Chapter 1 Getting Started ... 11 Which Allied Telesyn Access Products Does This Manual Support? ... 12 Overview of the AT-WA7500 and AT-WA7501 Access Point Products... 13 Features ...15 What’s New for Software Releases 2.3? ...16 Understanding the LEDs ...17 Understanding the Ports...19...
Page 4
Contents Connecting Power Over Ethernet ... 59 External Antenna Placement Guidelines ... 60 Connecting Antennas to the Radios ...60 Positioning Antennas for 802.11g, 802.11b, and 802.11a Radios ...60 Positioning Antennas for Dual Radio Access Points ...61 Positioning Antennas for Antenna Diversity...61 Chapter 3 Configuring the Ethernet Network ...
Page 5
Upgrading the Access Points ... 261 Using a Web Browser Interface...261 Troubleshooting the Upgrade ...262 Chapter 9 Additional Access Point Features ... 263 Understanding the Access Point Segments ... 264 Understanding Transparent Files ... 265 AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 6
Contents Using the AP Monitor ... 266 Entering the AP Monitor ...266 Using AP Monitor Commands ...266 Using Content Addressable Memory (CAM) Mode Commands ...268 Using Test Mode Commands ...269 Using Service Mode Commands ...270 Using Command Console Mode ... 276 Entering Command Console Mode...276 Using the Commands ...277 Using TFTP Commands ...279...
Preface This manual provides you with information about the features of the Allied Telesyn AT-WA7500 and AT-WA7501 access points with software release 2.0 (or later). This manual also describes how to install, configure, operate, maintain, and troubleshoot the access points.
Preface Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
AT-WA7500 and AT-WA7501 Installation and User’s Guide Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in Portable Document Format (PDF) from on our web site at www.alliedtelesyn.com . You can view the documents on-line or...
Preface Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base from the following web site: www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Chapter 1 Getting Started This chapter introduces the Allied Telesyn AT-WA7500 and AT-WA7501 access points, explains their features, and describes how you can use them to expand your data collection network. This chapter covers these topics: “Which Allied Telesyn Access Products Does This Manual Support?”...
Chapter 1: Getting Started Which Allied Telesyn Access Products Does This Manual Support? This system manual supports the AT-WA7500 and AT-WA7501 access points with software release 2.2.
They are designed for standards-based connectivity and they support industry standard IEEE 802.11g, 802.11b, and 802.11a wireless technologies. The AT-WA7500 and AT-WA7501 access points with an IEEE 802.11g radio installed are Wi-Fi certified for interoperability with other 802.11g and 802.11b wireless LAN devices.
Page 14
Chapter 1: Getting Started Management and Configuration DHCP DHCP Agent TCP/IP HTTP TFTP Configuration File Settings System Configuration Port RS-232 Connector Access points are multiport (Ethernet-to-wireless) bridges, and because wireless end devices operate similarly to other Ethernet devices, all your existing Ethernet applications will work with the wireless network without any special networking software.
Secure Web Browser Interface (HTTPS) 10BaseT/100BaseTx Fiber Optics Option Serial Port Data Link Tunneling IP Tunneling Antenna Diversity Non-incentive Antenna System NEMA 4/IP 54 Protection Power Supply AT-WA7500 and AT-WA7501 Installation and User’s Guide AT-WA7500 AT-WA7501 802.11g* 802.11g* 802.11b 802.11b 802.11a 802.11a...
“About the Radios” on page 97. Other features of all access points include: What’s New for Software release 2.3 can only be installed on the Allied Telesyn AT-WA7500 and AT-WA7501 access points. Software Releases 2.3? New features include these items: Table 1.
Ability to configure different SSIDs to use different authentication servers. Understanding The AT-WA7500 and AT-WA7501 access points have five LEDs. To understand the LEDs during normal use, see the next table. To use the the LEDs LEDs to help troubleshoot the radios, see “Troubleshooting the Radios” on page 251.
Page 18
This illustration shows the LEDs that are on the AT-WA7501 access point. For help understanding these LEDs, see the LED Descriptions table on page 17. This illustration shows the LEDs that are on the AT-WA7500 access point. For help understanding these LEDs, see the LED Descriptions table on page 17.
2. Remove the door. This illustration shows the ports that are on the AT-WA7501. For help understanding these ports, see the Port Descriptions table on page 19. AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 3. Port Descriptions Port Used with an appropriate power cable, this port connects the access point to an AC power source.
Page 20
Chapter 1: Getting Started The AT-WA7500 ports are located on the bottom of the access point. This illustration shows the ports that are on the AT-WA7500. For help understanding these ports, see the Port Descriptions table on page 19. For more information on connecting the ports, see Chapter 2, “Getting Started”...
Table 4. Access Point Environments Access Point Use in most indoor environments. Use in locations where an access point is exposed to extreme environments. Host Ethernet Figure 6. Simple Wireless Network AT-WA7500 and AT-WA7501 Installation and User’s Guide Environment Access point...
Page 22
Chapter 1: Getting Started In a simple wireless network, the access point that is connected to the wired network serves as a transparent bridge between the wired network and wireless end devices. To install a simple wireless network 1. Configure the initial IP address. For help, see “Configuring the Access 2.
AT-WA7500 and AT-WA7501 Installation and User’s Guide Allied Telesyn recommends that you always implement some type of security. Using Multiple For larger or more complex environments, you can install multiple access points so wireless end devices can roam from one access point to another.
Page 24
Chapter 1: Getting Started 2. Configure the LAN ID. For help, see “Configuring the Spanning Tree 3. Configure one of the access points to be a root access point. For help, 4. If your network has a switch that is not IEEE 802.1d-compliant and is Example - Configuring an 802.11g Access Point with Roaming End Devices In this example, there is one 802.11g radio in each access point.
SSID for the access point master radio and the WAP station radio. AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 6. 802.11g Access Points Parameter Settings 802.11g...
Page 26
Chapter 1: Getting Started WAPs send data from end devices to the access points via wireless hops. Wireless hops are formed when data from end devices move from one access point to another access point through the radio ports. The master radio in the access point transmits hello messages, which allow the WAPs to attach to the spanning tree in the same way as access points.
Page 27
In the Frequency field, choose the radio frequency of your wireless network. c. (802.11a only) Make sure the Allow Wireless Access Points field is On Primary. d. In the Primary service set Node Type field, choose Master. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 28
Chapter 1: Getting Started 7. Click Submit Changes to save your changes. To activate your 8. Configure the access point to be a root access point. For help, see 9. Click Submit Changes to save your changes. To activate your Example - Configuring an 802.11g WAP With No Roaming End Devices In this example, there is one 802.11g radio in the access point and there...
Page 29
In this example, there is one 802.11a radio in the access point and there is one 802.11a radio in the WAP. Wireless end devices can roam between the WAP and the access point. Host Figure 12. 802.11a WAP with Roaming End Devices AT-WA7500 and AT-WA7501 Installation and User’s Guide WAP 802.11b 802.11g 802.11g Radio-1...
Chapter 1: Getting Started 802.11a Radio Spanning Tree Settings You need to configure the wireless end devices to have the same SSID, LAN ID, and frequency as the WAP radio. You do not need to configure any secondary LAN settings because the WAP is not connected to a secondary LAN.
Page 31
LAN bridge. On the secondary LAN bridge, set the root priority to 0 and the secondary LAN bridge priority to a number other than 0. AT-WA7500 and AT-WA7501 Installation and User’s Guide Secondary LAN Designated...
Page 32
Chapter 1: Getting Started You may also need to adjust the flooding parameters. Here are some recommendations: To install a point-to-point or a point-to-multipoint bridge 1. Follow the instructions for installing a simple wireless network in the 2. Configure the LAN ID. For help, see “Configuring the Spanning Tree 3.
Page 33
9. Configure the master radio in the point-to-point bridge on the primary LAN: a. From the main menu, click the link corresponding to the master radio. The radio screen appears. b. Make sure the Allow Wireless Access Points field is On Primary. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 34
Chapter 1: Getting Started 10. Configure the spanning tree settings for the point-to-point bridge on 11. If the roaming end devices will be roaming across an IP router, you 12. Click Submit Changes to save your changes. To activate your Example - Configuring an 802.11g Point-to-Point Bridge In this example, each access point only has one 802.11g radio.
Page 35
Root Priority Settings Ethernet Bridging Enabled Secondary LAN Bridge Priority Secondary LAN Bridge Flooding Allied Telesyn recommends that you implement some type of security. AT-WA7500 and AT-WA7501 Installation and User’s Guide Bridge Bridge Secondary Primary LAN (Root) (Designated Bridge) Master...
Page 36
Chapter 1: Getting Started Example - Configuring an 802.11a Point-to-Multipoint Bridge In this example, each access point only has one 802.11a radio. Since the 802.11a radio can function as a master and a station, wireless end devices can communicate with either access point. 802.11a Radio Spanning...
Using Dual Radio You can configure AT-WA7500 units and AT-WA7501 units that have two 802.11g radios, two 802.11b radios, or two 802.11a radios to provide Access Points for redundancy for your network. Redundancy During normal operations, end devices send frames to the master radio in one of the access points, which bridges the frames to the wired network.
Allied Telesyn AT-WA7500 Configuration Wizard, but you need to know the access point IP addresses. You can download this wizard from the ATI web site. For help, see “Using the ATI AT-WA7500 Configuration Wizard” on page 38. Note Your PC must be on the same Ethernet segment as the access point.
Page 39
To use the Allied Telesyn AT-WA7500 Configuration Wizard Note To use the AT-WA7500 Configuration Wizard, you must have a PC that is running Windows 95-OSR2/98SE/ME or Windows NT4/2000/ 1. Install the AT-WA7500 Configuration Wizard on your PC. The wizard can be downloaded either from the documentation CD that is shipped with the access point, or from the ATI web site.
Chapter 1: Getting Started 5. Proceed with the IP Address configuration by following the on-screen Using a You can use a communications program (such as HyperTerminal) to set the initial IP address for the access point. After you configure the IP Communications address, you can continue to use the communications program to set Program...
Page 41
7. Press Enter to access the TCP/IP Settings menu. 8. If you are not using a DHCP server, you need to manually assign an IP address. Configure these parameters in the TCP/IP Settings menu: AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 1: Getting Started 9. Press Esc to return to the Access Point Configuration menu. 10. Choose Save Configuration. 11. Choose Reboot. Using a Web After you have set the initial IP address, you can configure, manage, and troubleshoot the access point from a remote location using a web browser Browser interface.
Page 43
“atilan” and the default password is “atilan”. You can define a user name and password. For help, see “Setting Up Logins” on page 176. Or you may want to log in to a secure session. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 1: Getting Started 5. Click Login. The TCP/IP Settings screen appears. Using a Telnet After you have configured the IP address, you can configure, manage, and troubleshoot the access point from a remote location using a telnet Session session. Only one session can be active with the access point at a time.
Page 45
Enter. The default user name is “atilan” and the default password is “atilan”. You can define a user name and password. For help, see “Setting Up Logins” on page 176. The Access Point Configuration menu appears. Your telnet session is established. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 1: Getting Started Saving Configuration Changes When you are done configuring the access point, you may want to activate your changes immediately or you may want to save the changes now and activate them later. If you choose to activate the changes later, they will become active the next time the access point is booted.
You need to reboot the access point when you want the current configuration to become the active configuration. To discard the changes Click Discard Pending Changes. AT-WA7500 and AT-WA7501 Installation and User’s Guide Select to use new configuration settings the next time you reboot the access point...
Chapter 1: Getting Started Using a Telnet 1. From the Access Point Configuration menu, choose Save Session 2. Choose Reboot to reboot the access point and immediately use your Configuration. new active configuration.
Chapter 2 Installing the Access Points This chapter explains how to install the Allied Telesyn AT-WA7500 and AT-WA7501 access points in your data collection network, provides some tips on how to position access points to improve your network performance, and provides some external antenna guidelines. This chapter covers these topics: “Installation Guidelines”...
Chapter 2: Installing the Access Points Installation Guidelines Allied Telesyn recommends that you have an Allied Telesyn-certified RF specialist conduct a site survey to determine the ideal locations for all your Allied Telesyn wireless network devices. To conduct a proper site survey, you need to have special equipment and training.
AT-WA7500 and AT-WA7501 Installation and User’s Guide Other Access Access points that are configured for the same frequency and that are in the same radio coverage area may interfere with each other and decrease Points throughput. You can reduce the chance of interference by configuring...
Chapter 2: Installing the Access Points Installing the AT-WA7501 You can place the AT-WA7501 horizontally or vertically on a desk or counter. If you want to mount the AT-WA7501 to a wall or beam using an Allied Telesyn mounting bracket kit, you need one of these mounting kits: To order one of these kits, contact your Allied Telesyn representative.
Plug one end of the power cord into the power port on the AT-WA7501 and plug the other end into an AC power outlet. The access point boots as soon as you apply power. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
1. Attach the antenna or antennas. For more information, see “External 2. Mount the AT-WA7500. For help see the AT-WA7500 Quick Install 3. Connect the AT-WA7500 to your wired LAN (unless you are using it as 4. Connect the AT-WA7500 to power. For help, see “Connecting the When you are done installing the access points, you need to configure them to communicate with your network.
Patch cords and adapters are available from many different manufacturers. For help choosing the proper patch cord and adapter, contact your local Allied Telesyn representative. AT-WA7500 and AT-WA7501 Installation and User’s Guide Figure 17. Patch Cord Note Inserting a male MT-RJ connector into the fiber optic port may result...
Chapter 2: Installing the Access Points Connecting to an To connect to an MT-RJ network, you need: MT-RJ Network To connect to an MT-RJ network 1. Remove any cable protectors attached to the patch cord and adapter. 2. Connect the access point to your network as shown in the next To access point Connecting to an To connect to an SC network, you need:...
To access point To access point Connecting to an To connect to an ST network, you need: ST Network AT-WA7500 and AT-WA7501 Installation and User’s Guide Female MT-RJ connector SC connector Patch cord Note The patch cord shown above must connect to the access point with a female MT-RJ connector.
Page 58
Chapter 2: Installing the Access Points To connect to an ST network 1. Remove any cable protectors attached to the patch cord and adapter. 2. Connect the access point to your network as shown in the next To access point a patch cord with a female MT-RJ connector to insert into the access point’s male MT-RJ fiber optic port, and an ST connector to insert into the ST adapter.
For a list of the power bridges that Allied Telesyn sells, contact your local Allied Telesyn representative. This illustration shows how you connect the AT-WA7500 to a power bridge with a typical Ethernet cable to run power over Ethernet.
Chapter 2: Installing the Access Points External Antenna Placement Guidelines Antennas and their placement play a vital role when installing a wireless network. Every wireless network environment presents its own unique obstacles. Therefore, the exact range that you will achieve with each access point is difficult to determine.
Do not position the two antennas around a corner or so that a wall is between them. AT-WA7500 and AT-WA7501 Installation and User’s Guide Location Recommended Antenna Separation * 0.33 m (13 in) or 0.64 m (25 in) 0.64 m (25 in), 1.22 m (4 ft), or 1.83 m (6...
Page 62
Chapter 2: Installing the Access Points Stacked Antenna Positioning for Dual Radio Access Points As an alternative to the physical separation of omni antennas, you can mount them along a single axis to minimize the antenna-to-antenna coupling. Note that antenna diversity works differently for 802.11g, 802.11b, and 802.11a radios.
Page 63
AT-WA7500 and AT-WA7501 Installation and User’s Guide When antenna diversity is enabled, both ports can receive, but only the primary port transmits. To achieve optimum placement for the two antennas, you must place the transmit/receive antenna so that it is within range of all the radios that the receive-only antenna can hear.
Chapter 3 Configuring the Ethernet Network This chapter explains how to configure the AT-WA7500 and AT-WA7501 access points so that they communicate with your Ethernet network. This chapter explains: “Configuring the TCP/IP Settings” on page 65 “Configuring Other Ethernet or Fiber Optic Settings” on page 77...
3. If you want to configure the access point as a DHCP server, see “Configuring the Access Point as a DHCP Server” on page 70. AT-WA7500 and AT-WA7501 Installation and User’s Guide Note You should have already configured an IP address for the access point.
Page 66
Chapter 3: Configuring the Ethernet Network 4. If you want to configure the access point as a NAT server, see “About 5. If you want to configure the access point to send ARP requests, see 6. Click Submit Changes to save your changes. To activate your IP Address IP Subnet Mask IP Router...
4 seconds. If a DHCP offer is received within the 4 seconds, the DHCP offer is used and the BOOTP reply is ignored. (BOOTP offers are treated like infinite DHCP leases.) AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 13. TCP/IP Settings Descriptions (Continued) Parameter Enter a domain name suffix that will be appended to DNS names that cannot be resolved.
Page 68
Chapter 3: Configuring the Ethernet Network To configure the access point as a DHCP client 1. From the menu, click TCP/IP Settings. The TCP/IP Settings screen 2. Configure the DHCP parameters to make this access point a DHCP appears. client. For help, see the next table. Note If you set DHCP Mode to Disable DHCP and the IP address for this access point is 0.0.0.0, all IP communications are disabled for this...
Page 69
Or enter the DHCP vendor class identifier as defined in RFC 2132. When this access point acts as a DHCP client, the string entered in this field is sent in DHCP option 60 in DHCP request messages. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Chapter 3: Configuring the Ethernet Network DHCP for Access Point Network Configuring the You can configure the access point as a simple DHCP server that provides DHCP server functions for small installations where no other Access Point as a DHCP server is available. The DHCP server will offer IP addresses and DHCP Server other TCP/IP settings to any DHCP client it hears as long as a pool of unallocated IP addresses is available.
Page 71
Choose This AP is a DHCP Server. The access point must have a valid IP address and subnet mask. DHCP Server Enter the name for this access point as a DHCP Name server. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Page 72
Chapter 3: Configuring the Ethernet Network DHCP User Class DHCP Vendor Class DHCP for Access Point Network 4. Click Submit Changes to save your changes. DHCP Server Setup Table 15. DHCP Server Parameter Descriptions (Continued) Parameter Leave the field blank if you want this access point to respond to requests from any client.
Page 73
DHCP clients. If these addresses are not on the same subnet as the access point, the access point will perform Network Address Translation (NAT) for the clients to which it grants IP addresses. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Page 74
Chapter 3: Configuring the Ethernet Network Lease Time Permanently Save IP Address Mappings Display-only parameters IP Subnet Mask IP Router (Gateway) DNS Address 1 DNS Address 2 NAT Status Supported DHCP Server Options When the access point is acting as a DHCP server, it issues IP address leases to configure the IP address, along with the DNS addresses, DNS suffixes, IP subnet mask, and IP router.
Page 75
AT-WA7500 and AT-WA7501 Installation and User’s Guide Unsupported DHCP Server Options When the access point is acting as a DHCP server, it does not support any DHCP options other than those listed. The DHCP server disregards any DHCP options that are not explicitly required by the DHCP specification.
Chapter 3: Configuring the Ethernet Network To configure the access point as a NAT server 1. From the menu, click TCP/IP Settings. The TCP/IP Settings screen 2. Verify that the IP Address field and IP Subnet Mask field are 3. In the DHCP Mode field, choose This AP is a DHCP Server. 4.
3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 78
Chapter 3: Configuring the Ethernet Network Port Type Link Speed Enable Link Status Check Table 17. Ethernet Parameter Descriptions Parameter Appears only if the access point has a fiber optic port. This field specifies the port that the access point uses to communicate with the Ethernet network: 10/100 Mb Twisted-Pair: The access point communicates with the Ethernet network through...
3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 3: Configuring the Ethernet Network Configuring Ethernet Filters You can set both Ethernet and IP tunnel filters, and you can create protocol filters for both predefined and user-defined protocol types. In addition, you can define arbitrary frame filters based on frame content. Setting Ethernet filters prevents the Ethernet port from sending out unnecessary traffic to the wireless network.
Page 81
4. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 82
Chapter 3: Configuring the Ethernet Network 5. If you set the Scope field to Unlisted for any of the frame types, you DIX IP TCP Ports DIX IP UDP Ports SNAP IP TCP Ports SNAP IP UDP Ports DIX IP Other Protocols SNAP IP Other Protocols DIX IPX Sockets SNAP IPX Sockets...
Table 19, ”Subtype Filter Descriptions” on page 84. Value: The value must be two hex pairs. When a match is found between frame subtype and value, the specified action is taken. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 84
Chapter 3: Configuring the Ethernet Network To customize subtype filters 1. From the main menu, click Ethernet > Customizable Subtype Filters. 2. For each subtype field, check or clear the Allow/Pass check box to 3. In the SubType field, choose the customizable frame subtype. For 4.
Page 85
TCP/IP settings from another DHCP server on the Ethernet network. It also prevents the access point from providing TCP/IP settings to DHCP clients on the wired network. For this example, set these customizable subtype filters. AT-WA7500 and AT-WA7501 Installation and User’s Guide Value...
Page 86
Chapter 3: Configuring the Ethernet Network Configuring Advanced Filters You can configure advanced filters if you need more flexibility in your filtering. Settings for advanced filters execute after those for other filters; that is, advanced filters are only applied if the frame has passed the other filters.
Page 87
ExprSeq values until the access point determines whether to pass or drop the frame. To set filter expressions 1. From the main menu, click Ethernet > Advanced Filters > Filter Expressions. The Filter Expressions screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 88
Chapter 3: Configuring the Ethernet Network 2. Configure the filter expressions parameters. For help, see the next 3. Click Submit Changes to save your changes. To activate your ExprSeq (Expression Sequence) Offset table. changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot.
Page 89
MAC addresses. These filters do not prevent wireless traffic from reaching the Ethernet network. For this example, set these filter values. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Page 90
Chapter 3: Configuring the Ethernet Network Value ID Table 22. Example 1 - Filter Values Value Description ff ff ff ff ff ff Allows multicast traffic to enter the wireless network, which is necessary for IP end devices to communicate 00 02 2d 04 The MAC address of an end device you b7 a4...
Page 91
You must enter a filter expression for each Value ID in the Filter Values menu. In this example, only the ExprSeq and the Value ID values change. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation The order that you want the expressions executed.
Page 92
Chapter 3: Configuring the Ethernet Network Example 2 This example shows how to use Ethernet filters to discard all DIX IP multicast frames except those from selected devices. Three entries have a value ID of 3 to demonstrate how to enter a list. All entries with the same value ID belong to the same list.
Page 93
ExprSeq Offset Mask Value ID Action AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation The first expression that is executed. You must have an expression for each Value ID that is listed in the Filter Values menu. Since the filter is applied to the destination address, which is the first value in the frame, the offset is 0.
Page 94
Chapter 3: Configuring the Ethernet Network Set the second filter expression as shown below. Parameter ExprSeq Offset Mask Value ID Action Table 26. Example 2 – Second Filter Expression Value The second expression that is executed. Checks for the DIX IP frame type, which starts 12 bytes from the destination address.
Page 95
Offset Mask ff ff ff ff ff ff Value ID Action Drop AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation The third expression that is executed. Checks the source Ethernet address, which starts 6 bytes from the destination address. Checks the 6-byte source Ethernet address for an exact match.
Chapter 4 Configuring the Radios This chapter explains how to configure the radios in the AT-WA7500 and AT-WA7501 access points so that they communicate with your wireless end devices. This chapter covers these topics: “About the Radios” on page 97 “Configuring the 802.11g Radio”...
About the Radios The AT-WA7500 and AT-WA7501 access products may contain one or two radios. You can use access points that contain two different types of radios to support two different types of wireless networks, such as legacy networks. You can use access points with two of the same type of radios as WAPs, as point-to-multipoint bridges, to increase throughput in a busy network, or to provide redundancy.
Chapter 4: Configuring the Radios Configuring the 802.11g Radio You can configure the 802.11g radio to communicate with other 802.11g and 802.11b radios that have the same: For each radio, you can assign up to four service sets, creating one primary service set and up to three secondary service sets.
Page 99
For optimal performance of master radios in access points that are in range of each other, configure the frequencies to be at least five channels apart. For example, configure the frequency to use channels 1, 6, and 11. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Page 100
Chapter 4: Configuring the Radios Node Type SSID (Network Name) Member Limit Table 29. 802.11g Radio Parameter Descriptions (Continued) Parameter Configure the 802.11g radio to master, station, or disabled: Master: The radio always operates in Master mode. The radio becomes active to accept connections for wireless devices when the access point joins the spanning tree.
Page 101
ETSI countries include all European Union countries except France. It also includes Switzerland, Iceland, Norway, Czech Republic, Slovenia, Slovakia, Turkey, Russia, and the United Arab Emirates. France, Mexico, and Singapore use the same channels. AT-WA7500 and AT-WA7501 Installation and User’s Guide ETSI France 2412...
Chapter 4: Configuring the Radios Configuring You can configure advanced parameters for the 802.11g radio primary service set. These settings are shared by any secondary service sets 802.11g Radio defined for the radio. Advanced Parameters To configure advanced parameters 1. From the main menu, click 802.11g Radio > Advanced Configuration. 2.
Allows clients with 802.11b or 802.11g radios. Clients that have mandatory extended data rate requirements will not associate. Basic rates are 1 or 2 Mbps. Data rates are 1, 2, 5, 5, or 11 Mbps. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Page 104
Chapter 4: Configuring the Radios Table 31. 802.11g Radio Advanced Parameter Descriptions (Continued) Power Output Level* Enable Medium Reservation Reservation Threshold Parameter Set the transmitted power level: Maximum (63 mW): Sets the output power to the highest level supported by the radio. Medium (32 mW): Sets the output power to 3 dB lower than the highest level supported by the radio.
Page 105
Allows an optimal mix of 802.11g and 802.11b transmissions. Enable Data Rate Determines if you want the radio to drop to Fallback a slower data rate when it has trouble communicating with another radio. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Page 106
Chapter 4: Configuring the Radios Table 31. 802.11g Radio Advanced Parameter Descriptions (Continued) Disallow SSID (Network Name) of ‘ANY (Master radio only) DTIM Period (Master radio only) Parameter Determines if end devices that have their SSID set to ANY or are left blank (empty) can associate with this radio.
If any of the devices are also DHCP clients, you need to check the Allow DHCP check box. To configure 802.11g radio inbound filters 1. From the main menu, click 802.11g Radio > Advanced Configuration > Inbound Filters (Primary Only). The Inbound Filters screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 4: Configuring the Radios 2. For each frame type, check or clear each check box. For help, see the 3. Click Submit Changes to save your changes. To activate your Allow IAPP Allow Wireless Transport Protocol (WTP) Allow UDP Plus (UDP/IP Port 5555) Allow DHCP Allow All Other...
3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 4: Configuring the Radios Configuring the 802.11b Radio The 802.11b radio will communicate with other 802.11b radios that have the same: To configure the 802.11b radio 1. From the main menu, click 802.11b Radio. The 802.11b Radio screen 2. Configure the parameters for the radio. For help, see the next table. 3.
Page 111
For optimal performance of master radios in access points that are in range of each other, configure the frequencies to be at least five channels apart. For example, configure the frequency to use channels 1, 6, and 11. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Chapter 4: Configuring the Radios Configuring 1. From the main menu, click 802.11b Radio > Advanced Configuration. 802.11b Radio Advanced Parameters 2. Configure the advanced parameters. For help, see the next table. 3. Click Submit Changes to save your changes. To activate your Data Rate Allow Data Rate Fallback...
Page 113
Determines if the access point activates a Oven Robustness modified algorithm for automatic rate fallback, which prevents the access point from falling back to 1 Mbps when trying to retransmit radio frames when 2.4 GHz interference is present. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Page 114
Chapter 4: Configuring the Radios Table 34. 802.11b Radio Advanced Parameter Descriptions (Continued) Enable Load Balancing Enable Medium Density Distribution Data/Voice Settings (Master radio only) Disallow SSID (Network Name) of ‘ANY’ (Master radio only) DTIM Period (Master radio only) Parameter Determines if end devices can distribute their connections across multiple access points.
1. From the main menu, click 802.11b Radio > Advanced Configuration > Inbound Filters. The Inbound Filters screen appears. 2. For each frame type, check or clear each check box. For help, see the next table. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 116
Chapter 4: Configuring the Radios 3. Click Submit Changes to save your changes. To activate your Allow IAPP Allow Wireless Transport Protocol (WTP) Allow SpectraLink Voice Protocol (SVP) Allow UDP Plus (UDP/IP Port 5555) Allow DHCP Allow All Other Protocols changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot.
To configure a SpectraLink network Note 1. 1 From the main menu, click 802.11b Radio > Advanced Configuration. The Advanced Configuration screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 36. Number of Phones Supported Number of Number of...
Page 118
Chapter 4: Configuring the Radios 2. In the Data/Voice Settings field, choose either Data and SpectraLink 3. Check the Allow Data Rate Fallback check box. 4. In the Basic Rate field: 5. Click Submit Changes to save your changes. To activate your Traffic or SpectraLink Traffic Only.
Any access point that may become a WAP should have a root priority set to 0 and have a secondary LAN bridge priority. To configure the 802.11a radio 1. From the main menu, click 802.11a Radio. The 802.11a Radio screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 120
Chapter 4: Configuring the Radios If your screen does not look like the previous one, your primary service set may be configured as station (instead of master), so that the secondary service sets are not available, as shown next. 2. Configure the parameters for the radio. For help, see the next table. 3.
Page 121
(where n is 1, 2, or 3) connects to wireless access points. Do not allow wireless access points: No service set connects to wireless access points. You can block access points from forming a wireless hop to this radio entirely. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Page 122
Chapter 4: Configuring the Radios Node Type SSID (Network Name) Table 37. 802.11a Radio Parameter Descriptions (Continued) Parameter Configure the 802.11a radio to master, station, or disabled: Master: The radio operates in Master mode when it sees the root access point on its Ethernet port. If it cannot see the root, it operates in Master/ Station mode and tries to find the root through its radio port.
Page 123
American countries. The 802.11a channels that are allowed in a given country may change without notice. Be sure you use only those frequencies that are permissible in the given country. AT-WA7500 and AT-WA7501 Installation and User’s Guide ETSI France Japan...
Chapter 4: Configuring the Radios Configuring 1. From the main menu, click 802.11a Radio > Advanced Configuration. 802.11a Radio Advanced Parameters 2. Configure the advanced parameters. For help, see the next table. 3. Click Submit Changes to save your changes. To activate your Power Output Level The Advanced Configuration screen appears.
Page 125
On certain radios, the fragmentation does not occur unless the radio detects interference. Larger frame sizes can improve throughput on a reliable connection. Smaller frame sizes can improve throughput on a poor connection. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Chapter 4: Configuring the Radios Table 39. 802.11a Radio Advanced Parameter Descriptions (Continued) Disallow SSID (Network Name) of ‘ANY’ (Master radio only) Beacon Period DTIM Period Configuring When configuring a master radio, you can filter different types of wireless traffic that it may receive. You may want to use this feature by itself or with 802.11a Radio an access control list (ACL) to help secure your network.
Page 127
Determines if this radio accepts UDP Plus frames (UDP/IP Port 5555) from end devices. The UDP Plus frames must match the UDP network port 5555 on the DCS 30X, Allied Telesyn Gateway, or ARP. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Page 128
Chapter 4: Configuring the Radios Allow DHCP Allow All Other Protocols Multicast Filter File Name Hello Period Table 40. 802.11a Radio Inbound Filter Descriptions (Continued) Parameter Determines if this radio accepts DHCP frames. The DHCP frames must match UDP destination port 67 and ARP.
Chapter 5 Configuring the Spanning Tree This chapter explains how to configure the AT-WA7500 and AT-WA7501 access points so that they create a spanning tree topology. This chapter covers these topics: “About the Access Point Spanning Tree” on page 130 “Configuring the Spanning Tree Parameters”...
Chapter 5: Configuring the Spanning Tree About the Access Point Spanning Tree AT-WA7500 and AT-WA7501 access points with the same LAN ID arrange themselves into a self-organized network using a spanning tree topology. The spanning tree provides efficient, loop-free forwarding of frames through the network and allows efficient roaming of wireless end devices.
Because the root distributes parameters to the child access points, the root should have the latest version of software available. In a mixed network of an AT-WA7500 or AT-WA7501 access point with AT- WL2411 access points, choose an AT-WA7500 or AT-WA7501 access point with software release 2.2 (or later) as the root.
Wireless Secondary LANs The designated bridge should have the latest version of software available. In a mixed network of AT-WA7500 and AT-WA7501 access points with AT-WL2411 access points, choose a AT-WA7500 or AT-WA7501 access point with software release 2.2 (or later) as the designated bridge.
Page 133
8. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 5: Configuring the Spanning Tree About Ethernet Ethernet bridging is simply forwarding a frame received on the radio port to the Ethernet port, and vice versa. Using this default mode, the access Bridging/Data point acts as a bridge between the wireless and wired networks. Link Tunneling Turning off Ethernet bridging enables data link tunneling.
Routable standard mobile IP.) You should be able to use default flooding and Network spanning tree settings if you are using routable protocols, even if hosts are Protocols located on remote IP subnets. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 5: Configuring the Spanning Tree Configuring the Spanning Tree Parameters When you configure the spanning tree parameters, you identify the access point as part of the spanning tree. That is, you specify if this access point is a root, or a candidate to become a root, or a designated bridge, or a candidate to become a designated bridge.
Page 137
VLANs on switches connected through 802.1Q trunk ports. A switch may also be configured statically to always forward specific VLANs to specific ports. You should clear this check box for a static configuration. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Page 138
Chapter 5: Configuring the Spanning Tree Rightmost LED Behavior Enable Ethernet Bridging Secondary LAN Bridge Priority Table 42. Spanning Tree Parameter Descriptions (Continued) Parameter Choosing Spanning Tree Root Indicator causes the LED to blink if the access point is configured as the root and remain on if an error is detected.
Page 139
Multicast: Multicast flooding occurs unless the root access point (in the Global Flooding screen) disables multicast flooding. Unicast: Unicast flooding occurs unless the root access point (in the Global Flooding screen) disables unicast flooding. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Chapter 5: Configuring the Spanning Tree About IP Tunnels The physical boundary of a network is usually defined by the existence of an IP router. Before IP tunnels technology was developed, wireless end devices could only operate within the limited coverage area of their own network and could not roam across IP subnet boundaries.
Page 141
If you have a DHCP server in your network, it must be on the root IP subnet. All access points on secondary LANs must have permanent IP addresses. On the root access point, you must allow IP multicast frames to pass. AT-WA7500 and AT-WA7501 Installation and User’s Guide Host...
Chapter 5: Configuring the Spanning Tree When an access point at the endpoint of the IP tunnel receives data from an end device, it uses a standard IP protocol called Generic Router Encapsulation (GRE) to encapsulate the data into a frame. These encapsulated IP/GRE frames use normal IP routing to pass through IP routers to the root access point.
Page 143
8. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 5: Configuring the Spanning Tree Using One IP IP tunneling supports IP multicast and Internet Group Management Protocol (IGMP). IP multicast provides an ideal way to distribute IP hello Multicast messages. These hello messages are only forwarded to those IP subnets Address for and IP hosts (such as access points) that participate in the multicast Multiple IP...
IP and ARP frames are never forwarded outbound through an IP tunnel unless the destination IP address belongs to the root IP subnet. Usually, these frames are destined for wireless end devices that have roamed AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 146
Chapter 5: Configuring the Spanning Tree away from their root IP subnet. Unicast frames are not flooded. Unicast frames are only forwarded outbound through an IP tunnel if the destination address identifies an end device that has roamed to a remote IP subnet. End devices attach to the root access point, which maintains entries for these devices in its forwarding database.
Page 147
BGP (179) (Border Gateway Protocol) RAP (38) (Route Access Protocol) RIP (520) (Routing Information Protocol) IP/TCP frames with the following destination or source protocol port numbers: BGP (179) (Border Gateway Protocol) RAP (38) (Route Access Protocol) AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 5: Configuring the Spanning Tree Configuring IP Tunnels For guidelines, see “About IP Tunnels” on page 140. To configure the IP Tunnels screen 1. From the main menu, click IP Tunnels. The IP Tunnels screen 2. Configure the IP tunnels parameters. For help, see the next table. 3.
1. From the main menu, click IP Tunnels > IP Addresses/DNS Names. The IP Addresses/DNS Names screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 43. IP Tunnel Parameter Descriptions (Continued) Appears only if Mode parameter is Originate if Root.
Chapter 5: Configuring the Spanning Tree 2. If you enabled IGMP, enter the Class D IP multicast address. The 3. Enter the IP addresses or DNS names of all the access points that can 4. Click Submit Changes to save your changes. To activate your Configuring IP You can set both Ethernet and IP tunnel filters, and you can create protocol filters for predefined protocol types.
Page 151
If you check the check box, the frame type is allowed to pass. For each frame type field, set the Scope field to Unlisted or All. For help, see the next table. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 152
Chapter 5: Configuring the Spanning Tree 3. Click Submit Changes to save your changes. To activate your 4. If you set the Scope field to Unlisted for any of the frame types, you DIX IP TCP Ports DIX IP UDP Ports SNAP IP TCP Ports SNAP IP UDP Ports DIX IP Other Protocols...
Page 153
Allow/Pass: Check or clear this check box. Check this check box to pass all frames of the subtype and value. Clear this check box to drop all frames of the subtype and value. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 154
Chapter 5: Configuring the Spanning Tree Subtype: Selects the frame subtype you wish to configure. Value: The next table describes frame subtypes and their values. The value must be two hex pairs. When a match is found between frame subtype and value, the specified action is taken. To customize subtype filters 1.
Page 155
Socket value in hexadecimal. SNAP-EtherType SNAP type in hexadecimal. To filter on both SNAP type and OUI, use advanced filters. 802.3-IPX-Socket Socket value in hexadecimal. 802.2-IPX-Socket Socket value in hexadecimal. 802.2-SAP 802.2 SAP in hexadecimal. AT-WA7500 and AT-WA7501 Installation and User’s Guide Value...
Chapter 5: Configuring the Spanning Tree Filter Examples These examples illustrate how to set both Ethernet and IP tunnel filters to optimize network performance. The next illustration includes: This illustration shows a typical network that will be used in the next examples.
DIX, 802.2, and 802.3 SNAP frames. In many actual networks, only one type of filter is required, because all stations are configured using one of the three options. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 158
Chapter 5: Configuring the Spanning Tree For this example, set these options on the Ethernet Frame Type Filters screen. In the Predefined Subtype Filters screen, set the 802.2-IPX-RIP field to drop 802.2, DIX, and 802.3 frames.
TCP/IP parameters to end devices on a remote subnet, you need to set this filter to allow for the necessary IP tunneling: In the IP Tunnel Frame Type Filter table, configure DIX-IP-UDP Port to pass all frames. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 5: Configuring the Spanning Tree Comparing IP Tunnels to Mobile IP The AT-WA7500 and AT-WA7501 access points support IP tunneling, which allows end devices to roam across different subnets (routers) without having to change IP addresses. IP tunneling supports IETF RFC 1701 using GRE and the same encapsulation technique as mobile IP.
Page 161
Table 46. IP Tunnels and Mobile IP Comparison (Continued) Issue Special network software Standard network feature. No additional network software is required. AT-WA7500 and AT-WA7501 Installation and User’s Guide IP Tunneling Requires home and foreign agents located on each network or subnetwork. Mobile IP...
Chapter 5: Configuring the Spanning Tree Configuring Global Parameters Global parameters are configured on the root access point and on any other access point that is a root candidate (does not have a root priority of 0). The root access point sends these settings to all other access points in the spanning tree.
Page 163
LANs. Enabling this parameter makes managing secondary LANs easier because you do not need to set secondary LAN flooding parameters. Set Locally: The designated bridges control flooding on their LANs. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Page 164
Chapter 5: Configuring the Spanning Tree Allow Multicast Outbound to Terminals Unicast Flooding Unicast Outbound to Secondary LANs Allow Unicast Outbound to Terminals Table 47. Global Flooding Parameter Descriptions (Continued) Parameter Appears only if Multicast Flooding is enabled. Determines if outbound multicast frames with unknown destination addresses are flooded toward end devices.
To configure global RF parameters 1. From the menu, click Spanning Tree Settings > Global RF Parameters. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation Check this check box to enable ARP flooding.
Page 166
Chapter 5: Configuring the Spanning Tree Click to set the global RF 2. Configure the global RF parameters. Click the links in the Global RF The Global RF Parameters screen appears. Parameters menu to set more parameters. For help, see the next table.
Page 167
Larger frame sizes can improve throughput on a reliable connection, while smaller frame sizes can improve throughput on a poor connection. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Page 168
Chapter 5: Configuring the Spanning Tree S-UHF/902 MHz Awake Time (S-UHF and 902 MHz radios only) RFC1042 Types to Pass Through (802.11g, 802.11b, or 802.11a radios only) Table 48. Global RF Parameter Descriptions (Continued) Parameter Specifies the amount of time that a wireless end device stays awake when radios are inactive.
Chapter 6 Configuring Security This chapter explains how to use different security solutions to ensure that you have a secure wireless network. This chapter covers these topics: “Understanding Security” on page 170 “Controlling Access to Access Point Menus” on page 174 “Creating a Secure Spanning Tree”...
Chapter 6: Configuring Security Understanding Security The AT-WA7500 and AT-WA7501 access points provide many different security features and solutions that you can use to create a secure wireless network. To create a secure wireless network, you need to be concerned about:...
Page 171
You should periodically change which WEP key these devices use. 802.11g and 802.11b radios support WEP 64/128 security, and 802.11a radios support 64/128/152 security. For help, see “Configuring WEP 64/128/152 Security” on page 189. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 6: Configuring Security For help troubleshooting security, see “Troubleshooting Security” on page 255. When You You can configure each 802.11g and 802.11a radio with up to four SSIDs or service sets. Although each service set shares one physical radio Configure configuration, you can configure each service set with a different security Different SSIDs...
IAPP Authentication column. Then, you can select another RADIUS server to service access points authenticating end devices by checking the check box for the appropriate service set. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 6: Configuring Security Controlling Access to Access Point Menus There are several ways that you can manage who can configure and manage the access points in your network: The next sections explain how to implement these strategies. Enabling Access There are five access methods that you can enable or disable depending on how you want users to be able to configure or manage the access Methods...
Page 175
80 or port 443. Choose Secure-Only if you want to force users to log in using the secure web browser (HTTPS) interface. Secure-only access is through port 443. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Chapter 6: Configuring Security Allow Telnet Access (Port 23) Allow SNMP Access (Port 161/ 162) Allow TFTP Access (Read-Only) Allow ICMP Configuration Allow Avalanche Access Setting Up Logins To ensure login security for configuring or maintaining the access points, you should either use a password server (typically an EAS or another RADIUS server) or change the default user name and password.
Page 177
1. From the main menu, click Security > Passwords. The Passwords screen appears. 2. Check the Use RADIUS for Login Authorization check box. 3. (Optional) Make sure the Allow Service Password check box is checked. 4. Click Submit Changes to save your changes. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 178
Chapter 6: Configuring Security 5. Configure the password server by clicking Select a RADIUS server for 6. For each password server, enter the IP address or DNS name, enter 7. Configure the password server database: Changing the Default Login If you are not using a password server to authorize user logins, you should change the default user name and password and create a read-only password.
Page 179
Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. Once the changes are activated, you must enter these new values when you use a web browser or telnet to connect to this access point. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 180
Chapter 6: Configuring Security Use RADIUS for Login Authorization User Name Password Read Only Password Allow Service Password Table 51. Password Parameter Descriptions Parameter Determines if you are using a password server to authenticate end devices that can communicate with this access point. Clear this check box. Enter the user name you need to use to log in to this access point.
IAPP disabled, the access points will form separate spanning trees with the same LAN ID. If you want to use secure IAPP, enable secure IAPP on all access points. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 182
Chapter 6: Configuring Security To create a secure spanning tree 1. From the main menu, click Security > Spanning Tree Security. The 2. Check the Secure IAPP check box. 3. Click Submit Changes to save your changes. 4. In the IAPP Secret Key field, enter a secret key. This secret key must 5.
Page 183
In the access point that contains the master radio, click Maintenance > AP Connections. The AP Connections screen lists the station radios (including ones in other access points) that are communicating with the master radio. For help, see “Viewing AP Connections” on page 228. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 6: Configuring Security Enabling Secure Communications Between Access Points and End Devices There are several ways that you can ensure secure communications between access points and wireless end devices in your network: The next sections explain how to configure these methods. Using an Access You can use an access control list (ACL) that contains the MAC addresses that are authorized to communicate with the network through the access...
Page 185
6. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 186
Chapter 6: Configuring Security 7. Configure the RADIUS server by clicking Select a RADIUS server for 8. For each RADIUS server, enter the IP address or DNS name, enter 9. Configure the database. Enter the MAC address for each end device ACL authorization.
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring Virtual LANs (VLANs) make it easy to create and manage logical groups of wireless end devices that communicate as if they were on the same LAN. VLANs You can group all wireless users on a particular VLAN in order to manage the IP address space differently.
Page 188
Chapter 6: Configuring Security To configure a VLAN 1. From the main menu, click Spanning Tree Settings. The Spanning 2. Check or clear the Enable GVRP for VLAN check box:. 3. Click Submit Changes to save your changes. 4. From the main menu, click Security. If you have enabled more than the Tree Settings screen appears.
WEP key. AT-WA7500 and AT-WA7501 Installation and User’s Guide Note The value in the VLAN field is also called the VLAN tag.
Page 190
Chapter 6: Configuring Security Since static WEP keys can be difficult to update, the AT-WA7500 and AT-WA7501 access products let you enter up to four WEP keys, and then pick a WEP transmit key (1-4). It is easier to rotate the WEP transmit key than to individually change all the WEP keys.
Page 191
For WEP 152, enter 16 WEP Key 4 ASCII characters or hex pairs. To enter a hexadecimal key, prefix it with 0x. For example, the ASCII key ABCDE is equivalent to 0x4142434445. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Chapter 6: Configuring Security Implementing an You can implement 802.1x security in your network. The IEEE 802.1x standard provides an authentication protocol for 802.11 LANs. 802.1x 802.1x Security provides strong authentication, access control, and key management, and Solution lets wireless networks scale by allowing centralized authentication of wireless end devices.
Page 193
To configure the access point as an authenticator 1. From the main menu, click Security and then click the radio service set that you are configuring. The appropriate radio screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 194
Chapter 6: Configuring Security 2. In the Security Level field, select Dynamic WEP/802.1x. 3. Click Submit Changes to save your changes. This screen appears. 4. In the Key Rotation Period (Minutes) field, enter how often (in minutes) the access point generates a new WEP key to distribute to the end devices.
Page 195
For help configuring an external RADIUS server, see the documentation that came with your server. You need to enter each authenticator’s IP address and the shared secret key. In the database, you need to enter the information for each end device. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 196
Chapter 6: Configuring Security Enabling Secure Communications Between Access Points When you configure a radio to use 802.1x security, you automatically enable spanning tree security, which can be used for both wired access points and WAPs. A secure spanning tree has two functions: 1.
Page 197
4. Check the Verify CA Certificate check box and enter the authentication server common names to verify that the access point is connecting to the correct authentication server. Allied Telesyn recommends that you perform this step because it provides another layer of security. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 198
Chapter 6: Configuring Security 5. Click Submit Changes to save your changes. To activate your 6. Repeat Steps 1 through 5 for each access point in your spanning tree. In the access point that contains the master radio, click Maintenance > AP Connections.
PC or server on your network or an EAS. The authentication server accepts or rejects requests from end devices that want to communicate with the 802.1x-enabled network. For help, see Chapter 7, “Configuring the Embedded Authentication Server (EAS)” on page 204. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 200
Chapter 6: Configuring Security To configure WPA security 1. From the main menu, click Security and then click the radio service set 2. In the Security Level field, choose either WPA - PSK or WPA - 802.1x. 3. Click Submit Changes to save your changes. The screen changes, 4.
Page 201
For help configuring an external RADIUS server, see the documentation that came with your server. You need to enter each authenticator’s IP address and the shared secret key. In the database, you need to enter the information for each end device. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 202
Chapter 6: Configuring Security Configuring WPA PSK Security Multicast Encryption Type Pre-shared Key Key Rotation Period (Minutes) Table 54. WPA PSK Security Parameter Descriptions Parameter Indicates that TKIP is used as the data encryption method for broadcast and multicast for this radio port.
Page 203
Allows you to specify the key rotation policy for Period (Minutes) encryption keys when using WEP in 802.1x and for TKIP group keys when using WPA. The value represents key duration in minutes. The default value is 5 minutes. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Chapter 7 Configuring the Embedded Authentication Server (EAS) This chapter explains how to configure the embedded authentication server (EAS) in your access point for different security solutions to ensure that you have a secure wireless network. This chapter covers these topics: “About the Embedded Authentication Server (EAS)”...
About the Embedded Authentication Server (EAS) The AT-WA7500 and AT-WA7501 access points have an embedded authentication server (EAS), which is an internal RADIUS server. In your network, you can use the EAS on any access point. The EAS can act as: a password server that maintains a list of logins of users who can configure and manage the access point.
Chapter 7: Configuring the Embedded Authentication Server (EAS) About Certificates Certificates encrypt communication between the internal RADIUS server, RADIUS clients, and the supplicants and HTTPS clients. There are two types of certificates: Understanding The next table summarizes when an access point needs to have a CA certificate and/or a server certificate installed on it.
From the main menu, click Security > Certificate Details. The Certificate Details screen appears. The Server Certificate table lists the server certificate that is installed, and the CA Certificate table lists the trusted CA certificate that is installed. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 7: Configuring the Embedded Authentication Server (EAS) Installing and Once you have determined that you need to install a certificate, use this procedure. Uninstalling Certificates To install certificates 1. From the main menu, click Security > Certificate Details. The 2.
Page 209
2. Click Uninstall All Certificates. The unique server certificate and the trusted CA certificate are deleted. You can still use the secure web browser interface and install new certificates using the default certificate (ValidforHTTPSOnly). AT-WA7500 and AT-WA7501 Installation and User’s Guide...
4. Make sure that all access points that are using this EAS (as a Enabling the EAS In both AT-WA7500 and AT-WA7501 access points, the default secret key is the same. By having the same default secret key, you can verify that all access points can communicate with the EAS.
Page 211
6. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 46. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 7: Configuring the Embedded Authentication Server (EAS) Enable Server Default Secret Key UDP Port Authorization Time Enable PEAP Fast Reconnect Configuring the The EAS database contains up to 128 clients that this access point authorizes for logins, RADIUS clients, ACL clients, and 802.1x clients. Database This screen is hot settable;...
Page 213
1 to 32 characters. For help, see the next table. 6. Click Submit Changes to save your changes. 7. Repeat Steps 3 through 6 for each client. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 214
Chapter 7: Configuring the Embedded Authentication Server (EAS) 8. Click Save/Discard changes, and then click Save Changes without Type Field Login RADIUS Reboot. Table 59. Embedded Authentication Server Entry Descriptions Description Enter user names and passwords for users who are authorized to configure and maintain access points using the password server.
Server > Rejected List. The Rejected List screen appears. 3. Determine which users and devices you need to add to the database. For help understanding the list, see the next table. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description Enter the login name and...
Page 216
Chapter 7: Configuring the Embedded Authentication Server (EAS) 4. Add users and devices to the database. For help see “Adding Entries Column Type User Name Last Time Count NAS IP Address Adding Entries to the Database When you accept TTLS/PAP and PEAP/GTC entries, they are added to the database and require no further configuration.
1. Log in to the access point whose EAS you are using. 2. From the menu bar, click File Import/Export > Read or write the EAS RADIUS database. The EAS Database Import/Export screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 218
Chapter 7: Configuring the Embedded Authentication Server (EAS) 3. If you are not using the secure web browser, click “A secure session is 4. Click Export the EAS database from this access point. A File 5. Make sure Save this file to disk is selected, and then click OK. The available.”...
Page 219
3. If you are not using the secure web browser, click A secure session is available. Repeat Steps 1 and 2. 4. Enter the path and filename of the database. Or click Browse to locate the file. 5. Click Import Database. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 8 Managing, Troubleshooting, and Upgrading Access Points This chapter explains how to manage, maintain, troubleshoot, and upgrade the access products. This chapter covers these topics: “Managing the Access Points” on page 221 “Maintaining the Access Points” on page 228 “Troubleshooting the Access Points”...
Wavelink Avalanche Client Management System Enabler Agent AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 61. Wavelink Avalanche Components Component Resides on all devices managed by the Avalanche system. It communicates information about the device to the Avalanche Agent and manages software applications on the device.
Page 222
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Console The enabler is already installed on access points with software release 2.0 or later. You can install the agent and the console on the same PC. Avalanche uses a hierarchical file system organized into software packages and software collections: For more information about software packages and software collections, see the Wavelink Avalanche documentation and online help.
Page 223
Or, leave this field blank and the access point sends out a broadcast request looking for any available agent. 3. Click Submit Changes to save your changes. 4. From the main menu, click Security. The Security page appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 224
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points 5. Verify that the Allow Avalanche Access check box is checked. 6. Click Submit Changes to save your changes. To activate your 7. Repeat Steps 1 through 6 for each access point. Managing Your Access Points Using Avalanche Each time the access point is rebooted, it attempts to connect to the Avalanche Agent.
Page 225
Avalanche, make sure that you update the security parameters on your end devices before you update the security parameters on your access point. Otherwise, you will lose connectivity between your end devices and your access point. AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation...
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Using Simple The access point can be managed using Simple Network Management Protocol (SNMP); that is, you access the access point from an SNMP Network management station. Contact your Allied Telesyn representative if you Management need to obtain a copy of the MIB.
Page 227
Specify a password that provides read and write Community access and lets the user change the community strings. This password can be from 1 to 15 characters and is case sensitive. The default is Secret. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Maintaining the Access Points The Maintenance menu lets you view different parameters configured for the access point, including connections, port statistics, and a configuration summary. This information may be needed when you contact Allied Telesyn Technical Support.
Page 229
ACL or 802.1x security. If an access point or WAP is blocked and should be allowed to pass, you need to re-enter the IAPP secret key in both devices. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description...
Page 230
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points MAC Address Type Table 64. AP Connections Screen Fields (Continued) Display Field Shows the address of the connected device. If another access point is connected to this access point, you see the Ethernet MAC address. If a WAP is connected to this access point, you see the radio MAC address.
You can use this screen to help you: distribute channels for maximum wireless network performance. identify interference problems. AT-WA7500 and AT-WA7501 Installation and User’s Guide Description Displays the port through which the connection is established:...
Page 232
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points To view AP neighbors Address Channel Signal (dBm) SSID Age (sec) From the menu, click Maintenance > AP Neighbors. The AP Neighbors screen appears. For help interpreting the information on this read-only screen, see the next table.
Page 233
AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 65. AP Neighbors Screen Fields (Continued) Display Field Description Capabilities This information is derived from the capability information sent in the beacon. Capabilities may include: ESS: Set for an access point and cleared for an end device or ad-hoc device.
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Viewing Port The Port Statistics screen shows the total number of frames and bytes that the access point has received and transmitted since it was last booted. Statistics You can also view graphs of inbound and outbound packets for the port. To view port statistics From the menu, click Maintenance >...
Save IP Address Mappings check box is checked, you can delete entries from the server’s permanent address map. To view DHCP status From the menu, click Maintenance > DHCP Status. The DHCP Status screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Viewing the The Events Log screen shows a the events that have been logged by this access point. These events are cleared when the access point loses Events Log power or is rebooted. To view the Events Log MAC Address IP Address...
1. From the menu, click Maintenance > About This Access Point. The About This Access Point screen appears. This screen is read-only. 2. Scroll down to view more information about the access point. 3. Continue scrolling down until you see the subtitle Configuration Summary. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points 4. Click the button under the Configuration Summary title to switch To view a processor utilization graph 1. From the main menu, click Maintenance > About This Access Point. 2. Click the Processor and Revision link. The Processor Utilization graph Using the LEDs You can use the LEDs to help you locate a specific access point in your building.
3. Click Save Changes and Reboot. When the access point is done rebooting, it will use the factory default settings as its active configuration. You may need to reset the IP address and other network parameters. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Troubleshooting the Access Points This section provides you with information on the installation, configuration, and operation of the access point. Using the When you click Save/Discard Changes, the access point checks for potential problems with the network configuration and security settings.
Page 241
RADIUS database has a password but no username. A username/password entry in the RADIUS database has a username but no password. AT-WA7500 and AT-WA7501 Installation and User’s Guide Additional Information The Default Secret Key for the EAS does not match the secret key value in the RADIUS Server List.
Page 242
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 68. Alphabetized List of Configuration Error Messages (Continued) All SSID values must be unique per physical radio. An entry in the RADIUS server list is using a default secret key. At least one 802.1x supplicant protocol must be enabled.
Page 243
The DHCP server subnet mask is invalid. The IAPP secret key has not been changed from its default value. The IP Address is zero. AT-WA7500 and AT-WA7501 Installation and User’s Guide Additional Information On the IP Tunnels screen, Mode is set to Originate if...
Page 244
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 68. Alphabetized List of Configuration Error Messages (Continued) The IP Address and IP Router must share the same subnet. The IP Subnet Mask is invalid. The IP Subnet Mask should not be zero. The login password has not been changed from its default value.
LEDs display the pattern shown in the next table. With the LEDs Table 69. MobileLAN access LED Boot Sequence for Release 2.2 (or later) Power Wireless #1 AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuration Error Message Wireless #2 Wired LAN Additional Information You need to install a server certificate.
Table 69. MobileLAN access LED Boot Sequence for Release 2.2 (or later) (Continued) (Wireless #1 and #2 blink in unison.) After the AT-WA7500 or AT-WA7501 successfully boots, the LEDs display one of these patterns: Table 70. AT-WA7500 and AT-WA7501 Normal LED Pattern After Booting...
Page 247
9600, N, 8, 1, no flow control. (Verify that the baud rate is not 115200.) 4.Your system may be in autobaud mode. Reboot and press a key once per second until the sign on screen appears. AT-WA7500 and AT-WA7501 Installation and User’s Guide Possible Solution/Answer...
Page 248
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points You cannot connect to the access point using a web browser. You cannot ping or telnet to an access point. The Ping Utility screen does not appear when you click a MAC address or an IP address in the AP Connections screen.
Page 249
IP subnet. 2. Verify that the access points on the 3. On the root access point verify that the AT-WA7500 and AT-WA7501 Installation and User’s Guide Possible Solution/Answer From the Maintenance menu, choose AP Connections and verify that the MAC address of your end device appears on your PC screen.
Page 250
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points You need to verify the static WEP keys. The filters are not filtering properly. You need to confirm which master radio a WAP is connected to. The throughput seems slow. The radio coverage is less than you expected it to be.
The error messages are described in the following table. Contact your local Allied Telesyn representative to help you correct the problem. AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 72. AT-WA7500 and AT-WA7501 LEDs LED On...
Page 252
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points In this table, “Radio A” refers to the radio in slot 1 and “Radio B” refers to the radio in slot 2. These error messages may appear for either radio. Error Message Couldn’t read country code from radio A...
Page 253
By default, the Pings per refresh is None. To increase the number of pings that occur after each refresh, click 25 or 100. 3. Click the X in the upper right corner of the window to return to the AP Connections screen. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 254
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Using ICMP Echo ICMP (Internet Control Message Protocol) echo lets you ping devices using their IP address. ICMP echo can only be used if the access point has determined the IP address of the end device or another access point. If the access point is acting as an ARP server, it will determine the IP addresses of the end devices that are attached to it and allow you to use ICMP echo on the wireless network.
To see all the 802.1x events in your network, you need to use MobileLAN manager or another SNMP management station or network management tool. AT-WA7500 and AT-WA7501 Installation and User’s Guide Note The information on this screen varies with the type of request sent and the capabilities of the medium through which it is sent.
Page 256
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points To view the Security Events log For help understanding the events, see the next table. MAC Address IP Address Priority Trap? Count Type Additional Data From the menu, click Security > Security Events. The Security Events log appears.
Page 257
AT-WA7500 and AT-WA7501 Installation and User’s Guide Possible Solution/Answer Verify that the root access point is running software release 1.80 or later. Upgrade all access points to the same software release as the root access point.
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 75. General Security Troubleshooting (Continued) Problem/Question You are implementing 802.1x security and you cannot get an end device to authenticate with a RADIUS server. Recovering a Failed Access Point You should never need to use this procedure. However, if your access point is not functioning, you may need to download an entirely new file system.
Page 259
4. When the access point responds to the ping, use any TFTP client to transfer AP824X.DNL file to the access point. Make sure the Transfer mode is binary. IPaddress tftp –i put AP824X.dnl where IPaddress is the access point IP address you assigned in Step AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 260
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points 5. Type this command to remove the static ARP cache entry from your Once the TFTP transfer is complete, the access point will begin booting the image that was just passed to it. This image is only resident in RAM.
3. Enter the path and filename of the upgrade file (AP*WEB.BIN) or click Browse to find the file on your PC. For example, AP21WEB.BIN. AT-WA7500 and AT-WA7501 Installation and User’s Guide Note New releases of the firmware for the access point are available for...
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points 4. Click Upgrade to start the upgrade. The upgrade may take up to 3 5. When the upgrade is complete, click Save Changes and Reboot. Troubleshooting Each access point on a wired LAN requires approximately 3 minutes to upgrade (it takes slightly longer for wireless access points).
Chapter 9 Additional Access Point Features This chapter explains some of the more advanced ways that you can maintain the access points. This chapter covers these topics: “Understanding the Access Point Segments” on page 264 “Understanding Transparent Files” on page 265 “Using the AP Monitor”...
RAM and then the flash memory segment until it finds a file that matches the file name. Note Legacy scripts with commands that specify segment numbers or names can be run on AT-WA7500 and AT-WA7501 access points without generating errors.
AT-WA7500 and AT-WA7501 Installation and User’s Guide Understanding Transparent Files The AT-WA7500 and AT-WA7501 access points with software release 2.2 support transparent files, which are files without file headers. Transparent files all have the date May 14, 2002 (5-14-2002) and have no version.
Chapter 9: Additional Access Point Features Using the AP Monitor The AP (access point ROM) monitor is system software that lets you manipulate the access point files and file segments. You can only access the AP monitor through the serial port using a communications program. Entering the AP 1.
Page 267
Syntax: FX s where s is destination segment. You can use any number (1, 2, 3, or 4) to specify the one flash memory segment on the access point. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 9: Additional Access Point Features Purpose: Displays the manufacturing record for the access point. Use the MR command to display the MAC address, configuration string, and serial number for your access point. Syntax: MR Purpose: Sets the baud rate of the access point. Syntax: SR z where z is the baud rate.
2. Enter a password. The default password is EV98203T (case sensitive). When you are in Test mode, the test prompt (test>) appears. To exit Test mode At the test prompt, type X and press Enter. You return the ap prompt. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 9: Additional Access Point Features To display test commands Using Service In Service mode, you can perform file functions and segment functions such as deleting a file, downloading a file using the Ymodem protocol, and Mode Commands erasing a segment. To enter Service mode 1.
Page 271
Purpose: Makes an inactive segment the active segment. Because the access point has only one flash memory segment, this command has no affect on an AT-WA7500 or AT-WA7501. This command is included here for backward compatibility with older scripts only.
Page 272
Chapter 9: Additional Access Point Features To make segment 2 the active boot segment and segment 4 the active data segment, enter: FB 2 4 You can use an asterisk instead of a segment name if you want to leave that segment unchanged.
Page 273
(1, 2, 3, 4, id, ib, ad, or ab) to specify the one flash memory segment on the access point. Example: To erase the contents of the flash memory segment, enter: FE 1 AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 274
Chapter 9: Additional Access Point Features To erase the contents of the memory card, enter: FE APP: Purpose: Runs a program f, from a location s. Syntax: FFR f (s) where: is the program name. s is the optional segment location of the program. Example: To run program UAPBOOT.PRG from the flash memory segment, enter: FFR UAPBOOT.PRG 1...
Page 275
FPGA configuration filename. is the optional segment where you want to load the configuration file. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 9: Additional Access Point Features Using Command Console Mode You can use the Command Console mode to manipulate some access point files and file segments. You can also use Command Console mode to upgrade access points using TFTP and script files. You access the Command Console mode through the serial port using a communications program or over the network using a telnet session.
Access Point Segments” on page 264. Purpose: Makes an inactive segment the active segment. Because the AT-WA7500 and AT-WA7501 have only one flash memory segment, this command has no affect on the access points. This command is included here for backward compatibility with older scripts only.
Page 278
Chapter 9: Additional Access Point Features Purpose: Displays the flash file system directory, which includes information about the boot file and file type: E (executable), D (data), and T (transparent). Use this command to ensure that the correct version of the file is in the active boot segment.
With each successive failure, the retry time doubles until it reaches eight minutes. Once this limit is reached, it remains at eight minutes until the command is completed. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 280
Chapter 9: Additional Access Point Features In general, TFTP client sessions should fail only if the server is not responding either because it is busy serving other clients or because it has not been started. In either case, the access point backoff algorithm should prevent excessive network traffic when many access points are trying to contact a TFTP server.
Page 281
The file name can contain directory path information and must be in the format required by the server operating system. localfilename is the name of the file to be sent from the access point. AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 77. Explanation The file may be too big.
Page 282
Chapter 9: Additional Access Point Features Example: The following command takes file AP824X.PRG that is saved in the active boot drive on the access point client and stores it in the flash memory segment on the access point server that has IP address 1.2.3.4. TFTP PUT 1.2.3.4 IB:AP824X.PRG 1:AP824X.PRG The access point may generate these error messages when it issues a TFTP PUT command.
Page 283
Can’t write remote file TFTP opcode not read or write request Invalid opcode during read AT-WA7500 and AT-WA7501 Installation and User’s Guide Explanation The client is attempting to transfer a file in ASCII mode. The access point TFTP server only supports octet mode, which includes binary and image.
Chapter 9: Additional Access Point Features Invalid opcode during write Using sdvars Use sdvars commands to manipulate certain software download variables. Sdvars commands support both GET and SET arguments. You can enter Commands sdvars commands to GET a software download object, and then issue the sdvars command using the SET argument to assign the object a specified value.
Page 285
SNMP to determine the progress of the download. Syntax: sdvars set checkpoint value where value is a whole number. Example: Consider the following script file commands: sdvars set checkpoint 1 fe 1 AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Page 286
Chapter 9: Additional Access Point Features sdvars set checkpoint 2 TFTP get * ap824x.prg 1 sdvars set checkpoint 3 reboot When the software download is started, you can use SNMP to query its progress by reading the checkpoint variable. If the variable has a value of 2, you know that the access point is trying to execute the TFTP get statement.
Page 287
Example: To reboot the access point 2 hours from now, enter: sdvars set nextpoweruptime 00:02:00:00 AT-WA7500 and AT-WA7501 Installation and User’s Guide...
To test a script file, log onto an access point and type each of the script file commands. New Sample This new sample script upgrades an AT-WA7500 or AT-WA7501 access point. This script is based on upnopath.dnl, which is included in the AP Script for upgrade package.
Page 289
AT-WA7500 and AT-WA7501 Installation and User’s Guide file tftp get * software\cert.dnl 1: file tftp get * software\closed.dnl 1: file tftp get * software\discinca.dnl 1: file tftp get * software\easdb.dnl 1: file tftp get * software\echo.dnl 1: file tftp get * software\favicon.dnl 1: file tftp get * software\file.dnl 1:...
This sample script file was created for older access points with multiple segments. Although this script specifies segments that do not exist on Script for AT-WA7500 and AT-WA7501 access points, you can run this script on the Upgrading Any access points without generating errors.
To view and copy files from the access point using your web browser To transfer files to and from a TFTP server To start or stop the TFTP server To automatically upgrade software (in a network with older access point software) AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 9: Additional Access Point Features Importing or To import or export an EAS RADIUS database file Exporting an 1. Click Read or write the EAS RADIUS database. The EAS Database EAS RADIUS Database File 2. To import a file, enter of select the name of the database file to import 3.
3. In the second input field, type the file name or click Browse to select the file to be imported to the device. 4. When the correct file name is displayed in the input field, click Import to start the file transfer. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 9: Additional Access Point Features Viewing and To view and copy files from the access point using your web browser Copying Files 1. Click View the file system directory from this device using your Using Your Web Browser 2. Click any file name to transfer the file from the access point to your browser.
When performing TFTP GET commands, this field need only contain the segment identifier (1 or app) because the file name is determined by the header of the downloaded file. 5. Click Get or Put. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Chapter 9: Additional Access Point Features Starting or To start or stop the TFTP server Stopping the 1. Click Start or stop the TFTP server. The TFTP Server screen appears. TFTP Server 2. Click Stop Server to stop the TFTP server. Or click Start Server to start You can also use the TFTP SERVER START and STOP commands, described on page 282, to start and stop the TFTP server.
Page 297
5. In the Next Power Up Time field, enter the time in the format dd:hh:mm:ss (days:hours:minutes:seconds). When this timer expires, the access point will reboot, allowing the new firmware to take affect. 6. Click Start. AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Appendix A Specifications This appendix contains AT-WA7500 and AT-WA7501 specifications for reference purposes only. Actual product performance and compliance with local telecommunications regulations may vary from country to country. Allied Telesyn only ships products that are type approved in the...
Serial port maximum data rate Management interfaces SNMP agent Regulatory Approvals AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 80. AT-7500 Technical Specifications H x L x W 4.6 cm x 25.0 cm x 15.9 cm (1.8 in x9.8 in x 6.3 in) 526 g (1.16 lb)
Appendix A: Specifications AT-7501 Access Point Dimensions Weight AC electrical rating POE Electrical Rating Operating temperature Storage temperature Humidity (non-condensing) Industrial sealing Architecture Ethernet interfaces Ethernet compatibility Ethernet data rate Fiber optic interface (optional) Radios supported Media Access protocol Filters (protocol) Filters (others) Table 81.
Page 301
Class A; C tick Marked (AS 3548); CE Market, Compliant with RTT&E, EMC, LVD directives; (See separate radio approvals); UL Listed 1950/C22.2 #950 IEC; 60529-IP53 and C22.2 #94-ENC 3.5; TUV Licensed, EN 60950 & EN 60539-IP53; NYCE Certified, NOM 19, plenum-rated AT-WA7500 and AT-WA7501 Installation and User’s Guide...
Appendix A: Specifications Radio Specifications IEEE 802.11g Frequency band Type Modulation Power output Basic data rate Extended data rate Channels Range (Maximum power output, 11 Mbps) Receiver sensitivity (11 Mbps) Security IEEE 802.11b Frequency band Type Modulation Power output Data rate Table 82.
Frequency band Type Power output Data rate Channels AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 83. IEEE 802.11b Radio Technical Specifications 11 (North America), 13 (Europe), 4 (France), 14 (Japan). 1 (Israel) 160 m (525 ft) open environment 50 m (165 ft) semi-open environment...
Page 304
Appendix A: Specifications Range (depending on environment) Receiver sensitivity (54 Mbps) Table 84. IEEE 802.11a Radio Technical Specifications 248 m (813.7 ft) 240 m (787.4 ft) 175 m (574.2 ft) 132 m (433.1 ft) 56 m (183.7 ft) 37 m (121.4 ft) 19 m (62.3 ft) -68 dBm 6 Mbps...
Appendix B Default Settings This appendix provides factory defaults for reference purposes only. The factory default settings for the access points are listed in this section. You can record the settings for your installation in each table for reference.
Appendix B: Default Settings TCP/IP Settings Menu Defaults IP Address IP Subnet Mask IP Router (Gateway) DNS Address 1 DNS Address 2 DNS Suffix 1 DNS Suffix 2 DHCP Mode DHCP Server Name DHCP User Class DHCP Vendor Class Table 85. TCP/IP Settings Menu Defaults Parameter Range Name...
Page 307
Parameter Range Name DHCP for Use Any Access Point Available Network DHCP Server, Only Use Access Point DHCP Server Auto ARP 0 to 120 Minutes AT-WA7500 and AT-WA7501 Installation and User’s Guide Default Your Site? Use Any Available DHCP Server...
Appendix B: Default Settings DHCP Server Setup Menu Defaults Parameter Address High Address Lease Time Permanently Save IP Address Mappings IP Subnet Mask Table 86. DHCP Server Setup Menu Defaults Range Name 4 nodes, 0 to 255 4 nodes, 0 to 255 days:hours:minutes Check/Clear 4 nodes, 0 to 255...
Enable Medium Reservation Reservation Threshold (Appears if Enable Medium Reservation is enabled) Fragmentation AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 87. 802.11g Radio Menu Defaults Range Default Channel 1 to Channel 03, 11, 2412 to 2422 MHz 2462 MHz...
Page 310
Appendix B: Default Settings Parameter Name Antenna Control Mixed Mode Performance Disallow Network Name of ‘ANY’ DTIM Period Inbound Filters (Primary Only) Allow IAPP Allow Wireless Transport Protocol (WTP) Allow UDP Plus (UDP/IP Port 5555) Allow DHCP Allow All Other Protocols Table 87.
Distance Between APs Enable Microwave Oven Robustness Enable Load Balancing AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 88. 802.11b Radio Menu Defaults Range Name Master, Station, Disabled 0 to 32 characters Channel 1 to 11, 2412 to 2462 MHz 11, 5.5, 2, or 1...
Page 312
Appendix B: Default Settings Enable Medium Density Distribution Data/Voice Settings Disallow Network Name of ‘ANY’ DTIM Period Inbound Filters Parameters Allow IAPP Allow Wireless Transport Protocol (WTP) Allow SpectraLink Voice Protocol (SVP) Allow UDP Plus (UDP/IP Port 5555) Allow DHCP Allow All Other Protocols...
Medium, Low, Minimum 54, 48, 36, 24, 12, or 6 Mbps Check/Clear 24, 12, 6 Mbps 1 to 65535 256 to 2346 AT-WA7500 and AT-WA7501 Installation and User’s Guide Default Your Site? (full-range) Channel 36, 5180 MHz IEEE (mid-range) Channel 52,...
Page 314
Appendix B: Default Settings Reservation Threshold (2347 to Disable) Fragmentation Threshold Disallow Network Name of ‘ANY’ Beacon Period DTIM Period Inbound Filters Allow IAPP Allow Wireless Transport Protocol (WTP) Allow UDP Plus (UDP/IP Port 5555) Allow DHCP Allow All Other Protocols Table 89.
Rightmost LED Behavior Enable Ethernet Bridging Secondary LAN Bridge Priority Secondary LAN Flooding AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 90. Spanning Tree Setting Menu Defaults Range Name 0 to 16 characters 0 to 254 0 to 7 Check/Clear...
Appendix B: Default Settings Global Flooding Menu Defaults Multicast Flooding Multicast Outbound to Secondary LANs Allow Multicast Outbound to Terminals Unicast Flooding If Unicast Flooding is Universal or Hierarchical Unicast Outbound to Secondary LANs Allow Unicast Outbound to Terminals Enable ARP Flooding Table 91.
902 MHz Frag Size Set Globally Value S-UHF/902 MHz Awake Time Set Globally Value RFC1042 Types to Pass Through AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 92. Global RF Parameters Menu Defaults Range Name Check/Clear Enabled/ Disabled 0 to 250 bytes...
Page 318
Appendix B: Default Settings Table 92. Global RF Parameters Menu Defaults Parameter Range Default Your Site? Name 3 through 20 Two sets of 00 00 hexadecimal pairs 00 through FF.
Telnet Gateway Configuration Menu Defaults Parameter Host Name Host Port Term Port Idle Time Lost Time AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 93. Telnet Gateway Configuration Menu Defaults Range Name IP address or DNS name Off, 23,5000, 5001, 5002,...
Appendix B: Default Settings Ethernet Configuration Menu Defaults Parameter Port Type Link Speed Enable Link Status Check Address Table 1 through 20 Frame Type Filters Allow/Pass Scope Predefined Subtype Filters Allow/Pass Table 94. Ethernet Configuration Menu Defaults Range Name 10/100 Mb Twisted- Pair 100 Mb Fiber Optic Auto Select, 100...
SubType Value Filter Values Value ID Value Filter Expressions ExprSeq Offset Mask Value ID Action AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 95. Ethernet Advanced Filters Menu Defaults Range Name Check/Clear DIX-IP-TCP-Port, DIX-IP-UDP-Port, DIX-IP-Protocol, DIX-IPX-Socket, DIX-EtherType, SNAP-IP-TCP-Port, SNAP -IP-UDP-Port,...
Appendix B: Default Settings IP Tunnels Menu Defaults Parameter Name Mode Enable IGMP (Appears if Mode is Listen) Multicast Address (Appears if Enable IGMP is checked) Allow IP Multicast (Appears if Mode is Originate if Root) IP Addresses (1-8) (Appears if Mode is Originate if Root) Tunnels Filter...
Page 323
DIX-IPX-Socket, DIX-EtherType, SNAP-IP-TCP- Port, SNAP -IP-UDP- Port, SNAP -IP-Protocol, SNAP -IPX-Socket, SNAP -EtherType, 802.3-IPX-Socket, 802.2 -IPX-Socket, 802.2-SAP Value Two sets of hexadecimal pairs 00 through FF. AT-WA7500 and AT-WA7501 Installation and User’s Guide Default Your Site? DIX-IP-TCP- Port 00 00...
Appendix B: Default Settings Network Management Menu Defaults Parameter Name SNMP Read Community SNMP Write Community SNMP Secret Community Avalanche Agent Name Instant On Menu Defaults Parameter Name Enable Instant On Server Enable Secure Credential Creation (Appears if Enable Instant On Server is enabled) Table 98.
Allow ICMP Configuration Allow Avalanche Access Passwords Menu Defaults Parameter Use RADIUS for Login Authorization User Name AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 100. Security Menu Defaults Range Name Secure-Only (Port 443), Enabled (Port 80/443), Disabled Check/Clear Check/Clear Check/Clear...
Appendix B: Default Settings Password Read Only Password Allow Service Password IEEE 802.11 (g, b or a) Radio Security Menu Defaults Enable ACL Client Authorization Enable Alternative Method ACL ACL RADIUS Client Password (Appears if Enable ACL Client Authorization is enabled) VLAN Security Level...
Page 327
ASCII pass- phrase Key Rotation Any number Period If Security Level is WPA + 802.1x Multicast WEP, TKIP Encryption Type Key Rotation Any number Period AT-WA7500 and AT-WA7501 Installation and User’s Guide Default Your Site? 80211 TKIP (blank) TKIP...
Appendix B: Default Settings RADIUS Server List Menu Defaults IP Address/ DNS name Secret Key Port 802.1x Login Spanning Tree Security Menu Defaults Secure IAPP If 802.1x security or Secure IAPP is enabled IAPP Secret Allow SWAP Allow TLS Allow TTLS Preferred Protocol User Name...
Enable Server If Enable Server is enabled Default Secret UDP Port Authorization Time Enable PEAP Fast Reconnect AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 104. Spanning Tree Security Menu Defaults Range 1 to 31 anonymous characters Check/Clear Clear Range...
Appendix C Glossary ARP (Address Resolution Protocol) cache A table that stores IP addresses and their corresponding MAC addresses. The access point maintains an ARP cache and can act as an ARP server. BFSK (Binary Frequency Shift Key) A broadcasting method that lengthens the range but halves the throughput as compared to the QFSK method.
Page 331
AT-WA7500 and AT-WA7501 Installation and User’s Guide To enable data link tunneling, disable Ethernet bridging. designated bridge Also called a secondary LAN bridge. An access point that is assigned the role of bridging frames destined for or received from a secondary LAN. A designated bridge connects a secondary LAN with the primary LAN.
Page 332
Appendix C: Glossary Ethernet bridging When an access point receives wireless traffic and the destination address is known, it forwards frames to the port with the shortest path to the destination address. When the access point has not learned the direction of the shortest path for the destination address, it forwards frames based on flooding settings to try to locate the destination address.
Page 333
AT-WA7500 and AT-WA7501 Installation and User’s Guide IGMP (Internet Group Management Protocol) A standard protocol that lets you originate multiple IP tunnels using one IP multicast address. IGMP allows IP multicast frames to be routed to remote IP subnets that have hosts participating in the multicast group. By enabling IGMP, access points can act as IP hosts and participate in an IP multicast group.
Page 334
Appendix C: Glossary activity. The MIB for the access point is available from the Allied Telesyn web site at www.alliedtelesyn.com. multicast address A form of broadcast address through which copies of the frame are delivered to a subset of all possible destinations that have a common multicast address.
Page 335
AT-WA7500 and AT-WA7501 Installation and User’s Guide point-to-point bridge See also wireless bridge. A bridge that connects two wired networks with similar architectures. Two access points can be used to provide a point-to- point bridge between two buildings so that wired and wireless devices in each building can communicate with devices in the other building.
Page 336
Appendix C: Glossary root port The access point port that provides the inbound connection to the spanning tree. The root port provides a link to a parent access point. Note that a root access point does not have a root port. root IP subnet Also called the home IP subnet and primary LAN.
Page 337
Ethernet, you plug the access point into the splitter and then you plug the splitter into a power bridge. The AT-WA7500 and AT-WA7501 do not use a splitter. SWAP (Secure Wireless Authentication Protocol) This protocol creates secure wireless hops if you enable secure IAPP. It forces access points to authenticate each other using an EAP-MD5 challenge.
Page 338
Appendix C: Glossary to the home subnet of the end device. If the end device has roamed to another subnet, the frame must be forwarded to the remote subnet where the end device currently resides. unicast address A unique Ethernet address assigned to a single device on the network. VLAN (virtual LAN) A network of wireless end devices that behave as if they are connected to the same wire even though they may actually be physically located on...
Page 339
AT-WA7500 and AT-WA7501 Installation and User’s Guide WPA (Wi-Fi Protected Access) A feature that can be implemented in the 802.11g, 802.11b, and 802.11a radios for security in a wireless network. WPA is a strongly enhanced, interoperable Wi-Fi security protocol that addresses many of the vulnerabilities of WEP.