8050 / WEC8500 Operation Manual Version 7.1 9) You can view configuration information by using the ‘show security tacacs server config’ and ‘show security tacacs server detail [SERVER ID]’ commands. Configuration using Web UI In the menu bar of <WEC Main Window>, select <Configuration>, and then select <Security>...
  • Page 430 WEC8050 / WEC8500 Operation Manual Version 7.1 8.6.2 Configuring Authentication Type of Operator Account The steps for configuring the authentication type of the operator account are as follows: Configuration using CLI 1) Go to the configure mode of the CLI.
  • Page 431 WEC8050 / WEC8500 Operation Manual Version 7.1 Role Based Access Control The Wireless Enterprise WLAN system can manage the user's access authority depending on a designated role. It can designate ACL, limit the bandwidth, designate the interface, or manage redirecting URL, etc.
  • Page 432 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI Configuration > Security > Role Based Access Control > Role Profile Example: Figure 227. Role Profile Configuration Figure 228. Role Profile Add Configuration 8.7.2 Configuring Derivation Profile The Wireless Enterprise WLAN system can edit conditions to allocate roles and manage by profile.
  • Page 433: Figure 230. Derivation Profile Configuration

    12 user start-with derivation role role_2 condition priority 13 user contain vation role role_3 condition priority 14 user end-with User role role_4 condition priority 15 user not-equal samsung role role_5 Configuration using Web UI Configuration > Security > Role Based Access Control > Derivation Profile Example: Figure 229.
  • Page 434: Figure 232. Derivation Profile Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 231. Derivation Profile Configuration Figure 232. Derivation Profile Add Configuration 8.7.2.2 WLAN Configuration The method for configuring a derivation profile in the WLAN is as follows: Configuration using CLI Example: WEC8500# configure terminal...
  • Page 435: Figure 234. Wlan Derivation Profile Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 CaptivePotal Global Open Radius CaptivePotal Configuration using Web UI Configuration > WLANs > Security > Radius Example: Figure 233. Wlan Derivation Profile Configuration page 435 of 673 © Samsung Electronics America...
  • Page 436: Figure 235. Wlan Derivation Profile Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration > WLANs > Security > L3 Example: Figure 234. Wlan Derivation Profile Configuration 8.7.3 Configuring ACL Profile The Wireless Enterprise WLAN system can manage ACL to apply to a user if the AP of the remote group operates as local bridge.
  • Page 437: Figure 236. Acl Profile Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 8.7.3.1 Configuring Profile The basic settings of the ACL profile are as follows: Configuration using CLI Example: WEC8500# configure terminal WEC8500/configure# rbac WEC8500/configure/rbac# acl-profile aclPro_1 WEC8500/configure/rbac/acl-profile aclPro_1# add-acl acl1 WEC8500/configure/rbac/acl-profile aclPro_1# add-acl acl2...
  • Page 438: Figure 237. Acl Profile Add Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 Figure 236. Acl Profile Add Configuration Figure 237. Acl Profile Edit Configuration 8.7.3.2 Remote Ap Group Configuration The method for configuring the ACL profile to the remote AP group is as follows: Configuration using CLI...
  • Page 439: Figure 239. Remote Ap Group-Alc Profile Configuration

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI Configuration > AP Groups > Remote AP Group > ACL Profile Change the configuration of the ACL PROFILE NAME and then press Apply. After that, press Send To APs to transmit the ACL profile and the relevant settings to APs.
  • Page 440 WEC8050 / WEC8500 Operation Manual Version 7.1 8.7.4 Configuration Synchronization (Remote AP Group) The Wireless Enterprise WLAN system provides a function of synchronizing the configuration of the AP of the remote group and ACL if the AP of the remote group operates as a local bridge.
  • Page 441: Figure 240. Acl Configuration Synchronization - All

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI Configuration > Security > Role Based Access Control > ACL Profile  ‘Send To APs’ Figure 239. ACL Configuration Synchronization - All Configuration > AP Groups > Remote AP Group > ACL Profile ...
  • Page 442: Figure 242. Acl Configuration Synchronization - Remote Ap

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration > Access Points > Remote AP  ‘Send To APs’ Figure 241. ACL Configuration Synchronization - Remote AP page 442 of 673 © Samsung Electronics America...
  • Page 443 WEC8050 / WEC8500 Operation Manual Version 7.1 External BYOD Server The Wireless Enterprise WLAN system provides a function of interoperating with the external BYOD server. To use the BYOD function, a separate BYOD server is necessary. Employees and guest users can receive a service after being connected to a specific WLAN (SSID) and going through authentication.
  • Page 444: Figure 243. External Byod Server Configuration Window

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select <Security>  <AAA>  <External BYOD Server> in the sub-menus. Figure 242. External BYOD Server Configuration Window 1) Service Enable the function of interoperating with the external BYOD server.
  • Page 445 WEC8500# configure terminal WEC8500/configure# fqm-mode WEC8500/configure/fqm-mode # access-list ip preauth permit seq 1 udp any eq * any eq 53 os-aware * WEC8500/configure/fqm-mode # access-list ip preauth permit seq 2 tcp 192.168.20.10 255.255.255.255 eq 80 any eq * os-aware * WEC8500/configure/fqm-mode # access-list ip preauth permit seq 3 tcp any eq * 192.168.20.10 255.255.255.255 eq 80 os-aware *...
  • Page 446 WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI 1) Configuring PreAuthentication ACL PRE-AUTH ACL must have the basic permit rules for the HTTP port to DNS and web servers. 2) Configuring WLAN To use the Captive Portal function, enable a web policy in Security of WLAN > L3 tab and select Web Authentication.
  • Page 447 WEC8050 / WEC8500 Operation Manual Version 7.1 CHAPTER 9. IP Application In this chapter, the IP application functions available in the APC and each configuration method are described. DNS is a network service that interprets a domain or host name into an IP address.
  • Page 448: Figure 244. Dns Client

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <DNS> menu in the sub-menus. Figure 243. DNS client You can enable or disable a DNS client using the QUERY of a DNS SERVER item.
  • Page 449: Figure 245. Dns Proxy

    WEC8050 / WEC8500 Operation Manual Version 7.1 Configuration using Web UI In the menu bar of <WEC Main window>, select <Configuration> and then select the <DNS> menu in the sub-menus. Figure 244. DNS proxy The DNS Relay item supports DNS Proxy configuration. In the SERVICE, you can enable or disable a DNS proxy and configure the cache size of the DNS proxy in the CACHING SIZE.
  • Page 450 WEC8050 / WEC8500 Operation Manual Version 7.1 The Network Time Protocol (NTP) is a protocol used to receive time from a configured server and synchronize the local time. The APC can operate as a NTP server and a client. If you configure the APC as a NTP client, it receives the Coordinated Universal Time (UTC) information from the configured NTP server and synchronizes the local time.
  • Page 451 WEC8050 / WEC8500 Operation Manual Version 7.1 Parameter Description INDEX Server index (range: 1-5) Configure the version of a server that a NTP client will refer to. (Use a default value 1 if it is not configured.)  ntp client server-addr hostname <WORD> version [1-4]: Enable ...