Page 1 Access Points ® AT-WA7500 AT-WA7501 ◆ Installation and User’s Guide VERSION 2.2 PN 613-50496-00 Rev B...
Page 2 Copyright © 2004 Allied Telesyn, Inc. 3200 North First Street, San Jose, CA 95134 USA All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft is a registered trademark of Microsoft Corporation, Netscape Navigator is a registered trademark of Netscape Communications Corporation.
Page 3: Table Of Contents
Chapter 1 Getting Started ................................11 Which Allied Telesyn Access Products Does This Manual Support? ................12 Overview of the AT-WA7500 and AT-WA7501 Access Point Products................13 Features ..................................15 What’s New for Software Releases 2.2? ........................16 Understanding the LEDs ............................17 Understanding the Ports.............................19...
Page 4 Contents External Antenna Placement Guidelines ........................... 60 Positioning Antennas for 802.11g, 802.11b, and 802.11a Radios ................61 Chapter 3 Configuring the Ethernet Network ..........................65 Configuring the TCP/IP Settings ............................66 Configuring the Access Point as a DHCP Client ......................68 Configuring the Access Point as a DHCP Server .......................71 Configuring the Access Point to Send ARP Requests....................77 Configuring Other Ethernet or Fiber Optic Settings ......................
Page 5 AT-WA7500 and AT-7501 Installation and User’s Guide Enabling Secure Communications Between Access Points and End Devices..............186 Using an Access Control List (ACL) .........................186 Configuring VLANs ..............................189 Configuring WEP 64/128/152 Security ........................191 Implementing an 802.1x Security Solution .......................194 Configuring Wi-Fi Protected Access (WPA) Security ....................201 Chapter 7 Configuring the Embedded Authentication Server (EAS) ..................
Page 6 Contents Creating Script Files................................. 298 New Sample Script for Upgrading an Access Point....................298 Legacy Sample Script for Upgrading Any Access Point ...................300 Copying Files To and From the Access Point........................301 Importing or Exporting an EAS RADIUS Database File ...................302 Transferring Files Using Your Web Browser ......................303 Viewing and Copying Files Using Your Web Browser ....................304 Transferring Files to and from a TFTP Server ......................305...
Page 7: Preface
Preface This manual provides you with information about the features of the Allied Telesyn AT-WA7500 and AT-WA7501 access points with software release 2.0 (or later). This manual also describes how to install, configure, operate, maintain, and troubleshoot the access points.
Page 8: Document Conventions
Preface Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Page 9: Where To Find Web-Based Guides
AT-WA7500 and AT-WA7501 Installation and User’s Guide Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in Portable Document Format (PDF) from on our web site at www.alliedtelesyn.com . You can view the documents on-line or...
Page 10: Contacting Allied Telesyn
Preface Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base from the following web site: www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Page 11: Chapter 1 Getting Started
Chapter 1 Getting Started This chapter introduces the Allied Telesyn AT-WA7500 and AT-WA7501 access points, explains their features, and describes how you can use them to expand your data collection network. This chapter covers these topics: “Which Allied Telesyn Access Products Does This Manual Support?”...
Page 12: Which Allied Telesyn Access Products Does This Manual Support
Chapter 1: Getting Started Which Allied Telesyn Access Products Does This Manual Support? This system manual supports the AT-WA7500 and AT-WA7501 access points with software release 2.2.
Page 13: Overview Of The At-Wa7500 And At-Wa7501 Access Point Products
They are designed for standards-based connectivity and they support industry standard IEEE 802.11g, 802.11b, and 802.11a wireless technologies. The AT-WA7500 and AT-WA7501 access points with an IEEE 802.11g radio installed are Wi-Fi certified for interoperability with other 802.11g and 802.11b wireless LAN devices.
Page 14 Chapter 1: Getting Started On the left, this illustration shows the ways you can manage and configure the access point, and on the right, it shows the access point’s general multiport bridge architecture. Management and Configuration Multiport Bridge Forwarding Spanning Wireless ARP DHCP DHCP...
Page 15: Features
AT-WA7500 and AT-WA7501 Installation and User’s Guide provides a pending message delivery service that holds frames until the end device is ready to receive them. Features This table lists the features of the access points. Table 1. Access Point Feature Comparison...
Page 16: What's New For Software Releases 2.2
Chapter 1: Getting Started Table 1. Access Point Feature Comparison (Continued) Feature AT-WA7500 AT-WA7501 NEMA 4/IP 54 Protection Power Supply Power Over Ethernet Heater Option * Currently, the 802.11g radio does not support wireless bridging and wireless hops. ** The 802.11g radio is sometimes referred to as the 802.11b/g radio because it can be configured to communicate with any 802.11b and...
Page 17: Understanding The Leds
Instant On client installed. Currently, this feature can only be used in EasyADC systems. Understanding The AT-WA7500 and AT-WA7501 access points have five LEDs. To understand the LEDs during normal use, see the next table. To use the the LEDs LEDs to help troubleshoot the radios, see “Troubleshooting the Radios”...
Page 18 Indicator Power Wired LAN Figure 2. AT-WA7501 LEDs This illustration shows the LEDs that are on the AT-WA7500 access point. For help understanding these LEDs, see the LED Descriptions table on page 17. U n i v e r s a l...
Page 19: Understanding The Ports
AT-WA7500 and AT-WA7501 Installation and User’s Guide Understanding The access point may have up to four ports. the Ports Table 3. Port Descriptions Port Description Power (Not AT-WA7500, Used with an appropriate power cable, optional AT-WA7501) this port connects the access point to an AC power source.
Page 20 Chapter 1: Getting Started This illustration shows the ports that are on the AT-WA7501. For help understanding these ports, see the Port Descriptions table on page 19. Cable access door Power port Serial (optional) port 10BaseT/ Fiber optic 100BaseTx port (optional) Ethernet port Figure 4.
Page 21 AT-WA7500 and AT-WA7501 Installation and User’s Guide The AT-WA7500 ports are located on the bottom of the access point. This illustration shows the ports that are on the AT-WA7500. For help understanding these ports, see the Port Descriptions table on page 19.
Page 22: How The Access Point Fits In Your Network
WAP. Use the access point in the following locations and environments. Table 4. Access Point Environments Access Point Environment AT-WA7500 Use in most indoor environments. AT-WA7501 Use in locations where an access point is exposed to extreme environments.
Page 23 AT-WA7500 and AT-WA7501 Installation and User’s Guide In a simple wireless network, the access point that is connected to the wired network serves as a transparent bridge between the wired network and wireless end devices. To install a simple wireless network 1.
Page 24: Using Multiple Access Points And Roaming Wireless End Devices
Chapter 1: Getting Started Example - Configuring an 802.11g Access Point Host Access point Ethernet Figure 7. 802.11g Access Point Table 5. 802.11g Access Point Parameter Settings Screen Parameter Access Point 802.11g Radio Node Type Master SSID (Network Manufacturing Name) Spanning Tree Root Priority Settings...
Page 25 AT-WA7500 and AT-WA7501 Installation and User’s Guide This illustration shows a wireless network with multiple access points. Wireless end devices can roam between the access points to communicate with the host and other end devices. Host Ethernet Figure 8. Multiple Access Points with Roaming End Devices An end device initiates a roam when it attaches to a new access point.
Page 26 Chapter 1: Getting Started Example - Configuring an 802.11g Access Point with Roaming End Devices In this example, there is one 802.11g radio in each access point. Wireless end devices can roam between the access points to communicate with the host and other end devices.
Page 27: Using An Access Point As A Wap
AT-WA7500 and AT-WA7501 Installation and User’s Guide The access points communicate with each other through the spanning tree. The wireless end devices are configured as stations with LAN ID set to 0 and SSID set to Op3rat!ons. Using an Access You can extend the range of your wireless network by configuring a dual radio access point as a wireless access point (WAP).
Page 28 Chapter 1: Getting Started WAPs must be on the same IP subnet as the access point. Also, data from wireless end devices should not go through more than three wireless hops before it gets to an access point on the primary LAN. The following procedure explains how to install a simple wireless network with a WAP and no roaming end devices.
Page 29 AT-WA7500 and AT-WA7501 Installation and User’s Guide 6. Configure the master radio in the access point: a. From the main menu, click the link corresponding to the master radio. The radio screen appears. b. Make sure the Allow Wireless Access Points field is On Primary.
Page 30 Chapter 1: Getting Started Example - Configuring an 802.11b WAP With Roaming End Devices In this example, there is one 802.11b radio in the access point and there are two 802.11b radios (802.11b Radio-1 and 802.11b Radio-2) in the WAP. Wireless end devices can roam between the WAP and the access point.
Page 31 AT-WA7500 and AT-WA7501 Installation and User’s Guide Example - Configuring an 802.11a WAP With Roaming End Devices In this example, there is one 802.11a radio in the access point and there is one 802.11a radio in the WAP. Wireless end devices can roam between the WAP and the access point.
Page 32: Using Access Points To Create A Point-To-Point Bridge
Chapter 1: Getting Started Using Access You can use access points to create a point-to-point bridge between two wired LANs. That is, you can have one access point wired to a primary Points to Create a LAN in one building and have a second access point wired to a secondary Point-to-Point LAN in another building.
Page 33 AT-WA7500 and AT-WA7501 Installation and User’s Guide Data from wireless end devices should not go through more than three wireless hops before it gets to an access point on the primary LAN. You need to set the root priorities and secondary LAN bridge priorities for...
Page 34 Chapter 1: Getting Started 4. Configure the spanning tree settings for the point-to-point bridge on the secondary LAN: a. From the main menu, click Spanning Tree Settings. The Spanning Tree Settings screen appears. b. In the Root Priority field, enter 0. c.
Page 35 AT-WA7500 and AT-WA7501 Installation and User’s Guide 7. Configure the spanning tree settings for the point-to-point bridge on the primary LAN: a. From the main menu, click Spanning Tree Settings. The Spanning Tree Settings screen appears. b. In the Root Priority field, enter a number other than 0.
Page 36 Chapter 1: Getting Started Table 9. 802.11g Point-to-Point Bridges Parameter Settings Bridge Bridge Secondary Screen Parameter Primary LAN (Root) (Designated Bridge) 802.11g Allow Wireless Access On Primary (not Radio Points applicable) Node Type Master Station SSID Manufactur- Manufactur- Spanning LAN ID Tree Root Priority Settings...
Page 37: Using Dual Radio Access Points For Redundancy
Allied Telesyn recommends that you always implement some type of security. Using Dual Radio You can configure AT-WA7500 units and AT-WA7501 units that have two 802.11g radios, two 802.11b radios, or two 802.11a radios to provide Access Points for redundancy for your network.
Page 38 Chapter 1: Getting Started In this example, AP3 is a dual radio access point. It may be located on a loading dock or other remote location. During normal operations, AP3 functions as a normal access point, transmitting frames to and from the host.
Page 39: Configuring The Access Point (Setting The Ip Address)
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring the Access Point (Setting the IP Address) The access point will work out of the box if you are using a DHCP server to assign it an IP address. By default, the access point is configured to be a DHCP client and will respond to offers from any DHCP server.
Page 40 Chapter 1: Getting Started 4. Press Enter when the message “Starting system” appears on your PC screen. The Username field appears. 5. In the Username field type the default user name “atilan”, and then press Enter. The user name is case sensitive. 6.
Page 41: Using A Web Browser Interface
AT-WA7500 and AT-WA7501 Installation and User’s Guide 7. Press Enter to access the TCP/IP Settings menu. 8. If you are not using a DHCP server, you need to manually assign an IP address. Configure these parameters in the TCP/IP Settings menu: IP Address - A unique IP address.
Page 42 Chapter 1: Getting Started To use a web browser interface 1. Determine the IP address of the access point. If a DHCP server assigned the IP address, you must get the IP address from the DHCP server. 2. Start the web browser application. 3.
Page 43: Using A Telnet Session
AT-WA7500 and AT-WA7501 Installation and User’s Guide 5. Click Login. The TCP/IP Settings screen appears. Your web browser session is established. Note Although you can use several different methods to manage the access point remotely, this manual assumes you are using a web browser.
Page 44 Chapter 1: Getting Started 2. From a command prompt, type: telnet IPaddress where IPaddress is the IP address of the access point. 3. Press Enter. 4. If necessary, enter the user name and press Enter. Then, enter the password and press Enter. The default user name is “atilan” and the default password is “atilan”.
Page 45: Saving Configuration Changes
AT-WA7500 and AT-WA7501 Installation and User’s Guide Saving Configuration Changes When you are done configuring the access point, you may want to activate your changes immediately or you may want to save the changes now and activate them later. If you choose to activate the changes later, they will become active the next time the access point is booted.
Page 46 Chapter 1: Getting Started This screen appears. Select to use new configuration Select to use new configuration settings immediately settings the next time you reboot the access point Lists possible configuration Lists configuration changes changes that still need that have been made to be made 2.
Page 47: Using A Telnet Session
AT-WA7500 and AT-WA7501 Installation and User’s Guide To discard the changes Click Discard Pending Changes. Using a Telnet 1. From the Access Point Configuration menu, choose Save Configuration. Session 2. Choose Reboot to reboot the access point and immediately use your...
Page 48 Chapter 1: Getting Started...
Page 49: Installing The Access Points
Chapter 2 Installing the Access Points This chapter explains how to install the Allied Telesyn AT-WA7500 and AT-WA7501 access points in your data collection network, provides some tips on how to position access points to improve your network performance, and provides some external antenna guidelines. This chapter covers these topics: “Installation Guidelines”...
Page 50: Installation Guidelines
Chapter 2: Installing the Access Points Installation Guidelines Allied Telesyn recommends that you have an Allied Telesyn-certified RF specialist conduct a site survey to determine the ideal locations for all your Allied Telesyn wireless network devices. To conduct a proper site survey, you need to have special equipment and training.
Page 51: Other Access Points
AT-WA7500 and AT-WA7501 Installation and User’s Guide Other Access Access points that are configured for the same frequency and that are in the same radio coverage area may interfere with each other and decrease Points throughput. You can reduce the chance of interference by configuring...
Page 52: Installing The At-Wa7501
Chapter 2: Installing the Access Points Installing the AT-WA7501 You can place the AT-WA7501 horizontally or vertically on a desk or counter. If you want to mount the AT-WA7501 to a wall or beam using an Allied Telesyn mounting bracket kit, you need one of these mounting kits: Mounting bracket kit Rotating mounting bracket kit To order one of these kits, contact your Allied Telesyn representative.
Page 53: Connecting The At-Wa7501 To Your Wired Lan
AT-WA7500 and AT-WA7501 Installation and User’s Guide Connecting the Unless you are using the AT-WA7501 as a WAP, you need to connect it to your Ethernet or fiber optic network. To connect the AT-WA7501 to your AT-WA7501 to fiber optic network, you must have a AT-WA7501 with the fiber optic Your Wired LAN option.
Page 54: Installing The At-Wa7500
2. Mount the AT-WA7500. For help see the AT-WA7500 Quick Install Guide and the instructions that shipped with the bracket kit. 3. Connect the AT-WA7500 to your wired LAN (unless you are using it as a WAP). For help, see “Connecting the AT-WA7500 to Your Wired LAN and Power”...
Page 55: Connecting To Your Fiber Optic Network
AT-WA7500 and AT-WA7501 Installation and User’s Guide Connecting to Your Fiber Optic Network You can order your AT-WA7501 access point with a fiber optic option. Using an appropriate patch cord and adapter (as described in the next section), you can connect your access point to: an MT-RJ network.
Page 56: Connecting To An Mt-Rj Network
Chapter 2: Installing the Access Points Note All cables must be multimode, 62.5/125 µm. Connecting to an To connect to an MT-RJ network, you need: MT-RJ Network a patch cord with a female MT-RJ connector to insert into the access point’s male MT-RJ fiber optic port, and another female MT-RJ connector to insert into the MT-RJ adapter.
Page 57 AT-WA7500 and AT-WA7501 Installation and User’s Guide 2. Connect the access point to your network as shown in the next two illustrations. Female MT-RJ connector To access point SC connector SC adapter SC connector Patch cord To SC network Note The patch cord shown above must connect to the access point with a female MT-RJ connector.
Page 58: Connecting To An St Network
Chapter 2: Installing the Access Points Connecting to an To connect to an ST network, you need: ST Network a patch cord with a female MT-RJ connector to insert into the access point’s male MT-RJ fiber optic port, and an ST connector to insert into the ST adapter.
Page 59: Connecting Power Over Ethernet
For a list of the power bridges that Allied Telesyn sells, contact your local Allied Telesyn representative. This illustration shows how you connect the AT-WA7500 to a power bridge with a typical Ethernet cable to run power over Ethernet.
Page 60: External Antenna Placement Guidelines
Chapter 2: Installing the Access Points External Antenna Placement Guidelines Note Currently, the 802.11g radio with software release 2.2 does not support antenna diversity. Depending on which radio slots contain radios, you only connect antennas to the primary connectors (2 and Antennas and their placement play a vital role when installing a wireless network.
Page 61: Positioning Antennas For 802.11G, 802.11B, And 802.11A Radios
AT-WA7500 and AT-WA7501 Installation and User’s Guide Positioning The 802.11g and 802.11b radios have two ports: one is a transmit/receive port (primary) and the other is a receive-only port (secondary). The Antennas for 802.11a radios have two ports; both ports are transmit/receive ports. Allied 802.11g, 802.11b,...
Page 62 Chapter 2: Installing the Access Points Stacked Antenna Positioning for Dual Radio Access Points As an alternative to the physical separation of omni antennas, you can mount them along a single axis to minimize the antenna-to-antenna coupling. Primary antenna for Radio 1 Secondary antenna for Radio 1 All four antennas...
Page 63 AT-WA7500 and AT-WA7501 Installation and User’s Guide To achieve optimum placement for the two antennas, you must place the transmit/receive antenna so that it is within range of all the radios that the receive-only antenna can hear. Note these important points: Use external antennas to achieve the recommended antenna separation for placement of either omni or directional antennas.
Page 64 Chapter 2: Installing the Access Points...
Page 65: Configuring The Ethernet Network
Chapter 3 Configuring the Ethernet Network This chapter explains how to configure the AT-WA7500 and AT-WA7501 access points so that they communicate with your Ethernet network. This chapter explains: “Configuring the TCP/IP Settings” on page 66 “Configuring Other Ethernet or Fiber Optic Settings” on page 79...
Page 66: Configuring The Tcp/Ip Settings
Chapter 3: Configuring the Ethernet Network Configuring the TCP/IP Settings If you are using a DHCP server to automatically assign an IP address to the access point, go to “Configuring the Access Point as a DHCP Client” on page 68. If you are not using a DHCP server, you need to manually assign some TCP/IP parameters.
Page 67 AT-7500 and AT-WA7501 Installation and User’s Guide 4. If you want to configure the access point as a NAT server, see “About Network Address Translation (NAT)” on page 76. 5. If you want to configure the access point to send ARP requests, see “Configuring the Access Point to Send ARP Requests”...
Page 68: Configuring The Access Point As A Dhcp Client
Chapter 3: Configuring the Ethernet Network Table 1. TCP/IP Settings Descriptions (Continued) Parameter Explanation DNS Suffix 1 Enter a domain name suffix that will be appended to DNS names that cannot be resolved. If the access point is a DHCP server, this is the only DNS suffix that is delivered to DHCP clients.
Page 69 AT-7500 and AT-WA7501 Installation and User’s Guide To configure the access point as a DHCP client 1. From the menu, click TCP/IP Settings. The TCP/IP Settings screen appears. 2. Configure the DHCP parameters to make this access point a DHCP client.
Page 70 Chapter 3: Configuring the Ethernet Network 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 45. Table 2.
Page 71: Configuring The Access Point As A Dhcp Server
AT-7500 and AT-WA7501 Installation and User’s Guide Table 2. DHCP Client Parameter Descriptions (Continued) Parameter Explanation DHCP for Access Determines which DHCP servers may be used by Point Network access points and wireless devices: Use Any Available DHCP Server: Access points and wireless devices may receive DHCP responses and addresses from any available DHCP server.
Page 72 Chapter 3: Configuring the Ethernet Network To avoid a single point of failure, you can configure more than one access point to be a DHCP server; however, the access points do not share DHCP client databases. You should configure each DHCP server with a different address pool from which to allocate client IP addresses.
Page 73 AT-7500 and AT-WA7501 Installation and User’s Guide Table 3. DHCP Server Parameter Descriptions (Continued) Parameter Explanation DHCP User Class Leave the field blank if you want this access point to respond to requests from any client. Or enter the DHCP user class identifier as defined in RFC 3004.
Page 74 Chapter 3: Configuring the Ethernet Network 4. Click Submit Changes to save your changes. DHCP Server Setup appears in the menu. 5. From the menu, click DHCP Server Setup. The DHCP Server Setup screen appears. 6. Configure the DHCP server. For help, see the next table. 7.
Page 75 AT-7500 and AT-WA7501 Installation and User’s Guide Table 4. DHCP Server Setup Parameter Descriptions (Continued) Parameter Explanation High Address Enter the high IP address in the range of IP addresses available to the DHCP server for distribution to DHCP clients. If these addresses are not on the same subnet as the access point, the access point will perform Network Address Translation (NAT) for the clients...
Page 76 Chapter 3: Configuring the Ethernet Network Supported DHCP Server Options When the access point is acting as a DHCP server, it issues IP address leases to configure the IP address, along with the DNS addresses, DNS suffixes, IP subnet mask, and IP router. These parameters will contain the same values as those configured for the access point.
Page 77: Configuring The Access Point To Send Arp Requests
AT-7500 and AT-WA7501 Installation and User’s Guide same subnet as the access point. NAT is enabled if the range of addresses to be given to DHCP clients is not on the same subnet as the access point; thus, you are creating a virtual network and the DHCP server will also perform NAT translation.
Page 78 Chapter 3: Configuring the Ethernet Network 2. In the Auto ARP Minutes field, enter a time period from 1 to 120 minutes. To disable this parameter, enter 0. 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot.
Page 79: Configuring Other Ethernet Or Fiber Optic Settings
AT-7500 and AT-WA7501 Installation and User’s Guide Configuring Other Ethernet or Fiber Optic Settings Many of the standard Ethernet or fiber optic settings are configured in the TCP/IP Settings screen. For help, see “Configuring the TCP/IP Settings” on page 66. In the Ethernet screen, you can set the port type, set the link speed, and enable or disable the link status check.
Page 80: Configuring The Ethernet Address Table
Chapter 3: Configuring the Ethernet Network Table 5. Ethernet Parameter Descriptions Parameter Explanation Port Type Appears only if the access point has a fiber optic port. This field specifies the port that the access point uses to communicate with the Ethernet network: 10/100 Mb Twisted-Pair: The access point communicates with the Ethernet network through the Ethernet port.
Page 81: Configuring Ethernet Filters
AT-7500 and AT-WA7501 Installation and User’s Guide If you choose not to configure this table, the designated bridge or WAP may need to flood frames to the Ethernet and radio ports to learn the path to the MAC address. These addresses become permanent entries in the forwarding table of the designated bridge or WAP.
Page 82 Chapter 3: Configuring the Ethernet Network For more examples of using Ethernet filters and for help configuring IP filters, see “Configuring IP Tunnel Filters” on page 150. Using Ethernet Frame Type Filters You can define filters for common networking protocols such as IP, Novell IPX, and 802.2 LLC.
Page 83 AT-7500 and AT-WA7501 Installation and User’s Guide To set frame type filters 1. From the main menu, click Ethernet > Frame Type Filters. The Frame Type Filters screen appears. 2. For each frame type field, check or clear the Allow/Pass check box to configure if the frame types are allowed to pass or are dropped.
Page 84 Chapter 3: Configuring the Ethernet Network 5. If you set the Scope field to Unlisted for any of the frame types, you must also configure predefined subtype filters or customizable subtype filters. For help, see the next section, “Using Predefined Subtype Filters”...
Page 85 AT-7500 and AT-WA7501 Installation and User’s Guide Using Predefined Subtype Filters You can configure the access point to pass or drop certain predefined frame subtypes. To configure predefined subtype filters 1. From the main menu, click Ethernet > Predefined Subtype Filters. The Predefined Subtype Filters screen appears.
Page 86 Chapter 3: Configuring the Ethernet Network Value: The value must be two hex pairs. When a match is found between frame subtype and value, the specified action is taken. To customize subtype filters 1. From the main menu, click Ethernet > Customizable Subtype Filters. The Customizable Subtype Filters screen appears.
Page 87 AT-7500 and AT-WA7501 Installation and User’s Guide Table 7. Subtype Filter Descriptions (Continued) SubType Value DIX-EtherType Specify the registered DIX type in hexadecimal. SNAP-IP-TCP-Port Port value in hexadecimal. SNAP-IP-UDP-Port Port value in hexadecimal. SNAP-IP-Protocol Port value in hexadecimal. SNAP-IPX-Socket Socket value in hexadecimal. SNAP-EtherType SNAP type in hexadecimal.
Page 88 Chapter 3: Configuring the Ethernet Network Table 8. Example – Customizable Subtype Filter Filter Parameter Value Explanation Allow/Pass Clear (drop) This filter drops DHCP Subtype DIX-IP-UDP- responses to Port wireless end devices Value 00 43 communicating with this access point. Allow/Pass Clear (drop) This filter drops...
Page 89 AT-7500 and AT-WA7501 Installation and User’s Guide 2. Enter up to 22 value IDs and values. 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes”...
Page 90 Chapter 3: Configuring the Ethernet Network 2. Configure the filter expressions parameters. For help, see the next table. 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes”...
Page 91 AT-7500 and AT-WA7501 Installation and User’s Guide Table 9. Filter Expressions Parameter Descriptions (Continued) Parameter Explanation Mask Applies a data pattern to the frame. If the data pattern in the mask matches the frame, then the specific action is performed. The mask indicates the bits that are significant at the specified offset.
Page 92 Chapter 3: Configuring the Ethernet Network Table 10. Example 1 - Filter Values Value ID Value Description ff ff ff ff ff ff Allows multicast traffic to enter the wireless network, which is necessary for IP end devices to communicate 00 02 2d 04 The MAC address of an end device you b7 a4...
Page 93 AT-7500 and AT-WA7501 Installation and User’s Guide For this example, set these filter expressions. Table 11. Example 1 – Filter Expressions Parameter Value Explanation ExprSeq The order that you want the expressions executed. You must have an expression for each Value ID that is listed in the Filter Values menu.
Page 94 Chapter 3: Configuring the Ethernet Network You must enter a filter expression for each Value ID in the Filter Values menu. In this example, only the ExprSeq value and the Value ID value change. Example 2 This example shows how to use Ethernet filters to discard all DIX IP multicast frames except those from selected devices.
Page 95 AT-7500 and AT-WA7501 Installation and User’s Guide Ethernet stations whose addresses are listed on the Filter Values menu. The default action is the opposite of the action specified in the last expression. In this example, the action of the last expression is drop; therefore, the default action is pass.
Page 96 Chapter 3: Configuring the Ethernet Network Table 13. Example 2 – First Filter Expression (Continued) Parameter Value Explanation Value ID This filter expression applies to value ID 2 from the Filter Values menu. Action If this filter expression is true, continue to the next expression.
Page 97 AT-7500 and AT-WA7501 Installation and User’s Guide Table 14. Example 2 – Second Filter Expression (Continued) Parameter Value Explanation Compares the value after the offset and mask are applied to the value of the Value ID from the Filter Values menu to see if they are equal.
Page 98 Chapter 3: Configuring the Ethernet Network Table 15. Example 2 – Third Filter Expression (Continued) Parameter Value Explanation Mask ff ff ff ff ff ff Checks the 6-byte source Ethernet address for an exact match. Compares the value after the offset and mask are applied to the value of the Value ID from the Filter Values menu to see if they are not equal.
Page 99: Configuring The Radios
Chapter 4 Configuring the Radios This chapter explains how to configure the radios in the AT-WA7500 and AT-WA7501 access points so that they communicate with your wireless end devices. This chapter covers these topics: “About the Radios” on page 100 “Configuring the 802.11g Radio”...
Page 100: About The Radios
Chapter 4: Configuring the Radios About the Radios The AT-WA7500 and AT-WA7501 access products may contain one or two radios. You can use access points that contain two different types of radios to support two different types of wireless networks, such as legacy networks.
Page 101: Configuring The 802.11G Radio
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring the 802.11g Radio You can configure the 802.11g radio to communicate with other 802.11g and 802.11b radios that have the same: SSID (Network Name) Security For each radio, you can assign up to four service sets, creating one primary service set and up to three secondary service sets.
Page 102 Chapter 4: Configuring the Radios If your screen does not look like the previous one, your primary service set may be configured as station (instead of master), so that the secondary service sets are not available, as shown next. 2. Configure the parameters for the radio. For help, see the next table. 3.
Page 103 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 1. 802.11g Radio Parameter Descriptions Parameter Explanation Frequency Choose the frequency that this access point uses (Master radio only) to transmit and receive frames. The available frequencies depend on the country and the radio option configured on the access point.
Page 104 Chapter 4: Configuring the Radios Table 1. 802.11g Radio Parameter Descriptions (Continued) Parameter Explanation Node Type If the primary SSID is Station, all secondary (continued) service sets are disabled and do not appear on screen. If the primary service set is Disabled, all secondary service sets (and the physical radio) are disabled.
Page 105 AT-WA7500 and AT-WA7501 Installation and User’s Guide Worldwide Frequencies for 802.11g and 802.11b Radios Table 2 Channel ETSI France Japan Israel 2412 2412 2412 2417 2417 2417 2422 (default) 2422 (default) 2422 (default) 2422 (default) 2427 2427 2427 2432 2432...
Page 106: Configuring 802.11G Radio Advanced Parameters
Chapter 4: Configuring the Radios Configuring You can configure advanced parameters for the 802.11g radio primary service set. These settings are shared by any secondary service sets 802.11g Radio defined for the radio. Advanced Parameters To configure advanced parameters 1. From the main menu, click 802.11g Radio > Advanced Configuration. The Advanced Configuration screen appears.
Page 107 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 3. 802.11g Radio Advanced Parameter Descriptions Parameter Description Client Specifies if this radio will communicate Type/Performance with 802.11b and/or 802.11g radios: 11b/11g with range reliability (Not Wi-Fi): Allows clients with 802.11b or 802.11g radios.
Page 108: Configuring 802.11G Radio Inbound Filters
Chapter 4: Configuring the Radios Table 3. 802.11g Radio Advanced Parameter Descriptions (Continued) Parameter Description Mixed Mode Performance* Gives more time to higher rate frames to maximize throughput in the presence of low rate clients. Range is 0 to 2000. Optimized for 802.11g clients: 802.11g transmissions are maximized.
Page 109 AT-WA7500 and AT-WA7501 Installation and User’s Guide You can use this feature to form a secure wireless hop. Clear all check boxes, except for the Allow IAPP check box. Or you may want to use this feature in a terminal emulation environment when you know the end devices are sending only UDP Plus or Wireless Transport Protocol (WTP) frames.
Page 110: Applying Hot Settings
Chapter 4: Configuring the Radios Table 4. 802.11g Radio Inbound Filter Descriptions Parameter Description Allow IAPP Determines if this radio accepts IAPP (Inter Access Point Protocol) frames from other access point station radios. The IAPP frames must match Ethernet protocol 875c. Allow Wireless Determines if this radio accepts WTP frames Transport Protocol...
Page 111 AT-WA7500 and AT-WA7501 Installation and User’s Guide 3. From the main menu, click Apply Hot Settings to save your changes to the “active” configuration file (as defined in “Saving Configuration Changes” on page 45). The Apply Hot Settings screen appears. This...
Page 112: Configuring The 802.11B Radio
Chapter 4: Configuring the Radios Configuring the 802.11b Radio The 802.11b radio will communicate with other 802.11b radios that have the same: SSID (Network Name) Security To configure the 802.11b radio 1. From the main menu, click 802.11b Radio. The 802.11b Radio screen appears.
Page 113 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 5. 802.11b Radio Parameter Descriptions Parameter Description Node Type Configure the 802.11b radio as a master or station. You can also disable the radio. SSID Enter the SSID (network name) for this radio. The...
Page 114: Configuring 802.11B Radio Advanced Parameters
Chapter 4: Configuring the Radios Configuring 1. From the main menu, click 802.11b Radio > Advanced Configuration. The Advanced Configuration screen appears. 802.11b Radio Advanced Parameters 2. Configure the advanced parameters. For help, see the next table. 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot.
Page 115 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 6. 802.11b Radio Advanced Parameter Descriptions (Continued) Parameter Description Basic Rate Choose the rate at which the access point transmits multicast and beacon frames. In general, higher speeds mean shorter range and lower speeds mean longer range.
Page 116 Chapter 4: Configuring the Radios Table 6. 802.11b Radio Advanced Parameter Descriptions (Continued) Parameter Description Enable Load Determines if end devices can distribute their Balancing connections across multiple access points. Enable Medium Determines if these access point parameters— Density Distribution Enable Medium Reservation, Distance Between APs, Enable Microwave Oven Robustness—are distributed to end devices that support this...
Page 117: Configuring 802.11B Radio Inbound Filters
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring When configuring a master radio, you can filter different types of wireless traffic that it may receive. You may want to use this feature by itself or with 802.11b Radio an access control list (ACL) to help secure your network. If you clear all the Inbound Filters check boxes, the radio cannot communicate with any other radios.
Page 118 Chapter 4: Configuring the Radios 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 45. Table 7.
Page 119: Configuring The 802.11A Radio
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring the 802.11a Radio The 802.11a radio will communicate with other 802.11a radios that have the same: SSID (Network Name) Security For each radio, you can assign up to four SSIDs, creating one primary service set and up to three secondary service sets.
Page 120 Chapter 4: Configuring the Radios To configure the 802.11a radio 1. From the main menu, click 802.11a Radio. The 802.11a Radio screen appears. If your screen does not look like the previous one, your primary service set may be configured as station (instead of master), so that the secondary service sets are not available, as shown next.
Page 121 AT-WA7500 and AT-WA7501 Installation and User’s Guide 5. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 45.
Page 122 Chapter 4: Configuring the Radios Table 8. 802.11a Radio Parameter Descriptions (Continued) Parameter Explanation Node Type Configure the 802.11a radio to master, station, or disabled: Master: The radio operates in Master mode when it sees the root access point on its Ethernet port. If it cannot see the root, it operates in Master/ Station mode and tries to find the root through its radio port.
Page 123 AT-WA7500 and AT-WA7501 Installation and User’s Guide Worldwide Frequencies for the 802.11a Radio Table 9 Channel ETSI France Japan Israel 5180 (default) 5200 5210 Turbo N/A 5220 5240 5250 Turbo N/A 5260 (default) 5280 5290 Turbo N/A 5300 5320 Channels marked with an asterisk (*) are not available in the mid- range radio.
Page 124: Configuring 802.11A Radio Advanced Parameters
Chapter 4: Configuring the Radios Configuring 1. From the main menu, click 802.11a Radio > Advanced Configuration. The Advanced Configuration screen appears. 802.11a Radio Advanced Parameters 2. Configure the advanced parameters. For help, see the next table. 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot.
Page 125 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 10. 802.11a Radio Advanced Parameter Descriptions (Continued) Parameter Description Data Rate Choose the rate at which the access point transmits data. In general, higher speeds mean shorter range and lower speeds mean longer range.
Page 126: Configuring 802.11A Radio Inbound Filters
Chapter 4: Configuring the Radios Table 10. 802.11a Radio Advanced Parameter Descriptions (Continued) Parameter Description Disallow SSID Determines if end devices that have their SSID (Network Name) of (Network Name) set to ANY or are left blank can ‘ANY’ associate with this access point. (Master radio only) Clear this check box to allow these end devices to associate with this access point.
Page 127 AT-WA7500 and AT-WA7501 Installation and User’s Guide Note If any of the devices are also DHCP clients, you need to check the Allow DHCP check box. To configure 802.11a radio inbound filters 1. From the main menu, click 802.11a Radio > Inbound Filters. The Inbound Filters screen appears.
Page 128 Chapter 4: Configuring the Radios Table 11. 802.11a Radio Inbound Filter Descriptions (Continued) Parameter Description Allow DHCP Determines if this radio accepts DHCP frames. The DHCP frames must match UDP destination port 67 and ARP. Check this check box if the end devices are DHCP clients.
Page 129: Configuring The Spanning Tree
Chapter 5 Configuring the Spanning Tree This chapter explains how to configure the AT-WA7500 and AT-WA7501 access points so that they create a spanning tree topology. This chapter covers these topics: “About the Access Point Spanning Tree” on page 130 “Configuring the Spanning Tree Parameters”...
Page 130: About The Access Point Spanning Tree
Chapter 5: Configuring the Spanning Tree About the Access Point Spanning Tree AT-WA7500 and AT-WA7501 access points with the same LAN ID arrange themselves into a self-organized network using a spanning tree topology. The spanning tree provides efficient, loop-free forwarding of frames through the network and allows efficient roaming of wireless end devices.
Page 131: About The Primary Lan And The Root Access Point
Because the root distributes parameters to the child access points, the root should have the latest version of software available. In a mixed network of an AT-WA7500 or AT-WA7501 access point with AT- WL2411 access points, choose an AT-WA7500 or AT-WA7501 access point with software release 2.2 (or later) as the root.
Page 132: About Secondary Lans And Designated Bridges
The designated bridge should have the latest version of software available. In a mixed network of AT-WA7500 and AT-WA7501 access points with AT-WL2411 access points, choose a AT-WA7500 or AT-WA7501 access point with software release 2.2 (or later) as the designated bridge.
Page 133 AT-WA7500 and AT-WA7501 Installation and User’s Guide The designated bridge must be configured so that the Secondary LAN Bridge Priority value is a non-zero number. The designated bridge must have at least one radio set to Station mode, or the designated bridge must be the endpoint of an IP tunnel (as defined in “About IP Tunnels”...
Page 134: About Ethernet Bridging/Data Link Tunneling
Chapter 5: Configuring the Spanning Tree About Ethernet Ethernet bridging is simply forwarding a frame received on the radio port to the Ethernet port, and vice versa. Using this default mode, the access Bridging/Data point acts as a bridge between the wireless and wired networks. Link Tunneling Note Allied Telesyn recommends that you enable Ethernet bridging on all...
Page 135: About Routable And Non-Routable Network Protocols
AT-WA7500 and AT-WA7501 Installation and User’s Guide 3. On all other access points on the primary LAN, clear the Enable Ethernet Bridging check box. 4. Make sure that the Root Priority parameter for all other access points is less than the root access point. The range is 1 to 7. The value 1 is the highest priority.
Page 136: Configuring The Spanning Tree Parameters
Chapter 5: Configuring the Spanning Tree Configuring the Spanning Tree Parameters When you configure the spanning tree parameters, you identify the access point as part of the spanning tree. That is, you specify if this access point is a root, or a candidate to become a root, or a designated bridge, or a candidate to become a designated bridge.
Page 137 AT-WA7500 and AT-WA7501 Installation and User’s Guide 4. (Optional) Configure security by clicking Configure Spanning Tree Security. For help, see “Creating a Secure Spanning Tree” on page 183. Table 2. Spanning Tree Parameter Descriptions Parameter Explanation AP Name Enter a unique name for this access point. The name can be from 1 to 16 characters.
Page 138 Chapter 5: Configuring the Spanning Tree Table 2. Spanning Tree Parameter Descriptions (Continued) Parameter Explanation Enable Ethernet Determines how frames from end devices are Bridging moved between the wired and wireless networks. For more details, see “About Ethernet Bridging/ Data Link Tunneling” on page 134. Check this check box if you want frames to be forwarded directly to the Ethernet network.
Page 139 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 2. Spanning Tree Parameter Descriptions (Continued) Parameter Explanation Secondary LAN Appears for Designated Bridge only. Flooding Specifies the types of frames it forwards from the (Outbound) primary LAN to the secondary LAN:...
Page 140: About Ip Tunnels
Chapter 5: Configuring the Spanning Tree About IP Tunnels The physical boundary of a network is usually defined by the existence of an IP router. Before IP tunnels technology was developed, wireless end devices could only operate within the limited coverage area of their own network and could not roam across IP subnet boundaries.
Page 141 AT-WA7500 and AT-WA7501 Installation and User’s Guide Host Root Primary LAN (root IP subnet) IP router IP network Designated IP router bridge Secondary LAN (remote IP subnet) IP tunnels use encapsulation to establish a virtual LAN (VLAN) segment through IP routers. The VLAN segment includes the root IP subnet and logically extends to include end devices attached to access points on remote IP subnets.
Page 142: Creating Ip Tunnels
Chapter 5: Configuring the Spanning Tree When an access point at the endpoint of the IP tunnel receives data from an end device, it uses a standard IP protocol called Generic Router Encapsulation (GRE) to encapsulate the data into a frame. These encapsulated IP/GRE frames use normal IP routing to pass through IP routers to the root access point.
Page 143: Using One Ip Multicast Address For Multiple Ip Tunnels
AT-WA7500 and AT-WA7501 Installation and User’s Guide 2. Make sure that the root access point and the access point at the endpoint of the IP tunnel have the same LAN ID. 3. On the root access point, set the Mode parameter to Originate if Root.
Page 144 Chapter 5: Configuring the Spanning Tree IGMP is a standard protocol that lets you originate multiple IP tunnels using one IP multicast address. It allows IP multicast frames to be routed to remote IP subnets that have hosts participating in the multicast group. Note that IGMP is independent of IP;...
Page 145: How Frames Are Forwarded Through Ip Tunnels
AT-WA7500 and AT-WA7501 Installation and User’s Guide 6. On the root access point, click IP Tunnels > IP Addresses. Enter the Allied Telesyn multicast address 224.0.1.65. 7. On the access point at the end of the IP tunnel, check the Enable IGMP check box.
Page 146 Chapter 5: Configuring the Spanning Tree For TCP/IP applications, IP and ARP frames must be forwarded through IP tunnels. An IP or ARP frame is only forwarded outbound if the destination address identifies an end device on the root IP subnet. Usually, ARP requests (which are multicast frames) that originate on the root IP subnet are forwarded outbound to all devices on the network, including through IP tunnels to remote IP subnets.
Page 147 AT-WA7500 and AT-WA7501 Installation and User’s Guide IP frames with the following router protocol types and decimal values: DGP (86) (Dissimilar Gateway Protocol) EGP (8) (Exterior Gateway Protocol) IDPR (35) (Inter-Domain Policy Routing Protocol) IDRP (45) (Inter-Domain Routing Protocol) IGP (9) (Interior Gateway Protocol)
Page 148: Configuring Ip Tunnels
Chapter 5: Configuring the Spanning Tree Configuring IP Tunnels For guidelines, see “About IP Tunnels” on page 140. To configure the IP Tunnels screen 1. From the main menu, click IP Tunnels. The IP Tunnels screen appears. 2. Configure the IP tunnels parameters. For help, see the next table. 3.
Page 149: Configuring The Ip Address List
AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 3. IP Tunnel Parameter Descriptions (Continued) Parameter Explanation Allow IP Multicast Appears only if Mode parameter is Originate if Root. Determines if the root access point should forward IP multicast frames through its IP tunnels.
Page 150: Configuring Ip Tunnel Filters
Chapter 5: Configuring the Spanning Tree 2. If you enabled IGMP, enter the Class D IP multicast address. The default is 224.0.1.65. 3. Enter the IP addresses or DNS names of all the access points that can be the endpoints of IP tunnels. 4.
Page 151 AT-WA7500 and AT-WA7501 Installation and User’s Guide Address Mask Reply Trace Route IP and ARP frames are never forwarded inbound through an IP tunnel to the root IP subnet unless the source IP address belongs to the root IP subnet. (Frames are only forwarded inbound if the source IP address in the IP or ARP frame identifies an end device that has roamed away from its root IP subnet.) IP and ARP frames are never forwarded outbound...
Page 152 Chapter 5: Configuring the Spanning Tree To use IP tunnel frame type filters 1. From the main menu, click IP Tunnels > Frame Type Filters. The Frame Type Filters screen appears. 2. For each frame type field, check or clear the check box to configure if the frame types are passed or are dropped.
Page 153 AT-WA7500 and AT-WA7501 Installation and User’s Guide 4. If you set the Scope field to Unlisted for any of the frame types, you must also configure predefined subtype filters or customizable subtype filters. For help, see “Using Predefined Subtype Filters” on page 154 or “Customizing Subtype Filters”...
Page 154 Chapter 5: Configuring the Spanning Tree Using Predefined Subtype Filters You can configure the access point to pass or drop certain predefined frame subtypes. To configure predefined subtype filters 1. From the main menu, click IP Tunnels > Predefined Subtype Filters. The Predefined Subtype Filters screen appears.
Page 155 AT-WA7500 and AT-WA7501 Installation and User’s Guide of the subtype and value. Subtype: Selects the frame subtype you wish to configure. Value: The next table describes frame subtypes and their values. The value must be two hex pairs. When a match is found between frame subtype and value, the specified action is taken.
Page 156 Chapter 5: Configuring the Spanning Tree Table 5. Subtype Filter Descriptions (Continued) Subtype Value DIX-IP-Protocol Protocol number in hexadecimal. DIX-IPX-Socket Socket value in hexadecimal. DIX-EtherType Specify the registered DIX type in hexadecimal. SNAP-IP-TCP-Port Port value in hexadecimal. SNAP-IP-UDP-Port Port value in hexadecimal. SNAP-IP-Protocol Port value in hexadecimal.
Page 157: Filter Examples
AT-WA7500 and AT-WA7501 Installation and User’s Guide Filter Examples These examples illustrate how to set both Ethernet and IP tunnel filters to optimize network performance. The next illustration includes: wireless end devices using TCP/IP to communicate with other devices. a secondary LAN containing IP and IPX hosts, linked by AP2 and AP4.
Page 158: Example 2
Chapter 5: Configuring the Spanning Tree For this example, set these options on the Ethernet Frame Type Filters screen. No subtype filters are needed. Example 2 AP2 and AP4 (designated bridge) service end devices and the IP host and IPX host on the secondary LAN. Also, these access points pass IPX traffic.
Page 159 AT-WA7500 and AT-WA7501 Installation and User’s Guide For this example, set these options on the Ethernet Frame Type Filters screen. In the Predefined Subtype Filters screen, set the 802.2-IPX-RIP field to drop 802.2, DIX, and 802.3 frames.
Page 160: Example 3
Chapter 5: Configuring the Spanning Tree Example 3 If you have a DHCP server on a Windows NT server and you want to use this DHCP server to assign TCP/IP parameters to end devices on a remote IP subnet, you need to set these filters to allow for the necessary IP tunneling.
Page 161: Comparing Ip Tunnels To Mobile Ip
AT-WA7500 and AT-WA7501 Installation and User’s Guide Comparing IP Tunnels to Mobile IP The AT-WA7500 and AT-WA7501 access points support IP tunneling, which allows end devices to roam across different subnets (routers) without having to change IP addresses. IP tunneling supports IETF RFC 1701 using GRE and the same encapsulation technique as mobile IP.
Page 162 Chapter 5: Configuring the Spanning Tree Table 6. IP Tunnels and Mobile IP Comparison (Continued) Issue IP Tunneling Mobile IP Special network software Standard network feature. No Requires home and foreign additional network software is agents located on each required. network or subnetwork.
Page 163: Configuring Global Parameters
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring Global Parameters Global parameters are configured on the root access point and on any other access point that is a root candidate (does not have a root priority of 0). The root access point sends these settings to all other access points in the spanning tree.
Page 164 Chapter 5: Configuring the Spanning Tree 2. Configure the Global Flooding parameters. For help, see the next table. 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes”...
Page 165 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 7. Global Flooding Parameter Descriptions (Continued) Parameter Explanation Allow Multicast Appears only if Multicast Flooding is enabled. Outbound to Determines if outbound multicast frames with Terminals unknown destination addresses are flooded toward end devices. Typically, this parameter is checked.
Page 166 Chapter 5: Configuring the Spanning Tree Table 7. Global Flooding Parameter Descriptions (Continued) Parameter Explanation Enable ARP Check this check box to enable ARP flooding. Flooding When an access point receives an ARP request, it checks its ARP cache to determine if the destination end device’s IP address is known.
Page 167: Configuring Global Rf Parameters
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring Use global RF parameters to set various parameters on the access points. If you are configuring the root access point and you check the Set Globally Global RF check box, the value for that parameter is set globally for all access points Parameters and wireless end devices in the network.
Page 168 Chapter 5: Configuring the Spanning Tree 3. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 45. Table 8.
Page 169 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 8. Global RF Parameter Descriptions (Continued) Parameter Explanation S-UHF/902 MHz Specifies the amount of time that a wireless end Awake Time device stays awake when radios are inactive. A sleeping device is less responsive to radio (S-UHF and 902 activity;...
Page 170 Chapter 5: Configuring the Spanning Tree...
Page 171: Configuring Security
Chapter 6 Configuring Security This chapter explains how to use different security solutions to ensure that you have a secure wireless network. This chapter covers these topics: “Understanding Security” on page 172 “Controlling Access to Access Point Menus” on page 176 “Creating a Secure Spanning Tree”...
Page 172: Understanding Security
Chapter 6: Configuring Security Understanding Security The AT-WA7500 and AT-WA7501 access points provide many different security features and solutions that you can use to create a secure wireless network. To create a secure wireless network, you need to be concerned about: securing your backbone.
Page 173 AT-WA7500 and AT-WA7501 Installation and User’s Guide AT-WA7500 and AT-WA7501 Security Solutions Table 1 (Continued) Security Type Secure Data Client Backbone Privacy Authentication Use an 802.1x security solution Use Wi-Fi Protected Access (WPA) These security features and solutions are listed below in the order of amount of security and ease of use (most basic/least secure to most secure).
Page 174: When You Include Multiple Radius Servers On The Radius Server List
Chapter 6: Configuring Security 7. Implement one of these mutually-exclusive security solutions (on each service set) to ensure secure communications between the access points and wireless end devices in your network: Use basic WEP 64/128/152 security. You can configure up to four different WEP keys on the access point and most wireless end devices, and then you specify which key is being used to encrypt data.
Page 175: When You Specify The Security Options For Multiple Ssids Per Radio
AT-WA7500 and AT-WA7501 Installation and User’s Guide When You As described in “About the Radios” on page 100, you can configure each 802.11g and 802.11a radio with up to four SSIDs, creating up to four Specify the service sets per radio. Although each service set shares one physical...
Page 176: Controlling Access To Access Point Menus
Chapter 6: Configuring Security Controlling Access to Access Point Menus There are several ways that you can manage who can configure and manage the access points in your network: Enable/disable access methods. Set up individual logins. Change the default logins and create a read-only login. The next sections explain how to implement these strategies.
Page 177 AT-WA7500 and AT-WA7501 Installation and User’s Guide To enable or disable access methods 1. From the main menu, click Security. The Security screen appears. 2. Enable or disable the access methods that users can use to connect to the access point. For help, see the next table.
Page 178: Setting Up Logins
Chapter 6: Configuring Security Table 2. Security Parameter Descriptions (Continued) Parameter Description Allow Telnet Determines if users can use a telnet session (or Access (Port 23) communications program) to configure or manage this access point. Do not clear this check box if you plan to configure the Telnet Gateway and allow wireless clients to upgrade the access point over the telnet port.
Page 179 AT-WA7500 and AT-WA7501 Installation and User’s Guide If you do not want to enable RADIUS authorization, you should change the default login user name and password. You may also want to change the read-only password. For help, see “Changing the Default Login” on page 180.
Page 180 Chapter 6: Configuring Security 5. Configure the password server by clicking Select a RADIUS server for login authorization. The RADIUS Server List screen appears. 6. For each password server, enter the IP address or DNS name, enter the shared secret key, port number, and check the Login check box. Note If you enter more than one password server, see page 132 for a description of how the access point uses the servers.
Page 181 AT-WA7500 and AT-WA7501 Installation and User’s Guide To set up logins 1. From the main menu, click Security > Passwords. The Passwords screen appears. 2. Verify that the Use RADIUS for Login Authorization check box is cleared. 3. Click Submit Changes to save your changes.
Page 182 Chapter 6: Configuring Security Table 3. Password Parameter Descriptions (Continued) Parameter Description User Name Enter the user name you need to use to log in to this access point. This parameter can be from 0 to 16 characters long. If you leave the user name and password fields blank, a user will not need to log in to the access point.
Page 183: Creating A Secure Spanning Tree
AT-WA7500 and AT-WA7501 Installation and User’s Guide Creating a Secure Spanning Tree When you configure a radio to use 802.1x security, you automatically enable spanning tree security, which can be used for both wired and wireless access points (WAPs). However, if you configure a radio to use another security solution, you may want to still create a secure spanning tree.
Page 184 Chapter 6: Configuring Security To create a secure spanning tree Note You do not need to perform this procedure if you are implementing an 802.1x security solution. 802.1x authentication automatically enables secure IAPP and secure wireless hops. See “Implementing an 802.1x Security Solution” on page 194. 1.
Page 185 AT-WA7500 and AT-WA7501 Installation and User’s Guide TTLS. You must also enter a User Name and Password that matches an entry in the authentication server. 6. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot.
Page 186: Enabling Secure Communications Between Access Points And End Devices
Chapter 6: Configuring Security Enabling Secure Communications Between Access Points and End Devices There are several ways that you can ensure secure communications between access points and wireless end devices in your network: Use an access control list (ACL). Configure virtual LANs (VLANs). Configure WEP 64/128/152 security.
Page 187 AT-WA7500 and AT-WA7501 Installation and User’s Guide To use an ACL 1. From the main menu, click Security and then click the radio service set you are configuring. The appropriate radio screen appears. 2. Check the Enable ACL Client Authorization check box if you want to use an ACL to authorize end devices to communicate with the network.
Page 188 Chapter 6: Configuring Security 7. Configure the RADIUS server by clicking Select a RADIUS server for ACL authorization. The RADIUS Server List screen appears. 8. For each RADIUS server, enter the IP address or DNS name, enter the shared secret key, port number, and check the ACL or Login check box.
Page 189: Configuring Vlans
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring Virtual LANs (VLANs) make it easy to create and manage logical groups of wireless end devices that communicate as if they were on the same LAN. VLANs You can group all wireless users on a particular VLAN in order to manage the IP address space differently.
Page 190 Chapter 6: Configuring Security To configure a VLAN 1. From the main menu, click Spanning Tree Settings. The Spanning Tree Settings screen appears. 2. Check or clear the Enable GVRP for VLAN check box:. Check the check box if the VLAN switch is configured to dynamically configure its ports based on the end devices’...
Page 191: Configuring Wep 64/128/152 Security
AT-WA7500 and AT-WA7501 Installation and User’s Guide 5. Under the Security link, click the radio service set you want to configure for the VLAN. This screen appears. 6. In the VLAN field, enter the VLAN number that encapsulates all frames received on this radio port.
Page 192 Chapter 6: Configuring Security Since static WEP keys can be difficult to update, the AT-WA7500 and AT-WA7501 access products let you enter up to four WEP keys, and then pick a WEP transmit key (1-4). It is easier to rotate the WEP transmit key than to individually change all the WEP keys.
Page 193 AT-WA7500 and AT-WA7501 Installation and User’s Guide 3. Click Submit Changes to save your changes. This screen appears. 4. Configure the parameters for WEP configuration. To ensure maximum security, configure each WEP key with a different WEP code. For help, see the next table.
Page 194: Implementing An 802.1X Security Solution
Chapter 6: Configuring Security Implementing an You can implement 802.1x security in your network. The IEEE 802.1x standard provides an authentication protocol for 802.11 LANs. 802.1x 802.1x Security provides strong authentication, access control, and key management, and Solution lets wireless networks scale by allowing centralized authentication of wireless end devices.
Page 195 AT-WA7500 and AT-WA7501 Installation and User’s Guide Any device with an EAP-TLS supplicant (end device or child access point) needs both the CA certificate and the server certificate. If the child access point is using SWAP and is an authenticator, it does not need any certificates loaded on it.
Page 196 Chapter 6: Configuring Security 2. In the Security Level field, select Dynamic WEP/802.1x. 3. Click Submit Changes to save your changes. This screen appears. 4. In the Key Rotation Period (Minutes) field, enter how often (in minutes) the access point generates a new WEP key to distribute to the end devices.
Page 197 AT-WA7500 and AT-WA7501 Installation and User’s Guide 5. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 45.
Page 198 Chapter 6: Configuring Security Enabling Secure Communications Between Access Points When you configure a radio to use 802.1x security, you automatically enable spanning tree security, which can be used for both wired access points and WAPs. A secure spanning tree has two functions: 1.
Page 199 AT-WA7500 and AT-WA7501 Installation and User’s Guide SWAP. Note that SWAP authentication is susceptible to downgrade attacks from rogue supplicants as it is easier to break SWAP than TLS or TTLS. Configuring Spanning Tree Security Note If you are implementing an 802.1x security solution, secure IAPP and secure wireless hops are automatically enabled.
Page 200 Chapter 6: Configuring Security 5. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 45. 6. Repeat Steps 1 through 5 for each access point in your spanning tree. All access points must have the same IAPP secret key to communicate with each other.
Page 201: Configuring Wi-Fi Protected Access (Wpa) Security
AT-WA7500 and AT-WA7501 Installation and User’s Guide Configuring Wi- Wi-Fi Protected Access (WPA) is a strongly enhanced, interoperable Wi-Fi security that addresses many of the vulnerabilities of Wired Equivalent Fi Protected Privacy (WEP). WPA bundles authentication, key management, data Access (WPA)
Page 202 Chapter 6: Configuring Security 2. In the Security Level field, choose either WPA - PSK or WPA - 802.1x. 3. Click Submit Changes to save your changes. The screen changes, depending on the security level you choose. For help, see one of the next two screens.
Page 203 AT-WA7500 and AT-WA7501 Installation and User’s Guide To continue configuring WPA security for WPA – 802.1x mode 6. Configure the RADIUS server by clicking Select a RADIUS server for 802.1x authentication. The RADIUS Server List screen appears. 7. For each authentication server, enter the IP address or DNS name, enter the shared secret key, port number, and check the 802.1x check...
Page 204 Chapter 6: Configuring Security Configuring WPA PSK Security Table 6. WPA PSK Security Parameter Descriptions Parameter Explanation Multicast Indicates that TKIP is used as the data encryption Encryption Type method for broadcast and multicast for this radio port. A station connected to this port may not select a weaker encryption method to exchange unicast frames.
Page 205 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 6. WPA PSK Security Parameter Descriptions (Continued) Parameter Explanation Key Rotation Allows you to specify the key rotation policy for Period (Minutes) encryption keys when using WEP in 802.1x and for TKIP group keys when using WPA. The value represents key duration in minutes.
Page 206 Chapter 6: Configuring Security Table 7. WPA 802.1x Security Parameter Descriptions Parameter Explanation Multicast Allows you to select the data encryption method Encryption Type for broadcast and multicast for this radio port. A station connected to this port may not select a weaker encryption method to exchange unicast frames.
Page 207: Configuring The Embedded Authentication Server (Eas)
Chapter 7 Configuring the Embedded Authentication Server (EAS) This chapter explains how to configure the embedded authentication server (EAS) in your access point for different security solutions to ensure that you have a secure wireless network. This chapter covers these topics: “About the Embedded Authentication Server (EAS)”...
Page 208: About The Embedded Authentication Server (Eas)
Chapter 7: Configuring the Embedded Authentication Server (EAS) About the Embedded Authentication Server (EAS) The AT-WA7500 and AT-WA7501 access points have an embedded authentication server (EAS), which is an internal RADIUS server. In your network, you can use the EAS on any access point. The EAS can act as: a password server that maintains a list of logins of users who can configure and manage the access point.
Page 209: About Certificates
AT-WA7500 and AT-WA7501 Installation and User’s Guide About Certificates Certificates encrypt communication between the internal RADIUS server, RADIUS clients, and the supplicants and HTTPS clients. There are two types of certificates: The trusted certificate authority (CA) certificate (commonly referred to as the “root certificate”...
Page 210: Understanding Which Certificates Are Installed By Default
Chapter 7: Configuring the Embedded Authentication Server (EAS) Understanding Your access point comes from the factory with a unique server certificate with a unique common name and passphrase. It also comes with a trusted Which CA certificate that supports clients running the TLS authentication type. Certificates Are These certificates support the secure web browser interface and provide Installed by...
Page 211: Installing And Uninstalling Certificates
AT-WA7500 and AT-WA7501 Installation and User’s Guide Installing and Once you have determined that you need to install a certificate, use this procedure. Uninstalling Certificates To install certificates 1. From the main menu, click Security > Certificate Details. The Certificate Details screen appears.
Page 212 Chapter 7: Configuring the Embedded Authentication Server (EAS) To uninstall all certificates Note If you follow the procedure to uninstall all certificates, you will lose the unique server certificate and the trusted CA certificate. You will need to contact your local Allied Telesyn representative to purchase new certificates.
Page 213: Configuring The Eas
“Configuring the Access Point as an Authenticator” on page 195. Enabling the EAS In both AT-WA7500 and AT-WA7501 access points, the default secret key is the same. By having the same default secret key, you can verify that all access points can communicate with the EAS. Then, for more security, you should change the secret key to prevent unauthorized access points from communicating with your network.
Page 214 Chapter 7: Configuring the Embedded Authentication Server (EAS) 2. From the main menu, click Security > Embedded Authentication Server. The Embedded Authentication Server screen appears. 3. Check the Enable Server check box. 4. Click Submit Changes to save your changes. 5.
Page 215: Configuring The Database
AT-WA7500 and AT-WA7501 Installation and User’s Guide 8. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes” on page 45.
Page 216 Chapter 7: Configuring the Embedded Authentication Server (EAS) 2. From the main menu, click Security > Embedded Authentication Server > Database. The Database screen appears. 3. In the Type field, choose the type of client you are entering in the database.
Page 217 AT-WA7500 and AT-WA7501 Installation and User’s Guide 8. Click Save/Discard changes, and then click Save Changes without Reboot. Table 3. Embedded Authentication Server Entry Descriptions User Name Password Type Field Description Field Field Login Enter user names and User name...
Page 218: Using The Rejected List
Chapter 7: Configuring the Embedded Authentication Server (EAS) Using the The Rejected List screen displays the users and devices that have been rejected by the EAS. You can use this list to discover which users and Rejected List devices may need to be added to the database. When using the web browser interface, you can immediately add previously rejected end devices to the database.
Page 219: Exporting And Importing Databases
AT-WA7500 and AT-WA7501 Installation and User’s Guide the database. You need to manually enter the password into the database, click Submit Changes > Save/Discard Changes > Save Changes without Reboot. To add all entries to the database 1. Click Select All Entries. A check box appears next to all entries.
Page 220 Chapter 7: Configuring the Embedded Authentication Server (EAS) You should export the database so you have a backup version. You may also want to create the database in the primary RADIUS server, and then export it to a file that you can import to a backup RADIUS server. To export a database 1.
Page 221 AT-WA7500 and AT-WA7501 Installation and User’s Guide 5. Make sure Save this file to disk is selected, and then click OK. The Save As dialog box appears. 6. Choose the location and filename of the database. If you use the *.CSV extension, you can import it into Microsoft Excel, which...
Page 222 Chapter 7: Configuring the Embedded Authentication Server (EAS) 3. If you are not using the secure web browser, click A secure session is available. Repeat Steps 1 and 2. 4. Enter the path and filename of the database. Or click Browse to locate the file.
Page 223: Managing, Troubleshooting, And Upgrading Access Points
Chapter 8 Managing, Troubleshooting, and Upgrading Access Points This chapter explains how to manage, maintain, troubleshoot, and upgrade the access products. This chapter covers these topics: “Managing the Access Points” on page 224 “Maintaining the Access Points” on page 231 “Troubleshooting the Access Points”...
Page 224: Managing The Access Points
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Managing the Access Points There are several methods that you can use to manage the access points: Wavelink Avalanche client management system: You can install the Wavelink Avalanche system to help you manage your wireless network. To use Avalanche, you need Avalanche Manager v3.0 or later.
Page 225 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 1. Wavelink Avalanche Components (Continued) Component Description Console The administrative user interface that lets you configure and communicate with the Avalanche Agent. From the console, you can configure and monitor devices and build and install software packages and software collections.
Page 226 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points To configure your access points to use Avalanche 1. From the main menu, click Network Management. The Network Management page appears. 2. In the Avalanche Agent Name field, enter the IP address or DNS name of the console.
Page 227 AT-WA7500 and AT-WA7501 Installation and User’s Guide 5. Verify that the Allow Avalanche Access check box is checked. 6. Click Submit Changes to save your changes. To activate your changes, from the menu bar click Save/Discard Changes, and then click Save Changes and Reboot. For help, see “Saving Configuration Changes”...
Page 228 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 2. Avalanche Parameters Parameter Explanation Package Title A descriptive title of the application. For example, enter WA7500. Package Type Choose Application. Package Revision The package version number. For example, enter 2.20. Menu Order Enter 1.
Page 229: Using Simple Network Management Protocol (Snmp)
AT-WA7500 and AT-WA7501 Installation and User’s Guide parameters on your access point. Otherwise, you will lose connectivity between your end devices and your access point. Using Simple The access point can be managed using Simple Network Management Protocol (SNMP); that is, you access the access point from an SNMP Network management station.
Page 230 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 3. SNMP Community Parameter Descriptions (Continued) Parameter Description SNMP Write Specify a password that provides read and write Community access. This password can be from 1 to 15 characters and is case sensitive. The default is CR52401.
Page 231: Maintaining The Access Points
AT-WA7500 and AT-WA7501 Installation and User’s Guide Maintaining the Access Points The Maintenance menu lets you view different parameters configured for the access point, including connections, port statistics, and a configuration summary. This information may be needed when you contact Allied Telesyn Technical Support.
Page 232 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 4. AP Connections Screen Fields Display Field Description Spanning Tree Indicates the current status of this access point in Connection Status relation to the spanning tree: This access point is root: This access point has formed a spanning tree and is serving as root.
Page 233 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 4. AP Connections Screen Fields (Continued) Display Field Description MAC Address Shows the address of the connected device. If another access point is connected to this access point, you see the Ethernet MAC address.
Page 234: Viewing Ap Neighbors
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 4. AP Connections Screen Fields (Continued) Display Field Description Port Displays the port through which the connection is established: E: Ethernet port 1, 1:1, 1:2, or 1:3: First radio slot (primary, secondary 1, secondary 2, or secondary 3).
Page 235 AT-WA7500 and AT-WA7501 Installation and User’s Guide To view AP neighbors From the menu, click Maintenance > AP Neighbors. The AP Neighbors screen appears. For help interpreting the information on this read-only screen, see the next table. Table 5. AP Neighbors Screen Fields...
Page 236 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 5. AP Neighbors Screen Fields (Continued) Display Field Description Capabilities This information is derived from the capability information sent in the beacon. Capabilities may include: ESS: Set for an access point and cleared for an end device or ad-hoc device.
Page 237: Viewing Port Statistics
AT-WA7500 and AT-WA7501 Installation and User’s Guide Viewing Port The Port Statistics screen shows the total number of frames and bytes that the access point has received and transmitted since it was last booted. Statistics You can also view graphs of inbound and outbound packets for the port.
Page 238 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points You can scroll down to see graphs of inbound and outbound packets.
Page 239: Viewing Dhcp Status
AT-WA7500 and AT-WA7501 Installation and User’s Guide Viewing DHCP The DHCP Status screen shows a status report for the DHCP client or DHCP server. If the access point is a DHCP server and if the Permanently Status Save IP Address Mappings check box is checked, you can delete entries from the server’s permanent address map.
Page 240: Viewing The Events Log
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Viewing the The Events Log screen shows a the events that have been logged by this access point. These events are cleared when the access point loses Events Log power or is rebooted. To view the Events Log From the menu, click Maintenance >...
Page 241: Viewing The About This Access Point Screen
AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 6. Events Log Description (Continued) Column Description Type Indicates a description of the event. Additional Data Indicates extra event-specific information. Indicates the amount of time that has passed since the event occurred.
Page 242: Using The Leds To Locate Access Points
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points 3. Continue scrolling down until you see the subtitle Configuration Summary. 4. Click the button under the Configuration Summary title to switch between displaying all configuration settings and displaying the configuration settings that are different from the factory default settings.
Page 243: Restoring The Access Point To The Default Configuration
AT-WA7500 and AT-WA7501 Installation and User’s Guide 2. Click the Find This Access Point button. The access point LEDs start blinking, as shown in the next table. Table 7. Find This Access Point Power Wireless Wireless Wired LAN Root/Error LED On...
Page 244 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points This screen appears. 2. Click Restore Factory Defaults. Under Pending Changes, you will see a list of what parameters need to be changed. 3. Click Save Changes and Reboot. When the access point is done rebooting, it will use the factory default settings as its active configuration.
Page 245: Troubleshooting The Access Points
AT-WA7500 and AT-WA7501 Installation and User’s Guide Troubleshooting the Access Points This section provides you with information on the installation, configuration, and operation of the access point. Using the When you click Save/Discard Changes, the access point checks for potential problems with the network configuration and security settings.
Page 246 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points 3. Click each error message to jump to the configuration screen where you can resolve the possible configuration error. The configuration error messages are listed in the next table. Most are self explanatory, but a few require additional information. Table 8.
Page 247 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 8. Alphabetized List of Configuration Error Messages (Continued) Configuration Error Message Additional Information All SSID values must be unique per While configuring multiple physical radio. service sets, you did not specify a unique SSID (network name) for each service set.
Page 248 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 8. Alphabetized List of Configuration Error Messages (Continued) Configuration Error Message Additional Information The access point is set to originate IP On the IP Tunnels screen, tunnels but no there are no tunnel IP Mode is set to Originate if addresses.
Page 249 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 8. Alphabetized List of Configuration Error Messages (Continued) Configuration Error Message Additional Information The IP Address and IP Router must share For help, see “Configuring the same subnet. the TCP/IP Settings” on page 66.
Page 250: Troubleshooting With The Leds
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 8. Alphabetized List of Configuration Error Messages (Continued) Configuration Error Message Additional Information You have enabled the embedded You need to install a server authentication server but you have not certificate. For help, see installed a server certificate to identify this “Installing and Uninstalling device.
Page 251 Load new files. LED On LED Off LED Flashing After the AT-WA7500 or AT-WA7501 successfully boots, the LEDs display one of these patterns: Table 10. AT-WA7500 and AT-WA7501 Normal LED Pattern After Booting (Blinks for (Blinks if a...
Page 252: General Troubleshooting
1. Make sure the power cable is firmly plugged into the AT-WA7501 access point and the power source. Or make sure the Ethernet cable is firmly plugged into the AT-WA7500 access point and the power over Ethernet bridge. 2. Verify that the power injector has power and will work with another access point at the port in question.
Page 253 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 11. General Troubleshooting (Continued) Problem/Question Possible Solution/Answer You cannot connect to the 1. Verify that you are using a null- access point using the modem cable to connect the access serial port.
Page 254 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 11. General Troubleshooting (Continued) Problem/Question Possible Solution/Answer You cannot ping or telnet You must set an IP address and to an access point. subnet mask using a communications program before you can remotely connect to the access point.
Page 255 AT-WA7500 and AT-WA7501 Installation and User’s Guide Table 11. General Troubleshooting (Continued) Problem/Question Possible Solution/Answer The end devices are The switches in your network may not unable to roam from one support backward learning. Use data link access point to another.
Page 256: Troubleshooting The Radios
If the access point LEDs show the following pattern after it boots, the radio may be faulty or the configuration matrix string is incorrect. Contact your local Allied Telesyn representative to help you correct the problem. Table 12. AT-WA7500 and AT-WA7501 LEDs (Blinks for (Blinks if the wired data traffic.)
Page 257 AT-WA7500 and AT-WA7501 Installation and User’s Guide LED On LED Off LED Flashing Using a Communications Program or a Telnet Session If you are communicating with the access point using a communications program or a telnet session, an error message may appear on your PC after the access point reboots or when a session is saved.
Page 258 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points To use radio MAC ping 1. From the menu, click Maintenance > AP Connections. The AP Connections screen appears. All devices that support a radio MAC ping will have their MAC address listed with a hyperlink. 2.
Page 259 AT-WA7500 and AT-WA7501 Installation and User’s Guide 3. Click the X in the upper right corner of the window to return to the AP Connections screen. Using ICMP Echo ICMP (Internet Control Message Protocol) echo lets you ping devices using their IP address. ICMP echo can only be used if the access point has determined the IP address of the end device or another access point.
Page 260: Troubleshooting Security
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points 2. Click an IP address hyperlink. The access point pings the device, and then the Ping Utility screen appears showing the results. Note The information on this screen varies with the type of request sent and the capabilities of the medium through which it is sent.
Page 261 AT-WA7500 and AT-WA7501 Installation and User’s Guide To view the Security Events log From the menu, click Security > Security Events. The Security Events log appears. For help understanding the events, see the next table. Table 14. Security Events Log Description...
Page 262 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Table 14. Security Events Log Description (Continued) Column Description Indicates the amount of time that has passed since the event occurred. Note If you use an SNMP management station or another network management tool, the age represents how much time has passed since the access point was booted that this event occurred.
Page 263: Recovering A Failed Access Point
AT-WA7500 and AT-WA7501 Installation and User’s Guide General Security Troubleshooting This section provides you with information on getting help with your secure network and some problems and solutions. Table 15. General Security Troubleshooting Problem/Question Possible Solution/Answer You enabled secure IAPP...
Page 264 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points you cannot ping the access point, you cannot establish a telnet session to the access point, and the LEDs display this pattern. Table 16. LED Pattern of a Failed Access Point Only Boot ROM code is available on access...
Page 265 AT-WA7500 and AT-WA7501 Installation and User’s Guide Note If you are only recovering one access point, you can enter 00:10:40:FF:FF:FF. This special MAC address works with all access points. 2. Type this command to continuously ping the access point while you boot the access point.
Page 266: Upgrading The Access Points
Chapter 8: Managing, Troubleshooting, and Upgrading Access Points Upgrading the Access Points For optimal performance, you should install the most current software version on all the access points in your network. To upgrade the software, you must copy the software release to your PC and then upload the release to your root access point and other access points.
Page 267: Troubleshooting The Upgrade
AT-WA7500 and AT-WA7501 Installation and User’s Guide Note If you have not already copied the upgrade file to your PC, follow the instructions in “Upgrading the Access Points” on page 266. 4. Click Upgrade to start the upgrade. The upgrade may take up to 3 minutes to complete.
Page 268 Chapter 8: Managing, Troubleshooting, and Upgrading Access Points...
Page 269: Additional Access Point Features
Chapter 9 Additional Access Point Features This chapter explains some of the more advanced ways that you can maintain the access points. This chapter covers these topics: “Understanding the Access Point Segments” on page 270 “Understanding Transparent Files” on page 271 “Using the AP Monitor”...
Page 270: Understanding The Access Point Segments
RAM and then the flash memory segment until it finds a file that matches the file name. Note Legacy scripts with commands that specify segment numbers or names can be run on AT-WA7500 and AT-WA7501 access points without generating errors.
Page 271: Understanding Transparent Files
AT-WA7500 and AT-WA7501 Installation and User’s Guide Understanding Transparent Files The AT-WA7500 and AT-WA7501 access points with software release 2.2 support transparent files, which are files without file headers. Transparent files all have the date May 14, 2002 (5-14-2002) and have no version.
Page 272: Using The Ap Monitor
Chapter 9: Additional Access Point Features Using the AP Monitor The AP (access point ROM) monitor is system software that lets you manipulate the access point files and file segments. You can only access the AP monitor through the serial port using a communications program. Note Certain functions available through the AP monitor can erase the access point configuration.
Page 273: Using Ap Monitor Commands
AT-WA7500 and AT-WA7501 Installation and User’s Guide Using AP You can display a list of AP monitor commands on the screen anytime you see the ap prompt. Monitor Commands To list AP monitor commands Press any key (except the letter B, which reboots the access point), and then press Enter.
Page 274 Chapter 9: Additional Access Point Features Purpose: Finds the first executable file in the access point boot segment and tries to run it; therefore, the first executable file in the access point boot segment must be the boot file. Syntax: Purpose: Downloads a file using Ymodem batch protocol into the flash segment that is specified by s.
Page 275: Using Content Addressable Memory (Cam) Mode Commands
AT-WA7500 and AT-WA7501 Installation and User’s Guide You can also set the baud rate to autobaud, which lets the access point set its baud rate to match the baud rate of your wireless end device. Type SR 0 and press Enter twice.
Page 276: Using Test Mode Commands
Chapter 9: Additional Access Point Features To display CAM commands Type any letter or number other than B and press Enter. The CAM commands appear on the screen. Using Test Mode Within the AP monitor, Test mode lets you perform certain test functions. Commands Because the commands can cause undesirable results if not properly executed, you should contact Technical Support for assistance if you are...
Page 277: Using Service Mode Commands
AT-WA7500 and AT-WA7501 Installation and User’s Guide To display test commands Type any letter or number other than B and press Enter. The test commands appear on the screen. Using Service In Service mode, you can perform file functions and segment functions...
Page 278 Makes an inactive segment the active segment. Because the access point has only one flash memory segment, this command has no affect on an AT-WA7500 or AT-WA7501. This command is included here for backward compatibility with older scripts only. Syntax:...
Page 279 Example: These examples apply to non-AT-WA7500 and AT-WA7501products and are included for your reference only. To make segment 2 the active boot segment and segment 4 the active...
Page 280 Chapter 9: Additional Access Point Features Example: To compact the contents of the flash memory segment, enter: FC 1 Purpose: Displays the flash file system directory, including information about the boot file and the file type: E (executable), D (data), and T (transparent). For information about transparent files, see “Understanding Transparent Files”...
Page 281 AT-WA7500 and AT-WA7501 Installation and User’s Guide Examples: To delete the file AP824X.PRG from the flash memory segment, enter: FDEL 1:AP824X.PRG To delete the file FILE.DAT from the optional memory card on an AT-WA7500, enter: FDEL APP:FILE.DAT Purpose: Erases all the files in a particular segment, including those that have been “deleted”...
Page 282 Chapter 9: Additional Access Point Features where: is the program name. is the optional segment location of the program. Example: To run program UAPBOOT.PRG from the flash memory segment, enter: FFR UAPBOOT.PRG 1 Purpose: Reinitializes the access point file system. If the access point file system or a file segment becomes corrupt, use this command to reset it.
Page 283 AT-WA7500 and AT-WA7501 Installation and User’s Guide where: is the FPGA configuration filename. is the optional segment where you want to load the configuration file.
Page 284: Using Command Console Mode
Chapter 9: Additional Access Point Features Using Command Console Mode You can use the Command Console mode to manipulate some access point files and file segments. You can also use Command Console mode to upgrade access points using TFTP and script files. You access the Command Console mode through the serial port using a communications program or over the network using a telnet session.
Page 285 Access Point Segments” on page 270. Purpose: Makes an inactive segment the active segment. Because the AT-WA7500 and AT-WA7501 have only one flash memory segment, this command has no affect on the access points. This command is included here for backward compatibility with older scripts only.
Page 286 Chapter 9: Additional Access Point Features Purpose: Displays the flash file system directory, which includes information about the boot file and file type: E (executable), D (data), and T (transparent). Use this command to ensure that the correct version of the file is in the active boot segment.
Page 287 AT-WA7500 and AT-WA7501 Installation and User’s Guide Example: To delete the file AP824X.PRG from the flash memory segment, enter: FDEL 1:AP824X.PRG To delete the file FILE.DAT from the memory card, enter: FDEL APP:FILE.DAT Purpose: Erases all the files in a particular segment, including those that have been “deleted”...
Page 288: Using Tftp Commands
Chapter 9: Additional Access Point Features where f is the name of the script file to be executed. For more information about using the script command, see “Creating Script Files” on page 298. Using TFTP TFTP commands are file transfer commands. An access point can act as either a client or server in the TFTP environment.
Page 289 AT-WA7500 and AT-WA7501 Installation and User’s Guide foreignfilename is the name of the file on the server. The filename can contain directory path information and must be in the format required by the server operating system. The file must already have the appropriate file header before the transfer to the access point.
Page 290 Chapter 9: Additional Access Point Features Error Message Explanation Invalid opcode during read This error should not occur under normal operating conditions. This error indicates a TFTP protocol error that will not occur when you use TFTP servers that conform to the protocol.
Page 291 AT-WA7500 and AT-WA7501 Installation and User’s Guide Error Message Explanation Invalid opcode during put This error should not occur under normal operating conditions. This error indicates a TFTP protocol error that will not occur when you use TFTP servers that conform to the protocol.
Page 292 Chapter 9: Additional Access Point Features Syntax: TFTP SERVER STOP After you issue this command, the access point no longer responds to TFTP client requests; however, current TFTP sessions with the server are allowed to complete. This table lists error messages that can be issued from the TFTP server.
Page 293: Using Sdvars Commands
AT-WA7500 and AT-WA7501 Installation and User’s Guide Error Message Explanation Invalid opcode during write This error should not occur under normal operating conditions. This error indicates that the TFTP client does not conform to the protocol. Using sdvars Use sdvars commands to manipulate certain software download variables.
Page 294 Chapter 9: Additional Access Point Features Example: To set the scriptfilename to SCRIPT.DAT, enter: sdvars set scriptfilename script.dat sdvars set starttime Purpose: Sets the internal variable starttime. Starttime is a countdown time; that is, when zero is reached, the software download process begins. Set this variable to reflect how far into the future the access point is to begin downloading and executing the script file from the TFTP server.
Page 295 AT-WA7500 and AT-WA7501 Installation and User’s Guide is executed. You can set the checkpoint variable to a different value after each script command, and then query the checkpoint value using SNMP to determine the progress of the download. Syntax: value sdvars set checkpoint where value is a whole number.
Page 296 Chapter 9: Additional Access Point Features sdvars set setactivepointers Purpose: Sets the setactivepointers command to change inactive segments to active segments the next time the access point is rebooted. This command is usually used with the nextpoweruptime command. Syntax: sdvars set setactivepointers none/boot/data/both where: none does not change the active segments.
Page 297 AT-WA7500 and AT-WA7501 Installation and User’s Guide Syntax: sdvars set nextpoweruptime where dd:hh:mm:ss is how far in the future the reboot is to begin and is days. is hours. is minutes. is seconds. Example: To reboot the access point 2 hours from now, enter:...
Page 298: Creating Script Files
To test a script file, log onto an access point and type each of the script file commands. New Sample This new sample script upgrades an AT-WA7500 or AT-WA7501 access point. This script is based on upnopath.dnl, which is included in the AP Script for upgrade package.
Page 299 AT-WA7500 and AT-WA7501 Installation and User’s Guide file tftp get * software\closed.dnl 1: file tftp get * software\discinca.dnl 1: file tftp get * software\easdb.dnl 1: file tftp get * software\echo.dnl 1: file tftp get * software\favicon.dnl 1: file tftp get * software\file.dnl 1: file tftp get * software\fileimp.dnl 1:...
Page 300: Legacy Sample Script For Upgrading Any Access Point
This sample script file was created for older access points with multiple segments. Although this script specifies segments that do not exist on Script for AT-WA7500 and AT-WA7501 access points, you can run this script on the Upgrading Any access points without generating errors.
Page 301: Copying Files To And From The Access Point
AT-WA7500 and AT-WA7501 Installation and User’s Guide Copying Files To and From the Access Point You can accomplish a variety of file import/export tasks from the File Import/Export screen. In the menu bar, click File Import/Export, and the File Import and Export screen appears.
Page 302: Importing Or Exporting An Eas Radius Database File
Chapter 9: Additional Access Point Features Importing or To import or export an EAS RADIUS database file Exporting an 1. Click Read or write the EAS RADIUS database. The EAS Database EAS RADIUS Import/Export screen appears. Database File 2. To import a file, enter of select the name of the database file to import and click Import Database.
Page 303: Transferring Files Using Your Web Browser
AT-WA7500 and AT-WA7501 Installation and User’s Guide Transferring To transfer files to the access point using your web browser Files Using Your 1. Click Transfer files to this device using your browser. The File Import Web Browser screen appears. 2. (Optional) You can type a filename in the first input field to specify the name that the file will have on the access point.
Page 304: Viewing And Copying Files Using Your Web Browser
Chapter 9: Additional Access Point Features Viewing and To view and copy files from the access point using your web browser Copying Files 1. Click View the file system directory from this device using your Using Your Web browser. The File System Directory screen appears. Browser Note The segment column on this screen contains the identifier AB, which...
Page 305: Transferring Files To And From A Tftp Server
AT-WA7500 and AT-WA7501 Installation and User’s Guide Transferring To transfer files to and from a TFTP server Files to and from 1. Click Transfer files to or from this device using the TFTP client. The a TFTP Server TFTP Client screen appears.
Page 306: Starting Or Stopping The Tftp Server
Chapter 9: Additional Access Point Features Starting or To start or stop the TFTP server Stopping the 1. Click Start or stop the TFTP server. The TFTP Server screen appears. TFTP Server 2. Click Stop Server to stop the TFTP server. Or click Start Server to start the TFTP server.
Page 307 AT-WA7500 and AT-WA7501 Installation and User’s Guide 2. In the Server IP Address field, type the IP address of an active TFTP server from which the software download script file will be retrieved. 3. In the Script File Name field, type the name of a file on the TFTP server that contains the commands that define the download process.
Page 308 Chapter 9: Additional Access Point Features...
Page 309: Appendix A Specifications
Appendix A Specifications This appendix contains AT-WA7500 and AT-WA7501 specifications for reference purposes only. Actual product performance and compliance with local telecommunications regulations may vary from country to country. Allied Telesyn only ships products that are type approved in the destination country.
Page 310 Appendix A: Specifications Table 1. AT-7500 Technical Specifications Radios supported IEEE 802.11g, IEEE 802.11b, IEEE 802.11a Media Access protocol CSMA/CD Filters (protocol) IP, IPX, NetBEUI, DECNET, AppleTalk Filters (others) IP, ARP, Novell RIP, SAP, LSP Serial port maximum 115,200 bps data rate Management interfaces Web browser-based manager, text-based...
Page 311: At-7501 Access Point
AT-WA7500 and AT-WA7501 Installation and User’s Guide AT-7501 Access Point Table 2. AT-7501 Technical Specifications Dimensions H x L x W 9.5 cm x 35.0 cm x 23.6 cm (3.8 in x 14.0 in x 5.8 in) Weight 2.63 kg (5.8 lb)
Page 312 Appendix A: Specifications Table 2. AT-7501 Technical Specifications Serial port maximum 115,200 bps data rate Management interfaces Web browser-based manager, text-based menu system, serial port, Telnet, SNMP SNMP agent RFC 1213 (MIB-2), RFC 1398 (dot3), RFC 1493 (Bridge), 802.11, 802.1x Regulatory Approvals EN 55022/CISPR 22 Class A;...
Page 313: Radio Specifications
AT-WA7500 and AT-WA7501 Installation and User’s Guide Radio Specifications IEEE 802.11g Technical Specifications Table 3 IEEE 802.11g Radio Frequency band 2.4 to 2.5 GHz worldwide Type Direct sequence, spread spectrum Modulation Direct sequence, spread spectrum (CCK, DQPSK, DBPSK) Power output...
Page 314: Ieee 802.11A
Appendix A: Specifications Technical Specifications Table 4 IEEE 802.11b Radio Channels 11 (North America), 13 (Europe), 4 (France), 14 (Japan). 1 (Israel) Range (11 Mbps) 160 m (525 ft) open environment 50 m (165 ft) semi-open environment 24 m (80 ft) in closed environment Unlimited range with roaming Receiver sensitivity -82 dBm...
Page 315 AT-WA7500 and AT-WA7501 Installation and User’s Guide Technical Specifications Table 5 IEEE 802.11a Radio Range (depending 248 m (813.7 ft)6 Mbps on environment) 240 m (787.4 ft)12 Mbps 175 m (574.2 ft)18 Mbps 132 m (433.1 ft)24 Mbps 56 m (183.7 ft)36 Mbps 37 m (121.4 ft)48 Mbps...
Page 316 Appendix A: Specifications...
Page 317: Appendix B Default Settings
Appendix B Default Settings This appendix provides factory defaults for reference purposes only. The factory default settings for the access points are listed in this section. You can record the settings for your installation in each table for reference.
Page 318: Tcp/Ip Settings Menu Defaults
Appendix B: Default Settings TCP/IP Settings Menu Defaults Parameter Range Default Your Site? Name IP Address 4 nodes, 0 to 0.0.0.0 255 or DNS name IP Subnet Mask 4 nodes, 0 to 255.255.255.0 IP Router 4 nodes, 0 to 0.0.0.0 (Gateway) DNS Address 1 4 nodes, 0 to...
Page 319 AT-WA7500 and AT-WA7501 Installation and User’s Guide Parameter Range Default Your Site? Name DHCP for Use Any Use Any Access Point Available Available Network DHCP Server, DHCP Server Only Use Access Point DHCP Server Auto ARP 0 to 120 Minutes...
Page 320: Dhcp Server Setup Menu Defaults
Appendix B: Default Settings DHCP Server Setup Menu Defaults Parameter Range Default Your Site? Name 4 nodes, 0 to 255 10.10.10.100 Address High 4 nodes, 0 to 255 10.10.10.199 Address Lease Time days:hours:minute 0:00:20 Permanently Check/Clear Clear Save IP Address Mappings IP Subnet 4 nodes, 0 to 255...
Page 321: Ieee 802.11G Radio Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide IEEE 802.11g Radio Menu Defaults Parameter Range Default Your Site? Name Frequency Channel 1 to Channel 03, 11, 2412 to 2422 MHz 2462 MHz Node Type Master, Station, Master Disabled SSID (Network 0 to 32...
Page 322 Appendix B: Default Settings Parameter Range Default Your Site? Name Check/Clear Clear Disallow Network Name of ‘ANY’ 1 to 65535 DTIM Period Inbound Filters (Primary Only) Check/Clear Check Allow IAPP Check/Clear Check Allow Wireless Transport Protocol (WTP) Check/Clear Check Allow UDP Plus (UDP/IP Port 5555) Check/Clear...
Page 323: Ieee 802.11B Radio Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide IEEE 802.11b Radio Menu Defaults Parameter Range Default Your Site? Name Node Type Master, Station, Master Disabled SSID (Network 0 to 32 atilan Name) characters Frequency Channel 1 to Channel 03, 2422 MHz...
Page 324 Appendix B: Default Settings Parameter Range Default Your Site? Name Check/Clear Clear Enable Load Balancing Check/Clear Clear Enable Medium Density Distribution Data Traffic Data Traffic Data/Voice Only, Data and only Settings SpectraLink Traffic, SpectraLink Traffic Only Check/Clear Clear Disallow Network Name of ‘ANY’...
Page 325: Ieee 802.11A Radio Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide IEEE 802.11a Radio Menu Defaults Parameter Range Default Your Site? Name Frequency Dynamic, 36, (full-range) 40, 42, 44, 48, Channel 36, 50, 52, 56, 58, 5180 MHz IEEE 60, 64 (mid-range) Channel 52,...
Page 326 Appendix B: Default Settings Parameter Range Default Your Site? Name 1 to 65535 2347 Reservation Threshold (2347 to Disable) 256 to 2346 2346 Fragmentatio n Threshold Check/Clear Clear Disallow Network Name of ‘ANY’ 20 to 1000 TU Beacon Period 1 to 5 DTIM Period Inbound Filters Check/Clear...
Page 327: Spanning Tree Settings Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide Spanning Tree Settings Menu Defaults Parameter Range Default Your Site? Name AP Name 0 to 16 (access point characters serial number) LAN ID 0 to 254 (Domain) Root Priority 0 to 7 Enable...
Page 328: Global Flooding Menu Defaults
Appendix B: Default Settings Global Flooding Menu Defaults Parameter Range Default Your Site? Name Multicast Universal, Hierarchical Flooding Hierarchical, Disabled Multicast Enabled Set locally Outbound to globally/Set Secondary locally LANs Allow Multicast Check/Clear Check Outbound to Terminals Unicast Universal, Disabled Flooding Hierarchical, Disabled...
Page 329: Global Rf Parameters Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide Global RF Parameters Menu Defaults Parameter Range Default Your Site? Name Perform Check/Clear Check RFC1042/DIX Conversion S-UHF Rfp Threshold Enabled/ Disabled Set Globally Disabled 0 to 250 bytes 70 bytes Value S-UHF Frag Size...
Page 330 Appendix B: Default Settings Parameter Range Default Your Site? Name Two sets of 00 00 3 through 20 hexadecimal pairs 00 through FF.
Page 331: Telnet Gateway Configuration Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide Telnet Gateway Configuration Menu Defaults Parameter Range Default Your Site? Name Host Name IP address or (blank) DNS name Host Port Term Port Off, 23,5000, 5001, 5002, 5003, 5004, 5005, 5006, 5007, 5008,...
Page 332: Ethernet Configuration Menu Defaults
Appendix B: Default Settings Ethernet Configuration Menu Defaults Parameter Range Default Your Site? Name Port Type 10/100 Mb Twisted- 10/100 Mb Pair Twisted-Pair 100 Mb Fiber Optic Link Speed Auto Select, 100 Auto Select Mbps Full-Duplex, 100 Mbps Half- Duplex, 10 Mbps Full-Duplex, 10 Mbps Half-Duplex Enable Link...
Page 333 AT-WA7500 and AT-WA7501 Installation and User’s Guide Parameter Range Default Your Site? Name DIX-IP-TCP- DIX-IP-TCP- SubType Port, Port DIX-IP-UDP- Port, DIX-IP- Protocol, DIX-IPX- Socket, DIX-EtherType, SNAP-IP-TCP- Port, SNAP -IP-UDP- Port, SNAP -IP- Protocol, SNAP -IPX- Socket, SNAP - EtherType, 802.3-IPX- Socket, 802.2 -IPX-...
Page 334 Parameter Range Default Your Site? Name And, Pass, Action Drop...
Page 335: Ip Tunnels Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide IP Tunnels Menu Defaults Parameter Name Range Default Your Site? Mode Listen, Originate If Listen Root, Disabled Enable IGMP Check/Clear Clear (Appears if Mode is Listen) Allow IP Multicast Check/Clear Clear (Appears if Mode...
Page 336 Appendix B: Default Settings Parameter Name Range Default Your Site? DIX-IP-TCP-Port, DIX-IP-TCP- SubType DIX-IP-UDP-Port, Port DIX-IP-Protocol, DIX-IPX-Socket, DIX-EtherType, SNAP-IP-TCP- Port, SNAP -IP-UDP- Port, SNAP -IP-Protocol, SNAP -IPX-Socket, SNAP -EtherType, 802.3-IPX-Socket, 802.2 -IPX-Socket, 802.2-SAP Two sets of 00 00 Value hexadecimal pairs 00 through FF.
Page 337: Network Management Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide Network Management Menu Defaults Parameter Name Range Default Your Site? SNMP Read 1 to 15 public Community characters SNMP Write 1 to 15 CR52401 Community characters SNMP Secret 1 to 15 Secret Community...
Page 338: Security Menu Defaults
Appendix B: Default Settings Security Menu Defaults Parameter Range Default Your Site? Name Browser Secure-Only Enabled (Port Access (Port 443), 80/443) Enabled (Port 80/443), Disabled Allow Telnet Check/Clear Check Access (Port Allow SNMP Check/Clear Check Access (Port 161/162) Allow TFTP Check/Clear Check Access...
Page 339: Ieee 802.11 (B Or A) Radio Security Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide Parameter Range Default Your Site? Name Allow Service Check/Clear Check Password IEEE 802.11 (b or a) Radio Security Parameter Menu Defaults Range Default Your Site? Name Enable ACL Check/Clear Clear Client Authorization Enable...
Page 340: Radius Server List Menu Defaults
Appendix B: Default Settings Parameter Range Default Your Site? Name Any number Key Rotation Period If Security Level is WPA/PSK TKIP TKIP Multicast Encryption Type 256 (32 byte) (blank) Pre-share Key hexadecimal value or an ASCII pass- phrase Any number Key Rotation Period If Security Level is WPA + 802.1x...
Page 341: Spanning Tree Security Menu Defaults
AT-WA7500 and AT-WA7501 Installation and User’s Guide Parameter Range Default Your Site? Name Login Check/Clear Clear except Servers 1 and 2 Spanning Tree Security Menu Parameter Range Default Your Site? Defaults Name Secure IAPP Check/Clear Check If 802.1x security or Secure IAPP is enabled...
Page 342 Appendix B: Default Settings...
Page 343: Appendix C Glossary
Appendix C Glossary ARP (Address Resolution Protocol) cache A table that stores IP addresses and their corresponding MAC addresses. The access point maintains an ARP cache and can act as an ARP server. BFSK (Binary Frequency Shift Key) A broadcasting method that lengthens the range but halves the throughput as compared to the QFSK method.
Page 344 Appendix C: Glossary To enable data link tunneling, disable Ethernet bridging. designated bridge Also called a secondary LAN bridge. An access point that is assigned the role of bridging frames destined for or received from a secondary LAN. A designated bridge connects a secondary LAN with the primary LAN. In the access point, the secondary LAN bridge priority parameter determines if the access point is a candidate to become the designated bridge.
Page 345 AT-WA7500 and AT-WA7501 Installation and User’s Guide Ethernet bridging When an access point receives wireless traffic and the destination address is known, it forwards frames to the port with the shortest path to the destination address. When the access point has not learned the direction of the shortest path for the destination address, it forwards frames based on flooding settings to try to locate the destination address.
Page 346 Appendix C: Glossary IGMP (Internet Group Management Protocol) A standard protocol that lets you originate multiple IP tunnels using one IP multicast address. IGMP allows IP multicast frames to be routed to remote IP subnets that have hosts participating in the multicast group. By enabling IGMP, access points can act as IP hosts and participate in an IP multicast group.
Page 347 AT-WA7500 and AT-WA7501 Installation and User’s Guide activity. The MIB for the access point is available from the Allied Telesyn web site at www.alliedtelesyn.com. multicast address A form of broadcast address through which copies of the frame are delivered to a subset of all possible destinations that have a common multicast address.
Page 348 Appendix C: Glossary point-to-point bridge See also wireless bridge. A bridge that connects two wired networks with similar architectures. Two access points can be used to provide a point-to- point bridge between two buildings so that wired and wireless devices in each building can communicate with devices in the other building.
Page 349 AT-WA7500 and AT-WA7501 Installation and User’s Guide root port The access point port that provides the inbound connection to the spanning tree. The root port provides a link to a parent access point. Note that a root access point does not have a root port.
Page 350 Ethernet, you plug the access point into the splitter and then you plug the splitter into a power bridge. The AT-WA7500 and AT-WA7501 do not use a splitter. SWAP (Secure Wireless Authentication Protocol) This protocol creates secure wireless hops if you enable secure IAPP. It forces access points to authenticate each other using an EAP-MD5 challenge.
Page 351 AT-WA7500 and AT-WA7501 Installation and User’s Guide unicast address A unique Ethernet address assigned to a single device on the network. VLAN (virtual LAN) A network of wireless end devices that behave as if they are connected to the same wire even though they may actually be physically located on different segments of a local area network.
Page 352 Appendix C: Glossary...

This manual is also suitable for:

At-wa7501

Allied Telesis AT-WA7500 Installation And User Manual

Preface

Chapter 1 Getting Started

Chapter 2 Installing the Access Points

Chapter 3 Configuring the Ethernet Network

Chapter 4 Configuring the Radios

Chapter 5 Configuring the Spanning Tree

Chapter 6 Configuring Security

Chapter 7 Configuring the Embedded Authentication Server (EAS)

Chapter 8 Managing, Troubleshooting, and Upgrading Access Points

Chapter 9 Additional Access Point Features

Appendix A Specifications

Appendix B Default Settings

Appendix C Glossary

Quick Links

Troubleshooting

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Allied Telesis AT-WA7500

Summary of Contents for Allied Telesis AT-WA7500