H3C WA Series, Fundamentals Configuration Manual

Page 1: ...H3C WA Series WLAN Access Points Fundamentals Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Document Version 6W100 20100910...

Page 2: ...re Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the...

Page 3: ...cal support and servicing engineers z Network administrators working with the WA series Conventions This section describes the conventions used in this documentation set Command conventions Convention...

Page 4: ...et The H3C WA documentation set includes Category Documents Purposes Marketing brochures Describe product specifications and benefits Product description and specifications Technology white papers Pro...

Page 5: ...tation on the World Wide Web at http www h3c com Click the links on the top navigation bar to obtain different categories of product documentation Technical Support Documents Technical Documents Provi...

Page 6: ...nfiguring CLI Hotkeys 4 15 Configuring Command Aliases 4 16 Synchronous Information Output 4 17 Configuring Command Levels 4 18 Saving Configurations 4 19 5 Controlling Login Users 5 1 Introduction 5...

Page 7: ...iguration Rollback 7 3 Specifying a Configuration File to Be Used at the Next Startup 7 6 Backing Up the Startup Configuration File 7 7 Deleting the Startup Configuration File to Be Used at the Next S...

Page 8: ...iew 11 2 Configuring the AP Name 11 3 Configuring the System Clock 11 3 Configuring the System Clock 11 3 Displaying the System Clock 11 3 Enabling Disabling the Display of Copyright Information 11 5...

Page 9: ...ort 14 3 Introduction to Local Console Port Login 14 3 Logging In Through the Console Port 14 3 Configuring Common Settings for Console Login 14 6 Configuring None Authentication for Console Port Logi...

Page 10: ...v 15 Index 15 1...

Page 11: ...ess points include the WA2200 series and WA2600 series Table 1 1 shows the applicable models and software versions Table 1 1 Applicable models and software versions Series Model Software version WA221...

Page 12: ...Not supported Supported 802 11n radio mode Not supported Supported 802 11n bandwidth mode Not supported Supported WLAN Configuration Guide 802 11n rate configuration Not supported Supported Optical E...

Page 13: ...that support the 802 11b g radio mode support this command Only APs that support the 802 11b g radio mode support this command radio type Keywords dot11an and dot11gn not supported Supported WLAN serv...

Page 14: ...hing Command Reference The maximum number of unknown unicast packets allowed on an Ethernet interface per second unicast suppression ratio pps max pps pps max pps ranges from 1 to 148810 pps max pps r...

Page 15: ...es and mesh APs 4 CLI Configuration This chapter includes these sections z What Is CLI z Entering the CLI z CLI Description z Using the CLI z Configuring the CLI What Is CLI The command line interface...

Page 16: ...ering CLI Through the Console Port When you use the CLI of an AP for the first time you can log in to the AP and enter the CLI through the console port only Follow these steps to log in to your AP and...

Page 17: ...hen the DB 9 connector 2 Launch a terminal emulation utility on your PC In this chapter the HyperTerminal in Windows XP is used as an example Click Start All Programs Accessories Communications HyperT...

Page 18: ...M1 Properties window as shown in Figure 4 5 appears On the window set Bits per second to 9600 Data bits to 8 Parity to None Stop bits to 1 and Flow control to None Click OK Figure 4 5 Set the properti...

Page 19: ...erties on the HyperTerminal window and the test Properties window appears Select the Settings tab as shown in Figure 4 7 select VT100 from the Emulation drop down list and then click OK Figure 4 7 Sel...

Page 20: ...ntication methods To restrict the login to your access point three Telnet login authentication methods are provided Select a proper method according to your network conditions Table 4 1 Telnet login a...

Page 21: ...face 1 Sysname interface vlan interface 1 Assign an IP address to VLAN interface 1 192 168 0 72 for example Sysname Vlan interface1 ip address 192 168 0 72 24 Sysname Vlan interface1 quit Enter the vi...

Page 22: ...eaning according to Table 4 2 Figure 4 9 Read command line parameters For example you can type the following command line at the CLI of your AP and press Enter to set the switch system time to 10 o cl...

Page 23: ...point Returning to user view To return to user view from any non user view you do not have to execute the quit command repeatedly Instead you can use the return command or press Ctrl Z Follow these s...

Page 24: ...ecute the command by pressing Enter Type a character string followed by a The CLI displays all commands starting with this string Sysname c cd clock copy Type part of a keyword followed by The CLI dis...

Page 25: ...character to the left of the cursor and move the cursor back one character Left arrow key or Ctrl B The cursor moves one character space to the left Right arrow key or Ctrl F The cursor moves one cha...

Page 26: ...m saves them as different commands For example if you execute the display cu command repeatedly the system saves only one command in the history command buffer If you execute the command in the format...

Page 27: ...of the screen length command are multiple screen display is enabled and up to 24 lines are displayed on the next screen This command is executed in user view and takes effect for the current user onl...

Page 28: ...For example 16A matches a string containing any character among 1 6 and A 1 36A matches a string containing any character among 1 2 3 6 and A is a hyphen can be matched as a common character only when...

Page 29: ...f a special character listed in this table follows the specific meaning of the character is removed For example matches a string containing matches a string containing and b matches a string containin...

Page 30: ...rsor Ctrl Z Returns to user view Ctrl Terminates an incoming connection or a redirect connection Esc B Moves the cursor to the leading character of the continuous string to the left Esc D Deletes all...

Page 31: ...e original format of the keyword is displayed z You can replace only the first keyword of a non undo command instead of the complete command and you can replace only the second keyword of an undo comm...

Page 32: ...commands for network diagnosis and commands for accessing an external device Configuration of commands at this level cannot survive a device restart Upon device restart the commands at this level will...

Page 33: ...command level or change the command level under the guidance of professional staff because an improper command level change brings inconvenience to your maintenance and operation or even potential sec...

Page 34: ...tion Multiple ways are available for controlling different types of login users as listed in Table 5 1 Table 5 1 Ways to control different types of login users Login mode Control method Implementation...

Page 35: ...Addresses This configuration needs to be implemented by basic ACL a basic ACL ranges from 2000 to 2999 For more information about ACLs see ACL in the ACL and QoS Configuration Guide Follow these step...

Page 36: ...The inbound keyword specifies to filter the users trying to Telnet to the current access point The outbound keyword specifies to filter users trying to Telnet to other switches from the current acces...

Page 37: ...ermit source 10 110 100 52 0 Sysname acl basic 2000 rule 2 permit source 10 110 100 46 0 Sysname acl basic 2000 rule 3 deny source any Sysname acl basic 2000 quit Apply the ACL to only permit Telnet u...

Page 38: ...e ACL while configuring the SNMP community name snmp agent community read write community name acl acl number mib view view name Apply the ACL while configuring the SNMP group name snmp agent group v1...

Page 39: ...upport Web based remote management which allows Web users to access the access points using the HTTP protocol By referencing access control lists ACLs you can control the access of Web users to the ac...

Page 40: ...e Web users free web users all user id user id user name user name Required Use this command in user view Configuration Example Network requirements Configure a basic ACL to allow only Web users that...

Page 41: ...cessary for the operation of the device are saved in the storage media of the device You can manage files on your device through these operations Directory Operations File Operations Batch Operations...

Page 42: ...the specified directory file information and so on Displaying directory information To do Use the command Remarks Display directory or file information dir all file url Required Available in user view...

Page 43: ...a file by copying downloading or using the save command For more information about the save command see File Management in the Fundamentals Command Reference Displaying file information To do Use the...

Page 44: ...of this command equals that you execute the delete file url command and then the reset recycle bin command in the same directory Restoring a file from the recycle bin To do Use the command Remarks Re...

Page 45: ...command formats the storage medium and all the data on the storage medium is deleted Use the following commands to manage the storage medium space To do Use the command Remarks Restore the space of a...

Page 46: ...10 10 10 test bin 1 rw 1442 Apr 26 2000 13 01 09 startup cfg 2 rw 393216 Oct 12 2007 13 12 48 extendbtm bin 6477 KB total 2046 KB free Create new folder mytest in the test directory Sysname cd test S...

Page 47: ...operation and it also includes the new configuration added during the system operation The current running configuration is stored in the temporary storage medium of the device and will be removed if...

Page 48: ...configuration on your device at the CLI To use the modified configuration for the next startup you must save it using the save command to the configuration file You can save the configuration in eithe...

Page 49: ...file that is generated by using the backup function manually or automatically Configuration rollback can be applied in these situations z Running configuration error Rolling back the running configura...

Page 50: ...not processed as saved configuration files The number of saved configuration files has an upper limit After the maximum number of files is saved the system deletes the oldest files when the next conf...

Page 51: ...automatic saving of the current running configuration and set the interval archive configuration interval minutes Optional Disabled by default The path and filename prefix for saving configuration fi...

Page 52: ...g the save or archive configuration command or the file is copied from a different type of device the configuration cannot be rolled back Make sure that the replacement configuration file is correct a...

Page 53: ...the startup configuration file to be used at the next system startup at the CLI On a device that has the main and backup startup configuration files you can choose to delete either the main or backup...

Page 54: ...ion to read and write z When the command is successfully executed you can use the display startup command in user view to view whether the filename of the configuration file to be used at the next sta...

Page 55: ...7 9 For detailed description of the display this and display current configuration commands see Basic System Configuration in the Fundamentals Command Reference...

Page 56: ...FTP uses TCP ports 20 and 21 for file transfer Port 20 is used to transmit data and port 21 to transmit control commands See RFC 959 for details of FTP basic operation FTP transmits files in two modes...

Page 57: ...an either use the ftp command to establish the connection directly or use the open command in FTP client view to establish the connection Source address binding means to configure an IP address on a s...

Page 58: ...erver directly in user view ftp server address service port source interface interface type interface number ip source ip address ftp Log in to the remote FTP server indirectly in FTP client view open...

Page 59: ...e to binary binary Optional ASCII by default Change the working path on the remote FTP server cd directory Optional Exit the current directory and enter the upper level directory cdup Optional Display...

Page 60: ...es of and date of creation of files or directories z The commands listed in the above table are only available for level 3 manage level users logging in to the device which serves as the FTP client Ho...

Page 61: ...inary 200 Type set to I Download boot file newest app from PC to the device ftp get test bin 227 Entering Passive Mode 10 1 1 1 4 1 125 BINARY mode data connection already open transfer starting for t...

Page 62: ...orage medium For more information about the boot loader command see Device Management in the Fundamentals Command Reference Displaying and Maintaining FTP To do Use the command Remarks Display the con...

Page 63: ...client sends a read request to the TFTP server receives data from the server and then sends the acknowledgement to the server z In a normal file uploading process the client sends a write request to t...

Page 64: ...existing in the current directory as the target filename when downloading the startup file or the startup configuration file Source address binding means to configure an IP address on a stable interf...

Page 65: ...k tftp ipv6 tftp ipv6 server i interface type interface number get put source file destination file Optional Available in user view z If no primary IP address is configured on the source interface no...

Page 66: ...mmand to delete the files not in use and then perform the following operations Enter system view Sysname system view Download boot file test bin from PC to the AP Sysname tftp 1 2 1 1 get test bin Upl...

Page 67: ...ice Management Configuration z Device Management Configuration Example In this document an application file is named as test bin which is for reference only Device Management Overview Through the devi...

Page 68: ...centralized device To do Use the command Remarks Enter system view system view Configure the exception handling method system failure maintain reboot Optional By default the system adopts the reboot m...

Page 69: ...vice Management in the Fundamentals Command Reference z The precision of the rebooting timer is 1 minute One minute before the rebooting time the AP will prompt REBOOT IN ONE MINUTE and will reboot in...

Page 70: ...sed view names include monitor for user view system for system view Etherentx x x for Ethernet interface view Wlan radiox x x for radio interface view and Vlan interfacex for VLAN interface view z tim...

Page 71: ...steps to upgrade the Boot ROM program 1 Copy the Boot ROM program to the root directory of the AP s storage medium using FTP or TFTP 2 Use a command to specify the Boot ROM program for the next boot 3...

Page 72: ...e Current System In practical networks the network management software requires the AP to provide a uniform stable 16 bit interface index That is a one to one relationship should be kept between the i...

Page 73: ...ry of a device display memory Display the reboot type of a device display reboot type Display the reboot time of a device display schedule reboot Display detailed configurations of the scheduled autom...

Page 74: ...have access to the aaa directory FTP Server luser aaa level 3 FTP Server luser aaa service type ftp FTP Server luser aaa work directory flash aaa z Configuration on AP If the size of the Flash on the...

Page 75: ...Ware file of the main board AP bootrom update file boot btm Specify the application program for the next boot of the main board AP boot loader file test bin Reboot the AP to validate the application p...

Page 76: ...uration The currently running configuration on the AP The current configuration is stored in a temporary storage medium You must save a setting you have made so it can survive a reboot z Saved configu...

Page 77: ...ks Enter system view from user view system view Required Available in user view Exiting the Current View The system divides the command line interface into multiple command views which adopts a hierar...

Page 78: ...date clock datetime time date Optional Available in user view Enter system view system view Set the time zone clock timezone zone name add minus zone offset Optional Universal time coordinated UTC tim...

Page 79: ...igure clock summer time ss one off 1 00 2006 1 1 1 00 2006 8 8 2 Display 01 00 00 UTC Sat 01 01 2005 3 If the original system clock is in the daylight saving time range the original system clock summe...

Page 80: ...me ss one off 1 00 2008 1 1 1 00 2008 8 8 2 and clock datetime 1 00 2007 1 1 Display 01 00 00 zone time Mon 01 01 2007 If date time is not in the daylight saving time range date time is displayed Conf...

Page 81: ...banner also called authorization information The system displays some copyright or authorization information and then displays the legal banner before a user logs in waiting for the user to confirm w...

Page 82: ...displayed at login authentication header login text Optional Configure the authorization information before login header legal text Optional Configure the banner to be displayed when a user enters use...

Page 83: ...of the cursor Ctrl K Terminates an outgoing connection Ctrl N Displays the next command in the history command buffer Ctrl P Displays the previous command in the history command buffer Ctrl R Redispla...

Page 84: ...z When you define a command alias the cmdkey and alias arguments must be in complete form z With the command alias function enabled when you input an incomplete keyword which partially matches both a...

Page 85: ...uration commands including routing and commands at each level of the network for providing services By default commands at this level include all configuration commands except for those at manage leve...

Page 86: ...eference z For more information about the AAA authentication see AAA in the Security Configuration Guide For more information about the local user and authorization attribute commands see AAA in the S...

Page 87: ...the user privilege level as 1 No authentication to users brings potential security problem Therefore you are recommended to use it in a secure network environment Sysname system view Sysname user inte...

Page 88: ...rt and only a few display commands The switching of user privilege level is effective for the current login after the user relogs in the user privilege restores to the original level z To avoid misope...

Page 89: ...n mode local scheme Optional local by default Configure the password used for the local authentication mode for user privilege level switch super password level user level simple cipher password Requi...

Page 90: ...nance and operation or even potential security problem Configuring the Number of Concurrent Users Follow these steps to configure the number of concurrent users To do Use the command Remarks Enter sys...

Page 91: ...ostic information command equals execution of the commands display clock display version display device and display current configuration one by one These commands depend on the AP model z For informa...

Page 92: ...ines The following are the types of online help available with the CLI z Full help z Fuzzy help To obtain the desired help information you can 1 Enter in any view to access all the commands in this vi...

Page 93: ...e feature that if the user s input is interrupted by system output then after the completion of system output the system will display a command line prompt and your input so far and you can continue y...

Page 94: ...defined in Table 11 4 or you can define shortcut keys by yourself For details see Configuring CLI Hotkeys CLI Display With the output information filtering function you can quickly find the informatio...

Page 95: ...ontained within the brackets For example 16A matches a string containing any character among 1 6 and A 1 36A matches a string containing any character among 1 2 3 6 and A is a hyphen can be matched as...

Page 96: ...splays the information in multiple screens Generally 24 lines are displayed on one screen and you can also use the screen length command to set the number of lines displayed on the next screen For mor...

Page 97: ...mand repeatedly the AP saves only the earliest command However if you execute the same command in different formats the system considers them as different commands For example if you execute the displ...

Page 98: ...found Parameter type error Unrecognized command found at position The parameter value is beyond the allowed range Incomplete command found at position Incomplete command Ambiguous command found at pos...

Page 99: ...ple HTTP Overview The Hypertext Transfer Protocol HTTP is used for transferring web page information across the Internet It is an application level protocol in the TCP IP protocol suite The connection...

Page 100: ...do Use the command Remarks Enter system view system view Enable the HTTP service ip http enable Required The default setting varies with devices Configuring the Port Number of the HTTP Service Config...

Page 101: ...only associated with the last specified ACL z When the HTTP service is associated with a WLAN ACL the HTTP service uses this ACL to filter wireless clients only and does not filter wired clients with...

Page 102: ...c 2000 rule permit source 10 1 1 0 0 0 0 255 Device acl basic 2000 quit Associate the HTTP service to ACL 2000 Device ip http acl 2000 Enable the HTTP service Device ip http enable 2 Verify the config...

Page 103: ...re the legal clients to access the device securely and prohibit the illegal clients z Encrypts the data exchanged between the HTTPS client and the device to ensure the data security and integrity thus...

Page 104: ...er policy command is executed repeatedly the HTTPS service is only associated with the last specified SSL server policy z When the HTTPS service is disabled the association between the HTTPS service a...

Page 105: ...to associate the HTTPS service with a certificate attribute access control policy To do Use the command Remarks Enter system view system view Associate the HTTPS service with a certificate attribute a...

Page 106: ...number Required Not associated by default z The HTTPS service can be associated with a WLAN ACL with the ACL numbers 100 to 199 and basic ACL with the ACL numbers 2000 to 2999 and the two types of ACL...

Page 107: ...o Device is new ca z In this configuration example Windows Server serves as CA and you need to install Simple Certificate Enrollment Protocol SCEP component z Before the following configurations ensur...

Page 108: ...control policy myacp and create a control rule specifying that a certificate is considered valid when it matches the attribute rule in certificate attribute group mygroup Device pki certificate access...

Page 109: ...http z For more information about PKI commands see PKI in the Security Command Reference z For more information about the public key local create rsa command see Public Key in the Security Command Re...

Page 110: ...ging In Through the Console Port z Logging In Through Telnet z Logging In Through SSH z Logging In Through a Web Based Network Management System z Logging In Through an NMS Introduction to User Interf...

Page 111: ...lute numbering and relative numbering 1 Absolute numbering z The console user interface is numbered first with the absolute number 0 z VTY user interfaces are numbered after the console user interface...

Page 112: ...onfiguration of the user terminal must be in accordance with that of the console port Table 14 2 lists the default settings of a console port Table 14 2 The default settings of a console port Setting...

Page 113: ...this document If you use Windows 2008 Server Windows 7 Windows Vista or any other operating system on your PC use the third party terminal software For how to use the third party terminal software see...

Page 114: ...parameters terminal window Step3 Turn on the AP You are prompted to press Enter if the AP successfully completes the power on self test POST The prompt such as WA2610E GNP appears after you press Ente...

Page 115: ...ter system view system view Enter console user interface view user interface console 0 Baud rate speed speed value Optional The default baud rate is 9 600 bps Check mode parity even mark none odd spac...

Page 116: ...on between the device and the user in timeout time Setting idle timeout to 0 disables the timer Common console login configuration takes effect immediately The connection may be interrupted when you p...

Page 117: ...ew Enter console user interface view user interface console 0 Specify the none authentication mode authentication mode none Required By default users that log in through the console port are not authe...

Page 118: ...uffer can store to 20 Sysname ui console0 history command max size 20 Set the timeout time of the console user interface to 6 minutes Sysname ui console0 idle timeout 6 To ensure successful login chan...

Page 119: ...n with the authentication mode password 3 Configuration procedure Enter system view Sysname system view Enter console user interface view Sysname user interface console 0 Specify the password authenti...

Page 120: ...ing scheme by providing the radius scheme name argument perform the following configuration as well z Perform AAA RADIUS configuration on the AP For more information see AAA in the Security Configurat...

Page 121: ...contain up to 30 lines z Configure the history command buffer to contain up to 20 commands z Configure the timeout time of the console user interface as 6 minutes Figure 14 8 Network diagram for cons...

Page 122: ...elnet You can telnet to a remote AP to manage and maintain the AP To achieve this configure both the AP and the Telnet terminal Table 14 5 Telnet login configuration requirements Item Requirement Star...

Page 123: ...nal to configure the IP address of VLAN interface 1 as 202 38 160 92 24 Sysname system view Sysname interface Vlan interface 1 Sysname Vlan interface1 ip address 202 38 160 92 255 255 255 0 Step2 Conf...

Page 124: ...s WLAN AP can accommodate up to 5 Telnet connections at same time Step6 After successfully Telnetting to an AP you can configure the AP or display information about the AP by executing corresponding c...

Page 125: ...y default you can use Ctrl C to terminate a task Configure the type of terminal display under the current user interface terminal type ansi vt100 Optional By default the terminal display type is ANSI...

Page 126: ...uration with authentication mode none To do Use the command Remarks Enter system view System view Enter one or more VTY user interface views user interface vty first number last number Configure none...

Page 127: ...sname ui vty0 history command max size 20 Set the timeout time to 6 minutes Sysname ui vty0 idle timeout 6 Configuring Password Authentication for Telnet Login Configuration procedure Follow these ste...

Page 128: ...ode password 3 Configuration procedure Enter system view Sysname system view Enter VTY 0 user interface view Sysname user interface vty 0 Enable password authentication for users that log in to VTY 0...

Page 129: ...viding the radius scheme name argument perform the following configuration as well z Perform AAA RADIUS configuration on the AP See AAA in the Security Configuration Guide z Configure the user name an...

Page 130: ...Figure 14 15 Network diagram for Telnet configuration with the authentication mode scheme 1 Configuration procedure z Configure the AP Enter system view Sysname system view Create a local user named...

Page 131: ...default level not higher than the user level With the command authorization configured the command level for a login user is decided by both the user level and AAA authorization If a user executes a c...

Page 132: ...eb server The IP address of the management VLAN of the AP is configured The route between the AP and the network management terminal is available AP The user name and password for logging in to the We...

Page 133: ...interface 1 of the AP By default VLAN 1 is the management VLAN z Connect to the console port See Logging In Through the Console Port z Execute the following commands in the terminal window to assign...

Page 134: ...log in to an AP through a network management station NMS and then configure and manage the AP through the agent on the AP The Simple Network Management Protocol SNMP is applied between the NMS and th...

Page 135: ...14 26 Connection Establishment Through an NMS Figure 14 18 Network diagram for logging in through an NMS Switch NMS Network...

Page 136: ...3 Configuring the TFTP Client 9 2 Controlling Network Management Users by Source IP Addresses 5 4 Controlling Telnet Users 5 1 Controlling Web Users by Source IP Addresses 5 6 D Device Management Conf...

Page 137: ...In Through the Console Port 14 3 Logging In to an AP 14 1 M Managing Files 6 1 R Rebooting a Device 10 2 S Saving the Current Configuration 7 2 Setting Configuration Rollback 7 3 T TFTP Client Configu...