To provide connectivity between the public switched telephone network (pstn) and the avaya meeting exchange enterprise s6800 conferencing server directly and via avaya sip enablement services – issue 1.0 (71 pages)
Avaya W310 WLAN Gateway Installation and Configuration User Guide Document No. 21-300041 Issue 2 October 13, 2004...
Page 2
The final responsibility for securing both this system and its networked equipment rests with you - Avaya’s customer system Avaya Inc. provides a limited warranty on this product. Refer to your administrator, your telecommunications peers, and your managers. sales agreement to establish the terms of the limited warranty. In Base the fulfillment of your responsibility on acquired knowledge and addition, Avaya’s standard warranty language as well as information...
Page 3
Cet appareil numérique de la classe A est conforme à la norme than those specified herein may result in hazardous radiation NMB-003 du Canada. exposures. Contact your Avaya representative for more laser product This equipment meets the applicable Industry Canada Terminal information.
Page 4
Avaya Publications Center (SDoC) Voice 1.800.457.1235 or 1.207.866.6701 FAX 1.800.457.1764 or 1.207.626.7269 Avaya Inc. in the United States of America hereby certifies that the equipment described in this document and bearing a TIA TSB-168 Write: Globalware Solutions label identification number complies with the FCC’s Rules and...
Switched Network Monitoring (SMON) ............3 Fan and Power Supply ..................3 Chapter 2 Standards and Compatibility .................... 5 Avaya W310 WLAN Gateway Ethernet Standards Supported........ 5 IEEE ........................ 5 IETF - Layer 2 ....................5 IETF - Network Monitoring..................6 Wireless........................
Page 6
Recommended Power Supply Redundancy Scheme..........23 Budgeting Power ....................25 Post-Installation......................25 Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels ..........27 Avaya W310 WLAN Gateway Front Panel ............27 Right and Left Arrow Buttons ...............31 Avaya W310 Back Panel..................32 DC Input Connector ..................32...
Page 7
Establishing a Serial Connection ................34 Configuring the Terminal Serial Port Parameters ......... 34 Connecting a Terminal to the W310 Serial Port ........... 34 Establishing a Telnet Connection ................35 Establishing a Modem (PPP) Connection with the W310 ........36 Overview .......................
Page 8
Contents Chapter 11 W310 WLAN Gateway Layer 2 Features ..............59 Overview ........................59 Ethernet ........................60 Fast Ethernet ..................60 Gigabit Ethernet ..................60 Configuring Ethernet Parameters ..............60 Auto-Negotiation ...................60 Full-Duplex/Half-Duplex ..............60 Speed .....................60 Flow Control ..................61 Priority ....................61 Media Access Control (MAC) Address ..........62 Channel Access Method (CAM) Table ..........62...
Page 9
Step 1: Start the W310 Manager Web Interface ......... 104 Step 2: Configure the Wireless Domain Servers ......... 105 Step 3: Create a Service Set Identifier (SSID) For The W310 Light Access Point Ports ..................108 Step 4: Define User Groups ..............113 Step 5: Set Policy for the W310 ............
Page 10
Multiple SSIDs: Security ................147 Configuring an SSID Entry .................148 Example ....................148 SSID Table CLI Commands ................149 SSID Table Configuration Using the W310 Wireless Manager ....151 User Group Table ....................154 User Group Table Attributes ...............156 User Group CLI Commands ..............159 Policy User Group ..................161 Policy User Group CLI Command ............161...
Page 11
Channel Selection ................208 Operational Mode ................209 802.11 Interfaces ..................210 Interface Parameters ................210 802.11i ......................213 Radio Card CLI Commands ................ 214 W110 (LAP) and Radio Card Configuration Using the W310 Manager ..215 Avaya W310 Installation and Configuration Guide...
Page 12
Contents Advanced - 802.11a/802.11g Configuration Using the W310 Manager ... LAP Template Configuration - Operational Mode Tab Using the W310 Manager .....................220 Viewing LAP Configuration Using the W310 Manager .....222 Configuring Basic LAP Parameters ..............224 Saving the W310 and W110 Configurations............225 Chapter 13 PoE (Power over Ethernet) Features ................
Page 13
Troubleshooting the Installation ................251 Troubleshooting Image Downloads ..............252 Chapter 17 Updating the Software....................253 Software Download....................253 Obtain Software Online ................253 Downloading Software ................253 Download New Version without Overwriting Existing Version ......254 Avaya W310 Installation and Configuration Guide...
Page 14
Contents Avaya W310 Installation and Configuration Guide...
Before You Install the W310 WLAN Gateway Safety Information Caution: The W310 WLAN Gateway contains components sensitive to electrostatic discharge. Do not touch the circuit boards unless instructed to do so. Warning: Only trained and qualified personnel should be allowed to install or replace this equipment.
Warning: This means danger. Failure to follow the instructions or warnings may result in bodily injury. You should ensure that you are qualified for this task and have read and understood all the instructions This provides a helpful hint for successfully installing or configuring the W310. Avaya W310 User’s Guide...
W310 provides a richer feature set in the security, mobility and management area and also provides a lower overall cost of ownership for medium/large enterprise or a hotspot service provider.
Network Management and Monitoring Comprehensive network management and monitoring are key to today’s networks. Avaya has provided multiple ways for managing the W310 to suit your needs. Each management tool is explained in detail starting below. Device Manager (Embedded Web) The built-in Device Manager (Embedded Web Manager) allows you to manage a W310 using a Web browser without purchasing additional software.
Avaya W310 WLAN Gateway Overview Avaya Integrated Management Suite (IM) When you need extra control and monitoring or need to manage other Avaya equipment, you can use the Avaya Integrated Management suite. This suite provides the ease-of-use and features necessary for optimal network utilization.
Chapter 2 Standards and Compatibility Avaya W310 WLAN Gateway Ethernet Standards Supported The Avaya W310 WLAN Gateway complies with the following standards: IEEE • 802.3x Flow Control on all ports • 802.1Q VLAN Tagging support on all ports • 802.1p Priority Tagging compatible on all ports •...
W110 Power Requirements The W310 provides 150W of 802.af compliant power over the 16 ports. There is 9.4W per port. This allows you to attach up to 16 W110s to the W310. The W110 must use Power over Ethernet. 10/100 Base-T Copper Cabling Use a Category 5 copper cable with RJ-45 termination for 100Base-T ports.
Tx and Rx ports should be protected with an optical connector or a dust plug. Installation Installing and Removing a SFF/SFP GBIC Transceiver Caution: Use only 3.3V Avaya-authorized SFF/SFP GBIC transceivers. Use only SFF/SFP GBIC transceivers that are 3.3V and use Serial Identification. The SFF/SFP GBIC transceiver is fastened using a snap-in clip.
You should also ensure that the auto-negotiation is enabled for the port at the other end of the link: Use the command to check the auto-negotiation status of the transceiver show port ports. Use the command to enable set port negotiation <module>/<port> enable autonegotiation if necessary. Avaya W310 User’s Guide...
Chapter 3 Specifications Connector Pin Assignments Console Pin Assignments For direct Console communications, connect the W310 to the Console Terminal using the supplied RJ-45 crossed cable and RJ-45 to DB-9 adapter. Table B.4 Pinout of the Required Connection for Console Communications...
• Phillips (cross-blade) screwdriver Site Preparation You can mount the Avaya W310 in a standard 19-inch equipment rack in a wiring closet or equipment room. When deciding where to position the unit, ensure that the W310 is: • Accessible and cables can be connected easily and according to network design.
1U (44.45 mm, 1.75î) high. It is You can mount the Avaya W310 in a standard 19" rack either in front-mount or mid-mount positions with the brackets supplied with the chassis. The brackets are symmetric: you can fix either bracket on either side.
Be careful not to overtighten the screws. Insert the unit into the rack. Ensure that the four W310 screw holes are aligned with the rack hole positions as shown in Figure 4.1 and Figure 4.3.
Caution: Ensure that the wall and screws can support the weight of the W310. The minimum weight of the W310 is 12 lb (5.5 kg). Place the unit on the wall. Ensure that the four W310 screw holes are aligned with the rack hole positions as shown in Figure 4.4.
Ensure that ventilation holes are not obstructed to ensure proper air flow. Making Connections to Network Equipment This section describes the physical connections that you can make between the W310 switch and other network equipment. Prerequisites...
Page 41
Connect an Ethernet fiberoptic cable (not supplied) to the GBIC transceiver. You can use LC or MT-RJ fiberoptic cables, depending on the GBIC type you are using. For a list of approved SFP GBIC transceivers, see www.avaya.com/support. For fiberoptic cable properties, see Table 4.4.
Chapter 5 Powering Up the W310 WLAN Gateway This section describes the procedures for powering up the W310 unit. Warning: To remove power from the switch, you must disconnect the AC and DC (if connected) power supplies. Using the DC Input You can use the DC input to provide backup power if the AC power source fails.
Insert the AC power cord into the power inlet in the back of the unit. The unit powers up. After power up or reset, the W310 performs a self-test procedure. — The top row of LEDs (LNK, COL, Tx, etc.) will light up.
This power shelf can house up to three 800W power supplies, yielding up to 2,400W of external power. It can provide up to 300W of Inline power per W310 switch. In a fully populated power shelf configuration, you can provide additional backup power for eight W310 switches (depending on configuration -- see Table 3).
Page 46
Chapter 5 Powering Up the W310 WLAN Gateway Figure 5.2 Connecting Redundant Power Supplies to the W310 AC power DC power (-) DC power (+) Table 5.2 Required Equipment Quantity Description Material code W310 Mobility Gateway APC (Advanced Power Conversion...
When deciding how many 800W PSUs to install in the APC external DC power shelf, you need to take into account the configuration of the powerinline external power parameter in the W310 switch (set using the set powerinline external power CLI command). Refer to Table 5.3 for guidelines:...
Page 48
Chapter 5 Powering Up the W310 WLAN Gateway Avaya W310 User’s Guide...
Function LEDs are selected by pressing the left or right button until the desired parameter LED is illuminated. Each function is displayed first for ports 1 to 16. The 10/100Base-T ports of the W310 are numbered 1 to 16. The two SFP GBIC Gigabit Ethernet ports are numbered 51 and 52.
Page 50
Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels Figure 6.2 W310 LEDs Function LEDs System LEDs Port LEDs Avaya W310 User’s Guide...
Page 51
Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels Figure 6.3 Order of Function Parameters Selected with the Left/Right Front Panel Buttons Starting Point (after Power-up or Reset) Left Right Button Button Hspd Table 6.1 Avaya W310 Function LED Descriptions...
Page 52
Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels Description State Meaning The function LEDs apply to all ports. Port is disabled. Port status Port is enabled and link is up. Blinking Port is enabled but the link is down.
Not enough power All LEDs are lit during reset. Right and Left Arrow Buttons Table 6.2 for a description of the left and right buttons on the W310 front panel. Figure 6.4 Left and Right Arrow Buttons Table 6.2 Avaya W310...
Chapter 6 Avaya W310 WLAN Gateway Front and Rear Panels Avaya W310 Back Panel The W310 back panel contains an AC and DC power supply connectors. Figure 6.5 shows the back panel. Figure 6.5 Avaya W310 Back Panel AC input...
(Point to Point Protocol (PPP) connection). See Establishing a Modem (PPP) Connection with the W310. You must assign the W310 its own IP address once you have connected. See for more Assigning the W310 IP Address information. Avaya W310 User’s Guide...
Establishing Switch Access Establishing a Serial Connection This section provides the procedure for establishing switch access between a terminal and the W310 switch over the serial port provided on the front panel of the W310 (RJ-45 connector labeled “CONSOLE”). Figure 7.1...
Perform the following steps to establish a Telnet connection to the W310 for configuration: Connect your station to the network. Verify that you can communicate with the W310 using Ping to the IP of the W310. If there is no response using Ping, check the IP address and default gateway of both the W310 and the station.
At the prompt, type: set interface ppp <ip_addr><net-mask> with an IP address and netmask to be used by the W310 to connect via its PPP interface. The PPP interface configured with the set interface ppp command must be on a different subnet from the inband interface.
Assigning the W310 IP Address All W310 switches are shipped with the same default IP address. You must change the IP address of the W310 switch in order to guarantee that it has its own unique IP address in the network.
A login name and password are always required to access the CLI and the commands or the W310 Device Manager. The login name, password, and access-type (i.e., security level) for a user account are established using the username CLI command.
Using the CLI: Entering the Supervisor Level The Supervisor level is the level in which you first enter W310 CLI and establish user names for up to 10 local users. When you enter the Supervisor level, you are asked for a Login name.
The Supervisor level prompt is shown below: W310(super)# Entering the W310 Manager If you installed the Avaya W310 Manager as part of Avaya Network Management, the following table provides instructions for starting Avaya W310 Manager. If you run the Avaya W310...
Page 64
Then use this procedure: Manager from: HP Network Node Manager From the network management map: (NNM) 1 Select the Avaya W310 Device you want to manage. 2 Click in the OpenView toolbar. Double-click on the Avaya W310 Device. Select Tools > Avaya Device Manager.
Page 65
3 To save the password on your computer, check the Save this password in your password list checkbox. 4 Click OK. The Avaya W310 Welcome page opens. — If the required Java plug-in is installed on your computer, the Java Plug-in Security Warning dialog box opens after a few seconds.
(account) information is configured that provides various degrees of access to the switch. The W310 will run as a RADIUS client. When a user attempts to log into the W310, if there is no local user account for the entered user name and password, then the W310 will send an Authentication Request to the RADIUS server in an attempt to authenticate the user remotely.
Page 67
Local User account authenticated in switch? Authentication request sent to RADIUS Server User name and password authenticated? Authentication Reject Perform log-in according sent to switch to user's priviliege level User cannot access switch to switch embedded managegment Avaya W310 User’s Guide...
The shared secrets will not be displayed For a complete description of the RADIUS CLI commands, including syntax and output examples, refer to W310 CLI Reference Guide. Using the W310 Manager To view or set the RADIUS configuration information about the device: —...
Page 69
Use the Set Primary Server Status field. server • Set to True so the configured primary RADIUS server is available for connection. • Set to False so the primary RADIUS server is not available for connection. Continued Avaya W310 User’s Guide...
Page 70
RADIUS Secondary Server Status field(s). Set to False so authentication server the RADIUS server is not available for connection. • Use the Primary Server IP Address and/or Secondary Server IP Address field(s). Remove the IP address. Avaya W310 User’s Guide...
Show whether the status of allowed show allowed managers status managers is enabled or disabled Show the IP addresses of the managers show secure current that are currently connected Avaya W310 User’s Guide...
Page 72
Chapter 8 User Authentication Avaya W310 User’s Guide...
Device Manager User’s Guide on the Documentation and Utilities CD. W310 Default Settings The default settings for the W310 switch and its ports are determined by the W310 software. These default settings are subject to change in newer versions of the W310 software. See the Release Notes for the most up-to-date settings.
Page 76
Chapter 9 W310 WLAN Gateway Default Settings Table 9.1 Default Switch Settings Function Default Setting Timezone offset 0 hours SNMP communities: Read-only Public Read-write Public Trap SNMP Public SNMP authentication trap Disabled CLI timeout 15 Minutes User Name/Password root/root Functions operate in their default settings unless configured otherwise.
Page 77
Chapter 9 W310 WLAN Gateway Default Settings Function Default Setting Eavesdropping Prevention Intrusion Prevention Tagging mode Clear Clear Port priority Spanning Tree cost Spanning Tree port priority InLine Power Enabled Not applicable InLine Power Priority Not applicable 1 Ensure that the other side is also set to Autonegotiation Enabled.
Clear the current terminal display clear screen Set the number of minutes before an set logout inactive CLI session automatically logs Display the number of minutes before show logout an inactive CLI session automatically times out Avaya W310 User’s Guide...
Chapter 10 Basic Switch Configuration System Parameter Configuration Identifying the System Using the CLI In order to make a W310 WLAN Gateway switch easier to identify, you can define a • name for the switch, • contact information for the switch technician and the •...
Page 81
Use the Physical Location field to enter the current the W310 physical location of this device. View the identify of the See the Device Family field to view the model of the device family device. Continued Avaya W310 User’s Guide...
Fatal - Device is reporting errors that are not recoverable. Network Time Acquiring Protocols Parameter Configuration The W310 can acquire the time from a Network Time Server. W310 supports the • Simple Network Time Protocol (SNTP) Protocol (RFC 958) over User Datagram Protocol (UDP) port 123 or •...
Page 83
Display the current time show time Display the time status and parameters show time parameters Display the current time zone offset show timezone Get the time from the time server get time Avaya W310 User’s Guide...
W310 for Layer 2 operation. Overview The W310 family supports a range of Layer 2 features. Each feature has CLI commands associated with it. These commands are used to configure, operate, or monitor switch activity for each of the Layer 2 features.
Chapter 11 W310 WLAN Gateway Layer 2 Features Ethernet Ethernet is one of the most widely implemented LAN standards. It uses the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) access method to handle simultaneous demands. CSMA/CD is a multi-user network allocation procedure in which every station can receive the transmissions of every other station.
Priority By its nature, network traffic varies greatly over time, so short-term peak loads may exceed the W310 capacity. When this occurs, the W310 must buffer frames until there is enough capacity to forward them to the appropriate ports. This, however, can interrupt time-sensitive traffic streams, such as Voice and other converged applications.
• If the ingress port was a W310 port or a W310 Gigabit Ethernet port (51,52), the packet will be tagged either priority 0 or priority 4, depending on the queue it was assigned to (High Priority=4, Normal Priority=0).
Ethernet Configuration CLI Commands The following table contains a list of the configuration CLI commands for the Ethernet feature. The rules of syntax and output examples are all set out in detail in the Avaya W310 CLI Reference Guide. Table 11.1 Configuration CLI Commands for Ethernet Feature In order to...
* It is recommended to set ports connected to W110 to flow-control off and auto- negotiation enabled. Ethernet Port Configuration Using the W310 Manager To view the General tab of the Port Configuration dialog box for a selected port: •...
Page 91
Chapter 11 W310 WLAN Gateway Layer 2 Features The following table provides a list of the fields in the Port Configuration dialog box of the General tab and their descriptions. Table 11.2 Port Configuration Dialog Box - General Tab Parameters...
Page 92
Chapter 11 W310 WLAN Gateway Layer 2 Features Table 11.2 Port Configuration Dialog Box - General Tab Parameters (Continued) Field Description Tagging Mode The port’s operational mode regarding VLANs. The possible modes are: • Clear - Transmits each outgoing packet in untagged format if it belongs to the port’s VLAN.
Page 93
Chapter 11 W310 WLAN Gateway Layer 2 Features Table 11.2 Port Configuration Dialog Box - General Tab Parameters (Continued) Field Description Auto Negotiation Status The operational state of the Auto-Negotiation protocol between two stations. Possible statuses are: • Pass - The Auto-Negotiation protocol is enabled and a common protocol has been established.
Chapter 11 W310 WLAN Gateway Layer 2 Features VLAN Configuration VLAN Overview A VLAN is made up of a group of devices on one or more LANs that are configured so that they operate as if they form an independent LAN, when in fact they may be located on a number of different LAN segments.
Chapter 11 W310 WLAN Gateway Layer 2 Features In Figure 11.3, the W310 has three separate VLANs: Sales, Engineering, and Marketing. Each VLAN has several physical ports assigned to it with PCs connected to those ports. When traffic flows from a PC on the Sales VLAN for example, that traffic is only forwarded out the other ports assigned to that VLAN.
Page 96
Chapter 11 W310 WLAN Gateway Layer 2 Features In order to accomplish this, W310 allows you to set multiple VLANs per port. The three available Port Multi-VLAN binding modes are: • Bind to All – the port is programmed to support the entire 3K VLANs range. Traffic from any VLAN is forwarded through a port defined as “Bind to All”.
VLAN CLI Commands The following table contains a list of the CLI commands for the VLAN feature. The rules of syntax and output examples are all set out in detail in the W310 CLI Reference Guide. Table 11.3 VLAN CLI Commands In order to...
Chapter 11 W310 WLAN Gateway Layer 2 Features VLAN Configuration Using the W310 Manager To configure VLAN names, numbers, and component switch ports: Click Select Configure > VLANs. The VLAN Configuration dialog box opens. Click the New button on the bottom of the dialog. The Port Configuration dialog appears.
Page 99
Chapter 11 W310 WLAN Gateway Layer 2 Features Table 11.4 Port Configuration Area Parameters (Continued) In order to . . . Do the following . . . Set the configured In the Binding Style field, from the drop-down menu, binding style on the port select the binding style configured on the port.
“unauthorized” which closes the port to any traffic. • As a result of an authentication attempt, the W310 port can be either in a “blocked” or a “forwarding” state. 802.1X interacts with existing standards to perform its authentication operation. Specifically,...
• You can configure PBNAC on the 10/100 Mbps Ethernet ports only. • Works only if a RADIUS server is configured on the W310 and the RADIUS server is carefully configured to support 802.1X. • PBNAC and port/intermodule redundancy can co-exist on the same ports.
Chapter 11 W310 WLAN Gateway Layer 2 Features Set the dot1x system-auth-config to enable; the authentication process starts: — The supplicant is asked to supply a user name and password. — If authentication is enabled on the port, the Authenticator initiates authentication when the link is up.
Page 103
Chapter 11 W310 WLAN Gateway Layer 2 Features In order to... Use the following command... Set the authentication period (an idle set dot1x re-authperiod time between re-authentication attempts) Set the authenticator-to-supplicant set dot1x supp-timeout retransmission timeout period (the time for the switch to wait for a reply from...
Spanning Tree Protocol Overview W310 devices support both common Spanning Tree protocol (802.1d) and the enhanced Rapid Spanning Tree protocol (802.1w). The 802.1w is a faster and more sophisticated version of the 802.1d (STP) standard. Spanning Tree makes it possible to recover connectivity after an outage within a minute or so.
The Spanning Tree can take up to 30 seconds to open traffic on a port. This delay can cause problems on ports carrying time-sensitive traffic. You can therefore enable/disable Spanning Tree in the W310 on a per-port basis to minimize this effect. Rapid Spanning Tree Protocol (RSTP) About the 802.1w Standard...
– automatic detection of point-to-point link – is sufficient for most networks. Spanning Tree Implementation in the W310 Family RSTP is implemented in the W310 family of products so that it is interoperable with the existing implementation of STP. In order to configure the switch to either common Spanning Tree or Rapid Spanning Tree protocol, use •...
Spanning Tree Protocol CLI Commands The following table contains a list of CLI commands for the Spanning Tree feature. The rules of syntax and output examples are all set out in detail in the W310 CLI Reference Guide. Table 11.6 Spanning Tree Protocol CLI Commands In order to...
Page 108
Chapter 11 W310 WLAN Gateway Layer 2 Features Table 11.6 Spanning Tree Protocol CLI Commands In order to... Use the following command... Set the TX hold count for the STA set spantree tx-hold-count Add a port to the spanning tree...
In order to configure Spanning Tree parameters, do the following: Click the W310 symbol in the Chassis View. Click the W310 icon in the Tree View. The Device Information dialog box opens to the General tab. Select The Device Information Dialog - Advanced Tab. This tab provides you with network bridging information about the Avaya W310 device.
Page 110
Set the amount of time a In the STP Forward Delay field, click on the numeric W310 will wait before value to enter the amount of time for the W310 to begin forwarding packets forwarding packets when first joining a network.
Page 111
Set the amount of time the In the Aging Time (sec) field, click on the numeric value W310 must wait before it to enter the amount of time before the W310 requests requests STP information Spanning Tree information from neighboring devices.
MAC Aging CLI Commands The following table contains a list of the CLI commands for the MAC Aging feature. The rules of syntax and output examples are all set out in detail in the W310 CLI Reference Guide. Table 11.8 MAC Aging CLI Commands In order to...
10x). This logical port number can then be used as any regular panel port for all configuration required for the LAG (Spanning Tree, Redundancy, etc.) In the W310, you need to erase all ports in the LAG in order to remove it. LAG CLI Commands The following table contains a list of the CLI commands for the LAG feature.
Chapter 11 W310 WLAN Gateway Layer 2 Features LAG Configuration Using the W310 Manager To view the LAG Table: Click Select Configure > Port LAG. The LAG Information table opens. To configure a LAG, click the Wizard button on the bottom of the dialog.
W310 WLAN Gateway Layer 2 Features LAG Implementation in the W310 This section describes the implementation of the LAG feature in the W310. With the W310, you can aggregate the following to form a maximum of four (4) LAGs per W310: •...
Page 116
Chapter 11 W310 WLAN Gateway Layer 2 Features Port Redundancy interworks with the Spanning Tree Algorithm. The Port Redundancy feature functions as follows: • Port Redundancy enables the user to establish 20 pairs of ports. Within each pair, primary and secondary ports are defined. To prevent loops, only one port is enabled at a time.
Port Redundancy CLI Commands The following table contains a list of the CLI commands for the Redundancy feature. The rules of syntax and output examples are all set out in detail in the W310 CLI Reference Guide. Table 11.10 Redundancy CLI Commands (check spec) In order to...
Page 118
Chapter 11 W310 WLAN Gateway Layer 2 Features Update the device by clicking Apply. Figure 11.8 Port Redundancy Dialog Box The Port Redundancy dialog box provides a list of all port redundancies configured on the switch, with their respective primary and secondary ports and the device’s port redundancy configuration.
Page 119
Chapter 11 W310 WLAN Gateway Layer 2 Features Table 11.11 Port Redundancy Fields (Continued) In order to . . . Do the following . . . Select the secondary Use the Secondary field to enter the secondary port of redundancy port the port redundancy pair.
This learning is based on IGMP (version 1 or 2) snooping. The multicast filtering function in the W310 is transparent to the IP hosts and routers. It does not affect the forwarding behavior apart from filtering multicast packets from certain ports where they are not needed.
IP Multicast CLI Commands The following table contains a list of the CLI commands for the IP Multicast feature. The rules of syntax and output examples are all set out in detail in the W310 CLI Reference Guide. Table 11.12 IP Multicast CLI Commands In order to...
Chapter 11 W310 WLAN Gateway Layer 2 Features IP Multicast Implementation in the Avaya W310 This section describes the implementation of the IP multicast feature in the Avaya W310: • No. of multicast groups — 255 IP Multicast Filtering Configuration Using the W310 Manager To configure IP Multicast Filtering: •...
Page 123
This time allows other hosts to report to the device. filtering begins The valid range for this parameter is 1 - 300 seconds. To change the IP Multicast filtering configuration for the Avaya W310 Device, change the IP Multicast filtering parameters described above. •...
— Giga ports — the Low priority queue will transmit only if the High priority queue has nothing to transmit. — W310 10/100 ports — the Lower priority queue will transmit only if none of the Higher priority queue has nothing to transmit.
Port Classification Overview With the W310, you can classify any port as regular or valuable. Setting a port to valuable means that, in case of Ethernet link failure of that port, a link fault trap can be sent even when the port is disabled and a fast aging operation on the CAM table will be performed.
Page 126
Chapter 11 W310 WLAN Gateway Layer 2 Features Figure 11.10 Port Configuration Dialog Box - Advanced Tab The following table provides a list of the fields in the Port Configuration dialog box specific to port classification. Table 11.15 Port Configuration Dialog Box - Advanced Tab Parameters In order to .
Chapter 11 W310 WLAN Gateway Layer 2 Features Ports connected to W110 LAP Table 11.16 summarizes the changes in behavior when you connect W110 LAPs to an Ethernet port: Table 11.16 Ports connected to W110 LAPs Parameter/Function Change in behavior/value...
W310 for wireless operation. Overview The W310 performs all functions that were once part of the Access Point operation using a W110 WLAN Access Point (LAP). The W310 also supports the traditional Access Points that are migrated to Light Access Points (LAPs).
IP address of the switch. Note: The user name is “root” The default password for read-write access is “root”. Once you enter the User Name and Password, the W310 Manager Welcome page appears (as shown on the next page).
Configure the wireless domain with only one master and one backup (optional) W310. For each additional W310 that is a member of the domain, you must configure the W310 to point to the same master and backup. Also, if configuring a backup for the wireless domain, it must not be the same W310 as the master.
Page 132
Chapter 12 W310 WLAN Gateway Wireless Features Use the following table provides a list of the fields in the Wireless Domain Configuration dialog box. Use this field . . . To do the following . . . Master gateway IP address Click on the text field to enter the IP address of the primary wireless gateway.
Page 133
• When checked, all attached LAPs use the configured Wireless Domain Master Gateway Community string. - If you run the Avaya W310 Manager from an Avaya Network Management Console, Avaya W310 Manager uses the community string configured in the Network Management Console.
Chapter 12 W310 WLAN Gateway Wireless Features Step 3: Create a Service Set Identifier (SSID) For The W310 Light Access Point Ports Note: For information on SSIDs, see Multiple Service Set Identifiers (SSIDs). In the W310 Manager, select Configure and then SSID Table from the menu bar. The SSID Table displays as shown below.
Page 135
Chapter 12 W310 WLAN Gateway Wireless Features Note: You can edit the "default" SSID row if necessary by selecting any of the parameters. However, you cannot delete the default SSID. Use this field . . . To do the following . . .
Page 136
VLANs are accessible, while on others, only a limited set is accessible. An accessible VLAN does not require the tunneling of broadcasts to a W310 in cases where a client on the accessible VLAN roams to a W310. Normally, a VLAN is considered "accessible" if one of the following is true: •...
Page 137
• Client/server mutual authentication. • WPA-PSK (Pre-Shared Key): For networks that do not have 802.1x implemented, you can configure the W310 to authenticate clients based on a Pre-Shared Key. Note: For details on each security mode, see Authentication and Encryption Modes.
Page 138
Chapter 12 W310 WLAN Gateway Wireless Features Use this field . . . To do the following . . . Closed System Set closed system for an SSID using the drop-down menu. • When enabled, the clients must have the same SSID as the Access Point in order to communicate.
Step 4: Define User Groups Note: If you are using a RADIUS server, you must define the User Group in the W310 Device Manager with the same name used for the RADIUS server User Group. The RADIUS server property for User Group is 841.
Page 140
Chapter 12 W310 WLAN Gateway Wireless Features In the W310 Device Manager User Group Table dialog, if you want to enter an IP address for a static Home Gateway, click on the Home Gateway field, highlight the text entry, and type in the IP address.
Page 141
Chapter 12 W310 WLAN Gateway Wireless Features Use this field . . . To do the following . . . Policy Name Policy User Group ID (PUGID) is a name of a group of users that is used for policy (ACL and QoS) classification.
Note: You can only set policy using the CLI. It is recommended that you keep the W310 Manager open since you will go back to it in Step 5. Use the following procedure and guidelines to set policy for the W310 wireless network.
Page 143
W310-1 (super/ACL 330/ip rule 21)# Define the IP rule parameters. The table that follows defines the parameters that you can use. You can find more detailed information on each command in the W310 CLI Reference Guide. Use this command . . .
Page 144
Chapter 12 W310 WLAN Gateway Wireless Features Use this command . . . To do the following . . . Set the IP protocol for the specified rule using either the ip-protocol name or number. <name> | <number> Protocol Description...
(LAP) port. For example, when a packet arrives from the W110 (ingress) to the W310 or to the W110 (egress) from the W310, the packet is checked against the policy list that is bound to the Access Point Group of that W110 port.
Chapter 12 W310 WLAN Gateway Wireless Features Assign the W310 ports for the W110 (LAP) to the AP Interface. These are the LAPs that will use the policies described in the previous steps. W310-1 (super/AP-Group name)#add-ports <port_number> where: — <port_number> specifies the ports on the W310 which have LAPS attached.
Page 148
When enabled, the W110 (LAP) selects its channel frequency automatically. Automatic Channel Selection automatically enables when Regulatory Domain is ETSI. If you disable Automatic Channel Selection through the W310 Device Manager or the CLI (channel-selection selective), then you must set the Channel Frequency for the W110.
Page 149
Chapter 12 W310 WLAN Gateway Wireless Features Use this field . . . To do the following . . . Automatic Channel Available frequency bands for Automatic Channel Selection Allowed Band Selection to scan. Values are any combination of: •...
If you need to configure any of the following, then continue to Step 8 and/or 9. Otherwise, you have completed the configuration of the W310 and its LAPs, go to Step — Step 8: Create or modify a MAC access control list.
Page 151
Chapter 12 W310 WLAN Gateway Wireless Features Use the following table to make entries to the fields in the Authorized MAC ACL. Use this field . . . To do the following . . . Authorized MAC Click Insert on the bottom of the dialog. A new row Address appears.
If you need to configure any the following, then continue to Step 9. Otherwise, you have completed the configuration of the W310 and its LAPs, go to Step 10. — Step 9: Create or modify a Rogue AP Detection List.
Page 153
Chapter 12 W310 WLAN Gateway Wireless Features Use the following table to make entries in the Rogue AP Detection List. Use this field . . . To do the followong . . . Authorized MAC Click Insert on the bottom of the dialog. A new row Address appears.In the new text field, enter the MAC address of...
W310 Wireless Network Configuration Using the Command Line Interface Step 1: Entering the CLI Log on to the W310 and you are placed in the W310 CLI. The command line should appear as follows. W310-1(super)# The default username and password is root.
Page 155
Chapter 12 W310 WLAN Gateway Wireless Features Default W310 Settings Function Default Setting IP address 149.49.32.134 Subnet Mask 255.255.255.0 Default gateway 0.0.0.0 Management VLAN ID Spanning tree Enabled Bridge priority for Spanning Tree 32768 Keep alive frame transmission Enabled Network time acquisition...
Page 156
Chapter 12 W310 WLAN Gateway Wireless Features Default Port Settings Function Default Setting Ports 1 to 16 Ports 51 and 52 Duplex mode Half/Full duplex Full duplex only depends on auto- negotiation results Port speed 10/100 Mbps 1000 Mbps Depends on auto-...
— Enter a name for the domain up to 64 characters. For example: wireless-domain-servers 192.168.49.75 192.168.49.88 R&D Done! Note: If you do not have a backup, you must enter the IP address of the W310 master gateway and the domain. Avaya W310 User’s Guide...
Set the shared secret • Optionally, set the amount of time to wait and the number of retries for the W310 to wait after sending an access request to the RADIUS server In the example, the RADIUS server with an IP address of 192.40.12.36 is set as the primary server.
An SSID named "guest" and "company" are created and assigned to all ports (guest) and port 5 only (company) on the W310. Once the SSID is assigned, — The SSID "guest" operates in a low security environment and does not require a "closed system"...
Page 160
W310 WLAN Gateway Wireless Features Example: Create "guest" SSID In this example, the SSID "guest" is created and assigned to all the W310 ports with W110s connected. Type y for yes when you receive the prompt to reboot the LAP(s).
Page 161
Example: Create "company" SSID In this example, the SSID "company" is created and it is assigned to the W110 (LAP) connected to only port 5 on the W310. W310-1(super)# ssid company W310-1(super/SSID company)# vlan by-user-group-table This command will reboot the LAP(s) - do you want to continue...
W310-1(super/SSID company)# exit Step 6: Define User Groups Note: If you are using a RADIUS server, you must define the User Group in the W310 Device Manager with the same name used for the RADIUS server User Group. The RADIUS server property for User Group is 841.
Page 163
AP Groups in Step 7. — You can add or remove an AP Group that a user group can access with this command. Example W310-1(super/User group engineering)# allowed-ap-list add public-aps Done! Type exit to return to the W310-1(super)# prompt. Avaya W310 User’s Guide...
Page 164
Chapter 12 W310 WLAN Gateway Wireless Features Step 7: Set Policy for the W310 Use the following procedure and guidelines to set policy for the W310 wireless network. Create an access control list (ACL) as follows: W310-1 (super)#ip access-control-list <index>...
Page 165
Chapter 12 W310 WLAN Gateway Wireless Features Use this command . . . To do the following . . . Set the operation performed on packets/sessions that match composite- the specified IP rule. operation <Permit | Deny | • Permit (default) Deny-Notify | •...
Page 166
Chapter 12 W310 WLAN Gateway Wireless Features Use this command . . . To do the following . . . Set the IP protocol for the specified rule. ip-protocol <name> | <number> Protocol Description Authentication header protocol Encapsulation security protocol...
(LAP) port. For example, when a packet arrives from the W110 (ingress) to the W310 or to the W110 (egress) from the W310, the packet is checked against the policy list that is bound to the Access Point Group of that W110 port.
W310-1 (super/AP-Group public-aps)#add-ports 1,3,5-8,12. Step 9: Configure Basic W110 (LAP) Parameters To configure the W110 (LAP) and associate it to a physical W310 port, you must enter and configure W110 (LAP) and radio 802.11 context mode modes. The following example shows: •...
Chapter 12 W310 WLAN Gateway Wireless Features Note: When assigning a radio card template, the example shows assigning an 802.11a template. If you are using a different radio, replace the "a" designation in the command reference with the W110 (LAP) technology you are using (for example, "g").
Chapter 12 W310 WLAN Gateway Wireless Features Seamless Roaming The W310 allows wireless clients to roam in the following types of environments: • Connected to the same W310 in the same VLAN • Connected to different W310s in the same VLAN •...
If there is no user group with a name equal to an SSID, then the VLAN from the default user group is assigned. If it is not configured, it will be equal to the VLAN of the W310 inband interface. If no VLAN is configured for a W310, then you must define an accessible VLAN.
Chapter 12 W310 WLAN Gateway Wireless Features Multiple SSIDs: SSID Broadcast Multiple SSIDs lets you mix and match the broadcasting of SSIDs. Each SSID can support its own set of broadcast and multicast encryption keys. The encryption keys are optional.
In the example that follows: • An SSID named "lobby" is created and assigned to physical port 1 on the W310. • Once the SSID is assigned, operation in a low security environment does not require a "closed system"...
Chapter 12 W310 WLAN Gateway Wireless Features SSID Table CLI Commands In order to... Use the following command... Enter or create an SSID table mode. ssid Display the SSID’s table parameters show ssid and associated Light Access Points (LAPs) Set an SSID to all W110s (LAP)
Page 176
Chapter 12 W310 WLAN Gateway Wireless Features In order to... Use the following command... Enable or disable a closed system. If closed-system broadcast is enabled, then closed system must be disabled. If closed-system is enabled (not-accept- any), the setting of the broadcast command has no effect.
The SSID Table displays security and encryption information for LAPs connected to the Avaya W310 device. To view the SSID Table, select the W310 Wireless Manager tab > Configure from the menu bar > SSID Table in the Wireless Manager.
Page 178
Chapter 12 W310 WLAN Gateway Wireless Features The following table provides a list of the fields in the SSID Table and their descriptions: Figure 12.3 SSID Table Parameters Field Description Set a Service Set Click Insert and then enter the SSID name in the SSID Identifier (SSID) field.
Page 179
Chapter 12 W310 WLAN Gateway Wireless Features Figure 12.3 SSID Table Parameters (Continued) Field Description Enable or disable a Click Insert and select Enable or Disable from the drop- closed system down menu. • Enable - Only clients assigned with the same SSID name can communicate on the wireless network •...
(for example, a RADIUS server), or • defined locally on the W310 (for example, the default group used for successful authentications). The typical topology for User Groups will included the following groups.
— Policy User Group Using the W310 Manager • Allowed Access Point Group — Allowed Access Point Group CLI Commands — Allowed Access Point Group Using the W310 Manager • Home W310 Gateway — Home W310 Gateway CLI Command — Home W310 Gateway Using the W310 Manager •...
Page 182
W310 WLAN Gateway Wireless Features User Group Table Attributes The User Group Table is a W310 local table that contains an entry for each User Group name. The User Group Table of attributes includes the following: User Group Table Attribute...
Page 183
User Group Table Attribute Description In the W310 Device Manager User Group Table dialog, if you want to enter an IP address for a static Home Gateway, click on the Home Gateway field, highlight the text entry, and type in the IP address. If you want to change a static home gateway to a dynamic home gateway, click the down arrow to the right of the field and select “dynamic home...
SSID to which the user logged on specifies in the VLAN field that it is "by user group table". The user’s VLAN, in this case, is the W310 User Group Table entry’s VLAN. Only a one SSID per W110 can have its VLAN field set "by user group table".
Page 185
Chapter 12 W310 WLAN Gateway Wireless Features User Group CLI Commands The following are the CLI commands used to configure or display a user group table. In order to... Use the following command... Show the user group table attributes show and default user-group.
Page 186
W310 WLAN Gateway Wireless Features User Group Using the W310 Manager To configure the User Group Table, select the W310 Wireless Manager tab > Configure > User Group Table in the Wireless Manager and click the Insert button. Figure 12.4 User Group Table...
Policy User Group Using the W310 Manager On the User Group Table dialog, you enter the name of the policy that will be applied to the user group (See Figure 12.4 User Group Table) Table 12.2...
Access Points. Allowed Access Point Group Using the W310 Manager To view the User Group Table, select Configure > User Group Table in the Wireless Manager. Avaya W310 User’s Guide...
Page 189
Chapter 12 W310 WLAN Gateway Wireless Features Figure 12.5 User Group Table The following table provides a list of the fields relevant to the AP Group in the Device IP Configuration dialog box Advanced tab and their descriptions: Table 12.3...
The W310 determines when a user is no longer connected to the network so that when the user re-enters the network, the W310 with which the user first associates will be the new home gateway. The scenario may find that many users are associated to the same home gateway.
Home W310 Gateway Using the W310 Manager The Home W310 Gateway is configured through the User Group Table. To view the User Group Table, select the W310 Wireless Manager tab > Configure > User Group Table in the Wireless Manager.
Network Name (SSID). An Ethernet port on the access point connects a wireless cell or network to a wired backbone, in this case the W310. The access points communicate across a VLAN-capable switch (W310) that analyzes VLAN-tagged packet headers and directs traffic to the appropriate ports.
W310 WLAN Gateway Wireless Features In the figure below, the numbered items correspond to the following components: VLAN-enabled access point W310 VLAN-aware switch (IEEE 802.1Q uplink) AP management via wired host (SNMP, Web interface or CLI) DHCP Server RADIUS Server...
The AP would insert VLAN headers or “tags” with identifiers into the packets transmitted on the wired backbone to a network switch. Finally, the W310 would be configured to route packets from the EMPLOYEE workgroup to the appropriate corporate resources such as printers and servers. Packets from the GUEST workgroup could be restricted to a gateway that allowed access to only the Internet.
Chapter 12 W310 WLAN Gateway Wireless Features Typical VLAN Management Configurations • Control Access to the AP Management access to the AP can easily be secured by making management stations or hosts and the AP itself members of a common VLAN. Simply configure a non-zero management VLAN ID and enable VLAN to restrict management of the AP to members of the same VLAN.
Chapter 12 W310 WLAN Gateway Wireless Features Configuring VLAN Flow Chart Enter the CLI or W310 Device Manager Is the SSID Security Did Authentication User rejected. Mode set to "none"? succeed? VLAN - SSID VLAN Is SSID VLAN defined? VLAN = User Group...
VLAN Using the W310 Manager Virtual Local Area Network (VLAN) is configured through the User Group Table. To view the User Group Table, select the W310 Wireless Manager tab > Configure > User Group Table in the Wireless Manager. Figure 12.8 User Group Table...
Configuring a User Group Table The following procedure explains how to create a User Group Table for the W310. The User Group Table consists of parameters for the User Group accessing the wireless network. Enter a name for the user group. In this example, the user group is named "marketing": W310-1<super># user-group marketing...
User Group. The default is to have all users access all APs. However, in situations where you want to confine the use of certain APs, a system administrator can create an AP Group Interface. This interface consists of the W310 ports to which the Access Points are connected.
Assign a name to the Access Point Group Interface. W310-1(super)#interface AP-Group engineering W310-1(super/AP-Group engineering) Add the W310 ports that are connected to the Access Points you want in the AP Group. W310-1(super/AP-Group engineering)#add-ports 8-12 W310-1(super/AP-Group engineering) Check your entries by using the show command.
The AP Group is configured through the general wireless parameters of a W110 (LAP) attached to the Avaya W310. In order to configure the AP Group, do the following: Click on the desired W110 (LAP) symbol in the Tree View. The W110 (LAP) Device Configuration dialog box opens to the General tab.
Chapter 12 W310 WLAN Gateway Wireless Features Authentication and Encryption Modes The W310 supports the following wireless authentication and security features. • Open Authentication: An IEEE standard for client authentication. • WEP Encryption: Encryption technique specified by the IEEE 802.11 standard.
Chapter 12 W310 WLAN Gateway Wireless Features When Encryption is enabled, two 802.11 devices must have the same Encryption Keys and both devices must be configured to use Encryption in order to communicate. If one device is configured to use Encryption but a second device is not, then the two devices will not communicate, even if both devices have the same Encryption Keys.
Chapter 12 W310 WLAN Gateway Wireless Features How To Configure WEP The following procedure shows you how to configure WEP using the CLI or the W310 Manager interface. The procedure assumes you have logged onto the CLI or the W310 Manager.
Page 205
Exit User Group mode and specify the W110 (LAP) you want to configure first. The command places you in W110 (LAP) mode for that port. In the example, the W110 (LAP) connected to the W310’s port 16 is used. W310-1(super/User group engineering@companya)# exit W310-1(super)# lap port-16 Specify the radio mode for the W110 (LAP).
Configuring WEP Using the W310 Manager Create a Service Set Identifier (SSID). This is done as follows Click on the Wireless tab in the W310 Manager. Click on the icon to bring up the SSID Table. The SSID Table displays.
Page 207
Chapter 12 W310 WLAN Gateway Wireless Features Set the security mode for the wireless network to Wired Equivalent Privacy (WEP). In the SSID Table for the new SSID, click on Security Mode and select WEP from the drop-down menu. Configure the WEP encryption keys. You can configure up to four keys for encryption.
Page 208
12. Click Apply when done. 13. Select the W310 icon from the Tree View on the left. This displays the Configuration Template dialog as shown on the next page. 14. Click the Operational tab and select 802.11b only from the drop-down menu. Click Apply when done.
Chapter 12 W310 WLAN Gateway Wireless Features 802.1x Authentication IEEE 802.1x is a standard that provides a means to authenticate and authorize network devices attached to a LAN port. A port in the context mode of IEEE 802.1x is a point of attachment to the LAN, either a physical Ethernet connection or a wireless link to an Access Point.
Page 210
Chapter 12 W310 WLAN Gateway Wireless Features WPA provides the following new security measures not available with WEP: • Improved packet encryption using the Temporal Key Integrity Protocol (TKIP) and the Michael Message Integrity Check (MIC). • Per-user, per-session dynamic encryption keys: —...
Chapter 12 W310 WLAN Gateway Wireless Features Mixed Mode (802.1x and WEP Encryption) Certain clients do not support 802.1x and use only WEP encryption for security purposes. In order to accommodate security for both 802.1x and WEP encryption, you can use both simultaneously.
Chapter 12 W310 WLAN Gateway Wireless Features Authentication and Encryption CLI Commands In order to... Use the following command... Enter or create an SSID table context ssid mode. Display the SSID’s table parameters show ssid and associated Light Access Points...
Chapter 12 W310 WLAN Gateway Wireless Features Authentication and Encryption Configuration Using the W310 Manager The SSID Table displays security and encryption information for LAPs connected to the Avaya W310 device. To view the SSID Table, select Configure > SSID Table in the Wireless Manager.
Page 214
Chapter 12 W310 WLAN Gateway Wireless Features Table 12.7 SSID Table Parameters (Continued) Field Description Enable or disable a Select Enable or Disable from the drop-down menu. closed system • Enable - Only clients assigned with the same SSID name can communicate on the wireless network •...
You can set parameters for a master and backup server in the wireless domain. There is also a wireless domain secret that is used for W310 to W310 and W310 to an Access Point communications.
W310-1#wireless-domain-servers 192.168.49.75 192.168.49.68 R&D Done! Wireless Domain CLI Commands CAUTION: You must configure the W310 with a master wireless domain server before you configure any other wireless parameters. In order to... Use the following command... Set the master and backup servers for...
Page 217
Chapter 12 W310 WLAN Gateway Wireless Features In order to... Use the following command... Enable/Disable forwarding IP multicast ip-multicast-over-the-air traffic toward the wireless medium. Enable/Disable support for spectralink-compatible-phone SpectraLink compatible phones. If you enable support for SpectraLink or SpectraLink-compatible phones, it is...
Chapter 12 W310 WLAN Gateway Wireless Features Wireless Domain Configuration Using the W310 Manager To view or modify global wireless domain information, select Configure > Wireless Domain Configuration in the Wireless Manager. Figure 12.11 Wireless Domain Configuration Tab Avaya W310 User’s Guide...
Page 219
Configure the wireless domain with only one master and one backup (optional) W310. For each additional W310 that is a member of the domain, you must configure the W310 to point to the same master and backup. Also, if configuring a backup for the wireless domain, it must not be the same W310 as the master.
Network Management Console. • If you run Avaya W310 Manager in standalone mode, the device’s community string is used. When unchecked, the Community field becomes read-write, and Avaya W310 Manager uses the value entered in the Community field.
Displays the list of authorized MAC show mac address authorized list addresses and their access type MAC Access Configuration Using the W310 Manager To view the Authorized MAC Access Control List, select Configure > Authorized MAC ACL. Figure 12.12 Authorized MAC ACL...
The W110 will periodically scan the air for other LAPs. All LAPs discovered are reported back to the W310. The W310 checks the list of LAPs against a known list of authenticated LAPs and reports any LAP that may be considered a rogue AP.
Displays the rogue AP MAC address show rogue ap authorized mac list list Rogue AP Detection Configuration Using the W310 Manager To view a list of W110 (LAP) interfaces able to detect rogue Access Point devices, select Configure > Rogue AP Detection List.
RADIUS server. The topics covered in this section include: • RADIUS • MAC Access Control Via RADIUS Authentication • RADIUS Authentication with 802.1x • RADIUS Authentication CLI Commands • RADIUS Authentication Configuration Using the W310 Manager Avaya W310 User’s Guide...
Chapter 12 W310 WLAN Gateway Wireless Features MAC Access Control Via RADIUS Authentication If you want to control wireless access to the network and if your network includes a RADIUS Server, you can store the list of MAC addresses on the RADIUS server rather than configure each AP individually.
Chapter 12 W310 WLAN Gateway Wireless Features RADIUS Authentication Configuration Using the W310 Manager The Device Information Dialog Box - Radius Tab provides you with Radius authentication server information about the Avaya W310 device. Figure 12.14 Device Information Dialog Box - Radius Tab The following table provides a list of the fields in the RADIUS tab of the Device Information dialog box and their descriptions.
Page 227
Chapter 12 W310 WLAN Gateway Wireless Features Table 12.11 Device Information Fields - Radius Tab (Continued) In order to . . . Do the following . . . Set the secondary server From the Secondary Server Status field drop-down status menu, select True to make the configured secondary Radius server available for connection.
W310 WLAN Gateway Wireless Features W110 (LAP) Configuration The W110 (LAP) is configured and managed through the W310. The W310 applies Layer 2 and Layer 3 network services (VLANs, QoS) to inbound traffic and switches it onto the wired Ethernet LAN infrastructure. The W310 also is responsible for automatically detecting and configuring the LAPs.
Set or change the identifier for the LAP lap-location location. This is the actual physical location of the LAP. Display the parameters for specified or show lap parameters all LAPs connected to the W310 , including: • LAP name, location, description, and up time. •...
Page 230
Chapter 12 W310 WLAN Gateway Wireless Features In order to... Use the following command... Apply the default template to the LAP. apply-template This is the default settings for the LAP’s operation. Reset the LAP template to factory restore-to-factory-default default and reset all LAPs.
• LAP Template Configuration - View and modify the standard configuration template for Wireless Light Access Point (LAP) units attached to the Avaya W310. To access this dialog, do the following: — To view the standard wireless configuration parameters of the LAPs attached to the Avaya W310, click on the W310 device symbol in the Tree View.
APs Load Balancing The W310 lets you set load balancing for the LAP. This allows the distribution of processing and communications activity evenly across the network so that no single LAP is overwhelmed. This allows clients to evaluate which LAP to use based on the current LAP loads.
In this case, set the multicast transmission rate to 1 or 2 Mbits/sec. Note: Changes in operational mode of the W310 802.11g-template will reset multicast rates to factory default. By default this value is set to 2 Mbits/sec.
This setting is dependent on what transmission rates the wireless interface supports. Note: Changes in operational mode of the W310 802.11g-template will reset multicast rates to factory default. The following is unicast CLI command for the radio card context mode: In order to...
Chapter 12 W310 WLAN Gateway Wireless Features The following are the channel selection CLI commands for the radio card context mode: In order to... Use the following command... Enable or disable automatic channel automatic-channel-selection selection for the wireless interface If you disable Automatic...
Chapter 12 W310 WLAN Gateway Wireless Features 802.11 Interfaces The 802.11 wireless interfaces supported by the W310 include: • 802.11a • 802.11b • 802.11a • 802.11b/g Interface Parameters Each parameter described in the table is for all interfaces unless otherwise noted.
Page 237
Chapter 12 W310 WLAN Gateway Wireless Features Parameter Description RTS Threshold The 802.11 standard supports optional RTS/CTS communication based on packet size. The RTS Threshold value determines when RTS/CTS should be used. Without RTS/CTS, a sending radio listens to see if another radio is already using the medium before transmitting a data packet.
Page 238
Chapter 12 W310 WLAN Gateway Wireless Features Parameter Description Fragmentation Threshold The 802.11 standard includes the ability for radio-based network interface cards (NICs) and APs to fragment packets for improving performance in the presence of RF interference and marginal coverage areas.
Page 239
Chapter 12 W310 WLAN Gateway Wireless Features Parameter Description Power Level The Power Level parameter lets allows you to configure the transmit power level of the radio card in the AP at one of four levels. Each level represents the maximum transmit power level of the radio card: •...
Chapter 12 W310 WLAN Gateway Wireless Features Radio Card CLI Commands In order to... Use the following command... Set the power management mode power-management-mode Set the number of beacon intervals that dtim-period will elapse between transmission of beacon frames containing a Traffic...
• To view the standard wireless configuration parameters of the LAPs attached to the Avaya W310, click on the W310 device symbol in the Tree View. The LAP Template Configuration dialog box opens to the Advanced - 802.11a tab. •...
Page 242
To view the standard configuration of a wireless slot for a LAP with 802.11b or 802.11g transceivers: Click on the Avaya W310 device symbol in the Tree View. The LAP Template Configuration dialog box opens to the Advanced -802.11a tab.
Page 243
Chapter 12 W310 WLAN Gateway Wireless Features Figure 12.16 LAP Template Configuration Dialog Box - 802.11g Tab The following table provides a list of the fields in the Advanced - 802.11a/802.11g tab of the LAP Template Configuration dialog box and their descriptions: Table 12.12 LAP Template Configuration Dialog Box - Advanced - 802.11a/802.11g Tab...
Page 244
Automatic Channel Selection automatically enables when the Regulatory Domain is ETSI. If you disable Automatic Channel Selection through the W310 Device Manager or the CLI (channel-selection selective), then you must set the Channel Frequency for the W110 Select the channel...
Page 245
Chapter 12 W310 WLAN Gateway Wireless Features Table 12.12 LAP Template Configuration Dialog Box - Advanced - 802.11a/802.11g Tab Parameters (Continued) Field Description Set the automatic From the Automatic Channel Selection Allowed Band channel selection drop-down menu, select any available frequency bands for allowed band Automatic Channel Selection to scan.
• To view the operational mode configuration of a wireless slot: Click on the Avaya W310 device symbol in the Tree View. The LAP Template Configuration dialog box opens to the Advanced - 802.11a tab. Click Operational Mode. The Operational Mode tab of the LAP Template Configuration dialog box appears.
Page 247
Chapter 12 W310 WLAN Gateway Wireless Features Figure 12.17 LAP Template Configuration Dialog Box - Operational Mode Tab The following table provides a list of the fields in the Operational Mode tab of the LAP Template Configuration dialog box and their descriptions: Table 12.13 LAP Template Configuration Dialog Box - Operational Mode Tab...
• To view the general wireless parameters of a LAP attached to the Avaya W310, click on the desired LAP symbol in the Tree View. The LAP Device Configuration dialog box opens to the General tab.
Page 249
View the port to See the Physical Port field to view the number of the port on which the LAP is the Avaya W310 to which the LAP is connected. connected on the W310 Set the operational...
Name for the LAP the LAP belongs. Configuring Basic LAP Parameters To configure the LAP and associate it to a physical W310 port, you must enter and configure LAP and radio 802.11 context mode modes. The following example shows how to: •...
For more information, use 'show copy status' command W310-1(super) • In the W310 Device Manager, do the following: Copy the running configuration to the startup configuration. From the menu bar, select Actions and then Commit. This saves and re-executes the settings specified in this procedure.
The W310 switches are pre-configured to supply power according to the load detection criteria (see Load Detection), so you can use it right out of the box. The W310 switches provide power over standard Category 3 and Category 5 cables.
Specific Resistance Signature (IEEE 802.3af) The W310 switches apply a low voltage to the power feed pairs and measures the current. A resistance of 19k. to 26.5k. is considered valid according to the IEEE standard; if a valid signature is detected, power is supplied to the port.
Powering Devices The W310 ports can receive Inline power from one of two sources: an internal -48VDC power supply or an external DC power supply. Each port can supply up to 15.4W by default as the maximum consumed by the powered device.
Set the maximum power available from set powerinline external power the external power supply to power Show the current status of the PD inline show powerinline power on all ports Avaya W310 User’s Guide...
Chapter 13 PoE (Power over Ethernet) Features PoE Configuration Using the W310 Manager To view the PoE configuration on a port that supports PoE, select the Power tab in the port’s configuration dialog box.. Figure 13.2 Port Configuration - Power Tab...
Page 258
When the demand for power exceeds the modules capacity, ports with lower priority will be prevented from supplying power before ports with a higher priority. Priorities include: • Critical • High • Avaya W310 User’s Guide...
• Software Redundancy - Setting software redundancy for ports in an W310 Switch. • Port Mirroring - Setting up port mirroring for ports in an W310 Switch. • Trap Managers Configuration - Viewing and modifying the Trap Managers Table. •...
You should assign an IP address to the switch before beginning this procedure. Open your browser. Enter the url of the switch in the format http://aaa.bbb.ccc.ddd where aaa.bbb.ccc.ddd is the IP address of the switch. The user name is “root” The default password for read-write access is “root”. Avaya W310 User’s Guide...
Page 261
The Web management passwords are the same as those of the CLI. If you have created additional CLI user names or changed the default passwords then you can use those passwords for Web management as well. Avaya W310 User’s Guide...
Page 262
The welcome page is displayed: Figure 14.1 The Welcome Page • If you have the Java plug-in installed, the W310 Manager should open in a new window. • If you do not have the Java plug-in installed, follow the instructions on the Welcome page that offers a variety of options to install the plug-in (see Figure 14.1).
Installing from the W310 Documentation and Utilities CD Close all unnecessary applications on your PC. Insert the “W310 Documentation and Utilities” CD into the CD drive. Click Start on the task bar. Select Run. Type x:\emweb-aux-files\plug-in_1_4_2.exe where x: is the CD drive letter.
Utilities” CD to your local Web server. Please refer to your Web server documentation for full instructions. Define the URL in the W310 using the following CLI command: set web aux-files-url //IP address/directory name where //IP address/directory name is the location of the directory from the previous step.
— instructions for viewing the configuration of policy lists and testing their effects on simulated IP packets Policy Overview This section provides an overview of policy lists on the W310 and includes the following topics: • General Guidelines for W310 Policy •...
Page 266
W310 ports. An ACL and QoS list is applied to AP Groups and to traffic going through the W310. A Policy User Group ID (PUGID) is a name of a group of users, used for policy (ACL and QoS) classification.
You can use QoS lists to change the DSCP and Ethernet IEEE 802.1p CoS fields in packets. When a packet matches a rule on the QoS list, the W310 sets one or both of the QoS fields in the packet. The following table shows these QoS fields:...
QoS lists have the following parts: • Rule list — a list of filtering rules and actions for the W310 to take when a packet matches the rule. Match actions on this list are pointers to the composite operation table.
— instructions on how to configure the attributes of a policy list, such as a list name, owner, and cookie • Default Actions — lists the default action the W310 takes when no rule in the policy list matches the packet • Deleting a Policy List —...
, followed by a list number ip access-control-list in the range 300-399. The W310 includes one pre-configured access control list. The pre- configured access control list is list number 300. Thus, to create a new access control list, you can type the following command:...
Egress Access Control List • Egress QoS List When a packet enters the W310 through an interface, the W310 applies the policy lists in the following order: Apply the Ingress Access Control List. If the Ingress Access Control List does not drop the packet: Apply the Ingress QoS List.
Page 272
Configuring Policy When a packet exits the W310 through an interface, the W310 applies the policy lists in the following order: Apply the Egress Access Control List. If the Egress Access Control List does not drop the packet: Apply the Egress QoS List.
Page 273
Access control list 301 becomes the Ingress Access Control List for VLAN 2. QoS list 401 becomes the Egress QoS List for VLAN 2. W310-1# interface Vlan 2 W310-1(if:Vlan 2)# ip access-group 301 in Done! W310-1(if:Vlan 2)# ip qos-group 401 out Done! •...
Configuring Policy Device-Wide Policy Lists You can attach a policy list to every interface on the W310 using one command. To do this, attach a policy list to the Loopback 1 interface. For more information, see Attaching policy lists to an interface.
The following example defines a rule in Access Control List 301 that denies access to all incoming packets that contain IP fragments: W310-1(super)# ip access-control-list 301 W310-1(super/ACL 301)# ip-fragments-in Deny Done! Defining Rules...
— instructions on how to define packet matching by ICMP type or code • TCP Establish Bit (Access Control Lists only) — instructions on how to define packet matching for TCP packets by whether the ack bit is burned on Avaya W310 User’s Guide...
The following command specifies any IP protocol except IGMP for rule 3 in access control list 302: W310-1(ACL 302/ip rule 3)# not ip-protocol igmp Source and Destination IP Address To specify a range of source and destination IP addresses to which the rule applies, use the commands , followed by the IP range criteria.
10.10.255.255 for rule 1 in access control 10.10.0.0 0.0.255.255 list 30 Specify a source IP address outside the range W310-1(ACL 308/ip rule 7)# not source- 64.236.24.0 through 64.236.24.255 for rule 7 in ip 64.236.24.0 0.0.0.255 access control list 308...
The following command specifies any destination TCP port in the range 5000 through 5010 for rule 1 in access control list 301: W310-1(ACL 301/ip rule 1)# tcp destination-port range 5000 5010 The following command specifies any source TCP port except a port named http for rule 7 in...
Lists. The following command specifies that rule 4 in access control list 302 drops packets that match the rule, and causes the W310 to send a trap and reset the connection when the packet is dropped: W310-1(ACL 304/ip rule 4)# operation Deny-Notify-Rst Note: Composite operation names are case-sensitive.
Overview of Composite Operations A composite operation is a set of operations that the W310 can perform when a rule matches a packet. Every rule in a policy list has an operation field that specifies a composite operation.
Access — determines whether the operation forwards (forward) or drops (deny) the packet • Notify — determines whether the operation causes the W310 to send a trap when it drops a packet • Reset Connection — determines whether the operation causes the W310 to reset the...
, or use the command no change no dscp — — determines the value to which the rule resets the packet’s CoS field. To ignore the CoS field, use the argument , or use the command no change no cos Avaya W310 User’s Guide...
The following commands create a new composite operation called dscp5 and assign the new composite operation to rule 3 in QoS list 402. If the packet matches a rule, the W310 changes the value of the DSCP field in the packet to 5.
33 in QoS list 401. Every packet with DSCP equal to 33 is assigned CoS priority W310-1# ip qos-list 401 W310-1(QoS 401)# dscp-table 33 W310-1(QoS 401/dscp 33)# composite-operation CoS5 Done! The following commands create a new composite operation called dscp5 and assign the new composite operation to DSCP table entry 7 in QoS list 402.
Page 286
• In access control list rule context mode: — — displays the parameters of the composite operation show composite-operation assigned to the current rule — — displays the parameters of the current rule show ip-rule Avaya W310 User’s Guide...
The following command simulates the effect of applying QoS list number 401 to a packet entering the W310 through interface VLAN 2: W310-1(if:Vlan 2)# ip simulate 401 in CoS1 dscp46 10.1.1.1 10.2.2.2 tcp 1182 20 The simulated packet has the following properties: •...
Configuring Policy When you run the command, the W310 displays the effect of the policy rules on ip simulate the simulated packet. For example: W310-1(super-if:Vlan 2)# ip simulate 401 in CoS1 dscp46 10.1.1.1 10.2.2.2 tcp 1182 20 Rule match for simulated packet is the default rule...
This section will allow you to perform basic troubleshooting of the installation. If you are unable to solve the problem after following the procedures in this chapter, please contact Avaya Technical Support. Refer to "How to Contact Us" for full details. Table 16.1...
Check that module is installed correctly Troubleshooting Image Downloads This section details issue you may face after downloading images to the W310. If you are unable to solve the problem after following the procedures in this chapter, please contact Avaya Technical Support. Refer to "How to Contact Us" for full details.
Updating the Software This section provides the basic procedure for downloading and updating the W310 WLAN Gateway system software. Caution: Please refer to “Before You Install the W310” before undertaking any of the procedures detailed in this section. Software Download You can perform software download using the CLI or Avaya Software Update Manager (part of the Avaya Integrated Management Suite).
To perform this process: copy tftp SW_image <new_ver_file> EW_archive <dummy_file_name> <TFTP_server_IP_addr> 1 Example: copy tftp SW_image c:\versions\W310\w310 EW_archive x 149.49.138.170 1 Since file “x” doesn't exist the Embedded web image will not be downloaded. Avaya W310 User’s Guide...