3Com 3CRWX120695A Reference Manual
  1. Manuals
  2. Brands
  3. 3Com Manuals
  4. Switch
  5. 3CRWX120695A
  6. Reference manual
3Com 3CRWX120695A Reference Manual

3Com 3CRWX120695A Reference Manual

Wireless lan mobility system wireless lan switch manager
Hide thumbs Also See for 3CRWX120695A:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, User Manual
Wireless LAN Mobility System
Wireless LAN Switch Manager
Reference Manual
3CRWX120695A, 3CRWX440095A
http://www.3com.com/
Part No. 730-9502-0077, Revision B
Published November 2004

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 3CRWX120695A and is the answer not in the manual?

Questions and answers

Related Manuals for 3Com 3CRWX120695A

Summary of Contents for 3Com 3CRWX120695A

  • Page 1 Wireless LAN Mobility System Wireless LAN Switch Manager Reference Manual 3CRWX120695A, 3CRWX440095A http://www.3com.com/ Part No. 730-9502-0077, Revision B Published November 2004...
  • Page 2 Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.

  • Page 3: Table Of Contents

    Conventions Documentation Documentation Comments 3WXM NSTALLING Hardware Requirements Hardware Requirements for 3WXM Client Hardware Requirements for 3WXM Monitoring Service Software Requirements Preparing for Installation User Privileges Serial Number and License Key HP OpenView Network Node Manager Installation Task Overview Unpacking Files...
  • Page 4 Information Panel Configuration Wizards Reports Copying and Pasting Objects Copy and Paste Copy and Paste Replace Enabling Keyboard Shortcut Mnemonics (Windows XP Only) ETTING TARTED Starting 3WXM Restricting Access to 3WXM Creating an Administrator Account Creating Provision or Monitor Accounts...
  • Page 5 Defining a Coverage Area Adding a Third-Party Access Point Computing MAP Placement Computing and Placing MAP Access Points for a Coverage Area Adding New MAPs that Are Already Installed to the Network Plan Computing Optimal Power Assigning MAP Channels Verifying the Wireless Network...
  • Page 6 Adding a WX Switch to the Network Plan To create a new WX switch based on Domain Policies To create a new WX switch based on a configured switch To add a switch by uploading its basic configuration from the...
  • Page 7 Configuring a Radio Profile To create a radio profile To change 802.11 attributes To configure RF Auto-Tuning To map the radio profile to a service profile Configuring Directly Connected MAP Access Points To configure a directly connected MAP To modify MAP attributes...
  • Page 8 Connecting to RADIUS Servers and Server Groups Defining RADIUS Default Values Defining RADIUS Servers Defining RADIUS Server Groups Creating and Managing Users in the Local User Database Creating Named Users Creating Named User Groups Creating MAC Address Users Creating MAC Address User Groups...
  • Page 9 Modifying Configuration Change Polling Options Deploying WX switches from a Network Plan to the Network To deploy network plan changes to the network To deploy WX switches from a network plan to the network Distributing Image and Configuration Files Using the Image Repository...
  • Page 10 Using the Explore Window Toolbar Options Threshold Flags Displaying Object Details Displaying 802.11 Coverage Taking RF Measurements Using the Status Summary Window Using the Client Monitor Window Toolbar Options Refreshing Client Data Displaying Client Activity Information Displaying Client Session Information Managing the Client Watch List Displaying a Client’s Geographical Location...
  • Page 11 Displaying Rogue Details Displaying a Rogue’s Geographical Location Ignoring Friendly Third-Party Devices To add a device to the known addresses list To display the known address list To remove an address from the known address list Converting a Rogue into a Third Party AP...
  • Page 12 ULES HANGING ONITORING ERVICE REFERENCES Overview Starting or Stopping the Monitoring Service Enabling 3WXM Client To Access the Monitoring Service Certificate Check Completing the connection Changing Service Settings Selecting WX Switches to Monitor Changing WX Connection Settings Changing Monitoring Settings...
  • Page 13 Accessing the Monitoring Service Log Backing Up the Database Restoring the Database BTAINING UPPORT FOR YOUR RODUCT Register Your Product Purchase Value-Added Services Troubleshoot Online Access Software Downloads Telephone Technical Support and Repair Contact Us NDEX...

  • Page 15: Bout His Uide

    Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site: http://www.3com.com/ Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1 Notice Icons Icon Notice Type Description...

  • Page 16: Documentation

    Enclose mandatory parameters in command syntax. | (vertical bar) Separates mutually exclusive options in command syntax. Keyboard key names If you must press two or more keys simultaneously, the key names are linked with a plus sign (+). Example: Press Ctrl+Alt+Del...

  • Page 17: Documentation Comments

    Part number 730-9502-0071, Revision B Page 25 Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.
  • Page 18 BOUT UIDE...

  • Page 19: Nstalling 3Wxm

    This chapter describes how to install 3Com Wireless LAN Switch Manager (3WXM). Hardware 3WXM can be utilized with a client/server deployment or both client and Requirements monitoring services can be run on the same machine. The monitoring service is used for collecting historical data and for managing the network.

  • Page 20: Hardware Requirements For 3Wxm Monitoring Service

    Table 5 contains general recommended guidelines for hardware requirements and memory allocation based on the number of radios and WX switches your server will support. A larger number of WX switches implies more connections and data processing, and consequently, more CPU is required.

  • Page 21: Preparing For Installation

    HP OpenView is already installed. User Privileges Before you install 3WXM, make sure that you are logged in as a user who has permission to install software, or as an administrator. After you install 3WXM, you can configure 3WXM access privileges for the user accounts on the machine.

  • Page 22: Hp Openview Network Node Manager

    Unpacking Files To unpack files on your Windows system, follow these steps. 1 Insert the 3WXM CD in the CD-ROM drive. If Autorun is enabled, wait briefly for the install program to start. For more information about using the installation wizard, see “Using the Installation Wizard” on page 23.

  • Page 23: Using The Installation Wizard

    Network Node Manager with 3Com products, click the 3WXM HP OpenView Plug-in icon. If you do not choose this option now, and later you want to use HP OpenView Network Node Manager with 3Com products, you must reinstall 3WXM from the installation CD and choose this option.
  • Page 24 NSTALLING 3 After reading the 3WXM license agreement, select whether to accept the terms of the agreement. (If you choose not to accept the terms of the license agreement, you cannot proceed with the installation.) 4 Click Next. The Choose Install Folder page appears.
  • Page 25 Using the Installation Wizard 5 Type the name of the directory in which to install 3WXM, or accept the default. The default installation directory is C:\Program Files\3Com\Wireless Switch Manager. You can also type a directory name in the box, or select a directory by clicking Choose and browsing the filesystem.
  • Page 26 1: I 3WXM HAPTER NSTALLING 9 To install the 3WXM monitoring service on this machine in addition to 3WXM, leave Install 3WXM Services selected. Otherwise, click to deselect the option. The monitoring service is not required to configure and manage WX switches.
  • Page 27 The installer installs the 3WXM client application (3WXM). The monitoring service also is installed, if you left this option selected. When installation is complete, you see a page similar to the following, which reports that the installation was successful and identifies the...

  • Page 28: Installing The Hp Openview Plug-In

    Installing the HP To install the HP OpenView plug-in: OpenView Plug-In 1 Complete step 10 of the procedure in “Using the Installation Wizard” on page 23. 2 In the Choose Network Plan Folder page, click Next. The Choose HP Network Node Manager Folder page appears.
  • Page 29 Installing the HP OpenView Plug-In 3 To specify the directory in which HP OpenView Network Node Manager is installed, click Choose. Network Node Manager must be already be installed on the system. You must specify the correct directory for Network Node Manager for the HP OpenView plug-in to be installed correctly.

  • Page 30: Installation Log File

    3WXM HAPTER NSTALLING 5 If you already have a network plan, type the name of the network plan to be opened by 3WXM when used in conjunction with HP OpenView Network Node Manager. 6 Click Next to display the Pre-Installation Summary page.

  • Page 31: Upgrading 3Wxm

    Before you upgrade, 3Com recommends that you make a backup of the xml directory in the 3WXM installation directory. As a best practice, back up the xml directory on a regular basis to ensure that you have copies of your network plans.
  • Page 32 Your license(s) to use this software are registered against this serial number. If you delete the serial number, the software will generate a new serial number if it is ever reinstalled. You will then require new licenses to register against the new serial number. If you delete the serial number, the license information will also be deleted.
  • Page 33 Uninstalling 3WXM...
  • Page 34 1: I 3WXM HAPTER NSTALLING...

  • Page 35: Working With The 3Wxm User Interface

    This chapter describes how to use the 3Com Wireless LAN Switch Manager (3WXM) interface. Overview A network plan is the workspace in 3WXM you use to design a 3Com network. In a network plan, you define components of the network (WX switches, MAP access points, and optionally third-party access points).
  • Page 36 The main 3WXM window contains the following panels. (See Figure 1 on page 36.) Organizer panel — Provides a tree-like display of objects and quick access to them. The Organizer panel is located on the left side of the main window.

  • Page 37: Toolbar Options In Main 3Wxm Window

    Toolbar Options in Table 6 lists the options available from the toolbar at the top of the main Main 3WXM 3WXM window. Click on a toolbar category to display a menu of options Window for that category.
  • Page 38 Delete a network plan. (Delete Network Plan) (Save) Save a network plan. (Save As) Save a copy of a network plan under a new name. (Save As Version) Save a copy of a network plan with a version string. (Import) Import a WX configuration file.
  • Page 39 Monitor tabs are open, the tab with the bold highlighting of the tab title is the tab that changes when you select a different object. The tab title of the second Monitor tab is not bold. Display a list of managed WX switches.
  • Page 40 Monitor (Service Selection) Connect to the 3WXM monitoring service. (Performance) Display Ethernet or radio statistics. Reports (Inventory Report) Generate an inventory report of 3Com equipment.
  • Page 41 Generate a report of detailed information for a client on the watch list. (For more (Watch List Client) information about the client watch list, see “Managing the Client Watch List” on page 440.)
  • Page 42 Open a Web connection to a selected device. Window (Close All) Close all tabs or windows that are open in the Content panel. This menu also has an additional option for each tab open in the Content panel. Selecting one of these options places the selected tab in the foreground, but does not close other tabs or windows.

  • Page 43: Organizer Panel

    Memory usage Java garbage collection (Force GC) Organizer Panel The Organizer panel provides a tree-like view of the 3Com equipment and site data managed by 3WXM. The Organizer panel contains the following sections: Mobility Domains — Roaming domains of 3Com switches and MAP access points within which network clients can roam.

  • Page 44: Details Checkbox

    For example, to display the buildings in a site, click on the plus sign next to the site name. To display the floors in the building, click next to the building name, and so on.

  • Page 45: Displaying Object Details

    However, regardless of whether Details is enabled, you can drill down to display details at the individual radio level if needed. Displaying Object To display details for an object in the Organizer panel, select the object. Details Details about the object appear in the Information panel, located at the bottom right of the main 3WXM window.

  • Page 46: Mobility Domain Objects

    3Com equipment. At the top level of the hierarchy, the information is organized into Mobility Domains. A Mobility Domain is a system of WX switches and MAP access points working together to support roaming wireless users (clients). A Mobility Domain allows users to seamlessly roam from one WX switch to another within the network.
  • Page 47 Mobility Domain by 3WXM as part of network planning. You also can add a switch running in the live network by uploading it into 3WXM, or you can create a new switch with the WX Switch wizard (see “Accessing the Modify Switch Wizard” on page 185).
  • Page 48 Service Set Identifier (SSID) names and the network access rules and service profiles associated with each SSID. Radio Profiles Sets of radio parameters that can be applied to multiple radios, including the beacon interval, RF Auto-Tuning settings, and service profiles. (Service profiles associate SSIDs with the radios.)
  • Page 49 IP routes to the default gateway Domain Name Service (DNS) settings Network Time Protocol (NTP) settings Address Resolution Protocol (ARP) settings Table 8 lists the WX switch objects. These objects control configuration parameters for an individual WX switch. Table 8 WX Switch Objects Object...

  • Page 50: Site Objects

    Site Objects The Sites section of the Organizer panel contains objects for the buildings where you want to deploy 3Com equipment. A site can contain one or more buildings and each building can contain one or more floors. Each floor contains objects for wiring closets, coverage areas, MAP access points, and third-party access points.

  • Page 51: Third-Party Aps

    Alerts Panel The Alerts panel provides brief configuration and rogue detection status. You can click on a statistic in the Alerts section to open a tab in the Content panel with more details. When the Alerts panel is minimized, a flag on the panel’s title appears to alert you when a new warning or error condition occurs.
  • Page 52 NTERFACE To navigate to more information and correct the warning or error, click on the arrow to expand the panel, then click on the statistic to open the corresponding tab in the Content panel. Table 11 lists the types of alerts displayed in the Alerts panel.

  • Page 53: Content Panel

    Verification Events Rogue Detection Clicking on a statistic in the Alerts panel also opens one of these tabs. (The following sections provide more information.) To close a tab, right-click on the tab title and select Close Selected Tab, or select the View toolbar option in the main 3WXM window, then select the tab name.
  • Page 54 You can distinguish between the two Monitor tabs by looking at the tab titles. The title shown in bold text is the tab that changes when you select a different object. The other tab’s title is not bold, and that tab remains focused on the same object until you close the tab, regardless of the objects you select in the Organizer panel.
  • Page 55 MAP, or radio on the floor. Floor views are available only if you add the floor to the site information in the network plan. Here is an example of the view when a Mobility Domain is selected.
  • Page 56 Explore window. Additional information is displayed for each equipment type. You can double-click on a row in the Status Summary window to display more information about the object in the Explore window: Double-click on a row in the Wireless Switches tab to display the switch and its MAP access points.
  • Page 57 Client Sessions — lists bandwidth, signal-to-noise-ratio (SNR), and received signal strength indicator (RSSI) information for client sessions Client Watch List — lists the clients 3WXM is tracking. You can set up a watch list of clients you want 3WXM to track. 3WXM collects...

  • Page 58: Managed Devices Tab

    RF Environment — lists 802.11 statistics for the radio Monitor Tab — RF Trends Window The RF trends window shows current and historical 802.11 statistics and shows graphs of the data. You can graph absolute values or deltas from previous values. Managed Devices Tab...

  • Page 59: Verification Tab

    Content Panel Verification Tab The Verification tab enables you to troubleshoot configuration issues on WX switches in the network plan or in the live network. Warning or error messages are displayed to indicate issues. Warning and error messages Resolutions Error/Warning Details You can fix configuration errors and verify the results.

  • Page 60: Events Tab

    Events Tab The Events tab displays log messages for 3WXM, the monitoring service, and for WX switches. To display the Events tab, select View > Events from the main 3WXM toolbar. Rogue Detection Tab The Rogue Detection tab lists information about third-party wireless devices detected in the Mobility Domain.
  • Page 61 Content Panel You can display data about rogues that are currently in operation as well as currently inactive rogues that were detected in the past. You can even display the estimated physical location of a rogue.

  • Page 62: Information Panel

    ORKING WITH THE NTERFACE Information Panel The Information panel displays details about the object selected in the Organizer panel. For example, if a WX switch is selected, details about the switch are displayed. Information panel Configuration 3WXM provides configuration wizards for configuring site information Wizards and 3Com equipment.
  • Page 63 CAUTION: None of the information you enter in a wizard is saved until you click Finish. If you want to stop working in a wizard and return to finish later, click Finish to save your work before closing the wizard.
  • Page 64 3WXM U HAPTER ORKING WITH THE NTERFACE Clicking the New RADIUS Server button opens the Create RADIUS Server wizard. The Modify RADIUS Server wizard remains open in the background. After you enter information in the Create RADIUS Server wizard and click...
  • Page 65 Configuration Wizards Finish, the Modify RADIUS Server returns to the foreground. The new server added with the Create RADIUS Server wizard appears in the server list. Most of the configuration wizards in 3WXM are similar to the Modify RADIUS Server wizard. Two of the wizards are more complex: Building wizard —...

  • Page 66: Reports

    Rogue Details Rogue Summary Work order When you generate a report, you can specify the scope of the report and the location where 3WXM saves the report. Some reports also have additional options. 3WXM saves the reports in HTML format.

  • Page 67: Copying And Pasting Objects

    Use the copy and paste replace options to replace an object with a copy of another instance of the same type of object. You can copy and paste objects selected in the Organizer panel or in the Building wizard. When pasting or replacing an object, the wizard for the new object is...

  • Page 68: Copy And Paste

    NTERFACE successfully create the object, you must change its unique attributes (for example, WX name). If the object is a parent of other objects, all the child objects are also created or replaced (depending on the paste action). After an object is copied into the buffer, the object can be pasted or replaced as many times as required.

  • Page 69: Enabling Keyboard Shortcut Mnemonics (Windows Xp Only)

    4 Edit the switch name and other parameters as needed. (For example, you will need to modify the switch name as well as its IP interfaces and system IP address.) Then click Finish to close the wizard and complete the copy.
  • Page 70 HAPTER ORKING WITH THE NTERFACE 3 Click Effects. 4 Clear the box labeled Hide underlined letters for keyboard navigation until I press the Alt key. Clearing this option allows programs to show the underlined character for mnemonics in 3WXM. 5 Click OK.

  • Page 71: Getting Started

    Starting 3WXM The following steps describe how to start 3WXM. 1 To start 3WXM, select Start > Programs > 3Com > 3WXM > 3WXM, or double-click the 3WXM icon on the desktop. If you are starting 3WXM for the first time, or you have not entered license information previously, the License wizard appears.
  • Page 72 4 Copy the activation key from the web page and paste it into the Activation Key box of the Activation Key page. 5 If you plan to manage 10 or fewer wireless LAN switches, click Finish. Go to step 10.
  • Page 73 Starting 3WXM 6 Type the upgrade license key in the License Key box and click Next. The Activation Key page appears. 7 Click Get Activation Key. A 3Com web page appears. Register your upgrade license in order to obtain its activation key.
  • Page 74 HAPTER ETTING TARTED 8 Copy the activation key for the upgrade license from the web page and paste it into the Activation Key box of the Activation Key page. 9 Click Finish. 10 After you enter the license information, the 3WXM main window and the Options dialog box appear.

  • Page 75: Restricting Access To 3Wxm

    Restricting Access to 3WXM If you have already saved network plans, you can open one of the last seven saved network plans. Select the network plan you want to open, and click Next. Click Finish to display the network plan information in the 3WXM window.
  • Page 76 3 Type a new password for the administrator (1 to 80 alphanumeric characters, with no spaces or tabs). The password is case-sensitive. 4 Type the administrator password again for verification. 5 Click OK. 6 In the Access Control dialog box, click Finish to save the changes.

  • Page 77: Creating Provision Or Monitor Accounts

    Monitor Accounts 1 Select Tools > Access Control. The Access Control dialog box appears. 2 To add a provision user account, click Add Provision Account. To add a monitor account, click Add Monitor Account. The Add Account dialog box appears.

  • Page 78: Creating And Managing Network Plans

    3 To save changes and close the Access Control dialog box, click Finish. Creating and A network plan is the workspace in 3WXM you use to design a 3Com Managing Network network. In a network plan, you define components of the network (WX Plans switches, MAP access points, and optionally third-party access points).
  • Page 79 1 From the main 3WXM window, select File > New. The Options wizard appears. 2 In the Network Plan Name box, type a name for the network plan. You can use 1 to 60 alphanumeric characters, with no spaces, tabs, or any of the following: slash (/), backslash (\), quotation marks (“...

  • Page 80: Managing Network Plans

    3WXM saves your work only when you click Finish, not when you click Next. Managing Network After creating a network plan, you can save, close, open, or delete it. You Plans can also share a network plan with others. Saving a Network Plan...
  • Page 81 1 In the main 3WXM window, select File > Save. 2 Click Finish. You can also save a network plan with a new name, enable the autosave option so that a network plan is saved at specified intervals, and save a...
  • Page 82 ETTING TARTED Saving a Network Plan with a New Name You can save a network plan with a new name by using the Save As feature. To save a network plan with a new name: 1 In the main 3WXM window, select File > Save As. The Save As Network Plan wizard appears.
  • Page 83 If you open a version of a network plan, you are asked whether you want to deploy it or open it. When the version is open, you see its version name in the title bar of the main 3WXM window.

  • Page 84: Opening A Network Plan

    Network plan changes are automatically saved at the interval you specify. Saving Versions of a Network Plan You can save a version of a network plan that can be used to roll back configuration changes. For more information, see “Saving Versions of Network Plans”...

  • Page 85: Closing A Network Plan

    Creating and Managing Network Plans To open a network plan: 1 In the main 3XM window, select File > Open. The Open Network Plan wizard appears. 2 Select the network plan you want to open. 3 Click Next. 4 Click Finish. The network plan information appears in the 3WXM window.

  • Page 86: Deleting A Network Plan

    3 Click Next. The network plan is deleted. 4 Click Finish. Sharing a Network If the 3WXM plan repository is on a networked server or shared drive, you Plan can easily share access to network plans. The default repository location is xml/db, in the 3WXM installation directory (by default, C:\Program Files\3Com\Wireless Switch Manager), or the location specified during installation.
  • Page 87 A new installation of 3WXM does not contain the xml/db directory until a plan is created. Only one user at a time can edit a network plan. When a user with an administrator or provision account tries to open a plan that is already open for edit by another user, 3WXM displays the Lock Info page.

  • Page 88: Defining A Mobility Domain

    Users connect as a member of a VLAN through their authorized identities. If the native VLAN for a user is not present on the WX to which the user connects, the WX creates a tunnel to that VLAN.

  • Page 89: Roaming Behavior

    You cannot configure the grace period. If the client MAC address in a Mobility Domain is not found in 5 seconds, the session is considered new. The 802.1X reauthentication timeout has little impact on roaming. If the timeout lapses, 802.1X processing is performed on the existing...

  • Page 90: Traffic Ports Used By A Mobility Domain

    For tracked users, you can view roaming history in the Monitor tab. See “Using the Client Monitor Window” on page 420. The old session is cleared from the WX, even if the client did not explicitly disassociate from the MAP and the 802.1X reauthentication interval has not lapsed.

  • Page 91: Creating A Mobility Domain

    Domain (1 to 16 characters, with no spaces or tabs). 3 In the Seed Member list, select the WX switch that is the seed member. Only a WX in the Mobility Domain can be specified as a seed member. If...
  • Page 92 3: G HAPTER ETTING TARTED 4 Do one of the following: To close the wizard, click Finish. To create a WX switch and add it to the Mobility Domain, see “Adding a WX Switch to the Network Plan” on page 183.

  • Page 93: Planning The 3C Om Mobility System

    Building Wizard wizard, do one of the following: If you are creating a new site, navigate to the Building page in the Site wizard, and either select Building1 and click Modify, or click New Building. (To create a site, see “Creating a Site” on page 101.)
  • Page 94 LANNING THE OBILITY YSTEM Depending on how you access the wizard, the wizard’s title can be Create Building, Modify Building, Create Floor, or Modify Floor. The wizard is the same regardless of the title. The Building wizard contains the following pages:...
  • Page 95 Table 13 lists the toolbar icons in the edit options area of the page. Table 13 Toolbar Options on Setup Page Option...
  • Page 96 OBILITY YSTEM Building Wizard — Edit Content Page The Edit Content page enables you to modify imported floor drawings or create new ones, and characterize RF obstacles. You can assign attenuation information to objects. The edit options area has icons for free-drawing objects and for inserting RF obstacles.
  • Page 97 Building Wizard Overview Table 14 lists the toolbar icons at the top of the floor display area. Table 14 Toolbar Options on Edit Content Page Option Description Adjust the paper space (crop the drawing). Define the drawing scale. Change the grid size.
  • Page 98 View or change dimensions. Building Wizard — Plan RF Coverage Page The Plan RF Coverage page enables you to identify the wiring closet locations, draw and characterize the wireless coverage areas, insert third-party access points, and compute installation locations for WX switches and 3Com access points.
  • Page 99 136, “Adding a Third-Party Access Point” on page 148, and “Placing RF Measurement Points” on page 168. Table 15 lists the toolbar icons at the top of the floor display area. Table 15 Toolbar Options on Plan RF Coverage Page...
  • Page 100 The Report page enables you to generate work orders for installing 3Com equipment. You also can display 3Com equipment inventories and other network information. Table 16 lists the toolbar icons at the top of the floor display area. Table 16 Toolbar Options on Report Page Option Description Define the drawing scale.

  • Page 101: Creating A Site

    Print the view displayed in the floor display area. Creating a Site A site is a folder that contains the buildings in the network plan. A site usually represents a campus of geographically colocated buildings. If your network plan encompasses multiple campuses, create a site for each campus.

  • Page 102: To Create A Site When You Create A Network Plan

    LANNING THE OBILITY YSTEM To create a site when To create a site when you create a network plan, use the following you create a network procedure. plan 1 Access the Create Network Plan wizard, if not already open. Then type the plan name and select the country code and channel set.
  • Page 103 Creating a Site 3 Click New Site. The Create Site wizard appears. 4 In the Site Name box, type a name for the site (1 to 80 alphanumeric characters, with no spaces or tabs).

  • Page 104: To Create A Site In A Saved Network Plan

    LANNING THE OBILITY YSTEM 5 In the Number Of Buildings box, specify how many buildings are in your site. When you specify the number of buildings a site contains and save the site, 3WXM creates each building using the default settings. You can edit the buildings 3WXM creates or you can add new buildings.
  • Page 105 Creating a Site 4 Click New Site. The Create Site wizard appears. 5 In the Site Name box, type a name for the site (1 to 80 alphanumeric characters, with no spaces or tabs).

  • Page 106: Creating Or Modifying Buildings In A Site

    LANNING THE OBILITY YSTEM 6 In the Number Of Buildings box, specify how many buildings are in your site. When you specify the number of buildings a site contains and save the site, 3WXM creates each building using the default settings. You can edit the buildings 3WXM creates or you can add new buildings.
  • Page 107 Modify wizard apply whether the wizard says Create or Modify at the top. 3 In the Building Name box, type the name of the building (1 to 30 alphanumeric characters, with no spaces or tabs). 4 In the Number Of Floors box, specify how many floors the building has.

  • Page 108: Modifying Floor Defaults

    OBILITY YSTEM 6 In the Skip Floor Levels box, specify floor numbers you want to skip. Skipping floors is useful when you want to model only certain floors in a building. To enter a list of floors, use commas to separate the floor numbers (example: 1,3,7).

  • Page 109: Importing Or Drawing Floor Details

    3 In the Height of the Ceiling box, type the number of feet or meters from the floor to the ceiling (1 to 1000 feet or meters).

  • Page 110: Importing A Drawing Of A Floor

    Visio file to a DXF or JPG file, then import that file into 3WXM. You can also draw a floor plan in 3WXM if you do not have a drawing of your floor in one of the supported file formats.
  • Page 111 3WXM. To prepare a drawing before importing it into 3WXM: Make sure the scale of the paper space is 1” : 1” (full size). Also, ensure that the scale type is the same as that of the model space.
  • Page 112 OBILITY YSTEM you will to assign differing RF values to, or if some objects will not become RF obstacles, ungroup the objects and delete the unneeded objects. If all the RF objects in the grouped object will have the dame RF value, you might want to leave the object grouped.
  • Page 113 File > Drawing Utilities > Purge. Make sure purge nested items is selected. Click Purge until the option is greyed out. CAUTION: In AutoCAD, you cannot delete a layer if the layer is not empty. However, in TurboCAD, Options > Layers allows you to delete a layer even if there are objects in it.

  • Page 114: Importing The Drawing

    – exterior int – interior Importing the Drawing You can import a floor drawing from the Setup page or the Edit Content page. To import a floor: 1 Do one of the following: On the Setup page of the Building wizard, click the row containing the floor name and number, then click on the toolbar.
  • Page 115 Importing or Drawing Floor Details 2 Select the floor number from the Current Floor list. By default, the lowest floor of the building is selected. 3 Click Import Floor Layout. 4 After navigating to the directory containing the drawing, select it, and click Open.
  • Page 116 OBILITY YSTEM 5 Read the message about verifying the drawing scale, then click OK. (“Adjusting the Scale of a Drawing” on page 120 describes how to adjust the scale.) The drawing is displayed in the View panel. Figure 2 Floor Plan After Importing 6 Do one of the following: Click Finish to save the changes and close the wizard.

  • Page 117: Cropping The Paper Space

    2 Click con the toolbar. 3 Click and diagonally drag the cursor over the area you want to keep. 4 Release the mouse button. A warning is displayed. 5 Read the warning. To complete the crop, click Yes. To cancel the crop request, click No.

  • Page 118: Adjusting The Origin Point

    Otherwise, 3WXM places the origin point in the upper left corner of the drawing by default. You are not required to use the upper left corner of the building as the origin point. You can select an easily identifiable feature on all floors,...
  • Page 119 Importing or Drawing Floor Details on the floor itself, you can extend the drawing beyond the exterior walls by moving the origin farther up and left. To adjust the origin point 1 Access the floor plan in the Edit Content page.

  • Page 120: Adjusting The Scale Of A Drawing

    New location of origin point Adjusting the Scale of If you imported a DWG or DXF drawing, you might need to adjust the a Drawing scale of the drawing because the units used in these drawings might not have a one-to-one correspondence to meters and feet. To adjust the scale of the drawing, you draw a line between two points of known distance and adjust the measurement.

  • Page 121: Working With Layers

    3 Type the actual distance between the two points. 4 Click OK. Until you adjust or verify the scale of a floor, 3WXM reminds you to do so each time you navigate to the Edit Content page when the floor is displayed.
  • Page 122 YSTEM Figure 4 Floor Plan After Layers Hidden Adding or removing a layer To add a new layer to a drawing, do the following in the Edit Content page: 1 Right-click the list of layers next to the View panel.

  • Page 123: Cleaning Up A Drawing

    2 Click on the toolbar. The Layer Assignment dialog box appears. 3 Click the down arrow to display the list of layers in the drawing, and select the layer to which you want to move the object(s). 4 Click OK.
  • Page 124 3WXM to remove from the drawing during cleanup. 3WXM removes all these items by default. 3 To change the short line length, type the new length in the Short Line Length box. 3WXM removes all lines that are this length or shorter.
  • Page 125 X-axis and Y-axis boxes. 3WXM removes all objects that fit within both the specified axes. 6 In the Layer List group box, select the layers you want to clean up. You can select individual layers or all layers. 3WXM removes the specified objects only from the layers you select.

  • Page 126: Drawing Floor Objects Manually

    The tools for drawing non-RF objects work the same as the tools for drawing RF objects, but the tools are different. To draw a non-RF object, use the tools in the Free Draw group box. To draw RF objects, use the...

  • Page 127: Changing An Individual Floor's Properties

    Insert RF Obstacle group box. (See“Drawing RF Obstacles” on page 132.) To draw an object 1 In the Free Draw group box of the Edit Content page, click one of the following icons and draw the object as described: Object...

  • Page 128: Specifying The Rf Characteristics Of A Floor

    LANNING THE OBILITY YSTEM 3 To change the floor name, type the new name in the Floor Name box (1 to 60 alphanumeric characters, with no tabs). Each floor name in a building must be unique. 4 To change the ceiling attenuation or ceiling height values, select or type the new values.

  • Page 129: Recommendations

    Specifying the RF Characteristics of a Floor Use the graphics tools in the Insert RF Obstacle group box of the Edit Content page to draw the RF obstacles and assign attenuation values to them. This method is available for any floor plan. (See “Drawing RF Obstacles”...
  • Page 130 3 Right-click, and select Create RF Obstacle. The Create RF Obstacle dialog box appears. 4 Go to “To use the Create RF Obstacle Dialog box” on page 130. To create RF obstacles by grouping objects You can group several objects in a drawing to specify them as one RF obstacle.
  • Page 131 Specifying the RF Characteristics of a Floor Figure 5 Create RF Obstacle Dialog Box 1 In the Description box, type a description for the RF obstacle (1 to 60 characters, with no tabs). 2 In the Obstacle Type list, select the material of which the RF obstacle is made.

  • Page 132: Drawing Rf Obstacles

    To draw RF obstacles, you use the Insert RF Obstacle box of the Edit Content page. Follow these steps. 1 In the Insert RF Obstacle group box of the Edit Content page, click one of the following icons and draw the object as described:...

  • Page 133: Defining Wireless Coverage Areas

    You access the Define Coverage page using the Building wizard. Follow Coverage Page these steps. 1 Open the Building wizard. See “Accessing the Building Wizard” on page 93. 2 Click Plan RF Coverage at the top of the wizard. The Plan RF Coverage page appears.

  • Page 134: Creating A Wiring Closet

    3WXM automatically creates and configures the switches that are needed. Each floor plan must have at least one wiring closet, if the floor will use MAPs that are directly connected to their WX switches. However, a floor is not required to have a wiring closet if MAPs will be indirectly attached...
  • Page 135 2 On the floor layout, click the location of the wiring closet. The Create Wiring Closet dialog box appears. 3 In the Name box, type the name of the wiring closet (1 to 60 characters, with no tabs). 4 If you have not defined a WX switch in 3WXM, click Finish to save the changes.

  • Page 136: Defining A Coverage Area

    WX switches listed, 3WXM creates and inserts a new WX switch in the wiring closet. Select a WX switch and click Move Up or Move Down to change the order of the WX switches.
  • Page 137 Figure 6 Supported Shared Coverage Areas Example Area 1 Area 2 The coverage areas shown in Figure 7 cannot share coverage and are not supported by 3WXM. (However, separate, nonshared coverage areas can overlap.) Figure 7 Unsupported Shared Coverage Area Example...
  • Page 138 3WXM supports concave polygons, which have an internal angle greater than 180 degrees. When drawing a polygon, make sure that two sides of the polygon do not intersect each other, as shown in Figure 8. Also make sure start and end points and the vertices are not too close.
  • Page 139 Defining Wireless Coverage Areas In the Insert Area group box in the Define Coverage page, click one of the following icons and draw the object as described: Object Action Diagonally drag the cursor over the area where you want the circle to appear.
  • Page 140 Specifying the Wireless Technology for a Coverage Area (To draw a coverage area, see “Drawing a Coverage Area” on page 138.) To specify wireless technology for a coverage area: 1 In the Technology list of the Coverage Area Choices wizard, select one of the following: 802.11a 802.11b...
  • Page 141 2 To refine the dimensions of the coverage area, specify the appropriate dimension in the X-Length and Y-Length boxes. 3 Click Next. The wizard presents properties and association pages for the technology you chose in step 1. The following example shows the wizard for 802.11a and 802.11g technologies.
  • Page 142 YSTEM Specifying Coverage Area Properties To specify coverage area properties: 1 In the Name box, type a name for the coverage area (1 to 60 characters long, with no tabs). 2 Verify that the Technology selection is correct. 3 For 802.11g, to prevent the association of 802.11b clients to any radio in this coverage area, select Exclude 802.11b clients.
  • Page 143 The other is based on capacity, using the capacity parameters. 3WXM compares the results of the calculations and selects the calculation that results in more MAPs. If you disable the Use Capacity Calculation option, 3WXM performs only the coverage calculation.
  • Page 144 1 In the Mobility Domain list, select the Mobility Domain that contains the MAPs used for this coverage area. 2 In the Radio Profile list, select the radio profile used for this coverage area. The profiles available depend on the Mobility Domain you selected in step 1.
  • Page 145 To create a new profile, click Create. The Create Service Profile wizard appears. (See “Configuring a Service Profile” on page 257.) 4 In the Shared Area list, select a coverage area that will share MAP access points with the one you are configuring.
  • Page 146 LANNING THE OBILITY YSTEM 10 To change the ceiling height, specify the new height in the Height of the Ceiling box. 11 To change the height where MAPs are mounted, specify the new mounting height in the MAP Placement Height box.
  • Page 147 Layer 2 or Layer 3 devices. If the MAP access points are directly connected to the WX, ensure that UTP Cat 5 cabling distances between the MAP and the WX in the wiring closet do not exceed 100 meters (330 feet).

  • Page 148: Adding A Third-Party Access Point

    YSTEM Margin listbox. This is the number of dBm below the maximum power setting that you want 3WXM to reserve in case the power needs to be increased later. 17 To plan for redundant MAP connections to WX switches, select Compute Redundancy.
  • Page 149 The choices available depend on the selection you made in step 3. 5 In the Name box, type a name for the access point. You can use 1 to 32 characters, with no punctuation except the following: period (.), hyphen (-), or underscore (_).
  • Page 150 YSTEM 8 In the IP Address box, type the IP address for the access point. If you specify an IP address, you can use Telnet and a Web browser with this access point. 9 In the Telnet Port Number box, specify the port number for Telnet service.

  • Page 151: Computing Map Placement

    Moving the AP Icon to its Floor Location When you finish creating a third-party AP, 3WXM places an icon for the AP on the Objects To Place tab for the floor, from which you can move it to its location.

  • Page 152: Computing And Placing Map Access Points For A Coverage Area

    WX switches needed in the wiring closet (if the floor has them), and then places them on the floor plan. You can move the MAP access points on the floor plan to more convenient locations to simplify installation.
  • Page 153 To specify design constraints 1 In the Computation group box of the Plan RF Coverage page, click Manage Constraints. The Manage Constraints dialog box appears. 2 To change the ceiling height, specify the new height in the Height of the Ceiling box.
  • Page 154 3 To change the height where MAPs are mounted, specify the new mounting height in the MAP Placement Height box. 4 To change the WX switch model, select the model from the Use WX Type list: WX1200 — Provides eight 10/100 Ethernet ports, the first six of which support PoE.
  • Page 155 Redundant Level box. 13 For direct connections, the redundancy level is always 1. 14 To update all the constraints for the areas you will select in step 15, select Update All Constraints. By default, 3WXM applies only changed constraint values to the selected areas.
  • Page 156 To compute and place MAP access points 1 On the Plan RF Coverage page, click on Compute and Place MAPs. The Compute and Place wizard appears. 2 To remove a coverage area from MAP placement and computation, clear the area’s Compute Layout box.
  • Page 157 Specifying the primary wiring closet for distributed MAPs is optional. 4 To specify the redundant wiring closet for a coverage area, click in the Redundant Wiring Closet column to display the wiring closet list and select a wiring closet from the list. This step is optional.
  • Page 158 OBILITY YSTEM To see the RF coverage area for an area, right-click on the area (either in the organizer list or on the floor) and select Show RF Coverage. If the area supports more than one radio technology, you also need to select the technology.
  • Page 159 Computing MAP Placement 3 To see the RF coverage area for a specific MAP or radio, right-click the MAP or radio, and select one of the following: Show RF Coverage > 802.11a Show RF Coverage > 802.11b Show RF Coverage > 802.11g The choices available depend on the wireless technology you chose for the coverage area.
  • Page 160 You must now compute the optimal power. See “Computing Optimal Power” on page 162. Locking and Unlocking Coverage Areas After you create a coverage area, it is locked. If you need to move or resize a coverage area, you can unlock it. To unlock a coverage area 1 Select the coverage area on the floor or from the Coverage Areas list in the lower left panel of the Plan RF Coverage page.

  • Page 161: Adding New Maps That Are Already Installed To The Network Plan

    2 Right-click, and select Lock. You can no longer move the MAP. Adding New MAPs If you installed a new MAP in the network and you want to add it to the that Are Already network plan, do the following:...

  • Page 162: Computing Optimal Power

    OBILITY YSTEM Computing Optimal If you do not plan to use the RF Auto-Tuning feature to automatically set Power the power levels on the MAPs after deployment and installation, use the Compute Optimal Power option to calculate the power settings for the MAPs.
  • Page 163 RF coverage at baseline association and minimum transmit rates for the coverage areas by doing the following: 1 In the Show RF coverage using listbox, select how you want to display the coverage: Baseline Association Rate — Coverage is shown based on the MAP radio baseline association rate.

  • Page 164: Assigning Map Channels

    2 Manually create more MAP access points, and place them on the floor. 3 Modify the coverage area so that the capacity requirements are higher. If you manually add MAP access points to a coverage area, they might be moved or removed the next time you perform Compute and Place.
  • Page 165 Computing MAP Placement 2 To change the starting floor for channel assignment, select the floor from the Begin On Floor List. By default, 3WXM starts at the top floor and works down. 3 To change the ending floor for channel assignment, select the floor from the End On Floor List.
  • Page 166 HAPTER LANNING THE OBILITY YSTEM 7 Review the results. The 802.11a channel assignments are listed on the 802.11a Radio(s) tab. The 802.11b/g channel assignments are listed on the 802.11b/g Radio(s) tab. 8 Click Finish to accept the channel assignments. The new channel assignments are reflected in the Coverage Areas panel.

  • Page 167: Verifying The Wireless Network

    Use RF interactive measurement mode. Showing RF Coverage Looking at the RF coverage allows you to see if the entire area is adequately covered by the MAP access points. You can move the MAPs and see how the coverage changes.

  • Page 168: Placing Rf Measurement Points

    If you manually add MAP access points to a coverage area, they might be moved or removed when you next perform Compute and Place. If you have already installed a MAP in the network and you want to add it to the coverage area, see “Adding New MAPs that Are Already Installed to the Network Plan”...
  • Page 169 3 In the Description box, type a description for the measurement point (1 to 60 characters). 4 In the RSSI Options box, select display options for the dialog box: To list access points that cannot be detected from this RF measurement point, select Show Unreachable MAPs.

  • Page 170: Using Rf Interactive Measurement Mode

    Using RF Interactive RF interactive measurement mode is useful when you are troubleshooting Measurement Mode or surveying the coverage areas on the floor. You can quickly measure signal strengths for any location on the floor. To use the RF interactive measurement mode 1 On the Plan RF Coverage page, click in the toolbar.

  • Page 171: Generating Rf Network Design Information

    RSSI (dBm) Signal strength from the MAP at the RF measurement point. Generating RF After 3WXM has calculated the number of MAP access point required to Network Design provide wireless coverage, you can get the following information: Information Floor layout with MAP access points and other objects defined for the...

  • Page 172: Reviewing Layout Information

    HAPTER LANNING THE OBILITY YSTEM Reviewing Layout To see the floor layout, click View Layout. Information Reviewing the MAP To review the MAP list, click View MAP List. The list of MAP access List points appears in the right panel.

  • Page 173: Generating A Work Order

    Transmit power level for each MAP access point Coverage area in which each MAP access point is located Generating a Work You can generate a work order as part of your wireless network planning. Order The work order provides all of the necessary information for the physical installation of the 3Com Mobility System.
  • Page 174 MAP MAC addresses, and use it for post-deployment verification. To generate a work order 1 In the Work Order Options group box, specify whether to include the following information in the work order: RF Coverage RSSI Projections...

  • Page 175: Applying Rf Auto-Tuning Settings To The Network Plan

    A browser must be specified in the Tools tab in the Preferences dialog box (Tools > Preferences). 7 Select a floor from the Select Floor list and click View Work Order. The work order is displayed starting at the floor you specified. You can scroll to view additional information.
  • Page 176 The network plan’s Mobility Domains are listed in the Scope section. 2 Select the scope. If you select a Mobility Domain as the scope, the change is also applied to the Domain Policies in the Mobility Domain. 3 Select the RF Auto-Tuning settings you want to apply. Both channel and power settings are selected by default.

  • Page 177: Wx Switch Wizard Overview

    This chapter and the following two chapters describe how to configure WX switch parameters using the WX Switch wizard. Depending on how you access the wizard, the wizard’s title can be Create Wireless Switch, or Modify followed by the WX switch name.
  • Page 178 5: C WX S HAPTER ONFIGURING YSTEM AND DMINISTRATIVE ARAMETERS Figure 10 WX Switch Wizard — System and Administrative Page The wizard has the following pages: System and Administrative Wireless...
  • Page 179 Parameter results checklist Each page has a parameter checklist. Click on an item in the checklist to display or modify the configuration for that parameter. The wizard automatically verifies the configuration parameters and displays any warning or error messages in the verification area at the bottom of the window.

  • Page 180: System And Administrative Page

    In the example above, the enable password for the switch is not specified. Since the enable password is required for 3WXM to access and manage a WX switch, but is optional on the WX switch itself, the box around the WX Properties checkmark is yellow to indicate a warning condition, and the warning is explained in the verification results at the bottom of the wizard.

  • Page 181: Wireless Page

    The Wireless page enables you to configure MAP access point and radio parameters. For example, to create a new radio profile, select Radio Profile in the organizer list on the left, then click New Radio Profile to display the Create Radio Profile wizard.
  • Page 182 YSTEM AND DMINISTRATIVE ARAMETERS When an option in a configuration wizard opens a new wizard, the other wizard remains open in the background. However, you can enter information only in the new wizard. After you click Finish to save your changes and close the new wizard, you can continue working in the other wizard.

  • Page 183: Adding A Wx Switch To The Network Plan

    Adding a WX Switch to the Network Plan AAA Page The AAA wizard enables you to configure authentication, authorization, and accounting (AAA) for administrative access and network user access. You can configure RADIUS parameters, users, and access filters. (To configure AAA parameters, see “Configuring Authentication, Authorization, and Accounting Parameters”...

  • Page 184: To Create A New Wx Switch Based On Domain Policies

    Each of these options enables you to create a new switch based on the default settings for all switch parameters. If the button for the Wireless or AAA page is greyed out, enter a name for the switch in the WX Name box on the WX Properties portion of the System and Administrative page.

  • Page 185: Accessing The Modify Switch Wizard

    Select Edit > Properties from the toolbar in the main 3WXM window. Accessing the To add a new switch and access the Modify Switch wizard to configure it, Modify Switch see “Adding a WX Switch to the Network Plan” on page 183.

  • Page 186: Configuring Basic Wx Properties

    2 Select System and Administrative at the top of the wizard, if not already selected. 3 Select WX Properties from the organizer list on the left side of the page, if not already selected. 4 In the WX Name box, type the name of the WX switch (1 to 256 alphanumeric characters, with no spaces or tabs).
  • Page 187 If this option is not selected, select it to enable 3WXM to manage the WX switch. 8 Select the wiring closet you want 3WXM to place the WX switch in. If no wiring closets are defined yet or you do not want to place the WX switch in a closet at this time, select Not Assigned.

  • Page 188: Configuring Vlans

    DMINISTRATIVE ARAMETERS If the correct software image is already loaded on the WX, go to step 13. Otherwise, select a software image from the list, and click Close. This dialog box lists the images that are in the image repository. You must add a system image to the repository for the image to appear in this list.

  • Page 189: Users And Vlans

    WX switches in a Mobility Domain contain a user’s traffic within the VLAN the user is assigned to. For example, if you assign a user to VLAN red, the WX switches in the Mobility Domain contain the user’s traffic within...

  • Page 190: Traffic Forwarding

    4 and 5 to belong to VLAN 2 and ports 6 and 7 to belong to VLAN 3. As a result, traffic between port 4 and port 5 is switched, but traffic between port 4 and 6 needs to be routed by an external router.
  • Page 191 WX can tunnel the traffic through another WX that is a member of the user’s VLAN. If a WX that is not in the user’s VLAN has a choice of more than one other WX through which to tunnel the user’s traffic, the WX selects the path based on the tunnel affinity value.
  • Page 192 DMINISTRATIVE ARAMETERS If you are creating a new WX switch, the VLANs listed in this panel are from the VLANs object in the Domain Policies for the Mobility Domain the new switch is in. You can modify or delete these VLANs.
  • Page 193 5 In the VLAN ID box, specify a VLAN number (2 to 4095). The VLAN number must be unique on a particular WX. 6 In the VLAN Name box, type the name of the VLAN (1 to 16 alphabetic characters long, with no numbers, spaces, or tabs).
  • Page 194 You can add ports or port groups (if you have defined them) to a VLAN. After adding a port or port group, you can also assign a tag value to the port or port group. A tag is a numeric value that identifies a virtual port within the VLAN.
  • Page 195 2 From the list of available members, select a port or port group (if you previously created port groups). If a port or port group is currently a member of a VLAN, the VLAN name is listed in the VLAN(s) column. To make multiple selections, press Shift (for contiguous items) or Control (for noncontiguous items) while clicking items.
  • Page 196 5 To add more ports or port groups to the VLAN, repeat step 2 through step 4. 6 To remove a port or port group from the VLAN, select a port or port group and click Remove. To make multiple selections, press Shift (for contiguous items) or Control (for noncontiguous items) while clicking items.
  • Page 197 STP state of other VLANs on the WX switch. The IEEE 802.1D spanning tree specifications refer to networking devices that forward Layer 2 traffic as bridges. In this context, a WX switch is a bridge. Where this manual or the product interface uses the term bridge, you can assume the term is applicable to the WX switch.
  • Page 198 5 In the Hello Time box, specify the interval (1 to 10 seconds) between each configuration message from the root bridge. The default is 2 seconds. 6 In the Forward Delay box, specify the amount of time (4 to 30 seconds) a bridge waits after a topology change to begin forwarding data packets.
  • Page 199 Configuring VLANs To configure STP port information: 1 In the Create VLAN wizard, click Spanning Tree Port Setup. The Spanning Tree Port Setup page appears. 2 Select the port whose STP information you want to modify. 3 Click Modify. The Modify Port dialog box appears.
  • Page 200 If STP is disabled on the VLAN, spanning tree packets are forwarded transparently through the VLAN to and from that port. 5 In the Port Priority box, specify a priority value (0 to 255). The default is 128. 6 In the Path Cost box, specify a value (0 to 65,535) for the cost. The default depends on the port speed: 10 Mbps —...
  • Page 201 Configuring IGMP Internet Group Management Protocol (IGMP) snooping controls multicast traffic on a WX by forwarding packets for a multicast group only on the ports that are connected to members of the group. IGMP is especially useful for WLANs because bandwidth is relatively constrained. The WX listens for multicast packets and maintains a table of multicast groups, as well as their sources and receivers, based on the traffic.
  • Page 202 3Com recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic that is not routed. 5 In the Query Interval box, specify the interval (1 to 65,535 seconds) at which the WX switch sends general IGMP queries on behalf of multicast...
  • Page 203 The default interval is 255 seconds. 7 In the Query Response Interval box, specify how long (1 to 65,535 tenths of a second) a device can take to respond to an IGMP query. The default interval is 100 tenths of a second (10 seconds).
  • Page 204 1 In the Create VLAN wizard, click Member IGMP Setup. The Member IGMP Setup page appears. 2 To add a static multicast receiver port, select the Forward Multicast IP Out checkbox for each port you want to add. By default, ports are not selected. To remove a static multicast receiver...
  • Page 205 Uplink Fast Convergence Uplink fast convergence enables a WX switch that has redundant links to the network core to immediately change the state of a backup link to forwarding if the primary link to the root fails. Uplink fast convergence bypasses the listening and learning...
  • Page 206 Do not enable the feature on WX switches that are in the network core. To configure fast convergence features: 1 In the Organizer panel, navigate to the domain policy or WX switch you want to configure. 2 Expand the policy or switch to see the configuration options.

  • Page 207: Modifying Vlans

    Configuring the System IP Address Modifying VLANs To modify a VLAN: 1 In the Organizer panel, navigate to the domain policy or WX switch you want to configure. 2 Expand the object to see the configuration options. 3 Expand VLANs.
  • Page 208 YSTEM AND DMINISTRATIVE ARAMETERS 3 Select System IP Address from the organizer list on the left side of the page, if not already selected. 4 Select the VLAN on which the system IP address is configured from the System VLAN/IP list box.

  • Page 209: Configuring Wx Management Services

    Logging — The system log provides event information for monitoring and troubleshooting. You can send the log information to a local data buffer on a WX, to the console, to a Telnet session, and to a configured set of syslog servers. (See “Configuring Logging” on page 218.)

  • Page 210: Setting System Information

    In the Organizer panel, select Management Services under a WX switch or Domain Policies, then select Edit > Properties. Here is an example of the System Information page in the WX Switch wizard. 2 In the Contact box, type the contact name for the WX.

  • Page 211: Enabling Https

    The mmmm portion of the prompt shows the WX switch’s model number. 4 In the Message of the Day box, type the message that appears before the beginning of each login prompt of each CLI session. Do not use the number sign (#), single quotation mark (‘), double quotation marks (“...

  • Page 212: Configuring Telnet

    2 Select Enabled to enable HTTPS access, or clear Enabled to disable HTTPS access. 3 Do one of the following: Go to “Configuring Telnet”. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes. Configuring Telnet...

  • Page 213: Configuring Ssh

    2 Select Enabled to enable Telnet access, or clear Enabled to disable Telnet access. By default, Telnet access is disabled. 3 In the Service Port Number box, type the TCP port number for the Telnet server on the WX switch. The default TCP port is 23.

  • Page 214: Disabling Or Reenabling Web Aaa

    Domain Policies, then select Edit > Properties. Click on HTTPS, Telnet, SSH & Web Auth at the top of the wizard. 2 Select Enabled to enable Web AAA access, or clear Enabled to disable Web AAA access. By default, Web AAA access is enabled.
  • Page 215 SNMP at the top of the wizard. Here is an example of the SNMP page in the WX Switch wizard. 2 Select Enabled to enable SNMP service on the WX, or clear Enabled to disable SNMP service. By default, SNMP is disabled.
  • Page 216 ONFIGURING YSTEM AND DMINISTRATIVE ARAMETERS strings are commonly used and can easily be guessed. You cannot edit the TRAP community string. 4 You can enable the following SNMP traps: Authentication — Generated when the WX switch’s SNMP agent receives a bad community string.
  • Page 217 When a trap condition occurs, the WX sends an SNMP trap message to any network management system specified as a trap receiver. 5 To add an SNMP trap receiver, click Add. The Create SNMP Target dialog box appears. 6 In the IP Address box, type the IP address of the trap receiver.

  • Page 218: Configuring Logging

    7 Click Finish to save the changes. The SNMP Setup page in the Modify Management Services wizard appears. 8 To add other SNMP trap receivers, repeat step 5 through step 7 for each trap receiver. You can add a maximum of five trap receivers. To delete a trap receiver, select it from the Trap Receivers list, and click Remove.
  • Page 219 To enable logging to the local buffer on the WX, select Enabled. To disable the option, clear Enabled. b In the Severity Filter list, select the lowest level of severity to be logged: Emergency — The WX is unusable.
  • Page 220 Enabled. Clear Enabled to disable the logging of messages to the console. b In the Severity Filter list, select the lowest level of severity of the event or condition to be logged (see the list in step 2). The default severity level is Error.
  • Page 221 You can specify a syslog server. Syslog facilities are identifiers that allow a syslog server to handle different syslog messages from different sources. You can use a facility in the range of Local 0 through Local 7. To set up a syslog server...
  • Page 222 5: C WX S HAPTER ONFIGURING YSTEM AND DMINISTRATIVE ARAMETERS 2 Click New Syslog Server. The Create Syslog Server dialog box appears.
  • Page 223 Some syslog servers require the facility to be set to a standard local facility name. 6 In the Map to Local Facility List, select the local facility (Local 0 to Local 7) that all the facilities are mapped to. The default value is Local 0.
  • Page 224 Configuring Tracing You can configure tracing for debugging MSS. You use specific keywords to specify which area of MSS to trace. You determine how trace output is handled when you configure logging. For more information, see “Configuring Logging” on page 218.
  • Page 225 Configuring WX Management Services 7 In the Area box, type one of the following keywords to specify the area to trace. aaacli accounting ag_agent ap_buffer_mgr ap_crypto ap_ethernet ap_network ap_radio ap_station ap_stats ap_tapa ap_util ap_vlan apm_trap authentication authorization cli_reader cluster cluster_event...

  • Page 226: Setting The Timezone

    Switch and Controller Configuration Guide. 8 Optionally, in the Level box, specify the amount of information included in the trace output (0 to 10). 0 provides the minimum amount of information and 10 proves the maximum amount of information. The default is 5.
  • Page 227 In the Organizer panel, select Management Services under a WX switch or Domain Policies, then select Edit > Properties. Click on Timezone at the top of the wizard. Here is an example of the Timezone page in the WX Switch wizard.
  • Page 228 YSTEM AND DMINISTRATIVE ARAMETERS 2 In the Name box, type the name for the time zone (1 to 16 alphanumeric characters, with no spaces or tabs). 3 In the Offset Hours box, specify the number of hours (between -23 and 23) to subtract from or add to UTC.

  • Page 229: Configuring Wired Authentication Ports

    Configuring Wired Authentication Ports 12 Do one of the following: Go to “Configuring Wired Authentication Ports”. Select another item in the WX Switch wizard, if you are using this wizard. Click Finish to close the wizard and save changes. Configuring Wired A wired authentication port is an Ethernet port that has 802.1X...
  • Page 230 To specify all the ports as wired authentication ports, select the Wired Auth. Enabled checkbox in the upper left corner of the Setup area. If the port is currently a MAP access port, you are prompted to choose whether to reconfigure it.

  • Page 231: Configuring Network Ports

    1 In the Maximum Sessions column, double-click, and type the maximum number of sessions allowed (1 up to as many as you need). The default is 2 Do one of the following: Go to “Configuring Network Ports”.
  • Page 232 5: C WX S HAPTER ONFIGURING YSTEM AND DMINISTRATIVE ARAMETERS 2 Select an Ethernet port to modify. 3 Click Modify. The Modify Port dialog box appears.
  • Page 233 The options in the Wired Authentication Setup group box apply only to wired authentication ports. 4 In the Name box, type a name for the port (1 to 16 alphanumeric characters, with no spaces or tabs). 5 To enable the port, select Enabled. To disable the port, clear Enabled. By default, the port is enabled.
  • Page 234 YSTEM AND DMINISTRATIVE ARAMETERS 7 To specify the speed of a 10/100 Ethernet port, select one of the following: Auto — Sets the port to automatically detect the traffic speed and set the speed accordingly. This is the default value.

  • Page 235: Configuring Load Sharing

    Configuring Load Sharing Configuring Load A port group is a set of physical ports that function together as a single Sharing link and provide load sharing and link redundancy. Only network ports can participate in a port group. Load Sharing The WX balances port group traffic among the group’s physical ports by...
  • Page 236 5: C WX S HAPTER ONFIGURING YSTEM AND DMINISTRATIVE ARAMETERS 2 Select New Port Group. The Create Port Group wizard appears.
  • Page 237 Configuring Load Sharing 3 In the Port Group Name box, type the name of the port group (1 to 16 alphanumeric characters, with no spaces or tabs). 4 Click Next. The Port Group Selection page appears.

  • Page 238: Configuring Ip Services

    YSTEM AND DMINISTRATIVE ARAMETERS 5 To add a port to the port group, select the Member checkbox for the port. The port group name appears in the Port Group column for the port. 6 To remove a port from a port group, clear the Member checkbox for the port.
  • Page 239 MSS can use a route only if the route is resolved through an IP interface on one of VLANs on the WX switch. To verify that the WX has an IP interface in the same subnet as the route’s next-hop IP address, you can use the show interface CLI command. If the WX does not have an interface in the next hop’s subnet, the static...
  • Page 240 In the Organizer panel, select IP Services under a WX switch or Domain Policies, then select Edit > Properties. The Modify IP Services wizard appears. Here is an example of the IP Routes page in the WX Switch wizard. 2 Select New Static Route. The Create Static Route dialog box appears.
  • Page 241 (CIDR) notation (for example, 10.10.0.0/16). 4 In the Gateway box, type the IP address of the gateway that the route uses. 5 In the Metric box, specify the cost for using the route (0 to 2,147,483,647).

  • Page 242: Configuring Ip Aliases

    YSTEM AND DMINISTRATIVE ARAMETERS 2 To set the gateway IP address for a default route, click on an entry in the Gateway IP Address column. 3 Edit the IP address to the address of the gateway the route uses. 4 To change the cost for using the route, double-click the value in the Metric column for the route and type a value for the cost (0 to 2,147,483,647).
  • Page 243 Configuring IP Services 2 Click New IP Alias. The Create IP Alias dialog box appears.

  • Page 244: Configuring Dns

    YSTEM AND DMINISTRATIVE ARAMETERS 3 In the Host Name box, type the name of the IP alias (1 to 32 characters, with no spaces or tabs). You cannot use the word all as the name of an IP alias. 4 In the Host IP Address box, type the IP address that the IP alias is mapped 5 Click Finish.
  • Page 245 To set up DNS basic properties: 1 Do one of the following: Open the WX Switch wizard, then select DNS under IP Services in the organizer list of the System and Administrative page. In the Organizer panel, select IP Services under a WX switch or Domain Policies, then select Edit >...
  • Page 246 ARAMETERS 2 To enable DNS, select Enabled. To disable DNS, clear Enabled. 3 If you disabled DNS in step 2, go to step 5. Otherwise, go to the next step. 4 In the Default DNS Domain box, type the default domain suffix that is appended to a hostname if the hostname cannot be resolved as entered.

  • Page 247: Configuring Ntp

    2 Click on a row in the IP Address column. 3 Change the IP address in the row to the address of the DNS server. 4 If this server is the primary DNS server for the switch, select the checkbox in the Primary column.
  • Page 248 Here is an example of the NTP page in the WX Switch wizard. 2 To enable NTP, select Enabled. To disable NTP, clear Enabled. By default, NTP is disabled. 3 If you disabled NTP in step 2, go to step 5. Otherwise, go to the next step.
  • Page 249 Configuring IP Services 4 To set the interval at which an NTP server is polled, specify its value in seconds (16 to 1024) in the Update Interval box. The default is 64 seconds. 5 Do one of the following: Go to “Configuring ARP”.

  • Page 250: Configuring Arp

    Adding ARP Entries You can add permanent ARP entries to the ARP table. Permanent entries do not age out and remain in the table even after the WX is rebooted. To add a permanent ARP entry: 1 Do one of the following: Open the WX Switch wizard, then select ARP under IP Services in the organizer list of the System and Administrative page.
  • Page 251 Configuring IP Services 2 In the Aging Time box, specify the amount of time a dynamic entry can remain unused before the entry is removed from the ARP table. The value range for the aging timeout is 0 to 1,000,000 seconds. The default value is 1200 seconds.
  • Page 252 ONFIGURING YSTEM AND DMINISTRATIVE ARAMETERS In the MAC Address box, type the MAC address that the IP address is to be mapped to. In the IP Address box, type the IP address for the ARP entry. Click Finish. Do one of the following: Select another item in the WX Switch wizard, if you are using this wizard.

  • Page 253: Configuring Wireless Parameters

    Radio profiles, which assign IEEE 802.11 settings and a service profile to radios MAP access points Active scanning for rogue devices To set these parameters, you can use the Wireless page of the WX Switch wizard. Figure 11 shows an example of this wizard page.
  • Page 254 (For information about the WX Switch wizard, see “WX Switch Wizard Overview” on page 177.) When a wireless client requests access to the network, the client requests access to a specific Service Set Identifier (SSID). Beaconing, encryption, and authentication settings for the SSID are controlled by a service profile.

  • Page 255: Configuring An Ssid

    1 Access the WX Switch wizard for the WX switch. (See “Accessing the Modify Switch Wizard” on page 185.) 2 Select Wireless at the top of the wizard, if not already selected. 3 Select SSID from the organizer list on the left side of the page, if not already selected.
  • Page 256 6: C HAPTER ONFIGURING IRELESS ARAMETERS 4 To create an SSID, click New SSID. The Create SSID wizard appears.

  • Page 257: Configuring A Service Profile

    Configuring a Service Profile 5 Type the SSID name. The name can be 1 to 32 alphanumeric characters long, with no spaces or tabs. 6 Do one of the following: Click Next and go to “Configuring and Managing Access Rules for Network Users”...
  • Page 258 5 In the Name box, type a name of up to 16 alphanumeric characters, with no spaces, for the service profile. 6 In the SSID box, edit the SSID name. The name can be 1 to 32 alphanumeric characters long, with no spaces or tabs.
  • Page 259 WebAAA page box: mycorp/mycorp-login.htm By default, the WebAAA page box is blank, in which case the WX switch serves its default Web login page, the 3Com Webaaa login page, to Web AAA clients.

  • Page 260: Configuring Encryption

    1 In the Create Service Profile wizard, click Encryption. The Encryption page appears. 2 In the Security Mode list, select WEP, WPA, or WEP+WPA. The default is WEP. Microsoft Windows XP does not support WEP with WPA. To configure a radio profile to provide WEP for XP clients, select WEP.
  • Page 261 If you are configuring dynamic WEP, go to step 5. If you are configuring static WEP, go to the next step. 2 To specify a WEP key, type the hexadecimal value of the key in one of the WEP key boxes.
  • Page 262 WPA is based on Draft 3 of the 802.11i standard. You can use WPA with 802.1X authentication. If the client does not support 802.1X, you can use a preshared key on the MAP and the client for authentication.
  • Page 263 (MIC). The Michael MIC used with TKIP provides a holddown mechanism to protect the network against tampering. The MIC used by CCMP — CBC-MAC — is stronger than the one used by Michael and does not require or provide countermeasures. WEP does not use a MIC.

  • Page 264: Mapping A Service Profile To A Radio Profile

    To close the wizard and save the changes, click Finish. Mapping a Service A radio profile controls IEEE settings for a set of 3com radios. The radio Profile to a Radio profile also maps a service profile to the radios.

  • Page 265: Configuring A Radio Profile

    4 Click Finish to save the changes and close the wizard. Configuring a Radio A radio profile is a set of attributes that you can apply to multiple radios. Profile A default radio profile named default is provided and cannot be deleted.

  • Page 266: To Create A Radio Profile

    1 Access the WX Switch wizard for the WX switch. (See “Accessing the Modify Switch Wizard” on page 185.) 2 Select Wireless at the top of the wizard, if not already selected. 3 Select Radio Profile from the organizer list on the left side of the page.
  • Page 267 Configuring a Radio Profile 4 Select New Radio Profile. The Create Radio Profile wizard appears.
  • Page 268 ONFIGURING IRELESS ARAMETERS 5 In the Name box, type the name of the radio profile (1 to 16 characters, with no spaces or tabs). 6 To prevent the association of 802.11b clients to 802.11g radios using this profile, select Exclude 802.11b clients.

  • Page 269: To Change 802.11 Attributes

    SSIDs. You can specify from 25 to 8191 milliseconds (ms). The default is 100 ms. 3 In the DTIM Period box, specify the number of beacons (1 to 31) the MAP transmits before transmitting the multicast and broadcast frames stored in its buffers.
  • Page 270 Frames smaller than the RTS threshold are not sent using the RTS/CTS method. The default is 2346 bytes. 9 In the Short Retry Limit box, specify the number of times (1 to 15) the MAP transmits an unacknowledged unicast frame that is shorter than the RTS threshold before discarding the frame.

  • Page 271: To Configure Rf Auto-Tuning

    3 To change the interval at which RF Auto-Tuning decides whether to change the power level on radios, change the value in the Tx. Power Tuning Interval box. You can specify from 1 to 65535 seconds. The default is 300 seconds.
  • Page 272 Tune Channel. This feature is enabled by default. 6 To change the interval at which RF Auto-Tuning decides whether to change the channels on radios in a radio profile, change the value in the Channel Tuning Interval box.

  • Page 273: To Map The Radio Profile To A Service Profile

    3 Click Add to move the profile name to the Current Service Profiles column. 4 Do one of the following: To apply the radio profile to 3com radios, click Next and see “To apply a radio profile to radios”. To configure other radio profile parameters, click a button at the top of the wizard.

  • Page 274: Configuring Directly Connected Map Access Points

    1 In the Create Radio Profile wizard, click Radio Selection. The Radio Selection page appears. If the Available Members column is empty, as shown in this example, no MAP access points have been configured for the WX switch yet. To configure MAP access points, see “Configuring Directly Connected MAP...

  • Page 275: To Configure A Directly Connected Map

    Layer 2 or Layer 3 wired networking devices. Configure a MAP port for each directly connected MAP. Table 20 lists how many MAPs you can configure on a WX switch, and how many MAPs a switch can boot. The numbers are for directly connected and Distributed MAPs combined.
  • Page 276 (1 to 16 alphanumeric characters, with no spaces or tabs). 6 To select the MAP type, click on the MAP Type cell for the port. A list of MAP models appears. In the list, select one of the following: AP2750 —...
  • Page 277 MP-52 — Dual-radio model. MP-122 — Dual-radio model. MP-101 — Single-radio model. 7 To select the radio type for a single-radio model, click the MAP Radio Type box and select the radio type from the list: 11a — 802.11a 11b — 802.11b only 11g —...

  • Page 278: To Modify Map Attributes

    To modify MAP attributes, use the following procedure. attributes 1 On the MAP page of the Wireless page of the WX Switch wizard, select a MAP port, then click Modify MAP. The Modify MAP wizard appears. 2 Select the MAP model from the MAP Model list: AP2750 —...
  • Page 279 WX switch on MAP port 1, it boots from that WX switch regardless of the bias settings. 7 In the Enable Blink list, select Yes to enable LED blink mode or No to disable it. Blink mode enables you to visually identify a MAP. When blink mode is enabled on an AP2750, the 11a LED blinks on and off.

  • Page 280: To Modify Radio Settings

    To modify radio settings, use the following procedure. settings 1 On the MAP page of the Wireless page of the WX Switch wizard, select a MAP port, then click Modify MAP. The Modify MAP wizard appears. 2 Click Next. A radio page such as the following appears.
  • Page 281 3WXM assumes that the external antenna will be installed so that the front faces in the direction of coverage (not up or down), and so that the antenna cable connector faces down or up and not to the side. 3WXM also assumes that the antenna does not provide any coverage behind itself.
  • Page 282 The valid values depend on the radio type. All values are in Mbps. For 802.11g radios — 54, 48, 36, 24, 18, 12, 11, 9, 6, 5.5, 2, or 1 For 802.11b radios — 11, 5.5, 2, or 1 For 802.11a radios —...

  • Page 283: To Modify A Map Connection

    For MAP models that have two Ethernet ports, you also can add or change the second WX connection for redundancy. 1 On the MAP page of the Wireless page of the WX Switch wizard, select a MAP port, then click Modify MAP. The Modify MAP wizard appears.

  • Page 284: Configuring Distributed Map Access Points

    To change the connection bias, select the new value form the Bias listbox. d To add the MAP to a MAP group for session load balancing, type the group name in the Load Balance Group box. 4 Click Finish to close the dialog.

  • Page 285: To Configure A Distributed Map

    Configuring Distributed MAP Access Points Table 20 lists how many MAPs you can configure on a WX switch, and how many MAPs a switch can boot. The numbers are for directly connected and Distributed MAPs combined. Maximum MAPs Supported Per Switch...
  • Page 286 6: C HAPTER ONFIGURING IRELESS ARAMETERS 4 Click New Distributed MAP. The Create Distributed MAP wizard appears.
  • Page 287 MP-52 — Dual-radio models. MP-122 — Dual-radio model. MP-101 — Single-radio model. 7 To select the radio type for a single-radio model, click the MAP Radio Type box and select the radio type from the list: 11a — 802.11a 11b — 802.11b only...
  • Page 288 WX switch on MAP port 1, it boots from that WX switch regardless of the bias settings. 11 In the Enable Blink list, select Yes to enable LED blink mode or No to disable it. When blink mode is enabled, the health and radio LEDs alternately blink green and amber, allowing you to visually identify a MAP.

  • Page 289: Disabling Or Reenabling Active Rf Scanning

    2 Select Wireless at the top of the wizard, if not already selected. 3 Select RF Active Scan from the organizer list on the left side of the page. 4 To disable active scanning for rogues, click on the checkbox to deselect the feature.
  • Page 290 6: C HAPTER ONFIGURING IRELESS ARAMETERS...

  • Page 291: Configuring Authentication Authorization And Accounting Parameters

    Distributed MAPs, or wired authentication ports Security access control lists (ACEs) for filtering traffic 802.1X Settings Overview To set AAA parameters, you can use the AAA page of the WX Switch wizard. Figure 12 shows an example of this wizard page.

  • Page 292: Connecting To Radius Servers And Server Groups

    A RADIUS server stores user profiles, which include usernames, passwords, and other user attributes. After you have defined RADIUS servers, you define RADIUS server groups (named sets of RADIUS servers). You must create at least one server group.

  • Page 293: Defining Radius Default Values

    Connecting to RADIUS Servers and Server Groups RADIUS server groups can authenticate administrators and network users. You can specify up to four RADIUS server groups for AAA services in a 3Com Mobility System. Although you can use the local database on the WX switch to authenticate users, 3Com recommends using RADIUS to accommodate the large number of users in an enterprise network.
  • Page 294 UTHORIZATION CCOUNTING ARAMETERS 4 In the Timeout box, specify how long WX switch must wait (1 to 65,535 seconds) for a RADIUS server to respond before retransmitting. The default is 5 seconds. 5 In the Retry Count box, specify the number of transmission attempts (1 to 100) for a RADIUS request.

  • Page 295: Defining Radius Servers

    Connecting to RADIUS Servers and Server Groups 7 In the Key box, type the password (also known as a shared secret key) used to authenticate to the RADIUS server. You must provide the same password that is defined on the RADIUS server.
  • Page 296 7: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 4 Click New RADIUS Server. The Create RADIUS Server wizard appears.
  • Page 297 Connecting to RADIUS Servers and Server Groups 5 In the Name box, type the name of an existing RADIUS server (1 to 32 alphanumeric characters, with no spaces or tabs). Do not use the same name for a RADIUS server and a RADIUS server group.

  • Page 298: Defining Radius Server Groups

    You must create at least one server group, even if you are using only one RADIUS server. You can specify the order in which servers are used for authentication. You can also specify load balancing, which uses all servers in a group using a round-robin algorithm.
  • Page 299 Connecting to RADIUS Servers and Server Groups 4 Click New RADIUS Server Group. The Create RADIUS Server Group wizard appears.
  • Page 300 UTHORIZATION CCOUNTING ARAMETERS 5 In the Name box, type the name of the RADIUS server group (1 to 32 alphanumeric characters, with no spaces or tabs). Do not use the same name for a RADIUS server and a server group.

  • Page 301: Creating And Managing Users In The Local User Database

    If load balancing is not enabled, the WX always uses the first server in the list. Only if the server does not respond is the next server in the list used. If load balancing is enabled, the first AAA request goes to the first RADIUS server in the list.

  • Page 302: Creating Named Users

    1 Access the WX Switch wizard for the switch. (See “Accessing the Modify Switch Wizard” on page 185.) 2 Select AAA at the top of the wizard, if not already selected. 3 Select User from the organizer list on the left side of the page, if not already selected.
  • Page 303 Creating and Managing Users in the Local User Database 4 Click New and select New User. The Create User wizard appears.
  • Page 304 9 In the User Group list, select a user group to assign the user to, if the group is already configured. You do not need to assign a user to a user group. If you do select a user group, you only need to specify a password for the user. All other...

  • Page 305: Creating Named User Groups

    1 Access the WX Switch wizard for the WX switch. (See “Accessing the Modify Switch Wizard” on page 185.) 2 Select AAA at the top of the wizard, if not already selected. 3 Select User Group from the organizer list on the left side of the page, if not already selected.
  • Page 306 7: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS 4 Click New and select New User Group. The Create User Group wizard appears.

  • Page 307: Creating Mac Address Users

    Creating and Managing Users in the Local User Database 5 In the User Group Name box, type a name for the user group (1 to 60 alphanumeric characters, with no spaces or tabs). 6 In the VLAN Name box, type the VLAN that the user group belongs to (1 to 16 alphanumeric characters, with no spaces or tabs).
  • Page 308 Modify Switch Wizard” on page 185.) 2 Select AAA at the top of the wizard, if not already selected. 3 Select User from the organizer list on the left side of the page, if not already selected. 4 Click New and select New MAC Address User. The Create MAC Address User wizard appears.

  • Page 309: Creating Mac Address User Groups

    Modify Switch Wizard” on page 185.) 2 Select AAA at the top of the wizard, if not already selected. 3 Select User Group from the organizer list on the left side of the page, if not already selected. 4 Click New and select New MAC User Group. The Create MAC User...

  • Page 310: Configuring User Authorization Attributes

    To select multiple contiguous users, click Shift while selecting. To select multiple noncontiguous users, click Ctrl while selecting. 9 Repeat step 7 and step 8 for each user you want included in this group. 10 Do one of the following: To configure user attributes, see “Configuring User Authorization...
  • Page 311 Creating and Managing Users in the Local User Database To configure user authorization attributes 1 Click User Attributes at the top of the wizard you are using to create or modify attributes a user or user group. The wizard should be one of the...
  • Page 312 7: C HAPTER ONFIGURING UTHENTICATION UTHORIZATION CCOUNTING ARAMETERS Table 22 lists the user attributes and their value ranges. You can specify these attributes in lowercase when using the CLI. Table 22 Authentication Attributes for Local Users Attribute Description Valid Value(s) encryption-type...
  • Page 313 ACLs must already be configured on the WX switch. (For more information, see “Mapping User-Based ACLs” on page 360.) idle-timeout This option is not implemented in the current MSS version. mobility-profile Mobility Profile Name of an existing Mobility Profile, attribute for the user.
  • Page 314 136.2 years). mode only) ssid SSID the user is Name of the SSID you want the user to allowed to access after use. The SSID must be configured in a (network access authentication. service profile, and the service profile...
  • Page 315 Creating and Managing Users in the Local User Database Table 22 Authentication Attributes for Local Users (continued) Attribute Description Valid Value(s) time-of-day Day(s) and time(s) One of the following: during which the user (network access never—Access is always denied. is permitted to log into mode only) the network.

  • Page 316: Configuring And Managing Access Rules For Administrative Users

    Administrative Administrative access Users Users with this access rule connect to the WX switch using Telnet or Secure Shell (SSH). By default, if no authentication has been set for administrative users, the local WX user database authenticates all incoming Telnet or SSH sessions.

  • Page 317: Using User Globs And Mac Address Globs

    (AAA) command to a single user or a set of users. A user glob can be up to 80 characters long and cannot contain spaces or tabs. A single asterisk (*) wildcard character matches any characters up to, but not including, a separator character in the user glob.

  • Page 318: Creating Administrator And Console Access Rules

    (OUI). VLAN Globs A VLAN glob is a method for matching one of a set of local rules on a WX switch, known as the location policy, to one or more users. MSS compares the VLAN glob, which can optionally contain wildcard characters, against the VLAN-Name attribute returned by AAA to determine whether to apply the rule.
  • Page 319 Configuring and Managing Access Rules for Administrative Users 3 Select Admin Access from the organizer list on the left side of the page, if not already selected. 4 Click New Admin Access. The Create Admin Access wizard appears.
  • Page 320 UTHORIZATION CCOUNTING ARAMETERS 5 In the User Glob box, type a full or partial username to be matched during authentication. A user glob can have 1 to 80 alphanumeric characters, with no spaces or tabs. You can use asterisks as wildcards. The user glob it_* specifies all users with it_ in their usernames (for example, it_tamara).
  • Page 321 If you specify LOCAL as the first method and a user is not in the local user database on the WX, authentication and authorization are attempted with a RADIUS server group if one is defined in the method list.
  • Page 322 UTHORIZATION CCOUNTING ARAMETERS To add a server group, click Create and go to “To define a RADIUS server group” on page 298. After you create the server group, click Choose Available and then select the server group from the list.

  • Page 323: Managing Administrator And Console Access Rules

    To move a rule up or down the list, select the rule, then select Move Up or Move Down. (For more information, see “Changing the Order of Access Rules”...

  • Page 324: Authentication

    For access on a wired authentication port, the authentication rule must match the user’s username or MAC address. If a matching rule is found, MSS then checks RADIUS servers or the WX switch’s local user database for credentials that match those presented by the user.
  • Page 325 (and SSID, if wireless access is requested), and that uses the Extensible Authentication Protocol (EAP) requested by the NIC. If a matching rule is found, MSS uses the requested EAP to check the RADIUS server group or local database for the username and password entered by the user.
  • Page 326 CCOUNTING ARAMETERS Authentication Algorithm MSS can try more than one of the authentication types described in “Authentication Types” to authenticate a user. MSS tries 802.1X first. If the user’s NIC supports 802.1X but fails authentication, MSS denies access. Otherwise, MSS tries MAC authentication next. If MAC authentication is successful, MSS grants access to the user.
  • Page 327 Configuring and Managing Access Rules for Network Users Figure 13 Authentication Flowchart for Network Users Client associates with MAP radio or requests access from wired authentication port Client Client requests Authent. 802.1X rule that Allow responds encrypted SSID? succeeds? matches SSID? Client to 802.1X?
  • Page 328 SSID Name “Any” In authentication rules for wireless access, you can specify the name any for the SSID. This value is a wildcard that matches on any SSID string requested by the user. For 802.1X and Web AAA rules that match on SSID any, MSS checks the RADIUS servers or local database for the username (and password, if applicable) entered by the user.

  • Page 329: Authorization

    Configuring and Managing Access Rules for Network Users User Credential Requirements The user credentials that MSS checks for on RADIUS servers or in the local database differ depending on the type of authentication rule that matches on the SSID or wired access requested by the user.
  • Page 330 ARAMETERS during which the user can access the network, you can apply inbound and outbound access control lists (ACLs) to the user’s traffic, and so on. To assign attributes on the RADIUS server, use the standard RADIUS attributes supported on the server. To assign attributes in the WX switch’s local database, use the MSS vendor-specific attributes (VSAs).

  • Page 331: Accounting

    From the AAA page of the WX Switch wizard, select Network Access. From the Create SSID wizard, click Network Access. 2 Click New, and select an authentication type from the list, to configure an authentication rule for accessing the SSID.
  • Page 332 ARAMETERS Web Network Access — If the client name matches the userglob, the WX switch serves a web page to the client so the client can log in. If the username and password entered by the client match a username and password in the WX switch’s local database or on a RADIUS...
  • Page 333 Configuring and Managing Access Rules for Network Users 3 Type the userglob or MAC address glob that is allowed to access the SSID. For a user glob — Type a full or partial username to be matched during authentication (1 to 80 alphanumeric characters, with no spaces or tabs).
  • Page 334 Web AAA. To change the fallthru authentication method, see “Configuring a Service Profile” on page 257.) 4 Optionally, edit the name in the SSID box to match the SSID name. CAUTION: The default SSID name any matches on all SSID names. If the...
  • Page 335 Configuring and Managing Access Rules for Network Users 4 Click Authentication at the top of the wizard to display the following page. (The page contents are the same for MAC, last-resort, and Web AAA.)
  • Page 336 Authentication. When this option is enabled, the user can be successfully authenticated only if the machine the user is logging on from has already been authenticated and is therefore a known and trusted device. 7 For 802.1X authentication only, select one of the following as the EAP type: EAP-MD5 —...
  • Page 337 If you specify LOCAL as the first method and a user is not in the local user database on the WX, authentication and authorization are attempted with a RADIUS server group if one is defined in the method list.

  • Page 338: Configuring Accounting

    Configuring To configure accounting settings, follow these steps. Accounting 1 Click Accounting at the top of the wizard to display the following page. (The page contents are the same for 802.1X, MAC, last-resort, and Web AAA.) 2 To enable this accounting rule for the SSID, select Enabled. By default, a rule you configure in 3WXM is disabled, which means 3WXM does not add the rule to a WX switch’s configuration.

  • Page 339: Changing The Order Of Access Rules

    3 To change the position of the rule, click Move Up or Move Down until the rule is in the position you want. 4 To move other rules, repeat step 2 and step 3 until all rules are in the order you want.

  • Page 340: Creating Location Policy Rules

    Modify Location Policy wizard. The order of rules in a location policy is critical because a rule higher in the list is checked prior to rules lower in the list. If the criteria for a rule are matched, the WX stops comparing user attributes against the remaining location policy rules in the list.
  • Page 341 Configuring Location Policies 3 Select Location Policy Rule from the organizer list on the left side of the page, if not already selected. 4 Click New Location Policy Rule. The Create Location Policy Rule wizard appears.
  • Page 342 Not Equal — Apply the location policy to all usernames not matching a specified user glob. In the User Glob box, type the user glob for the users to which the location policy does not apply.
  • Page 343 1 to 32 alphanumeric characters, with no spaces or tabs. 11 In the In ACL Name box, type the name of the input ACL that applies if the location policy rules are matched. The ACL name can be 1 to 32...

  • Page 344: Configuring Mobility Profiles

    ACL name restrictions, see “Setting Up ACL Basic Properties” on page 348.) 12 In the Out ACL Name box, type the name of the output ACL that applies if the location policy rules are matched. The name can be 1 to 32 alphanumeric characters, with no spaces or tabs.
  • Page 345 Configuring Mobility Profiles 4 Click New Mobility Profile. The Create Mobility Profile wizard appears.
  • Page 346 None — Include no ports. Go to step 11. 7 Click Choose Available and select a port. Repeat for each port. 8 In the Distributed MAPs list, specify the Distributed MAPs to include in the Mobility Profile: All — Include all Distributed MAPs. Go to step 11.

  • Page 347: Using Access Control Lists For Security

    When a packet matches the filter, the action is applied to the packet. If there are no ACE matches in the ACL, an ACL contains an implicit rule that denies all access. If there is not at least one ACE that permits access in an ACL, no traffic will be allowed.
  • Page 348 Modify Switch Wizard” on page 185.) 2 Select AAA at the top of the wizard, if not already selected. 3 Select Mobility Profile from the organizer list on the left side of the page, if not already selected. 4 Click New ACL. The Create ACL wizard appears.
  • Page 349 Using Access Control Lists for Security 5 In the ACL Name box, type the name for the ACL (1 to 32 alphanumeric characters, with no spaces or tabs). The name can include hyphens (-), underscores (_), or periods (.). ACL names are case-sensitive and must begin with a letter.
  • Page 350 “Creating a Layer 4 Protocol ACE” on page 357. Creating an IP ACE 1 In the ACL Setup page of the Create ACL wizard, click New. A list of ACE types appears. 2 Select New IP ACE. The Create IP ACE dialog box appears.
  • Page 351 Use 6 or 7 only for SpectraLink VoIP phones. For other VoIP phones, use 4 or 5. By default, the CoS level is -1, which indicates that class of service is not specified. 5 To enable counting of packets filtered by an ACL, select Enable Hit Count.
  • Page 352 10 To close the Create IP ACE dialog box and save the changes, click Finish. Creating a TCP or UDP ACE To create a TCP or UDP ACE: 1 In the ACL Setup page of the Create ACL wizard, click New. A list of ACEs appears. 2 Select the ACE you want to create.
  • Page 353 Using Access Control Lists for Security To create a TCP ACE, click New TCP ACE. The Create TCP ACE dialog box appears. To create a UDP ACE, click New UDP ACE. The Create UDP ACE dialog box appears.
  • Page 354 The steps are the same as the steps when configuring an IP ACE. See step 6 on page 351 through step 9 on page 352. 8 In the Operator list of the Create TCP ACE or Create UDP ACE dialog box, select one of the following: None —...
  • Page 355 13 Click Finish. Creating an ICMP ACE To create an ICMP ACE: 1 In the ACL Setup page of the Create ACL wizard, click New. A list of ACEs appears. 2 Select New ICMP ACE. The Create ICMP ACE dialog box appears.
  • Page 356 5 In the Type box, specify the ICMP type used to filter ICMP packets. The value range for ICMP types is -1 to 255. The default value is -1, which indicates that all ICMP packets are subject to the ACE regardless of ICMP type.
  • Page 357 Creating a Layer 4 Protocol ACE To create a Layer 4 Protocol ACE: 1 In the ACL Setup page of the Create ACL wizard, click New. A list of ACEs appears. 2 Select New L4 Protocol ACE. The Create L4 Protocol ACE dialog box appears.

  • Page 358: Adding Aces To An Acl

    8 Click Finish. Adding ACEs to an The order in which ACEs are listed in an ACL is critical. An ACE that is higher in the list is executed prior to ACEs lower in the list. When you create an ACL, the ACEs are listed in the order in which you created...

  • Page 359: Mapping Acls

    To add ACEs to an ACL and organize them 1 In the ACL Setup page, select an ACE from the list of ACEs. 2 If you have not already typed the ACL name in the ACL Name box, do so now.
  • Page 360 ARAMETERS Mapping User-Based ACLs When you map a user-based ACL, you can use any defined ACL, even if that ACL is also mapped to a port, VLAN, or virtual port. You can set a Filter-Id authorization attribute at the RADIUS server or at the WX switch’s local database.
  • Page 361 To map an ACL to a VLAN, see “Mapping an ACL to a VLAN” on page 363. To map an ACL to a port or port group, see “Mapping an ACL to a Port” on page 364. To map an ACL to a virtual port or port group in a VLAN, see...
  • Page 362 2 Select New ACL Distributed MAP Map. The Create ACL Distributed MAP Map dialog box appears. 3 In the Direction list, select In to filter incoming packets or Out to filter outgoing packets. 4 In the DAP list, select the Distributed MAP from the list.
  • Page 363 3 In the Direction list, select In to filter incoming packets or Out to filter outgoing packets. 4 In the Type list, select ID to identify the VLAN by number or Name to identify it by name. 5 If you selected Name in step 4, go to step 6. Otherwise, specify a VLAN number in the ID box and go to step 7.
  • Page 364 3 In the Direction list, select In to filter incoming packets or Out to filter outgoing packets. 4 In the Port list, select the port or port group to which you want to map the ACL. You cannot map an ACL to a MAP port or a wired authentication port.
  • Page 365 4 In the Tag Value box, specify the 802.1Q tag value that identifies a virtual port in a VLAN. The tag value can be a number from 1 to 4095. The default value is 1. Make sure that you do not specify duplicate mappings that specify the same port and tag value.

  • Page 366: Configuring 802.1X Parameters

    WX switch. To configure 802.X authentication: 1 In the Mobility Domains panel in the main 3WXM window, navigate to the domain policy or WX you want to configure. 2 Expand the domain policy or WX switch to see the configuration options.
  • Page 367 To support SSIDs that have both 802.1X and static WEP clients, MSS sends a maximum of two ID requests, even if this parameter is set to a higher value. Setting the parameter to a higher value does affect all other types of EAP messages.
  • Page 368 18 To specify the number of seconds MSS retains session information for Bonded Auth™ (bonded authentication) purposes when a user attempts to log on to the network, specify the value, from 1 to 300 seconds, in the Bonded Period box. The default is 0 seconds.

  • Page 369: Managing Wx System Files

    Managing WX 3WXM provides many options for managing WX system image files and System Files configuration files. Table 25 lists the options and the sections in this chapter where the options are described. Table 25 WX File Management Options in 3WXM...

  • Page 370: Uploading A Wx Switch Configuration Into 3Wxm

    (See “Distributing Image and Configuration Files” on page 393.) Uploading a WX If you have already installed and configured a WX, you can upload its Switch configuration into 3WXM. You must first set the country code using the Configuration into set system countrycode command in the CLI.
  • Page 371 For example, if you upload a configuration for a WX running MSS Version 3.0, only Version 3.0 features are available for that WX switch in 3WXM. To use a later MSS version, you must upgrade the MSS system image before uploading the WX configuration to 3WXM.
  • Page 372 For more information, see “Verifying Configuration Information” on page 373. 6 Click Finish. If the upload is successful, you see the WX in the Mobility Domain. If the upload is not successful, check the following:...

  • Page 373: Verifying Configuration Information

    If the connection time takes more than 30 seconds, adjust the Connect Timeout value. (See “Changing Network Synchronization Options” on page 502.) Verifying 3WXM uses a set of rules to verify WX switch configurations. Changes to Configuration a WX switch’s configuration in 3WXM or in the live network are Information automatically evaluated by comparing the changes to the rules.

  • Page 374: Toolbar Options

    The errors and warnings can be for WX switch configuration items and for the monitoring service. On each tab, the Message column lists error descriptions in red and lists warning descriptions in orange: Errors are serious problems that must be addressed before deployment.

  • Page 375: Resolving An Error Or Warning

    3 If an Edit option is listed in the Resolution section, click on the option to display the configuration wizard for the item. 4 Edit the configuration item or resolve the network issue and save the change.

  • Page 376: Changing Verification Options

    Rules that are disabled for all instances are disabled on a per-user basis, not a per-plan basis. When you disable all instances of a rule, the rule is disabled for any network plan that you open while you are logged on with the 3WXM client user name you were logged on with when you disabled the rule.
  • Page 377 Verify on edits — 3WXM performs verification whenever you edit a WX switch’s configuration. Verify on deploy and export — 3WXM performs verification when you select the option to deploy WX switches from 3WXM to the live network. Allow errors to be deployed and exported — 3WXM allows you to deploy or export a WX switch’s configuration even if it contains...

  • Page 378: Disabling And Reenabling Rules

    2 Click Rules Control. The list of 3WXM verification rules appears. 3 Locate the rule you want to disable. You can click on the Class or Rule headers to sort alphabetically by rule class or by rule name. You also can...
  • Page 379 Click Filter By Class. The rule list changes to list the rules in the selected class. b Select a rule class from the listbox. The list of rules changes to list the rules in the selected class. In this example, the selected rule class is 802.1X Network Access.
  • Page 380 ANAGING YSTEM MAGES AND ONFIGURATIONS 5 In the Rule column, click on the rule name. The disable settings are displayed and become editable. If the rule is disabled for all instances, the Disable All Instances option is selected. If individual instances of the rule are disabled, the Disable Selected Instances option is selected and the instances are listed.
  • Page 381 Verifying Configuration Information 6 Reenable the rule or instances: To reenable a rule all of whose instances are disabled, click on the checkbox in the Enabled column. The Disable All Instances option is deselected. To reenable an individual instance of a rule, click on the checkbox next to the instance.
  • Page 382 8: M WX S HAPTER ANAGING YSTEM MAGES AND ONFIGURATIONS 9 To leave all instances disabled, go to step 10. To disable only specific instances: a Select Disable Selected Instances. The individual instances of the rule are listed.

  • Page 383: Synchronizing Local And Network Changes

    Synchronizing Local and Network Changes b Click next to the instances you want to disable, then go to step 10. 10 Click Close. Synchronizing Local Whenever configuration changes occur to a WX switch, 3WXM alerts you and Network that changes have occurred. If configuration changes occur on a WX...

  • Page 384: Change Management Options

    A row of information is displayed for each WX switch. The Local Status and Network Status columns indicate where changes have occurred. If you make a configuration change on a WX switch in the network, then reverse that change, 3WXM still alerts you that changes have occurred.

  • Page 385: Toolbar Options

    WX switch. Undo — Remove the changes from the WX switch in the network. When you are deploying changes to a WX, all of the changes are sent as a single transaction. If any parameter is unsuccessfully changed, the entire transaction is rolled back.

  • Page 386: Managing Wx Switch Configuration Changes

    Review for local changes or network changes. d Click on a WX switch listed on the left side of the dialog box to display the configuration changes. The CLI commands for the changes are shown.
  • Page 387 To deploy local changes 1 Select one or more WX switches. To select multiple switches, press Shift (for contiguous switches) or Control (for noncontiguous switches) while clicking. 2 In the Local Changes group box, click Deploy. The Deploy Configurations dialog box appears.
  • Page 388 Ctrl while clicking to select noncontiguous items. 4 To save to the configuration file on the WX, make sure that Save WX Configuration is selected. By default, this option is selected. If you deselect this option, 3WXM sends the configuration changes to the WX switch but the changes are not saved in the WX switch’s configuration file and are therefore not...

  • Page 389: Synchronizing When The Network And 3Wxm Have Nonmatching

    To synchronize the changes, do one of the following: Review and either deploy (local changes) or accept (network changes) the changes, then review and either deploy or accept the other set of changes. Reject one set of changes (local or network) and accept or deploy the other set of changes.

  • Page 390: Deploying Wx Switches From A Network Plan To The Network

    4 To specify how often network checks occur, specify the interval between checks, from 1 to 1440 minutes (24 hours), in the Interval box. The default is 15 minutes. 5 To be notified of network changes by a popup message, select Prompt when network changes are detected.

  • Page 391: To Deploy Network Plan Changes To The Network

    Deploying WX switches from a Network Plan to the Network This dialog box is also accessible from the Managed Devices tab, and is displayed when you click Deploy on that tab. To deploy network To deploy network plan changes to the network, use the following plan changes to the procedure.

  • Page 392: To Deploy Wx Switches From A Network Plan To The Network

    To select more than one WX, click Shift while clicking to select contiguous items, or click Ctrl while clicking to select noncontiguous items. 2 To save to the configuration file on the WX, make sure that Save WX Configuration is selected.

  • Page 393: Distributing Image And Configuration Files

    The deployment status for each affected WX is shown on the History tab at the bottom of the dialog box. If errors occur, click Selected Errors to view the errors. If there are errors, fix them and verify the changes before trying to deploy again. (You can use the Verification tab to fix the errors.

  • Page 394: Distributing System Images

    6 To close the Image Repository dialog box, click Close. To delete a system image 1 In the Image Repository dialog box, select the image you want to delete. 2 Click Remove Image. A prompt appears. 3 Click Yes to delete the system image.
  • Page 395 7 To distribute a configuration file, select Distribute Config. If you do not want to distribute a configuration file, uncheck Distribute Config. 8 To reboot the selected WX switch(es), select Reboot. If you do not want to reboot WX switches, uncheck Reboot.

  • Page 396: Importing And Exporting Wx Switch Configuration Files

    Distributing WX Configuration Files You can distribute a complete WX configuration defined in a network plan as a file and download it to one or more WX switches at one time. Using this feature replaces the current configuration file on the WX. You must reboot the WX for the configuration file to take effect.

  • Page 397: To Import A Configuration

    1 In the main 3WXM window, select File > Import. The Import Configurations dialog box appears. 2 In the Import Into Mobility Domain group box, select one of the following options: Click Use File Info to import the configuration information using the Mobility Domain specified in the configuration files.
  • Page 398 Shift (for contiguous items) or Control (for noncontiguous items) while clicking items. 6 Click Select Files To Import. The file or files you selected appear in the File Import Results list. To remove all the files you previously selected, click Clear Files.

  • Page 399: To Export A Configuration

    2 In the Export From list, select the Mobility Domain whose configuration you want to export. 3 If you want to export the configuration file to a different directory, click the Choose button, which is labeled with the current output directory.

  • Page 400: Working With Domain Policies

    In addition to applying configuration changes from a domain policy to WX switches, you can apply configuration changes made on a WX to a domain policy. This allows you to use a WX as a starting point when creating a domain policy.
  • Page 401 1 In the main 3WXM window, select Changes > Policy Manager. The Policy Manager dialog box appears. 2 Make sure that the arrow at the top of the dialog box is pointing from Policy to Wireless Switch. If not, click the arrow to reverse its direction.

  • Page 402: Applying Wx Configuration Changes To Domain Policies

    1 In the main 3WXM window, select Changes > Policy Manager. The Policy Manager dialog box appears. 2 Click the arrow at the top of the dialog box so that it is pointing from Wireless Switch to Policy. 3 In the Select Device list, select the WX whose configuration you want to apply to a domain policy.

  • Page 403: Rebooting Wx Switches Or Map Access Points

    5. 7 Click Close to close the Policy Manager dialog box. If you later make configuration changes to a domain policy, you can apply the changes to one or more WX switches, as described in “Applying Domain Policy Changes to WX Switches” on page 400.
  • Page 404 A list of the managed WX switches in the Mobility Domain appears. 3 Do one of the following: To reboot a WX, select it from the list on the Wireless Switch tab. To reboot a MAP, click Managed Access Point, and select the MAP(s) you want to reboot.

  • Page 405: Managing Certificates

    WX switch, the administrative certificate is used to authenticate the service or WX switch and establish a secure connection. For more information about certificates on the WX, see the Wireless LAN Switch and Controller Configuration Guide. Processing...
  • Page 406 1 If you do not want to see the Certificate Check dialog box each time 3WXM connects to a WX switch, select one of the following options: Always accept self-signed certificates.

  • Page 407: Managing Certificates

    2 Do one of the following: Click Accept to allow the connection to the WX switch. If you did not select either of the options in step 1, when you click Accept, a secure connection with these certificate credentials is allowed for this session until you close the network plan.

  • Page 408: Distributing Pkcs #12 Files

    Certificate Files dialog box appears. 2 In the Mobility Domain Selection list, select a Mobility Domain. 3 Select the WX or WX switches you want to distribute the PKCS #12 file 4 To select a file to distribute, click Select PKCS12 File.
  • Page 409 Distributing PKCS #12 Files 6 In the Certificate Type list, select one of the following: EAP — To install an 802.1X/EAP certificate Web — To install a Web AAA certificate Admin — To install an administrative certificate 7 Click Start Download. Download progress appears in the Status column.
  • Page 410 9: M HAPTER ANAGING ERTIFICATES...

  • Page 411: Monitoring The Network

    Overview The 3WXM monitoring service regularly checks the status of the network and reports that status to each 3WXM client that is connected to the service. Optionally, the service also receives SNMP traps generated by the WX switches and shows information based on those traps.

  • Page 412: Monitoring Service Requirements

    For the Client Status window, the Client Monitor options must be enabled. For the RF Trends and RF Status windows, the RF Monitor options must be enabled. (To configure the monitoring service, see “Selecting WX Switches to Monitor” on page 545 and “Changing Monitoring Settings” on page 552.

  • Page 413: Using The Explore Window

    You can distinguish between the two Monitor tabs by looking at the tab titles. The title shown in bold text is the tab that changes when you select a different object. The other tab’s title is not bold, and that tab remains focused on the same object until you close the tab, regardless of the objects you select in the Organizer panel.

  • Page 414: Toolbar Options

    Red — Down Blue — Unknown Toolbar Options The Explore window has a toolbar in each view. Table 28 lists the options on the toolbar in the link view. Table 28 Toolbar Options in Link View of Explore Window Icon Description Show the zoom navigator panel.
  • Page 415 SNR by data rate Load by data rate SNR by RSSI bands Load by RSSI bands Note — To display coverage, click on the icon for the technology (802.11a, 802.11b, or 802.11g). Define the drawing scale. Change the grid size.

  • Page 416: Threshold Flags

    ONITORING THE ETWORK Threshold Flags A red flag next to an object in the link view of the Explore window indicates that a threshold for the object has been exceeded. The thresholds are defined by the monitoring service. (See “Changing Monitoring Service Preferences”...

  • Page 417: Displaying Object Details

    Using the Explore Window When a red flag appears in the Explore window, the column for the statistic whose threshold was exceeded also turns red in the RF Trends window. Displaying Object To drill down for more detailed information for an object in the Explore Details window, double-click on the object.
  • Page 418 If the coverage area for a radio is displayed as a sphere, then the floor plan does not have any RF obstacles around the radio. (To add RF obstacles to a floor plan, see “Specifying the RF Characteristics of a Floor”...

  • Page 419: Taking Rf Measurements

    Taking RF In the floor view, you can take an RF measurement at any point on the Measurements floor plan. An RF measurement point indicates the RSSI value for each 3Com radio on the floor.

  • Page 420: Using The Status Summary Window

    Client Sessions — lists bandwidth, signal-to-noise-ratio (SNR), and received signal strength indicator (RSSI) information for client sessions Client Watch List — lists the clients 3WXM is tracking. You can set up a watch list of clients you want 3WXM to track. 3WXM collects...

  • Page 421: Toolbar Options

    1000 traps, then begins discarding the oldest traps to make way for new traps. If data does not appear in the window, check the bottom of the window for a message. If the message Error: The requested service is not enabled is displayed, you need to enable the Client Monitor options on the monitoring service.

  • Page 422: Refreshing Client Data

    Activity Information network. The data fields in the display depend on the scope: If a Mobility Domain is selected, a row of data is displayed for each WX switch in the Mobility Domain. If a WX switch, MAP access point, or radio is selected, SNMP traps reported to the monitoring service for that device are displayed.
  • Page 423 Column Description Scope Scope of the data displayed in the row. The scope for each row in the Client Activity tab is always a WX switch. The down arrow in front of the WX switch name indicates that you can double-click on the arrow to change the...
  • Page 424 Client Monitor window’s Client Activity tab displays a row of information for each client activity trap generated by the selected device. Table 34 lists the data displayed on the Client Activity tab when the scope is a WX switch, MAP access point, or individual radio.
  • Page 425 Using the Client Monitor Window Table 34 Client Activity Columns When Scope Is a WX Switch, MAP, or Radio Column Description Event Type Type of SNMP trap: Association Failure — ClientAssociationFailure trap Authentication Failure — ClientAuthenticationFailure trap Authorization Failure — ClientAuthorizationFailure trap Authorization Successful —...
  • Page 426 Client Location Mobility Domain, WX switch, MAP access point, and radio that was dealing with the client. SSID SSID the client was requesting. Failure Cause Cause of the failure. Description Table 36 Activity Details for Authentication Failure...
  • Page 427 Auth Server IP System IP address of the WX switch that was attempting to authenticate the client. Note — The system IP address is listed even if the switch was using a RADIUS server to authenticate the client. SSID SSID the client was requesting.
  • Page 428 Auth Server IP System IP address of the WX switch that was attempting to authenticate the client. Note — The system IP address is listed even if the switch was using a RADIUS server to authenticate the client. SSID SSID the client was requesting.
  • Page 429 Auth Server IP System IP address of the WX switch that was attempting to authenticate the client. Note — The system IP address is listed even if the switch was using a RADIUS server to authenticate the client. SSID SSID the client was requesting.
  • Page 430 Auth Server IP System IP address of the WX switch that was attempting to authenticate the client. Note — The system IP address is listed even if the switch was using a RADIUS server to authenticate the client. SSID SSID the client was associated with.
  • Page 431 MAC Address MAC address of the client. SSID SSID the client was requesting. RSSI Strength of the signal received by the radio from the client. Dot1x Failure Cause Cause of the failure. Table 41 Activity Details for Roam Column...

  • Page 432: Displaying Client Session Information

    Session Information display depend on the scope: If a Mobility Domain is selected, a row of data is displayed for each WX switch in the Mobility Domain. If a WX switch, MAP access point, or radio is selected, client sessions for that device are displayed.
  • Page 433 Data Displayed When the Scope is a Switch, MAP, or Radio When a WX switch, MAP access point, or individual radio is selected in the organizer panel, the Client Monitor window’s Client Sessions tab displays a row of information for each client session.
  • Page 434 10: M HAPTER ONITORING THE ETWORK Table 43 Client Sessions Columns When Scope Is a WX Switch, MAP, or Radio Column Description Username Username the client used to log on to the network. The username is shown in one of the following formats:...
  • Page 435 Using the Client Monitor Window Displaying Session Properties On the Client Sessions tab, select the Session Properties tab at the bottom of the window. Table 44 lists the information displayed on the tab. Table 44 Session Properties Columns Column Description Username Username the client used to log on to the network.
  • Page 436 Roaming_away — User is roaming (a connection in the new location is established). Updated_to_roam — User is roaming. Session statistics have been collected and will be transmitted to the new location. Web_authing — User is being authenticated by Web AAA.
  • Page 437 Displaying Session Statistics On the Client Sessions tab, select the Session Statistics tab at the bottom of the window. On the Session Statistics tab, you can select statistics for the MAP the client is associated with, or total statistics for the client’s entire roaming history.
  • Page 438 Number of unicast packets transmitted by the radio to the client during this session. Transmit Timeouts Number of times a packet transmitted by the radio to a client remained unacknowledged long enough for the transmission attempt to time out. Unicast Bytes In Number of unicast bytes received by the radio from the client during this session.
  • Page 439 Each row represents a session with a 3Com radio. When a client roams from one radio to another, the session on the radio the client is leaving is closed and a new session is opened on the radio to which the client is roaming.

  • Page 440: Managing The Client Watch List

    ONITORING THE ETWORK Managing the Client You can add clients to a watch list. The watch list allows you to monitor Watch List client roaming history and network performance. 3WXM monitors the clients on the watch list by MAC address.
  • Page 441 Using the Client Monitor Window Using the Find Client dialog box to find a user You can use 3WXM to find users (network clients) on the network. You can search for individual users based on specific criteria, or you can find all users in a Mobility Domain.
  • Page 442 Wildcards are not supported in search criteria. For example, the user natasha cannot be found if you specify nat* in the Username box. 4 In the Mobility Domain list, select the Mobility Domain that you want to search. 5 In the Wireless Switch list, select a specific WX switch, or select All.
  • Page 443 Using the Client Monitor Window 7 To add a user to the watch list in the User Management tab, select the Add Watch checkbox in the user row. Repeat for all users that you want to add to the watch list.
  • Page 444 Trend: Session Stats — Displays operational rate, SNR, and RSSI trend data. You can display trend data for periods covering the most recent one hour, 24 hours, 7 days, or 30 days. The data is also shown in a graph.

  • Page 445: Displaying A Client's Geographical Location

    To remove a client from the watch list, select the client, then click the Client Monitor window’s toolbar. Displaying a Client’s To display the location of a client within a site, select the client, then click Geographical on the Client Monitor window’s toolbar. The floor the client is Location currently on is displayed, as well as the client’s likely location on the floor.

  • Page 446: Using The Rf Monitor Window

    Activity — lists log messages for the radio RF Environment — lists 802.11 statistics for the radio If data does not appear in the window, check the bottom of the window for a message. If the message Error: The requested service is not enabled is displayed, you need to enable the RF Monitor options on the monitoring service.

  • Page 447: Displaying Rf Neighborhood Information

    Information The RF Neighborhood tab lists the transmitters that can hear or are heard by the radio selected in the top section of the window. You can select the viewpoint of the list: To list the other transmitters that the selected radio can hear, select Transmitters.

  • Page 448: Displaying The Ssid-To-Bssid Mapping

    1 milliwatt (dBm). A higher value indicates a stronger signal. Displaying the To display the SSIDs configured on a radio and their BSSIDs, in the RF SSID-to-BSSID Monitor window, select the SSID-BSSID Mapping tab at the bottom of the Mapping window.

  • Page 449: Displaying The Activity Log

    The activity log displays RF Auto-Tuning and countermeasures activity for Activity Log the radio. To display the activity log, in the RF Monitor window, select the Activity tab at the bottom of the window. Table 49 lists the information displayed on the tab.

  • Page 450: Displaying Rf Environment Statistics

    The RF Trends window shows current and past 802.11 statistics for Window radios. You can view statistics up to 30 days old, and display graphs of data trends. If data does not appear in the window, check the bottom of the window for a message.
  • Page 451 (See “Changing Monitoring Settings” on page 552.) When looking at graphed data, you can see the data in absolute or delta values. Delta (rate of change) values are calculated with the following equation:...

  • Page 452: Refreshing Rf Trend Data

    RF trending polling interval specified in the monitoring service. (See “Changing Monitoring Settings” on page 552.) To refresh the data on demand To refresh the data on demand, click the Refresh option on the RF Trends window’s toolbar. To refresh the data automatically 1 Click the checkbox next to Auto Refresh on the RF Trends window’s...
  • Page 453 Accessing Realtime Performance Statistics 2 Select the scope to monitor from the list on the left side of the dialog box. 3 Select the specific object(s) to monitor from the list on the right side of the dialog box. To select multiple contiguous objects, click Shift while selecting.
  • Page 454 Generally, the scope is an aggregate object, which means that it is made up of sub-objects. (The exception is when a scope is a set of ports.) When you see performance data for the aggregate object, you are seeing the sum of the data of the sub-objects.

  • Page 455: Viewing Performance Data

    - value at beginning of polling interval time difference (in seconds) For example, if the number of octets in is 11,101,288 at the beginning of the polling period, the number of octets in is 11,146,904 at the end of the polling period, and the time difference is 60 seconds, the delta value is 760.267.
  • Page 456 To sort data You can sort data in ascending or descending order to see the highest or lowest values at a glance. To sort data, click the title of the column whose data you want to sort. Click the column title again to toggle between ascending and descending order.
  • Page 457 To hide the list of objects that you can graph, click Hide Object Selector. This allows you to see the graph in the full width of the Statistics tab in the View panel.
  • Page 458 Figure 14 Viewing Historical Data (Delta Values) in a Line Graph Viewing Data in Percentages To see a set of objects in a particular category of data as percentages in a pie chart, click the Percent tab. Data for the pie chart is captured when you click the tab and is based on the polling interval you selected.
  • Page 459 Accessing Realtime Performance Statistics To hide the list of objects that you can graph, click Hide Object Selector. Doing this allows you to see the graph in the full width of the Statistics tab. Figure 15 shows the delta values for Octets In and Octets Out for the entire Mobility Domain as percentages in a pie chart.
  • Page 460 By default, this option is selected. 4 To make a copy of files before overwriting them, select Copy Files Before Overwriting. By default, this option is selected. The existing file is copied to a file with a .bak extension. 5 Click Export.

  • Page 461: Accessing The Event Log

    Displaying the event To display the event log, select View > Events from toolbar in the main 3WXM window. The Events tab appears in the Content panel. The top section of the tab displays the event messages. The bottom section allows you to filter the display.

  • Page 462: Toolbar Options

    Event tab’s toolbar. Filtering the You can limit the events you see in the Event tab by using predefined Messages filters in 3WXM or by specifying filter criteria based on content, facility, or severity. You can save specified filter criteria as a stored filter.
  • Page 463 You can use advanced filters to further limit the events you see. To filter messages by content: 1 In the Event Source box, type an event source name or part of an event source name. You can type more than one name or partial name.
  • Page 464 HAPTER ONITORING THE ETWORK 3 In the IP Address box, type an IP address or a partial IP address. For example, if you type 10.20, you see all events that pertain to IP addresses containing the string 10.20. Set the search criteria by selecting contains the string, contains all of the strings, or contains at least one of the strings.
  • Page 465 Viewer, you can save the criteria as a stored custom filter. To save a filter: 1 In the Stored Filters group box, type a new filter name in the Name box. 2 Type a name for the filter (1 to 80 alphanumeric characters, with no tabs).
  • Page 466 You can delete any filter that you created, but you cannot delete predefined filters. To delete a filter: 1 In the Stored Filters group box, select the filter to be deleted. 2 Click Delete. The filter is deleted. Exporting Filtered Data You can export the filtered data shown in Event Viewer to a comma-delimited text (.csv) file.

  • Page 467: Reviewing Event Details

    Accessing the Event Log 4 To copy files before overwriting them, select Copy Files Before Overwriting. By default, this option is selected. The existing file is copied to a file with a .bak extension. 5 Click Export. You can see the status of the export process in the Results box.
  • Page 468 10: M HAPTER ONITORING THE ETWORK...

  • Page 469: Detecting And Combatting Rogue Devices

    RF detection detects all the IEEE 802.11 devices in a Mobility Domain and can single out the unauthorized rogue access points. Rogue Access Points A rogue access point is an access point that is not authorized to operate and Users in a network. Rogue access points and their clients undermine the security of an enterprise network by potentially allowing unchallenged access to the network by any wireless user or client in the physical vicinity.

  • Page 470: Rf Detection Scans

    EVICES to a wireless laptop. Users can configure a wireless network interface card (NIC) in “ad hoc” mode and easily set up a simple peer-to-peer network. Although this WLAN might be isolated from the corporate WLAN, the users are stealing the air from legitimate WLAN users. The private WLAN can also cause RF interference with an authorized WLAN in other parts of the company.

  • Page 471: Rogue Detection Requirements

    RogueDetect RFDetectRogueDisappear CounterMeasureStart CounterMeasureStop The first two traps provide data about rogues when they are detected or disappear. The latter two traps provide data for countermeasures. Monitoring Service Rogue detection data are available only for WX switches that are being monitored by the monitoring service.

  • Page 472: Enabling Countermeasures

    CAUTION: Countermeasures affect wireless service on a radio. When a MAP radio is sending countermeasures, the radio is disabled for use by network traffic, until the radio finishes sending the countermeasures. 1 In the Organizer panel, right-click on Rogue Detection and select Properties.

  • Page 473: Using The Rogue Detection Tab

    Content panel. The Rogue Detection tab lists information about the rogue devices detected in the network. The rogue list section of the tab lists all rogues detected within the time period specified in the filter section. To display information about a rogue, select the rogue. Detailed information...
  • Page 474 SNMP traps for the monitored WX switches must be enabled. In addition, the seed WX switch of each Mobility Domain you want to monitor in the network plan must be in the Monitored WXs list of the monitoring service. (See “Changing Monitoring Service...

  • Page 475: Toolbar Options

    By default, the rogue list contains all rogues detected during the List most-recent polling interval, in all Mobility Domains in the network plan. You can change the time period for which rogues are listed as well as the scope of the list. To filter the rogue list 1 Click Filters on the Rogue Detection tab’s toolbar.

  • Page 476: Displaying Rogue Details

    ETECTING AND OMBATTING OGUE EVICES 2 Select the period by which you want to filter the list from the Filter By listbox: Current — Lists the rogues detected during the most-recent polling interval. Go to step 4. Current Hour — Lists the rogues detected during the most-recent hour.
  • Page 477 Details Tab The Details tab lists listener details for each appearance or disappearance of the selected rogue. To display details, select a row in one of the tabs described above. Table 55 lists the information displayed in the rogue details section of the...

  • Page 478: Displaying A Rogue's Geographical Location

    Rogue’s plan, you can display the likely physical location of a rogue. 3WXM Geographical displays the floor plan for the floor where the rogue is believed to be Location located, and displays the areas where the rogue is probably located.

  • Page 479: Ignoring Friendly Third-Party Devices

    To display the known address list, use the following procedure. address list 1 In the Organizer panel, click on the plus sign next to a Mobility Domain name to display the objects in the domain. 2 Click next to the plus sign by Rogue Detection.

  • Page 480: To Remove An Address From The Known Address List

    1 In the Organizer panel, click on the plus sign next to a Mobility Domain name to display the objects in the domain. 2 Click next to the plus sign by Rogue Detection. 3 Click next to the plus sign by Known Addresses. The MAC addresses (BSSIDs) in the known address list appear.

  • Page 481: To Display The List

    Converting a Rogue into a Third Party AP 3 Enter the information for the AP and place the icon for the AP in its floor location, if applicable. (See “Adding a Third-Party Access Point” on page 148.) To display the list In the Organizer panel, click on Third Party APs.
  • Page 482 11: D HAPTER ETECTING AND OMBATTING OGUE EVICES...

  • Page 483: Generating Reports

    ENERATING EPORTS This chapter describes the reports you can generate with 3WXM: Inventory Mobility Domain Configuration WX Configuration Client Summary Client Details Client Errors Watch List Client Network Usage RF Summary Radio Details Rogue Summary Work Order...

  • Page 484: Overview

    The Inventory Report dialog box appears. 2 To change the Mobility Domain the report is for, select it from the listbox. 3 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select.

  • Page 485: Generating A Mobility Domain Configuration Report

    2 Select the Mobility Domain for which you want the report. The scope is always Mobility Domain and cannot be changed. 3 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select.

  • Page 486: Generating A Wx Configuration Report

    2 Select the WX switch for which you want the report. The scope is always Wireless Switch and cannot be changed. 3 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select.

  • Page 487: Generating A Client Summary Report

    Client Monitor group box of the Monitoring Settings tab, must be enabled. (See “Changing Monitoring Settings” on page 552.) 1 Select Reports > Client Summary from the toolbar in the main 3WXM window. The Client Summary Report dialog box appears.
  • Page 488 3 Select the instance for which you want the report. For example, if the scope is Building, select the building. 4 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select.

  • Page 489: Generating A Client Details Report

    User Name IP Address MAC Address 4 Click on the Value field. Erase the text in the field and type the username, IP address, or MAC address of the user, depending on the selection criterion you specified in step 3.

  • Page 490: Generating A Client Errors Report

    4 Select the time period for the report: 1 Hour 24 Hours 7 Days 30 Days 5 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select.

  • Page 491: Generating A Watch List Client Report

    4 Click on the Select field, and select MAC Address. (3WXM monitors the clients on the watch list by MAC address.) 5 Click on the Value field. Erase the text in the field and type the MAC address of a client.

  • Page 492: Generating A Network Usage Report

    ENERATING EPORTS 6 Press Enter to complete the filter. 7 Repeat step 3 through step 6 for each user you want to display details for. 8 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select.

  • Page 493: Generating An Rf Summary Report

    7 Days 30 Days 5 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select. 6 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option.

  • Page 494: Generating A Radio Details Report

    7 Days 30 Days 5 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select. 6 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option.

  • Page 495: Generating A Rogue Details Report

    2 Click Add to add a report filter. The filter configuration fields are activated. 3 Click on the Select field, and select MAC Address. 4 Click on the Value field. Erase the text in the field and type the BSSID of the rogue. 5 Press Enter to complete the filter.

  • Page 496: Generating A Rogue Summary Report

    7 Days 30 Days 5 To change the output directory for the report, click on the button next to output directory, navigate to the new directory, and click Select. 6 To prevent 3WXM from replacing an existing report of the same type with this new report, click next to Overwrite Existing Files to deselect this option.

  • Page 497: Generating A Work Order

    The Work Order Generation dialog box appears. 2 Select the scope for the work order. You can select the network plan, a site, a building, or an individual floor. 3 Select the options you want to use for the report:...
  • Page 498 12: G HAPTER ENERATING EPORTS...

  • Page 499: Preparing To Use Hp Openview And 3Wxm

    To start 3WXM from Network Node Manager: 1 Start Network Node Manager. The Network Node Manager window appears. 2 In the main Network Node Manager window, do one of the following: Select Tools > 3Com > 3WXM. Click the 3Com icon in the toolbar.

  • Page 500: Using 3Wxm With Hp Open View

    A: U 3WXM W HP O PPENDIX SING...

  • Page 501: Changing 3Wxm Preferences

    RF planning, and 3WXM logging. Overview You can set 3WXM preferences for a user session on the system on which 3WXM is installed. The preferences you set are valid only for that user on that system.

  • Page 502: Resetting Preferences Values

    You can reset the preferences values to their default values by doing one Preferences Values of the following: To reset the values for a tab, click the tab to display it, and click Reset. (Each tab has a Reset button.) To reset all preferences for all tabs, click Reset All.
  • Page 503 (1 to 30 seconds) in the Connect Timeout box. The default is 5 seconds. 4 To set the number of times (0 to 5) 3WXM tries to reconnect to the WX after the original attempt, specify the value in the Retry Count box. The default is 3 times.

  • Page 504: Changing User Interface Options

    Warn checkbox. To disable the confirmation prompt, clear the Warn checkbox. By default, if you close a wizard, a pop-up box appears, asking whether you want to close the wizard. (Changes are lost if you close the wizard.) If you click Cancel to close a wizard, you do not get a confirmation prompt.

  • Page 505: Changing Persistence Options

    24x24 — Change all icons to 24x24 pixels. 6 Within Show Wizard Index, select one of the following: On Top — See the wizard index at the top of wizard dialog boxes. This is the default setting. On Left — See the wizard index on the left of wizard dialog boxes.

  • Page 506: Changing Tools Options

    To disable this option, clear Auto Save Changes. By default, this option is disabled. 4 In the Save Interval box, specify how often network plan is to be saved, from 1 to 1440 minutes (24 hours). The default is 10 minutes.

  • Page 507: Changing Certificate Management Options

    The default Web browser executable file is C:\Program Files\Internet Explorer\iexplore.exe. You can also click Browse to navigate the computer filesystem. 5 Click Close to close the Preferences dialog box, or click another tab to continue making changes. Changing By default, 3WXM does not accept self-signed certificates from WX Certificate switches or from the monitoring service.

  • Page 508: Changing Options For Rf Planning

    2 Click the RF tab. 3 In the Typical Client Tx Power box, specify the typical transmit power (1 to 20 dBm) for clients in the network. The default is 13 dBm, which is a common client transmit power. If you want to choose the color for an RF technology or obstacle, see...

  • Page 509: Changing Colors

    802.11a Channel Colors 802.11b/g Channel Colors RF Obstacle Colors Data Rate Colors RSSI Band Colors SNR Band Colors Load Band Colors Probability Colors 4 Click on the color column for the color you want to change. The Choose Color dialog box appears.
  • Page 510 HANGING REFERENCES See one of the following sections: For more information about using the color palette, see “Defining a Color from the Palette” on page 511. For more information about using HSB, see “Defining a Color by Changing HSB Properties” on page 512.
  • Page 511 The Recent box shows the colors you have chosen so far. Click Reset to choose the original predefined color and clear the Recent box. 2 Click OK to accept the color you last chose. The RF tab in the Preferences dialog box is active.
  • Page 512 To define a color by changing HSB: 1 To specify a color by changing HSB, click HSB in the Choose Color dialog box. 2 To change the hue value, select the H option and do one of the following.
  • Page 513 Changing Options for RF Planning 3 To change the saturation value, select the S option and do one of the following: In the S box, specify a value between 0 and 100 percent. Use the slider to specify the saturation value.

  • Page 514: Changing 3Wxm Logging Options

    2 Use the Red, Green, and Blue sliders to define a color. You can see a preview of the color in the Preview box. 3 Click OK to accept the color. The RF Planning Options tab in the Preferences dialog box is active.
  • Page 515 Changing 3WXM Logging Options 3 In the Log Event Level list, select one of the following event levels: Critical — A critical condition has occurred that requires immediate resolution. Warning — An event that might require attention has occurred. Info — Informational messages only. No action is required.
  • Page 516 B: C 3WXM P PPENDIX HANGING REFERENCES...

  • Page 517: 3Wxm V Erification Rules

    3WXM V ERIFICATION ULES This appendix lists the verification rules used by 3WXM. Rules are listed alphabetically by rule class. (For information about how to interpret and respond to errors or warnings that occur when a configuration or a device in the network conflicts with a rule, see “Verifying Configuration Information”...
  • Page 518 Verifies that no more than four server Error group check groups are specified for the authentication methods. 802.1X protocol check Verifies that LOCAL (local database) is Error not specified as an authentication method, when the EAP type is pass-through. Access rule disabled...
  • Page 519 Verifies whether the access rule is enabled Warning check in 3WXM. The rule does not take effect and is not deployed to WX switches in the network unless the rule is enabled in 3WXM. Accounting server Verifies that no more than four server...
  • Page 520 Verifies whether the access rule is enabled Warning check in 3WXM. The rule does not take effect and is not deployed to WX switches in the network unless the rule is enabled in 3WXM. Accounting server Verifies that no more than four server...
  • Page 521 Distributed MAP connections. WX support of MAP Verifies that the MAP model is supported Error check by the MSS version on the WX switch that manages the MAP. Serial number check Verifies that the serial number is specified Error for a Distributed MAP.
  • Page 522 Verifies whether the access rule is enabled Warning check in 3WXM. The rule does not take effect and is not deployed to WX switches in the network unless the rule is enabled in 3WXM. Accounting server Verifies that no more than four server...
  • Page 523 A VLAN name, incoming ACL name, or outgoing ACL name is assigned to a location policy rule A user glob is assigned if a user glob Warning operator is assigned A VLAN is assigned if a VLAN operator Error...
  • Page 524 Verifies whether the access rule is enabled Warning check in 3WXM. The rule does not take effect and is not deployed to WX switches in the network unless the rule is enabled in 3WXM. Accounting server Verifies that no more than four server...
  • Page 525 Verifies that the MAP type is supported in Error check the MSS version on the WX. Remote wiring closet If the MAP is directly connected, verifies Warning check that the wiring closet the MAP is attached to is in the same building as the MAP.
  • Page 526 Verifies that VLANs have unique IP Error check addresses within a Mobility Domain. Missing WX system IP Verifies that the system IP address is set on Error check each Mobility Domain member. Missing seed WX Verifies that the Mobility Domain is not...
  • Page 527 Table 83 RADIUS Server Rules Title Description Classification RADIUS server IP check Verifies that the IP address of a RADIUS Error server is a nonzero value (not 0.0.0.0). RADIUS server key Verifies that a RADIUS server key is defined...
  • Page 528 SSID’s traffic. Best practices Checks whether an SSID’s encryption type Warning (security): service is static WEP and, if it is, advises using a profile static WEP stronger encryption type. check Empty SSID check Verifies that encrypted and unencrypted Error data SSIDs are not empty.
  • Page 529 Description Classification WPA authentication Verifies that at least one authentication Error check option is selected if WPA is the security mode. WPA cipher check Verifies that at least one cipher option is Error selected if WPA is the security mode.
  • Page 530 Warning check the user. AAA user/group Verifies that the Encryption-Type attribute Error attribute is in the range of 0 to 64. encryption-type check AAA user/group Verifies that the End-Date attribute is Error attribute end-date specified in the following format: check...
  • Page 531 Ensures that the IP address assigned to the Error check VLAN is not a broadcast address. Empty IP address check Verifies that an VLAN interface that is Warning enabled also has a valid IP address. Valid IP address check Verifies that no IP interface overlaps with Error any other IP interface on the WX.
  • Page 532 Verifies whether the access rule is enabled Warning check in 3WXM. The rule does not take effect and is not deployed to WX switches in the network unless the rule is enabled in 3WXM. Accounting server Verifies that no more than four server...
  • Page 533 Table 94 Wireless Switch Rules (continued) Title Description Classification System IP assignment Verifies that the system IP address for the Error check WX is assigned, if the WX is managed. Assignment means that the system IP address has been assigned to a VLAN and...
  • Page 534 C: 3WXM V PPENDIX ERIFICATION ULES...

  • Page 535: Overview

    Overview To set monitoring service preferences, select Tools > 3WXM Services Setup from the toolbar in the main 3WXM window. See Figure 17 on page 536. This chapter describes how to change monitoring service preferences. To change 3WXM client preferences, see “Changing 3WXM Preferences” on page 501.

  • Page 536: Changing Monitoring Service Preferences

    By default, the monitoring service does not allow remote connections. The first time you access the service, you must do so from the machine on which the service is installed. Then you can configure the service to allow...

  • Page 537: Starting Or Stopping The Monitoring Service

    You can start the monitoring service from within 3WXM or from Windows Services. 1 Display the Services window. Here is an example of the Services window in Windows XP. (The window might look different on your system.) 2 Scroll down and select 3WXM Services.
  • Page 538 3 Enter the IP address or fully-qualified hostname of the machine on which the service is installed. If the service is installed on the same machine as the one you are using to run 3WXM, enter 127.0.0.1 as the IP address. This is a standard IP loopback address.
  • Page 539 Verify that the service is running on the server. Connection error for address: ip-addr:tcp-port-number Verify that the service has been started. If the service is running, verify that the certificate on the server is still valid (for example, is not out of date). HTTP 403: Forbidden This message can indicate that remote access to the monitoring service is not allowed, or that the username and password are invalid.

  • Page 540: Certificate Check

    When the 3WXM client connects to the monitoring service, the client checks the certificate presented by the monitoring service to ensure that the certificate is valid. The certificate is in a key store file on the server. The default key store file is .services_keystore. This file contains a self-signed certificate for the monitoring service.

  • Page 541: Completing The Connection

    Enabling 3WXM Client To Access the Monitoring Service The options you select in this dialog box apply to all HTTPS connections with the 3WXM client. For example, the 3WXM client also checks the validity of certificates presented by WX switches, and the settings you select in this dialog affect those connections too.

  • Page 542: Changing Service Settings

    4 The change the UDP port on which the monitoring service listens for SNMP traps, type or select the port number in the HTTPS Server Port box. The default is 162. 5 To change the interval at which the monitoring service backs up its database, change the value in the Backup interval box.
  • Page 543 8 To change the password that protects access to the key store file, edit the value in the Password box. 9 To specify the file type for the key store file, select one of the following: PKCS12 — Public-Key Cryptography Standard number 12, the standard format used by Unix machines.
  • Page 544 Enter a username. The name does not need to match a user account configured on the machine. c Enter the password you want the user to use when logging on to the monitoring service. d Reenter the password.

  • Page 545: Selecting Wx Switches To Monitor

    Selecting WX Switches to Monitor 12 Add other users if needed, then click Save to save the changes or Cancel to cancel the changes. 13 Click another tab to configure more settings or click Close to close the 3WXM Services Setup dialog box.
  • Page 546 The monitoring service does not monitor any WX switches by default. Also, if you change network plans later and want to monitor the WX switches in the new plan, you must add the WX switches to the list of monitored WX switches. The monitoring service does not automatically monitor the WX switches.
  • Page 547 Selecting WX Switches to Monitor 3 To add all the WX switches from a Mobility Domain in the network plan, click Add From Plan. The Network Plan WX dialog box is displayed.
  • Page 548 You also can display the serial number from the command-line interface (CLI) by typing the show version command. c Type one of the WX switch’s IP addresses in the IP Address box. The monitoring service must be able to reach the WX switch on this IP address.
  • Page 549 WX switch, use the set enablepass command. e Click OK to add the WX switch to the monitoring service. The WX switch appears in the table. To close the Monitored WX dialog box without saving changes, click Cancel.

  • Page 550: Changing Wx Connection Settings

    WX switch. (See “Managing WX System Images and Configurations” on page 369.) 9 Repeat step 7 and step 8 to change SNMP settings for other WX switches if needed. 10 Click Save to save the changes or Cancel to cancel the changes.
  • Page 551 WX switch, if the monitoring service does not receive a reply to the first query attempt within the connect timeout, type or select the value in the Retry Count box. You can specify from 0 to 5 retries. The default is 5 retries.

  • Page 552: Changing Monitoring Settings

    When both the Accept all certificates and Accept self-signed certificates options are disabled, the monitoring service accepts only-CA generated certificates. 7 To specify a key store filename and a password to protect access to that file: a Enter the filename in the File box.
  • Page 553 SNMP traps received by the monitoring service from monitored WX switches: ClientAuthorization ClientDeAssociation ClientRoaming Monitor tab— Status monitoring of WX switches by the Enabled RF Monitor window monitoring service (Does not apply to the Activity tab at the bottom of the window)
  • Page 554 The options that use SNMP trap data require the corresponding SNMP traps to be enabled on the monitored WX switches and also require the monitoring service to be a trap receiver for each of the WX switches. (See “Selecting WX Switches to Monitor” on page 545.) The data for some reports also requires monitoring options to be enabled.

  • Page 555: To Change Monitoring Settings

    3 To change the number of minutes between status queries from the monitoring service to the WX switches it monitors, change the value in the Polling interval box. You can specify from 1 to 60 minutes. The default is 5 minutes.
  • Page 556 ONITORING ERVICE REFERENCES 4 To change settings for monitoring of the log buffers on WX switches: a Select Enable log monitoring. This option is disabled by default. b To change the number of minutes between queries of the WX switches’ log buffers, change the value in the Polling interval box. You can specify from 1 to 60 minutes.
  • Page 557 0 to 20 decibels (dB). The default is 6 dB. When a TCA is triggered, the alert is displayed as a red flag in the link view of the Explore window of the Monitor tab. You can click on the object for more information.

  • Page 558: Accessing The Monitoring Service Log

    PPENDIX HANGING ONITORING ERVICE REFERENCES 9 Click another tab to configure more settings or click Close to close the 3WXM Services Setup dialog box. Accessing the You can access the monitoring service log through a web browser. To Monitoring Service...
  • Page 559 3 Enter the following command: dbtools -restore [filename.zip] where filename.zip is the name of a backup file. Specify only the filename, without the path name. If you do not specify a filename, the most recent backup is used.
  • Page 560 D: C PPENDIX HANGING ONITORING ERVICE REFERENCES...

  • Page 561: Register Your Product

    Warranty and other service benefits start from the date of purchase, so it Product is important to register your product quickly to ensure you get full use of the warranty and other service benefits available to you. Warranty and other service benefits are enabled through product registration.

  • Page 562: Access Software Downloads

    Software Updates you must first register your product on the 3Com web site at http://eSupport.3com.com/ First time users will need to apply for a user name and password. A link to software downloads can be found at , or http://eSupport.3com.com/ under the Product Support heading at http://www.3com.com/...

  • Page 563: Contact Us

    0800 446 398 Pakistan +61 2 9937 5083 You can also obtain support in this region using the following e-mail: apr_technical_support@3com.com Or request a repair authorization number (RMA) by fax using this number: + 65 543 6348 Europe, Middle East, and Africa Telephone Technical Support and Repair...
  • Page 564 AT&T +800 998 2112 Dominican Republic AT&T +800 998 2112 Virgin Islands 57 1 657 0888 You can also obtain support in this region using the following: Spanish speakers, enter the URL: http://lat.3com.com/lat/support/form.html Portuguese speakers, enter the URL: http://lat.3com.com/br/support/form.html English speakers in Latin America should send e-mail to: lat_support_anc@3com.com...
  • Page 565 AAA (authentication, authorization, and accounting) network users 323 access control entries. See ACEs (access control backbone fast convergence 205 entries) backup access control lists. See ACLs (access control lists) creating 558 access points buildings rogues 469 adding 106 access rules...
  • Page 566 375 managing 323 Event Viewer setting up properties 318 deleting filters 466 conventions exporting filtered data 466 notice icons, About This Guide 15 filtering text, About This Guide 16 by content 463 copying objects 67 by facility 465 countermeasures...
  • Page 567 30 ICMP ACE, creating 355 logging IGMP (Internet Group Management Protocol) configuring 218 configuring 201 setting up a syslog server 221 definition 201 setting up system logging 218 image repository adding image 393 deleting image 393 using 393...
  • Page 568 80 saving a version 82 radio profiles saving automatically 83 defined 265 sharing 86 RADIUS (Remote Authentication Dial-In User Services) network ports server groups configuring 231 changing order of RADIUS servers 301 network user access rules 323 connecting to 292...
  • Page 569 164 uplink fast convergence 205 rules summertime information 228 ACL 518 syslog server admin 518, 520, 521, 522, 524, 527, 532 setting up 221 console 518, 520, 521, 522, 524, 527, 532 coverage area 520 system image files adding 393...
  • Page 570 188 deleting 207 mapping ACLs to 363 modifying 207 naming 189 roaming 189 tagging 190 users 189 VLAN globs in location policies 318 warning resolving 375 watch list adding users to 443 Web authentication enabling 214 WEP (Wired-Equivalent Privacy protocol)

This manual is also suitable for:

3crwx440095a

Table of Contents