Download Print this page

Symbol AP-5131 Product Reference Manual

Access point

Hide thumbs Also See for AP-5131:

Product reference manual (578 pages)

,

Installation manual (48 pages)

,

Product reference manual (100 pages)

Table Of Contents

page of 456

/ 456
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual, Product Reference Manual

AP-5131 Access Point

Product Reference Guide

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the AP-5131 and is the answer not in the manual?

Questions and answers

Summary of Contents for Symbol AP-5131

Page 1 AP-5131 Access Point Product Reference Guide...
Page 3 AP-5131 Access Point Product Reference Guide 72E-70930-01 Revision A October 2005...
Page 5 Symbol reserves the right to make changes to any software or product to improve reliability, function, or design. Symbol does not assume any product liability arising out of, or in connection with, the application or use of any product, circuit, or application described herein.
Page 7: Table Of Contents
Service Information...........viii Chapter 1. AP-5131 Introduction Feature Overview .
Page 8 AP-5131 Access Point Product Reference Guide Kerberos Authentication........1-5 EAP Authentication.
Page 9 Symbol Power Injector System ........
Page 10 Setting Passwords ..........6-3 Resetting the AP-5131 Password........6-4 Enabling Authentication and Encryption Schemes .
Page 11 Configuring WPA2-CCMP (802.11i) ........6-22 Configuring Firewall Settings .
Page 12 AP-5131 Access Point Product Reference Guide Network Commands ..........8-12 Network LAN Commands .
Page 13 Appendix A. Technical Specifications Physical Characteristics ..........A-1 Electrical Characteristics .
Page 14 AP-5131 Access Point Product Reference Guide...
Page 15: About This Guide
About This Guide Introduction This guide provides configuration and setup information for the AP-5131 model access point. Document Conventions The following document conventions are used in this document: NOTE Indicate tips or special requirements. CAUTION Indicates conditions that can cause equipment damage or data loss.
Page 16: Notational Conventions
Symbol Technologies is not responsible for any damages incurred during shipment if the approved shipping container is not used. Shipping the units improperly can possibly void the warranty. If the original shipping container was not kept, contact Symbol to have another sent to you.
Page 17: Chapter 1. Ap-5131 Introduction
AP-5131 Introduction The Symbol AP-5131 Access Point (AP) provides a bridge between Ethernet wired LANs or WANs and wireless networks. It provides connectivity between Ethernet wired networks and radio-equipped mobile units (MUs). MUs include the full line of Symbol terminals, bar-code scanners, adapters (PC cards, Compact Flash cards and PCI adapters) and other devices.
Page 18: Feature Overview
One or two possible configurations are available on the AP-5131 depending on which model is purchased. If the AP-5131 is manufactured as a single radio access point, the AP-5131 enables you to configure the single radio for either 802.11a or 802.11b/g.
Page 19: Separate Lan And Wan Ports
7-5. 1.1.3 Multiple Mounting Options The AP-5131 rests on a flat surface, attaches to a wall, mounts under a ceiling or above a ceiling (attic). Choose a mounting option based on the physical environment of the coverage area. Do not mount the AP-5131 in a location that has not been approved in an AP-5131 radio coverage site survey.
Page 20: Sixteen Configurable Wlans
The AP-5131 QoS implementation provides applications running on different wireless devices a variety of priority levels to transmit data to and from the AP-5131. Equal data transmission priority is fine for data traffic from applications such as Web browsers, file transfers or email, but is inadequate for multimedia applications.
Page 21: Industry Leading Data Security
• VPN Tunnels • Content Filtering For an overview on the encryption and authentication schemes available on the AP-5131, refer to Configuring Access Point Security on page 6-1. 1.1.8.1 Kerberos Authentication Authentication is a means of verifying information that is transmitted from a secure source. If information is authentic, you know who created it and you know that it has not been altered in any way since it was originated.
Page 22: Eap Authentication
The server prompts the AP for proof of identity (supplied to the AP-5131 by the user) and then transmits the user data back to the server to complete the authentication.
Page 23: Keyguard Encryption
Wired Equivalent Privacy (WEP) is an encryption security protocol specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b and supported by the AP-5131 AP. WEP encryption is designed to provide a WLAN with a level of security and privacy comparable to that of a wired LAN. The level of protection provided by WEP encryption is determined by the encryption key length and algorithm.
Page 24: Wpa2-Ccmp (802.11I) Encryption
(similar to TKIP). Like TKIP, the keys the administrator provides are used to derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. the end result is an encryption scheme as secure as any the AP-5131 provides. For additional information on configuring WPA2-CCMP, see Configuring WPA2-CCMP (802.11i) on page...
Page 25: Content Filtering
6-48. 1.1.9 VLAN Support A Virtual Local Area Network (VLAN) is a means to electronically separate data on the same AP-5131 from a single broadcast domain into separate broadcast domains. By using a VLAN, you can group by logical function instead of physical location. There are 16 VLANs supported on the AP-5131. An administrator can map up to 16 WLANs to 16 VLANs and enable or disable dynamic VLAN assignment.
Page 26: Updatable Firmware
Settings on page 4-2) is older than the version on the Web site, Symbol recommends updating the AP-5131 to the latest firmware version for full feature functionality. For instructions on updating the AP-5131 firmware using FTP or TFTP, see Updating Device Firmware on page 4-34.
Page 27: Mu-Mu Transmission Disallow
5-24. 1.1.15 Voice Prioritization Each AP-5131 WLAN has the capability of having its QoS policy configured to prioritize the network traffic requirements for associated MUs. A WLAN QoS page is available for each enabled WLAN on either the AP-5131 802.11a or 802.11b/g radio.
Page 28: Support For Cam And Psp Mus
Broadcast destination addresses, a time stamp, a DTIM (Delivery Traffic Indication Message) and the TIM (Traffic Indication Map). PSP (Power Save Polling) MUs power off their radios for short periods. When a Symbol MU in PSP mode associates with an AP-5131, it notifies the AP-5131 of its activity status. The AP-5131 responds by buffering packets received for the MU.
Page 29: Configuration File Import/Export Functionality
Because BOOTP and DHCP interoperate, whichever responds first becomes the server that allocates information. The AP-5131 can be set to only accept replies from DHCP or BOOTP servers or both (this is the default setting). Disabling DHCP disables BOOTP and DHCP and requires network settings to be set manually.
Page 30: Multi Function Leds
Three of these four LEDs are single color activity LEDs, and one is a multi-function red and white status LED. Two LEDs exist on the rear of the AP-5131 and are viewable using a single (customer installed) extended light pipe, adjusted as required to suit above the ceiling installations.
Page 31: Cellular Coverage
AP-5131 provides better signal strength and lower MU load distribution. If the MU does not find an AP-5131 with a workable signal, it can perform a scan to find any AP. As MUs switch APs, the AP updates its association statistics.
Page 32: Network Topology
1-16 AP-5131 Access Point Product Reference Guide 1.2.2 Network Topology The following are sample topologies: • A single AP-5131 without a wired network establishing a single-cell wireless network for peer-to-peer MUs.
Page 33 1-17 AP-5131 Introduction • A single AP-5131 bridging the Ethernet and radio networks.
Page 34 1-18 AP-5131 Access Point Product Reference Guide • Two or more AP-5131s coexisting as separate, individual networks (WLANs) at the same site without interference using different ESSIDs. These separate WLANs can be configured to use different channel assignments to avoid RF interference.
Page 35: Mac Layer Bridging
The AP-5131 also handles broadcast and multicast messages and responds to MU association requests. The AP-5131 listens to all packets on its LAN and WAN interfaces and builds an address database using MAC addresses. An address in the database includes the interface media that the device uses...
Page 36: Media Types
The RS-232 serial port provides a Command Line Interface (CLI) connection. The serial link supports a direct serial connection. The AP-5131 is a Data Terminal Equipment (DTE) device with male pin connectors for the RS-232 port. Connecting the AP-5131 to a PC requires a null modem serial cable. 1.2.5 Direct-Sequence Spread Spectrum Spread spectrum (broadband) uses a narrowband signal to spread the transmission over a segment of the radio frequency band or spectrum.
Page 37: Mu Association Process
An AP-5131 recognizes MUs as they begin the association process with the AP-5131. An AP-5131 keeps a list of the MUs it services. MUs associate with an AP-5131 based on the following conditions: • signal strength between the AP-5131and MU •...
Page 38: Operating Modes
The AP-5131 can operate in a couple of configurations. • Access Point - As an Access Point, the AP-5131 functions as a layer 2 bridge (similar to Symbol’s existing AP-4131 access point). The wired uplink can operate as a trunk and support multiple VLANs.
Page 39: Management Access Options
Managing the AP-5131 includes viewing network statistics and setting configuration options. Statistics track the network activity of associated MUs and data transfers on the AP interfaces. The AP-5131 requires one of the following connection methods to perform a custom installation and manage the network: •...
Page 40 1-24 AP-5131 Access Point Product Reference Guide...
Page 41: Chapter 2. Hardware Installation
An AP-5131 installation includes mounting the AP-5131 on a table-top, wall, ceiling T-bar or above the ceiling (attic or plenum), connecting the AP-5131 to the network (LAN or WAN port connection), connecting antennae and applying power. Installation procedures vary for different environments.
Page 42: Package Contents
AP-5131 Access Point Product Reference Guide 2.2 Package Contents Check package contents for the correct model AP-5131 and applicable AP-5131 accessories. Each available configuration (at a minimum), contains the following: • AP-5131 (two models available) • Single 802.11a/g radio, external antenna (Part No. AP-5131-4002X-WW) •...
Page 43 (2) Dual-Band Antennae (Part No. ML-2452-APA2-01) Accessories Bag Verify the model indicated on the bottom of the AP-5131 is correct. Contact the Symbol Support Center to report missing or improperly functioning items. The Symbol power injector (Part No. AP-PSBIAS-T-1P-AF) is included in certain orderable configurations, but can be added to any configuration.
Page 44: Requirements
For optimal performance, install the AP-5131 away from transformers, heavy-duty motors, fluorescent lights, microwave ovens, refrigerators and other industrial equipment. Signal loss can occur when metal, concrete, walls or floors block transmission. Install the AP-5131 in open areas or add access points as needed to improve coverage.
Page 45: Site Surveys
AP-5131. NOTE On a single-radio AP-5131, Radio 1 can be configured to be either a 2.4 GHz or 5.2 GHz radio. On a dual-radio model, Radio 1 refers to the AP- 5131’s 2.4 GHz radio and Radio 2 refers to the AP-5131 5.2 GHz radio.
Page 46 Yagi Antenna 13.9 ML-2452-APA2-01 Dual-Band NOTE An additional adapter is required to use ML-2499-11PNA2-01 and ML-2499-BYGA2-01 model antennae. Please contact Symbol for more information. The 5.2 GHz antenna suite includes the following models: Symbol Part Number Antenna Type Nominal Net Gain (dBi)
Page 47: Power Options
(Part No. 50-24000-050) or via an Ethernet cable connected to the LAN port (using the 802.3af standard). When users purchase a Symbol WLAN solution, they often need to place access points in obscure locations. In the past, a dedicated power source was required for each access point in addition to the Ethernet infrastructure.
Page 48 AP-5131 Access Point Product Reference Guide connecting to the AP-5131. The AP-5131 can only use a Power Injector when connected to the LAN port. The Symbol AP-5131 Power Supply (Part No. 50-24000-050) is not included in the kit and is orderable separately as an accessory.
Page 49: Installing The Power Injector
The power injector can be installed free standing, on an even horizontal surface or wall mounted using the power injector’s wall mounting key holes. The following guidelines should be adhered to before cabling the power injector to an Ethernet source and an AP-5131: • Do not block or cover airflow to the power injector.
Page 50: Power Injector Led Indicators
2-10 AP-5131 Access Point Product Reference Guide Ensure the cable length from the Ethernet source (host) to the power injector and AP-5131 does not exceed 100 meters (333 ft.) The power injector has no On/Off power switch. The power injector receives power and is ready for AP-5131 device connection and operation as soon as AC power is applied.
Page 51: Mounting The Ap-5131
Software and documentation CDROM. 2.7 Mounting the AP-5131 The AP-5131 can rest on a flat surface, attach to a wall, mount under a suspended T-Bar or above a ceiling (plenum or attic). Choose one of the following mounting options based on the physical environment of the coverage area.
Page 52 2-12 AP-5131 Access Point Product Reference Guide 4. Cable the AP-5131 using either the Symbol power injector solution or an approved line cord and power supply. CAUTION Do not supply power to the AP-5131 until the cabling of the unit is complete.
Page 53: Wall Mounted Installations
LED Indicators on page 2-20. 6. Return the AP-5131 to an upright position and place it in the location you wish it to operate. Ensure the AP-5131 is sitting evenly on all four rubber feet. The AP-5131 is ready to configure. For information on an AP-5131 default configuration, see Getting Started on page 3-1.
Page 54 Radio 1, and two dots designate the secondary antenna for Radio 1. 8. Cable the AP-5131 using either the Symbol power injector solution or an approved line cord and power supply.
Page 55: Suspended Ceiling T-Bar Installations
4-1. 2.7.3 Suspended Ceiling T-Bar Installations A suspended ceiling mount requires holding the AP-5131 up against the T-bar of a suspended ceiling grid and twisting the AP-5131 chassis onto the T-bar. The mounting hardware and tools (customer provided) required to install the AP-5131 on a ceiling T- bar consists of: •...
Page 56 2-16 AP-5131 Access Point Product Reference Guide 4. Cable the AP-5131 using either the Symbol power injector solution or an approved line cord and power supply. CAUTION Do not supply power to the AP-5131 until the cabling of the unit is complete.
Page 57: Above The Ceiling (Plenum) Installations
2-17 Hardware Installation 10. Rotate the AP-5131 chassis 45 degrees counter-clockwise. The clips click as they fasten to the T-bar. 11. The AP-5131 is ready to configure. For information on an AP-5131 default configuration, see Getting Started on page 3-1. For specific details on AP-5131 system configurations, see System Configuration on page 4-1.
Page 58 5. Create a light pipe path hole in the target position on the ceiling tile. 6. Use a drill to make a hole in the tile the approximate size of the AP-5131 LED light pipe. CAUTION Symbol recommends care be taken not to damage the finished surface of the ceiling tile when creating the light pipe hole and installing the light pipe.
Page 59 Radio 1, and two dots designate the secondary antenna for Radio 1. 13. Attach safety wire (if used) to the AP-5131 safety wire tie point or security cable (if used) to the AP-5131’s lock port.
Page 60: Led Indicators
4-1. 2.8 LED Indicators The AP-5131 utilizes seven LED indicators. Five LEDs display within four LED slots on the front of the AP-5131 (on top of the AP-5131 housing) and two LEDs (for above the ceiling installations) are located on the back of the device (the side containing the LAN, WAN and antenna connectors).
Page 61 Data Over Ethernet 802.11a Radio Activity 802.11b/g Radio Activity The five LEDs on the top housing of the AP-5131 are clearly visible in table-top, wall and below ceiling installations. The five AP-5131 top housing LEDs have the following display and functionality: AP-5131...
Page 62: Setting Up Mus
Blinking red indicates the AP-5131 Rogue AP Detection feature has located a Conditions rogue device 2.9 Setting Up MUs For a discussion of how to initially test the AP-5131 to ensure it can interoperate with the MUs intended for its operational environment, see Basic Device Configuration on page 3-3 and specifically Testing Connectivity on page 3-11.
Page 63: Chapter 3. Getting Started
Getting Started The AP-5131 should be installed in an area tested for radio coverage using one of the site survey tools available to the Symbol field service technician. Once an installation site has been identified, the installer should carefully follow the hardware precautions, requirements, mounting guidelines and...
Page 64: Configuration Options
Above the Ceiling (Plenum) Installations on page 2-17. For information on the 802.11a and 802.11b/g radio antenna suite available to the AP-5131, see Antenna Options on page 2-5. For more information on using a Symbol Power Injector to combine Ethernet and power in one cable to the AP-5131, see Symbol Power Injector System on page 2-7.
Page 65: Basic Device Configuration
For the basic setup described in this section, the Java-based Web UI will be used to configure the AP-5131. Use the AP-5131’s LAN interface for establishing a link with the AP-5131. Configure the AP- 5131 as a DHCP client. For optimal screen resolution, set your screen resolution to 1024 x 768 pixels or greater.
Page 66: Configuring Device Settings
Quick Setup screen are also configurable in numerous other locations within the AP-5131 menu tree. When you change the settings in the Quick Setup screen, the values also change within the screen where these parameters also exist. Additionally, if the values are updated in these other screens, the values initially set within the Quick Setup screen will be updated.
Page 67 AP-5131’s country of operation from the drop-down menu The AP-5131 prompts the user for the correct country code on the first login. A warning message also displays stating that an incorrect country settings may result in illegal radio operation.
Page 68 AP-5131 Access Point Product Reference Guide 4. Optionally enter the IP address of the server used to provide system time to the AP-5131 within the Time Server field. NOTE DNS names are not supported as a valid IP address. The user is required to enter a numerical IP address.
Page 69 Ethernet (PPPoE) for a high-speed connection that supports this protocol. Most DSL providers are currently using or deploying this protocol. PPPoE is a data-link protocol for dialup connections. PPPoE will allow the AP-5131 to use a broadband modem (DSL, cable modem, etc.) for access to high-speed data networks.
Page 70 2.4 GHz or 5.2 GHz from the RF Band of Operation field. Only one RF band option at a time is permissible in a single-radio AP-5131. If using a dual- radio AP-5131, the user can enable both RF bands. For additional AP-5131 radio configuration options, see Configuring the 802.11a or 802.11b/g Radio on page...
Page 71: Configuring Wlan Security Settings
802.11a or 802.11b/g radio. Ensure the radio selected has been enabled (see step 8). c. Even an AP-5131 configured with minimal values must protect its data against theft and corruption. A security policy should be configured for WLAN1 as part of the basic configuration outlined in this guide.
Page 72 Pass Key Specify a 4 to 32 character pass key and click the button. The AP-5131, other proprietary routers and Symbol MUs use the same algorithm to convert an ASCII string to the same hexadecimal number. Non-Symbol clients and devices need to enter WEP keys manually as hexadecimal numbers.
Page 73: Testing Connectivity
MU. Use the Echo Test screen to specify a target MU and configure the parameters of the test. The WNMP ping test only works with Symbol MUs. Only use a Symbol MU to test AP-5131 connectivity using WNMP.
Page 74: Where To Go From Here
Echo Test screen and return to the MU Stats Summary screen. 3.3.3 Where to Go from Here? Once basic connectivity has been verified, the AP-5131 can be fully configured to meet the needs of the network and the users it supports. Refer to the following: •...
Page 75: Chapter 4. System Configuration
(available from Sun’s Web site), and be sure to disable Microsoft’s Java Virtual Machine if installed. To connect to the AP, the AP-5131 IP is required. Enter 192.168.0.1 for the default IP address. The password is “symbol.” NOTE DNS names are not supported as a valid IP address for the AP-5131. The...
Page 76: Configuring System Settings
4.1 Configuring System Settings Use the System Settings screen to specify the name and location of the AP-5131, assign an email address for the network administrator, restore the AP’s default configuration or restart the AP. To configure System Settings for the AP-5131: 1.
Page 77 A warning message also displays stating that an incorrect country setting will lead to an illegal use of the AP-5131. Use the pull-down menu to select the country of operation. Selecting the correct country is extremely important.
Page 78 Serial Number Displays the AP-5131 Media Access Control (MAC) address. The AP-5131 MAC address is hard coded at the factory and cannot be modified. The LAN and WAN port MAC addresses can be located within the LAN and WAN Stats screens. For...
Page 79: Configuring Data Access
Use the AP-5131 Access screen checkboxes to enable or disable LAN and/or WAN access using the protocols and ports listed. If access is disabled, this effectively locks out the AP administrator from configuring the AP-5131 using that interface.
Page 80 3. Refer to the Applet Timeout field to set an HTTPS timeout interval. Disables access to the AP-5131 if no data activity is detected over HTTP/S Timeout Applet HTTPS (port 443) after the user defined interval. Default is 0 Mins.
Page 81 8. Click Apply to save any changes to the AP-5131 Access screen. Navigating away from the screen without clicking the Apply button results in all changes to the screen being lost. 9. Click Undo Changes (if necessary) to undo any changes made.
Page 82: Managing Certificate Authority (Ca) Certificates
The AP-5131 can import and maintain a set of CA certificates to use as an authentication option for Virtual Private Network (VPN) access. To use the certificate for a VPN tunnel, define a tunnel and select the IKE settings to use either RSA or DES certificates.
Page 83: Creating Self Certificates
4.3.2 Creating Self Certificates The AP-5131 requires two kinds of certificates for accessing the VPN, CA certificates and self certificates. Self certificates are certificate requests you create, send to a Certificate Authority (CA) to be signed, then import the signed certificate into the management system.
Page 84 4-10 AP-5131 Access Point Product Reference Guide 2. Click on the button to create the certificate request. Certificate Request screen displays. 3. Complete the request form with the pertinent information. Only 4 values are required, the others optional: Key ID Enter a logical name for the certificate to help distinguish between certificates.
Page 85: Configuring Snmp Settings
VPN authentication option. NOTE If the AP-5131 is restarted after a certificate request has been generated but before the signed certificate is imported, the import will not execute properly.
Page 86 Internet devices in potentially remote locations. MIB information accessed via SNMP is defined by a set of managed objects called object identifiers (OIDs). An object identifier (OID) is used to uniquely identify each object variable of a MIB. The AP-5131 CDROM contains the following 2 MIB files: •...
Page 87 The AP-5131 supports SNMP management functions for gathering information from its network components, communicating that information to specified users and configuring the AP-5131. All the fields available within the AP-5131 are also configurable within the MIB.
Page 88 Symbol recommends considering adding a community definition using a site-appropriate name and access level. Set up a read/write definition (at a minimum) to facilitate full access by the AP-5131 administrator.
Page 89 Use the Access pull-down list to specify read-only (R) access or read/write (RW) access for the community. Read-only access allows a remote device to retrieve AP-5131 information, while read/write access allows a remote device to modify AP-5131 settings. 3. Configure the...
Page 90 4-16 AP-5131 Access Point Product Reference Guide Use the (Object Identifier) area to specify a setting of All or enter a Custom OID. Select to assign the user access to all OIDs in the MIB. The OID field uses numbers expressed in dot notation.
Page 91: Configuring Snmp Access Control
SNMP Access screen to the last saved configuration. 8. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. For additional SNMP configuration information, see: •...
Page 92 4-18 AP-5131 Access Point Product Reference Guide 2. Configure the SNMP Access Control screen to add the IP addresses of those users receiving SNMP access. Access Control List Enter Start IP and End IP addresses (numerical addresses only, no DNS names supported) to specify a range of user that can access AP-5131 SNMP interface.
Page 93: Enabling Snmp Traps
Trap configuration depends on the network machine that receives the generated traps. SNMP v1/v2c and v3 trap configurations function independently. In a mixed SNMP environment, generated traps can be sent using configurations for both SNMP v1/v2c and v3. To configure SNMP traps on the AP-5131: 1. Select System Configuration - >...
Page 94 4-20 AP-5131 Access Point Product Reference Guide 2. Configure the SNMP v1/v2c Trap Configuration field (if SNMP v1/v2c Traps are used) to modify the following: Click to create a new SNMP v1/v2c Trap Configuration entry. Delete Delete Click to remove a selected SNMP v1/v2c Trap Configuration entry.
Page 95 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on SNMP Trap Configuration screen to the last saved configuration. 6. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 96: Configuring Specific Snmp Traps
SNMP Traps screen to enable specific traps on the AP-5131. Symbol recommends defining traps to capture unauthorized devices operating within the AP-5131 coverage area. Trap configuration depends on the network machine that receives the generated traps. SNMP v1/v2c and v3 trap configurations function independently.
Page 97 SNMP Access Control screen. 4. Configure the Network Traps field to generate traps when the AP-5131’s link status changes or when the AP’s firewall detects a DOS attack. AP-5131 Generates a trap whenever the status changes on the Physical port status...
Page 98: Configuring Snmp Rf Trap Thresholds
SNMP Traps screen to the last saved configuration. 8. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.4.4 Configuring SNMP RF Trap Thresholds...
Page 99 RF Trap Thresholds field to define device threshold values for SNMP traps. NOTE Average Bit Speed,% of Non-Unicast, Average Signal, Average Retries,% Dropped and % Undecryptable are not AP-5131 statistics. Enter a maximum threshold for the total throughput in Pps (Packets Pkts/s per second).
Page 100: Configuring Network Time Protocol (Ntp)
NTP is a client/server implementation. The AP-5131 (an NTP client) periodically synchronizes its clock with a master clock (an NTP server). For example, the AP-5131 resets its clock to 07:04:59 upon reading a time of 07:04:59 from its designated NTP server.
Page 101 System Configuration NOTE The current time is not set accurately when initially connecting to the AP-5131. Until a server is defined to provide the AP-5131 the correct time, the AP-5131 displays 1970-01-01 00:00:00 as the default time. To manage clock synchronization on the AP-5131: 1.
Page 102: Logging Configuration
AP-5131 managed Local Area Network (LAN). Use the Logging Configuration screen to set the desired logging level (standard syslog levels) and view or save the current AP-5131 system log. To configure event logging for the AP-5131: 1. Select System Configuration - >...
Page 103 4-29 System Configuration 2. Configure the Log Options field to save event logs, set the log level and optionally port the AP-5131’s log to an external server. AP-5131 View Log Click View to save a log of events retained on the .
Page 104: Importing/Exporting Configurations
4.7 Importing/Exporting Configurations All of the configuration settings for an AP-5131 can be obtained from another AP-5131 in the form of a text file. Additionally, all of the AP-5131’s settings can be downloaded to another AP-5131. Use the file-based configuration feature to speed up the setup process significantly at sites using multiple AP-5131’s.
Page 105 System Configuration updated by the imported file. Therefore, the imported configuration is not a merge with the configuration of the target AP-5131. The exported file can be edited with any document editor if necessary. CAUTION A single-radio model AP-5131 cannot import/export its configuration to a dual-radio model AP-5131.
Page 106 4-32 AP-5131 Access Point Product Reference Guide Filename Specify the name of the configuration file to be written to the FTP or TFTP server. numerical (non DNS name) Server IP Enter the IP address of the destination FTP or TFTP server where the configuration file is imported or exported.
Page 107 System Configuration Upload and Apply A Click the Upload and Apply A Configuration File button to Configuration File upload a configuration file to this AP-5131 using HTTP. Download Click the Download Configuration File button to download this Configuration File AP-5131’s configuration file using HTTP.
Page 108: Updating Device Firmware
AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 4.8 Updating Device Firmware Symbol periodically releases updated versions of the AP-5131 device firmware to the Symbol Web site. If the AP-5131 firmware version displayed on the System Settings...
Page 109 • Enable Automatic Firmware Update • Enable Automatic Configuration Update These options can be used to update newer firmware and configuration files on the AP-5131 through either the LAN or WAN interface. The AP-5131 uses DHCP Vendor Specific Option 43 with the following options embedded within it:...
Page 110 The DHCP Server needs to be configured with the above mentioned vendor specific options and vendor class identifier. The interface selected (LAN or WAN) on the AP-5131, must be configured as a DHCP client for the Auto DHCP Update feature to function properly.
Page 111 - Specify a password for FTP server login. Default is symbol. NOTE Click Apply to save the settings before performing the firmware update. The user is not able to navigate the AP-5131 user interface while the firmware update is in process. 10. Click the Perform Update button to initiate the update.
Page 112 FAIL: conflict ip address FAIL: command exchange time out FAIL: invalid subnet number 12. Confirm the AP-5131’s configuration is the same as before the firmware update. If they are not, restore the settings. Refer to Importing/Exporting Configurations on page 4-30 instructions on exporting the configuration back to the AP-5131.
Page 113: Chapter 5. Network Management
DHCP client, BOOTP client, DHCP server or using neither DHCP or BOOTP. The AP-5131 LAN port has its own MAC address. The LAN port MAC address is always the value of the AP-5131 WAN port MAC address plus 1. The LAN and WAN port MAC addresses can be located within the LAN and WAN Stats screens.
Page 114 AP-5131 Access Point Product Reference Guide The AP-5131 can use Dynamic Host Configuration Protocol (DHCP) to obtain a leased IP address and configuration information from a remote server. DHCP is based on the BOOTP protocol and can coexist or interoperate with BOOTP.
Page 115 VLAN tagging. If selected, click the VLAN Trunking Config button to configure mappings between individual WLANs and VLANs. If enabled, the AP-5131 is required to be connected to a trunked port. VLAN Name Click the VLAN Name button to launch the...
Page 116 AP-5131 Access Point Product Reference Guide AP-5131 This interface is a Select this button to enable DHCP to set network address DHCP Client information via the LAN connection. This is recommended if the AP-5131 resides within a large corporate network or the Internet Service Provider (ISP) uses DHCP.
Page 117: Configuring Vlan Support
5.1.1 Configuring VLAN Support A Virtual Local Area Network (VLAN) is a means to electronically separate data on the same AP-5131 from a single broadcast domain into separate broadcast domains. The AP-5131 can group devices on one or more WLANs so that they can communicate as if they were attached to the same wire, when in fact they are located on a different LAN segment.
Page 118 (such as an IP address). Additional information (such as device MAC address information) is sent to the AP-5131. The AP-5131 sends this MAC address to a host housing a copy of the Dynamic VLAN database. This database houses the records of MAC addresses and VLAN assignments.
Page 119 Network Management The VLAN name screen displays. The first time the screen is launched a default VLAN name of 1 and a default VLAN ID of 1 display. The VLAN name is auto-generated once the user assigns a VLAN ID. However, the user has the option of re-assigning a name to the VLAN using New VLAN Edit VLAN...
Page 120 The VLAN ID associates a frame with a specific VLAN and provides the information the AP-5131 needs to process the frame across the network. Therefore, it may be practical to assign a name to a VLAN representative or the area or type of network traffic it represents.
Page 121 1 as other layer 2 devices also have their Native VLAN set to 1. 10. Use the checkboxes under the name of each VLAN to map specific VLANs to AP-5131 WLANs listed on the left-hand side of the screen.
Page 122: Configuring Advanced Dhcp Server Settings
IP addresses. This is useful, for example, in education and customer environments where MU users change frequently. Use longer leases if there are fewer users. To generate a list of client MAC address to IP address mappings for the AP-5131: 1. Select Network Configuration ->...
Page 123: Setting The Type Filter Configuration
5.1.3 Setting the Type Filter Configuration The AP-5131 can keep a list of frame types that it forwards or discards. The Type Filtering feature prevents specific (a potentially unneccesary) frames from being processed by the AP-5131 in order to improve throughput.
Page 124 Packet types supported for the type filtering function include 16-bit DIX Ethernet types as well as Symbol proprietary types. Select an Ethernet type from the drop down menu, or enter the Ethernet type’s hexadecimal value. Consult with your System Administrator if unsure of...
Page 125: Configuring Wan Settings
A Wide Area Network (WAN) is a widely dispersed telecommunications network. The AP-5131 includes one WAN port. The AP-5131 WAN port has its own MAC address. In a corporate environment, the WAN port might connect to a larger corporate network. For a small business, the WAN port might connect to a DSL or cable modem to access the Internet.
Page 126 WAN IP Configuration field to enable the WAN interface, and set network address information for the WAN connection. NOTE Symbol recommends that the WAN and LAN ports should not both be configured as DHCP clients. Enable WAN Interface Select the...
Page 127 5-15 Network Management AP-5131 This interface is a This checkbox enables DHCP for the WAN connection. DHCP Client This is useful, if the larger corporate network or Internet Service Provider (ISP) uses DHCP. DHCP is a protocol that includes mechanisms for IP address allocation and delivery of host-specific configuration parameters from a DHCP server to a host.
Page 128 5-16 AP-5131 Access Point Product Reference Guide More IP Addresses Click the More IP Addresses button to specify additional static IP AP-5131 addresses for the . Additional IP addresses are required when users within the WAN need dedicated IP addresses, or when servers need to be accessed (addressed) by the outside world.
Page 129 Displays the current connection state of the PPPoE client. When a PPPoE connection is established, the status displays Connected. When no PPPoE connection is active, the status displays Disconnected. AP-5131 Keep-Alive Select the Keep-Alive checkbox to maintain the connection indefinitely (no timeout interval). Some ISPs terminate AP-5131 inactive connections.
Page 130: Configuring Network Address Translation (Nat) Settings
Network Address Translation (NAT) converts an IP address in one network to a different IP address or set of IP addresses in another network. The AP-5131 router maps its local (inside) network addresses to WAN (outside) IP addresses, and translates the WAN IP addresses on incoming packets to local IP addresses.
Page 131 WAN IP address to a single host (local) IP address. 1 to 1 mapping is useful when users need dedicated addresses, and for public-facing servers connected to AP-5131 Set the NAT Type as 1 to Many to map a WAN IP address to multiple local IP addresses.
Page 132: Configuring Port Forwarding
NAT screen to the last saved configuration. 5. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 5.2.1.1 Configuring Port Forwarding Use the...
Page 133 5-21 Network Management 3. Configure the Port Forwarding screen to modify the following: Click to create a local map that includes the name, transport protocol, start port, end port, and IP address for incoming packets. Delete Click Delete to remove a selected local map entry. Name Enter a name for the service being forwarded.
Page 134: Enabling Wireless Lans (Wlans)
Within the WLAN, roaming users can be handed off from one AP-5131 to another like a cellular phone system. WLANs can therefore be configured around the needs of specific groups of users, even when they are not in physical proximity.
Page 135 Network Management If a WLAN is defined, that WLAN displays within the Wireless Configuration screen. When the AP-5131 is first booted, WLAN1 exists as a default WLAN available immediately for connection. 2. Refer to the information within the Wireless Configuration screen to view the name, ESSID, AP-5131 radio designation, VLAN ID and security policy of existing WLANs.
Page 136: Creating/Editing Individual Wlans
WLAN or edit the properties of an existing WLAN. NOTE Before editing the properties of an existing WLAN, ensure it is not being used by an AP-5131 radio, or is a WLAN that is needed in its current configuration. Once updated, the previous configuration is not available...
Page 137 WLAN or edit the properties of an existing WLAN: 1. Select Network Configuration -> Wireless from the AP-5131 menu tree. The Wireless Configuration screen displays. 2. Click the Create button to configure a new WLAN, or highlight a WLAN and click the Edit button to modify an existing WLAN.
Page 138 Configuring a WLAN Access Control List (ACL) on page 5-29. Kerberos User Name Displays the read-only Kerboros User Name used to associate the wireless client. This value is the ESSID of the AP-5131. Kerberos Password Enter a Kerberos password if Kerberos has been selected as the...
Page 139: Configuring Wlan Security Policies
New WLAN or Edit WLAN screen and return to the Wireless Configuration screen. 5.3.1.1 Configuring WLAN Security Policies As WLANs are being defined for an AP-5131, a security policy can be created or an existing policy edited (using the Edit...
Page 140 WLANs grows. Configuring a WLAN security scheme with a discussion of all the authentication and encryption options available is beyond the scope of this chapter. Chapter 6 of the AP-5131 Product Reference Guide is dedicated to configuring AP-5131 security. For detailed...
Page 141: Configuring A Wlan Access Control List (Acl)
WLANs based on MU interoperability requirements. Symbol recommends using the New MU ACL Policy or Edit MU ACL Policy screens strategically to name and configure ACL policies meeting the requirements of the particular WLANs they may map to.
Page 142 AP-5131 Access Point Product Reference Guide 2. Click the Create button to configure a new ACL policy, or select a policy and click the Edit button to modify an existing ACL policy. The AP-5131 supports a maximum of 16 MU ACL policies.
Page 143: Setting The Wlan Quality Of Service (Qos) Policy
AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 5.3.1.3 Setting the WLAN Quality of Service (QoS) Policy The AP-5131 can keep a list of QoS policies that can be used from the New WLAN Edit WLAN screens to map to individual WLANs.
Page 144 WLANs based on MU interoperability requirements. Symbol recommends using the New QoS Policy and Edit QoS Policy screens strategically to name and configure QoS policies meeting the requirements of the particular WLANs they may map to. However, be careful not to name policies after specific WLANs, as individual QoS policies can be used by more than one WLAN.
Page 145 5-33 Network Management 2. Click the Create button to configure a new QoS policy, or select a policy and click the Edit button to modify an existing QoS policy. The AP-5131 supports a maximum of 16 QoS policies.
Page 146 5-34 AP-5131 Access Point Product Reference Guide 3. Assign a name to the new or edited QoS policy that makes sense to the AP-5131 traffic receiving priority. More than one WLAN can use the same QoS policy. 4. Select the Support Voice prioritization checkbox to allow legacy voice prioritization.
Page 147 6. Select the Enable Wi-Fi Multimedia (WMM) QoS Extensions checkbox to configure the AP-5131’s QoS Access Categories. The Access Categories are not configurable unless the checkbox is selected. Access Categories include: Background Backgrounds traffic is typically of a low priority (file transfers, print jobs ect.).
Page 148: Setting The Wlan's Radio Configuration
5.3.2 Setting the WLAN’s Radio Configuration Each AP-5131 WLAN can have a separate 802.11a or 802.11b/g radio configured and mapped to that WLAN. The first step is to enable the radio. One of two possible radio configuration pages are available on the AP-5131 depending on which model SKU is purchased.
Page 149 802.11a use and the other for 802.11b/g (no other alternatives exist for the dual-radio model). Using a dual-radio AP-5131, individual 802.11a and 802.11b/g radios can be enabled or disabled using the Radio Configuration screen checkboxes.
Page 150: Configuring The 802.11A Or 802.11B/G Radio
To configure the AP-5131’s 802.11a or 802.11b/g radio: 1. Select Network Configuration -> Wireless -> Radio Configuration -> Radio1 (default name) from the AP-5131 menu tree. On a single-radio AP-5131, Radio1 could either be an 802.11a or 802.11b/g radio depending on which radio has been enabled.
Page 151 Placement Placement Use the drop-down menu to specify whether the radio is located outdoors or indoors. Default placement depends on AP-5131 the country of operation selected for the AP-5131 MAC Address , like other Ethernet devices, has a unique, hardware encoded Media Access Control (MAC) or IEEE address.
Page 152 For example, if three AP-5131’s are operating on 802.11b/g, each AP-5131 would be set to a non-overlapping channel (1, 6 and 11). If using the AP-5131’s 802.11a radio, a Uniform Spreading option is available (and is the default setting for the 802.11a radio).
Page 153 QoS values for the radio. Support Short The preamble is approximately 8 bytes of packet header generated AP-5131 Preamble by the and attached to the packet prior to transmission from the 802.11b radio. The preamble length for 802.11b transmissions is data rate dependant.
Page 154 Set RF QOS screen to set QoS parameters for the AP-5131 radio. This setting should not be confused with the QoS configuration screen used for a WLAN. The Set RF QoS screen initially appears with default values displayed.
Page 155 Symbol recommends decreasing the DTIM interval. However, decreasing the DTIM interval decreases the battery life on power save stations. The default is 10. Symbol recommends using the default value unless qualified to understand the performance risks of changing it.
Page 156 BSSID, as this will result in warning or error messages. NOTE If using a single-radio AP-5131, there are 4 BSSIDs available. If using a dual-radio AP-5131, 4 BSSIDs for the 802.11b/g radio and 4 BSSIDs for the 802.11a radio are available.
Page 157: Configuring Bandwidth Management Settings
5.3.3 Configuring Bandwidth Management Settings The AP-5131 can be configured to grant individual WLAN’s network bandwidth priority levels. Use the Bandwidth Management screen to control the network bandwidth allotted to WLANs. Symbol recommends defining a weighed scheme as needed when WLAN traffic supporting a specific network segment becomes critical.
Page 158 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the Bandwidth Management screen to the last saved configuration. 6. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 159: Configuring Router Settings
6-51. 5.4 Configuring Router Settings The AP-5131 router uses routing tables and protocols to forward data packets from one network to another. The AP-5131 router manages traffic within the network, and directs traffic from the WAN to destinations on the AP-5131 managed LAN. Use the AP-5131...
Page 160 5-48 AP-5131 Access Point Product Reference Guide The information in the AP-5131 Router Table is dynamically generated from settings applied on the screen. The destination for each subnet is its IP address. The subnet mask (or network mask) and gateway settings are those belonging to each subnet. Displayed interfaces are those associated with destination IP addresses.
Page 161: Chapter 6. Configuring Access Point Security
RF packets between the AP-5131 and its associated MUs. WLAN security can be configured on an ESS by ESS basis on the AP-5131. Sixteen separate ESSIDs (WLANs) can be supported on an AP-5131, and must be managed (if necessary) between the 802.11a and 802.11b/g radio.
Page 162: Configuring Security Options
Configuring WPA2-CCMP (802.11i) on page 6-22. • To configure the AP-5131 to block specific kinds of HTTP, SMTP and FTP data traffic, see Configuring Firewall Settings on page 6-25. • To create VPN tunnels allowing traffic to route securely through a IPSEC tunnel to a private...
Page 163: Setting Passwords
To password protect and restrict AP-5131 device access: 1. Connect a wired computer to the AP-5131 LAN port using a standard CAT-5 cable. 2. Set up the computer for TCP/IP DHCP network addressing and make sure the DNS settings are not hardcoded.
Page 164: Resetting The Ap-5131 Password
AP-5131 security feature to configure next. 6.2.1 Resetting the AP-5131 Password The AP-5131 Command Line Interface (CLI) enables users who forget their password to reset it to the factory default (symbol). From there, a new password can be defined.
Page 165: Enabling Authentication And Encryption Schemes
You can now access the AP-5131. 6.3 Enabling Authentication and Encryption Schemes To complement the built-in firewall filters on the WAN side of the AP-5131, the WLAN side of the AP-5131 supports authentication and encryption schemes. Authentication is a challenge-response procedure for validating user credentials such as username, password, and sometimes secret-key information.
Page 166 AP-5131 Access Point Product Reference Guide security policy does not satisfy the data protection requirements of a specific WLAN, a new security policy (using the authentication and encryption schemes discussed above) can be created. To enable an existing WLAN security policy or create a new policy: 1.
Page 167 Remember, multiple WLANs can share the same security policy, so be careful not to name security policies after specific WLANs or risk defining a WLAN to single policy. Symbol recommends naming the policy after the attributes of the authentication or encryption type selected (for example, WPA2 Allow TKIP).
Page 168 AP-5131 Access Point Product Reference Guide WEP 128 (104-bit key) Select the WEP 128 (104 bit key) button to display the WEP 128 Settings field within the New Security Policy screen. For specific information on configuring WEP 128, see Configuring WEP Encryption on page 6-15.
Page 169: Configuring Kerberos Authentication
(and vice versa) across an insecure network connection. Once a client and server use Kerberos to prove their identity, they can encrypt all communications to assure privacy and data integrity. Kerberos can only be used on the AP-5131 with Symbol clients. CAUTION Kerberos makes no provisions for host security. Kerberos assumes that it is running on a trusted host with an untrusted network.
Page 170 Realm Name Specify a realm name that is case-sensitive, for example, SYMBOL.COM. The realm name is the name domain/realm name of the KDC Server. A realm name functions similarly to a DNS domain name. In theory, the realm name is arbitrary. However, in practice a Kerberos realm is named by uppercasing the DNS domain name that is associated with hosts in the realm.
Page 171: Configuring 802.1X Eap Authentication
(in this case, the authentication server). The AP-5131 passes EAP packets from the client to an authentication server on the wired side of the AP-5131. All other packet types are blocked until the authentication server (typically, a RADIUS server) verifies the MU’s identity.
Page 172 6-12 AP-5131 Access Point Product Reference Guide by clicking the Edit button. To configure a new security policy supporting 802.1x EAP, continue to step 2. 2. Click the Create button to configure a new policy supporting 802.1x EAP. New Security Policy screen displays with no authentication or encryption options selected.
Page 173 Specify an idle time (in seconds) between MU authentication (1-65535) secs attempts, as required by the authentication server. The default is 10 seconds. MU Timeout Define the time (in seconds) for the AP-5131’s retransmission of (1-255) secs EAP-Request packets. The default is 10 seconds.
Page 174 2 retries. 8. Select the Radius Accounting tab as required to define a timeout period and retry interval Syslog for MUs interoperating with the AP-5131 and EAP authentication server. Enable Accounting Select the Enable Accounting checkbox to implement the MU timeout and retry definitions configured within the Radius Accounting field.
Page 175: Configuring Wep Encryption
6-15 Configuring Access Point Security MU Timeout Specify the time (in seconds) for the AP-5131’s retransmission of EAP-Request packets. The default is 10 seconds. If this time is exceeded, the authetnication session is terminated. Retries Specify the number of retries for the MU to retransmit a missed frame to the Radius server before it times out of the authentication session.
Page 176 WEP 64 Settings WEP 128 Settings field as required to define the Pass Key used to generate the WEP keys. These keys must be the same between the AP-5131 and its MU to encrypt packets between the two devices. Pass Key...
Page 177: Configuring Keyguard Encryption
6.7 Configuring KeyGuard Encryption KeyGuard is a proprietary encryption method developed by Symbol Technologies. KeyGuard is Symbol's enhancement to WEP encryption, and was developed before the finalization of WPA-TKIP. This encryption implementation is based on the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11i.
Page 178 KeyGuard Settings field as required to define the Pass Key used to generate the WEP keys used with the KeyGuard algorithm. These keys must be the same between the AP-5131 and its MU to encrypt packets between the two devices...
Page 179: Configuring Wpa Using Tkip
The pass key can be any alphanumeric string. The , other proprietary routers, and Symbol MUs use the algorithm to convert an ASCII string to the same hexadecimal number. MUs without Symbol adapters need to use WEP keys manually configured as hexadecimal numbers.
Page 180 6-20 AP-5131 Access Point Product Reference Guide 1. Select Network Configuration -> Wireless -> Security from the AP-5131 menu tree. If security policies supporting WPA-TKIP exist, they appear within the Security Configuration screen. These existing policies can be used as is, or their properties edited...
Page 181 To use an ASCII passphrase (and not a hexadecimal value), select the checkbox and enter an alphanumeric string of 8 to 63 characters. The alphanumeric string allows character spaces. The AP-5131 converts the string to a numeric value. This passphrase saves the administrator from entering the 256-bit key each time keys are generated.
Page 182: Configuring Wpa2-Ccmp (802.11I)
(similar to TKIP). Like TKIP, the keys the administrator provides are used to derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. The end result is an encryption scheme as secure as any the AP-5131 provides. To configure WPA2-CCMP on the AP-5131: 1.
Page 183 6-23 Configuring Access Point Security 5. Configure the Key Rotation Settings field as required to set Broadcast Key Rotation and the update interval. Broadcast Key Select the Broadcast Key Rotation checkbox to enable or disable Rotation the broadcasting of encryption key changes to MUs. Only broadcast key changes when required by associated MUs to reduce the transmissions of sensitive key information.
Page 184 Enabling this option allows backwards compatibility for clients that support WPA-TKIP but do not support WPA2-CCMP. Symbol recommends enabling this feature if WPA-TKIP supported MUs operate within a WLAN populated by WPA2-CCMP enabled clients.
Page 185: Configuring Firewall Settings
This reverts all settings to the last saved configuration. 6.10 Configuring Firewall Settings The AP-5131's firewall is a set of related programs located in the gateway on the WAN side of the AP-5131. The firewall uses a collection of filters to screen information packets for known types of system attacks.
Page 186 6-26 AP-5131 Access Point Product Reference Guide Disable Firewall Select the Disable Firewall checkbox to disable all firewall AP-5131 functions on the . This includes firewall filters, NAT, VPN, AP-5131 content filtering, and subnet access. Disabling the AP-5131 firewall makes the vulnerable to data attacks and is not recommended during normal operation if using the WAN port.
Page 187: Configuring Lan To Wan Access
6.10.1 Configuring LAN to WAN Access The AP-5131 LAN can be configured to communicate with the WAN side of the AP-5131. Use the to WAN Access screen to allow/deny access to the AP-5131 WAN protocols, specify names and properties for existing protocols and enable pre-configured protocols (FTP, TFTP, Telnet ect.).
Page 188 6-28 AP-5131 Access Point Product Reference Guide 2. Configure the LAN to WAN Access screen as required to allow or deny access to selected (enabled) protocols. Allow or Deny all Use the drop-down menu to select either Allow Deny. protocols, except selected setting applies to all protocols except those with enabled checkboxes and any traffic that is added to the table.
Page 189 (if necessary) to undo any changes made. Undo Changes reverts the settings displayed on the LAN to WAN Access screen to the last saved configuration. 5. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed.
Page 190: Available Protocols
6-30 AP-5131 Access Point Product Reference Guide 6.10.1.1 Available Protocols Protocols that are not pre-configured can be specified using the drop down list within the Transport column within the LAN to WAN Access and Advanced Subnet Access screens. They include: •...
Page 191 Configuring Access Point Security access rules must be overridden. However, the Advanced LAN Access screen allows you to import existing subnet access rules into the advanced subnet access rules. To configure AP-5131 advanced LAN access: 1. Select Network Configuration ->...
Page 192 6-32 AP-5131 Access Point Product Reference Guide 3. Configure the Firewall Rules field as required add, insert or delete firewall rules into the list of advanced rules. Inbound or Outbound Select Inbound Outbound from the drop-down menu to specify if a firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface.
Page 193: Configuring Vpn Tunnels
6.11 Configuring VPN Tunnels The AP-5131 allows up to 25 VPN tunnels to either a VPN endpoint or to another AP-5131. VPN tunnels allow all traffic on a local subnet to route securely through a IPSEC tunnel to a private network.
Page 194 6-34 AP-5131 Access Point Product Reference Guide 2. Use the VPN Tunnels field to add or delete a tunnel to the list of available tunnels, list tunnel network address information and display key exchange information for each tunnel. Click to add a VPN tunnel to the list. To configure a specific...
Page 195 VPN tunnel. If Manual Key Exchange is selected, this column displays Manual. If Auto (IKE) Key Exchange is selected, the field displays Automatic. 3. If a VPN tunnel has been added to the list of available AP-5131 tunnels, use the VPN Tunnel Config field to optionally modify the tunnel’s properties.
Page 196: Configuring Manual Key Settings
6. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.11.1 Configuring Manual Key Settings A transform set is a combination of security protocols and algorithms applied to IPSec protected traffic.
Page 197 6-37 Configuring Access Point Security To configure manual key settings for the AP-5131: 1. Select Network Configuration -> -> from the AP-5131 menu tree. 2. Refer to the VPN Tunnel Config field, select the Manual Key Exchange checkbox and click the Manual Key Settings button.
Page 198 6-38 AP-5131 Access Point Product Reference Guide Inbound AH Configure a key for computing the integrity check on inbound traffic Authentication Key with the selected authentication algorithm. The key must be 32/40 hexadecimal (0-9, A-E) characters in length. The key value must match the corresponding outbound key on the remote security gateway.
Page 199 6-39 Configuring Access Point Security ESP Encryption Select the encryption and authentication algorithms for the VPN Algorithm tunnel using the drop-down menu. • DES - Uses the DES encryption algorithm requiring 64-bit (16-character hexadecimal) keys. • 3DES - Uses the 3DES encryption algorithm requiring 192-bit (64-character hexadecimal) keys.
Page 200: Configuring Auto Key Settings
VPN screen without retaining the changes made to the Manual Key Settings screen. 6.11.2 Configuring Auto Key Settings The AP-5131’s Network Management System can automatically set encryption and authentication keys for VPN access. Use the Auto Key Settings screen to specify the type of encryption and authentication, without specifying the keys.
Page 201 6-41 Configuring Access Point Security 3. Configure the Auto Key Settings screen to modify the following: Use Perfect Forward Forward secrecy is a key-establishment protocol guaranteeing the Secrecy discovery of a session key or long-term private key does not compromise the keys of other sessions. Select to enable Perfect Forward Secrecy.
Page 202: Configuring Ike Key Settings
6-42 AP-5131 Access Point Product Reference Guide ESP Type ESP provides packet encryption, optional data authentication and anti-replay services for the VPN tunnel. Use the drop-down menu to select the ESP type. • None - Disables ESP. The rest of the fields are not active.
Page 203 6-43 Configuring Access Point Security To configure IKE key settings for the AP-5131: 1. Select Network Configuration -> -> from the AP-5131 menu tree. 2. Refer to the VPN Tunnel Config field, select the Auto (IKE) Key Exchange checkbox and...
Page 204 • FQDN - Select FQDN if the local ID type is a fully qualified domain name (such as sj.symbol.com). The setting for this field does not have to be fully qualified, however it must match the setting for the Certificate Authority.
Page 205 Key Lifetime The number of seconds the key is valid. At the end of the lifetime, the key is renegotiated. AP-5131 forces renegotiation every 3600 seconds. There is no way to change the renegotiation value. If the IKE Lifetime is greater...
Page 206: Viewing Vpn Status
Use the VPN Status screen to display the status of the tunnels configured on the AP-5131 as well as their lifetime, transmit and receive statistics. The VPN Status screen is read-only with no configurable parameters. To configure a VPN tunnel, use the VPN configuration screen in the WAN section of the AP-5131 menu tree.
Page 207 Tunnel Name Tunnel Name column lists the names of all the tunnels AP-5131 configured on the . Clicking the Tunnel Name title bar enables you to sort by tunnel name. For information on configuring a tunnel, see Configuring VPN Tunnels on page 6-33.
Page 208: Configuring Content Filtering Settings
Content filtering allows system administrators to block specific commands and URL extensions from going out through the AP-5131 WAN port. Therefore, content filtering affords system administrators selective control on the content proliferating the network and is a powerful data and network...
Page 209 Configuring Access Point Security screening tool. Content filtering allows the blocking of up to 10 files or URL extensions and allows blocking of specific outbound HTTP, SMTP, and FTP requests. To configure content filtering for the AP-5131: 1. Select Network Configuration ->...
Page 210 6-50 AP-5131 Access Point Product Reference Guide Block Outbound URL Enter a URL extension or file name per line in the format of Extensions filename.ext. An asterisk (*) can be used as a wildcard in place of the filename to block all files with a specific extension.
Page 211: Configuring Rogue Ap Detection
6.13 Configuring Rogue AP Detection It is possible that not all of the devices identified by the AP-5131 are operating legitimately within the AP-5131’s radio coverage area. A rogue AP is a device located nearby an authorized Symbol AP-5131 but recognized as having properties rendering its operation illegal and threatening to the AP-5131 and the LAN.
Page 212 MUs to scan for a rogue AP. A shorter interval can effect the performance of the MU, but it will also decrease the time it takes for the AP-5131 to scan for a rogue AP. A longer interval will have less of an impact to the MU’s, but it will increase the amount of time used to detect rogue APs.
Page 213 Symbol AP’s from Rogue AP detection and create Rule Managemen a list of device MAC addresses and ESSID’s approved for interoperability with the AP-5131. Authorize Any AP Select this checkbox to enable all access points with a Symbol...
Page 214: Moving Rogue Aps To The Allowed Ap List
Rogue AP Detection screen to the last saved configuration. 6. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.13.1 Moving Rogue APs to the Allowed AP List...
Page 215 6-55 Configuring Access Point Security The Active APs screen displays with detected rogue devices displayed within the Rogue table. 2. Enter a value (in minutes) in the Allowed APs field to indicate the number of Age Out Time elapsed minutes before an AP will be removed from the approved list and reevaluated. A zero (0) for this value (default value) indicates an AP can remain on the approved AP list permanently.
Page 216: Displaying Rogue Ap Details
Active APs screen to the last saved configuration. 9. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 6.13.1.1 Displaying Rogue AP Details Before moving a rogue AP into the list of allowed APs within the Active APs screen, the device address and rogue detection information for that AP should be evaluated.
Page 217 BSSID/MAC Displays the MAC address of the rogue AP. This information could be useful if the MAC address is determined to be a Symbol MAC address and the device is interpreted as non-hostile and the device should be defined as an allowed AP.
Page 218: Using Mus To Detect Rogue Devices
6.13.2 Using MUs to Detect Rogue Devices The AP-5131 can use an associated MU that has its rogue AP detection feature enabled to scan for rogue APs. Once detected, the rogue AP(s) can be moved to the list of allowed devices (if appropriate) within the Active APs screen.
Page 219 6-59 Configuring Access Point Security 2. Highlight an MU from within the Rogue AP enabled MUs field and click the scan button. The target MU begins scanning for rogue devices using the detection parameters defined within the Rogue AP Detection screen. To modify the detection parameters, see Configuring Rogue AP Detection on page 6-51.
Page 220 6-60 AP-5131 Access Point Product Reference Guide 6. Click Logout to return to the Rogue AP Detection screen.
Page 221: Chapter 7. Monitoring Statistics
Monitoring Statistics The AP-5131 has functionality to display robust transmit and receive statistics for its WAN and LAN port. Wireless Local Area Network (WLAN) stats can also be displayed collectively for each enabled WLAN as well as individually for up to 16 specific WLANs.
Page 222: Viewing Wan Statistics
Transmitted fields display statistics for the cumulative packets, bytes, and errors received and transmitted through the WAN interface since it was last enabled or the AP was last rebooted. The AP-5131 WAN Stats screen is view-only with no configurable data fields.
Page 223 802.11b/g Radio on page 5-38. 3. Refer to the Received field to reference data received over the AP-5131 WAN port. RX Packets RX packets are data packets received over the WAN port. The displayed number is a cumulative total since the WAN interface...
Page 224 4. Refer to the Transmitted field to reference data received over the AP-5131 WAN port. TX Packets TX packets are data packets sent over the WAN connection. The displayed number is a cumulative total since the WAN interface...
Page 225: Viewing Lan Statistics
Use the LAN Stats screen to monitor the activity of the AP-5131 LAN connection. The Information field of the LAN Stats screen displays network traffic information as monitored over the AP-5131 LAN port. The Received Transmitted fields of the screen display statistics for the cumulative packets, bytes, and errors received and transmitted over the LAN port since it was last enabled or the AP-5131 was last restarted.
Page 226 IP Address The Internet Protocol (IP) addresses for the LAN port. 3. Refer to the Received field to view data received over the AP-5131 LAN port. AP-5131 RX Packets RX packets are data packets received over the LAN port. The number is a cumulative total since the LAN connection was...
Page 227 RX Frame field displays the number of TCP/IP data frame errors received. 4. Refer to the Transmitted field to view statistics transmitted over the AP-5131 LAN port. AP-5131 TX Packets TX packets are data packets sent over the LAN port. The...
Page 228: Viewing Wireless Statistics
(MUs) and total throughput for each of the active WLANs. The Total RF Traffic section displays basic throughput information for all RF activity on the AP-5131. The WLAN Stats Summary screen is view- only with no user configurable data fields. If a WLAN is not displayed within the...
Page 229 Monitoring Statistics 2. Refer to the WLAN Summary field to reference high-level data for each enabled WLAN. AP-5131 Name Displays the names of all the enabled WLANs on the . For information on enabling a WLAN, see Enabling Wireless LANs (WLANs) on page 5-22.
Page 230: Viewing Wlan Statistics
5. Click the Logout button to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 7.3.1 Viewing WLAN Statistics Use the WLAN Stats screen to view detailed statistics for individual WLANs.The WLAN Stats...
Page 231 AP-5131 menu tree. 2. Refer to the Information field to view specific WLAN address, MU and security scheme information for the WLAN selected from the AP-5131 menu tree. ESSID Displays the Extended Service Set ID (ESSID) for the target WLAN. Radio/s Displays the name of the 802.11a or 802.11b/g radio the target...
Page 232 7-12 AP-5131 Access Point Product Reference Guide Encryption Type Displays the encryption method defined for the WLAN. If the encryption type does not match the desired scheme for the WLAN or needs to be enabled, see Enabling Authentication and Encryption Schemes on page 6-5.
Page 233 4. Refer to the RF Status field to view the following MU signal, noise and performance information for the WLAN selected from the AP-5131 menu tree. Avg MU Signal Displays the average RF signal strength in dBm for all MUs associated with the selected WLAN.
Page 234: Viewing Radio Statistics Summary
Radio Stats Summary screen to view high-level information (radio name, type, number of associated MUs, etc.) for the radio(s) enabled on an AP-5131. Individual radio statistics can be displayed as well by selecting a specific radio from within the AP-5131 menu tree.
Page 235: Viewing Radio Statistics
Do not clear the radio stats if currently in an important data gathering activity or risk losing all data calculations to that point. For information on viewing radio statistics particular to the AP-5131 radio type displayed within the AP Stats Summary screen, see Viewing Radio Statistics on page 7-15.
Page 236 -> Radio Statistics from the AP-5131 menu tree. 2. Refer to the Information field to view the AP-5131 802.11a or 802.11b/g radio’s MAC address, placement and transmission information. AP-5131 HW Address The Media Access Control (MAC) address of the housing the 802.11a radio.
Page 237 802.11a or 802.11b/g radio. 3. Refer to the Traffic field to view performance and throughput information for the target AP-5131 802.11a or 802.11b/g radio. Pkts per second Total column displays the average total packets per second crossing the radio. The column displays the average total packets per second received.
Page 238 Errors field to reference retry information as well as data transmissions the target AP-5131 802.11a or 802.11 b/g radio either gave up on could not decrypt. Avg Num. of Retries Displays the average number of retries for all MUs associated with AP-5131 802.11a or 802.11b/g radio.
Page 239: Retry Histogram
Radio Statistics -> Retry Histogram from the AP-5131 menu tree. A Radio Histogram screen is available for each AP-5131 radio (regardless of single or dual- radio model). The table’s first column shows 0 under Retries. The value under the Packets column directly to the right shows the number of packets transmitted by this AP-5131 radio that required 0 retries (delivered on the first attempt).
Page 240: Viewing Mu Statistics Summary
However, individual MUs can be selected from within the MU Stats Summary screen to either ping to assess interoperability or display authentication statistics. To view AP-5131 overview statistics for all of the MUs associated to the AP-5131: 1. Select Status and Statistics - >...
Page 241 7-24 NOTE An echo test initiated from the AP-5131 MU Stats Summary screen uses WNMP pings. Therefore, target clients that are not Symbol MUs are unable to respond to the echo test. 5. Click the MU Authentication Statistics button to display a screen with detailed authentication statistics for the an MU.
Page 242: Viewing Mu Details
7-22 AP-5131 Access Point Product Reference Guide 8. Click the Logout button to securely exit the AP-5131 Symbol Access Point applet. A prompt displays confirming the logout before the applet is closed. 7.5.1 Viewing MU Details Use the MU Details screen to display throughput, signal strength and transmit error information for a specific MU associated with the AP-5131.
Page 243 Configuring the 802.11a or 802.11b/g Radio on page 5-38. The associated MU must also be set to the higher AP-5131 rate to interoperate with the at that data rate. % of Non-unicast pkts Displays the percentage of the total packets for the selected mobile unit that are non-unicast.
Page 244: Pinging Individual Mus
8. Click to exit the screen. 7.5.2 Pinging Individual MUs The AP-5131 can verify its link with an MU by sending WNMP ping packets to the associated MU. Use the Echo Test screen to specify a target MU and configure the parameters of the ping test.
Page 245: Mu Authentication Statistics
Number of Responses parameter to assess the number of responses from the target MU versus the number of pings transmitted by the AP-5131. Use the ratio of packets sent versus packets received to assess the link quality between MU and the AP-5131 Click the button to exit the Echo Test screen and return to the MU Stats Summary screen.
Page 246: Viewing Known Access Point Statistics
AP-5131 Access Point Product Reference Guide 7.6 Viewing Known Access Point Statistics The AP-5131 has the capability of detecting and displaying the properties of other access points (both Symbol and those from other manufacturers) located within its coverage area. Detected AP-5131’s transmit a WNMP message indicating their channel, IP address, firmware version, etc.
Page 247 Send Cfg to APs button to send the your AP-5131’s configuration to other AP- 5131’s with same ESSID. Recipient AP-5131 must be the same single or dual-radio model as the AP-5131 sending the configuration. The sending and recipient AP-5131’s must also be running the same major firmware version (i.e., 1.0 to 1.0).
Page 248 7-28 AP-5131 Access Point Product Reference Guide...
Page 249: Command Line Interface Reference
Command Line Interface Reference The AP-5131 Command Line Interface (CLI) is accessed through the serial port or a Telnet session. The AP-5131 CLI follows the same conventions as the Web-based user interface. The CLI does, however, provide an “escape sequence” to provide diagnostics for problem identification and resolution.
Page 250: Accessing The Cli Via Telnet
If this is your first time logging into the AP-5131, you are unable to access any of the AP-5131’s commands until the country code is set. A new password will also need to be...
Page 251: Admin And Common Commands
Changes the admin password. summary Shows a system summary containing network address information (IP address, network mask, DHCP mode, default gateway and WLAN information) for the AP-5131. network Goes to the network submenu system Goes to the system submenu.
Page 252 AP-5131 Access Point Product Reference Guide AP5131>admin> Description: Displays admin configuration options. Syntax: admin Accesses admin configuration. Admin configuration requires an administration login. Example: admin>admin Admin Password:******...
Page 253 Command Line Interface Reference 8-5 AP5131>admin>help Description: Displays general CLI user interface help. Syntax: help Displays command line help using combinations of function keys for navigation. Example: admin>help : display command help - Eg. ?, show ?, s? * Restriction of “?”: : “?”...
Page 254 Changes the admin password for AP-5131 access. This requires typing the old admin password and entering a new password and confirming it. Passwords can be up to 11 characters. The AP-5131 CLI treats the following as invalid characters: "...
Page 255 Command Line Interface Reference 8-7 AP5131>admin>summary Description: Displays the AP-5131’s system summary. Syntax: summary Displays a summary of high-level characteristics and settings for the WAN, LAN and WLAN. Example: admin>summary AP-5131 firmware version 1.0.0.0-xxx country code serial number 00A0F8716A74 -----------------------------------------------------------------------------...
Page 256 AP-5131 Access Point Product Reference Guide AP5131>admin>.. Description: Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure.
Page 257 Command Line Interface Reference 8-9 AP5131>admin> / Description: Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure.
Page 258 8-10 AP-5131 Access Point Product Reference Guide AP5131>admin>save Description: Saves the configuration to system flash. The save command appears in all of the submenus under admin. In each case, it has the same function, to save the current configuration. Syntax: save Saves configuration settings.
Page 259 Command Line Interface Reference 8-11 AP5131>admin>quit Description: Exits the command line interface session and terminates the session. The quit command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI. Once the quit command is executed, the login prompt displays again.
Page 260: Network Commands
8-12 AP-5131 Access Point Product Reference Guide 8.3 Network Commands AP5131>admin(network)> Description: Displays the network submenu. The items available under this command are shown below. Goes to the LAN submenu. Goes to the WAN submenu. wireless Goes to the Wireless Configuration submenu.
Page 261: Network Lan Commands
Defines LAN VLAN configuration values. dhcp Goes to the LAN DHCP submenu. type-filter Goes to the type-filter submenu to specify data types allowed or denied access to the AP-5131 WLAN traffic Goes to the parent menu. Goes to the root menu. save Saves the configuration to system flash.
Page 262 8-14 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan)> show Description: Displays the AP-5131 LAN settings. Syntax: show Shows the settings for the AP-5131 LAN interface. Example: admin(network.lan)>show LAN Interface : enable LAN Timeout : 45 sec. 802.11q Trunking : disable 802.1x Port Authentication:...
Page 263 <mode> Enables or disables the AP-5131 LAN interface. timeout <seconds> Sets the interval (in seconds) the AP-5131 uses to terminate its LAN interface if no activity is detected for the specified interval. trunking <mode> Enables or disables 802.11q Trunking over the AP-5131 LAN port.
Page 264: Network Lan, Vlan Commands
Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI and exits the session. For an overview of the AP-5131’s VLAN configuration options using the applet (GUI), see Configuring VLAN Support on page 5-5.
Page 265 Command Line Interface Reference 8-17 AP5131>admin(network.lan.vlan)> show Description: Displays current VLAN parameter settings the AP-5131. These parameters are defined with the set command. Syntax: show name Displays the existing list of AP-5131 VLAN names. config Shows the target VLAN configuration.
Page 266 8-18 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.vlan)> set Description: Sets VLAN parameters for the AP-5131. Syntax: set mgmt- tag <id> Defines the Management VLAN tag (1-4095). native-tag <id> Sets the Native VLAN tag (1-4095). mode Sets WLAN VLAN mode (WLAN 1-16) to either dynamic or static.
Page 267 Command Line Interface Reference 8-19 AP5131>admin(network.lan.vlan)> create Description: Creates a VLAN for the AP-5131. Syntax: create vlan-id <id> Defines the VLAN ID (1-4095). vlan-name <name> Specifies the name of the VLAN (1-31 characters in length). Example: admin(network.lan.vlan)> admin(network.lan.vlan)>create 5 VLAN-5...
Page 268 8-20 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.vlan)> edit Description: Modifies a VLAN’s name and ID. Syntax: edit name <name> Modifies an exisiting VLAN name (1-31 characters in length) <id> Modifies an existing VLAN ID (1-4095) characters in length). For information on editing VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
Page 269 Command Line Interface Reference 8-21 AP5131>admin(network.lan.vlan)> delete Description: Deletes a specific VLAN or all VLANs. Syntax: delete < VLAN id> Deletes a specific VLAN ID (1-16). Deletes all defined VLANs. For information on deleting VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
Page 270 <wlan name> <vlan name> Maps an AP-5131 WLAN to an exisiting VLAN name, and maps an AP-5131 VLAN to an exisiting WLAN name. All names and IDs are case-sensitive. For information on mapping VLANs using the applet (GUI), see Configuring VLAN Support on page 5-5.
Page 271: Network Lan, Dhcp Commands
Command Line Interface Reference 8-23 8.3.1.2 Network LAN, DHCP Commands AP5131>admin(network.lan.dhcp)> Description: Displays the AP-5131 DHCP submenu. The items available are displayed below. show Displays DHCP parameters. Sets DHCP parameters. Adds static DHCP address assignments. delete Deletes static DHCP address assignments.
Page 272 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.dhcp)> show Description: Shows DHCP parameter settings. Syntax: show Displays DHCP parameter settings for the AP-5131. These parameters are defined with the set command. Example: admin(network.lan.dhcp)>show DHCP Address Assignment Range: Starting IP Address : 192.168.0.100 Ending IP Address : 192.168.0.254...
Page 273 Command Line Interface Reference 8-25 AP5131>admin(network.lan.dhcp)> set Description: Sets DHCP parameters for the LAN port. Syntax: set range <ip1> <ip2> Sets the DHCP assignment range from IP address <ip1> to IP address <ip2>. lease <lease> Sets the DHCP lease time <lease> in seconds (1-999999). Example: admin(network.lan.dhcp)>set range 192.168.0.100 192.168.0.254 admin(network.lan.dhcp)>set lease 86400...
Page 274 8-26 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.dhcp)> add Description: Adds static DHCP address assignments. Syntax: <mac> <ip> Adds a reserved static IP address to a MAC address. Example: admin(network.lan.dhcp)>add 00A0F8112233 192.160.24.6 admin(network.lan.dhcp)>add 00A0F1112234 192.169.24.7 admin(network.lan.dhcp)>list ----------------------------------------------------------------------------- Index MAC Address...
Page 275 Command Line Interface Reference 8-27 AP5131>admin(network.lan.dhcp)> delete Description: Deletes static DHCP address assignments. Syntax: delete <idx> <entry> Deletes the static DHCP address entry <entry>. <idx> Deletes all static DHCP addresses. Example: admin(network.lan.dhcp)>list ----------------------------------------------------------------------------- Index MAC Address IP Address ----------------------------------------------------------------------------- 00A0F8112233 10.1.2.4 00A0F8102030 10.10.1.2...
Page 276 8-28 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.dhcp)> list Description: Lists static DHCP address assignments. Syntax: list <idx> Lists the static DHCP address assignments. Example: admin(network.lan.dhcp)>list ----------------------------------------------------------------------------- Index MAC Address IP Address ----------------------------------------------------------------------------- 00A0F8112233 10.1.2.4 00A0F8102030 10.10.1.2 00A0F8112234 10.1.2.3 00A0F8112235 192.160.24.6...
Page 277: Network Type Filter Commands
Command Line Interface Reference 8-29 8.3.1.3 Network Type Filter Commands AP5131>admin(network.lan.type-filter)> Description: Displays the AP-5131 Type Filter submenu. The items available under this command include: show Displays the current Ethernet Type exception list. Defines Ethernet Type Filter parameters. Adds an Ethernet Type Filter entry.
Page 278 Displays the existing AP-5131 Type-Filter configuration. Example: admin(network.lan.type-filter)>show Ethernet Type Filter mode : allow ----------------------------------------------------------------------------- index ethernet type ----------------------------------------------------------------------------- 8137 For information on displaying the AP-5131’s type filter configuration using the applet (GUI), see Setting the Type Filter Configuration on page 5-11.
Page 279 Allows or denies the AP-5131 from processing a specified Ethernet data type. Example: admin(network.lan.type-filter)>set mode allow For information on configuring the AP-5131’s type filter settings using the applet (GUI), see Setting the Type Filter Configuration on page 5-11.
Page 280 AP-5131 Access Point Product Reference Guide AP5131>admin(network.lan.type-filter)> add Description: Adds an Ethernet Type Filter entry. Syntax: <type> Adds entered Ethernet Type to list of data types either allowed or denied AP-5131 processing permissions. Example: admin(network.lan.type-filter)> admin(network.wireless.type-filter)>add 2 8137 admin(network.wireless.type-filter)>add 3 0806 admin(network.wireless.type-filter)>add 4 0800...
Page 281 ----------------------------------------------------------------------------- 0806 0800 8782 admin(network.lan.type-filter)>delete all admin(network.lan.type-filter)>show Ethernet Type Filter mode : allow ----------------------------------------------------------------------------- index ethernet type ----------------------------------------------------------------------------- For information on configuring the AP-5131’s type filter settings using the applet (GUI), see Setting the Type Filter Configuration on page 5-11.
Page 282: Network Wan Commands
Displays the NAT submenu, wherein Network Address Translations (NAT) can be defined. Goes to the VPN submenu, where the AP-5131 VPN tunnel configuration can be set. Displays the Outbound Content Filtering submenu, where data types can be included/excluded from AP-5131 throughput.
Page 283 PPPoE Password : ******* PPPoE keepalive mode : enable PPPoE Idle Time : 600 PPPoE Authentication Type : chap admin(network.wan)> For an overview of the AP-5131 WAN configuration options available using the applet (GUI), see Configuring WAN Settings on page 5-13.
Page 284 JohnDoe admin(network.wan)>set pppoe passwd @#$goodpassword%$# admin(network.wan)>set pppoe ka enable admin(network.wan)>set pppoe idle 600 For an overview of the AP-5131 WAN configuration options available using the applet (GUI), see Configuring WAN Settings on page 5-13.
Page 285: Network Wan Nat Commands
Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI. For an overview of the AP-5131 NAT configuration options available using the applet (GUI), see Configuring Network Address Translation (NAT) Settings on page 5-18.
Page 286 : Port Forwarding unspecified port forwarding mode : enable unspecified port fwd. ip address : 111.223.222.1 admin(network.wan.nat)> For an overview of the AP-5131 NAT options available using the applet (GUI), see Configuring Network Address Translation (NAT) Settings on page 5-18.
Page 287 Inbound Mappings : Port Forwarding unspecified port forwarding mode : disable unspecified port fwd. ip address : 111.223.222.1 For an overview of the AP-5131 NAT options available using the applet (GUI), see Configuring Network Address Translation (NAT) Settings on page 5-18.
Page 288 Deletes one of the inbound NAT entries from the list. list Displays the list of inbound NAT entries. For an overview of the AP-5131 NAT options available using the applet (GUI), see Configuring Network Address Translation (NAT) Settings on page...
Page 289 Adds entries to the list of inbound NAT entries. list Displays the list of inbound NAT entries. For an overview of the AP-5131 NAT options available using the applet (GUI), see Configuring Network Address Translation (NAT) Settings on page 5-18.
Page 290 Deletes inbound NAT entries from the list. Adds entries to the list of inbound NAT entries. For an overview of the AP-5131 NAT options available using the applet (GUI), see Configuring Network Address Translation (NAT) Settings on page 5-18.
Page 291: Network Wan, Vlan Commands
Goes to the parent menu. Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI. For an overview of the AP-5131 VPN options available using the applet (GUI), see Configuring VPN Tunnels on page 6-33.
Page 292 8-44 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.vpn)> add Description: Adds a VPN tunnel entry. Syntax: <name> <LWanIP> <RSubnetIP> <RSubnetMask <RGatewayIP> Creates a tunnel <name> (1 to 13 characters) to gain access through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP>...
Page 293 Command Line Interface Reference 8-45 AP5131>admin(network.wan.vpn)> set Description: Sets VPN entry parameters. Syntax: set type <name> <tunnel type> Sets the tunnel type <name> to Auto Manual for the specified tunnel name. authalgo <name> <authalgo> Sets the authentication algorithm for <name> to (None, MD5, or SHA1).
Page 294 8-46 AP-5131 Access Point Product Reference Guide salife <name> <lifetime> Defines the name of the tunnnel <name> the Security Association Life Time <300-65535> applies to in seconds. opmode <name> <opmode> Sets the Operation Mode of IKE for <name> to Main or Aggr(essive).
Page 295 Command Line Interface Reference 8-47 AP5131>admin(network.wan.vpn)> delete Description: Deletes VPN tunnel entries. Syntax: delete Deletes all VPN entries. <name> Deletes VPN entries <name>. Example: admin(network.wan.vpn)>list -------------------------------------------------------------------------- Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP -------------------------------------------------------------------------- Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 SJSharkey...
Page 296 8-48 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.vpn)> list Description: Lists VPN tunnel entries. Syntax: list <cr> Lists all tunnel entries. <name> Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name of...
Page 297 Command Line Interface Reference 8-49 AP5131>admin(network.wan.vpn)> reset Description: Resets all of the AP-5131’s VPN tunnels. Syntax: reset Resets all VPN tunnels. Example: admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)> For information on configuring VPN using the applet (GUI), see Configuring VPN Tunnels on page...
Page 298 8-50 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.vpn)> stats Description: Lists statistics for all active tunnels. Syntax: stats Display statistics for all VPN tunnels. Example: admin(network.wan.vpn)>stats ----------------------------------------------------------------------------- Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) ----------------------------------------------------------------------------- Eng2EngAnnex Not Active SJSharkey Not Active...
Page 299 Command Line Interface Reference 8-51 AP5131>admin(network.wan.vpn)> ikestate Description: Displays statistics for all active tunnels using Internet Key Exchange (IKE). Syntax: ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key. Example: admin(network.wan.vpn)>ikestate ----------------------------------------------------------------------...
Page 300: Network Wan App Commands
8-52 AP-5131 Access Point Product Reference Guide 8.3.2.3 Network WAN App Commands AP5131>admin(network.wan.app)> Description: Displays the outbound content filtering submenu. The items available under this command are shown below. addcmd Adds app control commands to the deny list. delcmd Deletes app control commands from the deny list.
Page 301 Command Line Interface Reference 8-53 AP5131>admin(network.wan.app)> addcmd Description: Adds app control commands to the deny list. Syntax: addcmd file <filename>.<ext> Denies specified web file name. <filename> can be up to 15 characters and "*" can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java).
Page 302 8-54 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wan.app)> delcmd Description: Deletes application control commands from the deny list. Syntax: delcmd file <filename>.<ext> Deletes specified web file name from deny list. <filename> can be up to 15 characters and "*" can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java).
Page 303 Command Line Interface Reference 8-55 AP5131>admin(network.wan.app)> list Description: Lists the app control records. Syntax: list Lists Web/HTTP app control settings. Lists FTP app control settings. smtp Lists SMTP app control record. Example: admin(network.wan.app)>list web HTTP Files/Commands Web Proxy : deny ActiveX : deny filename...
Page 304: Network Wireless Commands
Displays the security submenu used to create encryption and authentication based security policies for use with AP-5131 WLANs. Displays to the Access Control List (ACL) submenu to restrict or allow MU access to AP-5131 WLANs. radio Displays the radio configuration submenu used to specify how the 802.11a or 802.11b/g radio is used with specific WLANs.
Page 305: Network Wlan Commands
Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI. For an overview of the Wireless configuration options available to the AP-5131 using the applet (GUI), see Enabling Wireless LANs (WLANs) on page 5-22.
Page 306 8-58 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.wlan)> show Description: Displays the AP-5131’s current WLAN configuration. Syntax: show summary Displays the current configuration for existing WLANs. wlan <number> Displays the configuration for the requested WLAN (WLAN 1 through 16). Example: admin(network.wireless.wlan)>show wlan 1...
Page 307 Enables or disables MUs associated to the same WLAN to not communicate with each other. sbeacon <mode> Enables or disables the AP-5131 from transmitting the ESSID in the beacon. bcast <mode> Enables or disables the AP-5131 from accepting broadcast IDs from MUs.
Page 308 8-60 AP-5131 Access Point Product Reference Guide admin(network.wireless.wlan.create)>show security ---------------------------------------------------------------------- Secu Policy Name Authen Encryption Associated WLANs ---------------------------------------------------------------------- 1 Default Manual no encrypt Front Lobby 2 WEP Demo Manual WEP 64 2nd Floor 3 Open Manual no encrypt 1st Floor admin(network.wireless.wlan.create)>show acl...
Page 309 Command Line Interface Reference 8-61 AP5131>admin(network.wireless.wlan)> edit Description: Edits the properties of an existing WLAN policy. Syntax: edit <index> Edits the properties of an existing WLAN policy. For information on editing a WLAN using the applet (GUI), see Creating/Editing Individual WLANs on page 5-24.
Page 310: Network Security Commands
Goes to the parent menu. Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI. For information the security configuration options available to the AP-5131 using the applet (GUI), see Configuring Security Options on page 6-2.
Page 311 Command Line Interface Reference 8-63 AP5131>admin(network.wireless.security)> show Description: Displays the AP-5131’s current security configuration. Syntax: show summary Displays list of existing security policies (1-16). policy <id> Displays the specified security policy <id>. Example: admin(network.wireless.security)>show summary ---------------------------------------------------------------------- Secu Policy Name Authen...
Page 312 8-64 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.security)> create Description: Defines the parameter of AP-5131 security policies.
Page 313 Command Line Interface Reference 8-65 Syntax: create Defines the parameters of a security policy. show Displays new or existing security policy parameters. sec-name <name> Sets the name of the security policy. auth <authtype> Sets the authentication type for WLAN <idx> to <type>...
Page 314 8-66 AP-5131 Access Point Product Reference Guide retry <number> Sets the maximum number of reauthentication retries <retry> (1-99). accounting mode <mode> Enable or disable Radius accounting. timeout <period> Defines MU timout period in seconds (1-255). retry <number> Sets the maximum number of MU retries to <retry>...
Page 315 Command Line Interface Reference 8-67 index <key index> Selects the WEP/KeyGuard key (from one of the four potential values of <key index> (1-4). hex-key <kidx> <key string> Sets the WEP/KeyGuard key for key index <kidx> (1-4) for WLAN <kidx> to <key string>. ascii-key <kidx>...
Page 316 AP-5131 Access Point Product Reference Guide add-policy Adds the policy and exits. Disregards the policy creation and exits the CLI session. For information on configuring the encryption and authentication options available to the AP-5131 using the applet (GUI), see Configuring Security Options on page 6-2.
Page 317 Policy Name : Default Authentication : Manual Pre-shared key/No Authentication Encryption type : no encryption For information on configuring the encryption and authentication options available to the AP-5131 using the applet (GUI), see Configuring Security Options on page 6-2.
Page 318 <sec-name> Removes the specified security policy for the list supported. <all> Removes all security policies except the default policy. For information on configuring the encryption and authentication options available to the AP-5131 using the applet (GUI), see Configuring Security Options on page 6-2.
Page 319: Network Acl Commands
Command Line Interface Reference 8-71 8.3.3.3 Network ACL Commands AP5131>admin(network.wireless.acl)> Description: Displays the AP-5131 Mobile Unit Access Control List (ACL) submenu. The items available under this command include: show Displays the AP-5131’s current ACL configuration. create Creates an MU ACL policy.
Page 320 : Front Lobby Policy Mode : allow ----------------------------------------------------------------------------- index start mac end mac ----------------------------------------------------------------------------- 00A0F8348787 00A0F8348798 For information on configuring the ACL options available to the AP-5131 using the applet (GUI), see Configuring a WLAN Access Control List (ACL) on page 5-29.
Page 321 00A0F8334455 00A0F8334455 00A0F8400000 00A0F8402001 admin(network.wireless.acl.create)>set name engineering admin(network.wireless.acl.create)>set mode deny admin(network.wireless.acl.create)>add addr 00A0F843AABB admin(network.wireless.acl.create)>add-policy For information on configuring the ACL options available to the AP-5131 using the applet (GUI), see Configuring a WLAN Access Control List (ACL) on page 5-29.
Page 322 Completes the changes made and exits the session. Cancels the changes made and exits the session. For information on configuring the ACL options available to the AP-5131 using the applet (GUI), see Configuring a WLAN Access Control List (ACL) on page...
Page 323 <acl name> <index> Deletes a partilcular MU ACL policy. Deletes all MU ACL policies. For information on configuring the ACL options available to the AP-5131 using the applet (GUI), see Configuring a WLAN Access Control List (ACL) on page 5-29.
Page 324: Network Radio Configuration Commands
8-76 AP-5131 Access Point Product Reference Guide 8.3.3.4 Network Radio Configuration Commands AP5131>admin(network.wireless.radio)> Description: Displays the AP-5131 Radio submenu. The items available under this command include: show Summarizes AP-5131 radio parameters at a high-level. Defines the AP-5131 radio configuration. radio1 Displays the 802.11b/g radio submenu.
Page 325 : Radio 2 Radio Mode : enable RF Band of Operation : 802.11a (5 GHz) For information on configuring the Radio Configuration options available to the AP-5131 using the applet (GUI), see Setting the WLAN’s Radio Configuration on page 5-36.
Page 326 : Radio 2 Radio Mode : disable RF Band of Operation : 802.11a (5 GHz) For information on configuring the Radio Configuration options available to the AP-5131 using the applet (GUI), see Setting the WLAN’s Radio Configuration on page 5-36.
Page 327 Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI. For information on configuring Radio 1 Configuration options available to the AP-5131 using the applet (GUI), see Setting the WLAN’s Radio Configuration on page 5-36.
Page 328 8-80 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.radio1)> show Description: Displays specific 802.11b/g radio settings. Syntax: show radio Displays specific 802.11b/g radio settings. Displays specific 802.11b/g radio WMM QoS settings. Example: admin(network.wireless.radio.radio1)>show radio Radio Setting Information Placement : indoor MAC Address...
Page 329 Access Category CWMin CWMax AIFSN TXOPs ----------------------------------------------------------------------------- Background 1023 Best Effort Video Voice For information on configuring the Radio 1 Configuration options available to the AP-5131 using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
Page 330 125 admin(network.wireless.radio.802-11bg)>set qos cwmax 255 admin(network.wireless.radio.802-11bg)>set qos aifsn 7 admin(network.wireless.radio.802-11bg)>set qos txops 0 For information on configuring the Radio 1 Configuration options available to the AP-5131 using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
Page 331 Command Line Interface Reference 8-83 AP5131>admin(network.wireless.radio.802-11bg.advanced)> Description: Displays the advanced submenu for the 802.11b/g radio. The items available under this command include: Syntax: show Displays advanced radio settings for the 802.11b/g radio. Defines advanced parameters for the 802.11b/g radio. Goes to the parent menu. Goes to the root menu.
Page 332 Office Open good configuration is ok ----------------------------------------------------------------------------- BSSID Primary WLAN ----------------------------------------------------------------------------- Lobby Office For information on configuring Radio 1 Configuration options available to the AP-5131 using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
Page 333 <wlan name> Sets the BSSID to primary WLAN definition. Example: admin(network.wireless.radio.802-11bg.advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11bg.advanced)>set bss 1 demoroom For information on configuring Radio 1 Configuration options available to the AP-5131 using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
Page 334 8-86 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.802-11a)> Description: Displays a specific 802.11a radio submenu. The items available under this command include: Syntax: show Displays 802.11a radio settings Defines specific 802.11a radio parameters. advanced Displays the Advanced radio settings submenu.
Page 335 Command Line Interface Reference 8-87 AP5131>admin(network.wireless.radio.802-11a)> show Description: Displays specific 802.11a radio settings. Syntax: show radio Displays specific 802.11a radio settings. Displays specific 802.11a radio WMM QoS settings. Example: admin(network.wireless.radio.802-11a)>show radio Radio Setting Information Placement : indoor MAC Address : 00A0F8715920 Radio Type : 802.11a Channel Setting...
Page 336 ----------------------------------------------------------------------------- Access Category CWMin CWMax AIFSN TXOPs ----------------------------------------------------------------------------- Background 1023 Best Effort Video Voice For information on configuring Radio 2 Configuration options available to the AP-5131 using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
Page 337 125 admin(network.wireless.radio.802-11a)>set qos cwmax 255 admin(network.wireless.radio.802-11a)>set qos aifsn 7 admin(network.wireless.radio.802-11a)>set qos txops 0 For information on configuring the Radio 2 Configuration options available to the AP-5131 using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
Page 338 8-90 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.radio.802-11a.advanced)> Description: Displays the advanced submenu for the 802-11a radio. The items available under this command include: Syntax: show Displays advanced radio settings for the 802-11a radio. Defines advanced parameters for the 802-11a radio.
Page 339 Office Open good configuration is ok ----------------------------------------------------------------------------- BSSID Primary WLAN ----------------------------------------------------------------------------- Lobby Office For information on configuring the Radio 2 Configuration options available to the AP-5131 using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
Page 340 <wlan name> Sets the BSSID to primary WLAN definition. Example: admin(network.wireless.radio.802-11a.advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11a.advanced)>set bss 1 demoroom For information on configuring Radio 2 Configuration options available to the AP-5131 using the applet (GUI), see Configuring the 802.11a or 802.11b/g Radio on page 5-38.
Page 341: Network Quality Of Service (Qos) Commands
Command Line Interface Reference 8-93 8.3.3.5 Network Quality of Service (QoS) Commands AP5131>admin(network.wireless.qos)> Description: Displays the AP-5131 Quality of Service (QoS) submenu. The items available under this command include: show Displays AP-5131 QoS policy information. create Defines the parameters of the QoS policy.
Page 342 Multicast address 1 01005E000000 Multicast address 2 09000E000000 WMM QOS Extension Mode disable For information on configuring the WLAN QoS options available to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page 5-31.
Page 343 Completes the policy creation and exits the CLI session. Cancels the QoS policy creation and exits the CLI session. For information on configuring the WLAN QoS options available to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page...
Page 344 Completes the policy edit and exits the session. Cancels the changes and exits. For information on configuring the WLAN QoS options available to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page...
Page 345 <qos-name> Deletes the specified QoS polciy index, or all of the policies. <all> For information on configuring the WLAN QoS options available to the AP-5131 using the applet (GUI), see Setting the WLAN Quality of Service (QoS) Policy on page...
Page 346: Network Bandwith Management Commands
8.3.3.6 Network Bandwith Management Commands AP5131>admin(network.wireless.bandwidth)> Description: Displays the AP-5131 Bandwidth Management submenu. The items available under this command include: show Displays Bandwidth Management information for how data is processed by the AP-5131. Defines Bandwidth Management parameters for the AP-5131.
Page 347 Displays the current Bandwidth Management configuration for defined WLANs and how they are weighted. Example: admin(network.wireless.bandwidth)>show Bandwidth Share Mode : First In First Out For information on configuring the Bandwidth Management options available to the AP-5131 using the applet (GUI), see Configuring Bandwidth Management Settings on page 5-45.
Page 348 Assigns a bandwidth share allocation for the WLAN <index 1- 16 > when Weighted Round Robin <wrr> is selected. The weighting is from 1-10. For information on configuring the Bandwidth Management options available to the AP-5131 using the applet (GUI), see Configuring Bandwidth Management Settings on page...
Page 349: Network Rogue-Ap Commands
8.3.3.7 Network Rogue-AP Commands AP5131>admin(network.wireless.rogue-ap)> Description: Displays the Rogue AP submenu. The items available under this command include: show Displays the current AP-5131 Rogue AP detection configuration. Defines the Rogue AP detection method. mu-scan Goes to the Rogue AP mu-uscan submenu. allowed-list Goes to the Rogue AP Allowed List submenu.
Page 350 : 11bg Auto Authorize Symbol APs : disable Approved APs age out Rogue APs age out For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Page 351 Auto Authorize Symbol APs : enable Approved AP age out : 10 Rogue AP age out : 10 For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Page 352 8-104 AP-5131 Access Point Product Reference Guide AP5131>admin(network.wireless.rogue-ap.mu-scan)> Description: Displays the Rogue-AP mu-scan submenu. Syntax: start Initiates scan immediately by the MU. show Displays all APs located by the MU scan. Goes to the parent menu. Goes to the root menu.
Page 353 Initiates an MU scan from a user provided MAC address. Syntax: start <mu-mac> Initiates MU scan from user provided MAC address. For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Page 354 Displays the results of an MU scan. Syntax: show Initiates MU scan from user provided MAC address. For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Page 355 Command Line Interface Reference 8-107 AP5131>admin(network.wireless.rogue-ap.allowed-list)> Description: Displays the Rogue-AP allowed-list submenu. show Displays the rogue AP allowed list Adds an AP MAC address and ESSID to the allowed list. delete Deletes an entry or all entries from the allowed list. Goes to the parent menu.
Page 356 Displays the rogue-AP allowed list. Example: admin(network.wireless.rogue-ap.allowed-list)>show ----------------------------------------------------------------------------- index essid ----------------------------------------------------------------------------- 00:A0:F8:71:59:20 00:A0:F8:33:44:55 00:A0:F8:40:20:01 Marketing For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Page 357 ESSID. <ess-id> Example: admin(network.wireless.rogue-ap.allowed-list)>add 00A0F83161BB 103 admin(network.wireless.rogue-ap.allowed-list)>show ----------------------------------------------------------------------------- index essid ----------------------------------------------------------------------------- 00:A0:F8:71:59:20 00:A0:F8:33:44:55 00:A0:F8:40:20:01 Marketing 00:A0:F8:31:61:BB For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Page 358 <idx> Deletes an AP MAC address and ESSID (or all addresses) from the allowed list. <all> For information on configuring the Rogue AP options available to the AP-5131 using the applet (GUI), see Configuring Rogue AP Detection on page 6-51.
Page 359: Network Firewall Commands
Command Line Interface Reference 8-111 8.3.4 Network Firewall Commands AP5131>admin(network.firewall)> Description: Displays the AP-5131 firewall submenu. The items available under this command include: show Displays the AP-5131’s current firewall configuration. Defines the AP-5131’s firewall parameters. access Enables/disables firewall permissions through the LAN and WAN ports.
Page 360 : enable mime flood attack filter : enable max mime header length : 8192 max mime headers : 16 For information on configuring the Firewall options available to the AP-5131 using the applet (GUI), see Configuring Firewall Settings on page 6-25.
Page 361 Command Line Interface Reference 8-113 AP5131>admin(network.firewall)> set Description: Defines the AP-5131 firewall parameters. Syntax: set mode <mode> Enables or disables the firewall. nat-timeout <interval> Defines the NAT interval. override <mode> Enables or disables subnet access override. <mode> Enables or disables SYN flood attack check.
Page 362 ----------------------------------------------------------------------------- index from name prot start port end port ----------------------------------------------------------------------------- HTTP 123456 1440 2048 654321 2048 2048 1000 For information on configuring the Firewall options available to the AP-5131 using the applet (GUI), see Configuring Firewall Settings on page 6-25.
Page 363 Command Line Interface Reference 8-115 AP5131>admin(network.firewall)> advanced Description: Displays whether an AP-5131 firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface.. Syntax: import Imports rules from LAN to WAN access. inbound Goes to the Inbound Firewall Rules submenu.
Page 364: Network Router Commands
8-116 AP-5131 Access Point Product Reference Guide 8.3.5 Network Router Commands AP5131>admin(network.router)> Description: Displays the router submenu. The items available under this command are: Adds user-defined routes. delete Deletes user-defined routes. list Lists user-defined routes. show Displays the existing AP-5131 router configuration.
Page 365 ---------------------------------------------------------------------------- 192.168.2.0 255.255.255.0 0.0.0.0 192.168.1.0 255.255.255.0 0.0.0.0 192.168.0.0 255.255.255.0 0.0.0.0 192.168.24.0 255.255.255.0 0.0.0.0 157.235.19.5 255.255.255.0 192.168.24.1 For information on configuring the Router options available to the AP-5131 using the applet (GUI), see Configuring Router Settings on page 5-47.
Page 366 192.168.2.100 255.255.255.0 192.168.2.1 LAN 1 admin(network.router)>list ---------------------------------------------------------------------------- index destination netmask gateway interface metric ---------------------------------------------------------------------------- 192.168.2.100 255.255.255.0 192.168.2.1 For information on configuring the Router options available to the AP-5131 using the applet (GUI), see Configuring Router Settings on page 5-47.
Page 367 2 admin(network.router)>list ------------------------------------------------------------------ index destination netmask gateway interface metric ------------------------------------------------------------------ 192.168.2.0 255.255.255.0 0.0.0.0 192.168.0.0 255.255.255.0 0.0.0.0 admin(network.router)> For information on configuring the Router options available to the AP-5131 using the applet (GUI), see Configuring Router Settings on page 5-47.
Page 368 ---------------------------------------------------------------------------- index destination netmask gateway interface metric ---------------------------------------------------------------------------- 192.168.2.0 255.255.255.0 0.0.0.0 192.168.1.0 255.255.255.0 0.0.0.0 192.168.0.0 255.255.255.0 0.0.0.0 For information on configuring the Router options available to the AP-5131 using the applet (GUI), see Configuring Router Settings on page 5-47.
Page 369: System Commands
Displays last debug password. exec Goes to a Linux command menu. access Goes to the AP-5131 access submenu where AP-5131 access methods can be enabled. cmgr Goes the Certificate Manager submenu. snmp Goes to the SNMP submenu. Goes to the Network Time Protocol submenu.
Page 370 Press escape key to run boot firmware ..Power On Self Test testing ram : pass testing nor flash : pass testing nand flash : pass testing ethernet : pass For information on restarting the AP-5131 using the applet (GUI), see Configuring System Settings on page 4-2.
Page 371 Command Line Interface Reference 8-123 AP5131>admin(system)>show Description: Displays high-level AP-5131 system information. Syntax: show Displays AP-5131 system information. Example: admin(system)>show system name : BldgC system location : Atlanta Field Office admin email address : johndoe@mycompany.com system uptime : 0 days 4 hours 41 minutes...
Page 372 Sets the AP-5131 system name to <name> (1 to 59 characters). <loc> Sets the AP-5131 system location to <loc> (1 to 59 characters). email <email> Sets the AP-5131 admin email address to <email> (1 to 59 characters). <code> Sets the AP-5131 country code using two-letters <code>. Example: admin(system)>show...
Page 373: System Debug And Last Password Commands
Command Line Interface Reference 8-125 8.4.1 System Debug and Last Password Commands AP5131>admin(system)>debug Description: Accesses AP-5131 debug information. This information is designed for field service use only, and should not be used by unqualified personnel. Example: admin(system)>debug Debug Password: AP-5131...
Page 374: System Access Commands
Displays AP-5131 system access capabilities. Goes to the AP-5131 system access submenu. Goes to the parent menu. Goes to the root menu. save Saves the current configuration to the AP-5131 system flash. quit Quits the CLI and exits the current session.
Page 375 Command Line Interface Reference 8-127 AP5131>admin(system.access)>set Description: Defines the permissions to access the AP-5131 applet, CLI, SNMP as well as defining their timeout values. Syntax: set applet Defines the applet HTTP/HTTPS access parameters for the LAN port. applet Defines the applet HTTP/HTTPS access parameters for the WAN port app-timeout <minutes>...
Page 376 : enable admin authentication mode : local Related Commands: Defines the AP-5131 system access capabilities and timeout values. For information on configuring AP-5131 access settings using the applet (GUI), see Configuring Data Access on page 4-5.
Page 377: System Certificate Management Commands
Command Line Interface Reference 8-129 8.4.3 System Certificate Management Commands AP5131>admin(system)>cmgr Description: Displays the Certificate Manager submenu. The items available under this command include: genreq Generates a Certificate Request. delself Deletes a Self Certificate. loadself Loads a Self Certificate signed by CA. listself Lists the self certificate loaded.
Page 378 8-130 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> genreq Description: Generates a certificate request. Syntax: genreq <IDname> <Subject> [-ou <OrgUnit>] [-on <OrgName>] [-cn <City>] [-st <State>] ..[-p <PostCode>] [-cc <CCode>] [-e <Email>] [-d <Domain>] [-i <IP>]...
Page 379 Command Line Interface Reference 8-131 AP5131>admin(system.cmgr)> delself Description: Deletes a self certificate. Syntax: delself <IDname> Deletes the self certificate named <IDname>. Example: admin(system.cmgr)>delself MyCert2 For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates on page 4-9.
Page 380 8-132 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> loadself Description: Loads a self certificate signed by the Certificate Authority. Syntax: loadself <IDname> Load the self certificate signed by the CA with name <IDname>. For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates on page 4-9.
Page 381 Command Line Interface Reference 8-133 AP5131>admin(system.cmgr)> listself Description: Lists the loaded self certificates. Syntax: listself Lists all self certificates that are loaded. For information on configuring self certificate settings using the applet (GUI), see Creating Self Certificates on page 4-9.
Page 382 8-134 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> loadca Description: Loads a trusted certificate from the Certificate Authority. Syntax: loadca Loads the trusted certificate (in PEM format) that is pasted into the command line. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
Page 383 Command Line Interface Reference 8-135 AP5131>admin(system.cmgr)> delca Description: Deletes a trusted certificate. Syntax: delca <IDname> Deletes the trusted certificate. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
Page 384 8-136 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> listca Description: Lists the loaded trusted certificate. Syntax: listca Lists the loaded trusted certificates. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
Page 385 Command Line Interface Reference 8-137 AP5131>admin(system.cmgr)> showreq Description: Displays a certificate request in PEM format. Syntax: showreq <IDname> Displays a certificate request named <IDname> generated from the genreq command. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
Page 386 8-138 AP-5131 Access Point Product Reference Guide AP5131>admin(system.cmgr)> delprivkey Description: Deletes a private key. Syntax: delprivkey <IDname> Deletes private key named <IDname>. For information on configuring certificate settings using the applet (GUI), see Creating Self Certificates on page 4-9.
Page 387 Command Line Interface Reference 8-139 AP5131>admin(system.cmgr)> listprivkey Description: Lists the names of private keys. Syntax: listprivkey Lists all private keys. For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.
Page 388: System Snmp Commands
8-140 AP-5131 Access Point Product Reference Guide 8.4.4 System SNMP Commands AP5131>admin(system)> snmp Description: Displays the SNMP submenu. The items available under this command are shown below. access Goes to the SNMP access submenu. traps Goes to the SNMP traps submenu.
Page 389: System Snmp Access Commands
Command Line Interface Reference 8-141 8.4.4.1 System SNMP Access Commands AP5131>admin(system.snmp.access) Description: Displays the SNMP Access menu. The items available under this command are shown below. show Shows SNMP v3 engine ID. Adds SNMP access entries. delete Deletes SNMP access entries. list Lists SNMP access entries.
Page 390 8-142 AP-5131 Access Point Product Reference Guide AP5131>admin(system.snmp.access)> show Description: Shows the SNMP v3 engine ID. Syntax: show Shows the SNMP v3 Engine ID. Example: admin(system.snmp.access)>show eid AP-5131 snmp v3 engine id : 000001846B8B4567F871AC68 admin(system.snmp.access)> For information on configuring SNMP access settings using the applet (GUI), see Configuring SNMP Access Control on page 4-17.
Page 391 Command Line Interface Reference 8-143 AP5131>admin(system.snmp.access)> add Description: Adds SNMP access entries for specific v1v2 and v3 user definitions. Syntax: add acl <ip1> <ip2> Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2> and as the ending IP address.
Page 392 8-144 AP-5131 Access Point Product Reference Guide AP5131>admin(system.snmp.access)> delete Description: Deletes SNMP access entries for specific v1v2 and v3 user definitions. Syntax: delete acl <idx> Deletes entry <idx> from the access control list. Deletes all entries from the access control list.
Page 393 Command Line Interface Reference 8-145 AP5131>admin(system.snmp.access)> list Description: Lists SNMP access entries. Syntax: list acl Lists SNMP access control list entries. v1v2c Lists SNMP v1/v2c configuration. <idx> Lists SNMP v3 user definition with index <idx>. Lists all SNMP v3 user definitions. Example: admin(system.snmp.access)>list acl ----------------------------------------------------------------...
Page 394: System Snmp Traps Commands
8-146 AP-5131 Access Point Product Reference Guide 8.4.4.2 System SNMP Traps Commands AP5131>admin(system.snmp.traps) Description: Displays the SNMP traps submenu. The items available under this command are shown below. show Shows SNMP trap parameters. Sets SNMP trap parameters. Adds SNMP trap entries.
Page 395 Command Line Interface Reference 8-147 AP5131>admin(system.snmp.traps)> show Description: Shows SNMP trap parameters. Syntax: show trap Shows SNMP trap parameter settings. rate-trap Shows SNMP rate-trap parameter settings. Example: admin(system.snmp.traps)>show trap SNMP MU Traps mu associated : enable mu unassociated : disable mu denied association : disable mu denied authentication...
Page 396 8-148 AP-5131 Access Point Product Reference Guide AP5131>admin(system.snmp.traps)> set Description: Sets SNMP trap parameters. Syntax: set mu-assoc enable/disable Enables/disables the MU associated trap. mu-unassoc enable/disable Enables/disables the MU unassociated trap. mu-deny-assoc enable/disable Enables/disables the MU association denied trap. mu-deny-auth enable/disable Enables/disables the MU authentication denied trap.
Page 397 Command Line Interface Reference 8-149 AP5131>admin(system.snmp.traps)> add Description: Adds SNMP trap entries. Syntax: add v1v2 <ip> <port> <comm> <ver> Adds an entry to the SNMP v1/v2 access list with the destination IP address set to <ip>, the destination UDP port set to <port>, the community string set to <comm>...
Page 398 8-150 AP-5131 Access Point Product Reference Guide AP5131>admin(system.snmp.traps)> delete Description: Deletes SNMP trap entries. Syntax: delete v1v2c <idx> Deletes entry <idx> from the v1v2c access control list. Deletes all entries from the v1v2c access control list. <idx> Deletes entry <idx> from the v3 access control list.
Page 399 Command Line Interface Reference 8-151 AP5131>admin(system.snmp.traps)> list Description: Lists SNMP trap entries. Syntax: list v1v2c Lists SNMP v1/v2c access entries. <idx> Lists SNMP v3 access entry <idx>. Lists all SNMP v3 access entries. Example: admin(system.snmp.traps)>add v1v2 203.223.24.2 162 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index...
Page 400: System Network Time Protocol (Ntp) Commands
AP-5131 Access Point Product Reference Guide 8.4.5 System Network Time Protocol (NTP) Commands AP5131>admin(system)> ntp Description: Displays the NTP menu. The correct network time is required for numerous functions to be configured accuaretly on the AP-5131. Syntax: show Shows NTP parameters settings.
Page 401 Command Line Interface Reference 8-153 P5131>admin(system.ntp)> show Description: Displays the NTP server configuration. Syntax: show Shows all NTP server settings. Example: admin(system.ntp)>show current time (UTC) : 2005-08-31 14:35:20 ntp mode : enable preferred server ip : 203.21.37.18 preferred server port : 123 first alternate server ip : 203.21.37.19...
Page 402 Sets the NTP sever IP address. port <idx> <port> Defines the port number. intrvl <period> Defines the clock synchronization interval used between the AP-5131 and the NTP server in minutes (15 - 65535). Example: admin(system.ntp)>set mode enable admin(system.ntp)>set server 203.21.37.18 admin(system.ntp)>set port 1 123 admin(system.ntp)>set intrvl 15...
Page 403: System Log Commands
Command Line Interface Reference 8-155 8.4.6 System Log Commands AP5131>admin(system)> logs Description: Displays the AP-5131 log submenu. Logging options include: Syntax: show Shows logging options. Sets log options and parameters. view Views system log. delete Deletes the system log. send Sends log to the designated FTP Server.
Page 404 8-156 AP-5131 Access Point Product Reference Guide AP5131>admin(system.logs)> show Description: Displays the current AP-5131 logging settings. Syntax: show Displays the logging options. Example: admin(system.logs)>show log level : L6 Info syslog server logging : enable syslog server ip address : 192.168.0.102 ftp/tftp server address : 192.168.0.101...
Page 405 Command Line Interface Reference 8-157 AP5131>admin(system.logs)> set Description: Sets log options and parameters. Syntax: level <level> Sets the level of the events that will be logged. All events with a level at or above <level> (L0-L7) will be saved to the system log. L0:Emergency L1:Alert L2:Critical...
Page 406 AP5131>admin(system.logs)> view Description: Displays the AP-5131 system log file. Syntax: view Displays the entire AP-5131 system log file. Example: admin(system.logs)>view 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance...
Page 407 Command Line Interface Reference 8-159 AP5131>admin(system.logs)> delete Description: Deletes the log files. Syntax: delete Deletes the AP-5131 system log file. Example: admin(system.logs)>delete For information on configuring logging settings using the applet (GUI), see Logging Configuration on page 4-28.
Page 408 8-160 AP-5131 Access Point Product Reference Guide AP5131>admin(system.logs)> send Description: Sends log and core file to an FTP Server. Syntax: send Sends the system log file via FTP to a location specified with the set command. Use the set command to set the FTP login and site information.
Page 409: System Configuration-Update Commands
Restores a partial default AP-5131 configuration. show Shows import/export parameters. Sets import/export AP-5131 configuration parameters. export Exports AP-5131 configuration to a designated system. import Imports configuration to the AP-5131. Goes to the parent menu. Goes to the root menu. save Saves the configuration to AP-5131 system flash.
Page 410 Restores the full AP-5131 factory default configuration. Syntax: default Restores the AP-5131 to the original (factory) configuration. Example: admin(system.cfg-update)>default Are you sure you want to default the configuration? <yes/no>: For information on importing/exporting AP-5131 configurations using the applet (GUI), see Importing/Exporting Configurations on page 4-30.
Page 411 Command Line Interface Reference 8-163 AP5131>admin(system.cfg-update)> partial Description: Restores a partial factory default configuration. The AP-5131’s LAN, WAN and SNMP settings are uneffected by the partial restore. Syntax: default Restores a partial AP-5131 configuration. Example: admin(system.cfg-update)>partial Are you sure you want to partially default the AP5131? <yes/no>:...
Page 412 Shows all import/export parameters. Example: admin(system.cfg-update)>show cfg filename : cfg.txt ftp/tftp server ip address : 192.168.0.101 ftp user name : myadmin ftp password : ******** For information on importing/exporting AP-5131 configurations using the applet (GUI), see Importing/Exporting Configurations on page 4-30.
Page 413 : cfg.txt ftp/tftp server ip address : 192.168.22.12 ftp user name : myadmin ftp password : ***** For information on importing/exporting AP-5131 configurations using the applet (GUI), see Importing/Exporting Configurations on page 4-30.
Page 414 Exports the AP-5131 configuration to the FTP server. Use the set command to set the server, user, password, and file name before using this command. tftp Exports the AP-5131 configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command. terminal Exports the AP-5131 configuration to a terminal.
Page 415 Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ] For information on importing/exporting AP-5131 configurations using the applet (GUI), see Importing/Exporting Configurations on page 4-30.
Page 416: Firmware Update Commands
Defines the AP-5131 firmware update parameters. update Executes the firmware update. Goes to the parent menu. Goes to the root menu. save Saves the current configuration to the AP-5131 system flash. quit Quits the CLI and exits the current session.
Page 417 : APFW.bin firmware path : /tftpboot/ ftp/tftp server ip address : 168.197.2.2 ftp user name : pkeegan ftp password : ******* For information on updating AP-5131 device firmware using the applet (GUI), see Updating Device Firmware on page 4-34.
Page 418 <mode> When enabled, updates device configuration file each time the confif file versions are found to be different between the AP-5131 and the specified LAN or WAN interface. iface <wan/lan> Defines the target interface for version updates if the fw-auto and/or cfg-auto options are enabled.
Page 419 Command Line Interface Reference 8-171 AP5131>admin(system.fw-update)>update Description: Executes the AP-5131 firmware update over the WAN or LAN port using either ftp or tftp. Syntax: update <mode><iface> Defines the ftp ot tftp mode used to conduct the firmware update. Specifies whether the update is executed over the AP-5131’s WAN or LAN interface <iface>.
Page 420: System Test Commands
AP-5131 Access Point Product Reference Guide 8.4.9 System Test Commands AP5131>admin(system.test)> Description: Displays the AP-5131 test submenu. The items available under this command include: show Displays the AP-5131 test options. Defines the parameters of an AP-5131 system test. Goes to the parent menu.
Page 421 Command Line Interface Reference 8-173 AP5131>admin(system.test)> show Description: Displays the AP-5131 test options. Syntax: show Displays the AP-5131 test options. Example: admin(system.test)>show half fc windows for ap100 val : [ 0x0000 ....0] broadcast in psp val : [ 0x0000 ....1.] drop bc pre wep val : [ 0x0000 ..
Page 422 8-174 AP-5131 Access Point Product Reference Guide AP5131>admin(system.test)> set Description: Defines the parameters of an AP-5131 system test. These commands are recommended for qualified technicians only. Syntax: set flow <mode> enable/disable Enables or disables flow control for the AP-5131. <mode>...
Page 423: Statistics Commands
Command Line Interface Reference 8-175 8.5 Statistics Commands AP5131>admin(stats) Description: Displays the AP-5131 statistics submenu. The items available under this command are: show Displays AP-5131 WLAN, MU, LAN and WAN statistics. send-cfg Sends a config file to all AP-5131’s within the known AP table.
Page 424 AP-5131 Access Point Product Reference Guide AP5131>admin(stats)> show Description: Displays AP-5131 system information. Syntax: show Displays stats for the AP-5131 WAN port. Displays stats for the AP-5131 LAN port wlan Displays WLAN status and statistics summary. s-wlan Displays status and statistics for an individual WLAN radio Displays a radio statistics transmit and receive summary.
Page 425 Copies the AP-5131’s configuration to the AP-5131s within the known AP table Example: admin(stats)>send-cfg admin(stats)> For information on copying the AP-5131 config to another AP-5131 with the same ESSID using the applet (GUI), see Viewing Known Access Point Statistics on page 7-26.
Page 426 8-178 AP-5131 Access Point Product Reference Guide AP5131>admin(stats)> clear Description: Clears the specified statistics counters to zero to begin new data calculations. Syntax: clear Clears WAN statistics counters. Clears LAN statistics counters. Clears all RF data. all-wlan Clears all WLAN summary information.
Page 427 Defines the Known AP index number of the target AP to flash. <stop/start> Begins or terminates the flash activity. Example: admin(stats)> admin(stats)>flash-all-leds 1 start Password ******** admin(stats)>flash-all-leds 1 stop admin(stats)> For information on flashing AP-5131 LEDs using the applet (GUI), see Viewing Known Access Point Statistics on page 7-26.
Page 428 8-180 AP-5131 Access Point Product Reference Guide AP5131>admin(stats)> echo Description: Defines the echo test values used to conduct a ping test to an associated MU. Syntax: list Defines echo test parameters and result. Determines echo test packet data. start Begins echoing the defined station.
Page 429 Command Line Interface Reference 8-181 AP5131>admin.stats.echo)> list Description: Lists echo test parameters and results. Syntax: list Lists echo test parameters and results. Example: admin(stats.echo)>list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 Number of MU Responses admin(stats.echo)>...
Page 430 8-182 AP-5131 Access Point Product Reference Guide AP5131>admin.stats.echo)>set Description: Defines the parameters of the echo test. Syntax: station <mac> Defines MU target MAC address. request <num> Sets number of echo packets to transmit (1-539). length <num> Determines echo packet length in bytes (1-539).
Page 431 Command Line Interface Reference 8-183 AP5131>admin.stats.echo)> start Description: Initiates the echo test. Syntax: start Initiates the echo test. Example: admin(stats.echo)>start admin(stats.echo)>list Station Address : 00A0F843AABB Number of Pings : 10 Packet Length : 100 Packet Data (in HEX) Number of MU Responses For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
Page 432 8-184 AP-5131 Access Point Product Reference Guide AP5131>admin(stats)> ping Description: Defines the ping test values used to conduct a ping test to an AP with the same ESSID. Syntax: ping list Defines ping test packet length. Determines ping test packet data.
Page 433 Command Line Interface Reference 8-185 AP5131>admin.stats.ping)> list Description: Lists ping test parameters and results. Syntax: list Lists ping test parameters and results. Example: admin(stats.ping)>list Station Address : 00A0F8213434 Number of Pings : 10 Packet Length : 10 Packet Data (in HEX) : 55 Number of AP Responses admin(stats.ping)>...
Page 434 8-186 AP-5131 Access Point Product Reference Guide AP5131>admin.stats.ping)> set Description: Defines the parameters of the ping test. Syntax: station Defines the AP target MAC address. request Sets number of ping packets to transmit (1-539). length Determines ping packet length in bytes (1-539).
Page 435 Command Line Interface Reference 8-187 AP5131>admin.stats.echo)> start Description: Initiates the ping test. Syntax: start Initiates the ping test. Example: admin(stats.ping)>start admin(stats.ping)>list Station Address : 00A0F843AABB Number of Pings : 10 Packet Length : 100 Packet Data (in HEX) Number of AP Responses For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-24.
Page 436 8-188 AP-5131 Access Point Product Reference Guide...
Page 437: Appendix A. Technical Specifications
Technical Specifications Technical specifications include specifications in the following areas: • Physical Characteristics • Electrical Characteristics • Radio Characteristics • Antenna Specifications • Country Codes A.1 Physical Characteristics The AP-5131 has the following physical characteristics:...
Page 438: Electrical Characteristics
Discharge 8kV (contact) @ 50% rh Drop Bench drop 36 inches to concrete (excluding side with connectors) A.2 Electrical Characteristics The AP-5131 has the following electrical characteristics: Operating Voltage 48Vdc (Nom) Operating Current 200mA (Peak) @ 48Vdc 170mA (Nom) @ 48Vdc...
Page 439: Radio Characteristics
A.4 Antenna Specifications The AP-5131 antenna suite has the following specifications: CAUTION Using an antenna other than the Dual-Band Antenna (Part No. ML- 2452-APA2-01) could render the AP-5131’s Rogue AP Detector Mode feature inoperable. Contact your Symbol sales associate for specific information.
Page 440: Ghz Antenna Matrix
AP-5131 Access Point Product Reference Guide A.4.1 2.4 GHz Antenna Matrix The following section describes each 2.4 GHz antenna approved for use with the AP-5131. Below is a table of each of these 2.4 GHz antennas and Symbol’s part number.
Page 441: Antenna Accessory Connectors, Cable Type And Length
50JK 15.24 RG-8 100JK 30.48 RG-8 A.5 Country Codes The following list of countries and their country codes is useful when using the AP-5131 configuration file, CLI or the MIB to configure the AP-5131: Country Code Country Code Argentina New Zealand...
Page 442 AP-5131 Access Point Product Reference Guide Bulgaria Qatar Canada Romania Chile Russian Federation Country Code Country Code China Saudi Arabia Colombia Singapore Costa Rica Slovak Republic Croatia Slovenia Cypress South Africa Czech Rep. South Korea Denmark Spain Ecuador Sri Lanka...
Page 443 Technical Specifications Jordan Kazakhanstan Kuwait Country Code Country Code Latvia Liechtenstein Lithuania Luxembourg Malaysia Malta Mexico Morocco Nambia Netherlands...
Page 444 AP-5131 Access Point Product Reference Guide...
Page 445: Appendix B. Customer Support
Customer Support Symbol Technologies provides its customers with prompt and accurate customer support. Use the Symbol Support Center as the primary contact for any technical problem, question or support issue involving Symbol products. If the Symbol Customer Support specialists cannot solve a problem, access to all technical disciplines within Symbol becomes available for further assistance and support.
Page 446 North American Contacts Inside North America: Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 Telephone: 1-631-738-2400/1-800-SCAN 234 Fax: 1-631-738-5990 Symbol Support Center (for warranty and service information): telephone: 1-800-653-5350 fax: (631) 738-5410 Email: support@symbol.com International Contacts Outside North America:...
Page 447 Customer Support Web Support Sites MySymbolCare http://www.symbol.com/services/msc Symbol Services Homepage http://symbol.com/services Symbol Software Updates http://symbol.com/services/downloads Symbol Developer Program http://software.symbol.com/devzone Additional Information Obtain additional information by contacting Symbol at: 1-800-722-6234, inside North America +1-516-738-5200, in/outside North America http://www.symbol.com/...
Page 448 AP-5131 Access Point Product Reference Guide...
Page 449 AP-5131 statistical displays..... 1-12 AP-5131 version ....... 4-3 access options .
Page 450 IN-6 AP-5131 Access Point Product Reference Guide basic device configuration ..... . . 3-3 CLI, WAN VLAN Commands .....8-43 beacon.
Page 451 ......7-19 mounting the AP-5131 ......2-11...
Page 452 WAN, configuring ......5-13 statistics, AP-5131 ......7-26 WAN, port forwarding .
Page 453 IN-9 WLAN, enabling......5-22 WPA2-CCMP (802.11i) ......1-8 WLAN, security .
Page 454 IN-10 AP-5131 Access Point Product Reference Guide...
Page 456 Symbol Technologies, Inc. One Symbol Plaza Holtsville, New York 11742-1300 http://www.symbol.com 72E-70930-01 Revision A - October 2005...