background image

Security

25

The following table describes the settings. To maintain wireless association, the

settings on clients and all the access points they associate with must

match exactly.

User Access List

If you configure an access point for 128-bit Dynamic Security Link, there must be

at least one entry in the User Access List. The User access List determines which

users are allowed access to the access point. You can define up to 1000 users.

To modify a password, click Change User Password. Select the user name and click

Change user password . In the next page, change the password in the spaces

provided and click OK. If you click Reset, the radio button is cleared and you can

choose another user name.

Setting

Description

No Security (Open System)

No encryption is used. The network communications could be

intercepted by unintended recipients.

40-bit Shared Key (Wi-Fi)

This option encrypts the wireless transmissions to protect

data, but still permits communication among compatible

wireless LAN clients and access points from third-party

manufacturers.
This type of security requires you to set up encryption in one

of the following ways:

An encryption string is a string of characters between 6

and 30 characters long. The string can be any combination

of letters and numbers and is case sensitive. The

encryption string can be used only with other

3Com 11 Mbps wireless PC Cards and AccessPo ints.

Hexadecimal keys are sequences of hexadecimal digits

arranged into four keys. A hexadecimal digit may be a

letter from A to F or a number from 0 to 9. This type of

encryption is compatible with equipment from other

manufacturers that use Wi-Fi certified 40-bit encryption.

128-bit Shared Encryption Key

Settings.

This option is compatible with 128-bit shared key including

from other vendors, including AirConnect, Agere, and Cisco.

The network administrator sets up encryption keys for the

wireless network and supplies users with an encryption string

or hexadecimal keys. You must set up encryption keys on

both the client and access point.

128-bit Dynamic Security Link

This is the highest level of security, requiring a user name and

password to access the wireless LAN. The user name and

password set up on the access point must match those set up

on the client. Each network session creates a unique,

one-time encryption code. If you choose this type of security,

you must also set up access control as described in “User

Access List” on page25.
If you check the Require Windows user authentication check

box, clients will be required to enter a user name and

password every time they associate with the network. If you

leave this box unchecked, the system will authenticate clients

based on the access control list and the saved passwords on

the clients.

Summary of Contents for 8000

Page 1: ...bp bps s s s W W W Wi i i ir r r re e e el l l le e e es s s ss s s s L L L LAN AN AN AN A A A Acc cc cc cce e e ess ss ss ss P P P Po o o oi i i in n n nt t t t 8000 8000 8000 8000 U U U Us s s se e e er r r r G G G Gu u u ui i i id d d de e e e Version 1 0 Published January 2002 Version 1 0 ...

Page 2: ... UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commerci...

Page 3: ... 8 Connecting Power 9 Connecting to an Ethernet Network 10 Checking the LEDs 10 Antenna Options 11 Omnidirectional Antenna 11 Ceiling Mount Omnidirectional Antenna 11 Ceiling Mount Hallway Antenna 12 Directional Panel Antenna 12 Connecting an Optional Antenna 13 3 ACCESS POINT SECURITY Security Configuration Options 15 Using the Wireless 802 1X Agent 16 Authentication and Login 16 802 1x Client Pr...

Page 4: ...tatistics 28 System Status 29 Restoring an Access Point to Factory Defaults 29 Interoperating with Third Party Equipment 29 5 CONDUCTING A SITE SURVEY Choosing Trial Locations 31 Environmental Requirements 31 Electrical Requirements 32 Summary of the Survey Procedure 32 Using the Site Survey Tool 32 Setting up Equipment 33 Launching the Tool 33 Configuring the Site Survey 33 Running the Tests 33 I...

Page 5: ...INDEX REGULATORY COMPLIANCE INFORMATION ...

Page 6: ......

Page 7: ...SSID Client computers can roam within the coverage areas of access points that have the same WLAN service areas Wireless and Wired Networks An access point can be connected to a wired LAN by an Ethernet cable acting as a bridge between the wired and wireless networks In this configuration the access point provides the link between the wired network and wireless clients Clients can move freely thro...

Page 8: ...EAP MD5 Clear channel select When initializing automatically scans the frequency spectrum and selects the channel with the least interference Power over Ethernet Powered over the Ethernet cable to reduce the number of cables Access point discovery Clients and network administrators can discover access points and ESSIDs within the same network segment The network administrator can also discover man...

Page 9: ...o Access Point Doing so may damage network components 6 After hardware installation is complete install the access point tools utilities and user guide from the installation CD 7 T o set access point security or configure the wireless network refer to Managing the Wireless LAN on page19 8 T o set up a wireless client to authenticate through the access point to your RADIUS server refer to Using the...

Page 10: ...conjunction with a RADIUS authentication server you must install this agent on each wireless client PC in the network On systems running Windows XP this agent is not required because 802 1x support is built into the operating system Install the 3Com Network Supervisor The 3Com Network Supervisor is a centralized network management software program It is not required for managing access points It i...

Page 11: ... panhead screws After hardware installation is complete Install the access point tools utilities and user guide from the installation CD Review the default system settings and ensure they are suitable for your site If required use the administrative utilities to change configuration parameters See Using the Configuration Management System on page21 For the latest networking information see the 3Co...

Page 12: ...ing the Standard Antenna The access point is supplied with standard detachable antennas These should be attached before the access point is installed 1 Carefully unpack the standard detachable antennas 2 Screw an antenna into each of the sockets in the access point housing 3 Hand tighten the antennas 4 Position the antennas so they turn out and away from the access point at a 45 degree angle As a ...

Page 13: ...Place the access point and adjust the antenna so that the arms point up and away from the access point at a 45 degree angle Mounting onaWall T o mount an access point on a wall follow the instructions on the mounting template supplied in the box and refer to the following illustration Preferably mount the access point near the ceiling above any obstructions that could block transmission Position t...

Page 14: ...them so they grip the T rail snugly Tighten the screws on the T rail grip Position the antenna so that the arms point down and away from the access point at a 45 degree angle NOTE After installation there may be some play in the fit of the T rail grips on the T rail This is likely due to the size of the T rails but should not prevent a secure grip R E S E T T O P O W E R S U P P LY P O W E R W I R...

Page 15: ...The access point is IEEE 802 3af compliant Before connecting the access point to your own power over Ethernet hub or switch ensure that your equipment also complies with the IEEE 802 3af standard When you connect the power make sure you connect the cable to the port labeled To Access Point on the power supply When the access point receives power the LEDs light CAUTION If you supply your own Ethern...

Page 16: ...H E R N E T W IR E L E S S P O W E R TO ACCESS POIN T TO HUB S W IT CH Ethernet Table 1 LED Description Power On Access point has power Off Access point is not receiving power Wireless Blinking The access point is operating The blink speed ranges from approximately once every 2 5 seconds to approximately 10 times per second depending on the signal strength and transmission speed Off The access poi...

Page 17: ...ing Mount Omnidirectional Antenna The ceiling mount omnidirectional antenna model number 3CWE492 is designed to cover large open areas It should be located at or near the center of the ceiling of a large open area such as an open office space divided into cubicles to provide uniform coverage in all directions It is mounted by means of a single hole stud mount and so can be fixed easily to drop cei...

Page 18: ...ith a gain of 8 dBi Depending on the country where the access point is being installed there may be transmit power restrictions When using this antenna in the United States Canada Mexico Argentina Brazil T aiwan Malaysia New Zealand Colombia India and Peru no transmission power restrictions apply In all other countries transmit power is limited to 100 MW You must manually select Low or Medium powe...

Page 19: ... page 32 for more information 1 Position the antenna so that there are minimal obstacles between it and any client with which it will communicate While maintaining a direct line of sight between the antenna and a client is not strictly necessary such an arrangement helps to ensure a strong signal Ensure that access is available for routing the antenna cable from the antenna to the access point 2 I...

Page 20: ......

Page 21: ...eys You must set up encryption keys on both the client and access point This option can be used with local access point authentication or with EAP MD5 RADIUS authentication 128 bit Shared Encryption Key Settings This option is compatible with 128 bit shared key from other vendors including 3Com AirConnect Agere and Cisco The network administrator sets up encryption keys for the wireless network an...

Page 22: ...tion Agent you will need a copy of the agent on each client computer with a RADIUS server account Clients that run Windows 95 98 ME NT or 2000 require the 802 1x client tool in order to authenticate to the server The Wireless Authentication Agent can be installed from the 3Com Administrator Utilities CD Clients running under Windows XP have 802 1x support enabled through the operating system and d...

Page 23: ...ndow is grayed out Use the Network Adapter field to select the network adapter to use for connections requiring authentication The list box lists all the network adapters found in the computer Use the Authentication Method field to specify the authentication method used for this connection The Wireless Authentication Agent supports two types of authentication EAP MD5 EAP Serial Authentication This...

Page 24: ......

Page 25: ...ion Management System The Configuration Management System resides on the access point and lets you configure that access point through your Web browser For instructions on accessing this tool see Selecting a Device below Starting the Device Manager Make sure that the 3Com Wireless Infrastructure Device Manager is installed The device to be configured must be either connected directly to the comput...

Page 26: ...elps you to assign an IP address on the same subnet as your computer You may accept the address offered or enter an address and click Next The next window prompts for an administrative password to allow the new IP address to be set If this is the first time the device is being configured leave the password field blank and click Next The Configuration Management System main page appears in your Web...

Page 27: ...er Internet Explorer 5 or higher or Netscape Communicator 6 or higher as a hierarchical structure of web pages The left hand frame contains a navigation tree You may select which page to view by clicking on the page names in the navigation tree The corresponding pages are displayed in the right frame of the window The Configuration Management System is password protected If you are starting it for...

Page 28: ...ge the access point WLAN service area make sure to change the client WLAN service area also 3Com Wireless Network Help File Location Web Server Help files are located on the network at the specified Help File Path Local Drive Help files are located on your computer at the specified Help File Path Local Drive Help File Path The location of the Configuration Management System help files on the web s...

Page 29: ...performance When equipment that does not support short preamble is also being used click Long Data Rate These settings configure the data rates used for wireless transmissions By default the access point selects the best data rate for the current connection If Automatically set the best data rate is selected the Data Rate cannot be selected manually Wireless DHCP Server If your wired network has a...

Page 30: ...power between High Medium and Low These settings may need to be adjusted for compatibility with different types of external antennas that have different gains These adjustments may be required to be legally compliant with the communications regulations in certain countries For example if you are using a high gain antenna such as the optional flat panel directional antenna model 3CWE498 in the Unit...

Page 31: ... and is case sensitive The encryption string can be used only with other 3Com 11 Mbps wireless PC Cards and AccessPo ints Hexadecimal keys are sequences of hexadecimal digits arranged into four keys A hexadecimal digit may be a letter from A to F or a number from 0 to 9 This type of encryption is compatible with equipment from other manufacturers that use Wi Fi certified 40 bit encryption 128 bit ...

Page 32: ...s the corresponding page where the community names can be set Identify one or two host machines to receive SNMP traps Identify which traps to send to the trap host or hosts TFTP Setup A TFTP server must be set up in order to perform firmware updates backups and restores The TFTP Setup screen identifies the TFTP server that will be used If you do not have a TFTP server you can install the one shipp...

Page 33: ...ctory on your computer 5 Copy or move the files to the TFTP server upload download directory Installing an Upgrade 1 In the Configuration Management System navigation tree underTools click Upgrade System 2 Select the items to upgrade T o upgrade the Web server file system click the Web Server File System check box T o upgrade firmware click the Access Point Firmware check box 3 Enter the upgrade f...

Page 34: ... statistics associated with the access point The values do not update dynamically but you can update them at any time by refreshing the display If you click on the Start Refresh button the refresh cycle begins and the values on the screen are updated according to a predefine polling rate RF Statistics Displays performance data for the radio transmissions to and from the access point The statistics...

Page 35: ...ess Point to Factory Defaults You can restore access point settings to the defaults that were set at the factory by inserting a pointed object such as the point of a ball point pen into the reset hole on the front near the RJ 45 connector and holding for five seconds Interoperating with Third Party Equipment Because 3Com 11 Mbps Wireless LAN equipment complies with IEEE 802 11 standards it can int...

Page 36: ......

Page 37: ...several trial locations for the access point and make a list of these locations For example you may wish to test the access point mounted on the ceiling on a desk and on a wall Look for locations in the center of the room and away from potential transmission barriers Consider the following environmental and electrical factors when you choose locations Environmental Requirements Look for installati...

Page 38: ...ated in the steps Set up the access point in the first trial location and set up a client in the first work area See Setting up Equipment on page 33 Launch the Site Survey tool configure the site survey and run the tests from the first work area See Launching the T ool on page 33 Configuring the Site Survey on page 33 and Running the Tests on page33 Move the client to the next work area and run th...

Page 39: ... listed in the Current AP field The Current AP field lists the access point MAC address and its WLAN service area If you need to change the access point click the ellipsis to bring up the Network Security window where you can select a different WLAN service area 2 Select the tests to perform Ping Currently Associated AP Finds the average round trip value in milliseconds of a ping to the access poi...

Page 40: ...to run When they are finished the results appear in the window 6 Repeat the tests in all of the client test locations Specify a unique name for each client test location 7 When you are finished testing the first access point location in all of the client test locations place the access point in the next location power it up and repeat the tests from the same client test locations Repeat this proce...

Page 41: ...on column You can sort this list in ascending or descending order by clicking th e PC Test Location column head Throughput This column lists the throughput in kilobytes per second for each pair of access point and client test locations Larger numbers indicate better throughput You can sort this list in ascending or descending order by clicking the Throughput column head Avg Ping RTT This column li...

Page 42: ...eview of how the printout will look Print Setup Set up the print page Exit Exit the Site Survey utility Table 3 Edit Delete Selected Items Deletes the currently selected row from the right hand pane Delete All From List Deletes all test results in the current survey Table 4 View Tool Bar Make the tool bar visible or invisible Status Bar Make the status bar visible or invisible Table 5 Run Start Te...

Page 43: ...the power brick Verify the network wiring and topology for proper configuration Check that the cables used are the proper type Access point powers up but does not associate with wireless clients Confirm that the WLAN service area on the access point matches that on the clients Verify that the clients are operating correctly Make sure that security settings on the access point match those on the cl...

Page 44: ...ee In the Access Point Management window click the Refresh button to refresh the Wireless Network Tree Then click the access point in the Wireless Network Tree and click Properties The IP address you specified is now listed If you want to continue configuring the access point click Configure Your wired LAN DHCP server malfunctions but the access point DHCP server fails to assign IP addresses If th...

Page 45: ...ormation such as technical documentation and software library as well as support options that range from technical education to maintenance and professional services 3Com Knowledgebase Web Services This interactive tool contains technical product information compiled by 3Com expert technical engineers around the globe Located on the World Wide Web at http knowledgebase 3com com this service gives ...

Page 46: ...ices To find out more about your support options call the 3Com technical telephone support phone number at the location nearest you When you contact 3Com for assistance have the following information ready Product model name part number and serial number A list of system hardware and software including revision levels Diagnostic error messages Details about recent configuration changes if applicab...

Page 47: ...Poland Portugal South Africa Spain Sweden Switzerland U K 0800 297468 0800 71429 800 17309 0800 113153 0800 917959 0800 1821502 06800 12813 1800 553117 1800 9453794 800 8 79489 0800 23625 0800 0227788 800 11376 00800 3111206 0800 831416 0800 995014 900 983125 020 795482 0800 55 3072 0800 966197 Latin America Brazil Mexico Puerto Rico Central and South America 0800 13 3266 01 800 849CARE 800 666 50...

Page 48: ...ico Paraguay Peru Uruguay Venezuela 0810 222 3266 511 241 1691 0800 133266 or 55 11 5643 2700 525 201 0004 562 240 6200 525 201 0004 525 201 0004 525 201 0004 525 201 0004 511 241 1691 525 201 0004 525 201 0004 From the following countries you may call the toll free numbers select option 2 and then option 2 Austria Belgium Denmark Finland France Germany Hungary Ireland Israel Italy Netherlands Nor...

Page 49: ...y equipment 29 IP address DHCP server 23 refreshing after changing 20 specifying 22 troubleshooting 38 L launching the device manager 19 LED access point 10 locating devices 19 20 M MAC address use in locating devices 19 20 N network supplier support 40 NIC choosing 20 No Security 25 nondedicated circuit recommendations 32 O online technical services 39 open system 25 P password changing administr...

Page 50: ......

Page 51: ...y one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from the one which the receiver is connected to Consult the dealer or an experienced radio TV technician for help The user may find the following booklet prepared by the Federal Communications Commi...

Page 52: ...ctrum modulation techniques ETS 300 826 Electromagnetic compatibility and Radio spectrum Matters ERM ElectroMagnetic Compatibility EMC standard for 2 4 GHz wideband transmission systems and HIgh PErformance Radio Local Area Network HIPERLAN equipment EN 60950 Safety of information technology equipment including electrical business equipment SAFETY COMPLIANCE NOTICE This device has been tested and ...

Reviews: