EliteConnect SMC2555W-AG, User Manual

Page 1: ...SMC2555W AG ...

Page 2: ......

Page 3: ...8 Tesla Irvine CA 92618 Phone 949 679 8000 EliteConnect Universal 2 4GHz 5GHz Wireless Access Point User Guide The easy way to make all your network connections September 2003 Revision Number R01 F2 0 5 ...

Page 4: ...its use No license is granted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2003 by SMC Networks Inc 38 Tesla Irvine CA 92618 All rights reserved Trademarks SMC is a registered trademark and EliteConnect are trademarks of SMC Networks Inc Other product and company names are trademarks or reg...

Page 5: ...s discretion replace an older product in its product line with one that incorporates these newer technologies At that point the obsolete product is discontinued and is no longer an Active SMC product A list of discontinued products with their respective dates of discontinuance can be found at http www smc com index cfm action customer_service_warranty All products that are replaced become the prop...

Page 6: ...O REPAIR OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE OR BY ACCIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY IN NO EVENT WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE SHALL SMC BE LIABLE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE LOSS OF BUSINESS OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH...

Page 7: ...receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help FCC Caution Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this ...

Page 8: ...f the Member States relating to Electromagnetic Compatibility and 73 23 EEC for electrical equipment used within certain voltage limits and the Amendment Directive 93 68 EEC For the evaluation of the compliance with these Directives the following standards were applied RFI Emission Limit class B according to EN 55022 1998 IEC 60601 1 2 EMC medical Limit class B for harmonic current emission accord...

Page 9: ...nschlußwerte 9 Verlegen Sie die Netzanschlußleitung so daß niemand darüber fallen kann Es sollte auch nichts auf der Leitung abgestellt werden 10 Alle Hinweise und Warnungen die sich am Gerät befinden sind zu beachten 11 Wird das Gerät über einen längeren Zeitraum nicht benutzt sollten Sie es vom Stromnetz trennen Somit wird im Falle einer Überspannung eine Beschädigung vermieden 12 Durch die Lüft...

Page 10: ...sgesetzt d Wenn das Gerät nicht der Bedienungsanleitung entsprechend funktioniert oder Sie mit Hilfe dieser Anleitung keine Verbesserung erzielen e Das Gerät ist gefallen und oder das Gehäuse ist beschädigt f Wenn das Gerät deutliche Anzeichen eines Defektes aufweist 15 Stellen Sie sicher daß die Stromversorgung dieses Gerätes nach der EN 60950 geprüft ist Ausgangswerte der Stromversorgung sollten...

Page 11: ...N for Roaming Wireless PCs 3 4 4 Initial Configuration 4 1 Initial Setup through the CLI 4 1 Required Connections 4 1 Initial Configuration Steps 4 2 Using Web based Management 4 4 5 System Configuration 5 1 Advanced Configuration 5 2 System Identification 5 4 TCP IP Settings 5 5 Radius 5 7 Authentication 5 9 Filter Control 5 13 SNMP 5 16 Administration 5 18 System Log 5 22 Radio Interface 5 25 Ra...

Page 12: ...tial Keyword Lookup 6 5 Negating the Effect of Commands 6 6 Using Command History 6 6 Understanding Command Modes 6 6 Exec Commands 6 7 Configuration Commands 6 7 Command Line Processing 6 8 Command Groups 6 10 General Commands 6 11 configure 6 11 end 6 12 exit 6 12 ping 6 13 reset 6 14 show history 6 14 show line 6 15 System Management Commands 6 16 prompt 6 17 system name 6 18 username 6 19 pass...

Page 13: ... enable server 6 34 snmp server host 6 35 snmp server location 6 36 show snmp 6 37 Flash File Commands 6 37 bootfile 6 38 copy 6 39 delete 6 40 dir 6 41 RADIUS Client 6 42 radius server address 6 43 radius server port 6 43 radius server key 6 44 radius server retransmit 6 44 radius server timeout 6 45 show radius 6 46 802 1x Port Authentication 6 47 802 1x 6 48 802 1x broadcast key refresh rate 6 ...

Page 14: ...ds 6 62 interface 6 65 dns server 6 66 ip address 6 67 ip dhcp 6 68 shutdown 6 69 speed duplex 6 70 show interface ethernet 6 71 description 6 71 closed system 6 72 speed 6 73 channel 6 74 turbo 6 75 ssid 6 76 beacon interval 6 76 dtim period 6 77 fragmentation length 6 78 rts threshold 6 79 authentication 6 80 encryption 6 81 key 6 82 transmit key 6 83 transmit power 6 84 max association 6 85 mul...

Page 15: ...4 B Cables and Pinouts B 1 Twisted Pair Cable Assignments B 1 10 100BASE TX Pin Assignments B 2 Straight Through Wiring B 3 Crossover Wiring B 3 Console Port Pin Assignments B 4 Wiring Map for Serial Cable B 4 Serial Cable Signal Directions for DB 9 Ports B 5 Serial Cable Signal Directions for DB 25 Ports B 5 C Specifications C 1 General Specifications C 1 Sensitivity C 4 Transmit Power C 5 Glossa...

Page 16: ...TABLE OF CONTENTS xii ...

Page 17: ...addition the access point offers full network management capabilities through an easy to configure web interface a command line interface for initial configuration and troubleshooting and support for Simple Network Management tools such as SMC s EliteView available in Q4 of 2003 Radio Characteristics The IEEE 802 11a g standard uses a radio modulation technique known as Orthogonal Frequency Divisi...

Page 18: ... band Access Point SMC2555W AG One Category 5 network cable One RS 232 console cable One 5 1 VDC power adapter and power cord Four rubber feet Three mounting screws One Documentation CD This User Guide Inform your dealer if there are any incorrect missing or damaged parts If possible retain the carton including the original packing materials Use them again to repack the product in case there is a ...

Page 19: ...Hardware Description 1 3 Hardware Description Front Panel Rear Panel Antennas Indicator Panel Security Slot Console Port RJ 45 Port PoE Connector Reset Button 5 VDC Power Socket ...

Page 20: ...ennas on page 2 2 LED Indicators The access point includes four status LED indicators as described in the following figure and table LED Status Description PWR On Indicates that power is being supplied Flashing Indicates running a self test loading software program Flashing Prolonged Indicates system errors Ethernet Link On Indicates a valid 10 100 Mbps Ethernet cable link Flashing Indicates that ...

Page 21: ...workstation running a VT 100 terminal emulator or a VT 100 terminal 11a On Indicates a valid 802 11a wireless link Very Slow Flashing Searching for network association Slow Flashing Associated with network but no activity Fast Flashing Indicates that the access point is transmitting or receiving data through wireless links Flashing rate is proportional to network activity 11g On Indicates a valid ...

Page 22: ...AN to remote workstations on the wireless infrastructure Note The RJ 45 port also supports Power over Ethernet PoE based on the IEEE 802 3af standard Refer to the description for the Power Connector for information on supplying power to the access point s network port from a network device such as a switch that provides Power over Ethernet PoE Reset Button This button is used to reset the access p...

Page 23: ...ocal network connection via 10 100 Mbps Ethernet ports or 54 Mbps wireless interface supporting up to 64 mobile users IEEE 802 11a 802 11b and 802 11g compliant Advanced security through 64 128 152 bit Wired Equivalent Protection WEP encryption IEEE 802 1x port authentication Wi Fi Protected Access WPA SSID broadcast disable remote authentication via RADIUS server and MAC address filtering feature...

Page 24: ...o employ Frequently changing environments Retailers manufacturers and banks that frequently rearrange the workplace or change location Temporary LANs for special projects or peak times Trade shows exhibitions and construction sites which need temporary setup for a short time period Retailers airline and shipping companies that need additional workstations for a peak period Auditors who require wor...

Page 25: ...he surface attach the four rubber feet provided in the accessory kit to the embossed circles on the bottom of the access point Mounting on a wall The access point should be mounted only to a wall or wood surface that is at least 1 2 inch plywood or its equivalent Mark the position of the mounting screws included on the wall Set the 5 8 inch number 12 wood screws into the wall leaving about 3 mm 0 ...

Page 26: ...point can be wired to a 10 100 Mbps Ethernet through a network device such as a hub or a switch Connect your network to the RJ 45 port on the back panel with category 3 4 or 5 UTP Ethernet cable When the access point and the connected device are powered on the Ethernet Link LED should light indicating a valid network connection Note The RJ 45 port on the access point uses an MDI pin configuration ...

Page 27: ...ving the stronger signal to communicate with a wireless client 8 Connect the Console Port Connect the console cable included to the RS 232 console port for accessing the command line interface You can manage the access point using the console port Chapter 6 the web interface Chapter 5 or SNMP management software such as SMC s EliteView ...

Page 28: ...Hardware Installation 2 4 ...

Page 29: ...frequency band which operates at 2 4 GHz can easily encounter interference from other 2 4 GHz devices such as other 802 11b or g wireless devices cordless phones and microwave ovens If you experience poor wireless LAN performance try the following measures Limit any possible sources of radio interference within the service area Increase the distance between neighboring access points Decrease the s...

Page 30: ... of computers each equipped with a wireless adapter connected via radio signals as an independent wireless LAN Computers in a specific ad hoc wireless LAN must therefore be configured to the same radio channel Ad Hoc Wireless LAN Notebook with Wireless USB Adapter Notebook with Wireless PC Card PC with Wireless PCI Adapter ...

Page 31: ... access other computers or network resources in the wired LAN infrastructure via the access point The infrastructure configuration not only extends the accessibility of wireless PCs to the wired LAN but also increases the effective wireless transmission range for wireless PCs by passing their signal through one or more access points A wireless infrastructure can be used for access to a central dat...

Page 32: ...to connect A wireless infrastructure can also support roaming for mobile workers More than one access point can be configured to create an Extended Service Set ESS By placing the access points so that a continuous coverage area is created wireless users within this ESS can roam freely All SMC wireless network cards and adapters and SMC2555W AG wireless access points within a specific ESS must be c...

Page 33: ...erface CLI as described below to configure a valid address Initial Setup through the CLI Required Connections The SMC2555W AG provides an RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuration Attach a VT100 compatible terminal or a PC running a terminal emulation program to the access point You can use the console cable provided with this package or use ...

Page 34: ...ws 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal s VT100 emulation See www microsoft com for information on Windows 2000 service packs 4 Once you have set up the terminal correctly press the Enter key to initiate the console connection The console login screen will be displayed For a description of how to use the CLI see Using the Command Line Interface on pa...

Page 35: ...ess is the access point s IP address netmask is the network mask for the network and gateway is the default gateway router Check with your system administrator to obtain an IP address that is compatible with your network After configuring the access point s IP parameters you can access the management interface from anywhere within the attached network The command line interface can also be accesse...

Page 36: ...ess to wireless clients The Setup Wizard takes you through configuration procedures for the wireless Service Set Identifier the radio channel selection IP configuration and basic WEP authentication for wireless clients The SMC2555W AG can be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above Enter the default IP address http 192 168 2 2 ...

Page 37: ...eb based Management 4 5 Logging In Enter the username smcadmin the password admin and click LOGIN For information on configuring a user name and password refer to page 5 18 The home page displays the Main Menu ...

Page 38: ...izard on the home page then click on the Next button to start the process 1 Service Set ID Enter the service set identifier in the SSID box which all wireless clients must use to associate with the access point The SSID is case sensitive and can consist of up to 32 alphanumeric characters Default SMC ...

Page 39: ...l mode support 13 channels Turbo mode supports only 5 channels Default Disable 802 11a Radio Channel Set the operating radio channel number Default 64ch 5 320GHz Auto Channel Select Select Enable for automatic radio channel detection Default Enable 802 11b g 802 11g Radio Channel Set the operating radio channel number Default 1 Note Available channel settings are limited by local regulations which...

Page 40: ...or a gateway that can route traffic between these segments Then enter the IP address for the primary and secondary Domain Name Servers DNS servers to be used for host name to IP address resolution DHCP Client With DHCP Client enabled the IP address subnet mask and default gateway can be dynamically assigned to the access point by the network DHCP server Default Disable Note If there is no DHCP ser...

Page 41: ...hapter 5 Authentication Type Use Open System to allow open access to all wireless clients without performing authentication or Shared Key to perform authentication based on a shared key that has been distributed to all stations Default Open System WEP Wired Equivalent Privacy is used to encrypt transmissions passing between wireless clients and the access point Default Disabled Shared Key Setup If...

Page 42: ...Default 128 bit hexadecimal key type 64 Bit Manual Entry The key can contain 10 hexadecimal digits or 5 alphanumeric characters 128 Bit Manual Entry The key can contain 26 hexadecimal digits or 13 alphanumeric characters Note All wireless devices must be configured with the same Key ID values to communicate with the access point 5 Click Finish 6 Click the OK button to restart the access point ...

Page 43: ...dress for the SMC2555W AG The SMC2555W AG can be managed by any computer using a web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above Enter the default IP address http 192 168 2 2 To log into the SMC2555W AG enter the default user name smcadmin and password smc When the home page displays click on Advanced Setup The following page will display ...

Page 44: ...rvers 5 5 Radius Configures the RADIUS server for wireless client authentication 5 7 Authentication Configures 802 1x client authentication with an option for MAC address authentication 5 9 Filter Control Filters communications between wireless clients access to the management interface from wireless clients and traffic matching specific Ethernet protocol types 5 13 SNMP Controls access to this ac...

Page 45: ...ity Configures data encryption with Wired Equivalent Protection WEP or Wi Fi Protected Access WPA 5 31 Radio Interface 2 Configures the IEEE 802 11b g interface 5 25 Radio Settings Configures radio signal parameters such as radio channel transmission rate and beacon settings 5 29 Security Configures data encryption with Wired Equivalent Protection WEP or Wi Fi Protected Access WPA 5 31 Menu Descri...

Page 46: ...ify the wireless network service provided by the SMC2555W AG Only clients with the same SSID can associate with the access point System Name An alias for the access point enabling the device to be uniquely identified on the network Default Enterprise AP Range 1 22 characters SSID The name of the basic service set provided by the access point Clients that want to connect to the network through the ...

Page 47: ...etwork By default the SMC2555W AG will be automatically configured with IP settings from a Dynamic Host Configuration Protocol DHCP server However if you are not using a DHCP server to configure IP addressing use the CLI to manually configure the initial IP values page 4 2 After you have network access to the access point you can use the web browser interface to modify the initial IP configuration...

Page 48: ...s used for routing to specific subnets Default Gateway The default gateway is the IP address of the router for the access point which is used if the requested destination address is not on the local subnet If you have management stations DNS RADIUS or other network servers located on another subnet type the IP address of the default gateway router in the text field provided Otherwise leave the add...

Page 49: ...e network A primary RADIUS server must be specified for the SMC2555W AG to implement IEEE 802 1x network access control and Wi Fi Protected Access WPA wireless security A secondary RADIUS server may also be specified as a backup should the primary server fail or become inaccessible Note This guide assumes that you have already configured RADIUS server s to support the access point Configuration of...

Page 50: ...rver before resending a request Range 1 60 seconds Default 5 Retransmit attempts The number of times the access point tries to resend a request to the RADIUS server before authentication fails Range 1 30 Default 3 Note For the Timeout and Retransmit attempts fields accept the default values unless you experience problems connecting to the RADIUS server over the network Secondary Radius Server Setu...

Page 51: ...cking their MAC address against the local database configured on the access point or by using the IEEE 802 1x network access authentication protocol to look up their MAC addresses on a RADIUS server The 802 1x protocol can also be configured to check other user credentials such as a user name and password ...

Page 52: ...ation is sent to a configured RADIUS server for authentication When using a RADIUS authentication server for MAC address authentication the server must first be configured in the Radius window page 5 7 Disable No checks are performed on an associating station s MAC address Local MAC Authentication Configures the local MAC authentication database The MAC database provides a mechanism to take certai...

Page 53: ...2 1x client application to submit user credentials for authentication The 802 1x standard uses the Extensible Authentication Protocol EAP to pass user credentials either digital certificates user names and passwords or other from the client to the RADIUS server Client authentication is then verified on the RADIUS server before the access point grants client access to the network The 802 1x EAP pac...

Page 54: ...itiate authentication Only those clients successfully authenticated with 802 1x are allowed to access the network When 802 1x is enabled the broadcast and session key rotation intervals can also be configured Broadcast Key Refresh Rate Sets the interval at which the broadcast keys are refreshed for stations using 802 1x dynamic keying Range 0 1440 minutes Default 0 means disabled Session Key Refre...

Page 55: ...Advanced Configuration 5 13 Filter Control The access point can employ VLAN ID and network traffic frame filtering to control access to network resources and increase security ...

Page 56: ...ents thereby improving security A VLAN ID 1 4095 is assigned to a client after successful authentication using IEEE 802 1x and a central RADIUS server The user VLAN IDs must be configured on the RADIUS server for each user authorized to access the network If a user does not have a configured VLAN ID the access point assigns the user to its own configured native VLAN ID When setting up VLAN IDs for...

Page 57: ...etween clients through the access point Enable Blocks wireless to wireless communications between clients through the access point AP Management Filter Controls management access to the SMC2555W AG from wireless clients Management interfaces include the web Telnet or SNMP Disable Allows management access from wireless clients Enable Blocks management access from wireless clients Ethernet Type Filt...

Page 58: ...ask configured either manually or dynamically Once an IP address has been configured appropriate SNMP communities and trap receivers should be configured Community names are used to control management access to SNMP stations as well as to authorize SNMP stations to receive trap messages from the access point To communicate with the access point a management station must first submit a valid commun...

Page 59: ...ng that has read only access Authorized management stations are only able to retrieve MIB objects Maximum length 23 characters case sensitive Community Name Read Write Defines the SNMP community access string that has read write access Authorized management stations are able to both retrieve and modify MIB objects Maximum length 23 characters case sensitive Trap Destination IP Address Specifies th...

Page 60: ...nd password are not configured then anyone having access to the access point may be able to compromise access point and network security Note Pressing the Reset button on the back of the SMC2555W AG for more than five seconds resets the user name and password to the factory defaults For this reason we recommend that you protect the access point from physical access by unauthorized persons Username...

Page 61: ...ay be provided periodically on SMC s web site http www smc com After upgrading new software you must reboot the SMC2555W AG to implement the new code Until a reboot occurs the SMC2555W AG will continue to run the software it was using before the upgrade started Also note that rebooting the access point with new software will reset the configuration to the factory default settings ...

Page 62: ...d and then configure the management station with the same VLAN ID If you are managing the access point from a wireless client the VLAN ID for the the wireless client must be configured on a RADIUS server Current version Version number of runtime code Firmware Upgrade Local Downloads an operation code image file from the web management station to the access point using HTTP Use the Browse button to...

Page 63: ...n the access point Valid characters A Z a z 0 9 _ IP Address IP address or host name of FTP or TFTP server Username The user ID used for login on an FTP server Password The password used for login on an FTP server Restore Factory Settings Click the Restore button to reset the configuration settings for the SMC2555W AG to the factory defaults and reboot the system Note that all user configured info...

Page 64: ...the Syslog server are stamped with the correct time and date Enabling System Logging The SMC2555W AG supports a logging process that can control error messages saved to memory or sent to a Syslog server The logged messages serve as a valuable tool for isolating access point and network problems System Log Setup Enables the logging of error messages Logging Host Enables the sending of log messages ...

Page 65: ...last 128 messages logged in chronological order from the newest to the oldest Log messages saved in the access point s memory are erased when the device is rebooted Configuring SNTP Simple Network Time Protocol SNTP allows the SMC2555W AG to set its internal clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on the access point enables the system log to rec...

Page 66: ...ry SNTP or NTP time server The access point first attempts to update the time from the primary server if this fails it attempts an update from the secondary server Note The SMC2555W AG also allows you to disable SNTP and set the system clock manually using the CLI Set Time Zone SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime me...

Page 67: ...section of the manual The access point can operate in three modes IEEE 802 11a only 802 11b g only or a mixed 802 11a b g mode Also note that 802 11g is backward compatible with 802 11b These interfaces are configured independently under the following web pages Radio Interface 1 802 11a Radio Interface 2 802 11b g Note The radio channel settings for the SMC2555W AG are limited by local regulations...

Page 68: ...e Enable Enables radio communications on the SMC2555W AG Default Enabled Turbo Mode The normal 802 11a wireless operation mode provides connections up to 54 Mbps Turbo Mode is an enhanced mode not regulated in IEEE 802 11a that provides a higher data rate of up to 108 Mbps Enabling Turbo Mode allows the SMC2555W AG to provide connections up to 108 Mbps Default Disabled ...

Page 69: ...example in the United States you can deploy up to four access points in the same area e g channels 36 56 149 165 Also note that the channel for wireless clients is automatically set to the same as that used by the access point to which it is linked Default Channel 60 for normal mode and channel 42 for Turbo mode Auto Channel Select Enables the access point to automatically select an unoccupied rad...

Page 70: ...fic which is necessary to wake up stations that are using Power Save mode The default value of 2 indicates that the access point will save all broadcast multicast frames for the Basic Service Set BSS and forward them after every second beacon Using smaller DTIM intervals delivers broadcast multicast frames in a more timely manner causing stations in Power Save mode to wake up more often and drain ...

Page 71: ...chanism will be enabled The access points contending for the medium may not be aware of each other The RTS CTS mechanism can solve this Hidden Node Problem Range 0 2347 bytes Default 2347 bytes Radio Settings 802 11g The IEEE 802 11g standard operates within the 2 4 GHz band at up to 54 Mbps Also note that because the IEEE 802 11g standard is an extension of the IEEE 802 11b standard it allows cli...

Page 72: ... in the same area e g channels 1 6 11 Also note that the channel for wireless clients is automatically set to the same as that used by the access point to which it is linked Range 1 11 Default 1 Auto Channel Select Enables the access point to automatically select an unoccupied radio channel Default Enabled Maximum Supported Rate The maximum data rate at which a client can connect to the access poi...

Page 73: ...urity you have to implement two main functions Authentication It must be verified that clients attempting to connect to the network are authorized users Traffic Encryption Data passing between the access point and clients must be protected from interception and evesdropping For a more secure network the access point can implement one or a combination of the following security mechanisms Wired Equi...

Page 74: ...red RADIUS server 802 1x EAP type may require management of digital certificates for clients and server MACAddress Filtering Uses the MAC address of client network card Provides only weak user authentication Management of authorized MAC addresses Can be combined with other methods for improved security Optionally configured RADIUS server WPA Enterprise Mode Requires WPA enabled system and network ...

Page 75: ...mal or alphanumeric strings that are manually distributed to all clients that want to use the network WEP is the security protocol initially specified in the IEEE 802 11 standard for wireless communications Unfortunately WEP has been found to be seriously flawed and cannot be recommended for a high level of network security For more robust wireless security the SMC2555W AG provides Wi Fi Protected...

Page 76: ... shared keys Open System Select this option if you plan to use WPA or 802 1x as a security mechanism If you don t set up any other security mechanism on the access point the network has no protection and is open to all users This is the default setting Shared Key Sets the access point to use WEP shared keys If this option is selected you must configure at least one key on the access point and all ...

Page 77: ...128 bit keys or 32 hexadecimal digits for 152 bit keys Alphanumeric Enter keys as 5 alphanumeric characters for 64 bit keys 13 alphanumeric characters for 128 bit keys or 16 alphanumeric characters for 152 bit keys Transmit Key Select Selects the key number to use for encryption If the clients have all four keys configured to the same values you can change the encryption key to any of the four set...

Page 78: ...k for user authentication and dynamic key management The 802 1x client and RADIUS server should use an appropriate EAP type such as EAP TLS Transport Layer Security EAP TTLS Tunneled TLS or PEAP Protected EAP for strongest authentication Working together these protocols provide mutual authentication between a client the access point and a RADIUS server that prevents users from accidentally joining...

Page 79: ...RADIUS authentication server to be configured on the wired network However for small office networks that may not have the resources to configure and maintain a RADIUS server WPA provides a simple operating mode that uses just a pre shared password for network access The Pre Shared Key mode uses a common password for user authentication that is manually entered on the access point and all wireless...

Page 80: ... support as a future security enhancement The WPA configuration parameters are described below WPA Configuration Mode The access point can be configured to allow only WPA enabled clients to access the network or also allow clients only capable of supporting WEP WPA Key Management WPA can be configured to work in an enterprise environment using IEEE 802 1x and a RADIUS server for user authenticatio...

Page 81: ...tegrity check an extended initialization vector with sequencing rules and a re keying mechanism AES AES has been designated by the National Institute of Standards and Technology as the successor to the Data Encryption Standard DES encryption algorithm and will be used by the U S government for encrypting all sensitive nonclassified information Because of its strength and resistance to attack AES i...

Page 82: ...plays basic system configuration settings as well as the settings for the wireless interface Menu Description Page AP Status Displays configuration settings for the basic system and the wireless interface 5 40 Station Status Shows the wireless clients currently associated with the access point 5 42 Event Logs Shows log messages stored in memory 5 44 ...

Page 83: ...P Server Shows if management access via HTTP is enabled HTTP Server Port Shows the TCP port used by the HTTP interface Version Shows the version number for the runtime code AP Wireless Configuration The AP Wireless Configuration table displays the wireless interface settings listed below Note that Radio 1 refers to the 802 11a interface and Radio 2 refers the 802 11b g interface SSID The service s...

Page 84: ...ss client Authenticated Shows if the station has been authenticated The two basic methods of authentication supported for 802 11 wireless networks are open system and shared key Open system authentication accepts any client attempting to connect to the access point without verifying its identity The shared key approach uses Wired Equivalent Privacy WEP to verify client identity by distributing a s...

Page 85: ...cedure allows the wireless system to track the location of each mobile client and ensure that frames destined for each client are forwarded to the appropriate access point Forwarding Allowed Shows if the station has passed 802 1x authentication and is now allowed to forward traffic to the access point Key Type Displays Open System or Shared Key ...

Page 86: ... point and stored in memory The Event Logs table displays the following information Log Time The time the log message was generated Event Level The logging level associated with this message For a description of the various levels see logging level on page 5 22 Event Message The content of the log message ...

Page 87: ...sing the access point s command line interface CLI is very similar to entering commands on a UNIX system Console Connection To access the access point through the console port perform these steps 1 At the console prompt enter the user name and password The default user name is smcadmin and the default password is admin When the user name is entered the CLI displays the SMC Enterprise AP prompt 2 E...

Page 88: ...om a DHCP server the default IP address used by the access point 192 168 1 1 consists of a network portion 192 168 1 and a host portion 1 To access the access point through a Telnet session you must first set the IP address for the access point and set the default gateway if you are managing the access point from a different IP subnet For example If your corporate network is connected to another n...

Page 89: ... commands to complete your desired tasks 4 When finished exit the session with the quit or exit command After entering the Telnet command the login screen displays Note You can open up to four sessions to the device via Telnet Entering Commands This section describes how to enter CLI commands Keywords and Arguments A CLI command is a series of keywords and arguments Keywords identify a command and...

Page 90: ...will prompt for further input Command Completion If you terminate input with a Tab key the CLI will print the remaining characters of a partial keyword up to the point of ambiguity In the configure example typing con followed by a tab will result in printing the command up to configure Getting Help on Commands You can display a brief description of the help system by entering the help command You ...

Page 91: ...ywords starting with s SMC AP show authentication Show Authentication parameters bootfile Show bootfile name filters Show filters hardware Show hardware version history Display the session history interface Show interface information line TTY line information logging Show the logging buffers radius Show radius server snmp Show snmp statistics sntp Show sntp statistics station Show 802 11 station t...

Page 92: ...list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands Understanding Command Modes The command set is divided into Exec and Configuration classes Exec commands generally display information on system status or clear statistical counters Configuration commands on the other hand modify interface parameters or...

Page 93: ...ommands are used to modify access point settings These commands modify the running configuration and are saved in memory The configuration commands are organized into three different modes Global Configuration These commands modify the system level configuration and include commands such as username and password Interface Ethernet Configuration These commands modify the Ethernet port configuration...

Page 94: ... case sensitive You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters You can use the Tab key to complete partial commands or enter a partial command followed by the character to display a list of possible matches You can also use the following editing keystrokes for command line processing ...

Page 95: ...s current command line on a new line Ctrl U Deletes the entire line Ctrl W Deletes the last word typed Esc B Moves the cursor backward one word Esc D Deletes from the cursor to the end of the word Esc F Moves the cursor forward one word Delete key or backspace key Erases a mistake when entering a command Keystroke Function ...

Page 96: ... of other system information 6 16 SNMP Configures community access strings and trap managers 6 32 Flash File Manages code image or access point configuration files 6 37 RADIUS Configures the RADIUS client used with 802 1x authentication 6 42 Authentication Configures IEEE 802 1x port access control and address filtering 6 47 Filtering Filters communications between wireless clients controls access...

Page 97: ...lt Setting None Command Mode Exec Example Related Commands end page 6 12 Command Function Mode Page configure Activates global configuration mode Exec 6 11 end Returns to Exec mode GC IC 6 12 exit Returns to the previous configuration mode or exits the CLI any 6 12 ping Sends ICMP echo request packets to another node on the network Exec 6 13 reset Restarts the system Exec 6 14 show history Shows t...

Page 98: ...uration mode from the Interface Configuration mode exit This command returns to the Exec mode or exits the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Exec mode from the Interface Configuration mode and then quit the CLI session SMC AP if ethernet end SMC AP config SMC AP if ethernet exit SMC AP exit CLI session with the Access Point ...

Page 99: ...reached The following are some results of the ping command Normal response The normal response occurs in one to ten seconds depending on network traffic Destination does not respond If the host does not respond a timeout appears in ten seconds Destination unreachable The gateway forthis destination indicates that the destination is unreachable Network or host unreachable The gateway found no corre...

Page 100: ...ration settings to the factory defaults and then reboots the system Default Setting None Command Mode Exec Command Usage When the system is restarted it will always run the Power On Self Test Example This example shows how to reset the system show history This command shows the contents of the command history buffer Default Setting None Command Mode Exec SMC AP reset board Reboot system now y n y ...

Page 101: ...mple the show history command lists the contents of the command history buffer show line This command displays the console port s configuration settings Command Mode Exec Example The console port settings are fixed at the values shown below SMC AP show history config exit show history SMC AP SMC AP show line Console Line Information databits 8 parity none speed 9600 stop bits 1 SMC AP ...

Page 102: ...stem location string GC 6 36 User Access Configures the user name and password for management access username Configures the user name for management access GC 6 19 password Specifies the password for management access GC 6 19 Web Server Enables management access via a web browser ip http port Specifies the port to be used by the web browser interface GC 6 20 ip http server Allows the access point...

Page 103: ...system clock via an NTP SNTP server sntp server ip Specifies one or more time servers GC 6 25 sntp server enable Accepts time from the specified time servers GC 6 26 sntp server date time Manually sets the system date and time GC 6 27 sntp server daylight saving Sets the start and end dates for daylight savings time GC 6 28 sntp server timezone Sets the time zone for the access point s internal cl...

Page 104: ...fies the system name for this device Use the no form to restore the default system name Syntax system name name no system name name The name of this host Maximum length 32 characters Default Setting Enterprise AP Command Mode Global Configuration Example SMC Enterprise AP config prompt RD2 RD2 config SMC AP config system name SMC AP SMC AP config ...

Page 105: ...ommand Mode Global Configuration Example password After initially logging onto the system you should set the password Remember to record it in a safe place Use the no form to reset the default password Syntax password password no password password Password for management access Length 3 16 characters case sensitive Default Setting admin Command Mode Global Configuration SMC AP config username bob ...

Page 106: ...The TCP port to be used by the browser interface Range 1024 65535 Default Setting 80 Command Mode Global Configuration Example Related Commands ip http server page 6 20 ip http server This command allows this device to be monitored or configured from a browser Use the no form to disable this function Syntax ip http server no ip http server SMC AP config password smc SMC AP config SMC AP config ip ...

Page 107: ... error messages to memory The no form disables the logging process Syntax logging on no logging on Default Setting None Command Mode Global Configuration Command Usage The logging process controls error messages saved to memory You can use the logging level command to control the type of error messages that are stored in memory Example SMC AP config ip http server SMC AP config SMC AP config loggi...

Page 108: ...e name of a syslog server Range 1 20 characters host_ip_address The IP address of a syslog server Default Setting None Command Mode Global Configuration Example logging console This command initiates logging of error messages to the console Use the no form to disable logging to the console Syntax logging console no logging console Default Setting Disabled Command Mode Global Configuration SMC AP c...

Page 109: ...evel SMC AP config logging console SMC AP config Level Argument Description Alerts Immediate action needed Critical Critical conditions e g memory allocation or free memory error resource exhausted Error Error conditions e g invalid input default used Warning Warning conditions e g return false unexpected return Notice Normal but significant condition such as cold start Informational Informational...

Page 110: ...ropriate service Range 16 23 Default Setting 16 Command Mode Global Configuration Command Usage The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the access point However it may be used by the syslog server to sort messages or to store messages in the corresponding database Example SMC AP config logging leve...

Page 111: ...e requests are issued Use the this command with no arguments to clear all time servers from the current list Syntax sntp server ip 1 2 ip 1 First time server 2 Second time server ip IP address of an time server NTP or SNTP SMC AP show logging Logging Information Syslog State Disabled Logging Host State Enabled Logging Console State Disabled Server Domain name IP none Logging Level Error Logging Fa...

Page 112: ...s The access point will poll the time servers in the order specified until a response is received Example Related Commands sntp server enable page 6 26 show sntp page 6 29 sntp server enable This command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp server ip command Use the no form to disable SNTP client requests Syntax sntp server enabl...

Page 113: ...tup i e 00 14 00 January 1 1970 Example Related Commands sntp server ip page 6 25 show sntp page 6 29 sntp server date time This command sets the system clock Default Setting 00 14 00 January 1 1970 Command Mode Global Configuration Example This example sets the system clock to 17 37 June 19 2003 SMC AP config sntp server enable SMC AP config SMC AP sntp server date time Enter Year 1970 2100 2003 ...

Page 114: ... no sntp server daylight saving Default Setting Disabled Command Mode Global Configuration Command Usage The command sets the system clock back one hour during the specified period Example This sets daylight savings time to be used from July 1st to September 1st SMC AP config sntp server daylight saving Enter Daylight saving from which month 1 12 6 and which day 1 31 1 Enter Daylight saving end to...

Page 115: ...mand sets the local time zone relative to the Coordinated Universal Time UTC formerly Greenwich Mean Time or GMT based on the earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must indicate the number of hours and minutes your time zone is east before or west after of UTC Example show sntp This command displays the current time and configuration s...

Page 116: ...guration settings Default Setting None Command Mode Exec SMC AP show sntp SNTP Information Service State Enabled SNTP server 1 IP 137 92 140 80 SNTP server 2 IP 192 43 244 18 Current Time 08 04 Jun 20th 2003 Time Zone 8 TAIPEI BEIJING Daylight Saving Enabled from Jun 1st to Sep 1st SMC AP ...

Page 117: ...0 days 1 hours 28 minutes 9 seconds System Name Enterprise AP System Location System Contact Contact System Country Code 99 NO_COUNTRY_SET MAC Address 00 30 F1 71 D6 40 IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 0 0 0 0 VLAN State DISABLED IAPP State ENABLED DHCP Client ENABLED HTTP Server ENABLED HTTP Server Port 80 Slot Status 802 11g only Software Version v2 0 0 SMC AP SMC...

Page 118: ...o snmp server community string string Community string that acts like a password and permits access to the SNMP protocol Maximum length 23 characters case sensitive Command Function Mode Page snmp server community Sets up the community access string to permit access to SNMP commands GC 6 32 snmp server contact Sets the system contact string GC 6 33 snmp server enable server Enables SNMP service an...

Page 119: ...ss Authorized management stations are able to both retrieve and modify MIB objects Command Mode Global Configuration Command Usage If you enter a community string without the ro or rw option the default is read only Example snmp server contact This command sets the system contact string Use the no form to remove the system contact information Syntax snmp server contact string no snmp server contac...

Page 120: ... disable SNMP service and trap messages Syntax snmp server enable server no snmp server enable server Default Setting Enabled Command Mode Global Configuration Command Usage This command enables both authentication failure notifications and link up down notifications The snmp server host command specifies the host device that will receive SNMP notifications Example SMC AP config snmp server contac...

Page 121: ...1 20 characters community string Password like community string sent with the notification operation Although you can set this string using the snmp server host command by itself we recommend that you define this string using the snmp server community command prior to using the snmp server host command Maximum length 23 characters Default Setting Host Address None Community String public Command M...

Page 122: ... the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 20 characters Default Setting None Command Mode Global Configuration Example Related Commands snmp server contact page 6 33 SMC AP config snmp server host 10 1 19 23 batman SMC AP config SMC AP config snmp server location WC 19 SMC AP config ...

Page 123: ...mation Service State Enable Community ro Community rw Location WC 19 Contact Paul Traps Enabled Host Name IP 10 1 19 23 Trap Community SMC AP Command Function Mode Page bootfile Specifies the file or image used to start up the system GC 6 38 copy Copies a code image or configuration between flash memory and a FTP TFTP server Exec 6 39 delete Deletes a file or code image Exec 6 40 dir Displays a li...

Page 124: ...le Default Setting None Command Mode Exec Command Usage The file name should not contain slashes or the leading letter of the file name should not be a period and the maximum length for file names is 32 characters Valid characters A Z a z 0 9 _ If the file contains an error it cannot be set as the default file Example SMC AP bootfile smc img bin SMC AP ...

Page 125: ...tftp ftp Keyword that allows you to copy to from an FTP server tftp Keyword that allows you to copy to from a TFTP server file Keyword that allows you to copy to from a flash memory file config Keyword that allows you to upload the configuration file from flash memory Default Setting None Command Mode Exec Command Usage The system prompts for data required to complete the copy command Only a confi...

Page 126: ...ow to upload the configuration settings to a file on the TFTP server The following example shows how to download a configuration file delete This command deletes a file or image Syntax delete filename filename Name of the configuration file or image name Default Setting None SMC AP copy config tftp TFTP Source file name syscfg TFTP Server IP 192 168 1 19 SMC AP SMC AP copy tftp file 1 Application ...

Page 127: ...ion image file booted at startup before you reboot the access point Example This example shows how to delete the test cfg configuration file from flash memory Related Commands bootfile page 6 38 dir page 6 41 dir This command displays a list of files in flash memory Command Mode Exec Command Usage File information is shown below SMC AP delete test cfg Are you sure you wish to delete this file y n ...

Page 128: ...ireless client that requires access to the access point SMC AP dir File Name Type File Size dflt img bin 2 1044140 syscfg 5 16860 syscfg_bak 5 16860 zz img bin 2 1044140 1048576 byte s available SMC AP Command Function Mode Page radius server address Specifies the RADIUS server GC 6 43 radius serverport Sets the RADIUS server network port GC 6 43 radius server key Sets the RADIUS encryption key GC...

Page 129: ...st name of server Range 1 20 characters Default Setting None Command Mode Global Configuration Example radius server port This command sets the RADIUS server network port Syntax radius server secondary port port_number secondary Secondary server port_number RADIUS server UDP port used for authentication messages Range 1024 65535 Default Setting 1812 Command Mode Global Configuration SMC AP config ...

Page 130: ...ring Maximum length 20 characters Default Setting DEFAULT Command Mode Global Configuration Example radius server retransmit This command sets the number of retries Syntax radius server secondary retransmit number_of_retries secondary Secondary server number_of_retries Number of times the access point will try to authenticate logon access via the RADIUS server Range 1 30 SMC AP config radius serve...

Page 131: ...o the RADIUS server Syntax radius server secondary timeout number_of_seconds secondary Secondary server number_of_seconds Number of seconds the access point waits for a reply before resending a request Range 1 60 Default Setting 5 Command Mode Global Configuration Example SMC AP config radius server retransmit 5 SMC AP config SMC AP config radius server timeout 10 SMC AP config ...

Page 132: ...rent settings for the RADIUS server Default Setting None Command Mode Exec Example SMC AP show radius Radius Server Information IP 192 168 1 25 Port 181 Key Retransmit 5 Timeout 10 Radius Secondary Server Information IP 0 0 0 0 Port 1812 Key Retransmit 3 Timeout 5 SMC AP ...

Page 133: ...or required GC 6 48 802 1x broadcast key refresh rate Sets the interval at which the primary broadcast keys are refreshed for stations using 802 1x dynamic keying GC 6 49 802 1x session key refresh rate Sets the interval at which unicast session keys are refreshed for associated stations using dynamic keying GC 6 50 802 1x session timeout Sets the timeout after which a connected client must be re ...

Page 134: ...mand Mode Global Configuration Command Usage When 802 1x is disabled the access point does not support 802 1x authentication for any station After successful 802 11 association each client is allowed to access the network When 802 1x is supported the access point supports 802 1x authentication only for clients initiating the 802 1x mac authentication session timeout Sets the interval at which asso...

Page 135: ...ons If 802 1x authentication is not initiated by the station the access point will initiate authentication Only those stations successfully authenticated with 802 1x are allowed to access the network 802 1x does not apply to the 10 100Base TX port Example 802 1x broadcast key refresh rate This command sets the interval at which the broadcast keys are refreshed for stations using 802 1x dynamic key...

Page 136: ...e a random group key and periodically update all key management capable wireless clients Example 802 1x session key refresh rate This command sets the interval at which unicast session keys are refreshed for associated stations using dynamic keying Syntax 802 1x session key refresh rate rate rate The interval at which the access point refreshes a session key Range 0 1440 minutes Default Setting 0 ...

Page 137: ...Range 0 65535 Default 0 Disabled Command Mode Global Configuration Example address filter default This command sets filtering to allow or deny listed MAC addresses Syntax address filter default allowed denied allowed Only MAC addresses entered as denied in the address filtering table are denied denied Only MAC addresses entered as allowed in the address filtering table are allowed SMC AP config 80...

Page 138: ... the filter table Syntax address filter entry mac address allowed denied mac address Physical address of client Enter six pairs of hexadecimal digits separated by hyphens e g 00 90 D1 12 AB 89 allowed Entry is allowed access denied Entry is denied access Default None Command Mode Global Configuration Command Mode The access point supports up to 1024 MAC addresses SMC AP config address filter defau...

Page 139: ... address filter delete This command deletes a MAC address from the filter table Syntax address filter delete mac address mac address Physical address of client Enter six pairs of hexadecimal digits separated by hyphens Default None Command Mode Global Configuration Example Related Commands show authentication page 6 56 SMC AP config address filter entry 00 70 50 cc 99 1a allowed SMC AP config SMC ...

Page 140: ...henticate the MAC address of wireless clients with the local authentication database during 802 11 association remote Authenticate the MAC address of wireless clients with the RADIUS server during 802 1x authentication Default local Command Mode Global Configuration Example Related Commands address filter entry page 6 52 radius server address page 6 43 show authentication page 6 56 SMC AP config m...

Page 141: ...e re authenticated with the RADIUS server authentication database Use the no form to disable reauthentication Syntax mac authentication session timeout seconds seconds Re authentication interval Range 0 65535 Default 0 disabled Command Mode Global Configuration Example SMC AP config mac authentication session timeout 1 SMC AP config ...

Page 142: ...uthentication Information MAC Authentication Server REMOTE MAC Auth Session Timeout Value 1 secs 802 1x SUPPORTED Broadcast Key Refresh Rate 5 min Session Key Refresh Rate 5 min 802 1x Session Timeout Value 300 secs Address Filtering DENIED System Default DENY addresses not found in filter table Filter Table MAC Address Status 00 70 50 cc 99 1a DENIED 00 70 50 cc 99 1b ALLOWED SMC AP config ...

Page 143: ...ltering Syntax filter local bridge no filter local bridge Default Disabled Command Mode Global Configuration Command Function Mode Page filter local bridge Disables communication between wireless clients GC 6 57 filter ap manage Prevents wireless clients from accessing the management interface GC 6 58 filter ethernet type enable Checks the Ethernet type for all incoming and outgoing Ethernet packe...

Page 144: ...less clients and the wired network Example filter ap manage This command prevents wireless clients from accessing the management interface on the access point Use the no form to disable this filtering Syntax filter ap manage no filter ap manage Default Disabled Command Mode Global Configuration Example SMC AP config filter local bridge SMC AP config SMC AP config filter ap manage SMC AP config ...

Page 145: ... feature Syntax filter ethernet type enable no filter ethernet type enable Default Disabled Command Mode Global Configuration Command Usage This command is used in conjunction with the filter ethernet type protocol command to determine which Ethernet protocol types are to be filtered Example Related Commands filter ethernet type protocol page 6 60 SMC AP config filter ethernet type enable SMC AP c...

Page 146: ... Level 3 Banyan CDP DEC XNS DEC MOP Dump Load DEC MOP DEC LAT Ethertalk Appletalk ARP Novell IPX old Novell IPX new EAPOL Telxon TXP Aironet DDP Enet Config Test Default None Command Mode Global Configuration Command Usage Use the filter ethernet type enable command to enable filtering for Ethernet types specified in the filtering table or the no filter ethernet type enable command to disable all ...

Page 147: ...e filter options and protocol entries in the filter table Command Mode Exec Example SMC AP show filters Protocol Filter Information Local Bridge ENABLED AP Management ENABLED Ethernet Type Filter ENABLED Enabled Protocol Filters Protocol ARP ISO 0x0806 SMC AP ...

Page 148: ... 66 dns secondary server Specifies the secondary name server IC E 6 66 ip address Sets the IP address for the Ethernet interface IC E 6 67 ip dhcp Submits a DHCP request for an IP address IC E 6 68 shutdown Disables the Ethernet interface IC E 6 69 speed duplex Configures speed and duplex operation IC E 6 70 show interface ethernet Shows the status for the Ethernet interface Exec 6 71 Wireless Int...

Page 149: ...d Configures the rate at which stations in sleep mode must wake up to receive broadcast multicast transmissions IC W 6 77 fragmentation length Configures the minimum packet size that can be fragmented IC W 6 78 rts threshold Sets the packet size threshold at which an RTS must be sent to the receiving station prior to the sending station starting communications IC W 6 79 authentication Defines the ...

Page 150: ...C W max association Configures the maximum number of clients that can be associated with the access point at the same time IC W 6 85 multicast cipher Defines the cipher algorithm used for multicasting IC W 6 86 wpa clients Defines whether WPA is required or optionally supported for client stations IC W 6 87 wpa mode Specifies dynamic keys or a pre shared key IC W 6 89 wpa preshared key Defines a W...

Page 151: ...s a 802 11a radio interface g 802 11g radio interface Default Setting None Command Mode Global Configuration Example To specify the 10 100Base TX network interface enter the following command show interface wireless Shows the status for the wireless interface Exec 6 93 show station Shows the wireless clients associated with the access point Exec 6 94 SMC AP config interface ethernet SMC AP if ethe...

Page 152: ... name resolution secondary server Secondary server used for name resolution server address IP address of domain name server Default Setting None Command Mode Global Configuration Command Usage The primary and secondary name servers are queried in sequence Example This example specifies two domain name servers Related Commands show interface ethernet page 6 71 SMC AP if ethernet dns primary server ...

Page 153: ...sk 255 255 255 0 Command Mode Interface Configuration Ethernet Command Usage DHCP is enabled by default To manually configure a new IP address you must first disable the DHCP client with the no ip dhcp command You must assign an IP address to this device to gain management access over the network or to connect the access point to existing IP subnets You can manually configure a specific IP address...

Page 154: ...connect the access point to existing IP subnets You can manually configure a specific IP address using the ip address command or direct the device to obtain an address from a DHCP server using this command When you use this command the access point will begin broadcasting DHCP client requests The current IP address i e default or manually configured address will continue to be effective until a DH...

Page 155: ...erface use the no form Syntax shutdown no shutdown Default Setting Interface enabled Command Mode Interface Configuration Ethernet Command Usage This command allows you to disable the Ethernet port due to abnormal behavior e g excessive collisions and reenable it after the problem has been resolved You may also want to disable the Ethernet port for security reasons SMC AP config interface ethernet...

Page 156: ...ation 10MF Forces 10 Mbps full duplex operation 100MH Forces 100 Mbps half duplex operation 100MF Forces 100 Mbps full duplex operation Default Setting Auto negotiation is enabled by default Command Mode Interface Configuration Ethernet Command Usage If autonegotiation is disabled the speed and duplex mode must be configured to match the setting of the attached device Example The following example...

Page 157: ... the wireless interface Use the no form to remove the description Syntax description string no description string Comment or a description for this interface Range 1 80 characters SMC AP show interface ethernet Ethernet Interface Information IP Address 192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway 192 168 1 253 Primary DNS 192 168 1 55 Secondary DNS 10 1 0 55 Speed duplex 100Base TX Half D...

Page 158: ...stem no closed system Default Setting Disabled Command Mode Interface Configuration Wireless Command Usage When closed system is enabled the access point will not include its SSID in beacon messages Nor will it respond to probe requests from clients that do not include a fixed SSID Example SMC AP config interface wireless g SMC AP if wireless g description RD AP 3 SMC AP if wireless g SMC AP if wi...

Page 159: ...ireless clients Options 1 2 5 5 6 9 11 12 18 24 36 48 54 Mbps Default Setting 54 Mbps Command Mode Interface Configuration Wireless Command Usage The maximum transmission distance is affected by the data rate The lower the data rate the longer the transmission distance Please refer to the table for maximum distances on page A 4 Example SMC AP if wireless g speed 6 SMC AP if wireless g ...

Page 160: ...l selection Command Mode Interface Configuration Wireless Command Usage The available channel settings are limited by local regulations which determine the number of channels that are available When multiple access points are deployed in the same area be sure to choose a channel separated by at least four channels for 802 11a to avoid having the channels interfere with each other and at least five...

Page 161: ...hat provides a higher data rate of up to 108 Mbps Enabling Turbo Mode allows the access point to provide connections up to 108 Mbps In normal mode the access point provides a channel bandwidth of 20 MHz and supports the maximum number of channels permitted by local regulations e g 11 channels for the United States In Turbo Mode the channel bandwidth is increased to 40 MHz to support the increased ...

Page 162: ...ireless Command Usage Clients that want to connect to the wireless network via an access point must set their SSIDs to the same as that of the access point Example beacon interval This command configures the rate at which beacon signals are transmitted from the access point Syntax beacon interval interval interval The rate for transmitting beacon signals Range 20 1000 milliseconds Default Setting ...

Page 163: ...al interval Interval between the beacon frames that transmit broadcast or multicast traffic Range 1 255 beacon frames Default Setting 2 Command Mode Interface Configuration Wireless Command Usage The Delivery Traffic Indication Map DTIM packet interval value indicates how often the MAC layer forwards broadcast multicast traffic This parameter is necessary to wake up stations that are using Power S...

Page 164: ...tion length This command configures the minimum packet size that can be fragmented when passing through the access point Syntax fragmentation length length length Minimum packet size for which fragmentation is allowed Range 256 2346 bytes Default Setting 2346 Command Mode Interface Configuration Wireless Command Usage If the packet size is smaller than the preset Fragment size the packet will not ...

Page 165: ...he sending station starting communications Syntax rts threshold threshold threshold Threshold packet size for which to send an RTS Range 0 2347 bytes Default Setting 2347 Command Mode Interface Configuration Wireless Command Usage If the threshold is set to 0 the access point never sends RTS signals If set to 2347 the access point always sends RTS signals If set to any other value and the packet s...

Page 166: ...ication open shared open Accepts the client without verifying its identity using a shared key shared Authentication is based on a shared key that has been distributed to all stations Default Setting open Command Mode Interface Configuration Wireless Command Usage Shared key authentication can only be used when WEP is enabled with the encryption command and at least one static WEP key has been defi...

Page 167: ... encryption key Options 64 128 or 152 bits Default Setting disabled Command Mode Interface Configuration Wireless Command Usage Wired Equivalent Privacy WEP is implemented in this device to prevent unauthorized access to your wireless network For more secure data transmissions enable WEP with this command and set at least one static WEP key with the key command The WEP settings must be the same on...

Page 168: ...y index index Key index Range 1 4 size Key size Options 64 128 or 152 bits type Input format Options ASCII HEX value The key string For ASCII input use 5 13 alphanumeric characters for 64 128 bit strings For HEX input use 10 26 hexadecimal digits for 64 128 bit strings Default Setting None Command Mode Interface Configuration Wireless Command Usage To enable Wired Equivalent Privacy WEP use the au...

Page 169: ...f the key to be used for encrypting data frames broadcast or multicast from the access point to wireless clients Syntax transmit key index index Key index Range 1 4 Default Setting 1 Command Mode Interface Configuration Wireless Command Usage If you use WEP key encryption the access point uses the transmit key to encrypt multicast and broadcast data signals SMC AP if wireless g key 1 64 hex 123451...

Page 170: ...ower of the radio signals transmitted from the access point Syntax transmit power signal strength signal strength Signal strength transmitted from the access point Options full half quarter eighth min Default Setting full Command Mode Interface Configuration Wireless Command Usage The min keyword indicates minimum power The longer the transmission distance the higher the transmission power require...

Page 171: ...figures the maximum number of clients that can be associated with the access point at the same time Syntax max association count count Maximum number of associated stations Range 0 64 Default Setting 64 Command Mode Interface Configuration Wireless Example SMC AP if wireless g transmit power half SMC AP if wireless g SMC AP if wireless g max association 32 SMC AP if wireless g ...

Page 172: ...ic must be the same for all clients This command sets the encryption type that is supported by all clients If any clients supported by the access point are not WPA enabled the multicast cipher algorithm must be set to WEP WEP is the first generation security protocol used to encrypt data crossing the wireless medium using a fairly short key Communicating devices must use the same WEP key to encryp...

Page 173: ...s the successor to the Data Encryption Standard DES encryption algorithm and will be used by the U S government for encrypting all sensitive nonclassified information Because of its strength and resistance to attack AES is also being incorporated as part of the 802 11 standard Example wpa clients This command defines whether Wi Fi Protected Access WPA is required or optionally supported for client...

Page 174: ...ge integrity check an extended initialization vector with sequencing rules and a re keying mechanism Enterprise level User Authentication via 802 1x and EAP To strengthen user authentication WPA uses 802 1x and the Extensible Authentication Protocol EAP Used together these protocols provide strong user authentication via a central RADIUS authentication server that authenticates each user on the ne...

Page 175: ...t has to be WPA enabled or support 802 1x client software A RADIUS server must also be configured and be available in the wired network In the dynamic mode keys are generated for each wireless client associating with the access point These keys are regenerated periodically and also each time the wireless client is re authenticated When the WPA mode is set to pre shared key the key must first be ge...

Page 176: ...ace Configuration Wireless Command Usage To support Wi Fi Protected Access WPA for client authentication use the wpa clients command to specify the authentication type use the wpa mode command to specify pre shared key mode and use this command to configure one static key If WPA is used with pre shared key mode all wireless clients must be configured with the same pre shared key to communicate wit...

Page 177: ...WPA preshared key type Syntax wpa psk type type type Input format Options Alphanumeric HEX Default Setting HEX Command Mode Interface Configuration Wireless Example Related Commands wpa preshared key page 6 90 SMC AP if wireless a wpa preshared key ASCII agoodsecret SMC AP if wireless a ...

Page 178: ...mmand disables the wireless interface Use the no form to restart the interface Syntax shutdown no shutdown Default Setting Interface enabled Command Mode Interface Configuration Wireless Example SMC AP if wireless g shutdown SMC AP if wireless g ...

Page 179: ...erprise 802 11g Access Point SSID Enterprise Wireless AP Channel 0 AUTO Status Disable 802 11 Parameters Transmit Power FULL 5 dBm Max Station Data Rate 54Mbps Fragmentation Threshold 2346 bytes RTS Threshold 2347 bytes Beacon Interval 100 TUs DTIM Interval 2 beacons Maximum Association 64 stations Security Closed System DISABLED Multicast cipher WEP Unicast cipher WEP WPA clients SUPPORTED Encryp...

Page 180: ... This command shows the wireless clients associated with the access point Command Mode Exec Example SMC AP show station 802 11g Station Table Station Address 00 04 E2 41 C2 9D Authenticated TRUE Associated TRUE Forwarding Allowed TRUE SMC AP ...

Page 181: ...oaming between different 802 11f compliant access points Use the no form to disable 802 11f signaling Syntax iapp no iapp Default Enabled Command Mode Global Configuration Command Usage The current 802 11 standard does not specify the signaling required between access points in order to support clients roaming from one access point to another In particular this can create a problem for clients roa...

Page 182: ... must be configured on the RADIUS server for each user authorized to access the network If a user does not have a configured VLAN ID the access point assigns the user to its own configured native VLAN ID Note When VLANs are enabled the access point s Ethernet port drops all received traffic that does not include a VLAN tag To maintain network connectivity to the access point and wireless clients b...

Page 183: ...configured for each client on the RADIUS server If the VLAN ID has not been configured for a client on the RADIUS server then the frames are tagged with the access point s native VLAN ID Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point s native VLAN ID or with a VLAN tag that matches one of the wireless clients currently associated with the access poin...

Page 184: ...VLANs are enabled on the access point a VLAN ID a number between 1 and 4095 can be assigned to each client after successful authentication using IEEE 802 1x and a central RADIUS server If a wireless client does not have a VLAN ID configured on the RADIUS server the access point assigns the user to its own configured native VLAN ID a number between 1 and 64 Example Related Commands vlan page 6 97 S...

Page 185: ... If authentication is being performed through a RADIUS server ensure that the clients are properly configured on the RADIUS server If authentication is being performed through IEEE 802 1x be sure the wireless users have installed and properly configured 802 1x client software If MAC address filtering is enabled be sure the client s address is included in the local filtering database or on the RADI...

Page 186: ...he wireless interface that you are using has not been disabled If you are connecting to the access point through the wired Ethernet interface check the network cabling between the management station and the access point If you are connecting to access point from a wireless client ensure that you have a valid connection to the access point If you cannot connect using Telnet you may have exceeded th...

Page 187: ...anagement interface 5 If all other recovery measure fail and the access point is still not functioning properly take any of these steps Reset the access point s hardware using the console interface web interface or through a power reset Reset the access point to its default configuration by pressing the reset button on the back panel for 5 seconds or more Then use the default user name smcadmin wi...

Page 188: ...6 Mbps Outdoors1 40 m 131 ft 85 m 279 ft 250 m 820 ft 310 m 1016 ft 400 m 1311 ft 445 m 1459 ft 455 m 1492 ft 465 m 1525 ft 510 m 1672 ft Indoors2 20 m 66 ft 25 m 82 ft 35 m 115 ft 40 m 131 ft 45 m 148 ft 50 m 164 ft 55 m 180 ft 66 m 216 ft 70 m 230 ft 802 11b Wireless Distance Table Speed and Distance Ranges Environment 11 Mbps 5 5 Mbps 2 Mbps 1 Mbps Outdoors1 300 m 984 ft 465 m 1525 ft 500 m 163...

Page 189: ... two different colors For example one wire might be red and the other red with white stripes Also an RJ 45 connector must be attached to both ends of the cable Caution Each wire pair must be attached to the RJ 45 connectors in a specific orientation See Straight Through Wiring on page B 3 and Crossover Wiring on page B 3 for an explanation The following figure illustrates how the pins on the RJ 45...

Page 190: ...u must use crossover cables for connections to PCs or servers and straight through cable for connections to switches or hubs However when connecting to devices that support automatic MDI MDI X pinout configuration you can use either straight through or crossover cable 10 100BASE TX MDI and MDI X Port Pinouts Pin MDI X Signal Name MDI Signal Name 1 Receive Data plus RD Transmit Data plus TD 2 Recei...

Page 191: ... on the access point uses an MDI pin configuration you must use crossover cable for network connections to PCs servers or other end nodes that only have MDI ports However if the device to which you are connecting supports auto MDIX operation you can use either straight through or crossover cable White Orange Stripe Orange White Green Stripe Green 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 EIA TIA 568B RJ 45 ...

Page 192: ...Serial Cable Signal serial port Pin Signal management console port Unused 1 Unused TXD transmit data 2 RXD receive data RXD receive data 3 TXD transmit data Unused 4 Unused GND ground 5 GND ground Unused 6 Unused CTS clear to send 7 RTS request to send RTS request to send 8 CTS clear to send Unused 9 Unused Note The left hand column pin assignments are for the female DB 9 connector on the access p...

Page 193: ...r DB 9 Ports Serial Cable Signal Directions for DB 25 Ports DB 9 to DB 9 AP Terminal or PC 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 DB 9 to DB 25 AP Terminal or PC 1 2 3 4 5 6 7 8 9 8 3 2 20 7 6 4 5 22 Reserved Reserved Reserved Reserved Reserved Reserved Reserved Reserved ...

Page 194: ...Cables and Pinouts B 6 ...

Page 195: ...10 13 MKK 1 14 Maximum Clients 64 Operating Range See Maximum Distance Table on page A 4 Data Rate 802 11a Normal Mode 6 9 12 18 24 36 48 54 Mbps per channel Turbo Mode 12 18 24 36 48 72 96 108 Mbps per channel 802 11g 6 9 11 12 18 24 36 48 54 Mbps per channel 802 11b 1 2 5 5 11 Mbps per channel Modulation Type 802 11a BPSK QPSK 16 QAM 64 QAM 802 11g CCK BPSK QPSK OFDM 802 11b CCK BPSK QPSK Networ...

Page 196: ...olts 0 27A 12 96 watts Note Power can also be provided to the access point through the Ethernet port based on IEEE 802 3af Power over Ethernet PoE specifications When both PoE is provided and the adapter is plugged in PoE will be turned off Physical Size 21 83 x 13 73 x 3 27 cm 8 60 x 5 40 x 1 29 in Weight 0 80 kg 1 76 lbs LED Indicators PWR Power Ethernet Link Ethernet Link Activity 11a and 11g W...

Page 197: ...gnal Certification FCC Part 15 247 2 4GHz FCC part 15 15 407 b CISPR 22 96 RSS 210 Canada EN 55022 EN55024 EN 300 328 EN 300 826 EN 61000 3 2 EN61000 3 3 ETSI300 328 ETS 300 826 802 11b MPT RCR std 33 D33 1 13 Channel T66 Channel 14 Safety CSA NTRL CSA 22 2 No 950 UL 1950 EN60950 TÜV GS IEC60950 CB LVD EN 60950 Standards IEEE 802 3 10BASE T IEEE 802 3u 100BASE TX IEEE 802 11a b g ...

Page 198: ...87 87 QPSK 12 Mbps 86 86 86 86 QPSK 18 Mbps 84 84 84 84 16 QAM 24 Mbps 82 81 81 81 16 QAM 36 Mbps 80 79 78 78 64 QAM 48 Mbps 73 73 73 73 64QAM 54 Mbps 70 70 69 67 IEEE 802 11g Data Rate Sensitivity dBm 6 Mbps 88 9 Mbps 87 12 Mbps 86 17 Mbps 85 24 Mbps 81 36 Mbps 77 48 Mbps 72 54 Mbps 70 IEEE 802 11b Data Rate Sensitivity dBm 1 Mbps 93 2 Mbps 90 5 5 Mbps 90 11 Mbps 87 ...

Page 199: ... 17 17 17 17 36 Mbps 17 17 17 17 48 Mbps 17 17 17 17 54 Mbps 12 17 17 16 IEEE 802 11g Maximum Output Power GHz dBm Data Rate 2 412 2 417 2 467 2 472 6 Mbps 20 20 18 9 Mbps 20 20 18 12 Mbps 20 20 18 18 Mbps 20 20 18 24 Mbps 20 20 18 36 Mbps 18 19 17 48 Mbps 17 16 15 54 Mbps 15 14 13 IEEE 802 11b Maximum Output Power GHz dBm Data Rate 2 412 2 417 2 467 2 472 1 Mbps 15 16 15 2 Mbps 15 16 15 5 5 Mbps ...

Page 200: ...Specifications C 6 ...

Page 201: ...red network support the creation of multiple radio cells that enable roaming throughout a facility Ad Hoc A group of computers connected as an independent wireless network without an access point Advanced Encryption Standard AES An encryption algorithm that implements symmetric key cryptography AES provides very strong encryption using a completely different ciphering algorithm to TKIP and WEP Aut...

Page 202: ...Broadcast keys are sent to stations using 802 1x dynamic keying Dynamic broadcast key rotation is often used to allow the access point to generate a random group key and periodically update all key management capable wireless clients CSMA CA Carrier Sense Multiple Access with Collision Avoidance Dynamic Host Configuration Protocol DHCP Provides a framework for passing configuration information to ...

Page 203: ...ver Ethernet A popular local area data communications network which accepts transmission from computers and terminals File Transfer Protocol FTP A TCP IP protocol used for file transfer Hypertext Transfer Protocol HTTP HTTP is a standard used to transmit and receive all data over the World Wide Web Internet Control Message Protocol ICMP A network layer protocol that reports errors in processing IP...

Page 204: ...24 36 48 54 Mbps IEEE 802 11g is also backward compatible with IEEE 802 11b IEEE 802 1x Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication Infrastructure An integrated wireless and wired LAN is called an infrastructure configuration Inter Access Point Protocol IAPP A protocol that specifies the wireless signaling requ...

Page 205: ...ing ODFM OFDM allows multiple users to transmit in an allocated band by dividing the bandwidth into many narrow bandwidth carriers Power over Ethernet PoE A specification for providing both power and data to low power network devices using a single Category 5 Ethernet cable PoE provides greater flexibility in the locating of access point s and network devices and significantly decreased installati...

Page 206: ...to authenticate each client attached to a wireless network Shared Key authentication must be used along with the 802 11 Wireless Equivalent Privacy algorithm Simple Network Management Protocol SNMP The application protocol in the Internet suite of protocols which offers network management services Simple Network Time Protocol SNTP SNTP allows a device to set its internal clock based on periodic up...

Page 207: ... the same LAN Wi Fi Protected Access WPA employs 802 1x as its basic framework for user authentication and dynamic key management to provide an enhanced security solution for 802 11 wireless networks Wired Equivalent Privacy WEP WEP is based on the use of security keys and the popular RC4 encryption algorithm Wireless devices without a valid WEP key will be excluded from network traffic WPA Pre sh...

Page 208: ...Glossary Glossary 8 ...

Page 209: ...nd line interface See CLI community name configuring 5 16 6 32 community string 5 17 6 32 configuration settings saving or restoring 5 21 6 39 configuration initial setup 4 1 console port 1 5 connecting 2 3 pin assignments B 4 required settings 4 2 crossover cable B 3 CSMA CA 1 1 CTS 5 28 6 79 D data rate options C 1 device status displaying 5 40 6 30 DHCP 4 8 5 5 5 6 6 67 6 68 distances maximum A...

Page 210: ...7 6 74 IEEE 802 11b 5 25 IEEE 802 11f 6 95 IEEE 802 11g 5 25 configuring interface 5 29 6 65 maximum data rate 5 30 6 73 radio channel 5 30 6 74 IEEE 802 1x 5 36 6 47 configuring 5 11 6 47 initial setup 4 1 installation hardware 2 1 mounting 2 1 IP address BOOTP DHCP 6 67 6 68 configuring 4 3 4 8 5 5 6 67 6 68 L LED indicators 1 4 lock Kensington 2 1 log messages 5 23 5 44 6 22 server 5 22 6 22 lo...

Page 211: ...ton 1 6 5 21 resetting the access point 5 21 6 14 restarting the system 5 21 6 14 RJ 45 port configuring duplex mode 6 70 configuring speed 6 70 RTS threshold 5 28 5 29 6 79 S security options 5 31 5 32 session key 5 11 5 12 6 50 shared key 4 9 5 34 6 82 Simple Network Management Protocol See SNMP Simple Network Time Protocol See SNTP SNMP 5 16 6 32 community name 5 16 6 32 community string 6 32 e...

Page 212: ... 6 84 trap destination 5 17 6 35 trap manager 5 17 6 35 troubleshooting A 1 U upgrading software 5 19 6 39 user name manager 5 18 6 19 user password 5 18 6 19 V VLAN configuration 5 14 6 97 native ID 5 14 6 98 W WEP 5 33 6 81 configuring 5 33 5 34 6 81 shared key 5 34 6 82 Wi Fi Protected Access See WPA Wired Equivalent Protection See WEP WPA 5 36 6 89 authentication over 802 11x 5 38 6 88 pre sha...

Page 213: ......

Page 214: ...02 739 14 17 Benelux 31 33 455 72 88 Fax 31 33 455 73 30 Central Europe 49 0 89 92861 0 Fax 49 0 89 92861 230 Nordic 46 0 868 70700 Fax 46 0 887 62 62 Eastern Europe 34 93 477 4920 Fax 34 93 477 3774 Sub Saharian Africa 27 0126610232 Fax 27 11 314 9133 North West Africa 216 71236616 Fax 216 71751415 CIS 7 095 789 35 73 Fax 7 095 789 35 73 PRC Beijing 86 10 8251 1550 Fax 86 10 8251 1551 PRC Shangha...