Cameo Communications USR5453 Professional Access Point User Manual Instant802 APSDK Getting Started Guide

Cameo Communications Inc Professional Access Point Instant802 APSDK Getting Started Guide

Contents

Manual 2

Professional Access Point Administrator GuideSNMP - 155SNMPThe Simple Network Management Protocol (SNMP) is an Internet standard protocol that facilitates the monitoring and managing of network devices. SNMP lets you monitor events on your network through an SNMP software application.The following sections describe how to configure SNMP on your network:•Understanding SNMP•Navigating to Simple Network Management Protocol•Enabling and Disabling Simple Network Management Protocol (SNMP)•Updating Settings•Configuring Your Network Management SystemUnderstanding SNMPSNMP defines a standard for recording, storing, and sharing information about network devices. SNMP is a subset of Transmission Control Protocol/Internet Protocol (TCP/IP) that facilitates network management, troubleshooting, and maintenance.Key components of any SNMP-managed network are managed devices, SNMP agents, and a network management system. The agents, store data about their devices in Management Information Bases (MIBs) and return this data to the network management system when requested. Managed devices can be network nodes such as access point base stations, routers, switches, bridges, hubs, servers, or printers.The Professional Access Point can function as an SNMP managed device for seamless integration into network management systems such as HP OpenView. The Professional Access Point supports the following SNMP MIBs:• Standard SNMP MIBs• SNMP v1 and v2 MIBs• IEEE802.11 MIB• Proprietary MIB • USR5453-PRODUCTS MIB—stores product identification information.• USR5453-SYSTEM MIB—facilitates system-level requests, such as reboot and upgrade.• USR5453-WIRELESS-CHAN MIB—maintains channel assignment information for access points in a cluster.• USR5453-WIRELESS-MIB—stores information about the wireless system, including peer statis-tics, beacon report, radio, and client statistics tables.For more information about SNMP, visit http://www.snmplink.org.
Professional Access Point Administrator GuideSNMP - 156Navigating to Simple Network Management ProtocolTo enable SNMP, click the Advanced menu’s SNMP tab and update the fields as described below.Enabling and Disabling Simple Network Management Protocol (SNMP)To configure your access point to use Simple Network Management Protocol (SNMP) server, first enable the SNMP option that you want to use, and then provide the name of the community or host that can use
Professional Access Point Administrator GuideSNMP - 157the option.Field DescriptionEnable SNMP SNMP provides a way for the access point to store management information and to provide the information to a network-management system (NMS). (See http://www.snmplink.org/ for more general information on SNMP.)Choose to either enable (default) or disable use of Simple Network Manage-ment Protocol:Read-only Community Name (entire MIB)If SNMP is enabled, enter the name of the community that is allowed to make information queries against the MIB.The community name acts an as authentication mechanism. The name func-tions as a password, and a request is considered authentic if the requester knows the password.The community name is alphanumeric; do not use special characters or spaces.Allow SNMP SET Requests Choose to either enable or disable the honouring of SNMP SET requests:•Enable—Machines on the network that provide the correct community name can issue SET requests.•Disable—(default) SET requests are not honoured.SET requests are restricted to the USR5453-SYSTEM MIB and USR5453-WIRELESS-CHAN MIB..Read-write community name (for per-mitted SETs)If SET requests are enabled, enter the name of the community that is allowed to make SET requests.The community name acts an as authentication mechanism. The name func-tions as a password, and a request is considered authentic if the requester knows the password.The community name is alphanumeric; do not use special characters or spaces.Designate source of permitted SNMP requestsChoose to either enable or disable designating the source of the SNMP requests:•Enable—(default) A machine must be designated in the Source field in order for its requests to be honoured.•Disable—Any machine in the network may issue requests.
Professional Access Point Administrator GuideSNMP - 158To shut down SNMP on the access point, select Disable in the SNMP field.Updating SettingsTo apply your changes, click Update.Configuring Your Network Management SystemIn order to access the USRobotics proprietary MIBs, you need to import the MIBs into your network management system. You can find the MIB files in the Mib folder on the USRobotics CD-ROM. Refer to your network management system for instructions on importing and compiling MIBs.Source (hostname or subnet) If source designation is enabled, enter the IP address of the host or subnet that is allowed to issue SNMP requests to the access point.If you use this option, the Professional Access Point honours requests from the specified host or subnet only.If you also enable a read-write community, the specified source must be a member of that community in order for the access point to honour the source’s requests.Note: Even if you explicitly name a machine or a subnet in this field, any machine issuing a request must also know the proper community name in order to have the request honoured.Field Description
Professional Access Point Administrator GuideReboot - 159RebootFor maintenance purposes or as a troubleshooting measure, you can reboot the Professional Access Point as follows.1. Click the Advanced menu’s Reboot tab.2. Click the Reboot button.The access point reboots. If the IP address of the access point changes after the reboot, you need to specify the new address in your Web browser in order to access the Web User Interface.Reset ConfigurationIf you are experiencing extreme problems with the Professional Access Point and have tried all other troubleshooting measures, use the Reset Configuration function. This will restore factory defaults and clear all settings, including settings such as a new password and wireless settings.1. Click the Advanced menu’s Reset Configuration tab.
Professional Access Point Administrator GuideUpgrade - 1602. Click the Reset button.Factory defaults are restored.If the IP address of the access point changes after the reset, you need to specify the new address in your Web browser in order to access the Web User Interface. If you cannot access the Web User Interface, you can reset the access point by using a thin object, such as a paper clip, to press the Reset button until both the LAN and WLAN LEDs turn off briefly.UpgradeAs new versions of the Professional Access Point firmware become available, you can upgrade the NoteKeep in mind that if you do reset the configuration from this page, you are doing so for this access point only; not for other access points in the cluster.For information on the factory default settings, see “Default Settings for the Professional Access Point” on page 6.
Professional Access Point Administrator GuideUpgrade - 161firmware on your devices to take advantages of new features and enhancements. To upgrade the firmware on a particular access point:1. Navigate to Advanced menu’s Upgrade tab on the Web User Interface for that access point.CautionDo not upgrade the firmware from a wireless client that is associated with the access point you are upgrading. Doing so will cause the upgrade to fail. Furthermore, all wireless clients will be disassoci-ated and no new associations will be allowed.If you are reading this section because you already tried to upgrade the firmware through a wireless client, use a wired client to regain access to the access point as follows:• Create a wired Ethernet connection from a PC to the access point.• Open the Web User Interface.Repeat the upgrade process using with the wired client.CautionThe upgrade process may take several minutes during which time the access point will be unavailable. Do not power down the access point while the upgrade is in process. When the upgrade is complete, the access point will restart and resume normal operation.NoteYou must upgrade firmware for each access point; you cannot upgrade firmware automatically across the cluster.
Professional Access Point Administrator GuideBackup/Restore - 162Information about the current firmware version is displayed and an option to upgrade a new firmware image is provided.2. If you know the path to the New Firmware Image file, enter it in the textbox. Otherwise, click the Browse button and locate the firmware image file.3. Click Update to apply the new firmware image.A confirmation window describes the upgrade process.4. Click OK to confirm the upgrade and start the process.When the upgrade is complete, the Web User Interface redisplays the Upgrade firmware page. You can verify that the ugrade was successful by checking the firmware version shown on that page.Backup/RestoreYou can save a copy of the current settings on the Professional Access Point to a backup configuration file. The backup file can be used at a later date to restore the access point to the previously saved configuration.•Navigating to Backup and Restore Settings•Backing up Configuration Setting for an Access Point•Restoring Access Point Settings to a Previous ConfigurationNavigating to Backup and Restore SettingsTo backup or restore a configuration for an access point, click the Advanced menu’s Backup and Restore tab and use the Web User Interface as described below.CautionThe firmware upgrade takes approximately 5 minutes, during which the Web User Interface dis-plays a status message and progress bar. Do not power off the access point, and do not navigate away from the upgrade page in your Web browser during the firmware upgrade.
Professional Access Point Administrator GuideBackup/Restore - 163Backing up Configuration Setting for an Access PointTo save a copy of the current settings on an access point to a backup configuration file (.cbk format):1. Click the download configuration link.A File Download or Open dialogue is displayed.2. Choose the Save option on this first dialogue.This brings up a file browser.3. Use the file browser to navigate to the directory where you want to save the file, and click Save to save the file.You can use the default file name (apconfig.cbk) or type a new name for the backup file, but be sure to save the file with a .cbk extension.Restoring Access Point Settings to a Previous ConfigurationTo restore the configuration on an access point to previously saved settings:
Professional Access Point Administrator GuideBackup/Restore - 1641. Select the backup configuration file you want to use, either by typing the full path and file name in the Restore field or by clicking Browse, selecting the file, and clicking Open.(Only those files that were created with the Backup function and saved as .cbk backup configuration files are valid to use with Restore; for example, apconfig.cbk.)2. Click the Restore button.The access point will reboot.3. When the access point has rebooted, access the Web User Interface either by clicking again on one of the tabs (if the Web User Interface is still displayed) or by typing the IP address the Professional Access Point as a URL in the address field of the Web browser. Enter the URL for the access point as http://IPAddressOfAccessPoint.The Web User Interface displays the configuration settings restored from the backup file that you selected.NoteWhen you click Restore, the access point will reboot. A reboot confirmation dialogue and follow-on rebooting status message will be displayed. Wait a minute or two for the reboot process to com-plete. Then try to access the Web User Interface as described in the next step; the Web User Inter-face will not be accessible until the access point has rebooted.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 165Command Line InterfaceIn addition to the Web-based user interface, the Professional Access Point includes a command line interface (CLI) for administering the access point. The CLI lets you view and modify status and configuration information.From the client station perspective, even a single deployed Professional Access Point broadcasting its "network name" to clients constitutes a wireless network. Keep in mind that CLI configuration commands, like Web User Interface settings, can affect a single access point running in stand-alone mode or automatically propagate to a network of clustered access points that share the same settings. (For more information on clustering, see “Access Points” on page 33. For information on how to set an access point to stand-alone or cluster mode from the CLI, see “Set Configuration Policy for New Access Points” on page 29)This part of the Professional Access Point Administrator Guide introduces the interface and provides a complete description of classes and their associated fields:•Class Structure, Commands, and Examples•Class and Field ReferenceClass Structure, Commands, and ExamplesThe following topics in this appendix provide an introduction to the class structure upon which the CLI is based, CLI commands, and examples of using the CLI to get or set configuration information on an access point or cluster of APs:•Comparison of Settings Configurable with the CLI and Web User Interface•How to Access the CLI for an Access Point•Telnet Connection to the Access Point•SSH2 Connection to the Access Point•Quick View of Commands and How to Get Help•Command Usage and Configuration Examples•Understanding Interfaces as Presented in the CLI•Saving Configuration Changes•Basic Settings
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 166•Access Point and Cluster Settings•User Accounts•Status•Ethernet (Wired) Interface•Wireless Interface•Security•Enable/Configure Guest Login Welcome Page•Configuring Multiple BSSIDs on Virtual Wireless Networks•Radio Settings•MAC Filtering•Load Balancing•Quality of Service•Wireless Distribution System•Time Protocol•Reboot the Access Point•Reset the Access Point to Factory Defaults•Keyboard Shortcuts and Tab Completion Help•CLI Class and Field OverviewComparison of Settings Configurable with the CLI and Web User InterfaceThe command line interface (CLI) and the Web User Interface to the Professional Access Point are designed to suit the preferences and requirements for different types of users or scenarios. Most administrators will probably use both interfaces in different contexts. Some features (such as Clustering) can only be configured from the Web User Interface, and some details and more complex configurations are only available through the CLI.The CLI is particularly useful in that it provides an interface to which you can write programmatic scripts for access point configurations. Also, the CLI may be less resource-intensive than a Web interface.The following table shows a feature-by-feature comparison of which settings can be configured through the CLI or the Web User Interface, and which are configurable with either.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 167Feature or Setting Configurable from CLI Configurable from Web User InterfaceBasic Settings• Getting/changing Administrator Password• Getting/changing access point name and location• Viewing information like MAC, IP address, and Firmware versionyes yesAccess Point and Cluster Settings Get existing settings only.You cannot set configuration policy or other cluster features from the CLI.Use for clustering settings.yesUser Accountsyes yesUser Database Backup and Restore You cannot backup or restore a user data-base from the CLI.To restore a user database, use the Web User Interface as described in “Backing Up and Restoring a User Database” on page 46.yesSessions The CLI does not provide session monitor-ing information.To view client sessions, use the Web User Interface.yesChannel Management You cannot configure Channel Manage-ment from the CLI.To configure channel management, use the Web User Interface as described in “Channel Management” on page 53.yesWireless Neighborhood You cannot view the cluster-based "Wire-less Neighborhood" from the CLI.To view the wireless neighbourhood,use the Web User Interface as described in “Wireless Neighborhood” on page 61.yesStatusyes yes
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 168Ethernet (Wired) InterfaceyesYou can configure all Ethernet (Wired) settings from the CLI except "Connection Type".To change the Connection Type from DHCP to Static IP addressing (or vice versa), you must use the Web User Inter-face.yesWireless Interfaceyes yesSecurityyes yesSet Up Guest Accessyes yesEnable/Configure Guest Login Welcome PageyesConfiguring Multiple BSSIDs on Virtual Wire-less Networksyes yesRadio SettingsyesYou can configure all Radio settings from the CLI except for turning on/off Super G.yesMAC Filteringyes yesLoad Balancingyes yesQuality of Serviceyes yesWireless Distribution Systemyes yesTime Protocolyes yesReboot the Access PointyesReset the Access Point to Factory Defaultsyes yesUpgrade the Firmware You cannot upgrade the firmware from the CLI. To upgrade firmware, use the Web User Interface as described in “Upgrade” on page 160.yesBackup and Restore You cannot backup or restore an access point configuration from the CLI. To backup or restore an access point configu-ration, use the Web User Interface as described in “Backup/Restore” on page 162.yesFeature or Setting Configurable from CLI Configurable from Web User Interface
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 169How to Access the CLI for an Access PointUse one of the following methods to access the command line interface (CLI) for the access point or wireless network:•Telnet Connection to the Access Point•SSH2 Connection to the Access PointTelnet Connection to the Access PointIf you already have your network deployed and know the IP address of your access point, you can use a remote Telnet connection to the access point to view the system console over the network.1. Bring up a command window on your PC.(For example, from the Start menu, select Run to bring up the Run dialogue, type cmd in the Open field, and click OK.)2. At the command prompt, type the following:telnet IPAddressOfAccessPointwhere IPAddressOfAccessPoint is the address of the access point you want to monitor.(If your Domain Name Server is configured to map domain names to IP addresses via DHCP, you can also telnet to the domain name of the access point.)3. You will be prompted for an Administrator user name and password for the access point.USR5453-AP login:Password:Enter the default Administrator username and password for the Professional Access Point (admin, admin), and press "Enter" after each. (The password is masked, so it will not be displayed on the screen.)When the user name and password is accepted, the screen displays the Professional Access Point help command prompt.USR5453-AP login: adminPassword:Enter 'help' for help.You are now ready to enter CLI commands at the command line prompt.NotesThe default Static IP address is 192.168.1.10. If there is no DHCP server on the network, the access point retains this static IP address at first-time startup. You can use the Detection Utility to find the IP address of the access point. (For more about IP addressing, see “Understanding Dynamic and Static IP Addressing on the Professional Access Point” on page 10)
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 170SSH2 Connection to the Access PointIf you already have your network deployed and know the IP address of your access point, you can use a remote SSH2 connection to the access point to view the system console over the network.Using an SSH2 connection to the access point is similar to Telnet in that it gives you remote access to the system console and CLI. SSH2 has the added advantage of being a secure connection traffic encrypted.To use an SSH2 connection, you need to have SSH software installed on your PC (such as PuTTY, which is available at http://www.chiark.greenend.org.uk/~sgtatham/putty/). 1. Start your SSH application. (This example uses PuTTY.)2. Enter the IP address of the access point and click Open.(If your Domain Name Server is configured to map domain names to IP addresses via DHCP, you can enter the domain name of the access point instead of an IP address.)This brings up the SSH command window and establishes a connection to the access point. The login prompt is displayed.login as:3. Enter the default Administrator username and password for the Professional Access Point (admin, admin), and press "Enter" after each. (The password is masked, so it will not be displayed on the NotesThe Professional Access Point supports SSH version 2 only.The default Static IP address is 192.168.1.10. If there is no DHCP server on the network, the access point retains this static IP address at first-time startup. You can use the Detection Utility to find the IP address of the access point. (For more about IP addressing, see “Understanding Dynamic and Static IP Addressing on the Professional Access Point” on page 10.)
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 171screen.)login as: adminadmin@10.10.100.110's password:Enter 'help' for help.When the user name and password is accepted, the screen displays the Professional Access Point help command prompt.USR5453-AP#You are now ready to enter CLI commands at the command line prompt.Quick View of Commands and How to Get Help•Commands and Syntax•Getting Help on Commands at the CLI•Ready to Get Started?Commands and SyntaxThe CLI for the Professional Access Point provides the following commands for manipulating objects. CautionSettings updated from the CLI (with get, set, add, remove commands) will not be saved to the startup configuration unless you explicitly save them via the save-running command. For a description of con-figurations maintained on the access point and details on how to save your updates, see ““Saving Con-figuration Changes” on page 178.Notes•named_class is a class of an object from the configuration whose instances are individually named.•instance is a name of an instance of class.• field values cannot contain spaces unless the value is in quotesFor a detailed class and field reference, see “Class and Field Reference” on page 239.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 172Command Descriptionget The "get" command allows you to get the field values of existing instances of a class. Classes can be "named" or "unnamed". The command syntax is:get unnamed-class [ field ... | detail ]get named-class [ instance | all [ field ... | name | detail ] ]The rest of the command line is optional. If provided, it is either a list of one or more fields, or the keyword detail.An example of using the "get" command on an unnamed class with a single instance is: get log (There is only one log on the access point. This command returns information on the log file.)An example of using the "get" command on an unnamed class with multiple instances is: get log-entry (There are multiple log entries but they are not named. This command returns all log entries.)An example of using the "get" command on a named class with multiple instances is: get bss wlan0bssInternal (There are multiple bss’s and they are named. This command returns information on the BSS named "wlan0bssInternal".)An example of using the "get" command on a named class to get all instances: get radius-user all name get radius-user allNote: "wlan0bssInternal" is the name of the basic service set (BSS) on the internal network (wlan0 interface). For information on interfaces, see “Understanding Interfaces as Presented in the CLI” on page 177.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 173set The "set" command allows you to set the field values of existing instances of a class.set unnamed-class [ with qualifier-field qualifier-value ... to ] field value . . .The first argument is an unnamed class in the configuration.After this is an optional qualifier that restricts the set to only some instances. For single-ton classes (with only one instance) no qualifier is needed. If there is a qualifier, it starts with the keyword with, then has a sequence of one or more qualifier-field qualifier-value pairs, and ends with the keyword to. If these are included, then only instances whose present value of qualifier-field is qualifier-value will be set. The qualifier-value arguments cannot contain spaces. Therefore, you cannot select instances whose desired qualifier-value has a space in it.The rest of the command line contains field-value pairs.set named-class instance | all [ with qualifier-field qualifier-value ... to ] field value . . .The first argument is either a named class in the configuration.The next argument is the name of the instance to set, or the keyword all, which indi-cates that all instances should be set. Classes with multiple instances can be set con-secutively in the same command line as shown in Example 4 below. The qualifier-value arguments cannot contain spaces.Here are some examples. (Bold text indicates class names, field names, or keywords; text that is not bold indicates values to which the fields are being set.)1. set interface wlan0 ssid "Vicky's AP" 2. set radio all beacon-interval 200 3. set tx-queue wlan0 with queue data0 to aifs 3 4. set tx-queue wlan0 with queue data0 to aifs 7 cwmin 15 cwmax 1024 burst 0 5. set bridge-port br0 with interface eth0 to path-cost 200Note: For information on interfaces used in this example (such as wlan0, br0, or eth0) see “Understanding Interfaces as Presented in the CLI” on page 177.add The "add" command allows you to add a new instance of a class.add named-class instance [ field value ... ]add anonymous-class [ field value ... ]For example: add radius-user wally Command Description
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 174The CLI also includes the following commands for maintenance tasks:Getting Help on Commands at the CLIHelp on commands can be requested at the command line interface (CLI) by using the TAB key. This is a quick way to see all valid completions for a class.Hitting TAB once will attempt to complete the current command.If multiple completions exist, a beep will sound and no results will be displayed. Enter TAB again to display all available completions.•Example 1: At a blank command line, hit TAB twice to get a list of all commands.USR5453-AP#add Add an instance to the running configurationfactory-reset Reset the system to factory defaultsget Get field values of the running configurationreboot Reboot the systemremove Remove instances in the running configurationsave-running Save the running configurationset Set field values of the running configuration•Example 2: Type "get " TAB TAB (including a space after get) to see a list of all field options for the get command.USR5453-AP# getassociation Associated stationbasic-rate Basic rate of the radiobridge-port Bridge ports of bridge interfacesbss Basic Service Set of the radiocluster Clustering-based configuration settingsremove The "remove" command allows you to remove an existing instance of a class.remove unnamed-class [ field value . . . ]remove named-class instance | all [ field value . . .]For example: remove radius-user wallysave-running The save-running command saves the running configuration as the startup configuration.For more information, see ““Saving Configuration Changes” on page 178.reboot The reboot command restarts the access point (a soft reboot).For more information, see ““Reboot the Access Point” on page 233.factory-reset The factory-reset command resets the access point to factory defaults and reboots.For more information, see ““Reset the Access Point to Factory Defaults” on page 233.Command Description
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 175cluster-member Member of a cluster of like-configured access pointsconfig Configuration settingsdetected-ap Detected access pointdhcp-client DHCP client settingsdot11 IEEE 802.11host Internet host settingsinterface Network interfaceip-route IP route entryklog-entry Kernel log entrylog Log settingslog-entry Log entrymac-acl MAC address access list itemntp Network Time Protocol clientportal Guest captive portalradio Radioradius-user RADIUS userssh SSH access to the command line interfacesupported-rate Supported rate of the radiosystem System settingstelnet Telnet access to the command line interfacetx-queue Transmission queue parameterswme-queue Transmission queue parameters for stations•Example 3: Type "get system v" TAB. This will result in completion with the only matching field, "get sys-tem version". Hit ENTER to display the output results of the command.For detailed examples on getting help, see “Tab Completion and Help” on page 234.Ready to Get Started?If you know the four basic commands shown above (get, set, remove, and add) and how to get help at the CLI using tab completion, you are ready to get started.The best way to get up-to-speed quickly is to bring up the CLI on your access point and follow along with some or all of the examples in the next topic “Command Usage and Configuration Examples” on page 175.Command Usage and Configuration Examples“Understanding Interfaces as Presented in the CLI” on page 177“Saving Configuration Changes” on page 178“Basic Settings” on page 179“Access Point and Cluster Settings” on page 183“User Accounts” on page 183“Status” on page 186“Ethernet (Wired) Interface” on page 194
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 176“Wireless Interface” on page 200“Security” on page 200“Enable/Configure Guest Login Welcome Page” on page 215“Configuring Multiple BSSIDs on Virtual Wireless Networks” on page 216“Radio Settings” on page 217“MAC Filtering” on page 222“Load Balancing” on page 224“Quality of Service” on page 224“Wireless Distribution System” on page 231“Time Protocol” on page 232“Reboot the Access Point” on page 233“Reset the Access Point to Factory Defaults” on page 233“Keyboard Shortcuts” on page 234
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 177Understanding Interfaces as Presented in the CLIThe following summary of interface names is provided to help clarify the related CLI commands and output results. These names are not exposed on the Web User Interface, but are used throughout the CLI. You get and set many configuration values on the access point by referring to interfaces. In order to configure the access point through the CLI, you need to understand which interfaces are available on the access point, what role they play (corresponding setting on the Web User Interface), and how to refer to them.Interface Descriptionlo Local loopback for data meant for the access point itself.eth0 The wired (Ethernet) interface for the Internal network.br0 The Internal bridge represents the Internal interface for the access point. To telnet or ssh into the access point, use the IP address for this interface.br0 consists:• eth0 (or vlanSomeNumber if you have VLANs configured)• wlan0The IP address of the access point is provided in the output detail for br0. So, a useful command is get interface. This gives you common information on all inter-faces. From the output results, you can find the IP address for br0. Use this IP address to connect to the access point.brguest The Guest bridge, which consists of eth1 and wlan0guest.brvwn1 The bridge interface for Virtual Wireless Network (VWN) 1.The bridge interface for VWN1 consists of:• wlan0vwn1•vlanVLANID where VLANID is a four-digit VLAN ID that you provided. (For example, if you provided a VLAN ID of 1234, the VLAN interface would be "vlan1234"brvwn2 This is for the second Virtual Wireless Network (VWN) 2.The bridge interface for VWN2 consists of:• wlan0vwn1•vlanVLANID where VLANID is a four-digit VLAN ID that you provided. (For example, if you provided a VLAN ID of 1234, the VLAN interface would be vlan1234.)wlan0 The wireless (radio) interface for the Internal network.wlan0guest The wireless (radio) interface for the Guest network.wlan0vwn1 The wireless interface for Virtual Wireless Network (VWN) 1.wlan0vwn2 The wireless interface for Virtual Wireless Network (VWN) 2.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 178Saving Configuration ChangesThe Professional Access Point maintains three different configurations.•Factory Default Configuration - This configuration consists of the default settings shipped with the access point (as specified in “Default Settings for the Professional Access Point” on page 6).You can always return the access point to the factory defaults by using the factory-reset command, as described in “Reset the Access Point to Factory Defaults” on page 233.•Startup Configuration - The startup configuration contains the settings that the access point will use the next time it starts up (for example, upon reboot).To save configuration updates made from the CLI to the startup configuration, you must execute the save-running or "set config startup running" command from the CLI after making changes.•Running Configuration - The running configuration contains the settings with which the access point is currently running.When you view or update configuration settings through the command line interface (CLI) using get, set, add, and remove commands, you are viewing and changing values on the running configuration only. If you do not save the configuration (by executing the save-running or "set config startup running" command at the CLI), you will lose any changes you submitted via the CLI upon reboot. The save-running command saves the running configuration as the startup configuration. (The save-running command is a shortcut command for "set config startup running", which accomplishes the same thing) Settings updated from the CLI (with get, set, add, remove commands) will not be saved to the startup configuration unless you explicitly save them via the save-running command. This gives you the option of maintaining the startup configuration and trying out values on the running configuration that you can discard (by not saving).By contrast, configuration changes made from the Web User Interface are automatically saved to both the running and startup configurations. If you make changes from the Web User Interface that you do not want to keep, your only option is to reset to factory defaults. The previous startup configuration will be lost.wlan0wdsxA wireless distribution system (WDS) interface where "x" indicates the number of the WDS link. (For example, wlan0wds1.)vlanxxxx A VLAN interface for VLAN ID xxxx. To find out what this VLAN interface is (Internal, Guest, VWN1 or VWN2), use the following command to look at the "role" field:get interface vlanVLANID roleFor example: get interface vlan1234 roleInterface Description
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 179Basic SettingsThe following CLI command examples correspond to tasks you can accomplish on the Basic Settings tab of the Web User Interface for access points with clustering capabilities. In some cases, the CLI get command provides additional details not available through the Web User Interface.This table shows a quick view of Basic Settings commands and provides links to detailed examples. NoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface, or to the Internal or Guest network.Basic Setting ExampleGet the IP Address for the Internal Inter-face on an Access Pointget interface br0 ip or get interfaceget interface is a catch-all command that shows common information on all interfaces for the access point such as IP addresses, MAC addresses, and so on. The IP address for the Internal interface (and the one used to access the access point) is that shown for br0. (See “Understanding Interfaces as Presented in the CLI” on page 177)Get the MAC Address for an Access Pointget interface br0 macGet Both the IP Address and MAC Addressget interface br0 mac ipGet Common Information on All Interfaces for an Access Pointget interfaceGet the Firmware Version for the Access Pointget system versionGet the Location of the Access Pointget cluster locationSet the Location for an Access Pointset system location NewLocationFor example: set system location hallway or set system location "Vicky’s Office"Get the Current Passwordget system encrypted-passwordSet the Passwordset system password NewPasswordFor example: set system password adminGet the Wireless Network Name (SSID))get interface wlan0 ssid
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 180Get the IP Address for the Internal Interface on an Access PointIn the following example, the IP address for the access point is: 10.10.55.216. Use the get command as shown to obtain the IP address for the Internal network.USR5453-AP# get interface br0 ip10.10.55.216Get the MAC Address for an Access PointIn the following example, the MAC address for the access point is: 00:a0:c9:8c:c4:7e. Use the get command as shown to obtain the MAC address.USR5453-AP# get interface br0 mac00:a0:c9:8c:c4:7eGet Both the IP Address and MAC AddressThe following command returns both the IP address and the MAC address for an access point:USR5453-AP# get interface br0 mac ipField Value---------------------ip 10.10.55.216mac 00:a0:c9:8c:c4:7eGet Common Information on All Interfaces for an Access PointThe following example shows common information (including IP addresses) for all interfaces.USR5453-AP# get interfacename type status mac ip mask--------------------------------------------------------------------------------lo up 00:00:00:00:00:00 127.0.0.1 255.0.0.0eth0 up 00:02:B3:01:01:01eth1 down 00:02:B3:02:02:02br0 bridge up 00:02:B3:01:01:01 10.10.100.110 255.255.255.0brguest bridge down 00:00:00:00:00:00wlan0 service-set up 00:0C:41:16:DF:A6wlan0guest service-set upwlan0wds0 wds downSet the Wireless Network Name (SSID)set interface wlan0 ssid NewSSiDFor example: set interface wlan0 ssid Vicky set interface wlan0 ssid "Vicky’s AP"Basic Setting Example
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 181wlan0wds1 wds downwlan0wds2 wds downwlan0wds3 wds downUSR5453-AP#
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 182Get the Firmware Version for the Access PointIn the following example, the access point is running Firmware Version: 1.0.0.9. Use the get command as shown to obtain the Firmware Version.USR5453-AP# get system version1.0.0.9Get the Location of the Access PointIn the following example, the location of the access point has not been set. Use the get command as shown to obtain the location of the access point.USR5453-AP# get cluster locationnot setSet the Location for an Access PointTo set the location for an access point, use the set command as follows:USR5453-AP# set system location hallwayUSR5453-AP# set system location "Vicky's Office"To check to make sure that the location was set properly, use the get command again to find out the locationUSR5453-AP# get system locationVicky’s OfficeGet the Current PasswordUSR5453-AP# get system encrypted-password2yn.4fvaTgedMSet the PasswordUSR5453-AP# set system password adminUSR5453-AP# get system encrypted-password/rYSvxS4OkptcGet the Wireless Network Name (SSID)USR5453-AP# get interface wlan0 ssidInternal Instant802 NetworkSet the Wireless Network Name (SSID)USR5453-AP# set interface wlan0 ssid "Vicky’s AP"USR5453-AP# get interface wlan0 ssidVicky’s AP
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 183Access Point and Cluster SettingsThe command examples in this section show how to get the configuration for a cluster of access points. These settings generally correspond to those on the Cluster menu’s Access Points tab in the Web User Interface.This table provides a quick view of Access Point Cluster commands and provides links to detailed examples.Determine whether the Access Point is a Cluster Member or is in Stand-alone ModeThis command shows whether the access point is clustered or not. If the command returns 0, the access point is in stand-alone mode (not clustered). If the command returns 1, the access point is a member of a cluster. In the following example, the access point is in stand-alone mode.USR5453-AP# get cluster detailField Value--------------------clustered 0clusterable 0kickstarted 0location not setformationGet MAC Addresses for all Access Points in the ClusterUSR5453-AP# get cluster-member allname mac ip location removed---------------------------------------------------------------------00:e0:b8:76:23:b4 00:e0:b8:76:23:b4 10.10.10.248 not set 000:e0:b8:76:16:88 00:e0:b8:76:16:88 10.10.10.230 not set 0User AccountsThe following command examples show configuration tasks related to user accounts. These tasks correspond to the Cluster menu’s User Management tab in the Web User Interface.NoteYou cannot use the CLI to add or remove an access point from a cluster or set the configuration policy. If you want to configure clustering, please use the Web User Interface as described in “Access Points” on page 33Cluster Command ExampleDetermine whether the Access Point is a Cluster Member or is in Stand-alone Modeget cluster detailGet MAC Addresses for all Access Points in the Clusterget clustered-ap all name
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 184This table shows a quick view of User Management commands and provides links to detailed examples.Get All User AccountsTo view all user names:USR5453-AP# get radius-user all namename--------larryTo view all user accounts:USR5453-AP# get radius-user allname username disabled password realname------------------------------------------------------------larry David White(At the start, "larry" is the only user configured.)Add UsersIn this example, you will add four new users: (1) samantha, (2) endora, (3) darren, and (4) wally. You will set up user names, real names, and passwords for each.1. Add username "samantha":USR5453-AP# add radius-user samanthaUser Account Command ExampleGet All User Accounts To view all usernames: get radius-user all nameTo view all user accounts: get radius-user allAdd Users add radius-user UserNameFor example: add radius-user samanthaTo set the user’s real name: set radius-user UserName RealNameFor example: set radius-user samantha "Elizabeth Montgomery" (or set radius-user samantha Elizabeth)To set user’s password: set radius-user UserName password PasswordFor example: set radius-user samantha password westportRemove a User Accountremove radius-user UserName
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 1852. Provide a real name (Elizabeth Montgomery) for this user:USR5453-AP# set radius-user samantha realname "Elizabeth Montgomery"3. Set the user password for samantha to "westport":USR5453-AP# set radius-user samantha password westport4. Repeat this process to add some other users (endora, darren, and wally):USR5453-AP# add radius-user endoraUSR5453-AP# set radius-user endora realname "Agnes Moorhead"USR5453-AP# set radius-user endora password scotchUSR5453-AP# add radius-user darrenUSR5453-AP# set radius-user darren realname "Dick York"USR5453-AP# set radius-user darren password martiniUSR5453-AP# add radius-user wallyUSR5453-AP# set radius-user wally realname "Tony Dow"USR5453-AP# set radius-user wally password sodapop5. After configuring these new accounts, use the "get" command to view all users. (Passwords are always hidden.)USR5453-AP# get radius-user allname username disabled password realname------------------------------------------------------------larry David Whitesamantha Elizabeth Montgomeryendora Agnes Moorheaddarren Dick Yorkwally Tony DowRemove a User AccountTo remove a user account, type the following USR5453-AP# remove radius-user wallyUse the "get" command to view all user names. (You can see "wally" has been removed.)USR5453-AP# get radius-user all namename--------larrysamanthaendoradarren
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 186StatusThe command tasks and examples in this section show status information on access points. These settings correspond to what is shown on the Status tabs in the Web User Interface. (“Status” on page 67)This table provides a quick view of all Status commands and links to detailed examples.This table shows a quick view of Status commands and provides links to detailed examplesNoteMake sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a get command deter-mines whether the command output shows a wired or wireless interface or the Internal or Guest net-work.Status Command ExampleUnderstanding Interfaces as Presented in the CLIReference of interface names and purposes as described in “Under-standing Interfaces as Presented in the CLI” on page 177.Global command to get all detail on a Basic Service Set (BSS).This is a useful command to use to get a comprehensive understanding of how the access point is currently configured.get bss all detailGet Common Information on the Internal Interface for the Access Pointget interface br0Get All Wired Settings for the Wired Inter-nal Interfaceget interface br0Get Current Settings for the Ethernet (Wired) Guest Interfaceget interface brguest get interface brguest mac get interface brguest ssidGet the MAC Address for the Wired Inter-nal Interfaceget interface wlan0 macGet the Network Name (SSID) for the Wired Internal Interfaceget interface wlan0 ssidGet the Current IEEE 802.11 Radio Modeget radio wlan0 modeGet the Channel the Access Point is Cur-rently Usingget radio wlan0 channelGet Basic Radio Settings for the Internal Interfaceget radio wlan0 get radio wlan0 detailGet Status on Eventsget log-entry all
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 187Get Common Information on the Internal Interface for the Access PointThe following command obtains all information on the internal interface for an access point:USR5453-AP# get interface br0Field Value--------------------type bridgestatus uphello 10mac 00:a0:c9:8c:c4:7eip 192.168.1.1mask 255.255.255.0Get Current Settings for the Ethernet (Wired) Internal InterfaceThe following example shows how to use the CLI to get the Ethernet (Wired) settings for the Internal interface for an access point. You can see by the output results of the command that the MAC address is 00:a0:c9:8c:c4:7e, the IP address is 192.168.1.1, and the subnet mask is 255.255.255.0.Get All Wired Settings for the Wired Internal InterfaceUSR5453-AP# get interface br0Field Value--------------------mac 00:a0:c9:8c:c4:7eip 192.168.1.1mask 255.255.255.0Get the MAC Address for the Wired Internal InterfaceUSR5453-AP# get interface wlan0 mac02:0C:41:00:02:00Get the Network Name (SSID) for the Wired Internal InterfaceUSR5453-AP# get interface wlan0 ssidEnable Remote Logging and Specify the Log Relay Host for the Kernel LogAs a prerequisite to remote logging, the Log Relay Host must be con-figured first as described in Setting Up the Log Relay Host.See complete explanation of CLI commands at Enable Remote Log-ging and Specify the Log Relay Host for the Kernel Log. Here are a few:set log relay-enabled 1 enables remote logging set log relay-enabled 1 disables remote logging get log set log TAB TAB shows values you can set on the logGet Transmit / Receive Statisticsget interface all ip mac ssid tx-packets tx-bytes tx-errors rx-packets rx-bytes rx-errorsGet Client Associationsget associationGet neighbouring Access Pointsget clustered-apStatus Command Example
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 188elliot_APGet Current Settings for the Ethernet (Wired) Guest InterfaceThe following example shows how to use the CLI to get the Ethernet (Wired) settings for the Guest interface for an access point. You can see by the output results of the command that the MAC address is 00:50:04:6f:6f:90, the IP address is 10.10.56.248, and the subnet mask is 255.255.255.0.USR5453-AP# get interface brguestField Value--------------------type bridgestatus upmac 00:50:04:6f:6f:90ip 10.10.56.248mask 255.255.255.0Get Current Wireless (Radio) SettingsThe following examples show how to use the CLI to get wireless radio settings on an access point, such as mode, channel, and so on. You can see by the results of the commands that the access point mode is set to IEEE 802.11g, the channel is set to 6, the beacon interval is 100, and so forth.For information on how to configure Radio settings through the CLI, see “Radio Settings” on page 217.(Radio settings are fully described in “Configuring Radio Settings” on page 120.)Get the Current IEEE 802.11 Radio ModeUSR5453-AP# get radio wlan0 modegGet the Channel the Access Point is Currently UsingUSR5453-AP# get radio wlan0 channel2Get Basic Radio Settings for the Internal InterfaceUSR5453-AP# get radio wlan0Field Value------------------------------status upmax-bsses 2channel-policy bestchannel 6static-channel 9mode gfragmentation-threshold 2346rts-threshold 2347ap-detection onbeacon-interval 100NoteYou can get specifics on the Guest interface by using the same types of commands as for the Internal interface but substituting brguest for wlan0. For example, to get the MAC address for the guest interface: get interface wlan0 ssid
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 189Get All Radio Settings on the Internal InterfaceUSR5453-AP# get radio wlan0 detailField Value----------------------------------------------------status updescription IEEE 802.11macmax-bss 2channel-policy bestmode gstatic-channel 11channel 2tx-power 100tx-rx-status upbeacon-interval 100rts-threshold 2347fragmentation-threshold 2346load-balance-disassociation-utilization 0load-balance-disassociation-stations 0load-balance-no-association-utilization 0ap-detection onstation-isolation offfrequency 2417wme onGet Status on EventsUSR5453-AP# get log-entry allNumber Time Priority Daemon Message------------------------------------------------------1 Apr 20 21:39:55 debug udhcpc Sending renew...2 Apr 20 21:39:55 info udhcpc Lease of 10.10.55.216 obtained, lease time 3003 Apr 20 21:37:25 debug udhcpc Sending renew...4 Apr 20 21:37:25 info udhcpc Lease of 10.10.55.216 obtained, lease time 3005 Apr 20 21:34:55 debug udhcpc Sending renew...6 Apr 20 21:34:55 info udhcpc Lease of 10.10.55.216 obtained, lease time 300Enable Remote Logging and Specify the Log Relay Host for the Kernel LogThe Kernel Log is a comprehensive list of system even its and kernel messages such as error conditions like dropping frames. To capture Access Point Kernel Log messages you need access to a remote syslog server on the network. The following sections describe how to set up remote logging for the access point.1. Prerequisites for Remote Logging 2. View Log Settings 3. Enable / Disable Log Relay Host
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 1904. Specify the Relay Host 5. Specify the Relay Port 6. Review Log Settings After Configuring Log Relay HostPrerequisites for Remote LoggingTo capture Kernel Log messages from the access point system, you must first set up a remote server running a syslog process and acting as a syslog "log relay host" on your network. (For information on how to set up the remote server, see “Setting Up the Log Relay Host” on page 70.)Then, you can use the CLI to configure the Professional Access Point to send its syslog messages to the remote server.View Log SettingsTo view the current log settings:USR5453-AP# get logField Value--------------------------depth 15relay-enabled 0relay-host relay-port 514When you start a new access point, the Log Relay Host is disabled. From the above output for the "get log" command, you can identify the following about the Log Relay Host (syslog server):• The syslog server is disabled (because "relay-enabled" is set to "0")• No IP address or Host Name is specified for the syslog server.• The access point is listening for syslog messages on the default port 514Enable / Disable Log Relay HostTo enable the Log Relay Host:USR5453-AP# set log relay-enabled 1To disable the Log Relay Host:USR5453-AP# set log relay-enabled 0Specify the Relay HostTo specify the Relay Host, provide either the IP Address or a DNS name for the Log Relay Host as parameters to the "set log relay-host" command as shown below.• To specify an IP address for the syslog server:NoteIf you are using Instant802 Conductor, the Repository Server should receive the syslog messages from all access points. In this case, use the IP address of the Conductor Repository Server as the Relay Host.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 191set log relay-host IP_Address_Of_LogRelayHostWhere IP_Address_Of_LogRelayHost is the IP Address of the Log Relay Host.For example:USR5453-AP# set log relay-host 10.10.5.220• To specify a Host Name for the syslog server:set log relay-host Host_Name_Of_LogRelayHostWhere Host_Name_Of_LogRelayHost is the a DNS name for the Log Relay Host.For example:USR5453-AP# set log relay-host myserverSpecify the Relay PortTo specify the Relay Port for the syslog server:set log relay-port Number_Of_LogRelayPortWhere Number_Of_LogRelayPort is the port number for the Log Relay Host.For example:USR5453-AP# set log relay-port 514Review Log Settings After Configuring Log Relay HostTo view the current log settings:USR5453-AP# get logField Value--------------------------depth 15relay-enabled 1relay-host 10.10.5.220relay-port 514From the above output for the "get log" command, you can identify the following about the Log Relay Host (syslog server):• The syslog server is enabled (because "relay-enabled" is set to "1")• The syslog server is at the IP address 10.10.5.220• The access point is listening for syslog messages on the default port 514Get Transmit / Receive StatisticsUSR5453-AP# get interface all ip mac ssid tx-packets tx-bytes tx-errors rx-packets rx-bytes rx-errors
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 192Name Ip Mac Ssid Tx-packets Tx-bytes Tx-errors Rx-packets Rx-bytes Rx-errors---------------------------------------------------------------------------lo 127.0.0.1 00:00:00:00:00:00 1319 151772 0 1319 151772 0eth0 00:A0:C9:8C:C4:7E 4699 3025566 0 11323 1259824 0eth1 0.0.0.0 00:50:04:6F:6F:90 152 49400 0 6632 664298 0br0 10.10.55.216 00:A0:C9:8C:C4:7E 4699 3025566 0 10467 885264 0brguest 10.10.56.248 00:50:04:6F:6F:90 152 48032 0 5909 293550 0wlan0 0.0.0.0 02:0C:41:00:02:00 AAP1000 (Trusted) 6483 710681 0 0 0 0wlan0guest 0.0.0.0 02:0C:41:00:02:01 AAP1000 (Guest) 5963 471228 0 0 0 0wlan0wds0wlan0wds1wlan0wds2wlan0wds3Get Client AssociationsUSR5453-AP# get associationInterf Station Authen Associ Rx-pac Tx-pac Rx-byt Tx-byt Tx-ratwlan0 00:0c:41:8f:a7:72 Yes Yes 126 29 9222 3055 540wlan0 00:09:5b:2f:a5:2f Yes Yes 382 97 16620 10065 110USR5453-AP# get association detailInter Station Authe Assoc Rx-pa Tx-pa Rx-byt Tx-byt Tx-ra Listewlan0 00:0c:41:8f:a7:72 Yes Yes 126 29 9222 3055 540 1wlan0 00:09:5b:2f:a5:2f Yes Yes 382 97 16620 10065 110 1Get neighbouring Access PointsThe Neighboring access point view shows wireless networks within range of the access point. These commands provide a detailed view of neighboring access points including identifying information (SSIDs and MAC addresses) for each, and statistical information such as the channel each access point is broadcasting on, signal strength, and so forth.To see the kinds of information about access point neighbours you can search on, type get detected-ap TAB TAB.USR5453-AP# get detected-ap[Enter] * Get common fields *band Frequency bandbeacon-interval Beacon interval in kus (1.024 ms)capability IEEE 802.11 capability valuechannel Channeldetail * Get all fields *erp ERPlast-beacon Time of last beaconmac MAC address
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 193num_beacons Number of beacons receivedphy-type PHY mode detected withprivacy WEP or WPA enabledrate Ratesignal Signal strengthssid Service Set IDentifier (a.k.a., Network Name)supported-rates Supported rates listtype Type (AP, Ad hoc, or Other)wpa WPA security enabledTo get the neighbouring access points, type get detected-ap.USR5453-AP# get detected-apField Value-----------------------------------------mac 00:e0:b8:76:28:e0type APprivacy Onssid Purinachannel 6signal 2Field Value-----------------------------------------mac 00:0e:81:01:01:62type APprivacy Offssid Internal Instant802 Networkchannel 6signal 1Field Value-----------------------------------------mac 00:e0:b8:76:1a:f6type APprivacy Offssid domanichannel 6signal 3Field Value-----------------------------------------mac 00:e0:b8:76:28:c0type APprivacy Offssid domanichannel 6signal 4
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 194Ethernet (Wired) InterfaceThis table shows a quick view of commands for getting and setting values for the Wired interface and provides links to detailed examples.NoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface or to the Internal or Guest network.Wired Interface Command ExampleGet Summary View of Internal and Guest Interfacesget bssGet the DNS Nameget host idSet the DNS Nameset host id HostNameFor example: set host id vicky-apGet Current Settings for the Ethernet (Wired) Internal Interfaceget interface br0Get Current Settings for the Ethernet (Wired) Guest Interfaceget interface brguestSet Up Guest Access Setting up Guest Access consists of configur-ing Internal and Guest Wired interfaces on VLANs.For detailed examples, see “Set Up Guest Access” on page 195.Find out if Guest Access is enabled and configured.get interface brguest status (will be "up" or "down")Get/Change the Connection Type (DHCP or Static IP) See detailed example in “Get/Change the Con-nection Type (DHCP or Static IP)” on page 198.Re-Configure Static IP Addressing Values For detailed examples see:“Set the Static IP Address” on page 199“Set the Static Subnet Mask Address” on page 199“Set the Static Subnet Mask Address” on page 199Set DNS Nameservers to Use Static IP Addresses (Dynamic to Manual Mode)See example below.Set DNS Nameservers to Use DHCP IP Addressing (Manual to Dynamic Mode)See example below.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 195Get Summary View of Internal and Guest InterfacesUSR5453-AP# get bssname status radio beacon-interface mac--------------------------------------------------------------------wlan0bssInternal up wlan0 wlan0 00:0C:41:16:DF:A6wlan0bssGuest down wlan0 wlan0guestGet the DNS NameUSR5453-AP# get host idUSR5453-APSet the DNS NameUSR5453-AP# set host id vicky-apbob# get host idvicky-apGet Wired Internal Interface SettingsSee “Get Current Settings for the Ethernet (Wired) Internal Interface” on page 187 under Status.Get Wired Guest Interface SettingsSee “Get Current Settings for the Ethernet (Wired) Guest Interface” on page 188 under Status.Set Up Guest AccessConfiguring a Guest interface from the CLI is a complex task. Unless this is your area of expertise, you may find it easier to use the Web User Interface to set up Guest Access. For information on how to set up Guest Access from the Web User Interface, see “Ethernet (Wired) Settings” on page 79 and “Guest Login” on page 111.Before configuring guest or internal interface settings, make sure you are familiar the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177.The following Guest Access configuration examples are provided:•Enable / Configure Guest Access on VLANsNoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface or to the Internal or Guest network.NoteAfter you configure the Guest Network (as described in the sections below), you can enable a "captive portal" Welcome page for guest clients who are using the Web over your Guest network. You can modify the Welcome page text that is displayed to guests when they log on to the Web. For more infor-mation, see “Enable/Configure Guest Login Welcome Page” on page 215.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 196•Disable Guest Access on VLANs•Change VLAN IDs (VLANs Must Be Enabled Already)Enable / Configure Guest Access on VLANsThis example assumes you start with Guest Access "disabled" and provides commands to enable it on VLANs.1. Get the current status of Guest Access (it is "down" or disabled initially):USR5453-AP# get interface brguest statusdown2. Enable Guest and remove bridge-port:USR5453-AP# set bss wlan0bssGuest status upUSR5453-AP# set bss wlan1bssGuest status upUSR5453-AP# set interface brguest status upUSR5453-AP# set portal status upUSR5453-AP# remove bridge-port br0 interface eth03. Enable VLANs:USR5453-AP# add interface vlan1111 type vlan status up vlan-id 1111 vlan-interface eth0USR5453-AP# add bridge-port br0 interface vlan1111USR5453-AP# add interface vlan2222 type vlan status up vlan-id 2222 vlan-interface eth0USR5453-AP# add bridge-port brguest interface vlan22224. Check the current settings:USR5453-AP# get bssname status radio beacon-interface mac--------------------------------------------------------------------wlan0bssInternal up wlan0 wlan0 00:01:02:03:04:01wlan0bssGuest up wlan0 wlan0guest 00:01:02:03:04:02USR5453-AP# get interface brguestField Value-------------------------type bridgestatus upmac 00:01:02:03:04:02Caution• You cannot use an ssh or telnet connection to configure VLANs, because you will lose network connectivity to the access point when you remove the bridge-port. Therefore, you cannot configure VLANs through the CLI.• Be sure to verify that the switch and DHCP server you are using can support VLANs per the 802.1Q standard. After configuring the VLAN on the Advanced menu’s Ethernet (Wired) Settings page, physically reconnect the Ethernet cable on the switch to the tagged packet (VLAN) port. Then, re-connect via the Web User Interface to the new IP address. (If necessary, check with the infrastructure support administrator regarding the VLAN and DHCP configurations.)
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 197ip 10.10.56.248mask 255.255.255.0Disable Guest Access on VLANsThis example assumes you start with Guest Access "enabled" on VLANs and provides commands to disable it.1. Get the current status of Guest Access (it is "up" or enabled initially):USR5453-AP# get interface brguest statusupThe output for the following commands show that VLANs are configured for the Internal and Guest interfaces (because both interfaces are VLANs: "brguest" is vlan2222 and "br0" is vlan1111):USR5453-AP# get bridge-port brguestName Interface-------------------brguest wlan0brguest vlan2222USR5453-AP# get bridge-port br0Name Interface---------------br0 wlan0guestbr0 vlan11112. The following series of commands reconfigures the Internal interface to use an Ethernet port (by setting br0 to eth0), disables Guest Access, and removes the two VLANs.USR5453-AP# add bridge-port br0 interface eth0USR5453-AP# set bss wlan0bssGuest status downUSR5453-AP# set bss wlan1bssGuest status downUSR5453-AP# remove bridge-port br0 interface vlan1111USR5453-AP# remove interface vlan1111USR5453-AP# remove bridge-port brguest interface vlan2222USR5453-AP# remove interface vlan2222USR5453-AP# set interface brguest status downUSR5453-AP# set portal status downChange VLAN IDs (VLANs Must Be Enabled Already)1. Check the current configuration of Wired interfaces.The output of the following command shows that the Guest interface is already configured on VLANs:USR5453-AP# get bridge-port br0Name Interface---------------br0 wlan0guestbr0 vlan11112. Set up a new VLAN and remove the old one:
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 198USR5453-AP# set interface vlan1111 vlan-id 1112Error: vlan-id cannot be changed after insert.USR5453-AP# remove bridge-port br0 interface vlan1111USR5453-AP# remove interface vlan1111USR5453-AP# add interface vlan1113 type vlan status up vlan-id 1113 vlan-interface eth0Get/Change the Connection Type (DHCP or Static IP)To get the connection type:USR5453-AP# get dhcp-client statusupYou cannot use the CLI to reset the connection type from DHCP to Static IP because you will lose connectivity during the process of assigning a new static IP address. To make such a change, use the Web User Interface on a computer connected to the access point with an Ethernet cable.To reset the connection type from Static IP to DHCP:USR5453-AP# set dhcp-client status upTo view the new settings:USR5453-AP# get interface br0 detailField Value-----------------------------------type bridgestatus updescription Bridge - Internalmac 00:E0:B8:76:23:B4ip 10.10.12.221mask 255.255.255.0static-ip 10.10.12.221static-mask 255.255.255.0natRe-Configure Static IP Addressing ValuesIf you are using static IP addressing on the access point (instead of DHCP), you may want to reconfigure the static IP address, subnet mask, default gateway, or DNS name servers.The following examples show how to change these values from the CLI. With the exception of DNS name servers, these values can only be reconfigured if you are using Static IP Addressing mode.You do have the option of manually configuring DNS name servers for either a DHCP or Static IP connection type, so that task is covered in a separate section following this one.NoteFor more information on DHCP and Static IP connection types, see the topic ““Understanding Dynamic and Static IP Addressing on the Professional Access Point” on page 10.NoteThis section assumes you have already set the access point to use Static IP Addressing and set some initial values as described in “Get/Change the Connection Type (DHCP or Static IP)” on page 198.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 199Set the Static IP Address1. Check to see what the current static IP address is. (In this example, the current static IP address is the factory default.)USR5453-AP# get interface br0 static-ip10.10.12.2212. Re-set to a new static IP address:USR5453-AP# set interface br0 static-ip 10.10.12.81Set the Static Subnet Mask Address1. Check to see the current Subnet Mask. (In this example, the current subnet mask is the factory default.)USR5453-AP# get interface br0 static-mask255.255.255.02. Re-set to a new static Subnet Mask:USR5453-AP# set interface br0 static-mask 255.255.255.128Set the IP Address for the Default GatewayThis example sets the Default Gateway to 10.10.12.126:USR5453-AP# set ip-route with gateway 10.10.12.126 in-use yesSet DNS Nameservers to Use Static IP Addresses (Dynamic to Manual Mode)This example shows how to reconfigure DNS Nameservers from Dynamic mode (where name server IP addresses are assigned through DHCP) to Manual mode, and specify static IP addresses for them.1. Check to see which mode the DNS Name Service is running in. (In this example, DNS naming is running in DHCP mode initially because the following command returns up for the mode.)USR5453-AP# get host dns-via-dhcpup2. Turn off Dynamic DNS Nameservers and re-check the settings:USR5453-AP# set host dns-via-dhcp downUSR5453-AP# get host dns-via-dhcpdown3. Get the current IP addresses for the DNS Nameservers:USR5453-AP# get host static-dns-110.10.3.9USR5453-AP# get host static-dns-210.10.3.11
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 2004. Re-set the IP addresses for the DNS Nameservers as desired:USR5453-AP# set host static-dns-1 10.10.3.10USR5453-AP# get host static-dns-110.10.3.10USR5453-AP# set host static-dns-2 10.10.3.12USR5453-AP# get host static-dns-210.10.3.12Set DNS Nameservers to Use DHCP IP Addressing (Manual to Dynamic Mode)To switch DNS Nameservers from Manual (static IP addresses) to Dynamic mode (nameserver addresses assigned by DHCP), use the reverse command and check to see the new configuration:USR5453-AP# set host dns-via-dhcp upUSR5453-AP# get host dns-via-dhcpupWireless InterfaceTo set up a wireless (radio) interface, configure the following on each interface (Internal or Guest) as described in other sections of this CLI document.• Configure the Radio Mode and Radio Channel as described in “Configure Radio Settings” on page 219.• Configure the Network Name as described in “Set the Wireless Network Name (SSID)” on page 182.SecurityThe following sections show examples of how to use the CLI to view and configure security settings on the access point. These settings correspond to those available in the Web User Interface on the Advanced menu’s Security tab. For a detailed discussion of concepts and configuration options, see“Security” on page 91.This section focuses on configuring security on the Internal network. (Security on the Guest network defaults to None. See “When to Use No Security” on page 92.)This table shows a quick view of Security commands and links to detailed examples.NoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface or to the Internal or Guest network.Security Command ExampleGet the Current Security Modeget interface wlan0 security
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 201Get the Current Security ModeUSR5453-AP# get interface wlan0 securitynoneGet Detailed Description of Current Security SettingsUSR5453-AP# get bss wlan0bssInternal detailField Value---------------------------------------------status updescription Internalradio wlan0beacon-interface wlan0mac 00:0C:41:16:DF:A6dtim-periodmax-stationsignore-broadcast-ssid offmac-acl-mode deny-listmac-acl-name wlan0bssInternalradius-accountingradius-ip 127.0.0.1radius-key secretopen-system-authenticationshared-key-authenticationwpa-cipher-tkipwpa-cipher-ccmpwpa-allowed offwpa2-allowed offrsn-preauthenticationGet Detailed Description of Current Secu-rity Settingsget bss wlan0bssInternal detailget interface wlan0 detailSet the Broadcast SSID (Allow or Prohibit)set bss wlan0bssInternal ignore-broadcast-ssid onset bss wlan0bssInternal ignore-broadcast-ssid offEnable / Disable Station IsolationSet Security to Noneset interface wlan0 security plain-textSet Security to Static WEP See detailed example in “Set Security to Static WEP” on page 202.Set Security to IEEE 802.1x See detailed example in“Set Security to IEEE 802.1x” on page 206.Set Security to WPA/WPA2 Personal (PSK)See detailed example in “Set Security to WPA/WPA2 Personal (PSK)” on page 208.Set Security to WPA/WPA2 Enterprise (RADIUS)See detailed example in “Set Security to WPA/WPA2 Enterprise (RADIUS)” on page 210.Security Command Example
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 202Set the Broadcast SSID (Allow or Prohibit)To set the Broadcast SSID to on (allow): USR5453-AP# set bss wlan0bssInternal ignore-broadcast-ssid onTo set the Broadcast SSID to off (prohibit):USR5453-AP# set bss wlan0bssInternal ignore-broadcast-ssid offEnable / Disable Station IsolationUSR5453-AP# get radio wlan0 station-isolationoffUSR5453-AP# set radio wlan0 station-isolation offUSR5453-AP# get radio wlan0 detailField Value---------------------------------------------------------------status updescription Radio 1 - IEEE 802.11gmacmax-bss 4channel-policy staticmode gstatic-channel 6channel 6tx-power 100tx-rx-status upbeacon-interval 100rts-threshold 2347fragmentation-threshold 2346load-balance-disassociation-utilization 0load-balance-disassociation-stations 0load-balance-no-association-utilization 0ap-detection offstation-isolation offfrequency 2437wme onSet Security to NoneUSR5453-AP# set interface wlan0 security noneSet Security to Static WEP1. Set the Security Mode 2. Set the Transfer Key Index 3. Set the Key Length 4. Set the Key Type 5. Set the WEP Keys 6. Set the Authentication Algorithm 7. Get Current Security Settings After Re-Configuring to Static WEP Security Mode
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 2031. Set the Security ModeUSR5453-AP# set interface wlan0 security static-wep2. Set the Transfer Key IndexThe following commands set the Transfer Key Index to 4.USR5453-AP# set interface wlan0 wep-default-key 1USR5453-AP# set interface wlan0 wep-default-key 2USR5453-AP# set interface wlan0 wep-default-key 3USR5453-AP# set interface wlan0 wep-default-key 43. Set the Key LengthFor the CLI, valid values for Key Length are 40 bits or 104 bits.To set the WEP Key Length, type one of the following commands:In this example, you will set the WEP Key Length to 40.USR5453-AP# set interface wlan0 wep-key-length 404. Set the Key TypeValid values for Key Type are ASCII or Hex. The following commands set the Key Type.In this example, you will set the Key Type to ASCII:USR5453-AP# set interface wlan0 wep-key-ascii yesNoteThe Key Length values used by the CLI do not include the initialisation vector in the length. On the Web User Interface, longer Key Length values may be shown which include the 24-bit initialisation vector. A Key Length of 40 bits (not including initialisation vector) is equivalent to a Key Length of 64 bits (with initialisation vector). A Key Length of 104 bits (not including initialisation vector) is equivalent to a Key Length of 128 bits (which includes the initialisation vector).To set the WEP Key Length to 40 bits:set interface wlan0 wep-key-length 40To set the WEP Key Length to 104 bits:set interface wlan0 wep-key-length 104To set the Key Type to ASCII:set interface wlan0 wep-key-ascii yesTo set the Key Type to Hex:set interface wlan0 wep-key-ascii no
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 2045. Set the WEP KeysUSR5453-AP# set interface wlan0 wep-key-1 abcdeUSR5453-AP# set interface wlan0 wep-key-2 fghiUSR5453-AP# set interface wlan0 wep-key-3 klmnoUSR5453-AP# set interface wlan0 wep-key-46. Set the Authentication AlgorithmThe options for the authentication algorithm are Open System, Shared Key or Both:In this example, you will set the authentication algorithm to Shared Key:USR5453-AP# set bss wlan0bssInternal shared-key-authentication onUSR5453-AP# set bss wlan0bssInternal open-system-authentication off7. Get Current Security Settings After Re-Configuring to Static WEP Security ModeNow you can use the "get" command again to view the updated security configuration and see the results of your new settings.The following command gets the security mode in use on the Internal network:USR5453-AP# get interface wlan0 securitystatic-wepThe following command gets details on how the internal network is configured, including details on Security. USR5453-AP# get bss wlan0bssInternal detailField ValueNoteThe number of characters required for each WEP key depends on how you set Key Length and Key Type:• If Key Length is 40 bits and the Key Type is "ASCII", then each WEP key be 5 characters long.• If Key Length is 40 bits and Key Type is "Hex", then each WEP key must be 10 characters long.• If Key Length is 104 bits and Key Type is "ASCII", then each WEP Key must be 13 characters long.• If Key Length is 104 bits and Key Type is "Hex", then each WEP Key must be 26 characters long.Although the CLI will allow you to enter WEP keys of any number of characters, you must use the cor-rect number of characters for each key to ensure a valid security configuration.To set Authentication Algorithm to Open System:set bss wlan0bssInternal open-system-authentication onset bss wlan0bssInternal shared-key-authentication offTo set Authentication Algorithm to Shared Key:set bss wlan0bssInternal open-system-authentication offset bss wlan0bssInternal shared-key-authentication onTo set Authentication Algorithm to Both:set bss wlan0bssInternal open-system-authentication onset bss wlan0bssInternal shared-key-authentication on
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 205---------------------------------------------status updescription Internalradio wlan0beacon-interface wlan0mac 00:0C:41:16:DF:A6dtim-period 2max-stations 2007ignore-broadcast-ssid offmac-acl-mode deny-listmac-acl-name wlan0bssInternalradius-accounting offradius-ip 127.0.0.1radius-key secretopen-system-authentication offshared-key-authentication onwpa-cipher-tkip offwpa-cipher-ccmp offwpa-allowed offwpa2-allowed offrsn-preauthentication offThe following command gets details on the interface and shows the WEP Key settings, specifically.USR5453-AP# get interface wlan0 detailField Value-------------------------------------------type service-setstatus updescription Wireless - Internalmac 00:0C:41:16:DF:A6ip 0.0.0.0static-ip 0.0.0.0static-masknatrx-bytes 0rx-packets 0rx-errors 0rx-drop 0rx-fifo 0rx-frame 0rx-compressed 0rx-multicast 0tx-bytes 259662tx-packets 722tx-errors 0tx-drop 0tx-fifo 0tx-colls 0tx-carrier 0tx-compressed 0ssid Vicky’s APbss wlan0bssInternalsecurity static-wep
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 206wpa-personal-keywep-key-ascii yeswep-key-length 104wep-default-key 4wep-key-1 abcdewep-key-2 fghijwep-key-3 klmnowep-key-4vlan-interfacevlan-idradioremote-macwep-keySet Security to IEEE 802.1x1. Set the Security Mode 2. Set the Authentication Server 3. Set the RADIUS Key (For External RADIUS Server Only) 4. Enable RADIUS Accounting (External RADIUS Server Only) 5. Get Current Security Settings After Re-Configuring to IEEE 802.1x Security Mode1. Set the Security ModeUSR5453-AP# set interface wlan0 security dot1x2. Set the Authentication ServerYou can use the built-in authentication server on the access point or an external RADIUS server.In this example, you will set it to use the built-in server:USR5453-AP# set bss wlan0bssInternal radius-ip 127.0.0.13. Set the RADIUS Key (For External RADIUS Server Only)If you use an external RADIUS server, you must provide the RADIUS key. (If you use the built-in authentication server the RADIUS key is automatically provided.)This command sets the RADIUS key to secret for an external RADIUS server.NoteTo use the built-in authentication server, set the RADIUS IP address to that used by the built-in server (127.0.0.1) and turn RADIUS accounting off (because it is not supported by the built-in server)RADIUS Option ExampleTo set the AP to use the Built-in Authentication Server:set bss wlan0bssInternal radius-ip 127.0.0.1To set the AP to use an External RADIUS Server:set bss wlan0bssInternal radius-ip RADIUS_IP_Addresswhere RADIUS_IP_Address is the IP address of an external RADIUS server.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 207USR5453-AP# set bss wlan0bssInternal radius-key secret4. Enable RADIUS Accounting (External RADIUS Server Only)You can enable RADIUS Accounting if you want to track and measure the resources a particular user has consumed such system time, amount of data transmitted and received, and so on.In this example, you will disable RADIUS accounting since you are using the built-in server:USR5453-AP# set bss wlan0bssInternal radius-accounting off5. Get Current Security Settings After Re-Configuring to IEEE 802.1x Security ModeNow you can use the "get" command again to view the updated security configuration and see the results of your new settings.The following command gets the security mode in use on the Internal network:USR5453-AP# get interface wlan0 securitydot1xThe following command gets details on how the internal BSS is configured, including details on Security. USR5453-AP# get bss wlan0bssInternal detailField Value---------------------------------------------status updescription Internalradio wlan0beacon-interface wlan0mac 00:0C:41:16:DF:A6dtim-period 2max-stations 2007ignore-broadcast-ssid offmac-acl-mode deny-listmac-acl-name wlan0bssInternalradius-accounting offradius-ip 127.0.0.1radius-key secretopen-system-authentication offshared-key-authentication onwpa-cipher-tkip offwpa-cipher-ccmp offwpa-allowed offwpa2-allowed offNoteRADIUS accounting is not supported by the built-in server, so if you are using the built-in server make sure that RADIUS accounting is off.To enable RADIUS accounting:set bss wlan0bssInternal radius-accounting onTo disable RADIUS accounting:set bss wlan0bssInternal radius-accounting off
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 208rsn-preauthentication offSet Security to WPA/WPA2 Personal (PSK)1. Set the Security Mode 2. Set the WPA Versions 3. Set the Cipher Suites 4. Set the Pre-shared Key 5. Get Current Security Settings After Re-Configuring to WPA/WPA2 Personal (PSK)1. Set the Security ModeUSR5453-AP# set interface wlan0 security wpa-personal2. Set the WPA VersionsSelect the WPA version based on what types of client stations you want to support.In this example, you will set the access point to support Both WPA and WPA2 client stations:USR5453-AP# set bss wlan0bssInternal wpa-allowed on USR5453-AP# set bss wlan0bssInternal wpa2-allowed onWPA Option ExampleWPA: If all client stations on the network support the original WPA but none support the newer WPA2, then use WPA.To support WPA clients:set bss wlan0bssInternal wpa-allowed onset bss wlan0bssInternal wpa2-allowed offWPA2: If all client stations on the network support WPA2, we suggest using WPA2 which provides the best security per the IEEE 802.11i standard.To support WPA2 clients:set bss wlan0bssInternal wpa-allowed offset bss wlan0bssInternal wpa2-allowed onBoth: If you have a mix of clients, some of which support WPA2 and others which support only the original WPA, select "Both". This lets both WPA and WPA2 client stations assoicate and authenticate, but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interoperability, at the expense of some security. To support both WPA and WPA2 clients:set bss wlan0bssInternal wpa-allowed onset bss wlan0bssInternal wpa2-allowed on
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 2093. Set the Cipher SuitesSet the cipher suite you want to use. The options are:In this example, you will set the cipher suite to Both:USR5453-AP# set bss wlan0bssInternal wpa-cipher-tkip onUSR5453-AP# set bss wlan0bssInternal wpa-cipher-ccmp on4. Set the Pre-shared KeyThe Pre-shared Key is the shared secret key for WPA-PSK. Enter a string of at least 8 characters to a maximum of 63 characters. Following are two examples; the first sets the key to "SeCret !", the second sets the key to "KeepSecret".Ex 1. USR5453-AP# set interface wlan0 wpa-personal-key "SeCret !"orEx 2. USR5453-AP# set interface wlan0 wpa-personal-key KeepSecretCipher Suite Option ExampleTKIP: Temporal Key Integrity Protocol (TKIP), which is the default.To set the cipher suite to TKIP only:set bss wlan0bssInternal wpa-cipher-tkip onset bss wlan0bssInternal wpa-cipher-ccmp offCCMP (AES) - Counter mode/CBC-MAC Protocol (CCMP) is an encryption method for IEEE 802.11i that uses the Advanced Encryption Algorithm (AES).To set the cipher suite to CCMP (AES) only:set bss wlan0bssInternal wpa-cipher-tkip offset bss wlan0bssInternal wpa-cipher-ccmp onBoth - When the authentication algorithm is set to "Both", both TKIP and AES clients can asso-ciate with the access point. WPA clients must have either a valid TKIP key or a valid CCMP (AES) key to be able to associ-ate with the AP.To set the cipher suite to Both:set bss wlan0bssInternal wpa-cipher-tkip onset bss wlan0bssInternal wpa-cipher-ccmp onNoteShared secret keys can include spaces and special characters if the key is placed inside quotation marks as in the first example above. If the key is a string of characters with no spaces or special char-acters in it, the quotation marks are not necessary as in the second example above..
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 2105. Get Current Security Settings After Re-Configuring to WPA/WPA2 Personal (PSK)Now you can use the "get" command again to view the updated security configuration and see the results of your new settings.The following command gets the security mode in use on the Internal network:USR5453-AP# get interface wlan0 securitywpa-personalThe following command gets details on how the internal network is configured, including details on Security. USR5453-AP# get bss wlan0bssInternal detailField Value---------------------------------------------status updescription Internalradio wlan0beacon-interface wlan0mac 00:0C:41:16:DF:A6dtim-periodmax-stationsignore-broadcast-ssid offmac-acl-mode deny-listmac-acl-name wlan0bssInternalradius-accountingradius-ip 127.0.0.1radius-key secretopen-system-authenticationshared-key-authenticationwpa-cipher-tkip onwpa-cipher-ccmp onwpa-allowed onwpa2-allowed onrsn-preauthenticationSet Security to WPA/WPA2 Enterprise (RADIUS)1. Set the Security Mode 2. Set the WPA Versions 3. Enable Pre-Authentication 4. Set the Cipher Suites 5. Set the Authentication Server 6. Set the RADIUS Key (For External RADIUS Server Only) 7. Enable RADIUS Accounting (External RADIUS Server Only)) 8. Get Current Security Settings After Re-Configuring to WPA/WPA2 Enterprise (RADIUS) 8. Get Current Security Settings After Re-Configuring to WPA/WPA2 Enterprise (RADIUS)1. Set the Security ModeUSR5453-AP# set interface wlan0 security wpa-enterprise
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 2112. Set the WPA VersionsSelect the WPA version based on what types of client stations you want to support.In this example, you will set the access point to support WPA client stations only:USR5453-AP# set bss wlan0bssInternal wpa-allowed onUSR5453-AP# set bss wlan0bssInternal wpa2-allowed offWPA Option ExampleWPA: If all client stations on the network support the original WPA but none support the newer WPA2, then use WPA.To support WPA clients:set bss wlan0bssInternal wpa-allowed onset bss wlan0bssInternal wpa2-allowed offWPA2: If all client stations on the network support WPA2, we suggest using WPA2 which provides the best security per the IEEE 802.11i standard.To support WPA2 clients:set bss wlan0bssInternal wpa-allowed offset bss wlan0bssInternal wpa2-allowed onBoth: If you have a mix of clients, some of which support WPA2 and others which support only the original WPA, select "Both". This lets both WPA and WPA2 client stations assoicate and authenticate, but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interoperability, at the expense of some security. To support both WPA and WPA2 clients:set bss wlan0bssInternal wpa-allowed onset bss wlan0bssInternal wpa2-allowed on
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 2123. Enable Pre-AuthenticationIf you set WPA versions to "WPA2" or "Both", you can enable pre-authentication for WPA2 clients.This option does not apply if you set the WPA Version to support "WPA" clients only because the original WPA does not support this pre-authenticationIn this example, you will disable pre-authentication.USR5453-AP# set bss wlan0bssInternal rsn-preauthentication off4. Set the Cipher SuitesSet the cipher suite you want to use. The options are:Enable pre-authentication if you want WPA2 wireless clients to send pre-authentication packet. The pre-authentica-tion information will be relayed from the access point the client is currently using to the target access point. Enabling this fea-ture can help speed up authentication for roaming clients who connect to multiple access points.To enable pre-authentication for WPA2 clients:set bss wlan0bssInternal rsn-preauthentication onTo disable pre-authentication for WPA2 clients:set bss wlan0bssInternal rsn-preauthentication onCipher Suite Option ExampleTKIP: Temporal Key Integrity Protocol (TKIP), which is the default.To set the cipher suite to TKIP only:set bss wlan0bssInternal wpa-cipher-tkip onset bss wlan0bssInternal wpa-cipher-ccmp offCCMP (AES) - Counter mode/CBC-MAC Protocol (CCMP) is an encryption method for IEEE 802.11i that uses the Advanced Encryption Algorithm (AES).To set the cipher suite to CCMP (AES) only:set bss wlan0bssInternal wpa-cipher-tkip offset bss wlan0bssInternal wpa-cipher-ccmp on
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 213In this example, you will set the cipher suite to TKIP Only:USR5453-AP# set bss wlan0bssInternal wpa-cipher-tkip onUSR5453-AP# set bss wlan0bssInternal wpa-cipher-ccmp off5. Set the Authentication ServerYou can use the built-in authentication server on the access point or an external RADIUS server.In this example, you will use an external RADIUS server with an IP address of 142.77.1.1:USR5453-AP# set bss wlan0bssInternal radius-ip 142.77.1.16. Set the RADIUS Key (For External RADIUS Server Only)If you use an external RADIUS server, you must provide the RADIUS key. (If you use the built-in authentication server the RADIUS key is automatically provided.)This command sets the RADIUS key to KeepSecret for an external RADIUS server.USR5453-AP# set bss wlan0bssInternal radius-key KeepSecret7. Enable RADIUS Accounting (External RADIUS Server Only)You can enable RADIUS Accounting if you want to track and measure the resources a particular user has Both - When the authentication algorithm is set to "Both", both TKIP and AES clients can asso-ciate with the access point. WPA clients must have either a valid TKIP key or a valid CCMP (AES) key to be able to associ-ate with the AP.To set the cipher suite to Both:set bss wlan0bssInternal wpa-cipher-tkip onset bss wlan0bssInternal wpa-cipher-ccmp onNoteTo use the built-in authentication server, set the RADIUS IP address to that used by the built-in server (127.0.0.1) and turn RADIUS accounting off (because it is not supported by the built-in server)RADIUS Option ExampleTo set the AP to use the Built-in Authentication Server:set bss wlan0bssInternal radius-ip 127.0.0.1To set the AP to use an External RADIUS Server:set bss wlan0bssInternal radius-ip RADIUS_IP_Addresswhere RADIUS_IP_Address is the IP address of an external RADIUS server.Cipher Suite Option Example
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 214consumed such system time, amount of data transmitted and received, and so on.For this example, you will enable RADIUS accounting for your external RADIUS server:USR5453-AP# set bss wlan0bssInternal radius-accounting on8. Get Current Security Settings After Re-Configuring to WPA/WPA2 Enterprise (RADIUS)Now you can use the "get" command again to view the updated security configuration and see the results of your new settings.The following command gets the security mode in use on the Internal network:USR5453-AP# get interface wlan0 securitywpa-enterpriseThe following command gets details on how the internal network is configured, including details on Security. USR5453-AP# get bss wlan0bssInternal detailField Value---------------------------------------------status updescription Internalradio wlan0beacon-interface wlan0mac 00:0C:41:16:DF:A6dtim-period 2max-stations 2007ignore-broadcast-ssid offmac-acl-mode deny-listmac-acl-name wlan0bssInternalradius-accounting onradius-ip 142.77.1.1radius-key KeepSecretopen-system-authentication onshared-key-authentication offwpa-cipher-tkip onwpa-cipher-ccmp offwpa-allowed onwpa2-allowed offrsn-preauthentication offNoteRADIUS accounting is not supported by the built-in server, so if you are using the built-in server make sure that RADIUS accounting is off.To enable RADIUS accounting:set bss wlan0bssInternal radius-accounting onTo disable RADIUS accounting:set bss wlan0bssInternal radius-accounting off
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 215Enable/Configure Guest Login Welcome PageYou can set up a "captive portal" that Guest clients will see when they log on to the Guest network. or modify the Welcome screen guest clients see when they open a Web browser or try to browse the Web. View Guest Login SettingsTo view the current settings for Guest Login:USR5453-AP# get portalField Value---------------------------------------------------------------------------status downwelcome-screen onwelcome-screen-text Thank you for using wireless Guest Access as provided by this U.S. Robotics Corporation wireless AP. Upon clicking "Accept", you will gain access to our wireless guest network. This network allows complete access to the Internet but is external to the corporate network. Please note that this network is not configured to provide any level of wireless security.Enable/Disable the Guest Welcome PageTo enable the Guest welcome page:USR5453-AP# set portal status upTo disable the Guest welcome page:USR5453-AP# set portal status downSet Guest Welcome Page TextTo specify the text for the Guest welcome page:USR5453-AP# set portal welcome-screen-text "Welcome to the Stephens Network"Guest Welcome Option ExampleView Guest Login Settings:get portalEnable/Disable the Guest Welcome Pageset portal statusSet Guest Welcome Page Textl:set portal welcome-screen-text "Welcome Screen Text"Where "Welcome Screen Text" is the content of the Welcome message you want displayed on the Guest Welcome Web Page. The Welcome message must be in quotes if it contains spaces, punctuation, and special characters."NoteGuest Login settings are only relevant if you have first configured a Guest Network. For information about configuring a Guest Network, see “Set Up Guest Access” on page 195.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 216Review Guest Login SettingsThe following example shows the results of the "set portal" command after specifying some new settings:USR5453-AP# get portalField Value-----------------------------------------------------status upwelcome-screen onwelcome-screen-text Welcome to the Stephens NetworkConfiguring Multiple BSSIDs on Virtual Wireless NetworksConfiguring Virtual Wireless Network "One" on Radio One1. Configure these settings from the Web User Interface first:• On Advanced menu’s Ethernet (Wired) Settings tab on the Web User Interface, enable Virtual Wireless Networks as described in “Enabling and Disabling Virtual Wireless Networks on the Access Point” on page 82.• On Advanced menu’s Virtual Wireless Networks tab on the Web User Interface, provide a VLAN ID as described in “Configuring VLANs” on page 116.2. Use the CLI to configure Security on the interface.The following example shows commands for configuring WPA/WPA2 Enterprise (RADIUS) security mode, allowing "Both" WPA and WPA2 clients to authenticate and using a TKIP cipher suite:USR5453-AP# set bss wlan0bssvwn1 open-system-authentication onUSR5453-AP# set bss wlan0bssvwn1 shared-key-authentication onUSR5453-AP# set bss wlan0bssvwn1 wpa-allowed onUSR5453-AP# set bss wlan0bssvwn1 wpa2-allowed onUSR5453-AP# set bss wlan0bssvwn1 wpa-cipher-tkip onUSR5453-AP# set bss wlan0bssvwn1 wpa-cipher-ccmp offUSR5453-AP# set bss wlan0bssvwn1 radius-ip 127.0.0.1USR5453-AP# set bss wlan0bssvwn1 radius-key secretUSR5453-AP# set bss wlan0bssvwn1 status upUSR5453-AP# set interface wlan0vwn1 security wpa-enterprise3. Use the CLI to set the Network Name (SSID) for the new Virtual Wireless Network:USR5453-AP# set interface wlan0vwn1 ssid my-vwn-oneNoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface or to the Internal or Guest network,.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 217Creating VWN 'Two' on Radio One with WPA securityTo configure the second Virtual Wireless Network, repeat steps 1-3 as described above (in Configuring Virtual Wireless Network "One" on Radio One) with the following differences:• Create a second VLAN ID from the Web User Interface with a new SSID• In the CLI commands, replace wlan0bssvwn1 with wlan0bssvwn2.Radio SettingsThis table shows a quick view of Radio Settings commands and provides links to detailed examples.Get IEEE 802.11 Radio ModeTo get the current setting for radio Mode:USR5453-AP# get radio wlan0 modegNoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface or to the Internal or Guest network.Radio Setting Command ExampleGet Radio Settingsget radio get radio wlan0 get radio wlan0 detailGet IEEE 802.11 Radio Modeget radio wlan0 modeGet Radio Channelget radio wlan0 channelGet Basic Radio Settingsget radio wlan0Get All Radio Settingsget radio wlan0 detailGet Supported Rate Setget supported-rateGet Basic Rate Setget basic-rateConfigure Radio Settings See detailed examples in:“1. Turn the Radio On or Off” on page 220 “2. Set the Radio Mode” on page 220 “3. Enable or Disable Super G” on page 220 “4. Set the Beacon Interval” on page 220 “5. Set the DTIM Period” on page 220 “6. Set the Fragmentation Threshold” on page 220 “7. Set the RTS Threshold” on page 221 “8. Configure Basic and Supported Rate Sets” on page 221
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 218(The radio in this example is using IEEE 802.11g mode.)Get Radio ChannelTo get the current setting for radio Channel:USR5453-AP# get radio wlan0 channel6(The radio in this example is on Channel 6.)Get Basic Radio SettingsTo get basic current Radio settings:USR5453-AP# get radio wlan0Field Value----------------------status upmacchannel-policy staticmode gstatic-channel 6channel 6tx-rx-status upGet All Radio SettingsTo get all current Radio settings: get radio wlan0 detailUSR5453-AP# get radio wlan0 detailField Value----------------------------------------------------status updescription IEEE 802.11macmax-bss 2channel-policy staticmode gstatic-channel 6channel 6tx-power 100tx-rx-status upbeacon-interval 100rts-threshold 2347fragmentation-threshold 2346load-balance-disassociation-utilization 0load-balance-disassociation-stations 0load-balance-no-association-utilization 0ap-detection offstation-isolation offfrequency 2437
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 219wme onGet Supported Rate SetThe Supported Rate Set is what the access point supports. The access point will automatically choose the most efficient rate based on factors like error rates and distance of client stations from the access point.USR5453-AP# get supported-ratename rate-----------wlan0 54wlan0 48wlan0 36wlan0 24wlan0 18wlan0 12wlan0 11wlan0 9wlan0 6wlan0 5.5wlan0 2wlan0 1Get Basic Rate SetThe Basic Rate Set is what the access point will advertise to the network for the purposes of setting up communication with other APs and client stations on the network. It is generally more efficient to have an access point broadcast a subset of its supported rate sets.USR5453-AP# get basic-ratename rate-----------wlan0 11wlan0 5.5wlan0 2wlan0 1Configure Radio Settings1. Turn the Radio On or Off 2. Set the Radio Mode 3. Enable or Disable Super G 4. Set the Beacon Interval 5. Set the DTIM Period 6. Set the Fragmentation Threshold 7. Set the RTS Threshold 8. Configure Basic and Supported Rate SetsNoteTo get a list of all fields you can set on the access point radio, type the following at the CLI prompt: set radio wlan0 [SpaceKey] [TAB] [TAB]
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 2201. Turn the Radio On or Off2. Set the Radio ModeValid values depend on the capabilities of the radio. Possible values and how you would use the CLI to set each one are shown below.The following command sets the Wireless Mode to IEEE 802.11g:USR5453-AP# set radio wlan0 mode g3. Enable or Disable Super GYou cannot enable/disable Super G from the CLI. You must set this from the Web User Interface. For information on how to set this option, please see the field description for this option in “Configuring Radio Settings” on page 120.4. Set the Beacon IntervalThe following command sets the beacon interval to 80.USR5453-AP# set radio wlan0 beacon-interval 805. Set the DTIM PeriodThe Delivery Traffic Information Map (DTIM) period indicates how often wireless clients should check to see if they have buffered data on the access point awaiting pickup. The measurement is in beacons. Specify a DTIM period within a range of 1 - 255 beacons. For example, if you set this to "1" clients will check for buffered data on the access point at every beacon. If you set this to "2", clients will check on every other beacon.The following command sets the DTIM interval to 3.USR5453-AP# set bss wlan0bssInternal dtim-period 3To get the updated value for DTIM interval after you have changed it:USR5453-AP# get bss wlan0bssInternal dtim-period36. Set the Fragmentation ThresholdYou can specify a fragmentation threshold as a number between 256 and 2,346 to set the frame size threshold in bytes. The fragmentation threshold is a way of limiting the size of packets (frames) transmitted over the network. If a packet exceeds the fragmentation threshold set here, the fragmentation function will be activated and the packet will be sent as multiple 802.11 frames. If the packet being transmitted is equal to or less than the threshold, fragmentation will not be used. Setting the threshold to the largest value To turn the radio on:set radio wlan0 status upTo turn the radio off:set radio wlan0 status downIEEE 802.11b set radio wlan0 mode bIEEE 802.11g set radio wlan0 mode g
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 221(2,346 bytes) effectively disables fragmentation. The following command sets the fragmentation threshold to 2000.USR5453-AP# set radio wlan0 fragmentation-threshold 20007. Set the RTS ThresholdYou can specify an RTS Threshold value between 0 and 2347. The RTS threshold specifies the packet size of a request to send (RTS) transmission. This helps control traffic flow through the access point, especially one with a lot of clients. The following command sets the RTS threshold at USR5453-AP# set radio wlan0 rts-threshold 23468. Configure Basic and Supported Rate SetsThe following command adds "48" as a basic rate to wlan0 (the internal, wireless interface):USR5453-AP# add basic-rate wlan0 rate 48To get the basic rates currently configured for this access point:USR5453-AP# get basic-ratename rate-----------wlan0 11wlan0 5.5wlan0 2wlan0 1wlan1 24wlan1 12wlan1 6wlan0 48The following command adds "9" as a supported rate to wlan0 (the internal, wireless interface):USR5453-AP# add supported-rate wlan0 rate 9To get the supported rates currently configured for this access point (using "wlan0" as the interface for this example):Add a basic rate setadd basic-rate WirelessInterface rate SomeRateFor example: add basic-rate wlan0 rate 48Get current basic ratesget basic-rateAdd supported rateadd supported-rate WirelessInterfaceName rate SomeRateFor example: add supported-rate wlan0 rate 9Get current supported ratesget supported-rate wlan0
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 222USR5453-AP# get supported-rate wlan0rate----125.56111218243648549MAC FilteringYou can control access to Professional Access Point based on Media Access Control (MAC) addresses. Based on how you set the filter, you can allow only client stations with a listed MAC address or prevent access to the stations listed.Specify an Accept or Deny List Add MAC Addresses of Client Stations to the Filtering List Remove a Client Station’s MAC Address from the Filtering List Get Current MAC Filtering SettingsSpecify an Accept or Deny ListTo set up MAC filtering you first need to specify which type of list you want to configureNoteYou can use the get command to view current rate sets from the CLI as described in “Get Supported Rate Set” on page 219 and “Get Basic Rate Set” on page 219. However, cannot reconfigure Sup-ported Rate Sets or Basic Rate Sets from the CLI. You must use the Advanced menu’s Radio page on the Web User Interface to configure this feature.NoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface or to the Internal or Guest network.To set up an Accept list:(With this type of list, client stations whose MAC addresses are listed will be allowed access to the access point.)set bss wlan0bssInternal mac-acl-mode accept-list
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 223Add MAC Addresses of Client Stations to the Filtering ListTo add a MAC address to the list:add mac-acl wlan0bssInternal mac MAC_Address_Of_ClientWhere MAC_Address_Of_Client is the MAC address of a wireless client you want to add to the MAC filtering list.For example, to add 4 new clients to the list with the following MAC addresses:USR5453-AP# add mac-acl wlan0bssInternal mac 00:01:02:03:04:05USR5453-AP# add mac-acl wlan0bssInternal mac 00:01:02:03:04:06USR5453-AP# add mac-acl wlan0bssInternal mac 00:01:02:03:04:07USR5453-AP# add mac-acl wlan0bssInternal mac 00:01:02:03:04:08Remove a Client Station’s MAC Address from the Filtering ListTo remove a MAC address from the list:remove mac-acl wlan0bssInternal mac MAC_Address_Of_ClientWhere MAC_Address_Of_Client is the MAC address of a wireless client you want to remove from the MAC filtering list.For example:USR5453-AP# remove mac-acl wlan0bssInternal mac 00:01:02:03:04:04Get Current MAC Filtering SettingsGet the Type of MAC Filtering List Currently Set (Accept or Deny)The following command shows which type of MAC filtering list is currently configured:USR5453-AP# get bss wlan0bssInternal mac-acl-modeaccept-listGet MAC Filtering ListThe following command shows the clients on the MAC filtering list:USR5453-AP# get mac-aclname mac-----------------------------------wlan0bssInternal 00:01:02:03:04:05To set up a Deny list:(With this type of list, the access point will prevent access to client stations whose MAC addresses are listed.)set bss wlan0bssInternal mac-acl-mode deny-list
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 224wlan0bssInternal 00:01:02:03:04:06wlan0bssInternal 00:01:02:03:04:07wlan0bssInternal 00:01:02:03:04:08Load BalancingLoad balancing parameters affect the distribution of wireless client connections across multiple access points. Using load balancing, you can prevent scenarios where a single access point in your network shows performance degradation because it is handling a disproportionate share of the wireless traffic. (For an overview of Load Balancing, see “Load Balancing” on page 129.)The access point provides default settings for load balancing.The following command examples reconfigure some load balancing settings and get details on the configuration:USR5453-AP# set radio wlan0 load-balance-disassociation-stations 2USR5453-AP# get radio wlan0 load-balance-disassociation-stations2USR5453-AP# set radio wlan0 load-balance-disassociation-utilization 25USR5453-AP#USR5453-AP# get radio wlan0 load-balance-disassociation-utilization25USR5453-AP# set radio wlan0 load-balance-no-association-utilization 50USR5453-AP#USR5453-AP# get radio wlan0 load-balance-no-association-utilization50Quality of ServiceQuality of Service (QoS) provides you with the ability to specify parameters on multiple queues for increased throughput and better performance of differentiated wireless traffic like Voice-over-IP (VoIP), other types of audio, video, and streaming media as well as traditional IP data over the Professional Access Point.For a complete conceptual overview of QoS, see“Quality of Service” on page 133.NoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface or to the Internal or Guest network.NoteBefore configuring this feature from the CLI, make sure you are familiar with the names of the inter-faces as described in “Understanding Interfaces as Presented in the CLI” on page 177 The interface name referenced in a command determines if a setting applies to a wired or wireless interface or to the Internal or Guest network.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 225This table shows a quick view of QOS commands and provides links to detailed examples.Enable/Disable Wi-Fi MultimediaBy default, Wi-Fi MultiMedia (WMM) is enabled on the access point. With WMM enabled, QoS settings on QoS Command ExampleEnable/Disable Wi-Fi Multimedia set radio wlan0 wme off set radio wlan0 wme on get radio wlan0 wmeAbout Access Point and Station EDCA ParametersSee “About Access Point and Station EDCA Parameters” on page 226.Understanding the Queues for Access Point and StationSee “Understanding the Queues for Access Point and Station” on page 226.Distinguishing between Access Point and Station Settings in QoS CommandsSee ““Distinguishing between Access Point and Station Settings in QoS Commands” on page 226.Get QoS Settings on the Access Pointget tx-queueGet QoS Settings on the Client Stationget wme-queueSet Arbirtation Interframe Spaces (AIFS) On the access point: set wme-queue wlan0 with queue Queue_Name to aifs AIFS_ValueOn a client station: set wme-queue wlan0 with queue Queue_Name to aifs AIFS_ValueSee examples in “Set Arbirtation Interframe Spaces (AIFS)” on page 227Setting Minimum and Maximum Conten-tion Windows (cwmin, cwmax)On the access point: set tx-queue wlan0 with queue Queue_Name to cwmin cwmin_Value cwmax cwmax_ValueOn a client station: set wme-queue wlan0 with queue Queue_Name to cwmin cwmin_Value cwmax cwmax_ValueSee examples in “Setting Minimum and Maximum Contention Win-dows (cwmin, cwmax)” on page 228.Set the Maximum Burst Length (burst) on the Access Pointset tx-queue wlan0 with queue Queue_Name to burst burst_ValueSee examples in “Set the Maximum Burst Length (burst) on the Access Point” on page 229.Set Transmission Opportunity Limit (txop-limit) for WMM client stationsset wme-queue wlan0 with queue Queue_Name to txop-limit txop-limit_ValueSee examples in “Set Transmission Opportunity Limit (txop-limit) for WMM client stations” on page 230.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 226the Professional Access Point control both downstream traffic flowing from the access point to client station (access point EDCA parameters) and upstream traffic flowing from the station to the access point (station EDCA parameters). Enabling WMM essentially activates station-to-access-point QoS control.Disabling WMM will deactivates QoS control of "station EDCA parameters" on upstream traffic flowing from the station to the access point. With WMM disabled, you can still set downstream access-point-to-station QoS parameters but no station-to-access-point QoS parameters.• To disable WMM:USR5453-AP# set radio wlan0 wme offUSR5453-AP# get radio wlan0 wmeoff• To enable WMM:USR5453-AP# set radio wlan0 wme onUSR5453-AP# get radio wlan0 wmeonAbout Access Point and Station EDCA ParametersAP Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the access point to the client station (access-point-to-station).Station Enhanced Distributed Channel Access (EDCA) Parameters affect traffic flowing from the client station to the access point (station-to-access-point). Keep in mind that station-to-access-point parameters apply only when WMM is enabled as described in “Enable/Disable Wi-Fi Multimedia” on page 225.Understanding the Queues for Access Point and StationThe same types of queues are defined for different kinds of data transmitted from access-point-to-station and station-to-access-point but they are referenced by differently depending on whether you are configuring access point or station parameters. Distinguishing between Access Point and Station Settings in QoS CommandsAccess Point - To get and set QoS settings on the access point, use "tx-queue" class name in the command.Data Access Point StationVoice - Highest priority queue, minimum delay. Time-sensitive data such as VoIP and streaming media are automatically sent to this queue.data0 voVideo - High priority queue, minimum delay. Time-sensitive video data is automatically sent to this queue.data1 viBest Effort - Medium priority queue, medium throughput and delay. Most traditional IP data is sent to this queue.data2 beBackground - Lowest priority queue, high throughput. Bulk data that requires maximum throughput and is not time-sensitive is sent to this queue (FTP data, for example).data3 bk
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 227Station - To get and set QoS settings on the client station, use the "wme-queue" class name in the command.Get QoS Settings on the Access PointTo view the current QoS settings and queue names for access-point-to-station parameters:USR5453-AP# get tx-queuename queue aifs cwmin cwmax burst---------------------------------------wlan0 data0 1 3 7 1.5wlan0 data1 1 7 15 3.0wlan0 data2 3 15 63 0wlan0 data3 7 15 1023 0Get QoS Settings on the Client StationTo view the current QoS settings queue names for station-to-access-point parameters:USR5453-AP# get wme-queuename queue aifs cwmin cwmax txop-limit--------------------------------------------wlan0 vo 2 3 7 47wlan0 vi 2 7 15 94wlan0 be 3 15 1023 0wlan0 bk 7 15 1023 0Set Arbirtation Interframe Spaces (AIFS)Arbitration Inter-Frame Spacing (AIFS) specifies a wait time (in milliseconds) for data frames.Valid values for AIFS are 1-255.Set AIFS on the Access PointTo set AIFS on access-point-to-station traffic:set tx-queue wlan0 with queue Queue_Name to aifs AIFS_ValueWhere Queue_Name is the queue on the access point to which you want the setting to apply and AIFS_Value is the wait time value you want to specify for AIFS.For example, this command sets the AIFS wait time on the access point Voice queue (data0) to 13 milliseconds.USR5453-AP# set tx-queue wlan0 with queue data0 to aifs 13View the results of this configuration update (bold in the command output highlights the modified value):USR5453-AP# get tx-queuename queue aifs cwmin cwmax burst---------------------------------------
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 228wlan0 data0 13 3 7 1.5wlan0 data1 1 7 15 3.0wlan0 data2 3 15 63 0wlan0 data3 7 15 1023 0Set AIFS on the Client StationTo set the AIFS on station-to-access-point traffic:set wme-queue wlan0 with queue Queue_Name to aifs AIFS_ValueWhere Queue_Name is the queue on the station to which you want the setting to apply and AIFS_Value is the wait time value you want to specify for AIFS.For example, this command sets the AIFS wait time on the station Voice queue (vo) to 14 milliseconds.USR5453-AP# set wme-queue wlan0 with queue vo to aifs 14View the results of this configuration update (bold in the command output highlights the modified value):USR5453-AP# get wme-queuename queue aifs cwmin cwmax txop-limit--------------------------------------------wlan0 vo 14 3 7 47wlan0 vi 2 7 15 94wlan0 be 3 15 1023 0wlan0 bk 7 15 1023 0Setting Minimum and Maximum Contention Windows (cwmin, cwmax)The Minimum Contention Window (cwmin) sets the upper limit (in milliseconds) of the range from which the initial random backoff wait time is determined. For more details, see “Random Backoff and Minimum / Maximum Contention Windows” on page 136.)Valid values for the "cwmin" are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1023. The value for "cwmin" must be lower than the value for "cwmax".The Maximum Contention Window (cwmax) sets the upper limit (in milliseconds) for the doubling of the random backoff value. This doubling continues until either the data frame is sent or the Maximum Contention Window size is reached. For more details, see “Random Backoff and Minimum / Maximum Contention Windows” on page 136.)Valid values for the "cwmax" are 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1023. The value for "cwmax" must be higher than the value for "cwmin".Set cwmin and cwmax on the Access PointTo set the Minimum and Maximum Contention Windows (cwmin, cwmax) on access-point-to-station traffic:set tx-queue wlan0 with queue Queue_Name to cwmin cwmin_Value cwmax cwmax_ValueWhere Queue_Name is the queue on the access point to which you want the setting to apply and cwmin_Value and cwmax_Value are the values (in milliseconds) you want to specify for contention back-off windows.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 229For example, this command sets the access point Video queue (data1) cwmin value to 15 and cwmax value to 31.USR5453-AP# set tx-queue wlan0 with queue data1 cwmin 15 cwmax 31View the results of this configuration update (bold in the command output highlights the modified values):USR5453-AP# get tx-queuename queue aifs cwmin cwmax burst---------------------------------------wlan0 data0 13 3 7 1.5wlan0 data1 1 15 31 3.0wlan0 data2 3 15 63 0wlan0 data3 7 15 1023 0Set cwmin and cwmax on the StationTo set the Minimum and Maximum Contention Windows (cwmin, cwmax) on station-to-access-point traffic:set wme-queue wlan0 with queue Queue_Name to cwmin cwmin_Value cwmax cwmax_ValueWhere Queue_Name is the queue on the station to which you want the setting to apply and cwmin_Value and cwmax_Value are the values (in milliseconds) you want to specify for contention back-off windows.For example, this command sets the client station Video queue (vi) cwmin value to 15 and cwmax value to 31.USR5453-AP# set wme-queue wlan0 with queue vi cwmin 7 cwmax 15View the results of this configuration update (bold in the command output highlights the modified values):USR5453-AP# get wme-queuename queue aifs cwmin cwmax txop-limit--------------------------------------------wlan0 vo 14 3 7 47wlan0 vi 2 7 15 94wlan0 be 3 15 1023 0wlan0 bk 7 15 1023 0Set the Maximum Burst Length (burst) on the Access PointThe Maximum Burst Length (burst) specifies (in milliseconds) the Maximum Burst Length allowed for packet bursts on the wireless network. A packet burst is a collection of multiple frames transmitted without header information. The burst applies only to the access point (access-point-to-station traffic).Valid values for maximum burst length are 0.0 through 999.9.To set the maximum burst length on access-point-to-station traffic:set tx-queue wlan0 with queue Queue_Name to burst burst_ValueWhere Queue_Name is the queue on the access point to which you want the setting to apply and burst_Value is the wait time value you want to specify for maximum burst length.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 230For example, this command sets the maximum packet burst length on the access point Best Effort queue (data2) to 0.5.USR5453-AP# set tx-queue wlan0 with queue data2 to burst 0.5View the results of this configuration update (bold in the command output highlights the modified value):USR5453-AP# get tx-queuename queue aifs cwmin cwmax burst---------------------------------------wlan0 data0 13 3 7 1.5wlan0 data1 1 15 31 3.0wlan0 data2 3 15 63 0.5wlan0 data3 7 15 1023 0Set Transmission Opportunity Limit (txop-limit) for WMM client stationsThe Transmission Opportunity Limit (txop-limit) specifies an interval of time (in milliseconds) when a WMM client station has the right to initiate transmissions on the wireless network. The txop-limit applies only to the client stations (station-to-access-point traffic).To set the txop-limit on station-to-access-point traffic:set wme-queue wlan0 with queue Queue_Name to txop-limit txop-limit_ValueWhere Queue_Name is the queue on the station to which you want the setting to apply and txop-limit_Value is the value you want to specify for the txop-limit.For example, this command sets the txop-limit on the station Voice queue (vo) to 49.USR5453-AP# set wme-queue wlan0 with queue vo to txop-limit 49View the results of this configuration update (bold in the command output highlights the modified value):USR5453-AP# get wme-queuename queue aifs cwmin cwmax txop-limit--------------------------------------------wlan0 vo 14 3 7 49wlan0 vi 2 7 15 94wlan0 be 3 15 1023 0wlan0 bk 7 15 1023 0
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 231Wireless Distribution SystemThis table shows a quick view of WDS commands and links to detailed examples.Configuring a WDS LinkTo set up a Wireless Distribution System (WDS) link between two wireless networks:1. Enable the WDS interface (wlan0wds0) on the current access point:USR5453-AP# set interface wlan0wds0 status upUSR5453-AP# set interface wlan0wds0 radio wlan02. Provide the MAC address of the remote access point to which you want to link:USR5453-AP# set interface wlan0wds0 remote-mac MAC_Address_Of_Remote_APFor example:USR5453-AP# set interface wlan0wds0 remote-mac 00:E0:B8:76:1B:14Getting Details on a WDS ConfigurationVerify the configuration of the WDS link you just configured by getting details on the WDS interface:USR5453-AP# get interface wlan0wds0 detailField Value-------------------------------------------------------type wdsstatus updescription Wireless Distribution System - Link 1mac 00:E0:B8:76:26:08ipmaskstatic-ipstatic-maskrx-bytes 0rx-packets 0rx-errors 0rx-drop 0rx-fifo 0NoteBefore configuring this feature, make sure you are familiar with the names of the interfaces as described in “Understanding Interfaces as Presented in the CLI” on page 177. The interface name you reference in a command determines whether a setting applies to a wired or wireless interface or to the Internal or Guest network.WDS Command ExampleConfiguring a WDS Link See detailed command example below.Configuring a WDS Linkget interface wlan0wds0 detail
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 232rx-frame 0rx-compressed 0rx-multicast 0tx-bytes 0tx-packets 0tx-errors 0tx-drop 0tx-fifo 0tx-colls 0tx-carrier 0tx-compressed 0ssidbsssecuritywpa-personal-keywep-key-ascii nowep-key-length 104wep-default-keywep-key-1wep-key-2wep-key-3wep-key-4vlan-interfacevlan-idradio wlan0remote-mac 00:E0:B8:76:1B:14wep-keyTime ProtocolThe Network Time Protocol (NTP) is an Internet standard protocol that synchronizes computer clock times on your network. NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. NTP sends periodic time requests to servers, using the returned time stamp to adjust its clock. The timestamp will be used to indicate the date and time of each event in log messages. See http://www.ntp.org for more general information on NTP.To enable the Network Time Protocol (NTP) server on the access point do the following:1. Enable the NTP Serverset ntp status up2. Provide the Host Name or Address of an NTP Serverset ntp server NTP_ServerWhere NTP_Server is the host name or IP address of the NTP server you want to use. (USRobotics recom-mends using the host name rather than the IP address, since IP addresses these change more frequently.)For example, this command sets the NTP server by host name to "ntp.instant802.com"set ntp server ntp.instant802.com3. Get Current Time Protocol SettingsUSR5453-AP# get ntp detail
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 233Field Value--------------------------status upserver ntp.instant802.comReboot the Access PointTo reboot the access point, simply type "reboot" at the command line:USR5453-AP# rebootReset the Access Point to Factory DefaultsIf you are experiencing extreme problems with the Professional Access Point and have tried all other troubleshooting measures, you can reset the access point. This will restore factory defaults and clear all settings, including settings such as a new password or wireless settings.The following command resets the access point from the CLI:USR5453-AP# factory-resetKeyboard Shortcuts and Tab Completion HelpThe CLI provides keyboard shortcuts to help you navigate the command line and build valid commands, along with "tab completion" hints on available commands that match what you have typed so far. Using the CLI will be easier if you use the tab completion help and learn the keyboard shortcuts.•Keyboard Shortcuts•Tab Completion and HelpNoteKeep in mind that the factory-reset command resets only the access point you are currently admin-istering; not other access points in the cluster.For information on the factory default settings, see “Default Settings for the Professional Access Point” on page 6.
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 234Keyboard ShortcutsTab Completion and HelpHelp on commands can be requested at the command line interface (CLI) by using the TAB key. (See also “Basic Settings” on page 179.)Hitting TAB once will attempt to complete the current command.If multiple completions exist, a beep will sound and no results will be displayed. Enter TAB again to display all available completions.Action on CLI Keyboard ShortcutMove cursor to the beginning of the current line Ctrl-a HomeMove cursor to the end of the current line Ctrl-e EndMove cursor back on the current line, one character at a time Ctrl-b Left Arrow keyMove the cursor forward on the current line, one character at a time Ctrl-f Right Arrow KeyStart over at a blank command prompt (abandons the input on the current line) Ctrl-cRemove one character on the current line. Ctrl-hRemove the last word in the current command.(Clears one word at a time from the current command line, always starting with the last word on the line.)Ctrl-WRemove characters starting from cursor location to end of the current line.(Clears the current line from the cursor forward.)Ctrl-kRemove all characters before the cursor.(Clears the current line from the cursor back to the CLI prompt.)Ctrl-UClear screen but keep current CLI prompt and input in place. Ctrl-lDisplay previous command in history.(Ctrl-p and Ctrl-n let you cycle through a history of all executed commands like Up and Down arrow keys typically do. Up/Down arrow keys also work for this.)Ctrl-p Up Arrow keyDisplay next command in history.(Ctrl-p and Ctrl-n let you cycle through a history of all executed commands like Up and Down arrow keys typically do. Up/Down arrow keys also work for this.)Ctrl-n Down Arrow keyExit the CLI. (At a blank command prompt, typing Ctrl-d closes the CLI.)(Typing Ctrl-d within command text also removes characters, one at a time, at cur-sor location like Ctrl-h.)Ctrl-d
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 235•Example 1: At a blank command line, hit TAB twice to get a list of all commands.USR5453-AP#add Add an instance to the running configurationfactory-reset Reset the system to factory defaultsget Get field values of the running configurationreboot Reboot the systemremove Remove instances in the running configurationsave-running Save the running configurationset Set field values of the running configuration•Example 2: Type "get " TAB TAB (including a space after get) to see a list of all field options for the get command.USR5453-AP# getassociation Associated stationbasic-rate Basic rate of the radiobridge-port Bridge ports of bridge interfacesbss Basic Service Set of the radiocluster Clustering-based configuration settingscluster-member Member of a cluster of like-configured access pointsconfig Configuration settingsdetected-ap Detected access pointdhcp-client DHCP client settingsdot11 IEEE 802.11host Internet host settingsinterface Network interfaceip-route IP route entryklog-entry Kernel log entrylog Log settingslog-entry Log entrymac-acl MAC address access list itemntp Network Time Protocol clientportal Guest captive portalradio Radioradius-user RADIUS userssh SSH access to the command line interfacesupported-rate Supported rates of the radiosystem System settingstelnet Telnet access to the command line interfacetx-queue Transmission queue parameterswme-queue Transmission queue parameters for stations•Example 3: Type "get system v" TAB. This will result in completion with the only matching field, "get sys-tem version". (Hit ENTER to get the output results of the command.)USR5453-AP# get system vUSR5453-AP# get system version•Example 4: Type "set" TAB TAB (including a space after set) to get a list of all field options for the set command.USR5453-AP# setbss Basic Service Set of the radiocluster Clustering-based configuration settingscluster-member Member of a cluster of like-configured access poconfig Configuration settings
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 236dhcp-client DHCP client settingsdot11 IEEE 802.11host Internet host settingsinterface Network interfaceip-route IP route entrylog Log settingsmac-acl MAC address access list itemntp Network Time Protocol clientportal Guest captive portalradio Radioradius-user RADIUS userssh SSH access to the command line interfacesystem System settingstelnet Telnet access to the command line interfacetx-queue Transmission queue parameterswme-queue Transmission queue parameters for stations•Example 5: Type "set mac" TAB, and the command will complete with the only matching option:USR5453-AP# set mac-acl•Example 6: Type "set cluster" TAB TAB, and the two matching options are displayed:USR5453-AP# set clustercluster Clustering-based configuration settingscluster-member Member of a cluster of like-configured access points•Example 7: Type "add" TAB TAB (including a space after add) to get a list of all field options for the add command.USR5453-AP# addbasic-rate Basic rate of the radiobridge-port Bridge ports of bridge interfacesbss Basic Service Set of the radiointerface Network interfacemac-acl MAC address access list itemradius-user RADIUS usersupported-rate Supported rate of the radio•Example 8: Type "remove" TAB TAB (including a space after remove) to get a list of all field options for the remove commandUSR5453-AP# removebasic-rate Basic rate of the radiobridge-port Bridge ports of bridge interfacesbss Basic Service Set of the radiointerface Network interfaceip-route IP route entrymac-acl MAC address access list itemradius-user RADIUS usersupported-rate Supported rates of the radioCLI Class and Field OverviewThe following is an introduction to the CLI classes and fields. For a complete reference guide, see “Class
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 237and Field Reference” on page 239.Configuration information for the Professional Access Point is represented as a set of classes and objects.Different kinds of information uses different classes. For example, information about a network interface is represented by the "interface" class, while information about an NTP client is represented by the "ntp" class.Depending on the type of class, there can be multiple instances of a class. For example, there is one instance of the "interface" class for each network interface that the access point has (Ethernet, radio, and so on), while there is just a singleton instance of the "ntp" class, since an access point needs only a single NTP client. Some classes require their instances to have names to differentiate between them; these are called named classes. For example, one interface might have a name of eth0 to indicate that it is an Ethernet interface, while another interface could have a name of wlan0 to indicate it is a wireless LAN (WLAN) interface. Instances of singleton classes do not have names, since they only have a single instance. Classes that can have multiple instances but do not have a name are called anonymous classes. Together, singleton and anonymous classes are called unnamed classes. Some classes require their instances to have names, but the multiple instances can have the same name to indicate that they are part of the same group. These are called group classes. Each class defines a set of fields, that describe the actual information associated with a class. Each instance of a class will have a value for each field that contains the information. For example, the interface class has fields such as "ip" and "mask". For one instance, the ip field might have a value of 192.168.1.1 while the mask field has a value of 255.255.0.0; another instance might have an ip field with a value of 10.0.0.1 and mask field with a value of 255.0.0.0.has name? \ # of instances? one multipleno singleton anonymousyes - unique n/a unique namedyes - non-unique n/a group named
Professional Access Point Administrator GuideClass Structure, Commands, and Examples - 238Figure 10. CLI Class Relationships
Professional Access Point Administrator GuideClass and Field Reference - 239Class and Field ReferenceClass IndexassociationClass Description association An associated station.basic-rate A radio rate.bridge-port A port that is a member of a bridge.bss A BSS of a radio.cluster Stores arbitrary data.cluster-member Stores arbitrary data.config Config settings.detected-ap A detected access point.dhcp-client The handler for the DHCP client class.dot11 802.11 settings (all radios).host IP host settings.interface A network interface. ip-route An IP route.jvm Java Virtual Machine.kickstartd The handler for the kickstartd classlog Access point log settings.log-entry An entry in the log.mac-acl A MAC access list entry.ntp Network Time Protocol client settings.portal Guest captive portal settings.radio A physical radio.radius-user A local authentication server user.serial The handler for the serial class.snmp SNMP server. ssh The handler for the ssh class.supported-rate A radio rate.system System-wide settings.telnet The handler for the telnet class.traphost An SNMP trap destination host.tx-queue A transmission queue.web-ui Web user interface settings.wme-queue A WME station queue.
Professional Access Point Administrator GuideClass and Field Reference - 240Persistent: No.Purpose: An associated station.Field IndexinterfacePurpose The interface with which the station is associated.Valid values Linux network interface name.stationPurpose The MAC address of the station.Valid values Six colon-separated octets in hexadecimal.authenticatedPurpose Whether the station is authenticated.Valid values "Yes" or "-".associatedPurpose Whether the station is associated.Valid values "Yes" or "-".rx-packetsPurpose The number of packets received from the station.Valid values Positive integer.tx-packetsPurpose The number of packets transmitted by the station.Valid values Positive integer.Field Description interface The interface with which the station is associated. station The MAC address of the station. authenticated Whether the station is authenticated. associated Whether the station is associated. rx-packets The number of packets received from the station. tx-packets The number of packets transmitted by the station. rx-bytes The number of bytes received from the station. tx-bytes The number of bytes transmitted by the station. tx-rate The transmission rate. listen-interval The listen interval.
Professional Access Point Administrator GuideClass and Field Reference - 241rx-bytesPurpose The number of bytes received from the station. Valid values Positive integer.tx-bytesPurpose The number of bytes transmitted by the station. Valid values Positive integer.tx-ratePurpose The transmission rate. Valid values A rate, in 100 kbps.listen-intervalPurpose The listen interval. Valid values A time, in ms.basic-ratePersistent: Yes.Purpose: A radio rate.Description: Used to set the rate sets of radios.Field IndexratePurpose A radio rate in MBps. Note that you cannot change an existing rate field; you can only insert or delete the entire instance.Valid values Positive integer, or 5.5.bridge-portPersistent: Yes. Purpose: A port that is a member of a bridge.Field Descriptionrate A radio rate in MBps.
Professional Access Point Administrator GuideClass and Field Reference - 242Field Indexpath-costPurpose The path cost. Used only when STP is on. Valid values 1-65535.priorityPurpose The port priority. Used only when STP is on.Valid values 0-255.bssPersistent: Yes. Purpose: A BSS of a radio.Description: Represents a basic service set.Field Descriptionpath-cost The path cost.priority The port priority.
Professional Access Point Administrator GuideClass and Field Reference - 243Field IndexstatusPurpose Controls whether this is on or off.Valid values "up" or "down".descriptionPurpose A human-readable description of the interface.Valid values an ASCII string.radioPurpose The radio this is part of.Valid values The name of an existing radio instance.beacon-interfacePurpose The service-set interface to send beacons for.Valid values The name of an existing interface instance with type of service-set.Field Descriptionstatus Controls whether this is on or off.description A human-readable description of the interface.radio The radio this is part of.beacon-interface The service-set interface to send beacons for.mac The MAC address of the interface.dtim-period Delivery Traffic Information Map period.max-stations Maximum number of stations.ignore-broadcast-ssid Do not send SSID in beacons and ignore probe requests.mac-acl-mode MAC address Access Control List mode.mac-acl-name The name of the mac access control list to use.radius-accounting Whether RADIUS accounting is enabled.radius-ip The RADIUS server IP address.radius-key The RADIUS server shared secret.open-system-authentica-tionWhether Open System authentication is permitted.shared-key-authentica-tionWhether Shared Key authentication is permitted.wpa-cipher-tkip Whether TKIP is permitted as a WPA cipher.wpa-cipher-ccmp Whether CCMP is permitted as a WPA cipher.
Professional Access Point Administrator GuideClass and Field Reference - 244macPurpose The MAC address of the interface. Read-only; value is determined by the starting MAC of the radio. Valid values 6 colon-separated hexadecimal digit pairs.dtim-periodPurpose Delivery Traffic Information Map period. Valid values 1-225.max-stationsPurpose Maximum number of stations. Valid values 0-2007.ignore-broadcast-ssidPurpose Do not send SSID in beacons and ignore probe requests. Valid values "on" or "off".mac-acl-modePurpose MAC address Access Control List mode. Valid values "deny-list": deny only stations in list. "accept-list": accept only stations in list. */mac-acl-namePurpose The name of the mac access control list to use. Valid values the name of existing mac-acl instances.radius-accountingPurpose Whether RADIUS accounting is enabled. If unset defaults to "off".Valid values "on" or "off".radius-ipPurpose The RADIUS server IP address.Valid values An IP address.radius-keyPurpose The RADIUS server shared secret. Valid values A string.
Professional Access Point Administrator GuideClass and Field Reference - 245open-system-authenticationPurpose Whether Open System authentication is permitted. Valid values "on" or "off".shared-key-authenticationPurpose Whether Shared Key authentication is permitted. Valid values "on" or "off".wpa-cipher-tkipPurpose Whether TKIP is permitted as a WPA cipher. Valid values "on" or "off".wpa-cipher-ccmpPurpose Whether CCMP is permitted as a WPA cipher. Valid values "on" or "off".channel-plannerPersistent: Yes.Purpose: Stores arbitrary data.Field IndexThis class has the same fields as class cluster-member.clusterPersistent: Yes.Purpose: Stores arbitrary data.Field IndexThis class has the same fields as class cluster-member.cluster-memberPersistent:Yes.
Professional Access Point Administrator GuideClass and Field Reference - 246Purpose: Stores arbitrary data.Description: No services are restarted.configPersistent:Yes. Purpose: Configuration settings.Description: Used for configuration fields.Field IndexstartupPurpose Configuration at boot time. Write-only.Valid values "default": Reset to factory defaults. "rescue": Reset to rescue. "running": Save running configuration.defaultPurpose Configuration after factory reset. Write-only. Valid values "rescue": Reset to rescue. "running": Save running configuration.no-external-updatesPurpose Prevent external configuration updates. Valid values "up" or "down".debugPersistent:Yes. Purpose: Access point debug settings.Description: The debugging parameters of the access point.Field Descriptionstartup Configuration at boot time.default Configuration after factory reset.no-external-updates Prevent external configuration updates
Professional Access Point Administrator GuideClass and Field Reference - 247Field IndexlevelPurpose Level of debugging information.Valid values 0-5.timestampPurpose Add a timestamp to debugging information.Valid values "on" or "off".klevelPurpose Level of kernel debugging information.Valid values 1-8.olevelPurpose Level of Orchestrator debugging information.Valid values 0-7.ologhostPurpose Host for Orchestrator to send syslogs to.Valid values IP address.detected-apPersistent:No. Purpose: A detected access point.Description: Represents an access point that has been detected by passive scanning.Field Descriptionlevel Level of debugging information.timestamp Add a timestamp to debugging information.klevel Level of kernel debugging information.olevel Level of Orchestrator debugging information.ologhost Host for Orchestrator to send syslogs to.
Professional Access Point Administrator GuideClass and Field Reference - 248Field IndexmacPurpose The MAC address of the AP.Valid values Six colon-separated octets in hexadecimal.radio Purpose The radio that detected the AP.Valid values Linux network interface name.beacon-intervalPurpose The beacon interval of the AP in kus (1.024 ms). Valid values Positive integer.capabilityPurpose The capabilities of the AP. Valid values C-formatted hexadecmial bitflag.Field Descriptionmac The MAC address of the AP.radio The radio that detected the AP.beacon-interval The beacon interval of the AP in kus (1.capability The capabilities of the AP.type The type of device detected.privacy Whether privacy (WEP or WPA) is enabled.ssid The SSID of the AP.wpa Whether WPA security is enabled.phy-type The mode our radio was in when the AP was detected.band The RF band the AP was detected in.channel The channel of the AP.rate The rate of the AP.signal The signal of the AP.erp The ERP of the AP.beacons The number of beacons received from this AP.last-beacon The time of the last beacon received from this AP.supported-rates The supported rates of the AP.
Professional Access Point Administrator GuideClass and Field Reference - 249typePurpose The type of device detected.Valid values "AP", "Ad hoc", or "Other".privacyPurpose Whether privacy (WEP or WPA) is enabled.Valid values "On" or "Off".ssidPurpose The SSID of the AP.Valid values String of up to 32 octets.wpaPurpose Whether WPA security is enabled.Valid values "On" or "Off".phy-typePurpose The mode your radio was in when the AP was detected.Valid values 4: IEEE 802.11b. 7: IEEE 802.11g.bandPurpose The RF band the AP was detected in.Valid values "2.4" or "5".channelPurpose The channel of the AP.Valid values Positive integer.ratePurpose The rate of the AP.Valid values Positive integer.signalPurpose The signal of the AP.Valid values Positive integer.
Professional Access Point Administrator GuideClass and Field Reference - 250erpPurpose The ERP of the AP.Valid values C-formatted hexadecimal number.beaconsPurpose The number of beacons received from this AP.Valid values Positive integer.last-beaconPurpose The time of the last beacon received from this AP.Valid values Date and time, in Unix time format.supported-ratesPurpose The supported rates of the AP.Valid values Bracketed list of hexadecimal rate codes.dhcp-clientPersistent:Yes. Purpose: The handler for the DHCP client class.Description: Represents a DHCP client.Field Index statusPurpose Controls whether this is on or off.Valid values "up" or "down".interfacePurpose The interface to perform DHCP on.Valid values The name of an existing interface instance. */Field Descriptionstatus Controls whether this is on or off.interface The interface to perform DHCP on.
Professional Access Point Administrator GuideClass and Field Reference - 251dot11Persistent:Yes.Purpose: 802.11 settings (all radios).Description: Represents the wireless functions of the access point.Field IndexstatusPurpose Controls whether 802.11 is in use. Valid values "up" or "down".debugPurpose The debugging level for 802.11.Valid values 0-3.dot11dPurpose Whether AP should enable 802.11dValid values "up" or "down".hostPersistent:Yes. Purpose: IP host settings.Description: Used for IP host fields.Field Descriptionstatus Controls whether 802.debug The debugging level for 802.dot11d Whether AP should enable 802.
Professional Access Point Administrator GuideClass and Field Reference - 252Field Indexdns-[12]Purpose Domain name servers in use.Valid values IP address.domain Purpose Domain name in use.Valid values DNS domain name.idpurpose The host name.Valid values DNS domain name.static-dns-[12]Purpose Domain name servers to use when not obtained through DHCP.Valid values IP address.static-domainPurpose Domain name to use when not obtained through DHCP.Valid values DNS domain name.dns-via-dhcpPurpose Whether DNS parameters are obtained through DHCP.Valid values "up" or "down".Field Descriptiondns-[12] Domain name servers in use.domain Domain name in use.id The host name.static-dns-[12] Domain name servers to use when not obtained through DHCP.static-domain Domain name to use when not obtained through DHCP.dns-via-dhcp Whether DNS parameters are obtained through DHCP.
Professional Access Point Administrator GuideClass and Field Reference - 253interfacePersistent:Yes. Purpose: A network interface.Description: Used for per-interface fields.Field IndexipPurpose The actual IP address of this interface. Read-only.Valid values IP address.maskPurpose The actual netmask of this interface. Read-only.Field Descriptionip The actual IP address of this interface.mask The actual netmask of this interface.status Controls whether this is on or off.type The type of the interface.description A human-readable description of the inter-face.mac The MAC address of the interface.static-ip The static IP address of this interface.static-mask The static netamsk of this interface.rx-bytes Received bytes.rx-packets Received packets.rx-errors Received packets with errors.rx-drop Received packets that were dropped.rx-fifo Received packets with FIFO overflows.rx-frame Received packets with frame errors.rx-compressed Received packets with compression.rx-multicast Received packets that were multicast.tx-bytes Transmitted bytes.tx-packets Transmitted packets.tx-errors Transmitted packets with errors.tx-drop Transmitted packets that were dropped.tx-fifo Transmitted packets with FIFO overflows.tx-colls Transmitted packets will collisions.tx-carrier Transmitted packets with carrier errors.tx-compressed Transmitted packets with compression.
Professional Access Point Administrator GuideClass and Field Reference - 254Valid values Netmask in dotted-decimal notation.statusPurpose Controls whether this is on or off.Valid values "up" or "down".typePurpose The type of the interface. Used to determine what additional fields are available. Read-only.Valid values "service-set", "bridge", "vlan", "wds", "pptp", "pppoe".descriptionPurpose A human-readable description of the interface.Valid values an ASCII string.macPurpose The MAC address of the interface.Valid values 6 colon-separated hexadecimal digit pairs.static-ipPurpose The static IP address of this interface. Used when DHCP is not in use.Valid values IP address.static-maskPurpose The static netamsk of this interface. Used when DHCP is not in use.Valid values Netmask in dotted-decimal notation.rx-bytesPurpose Received bytes.Valid values Integer.rx-packetsPurpose Received packets.Valid values Integer.rx-errorsPurpose Received packets with errors.Valid values Integer.
Professional Access Point Administrator GuideClass and Field Reference - 255rx-dropPurpose Received packets that were droppedValid values Integer.rx-fifoPurpose Received packets with FIFO overflows.Valid values Integer.rx-framePurpose Received packets with frame errors.Valid values Integer.rx-compressedPurpose Received packets with compression.Valid values Integer.rx-multicastPurpose Received packets that were multicast.Valid values Integer.tx-bytesPurpose Transmitted bytes.Valid values Integer.tx-packetsPurpose Transmitted packets.Valid values Integer.tx-errorsPurpose Transmitted packets with errors.Valid values Integer.tx-dropPurpose Transmitted packets that were dropped.Valid values Integer.tx-fifoPurpose Transmitted packets with FIFO overflows.
Professional Access Point Administrator GuideClass and Field Reference - 256Valid values Integer.tx-collsPurpose Transmitted packets will collisions.Valid values Integer.tx-carrierPurpose Transmitted packets with carrier errors.Valid values Integer.tx-compressedPurpose Transmitted packets with compression.Valid values Integer.ip-routePersistent:Yes. Purpose: An IP route.Description: An IP route.Field Indexin-usePurpose Whether the route is currently in use. Read-only.Valid values "up" or "down".destinationPurpose The destination network prefix.Valid values IP address prefix.maskPurpose The mask of the destination network prefix.Field Descriptionin-use Whether the route is currently in use.destination The destination network prefix.mask The mask of the destination network prefix.gateway The router by which the destination is reach-able.
Professional Access Point Administrator GuideClass and Field Reference - 257Valid values Netmask.gateway Purpose The router by which the destination is reachable.Valid values IP address.jvmPersistent:No. Purpose: Java Virtual Machine.Description: Represents a JVM.Field IndexstatusPurpose Controls whether this is on or off.Valid values "up" or "down".kickstartdPersistent:No. Purpose: The handler for the kickstartd class.Description: Represents a kickstartd process.logPersistent:Yes. Purpose: Access point log settings.Description: Access point log messages.Field Descriptionstatus Controls whether this is on or off.
Professional Access Point Administrator GuideClass and Field Reference - 258Field IndexdepthPurpose The number of log entries to keep.Valid values Positive integer.log-entryPersistent:No. Purpose: An entry in the log.Description: An entry in the log.Field IndexnumberPurpose The entry number.Valid values A non-zero integer.priorityPurpose The priority of the log entry.Valid values A non-zero integer.timePurpose The time of the message.Valid values A Unix-format time.daemonPurpose The daemon the message is associated with.Valid values String.Field Descriptiondepth The number of log entries to keepField Descriptionnumber The entry number.priority The priority of the log entry.time The time of the message.daemon The daemon the message is associated with.message The message.
Professional Access Point Administrator GuideClass and Field Reference - 259messagePurpose The message.Valid values String.mac-aclPersistent:Yes. Purpose: A MAC access list entry.Description: Each instance represents a single MAC address. All instances with the same name form a list. This list can be used by BSSes.Field IndexmacPurpose A MAC address.Valid values 6 colon-separated hexadecimal digit pairs. */ntpPersistent:Yes.Purpose: Network Time Protocol client settings.Field IndexstatusPurpose Controls whether this is on or off.Valid values "up" or "down".serverPurpose The NTP server IP address.Valid values An IP address.Field Descriptionmac A MAC address.Field Descriptionstatus Controls whether this is on or off.server The NTP server IP address.
Professional Access Point Administrator GuideClass and Field Reference - 260portalPersistent:Yes. Purpose: Guest captive portal settings.Description: Represents a portal. When a portal is run on an interface, traffic entering that interface does not have unconditional access to the AP - they must satisfy some portal requirements, such as clicking through a welcome screen, before access is given.Field IndexstatusPurpose Controls whether this is on or off.Valid values "up" or "down".welcome-screenPurpose Whether the welcome screen is shown to guest users.Valid values "on" or "off".welcome-screen-textPurpose Text to display on the welcome screen.Valid values HTML.radioPersistent:Yes. Purpose: A physical radio.Description: Represents a physical radio.Field Descriptionstatus Controls whether this is on or off.welcome-screen Whether the welcome screen is shown to guest users.welcome-screen-text Text to display on the welcome screen.
Professional Access Point Administrator GuideClass and Field Reference - 261Field IndexstatusPurpose Controls whether the radio is on or offValid values "up" or "down".descriptionPurpose A human-readable description of the interface.Valid values an ASCII string.macPurpose The MAC address of the radio. If blank, obtains the MAC address of the radio from hard-Field Descriptionstatus Controls whether the radio is on or off.description A human-readable description of the inter-face.mac The MAC address of the radio.max-bss The maximum number of BSSes permitted on this radio.channel-policy The channel policy of this radio.mode The wireless mode of this radio.super-g Whether Super G is enabled.static-channel The static channel of this radio.tx-power The transmit power of this radio.tx-rx-status Whether the radio transmits and receives data.beacon-interval The beacon interval for this radio in kus (1.rts-threshold The size of frames at which RTS/CTS will be used.fragmentation-threshold The size of frames at which they will be frag-mented.load-balance-disassociation-utili-zationThe load that must be exceeded in order for a station to be disassociated.load-balance-disassociation-sta-tionsThe number of associated stations that must be exceeded for a station to be disassoci-ated.load-balance-no-association-utili-zationThe load that must be exceeded in order for new stations to be prohibited from associat-ing.ap-detection Whether AP detection is performed.station-isolation Whether stations are isolated.wme Whether WME is enabled.wme_wifi_noack_test Mode for Wi-Fi noack test.
Professional Access Point Administrator GuideClass and Field Reference - 262ware. This will be used as the starting MAC address for the BSSes.Valid values 6 colon-separated hexadecimal digit pairs.max-bssPurpose The maximum number of BSSes permitted on this radio. This limits the number of bss instances whose radio field can be this radio's name.Valid values Positive integers.channel-policyPurpose The channel policy of this radio.Valid values static: Use static-channel. best: Select the best channel.modePurpose The wireless mode of this radio.Valid values The Valid values depend on the capabilities of the radio: b: IEEE 802.11b. g: IEEE 802.11g.super-gPurpose Whether Super G is enabled. If unset defaults to "no".Valid values "yes" or "no".static-channelPurpose The static channel of this radio. Used when channel policy is static.Valid values Depends on regulatory-domain and mode. All channels are positive integers.tx-powerPurpose The transmit power of this radio.Valid values A percentage.tx-rx-statusPurpose Whether the radio transmits and receives data.Valid values "up" or "down".beacon-intervalPurpose The beacon interval for this radio in kus (1.024 ms).Valid values 20-2000.
Professional Access Point Administrator GuideClass and Field Reference - 263rts-thresholdPurpose The size of frames at which RTS/CTS will be used.Valid values 0-2347.fragmentation-thresholdPurpose The size of frames at which they will be fragmented.Valid values 256-2346.load-balance-disassociation-utilizationPurpose The load that must be exceeded in order for a station to be disassociated. The condition for load-balance-disassociation-stations must also be satisfied, if it is non-zero.Valid values A non-zero percentage, or 0 to disable.load-balance-disassociation-stationsPurpose The number of associated stations that must be exceeded for a station to be disassociated. The condition for load-balance-disassociation-utilization must also be satisfied, if it is non-zero.Valid values 1-2007, or 0 to disable.load-balance-no-association-utilizationPurpose The load that must be exceeded in order for new stations to be prohibited from associating.Valid values A non-zero percentage, or 0 to disable.ap-detectionPurpose Whether AP detection is performed. If on, the detected APs will be represented by instances of the detected-ap class.Valid values "on" or "off".station-isolationPurpose Whether stations are isolated. If on, then stations on this radio cannot exchange data with other stations on this radio.Valid values "on" or "off".wmePurpose Whether WME is enabled. Determines whether wme-queue values will be sent to clients.Valid values "on" or "off".wme_wifi_noack_testPurpose Mode for Wi-Fi noack test.
Professional Access Point Administrator GuideClass and Field Reference - 264Valid values "on" or "off".radius-userPersistent:Yes.Purpose: A local authentication server user.Description: Handles username/password and generates password hashserialPersistent:Yes.Purpose: The handler for the serial class.Description: Represents the serial access to the CLI.snmpPersistent:Yes.Purpose:SNMP server.Description: Represents a SNMP server.Field IndexstatusPurpose Controls whether this is on or off.Valid values "up" or "down".ro-communityPurpose The read-only community name.Valid values String.Field Descriptionstatus Controls whether this is on or off.ro-community The read-only community name.rw-community The read-write community name.ip The IP address of the interface to listen on.engine-id The engine identifier.
Professional Access Point Administrator GuideClass and Field Reference - 265rw-communityPurpose The read-write community name.Valid values String.ipPurpose The IP address of the interface to listen on.Valid values IP address.engine-idPurpose The engine identifier.Valid values A string.sshPersistent:Yes.Purpose: The handler for the ssh class.Description: Represents the SSH.supported-ratePersistent:Yes.Purpose: A radio rate.Field IndexThis class has the same fields as class basic-rate.systemPersistent:Yes.Purpose: System-wide settings.Description: Used for system-wide fields.
Professional Access Point Administrator GuideClass and Field Reference - 266Field IndexpasswordPurpose The login password. Write-only.Valid values String.encrypted-passwordPurpose The login password, crypted.Valid values String.password-initializedPurpose Whether the password has been initialized since first boot.Valid values 1, or blank.reboot Purpose Reboot the system. Write-only.Valid values "yes" to reboot.telnetPersistent:Yes.Purpose: The handler for the telnet class.Description: Represents Telnet access to the CLI.traphostPersistent:Yes.Purpose: An SNMP trap destination host.Description: Represents a trapsink, trap2sink and informsink commands in SNMPD configuration file.Field Descriptionpassword The login password.encrypted-password The login password, crypted.password-initialized Whether the password has been initialized since first boot.reboot Reboot the system.
Professional Access Point Administrator GuideClass and Field Reference - 267Field IndexhostPurpose The host to send traps to.Valid values IP address.communityPurpose The community to send the traps with.Valid values A string.typePurpose The type of traps to send.Valid values "trapsink", "trap2sink", or "informsink".tx-queuePersistent:Yes.Purpose: A transmission queue.Description: Represents transmission queue parameters of a radio. The name of the instance must be the same as the name of the radio it represents.Field Index queuePurpose The queue. Valid values "data0", "data1", "data2", "data3", "mgmt", "after_beacon", or "beacon".Field Descriptionhost The host to send traps to.community The community to send the traps with.type The type of traps to send.Field Descriptionqueue The queue.aifs Adaptive Inter-Frame Space.cwmin Minimum contention window.cwmax Maximum contention window.burst Maximum burst length.
Professional Access Point Administrator GuideClass and Field Reference - 268aifsPurpose Adaptive Inter-Frame Space.Valid values 1-255.cwminPurpose Minimum contention window.Valid values 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1024.cwmaxPurpose Maximum contention window.Valid values 1, 3, 7, 15, 31, 63, 127, 255, 511, or 1024.burstPurpose Maximum burst length.Valid values 0.0-999.9.web-uiPersistent:No.Purpose: Web user interface settings.Description: Represents the web user interface of the AP.Field IndexstatusPurpose Controls whether this is on or off.Valid values "up" or "down".wme-queuePersistent:Yes.Purpose: A WME station queue.Description: Represents queue parameters of a WME station. The name of the instance must be the same as the name of the radio to whose stations it applies to.Field Descriptionstatus Controls whether this is on or off.
Professional Access Point Administrator GuideInstallation and Connectivity Troubleshooting - 269TroubleshootingThis part of the Professional Access Point Administrator Guide addresses installation and post-installation troubleshooting issues as follows:•Installation and Connectivity Troubleshooting•The installation procedure does not begin when I insert the Installation CD-ROM.•The Professional Access Point Detection Utility does not find the access point.•I cannot access the Web User Interface.•I need to configure the access point with an operating system other than Windows.•My wireless device cannot find the wireless network.•I changed the access point settings, and now my wireless device does not establish a wireless connection.•I am experiencing poor wireless link quality.•Configuration Troubleshooting•Wireless Distribution System (WDS) Problems and Solutions•Cluster RecoveryInstallation and Connectivity TroubleshootingThe installation procedure does not begin when I insert the Installa-tion CD-ROM.Possible Solution:You may be running a program that interferes with the autolaunch feature of the CD-ROM. Navigate to your CD-ROM drive and launch Startup.exe.The Professional Access Point Detection Utility does not find the
Professional Access Point Administrator GuideInstallation and Connectivity Troubleshooting - 270access point.Possible Solution 1:1. Ensure that all cables are plugged in firmly, and verify that the access point’s power indicator is lighted.2. In the Detection Utility, click Back and then click Next to restart the discovery process.Possible Solution 2:You can open the access point’s Web User Interface without using the Detection Utility by typing the IP address in your Web browser’s navigation or address bar. To find the IP address of the access point, 1. Using the configuration program for the networking device to which the access point is connected, view the device’s client list.2. Find the MAC address of the access point in the client list.3. Note the IP address the corresponds to the MAC address of the access point.Possible Solution 3:The access point and the administrator machine may not be connected to the same subnet. Bypass your local area network by connecting the access point directly to the administrator computer, then start the Detection Utility again. If the Detection Utility finds the access point, either the two machines were on different subnets or the problem lies within your LAN. If you are unable to connect the Access Point and the administrator computer to the same subnet, you can perform Access Point configuration by using the direct connection. For more information about using this method, see “Setting Up and Launching Your Wireless Network” on page 13.I cannot access the Web User Interface.Possible Solution 1:Verify that you are entering the correct IP address in your Web browser.Possible Solution 2:Reboot the access point by disconnecting and then reconnecting its power adapter.Possible Solution 3:Verify the connection setting of your Web browser, and verify that the HTTP Proxy feature of your Web browser is disabled.Internet Explorer users: 1. Click Tools, click Internet Options, and then click the Connections tab.
Professional Access Point Administrator GuideInstallation and Connectivity Troubleshooting - 2712. Select Never dial a connection, and then click the LAN Settings button.3. Clear all the checkboxes and click OK.4. Click OK again to apply the connection settingNetscape Navigator users: 1. Click Edit, Preferences, and then double-click Advanced in the Category window. 2. Click Proxies, select Direct connection to the Internet, and then click OK. Possible Solution 4:Reset the access point by using a thin object, such as a paper clip, to press the Reset button until both the LAN and WLAN LEDs turn off briefly.I need to configure the access point with an operating system other than Windows.Possible Solution:You must configure the access point through its Web User Interface as follows:1. Find the access point’s IP address:1) Using the configuration program for the networking device to which the access point is connected, view the device’s client list.2) Find the MAC address of the access point in the client list.3) Note the IP address the corresponds to the MAC address of the access point.2. Launch a Web browser, type the IP address of the access point in the browser’s navigation bar, and press Enter.3. You can now log in and perform access point configuration.My wireless device cannot find the wireless network.Possible Solution 1: Move the wireless device closer to the access point. The device may be out of the access point’s range.NoteResetting the access point returns all settings to their factory defaults. You will have to re-enter your configuration settings or restore your configuration backup after resetting the access point.
Professional Access Point Administrator GuideInstallation and Connectivity Troubleshooting - 272Possible Solution 2:Ensure that the wireless device is set to Infrastructure mode and has the following settings in common with the access point:• SSID, also called Network Name.• Kind of security (for example, WPA)• Security key value• 802.11 modeIf you change the settings on the access point, remember to change the settings on your wireless devices also.Possible Solution 3:Ensure that the access point is broadcasting its SSID:1. Open the Web User Interface of the access point.2. From the Advanced menu, select Security.3. Verify that Broadcast SSID is set to Allow.4. Click Update to save any change.Possible Solution 4:If you use MAC filtering on the access point, verify that the MAC address of the client is allowed to access your wireless network: 1. Open the Web User Interface of the access point.2. From the Advanced menu, select MAC Filtering. 3. If you selected Allow only stations in list, verify that the client’s MAC address is included in the Stations List.If you selected Allow any station unless in list, verify that the client’s MAC address is not included in the Stations List.Possible Solution 5:Reboot the access point by disconnecting and then reconnecting its power adapter.
Professional Access Point Administrator GuideConfiguration Troubleshooting - 273Possible Solution 6:Reset the access point by using a thin object, such as a paper clip, to press the Reset button press the Reset button until both the LAN and WLAN LEDs turn off briefly.I changed the access point settings, and now my wireless device does not establish a wireless connection.Possible Solution:Ensure that the client device is using the correct Pass phrase and encryption options. If you changed the settings in the configuration of the Professional Access Point, you must also change the settings of every wireless adapter that needs access to the wireless network. The settings of the wireless PC cards, PCI adapters, or USB adapters must match the new settings of the Professional Access Point.I am experiencing poor wireless link quality.Possible Solution 1:Reposition the access point or the wireless device so that environmental factors, such as lead-based paint or concrete walls, do not interfere with your wireless signal.Possible Solution 2:Create a wireless connection on a different channel so that electronic devices, such as 2.4 GHz phones, do not interfere with your wireless signal. For more information about changing channels, see “Channel Management” on page 53.Configuration TroubleshootingWireless Distribution System (WDS) Problems and SolutionsIf you are having trouble configuring a WDS link, be sure that you have read the notes and cautions in “Configuring WDS Settings” on page 146. These notes are reprinted here for your convenience. The most common problem that administrators encounter with WDS setups is forgetting to set both access points in the link to the same radio channel and IEEE 802.11 mode. That prerequisite, as well as others, is listed in NoteResetting the access point returns all settings to their factory defaults. You will have to re-enter your configuration settings or restore your configuration backup after resetting the access point.
Professional Access Point Administrator GuideConfiguration Troubleshooting - 274the notes below.Cluster RecoveryIn cases where the access points in a cluster become out of sync or an access point cannot join or be removed from a cluster, the following methods for cluster recovery are recommended.Reboot or Reset Access PointApply these recovery methods in the order in which they are listed. In all but the last case (stop clustering), you only need to reset or reboot the access point whose configuration is out of synchronization with other cluster members or that cannot join or be removed from the cluster.1. Reboot the access point by disconnecting and then reconnecting the power cable.2. Reset the access point through its Web User Interface. To do this, go to http://IPAddressOfAcces-sPoint, navigate to the Advanced menu’s Reset Configuration tab, and click the Reset button. (IP addresses for APs are on the Cluster menu’s Access Points page for any cluster member.)3. Reset the access point by pressing the reset button on the device until both the LAN and WLAN LEDs turn off briefly.4. In extreme cases, rebooting or resetting may not solve the problem. In these cases, follow the proce-dure described next in “Stop Clustering and Reset Each Access Point in the Cluster” to recover every Notes• The only security mode available on the WDS link is Static WEP, which is not particularly secure. Therefore, USRobotics recommends using WDS to bridge the Guest network only. Do not use WDS to bridge access points on the Internal network unless you are not concerned about the security risk for data traffic on that network.• When using WDS, be sure to configure WDS settings on both access points participating in the WDS link.• You can have only one WDS link between any pair of access points. That is, a remote MAC address may appear only once on the WDS page for a particular access point.• Both access points participating in a WDS link must be on the same radio channel and use the same IEEE 802.11 mode. (See “Radio” on page 119 for information on configuring the Radio mode and channel.)•Do not create loops with either WDS bridges or combinations of Wired (Ethernet) connections and WDS bridges. Spanning Tree Protocol (STP), which manages path redundancy and prevent unwanted loops, is not available in the Professional Access Point. Keep these rules in mind when working with WDS on the access point:Any two access points can be connected by only a single path; either a WDS bridge (wireless) or an Ethernet connection (wired), but not both.Do not create backup links.If you can trace more than one path between any pair of APs going through any combination of Ethernet or WDS links, you have a loop.You can only extend or bridge either the Internal or Guest network but not both.
Professional Access Point Administrator GuideConfiguration Troubleshooting - 275access point on the subnet.Stop Clustering and Reset Each Access Point in the ClusterIf the previous reboot or reset methods do not solve the problem, do the following to stop clustering and reset all APs.1. Stop clustering on each access point in the cluster.To do this, enter the Stop Clustering URL in the address bar of your Web browser as follows:http://IPAddressOfAccessPoint/stop_clustering.cgiWhere IPAddres0sOfAccessPoint is the IP address of the access point that you want to stop cluster-ing. You can find the IP addresses for the cluster members on the Cluster menu’s Access Points page for any of the clustered access points. USRobotics recommends making a note of all IP addresses at this point.The Stop Clustering page for this access point is displayed.Click Stop Clustering.Repeat this "stop clustering" step for every access point in the cluster.2. Reset each access point.To do this, go to the Web User Interface of the access point you want to reset by entering its URL into the address bar of your Web browser:http://IPAddressOfAccessPoint/Where IPAddres0sOfAccessPoint is the IP address of the access point you want to reset.CautionDo not proceed to the next step of resetting access points until you have stopped clustering on all access points. Make sure that you first stop clustering on every access point on the subnet, and only then perform the next part of the process of resetting each access point to the factory defaults.
Professional Access Point Administrator GuideConfiguration Troubleshooting - 276
Professional Access Point Administrator GuideSupport Information - 277Support InformationIf you are having trouble with the configuration or operation of your access point:1. Refer to the “Troubleshooting” section in this guide.2. Go to the Support section of the USRobotics Web site at www.usr.com/support/. Many of the most common difficulties that users experience have been addressed in the FAQ and Troubleshooting Web pages for your product. The product number of the Professional Access Point is 5453. You may need to know this to obtain information on the USRobotics Web site.3. Submit your technical support question using an online form at www.usr.com/emailsupport/.4. Contact the USRobotics Technical Support Department. To receive assistance, you need your serial number.Country Webmail Voice Support HoursUnited States www.usr.com/emailsupport (888) 216-2850 8:00 A.M.–6:00 P.M. M–F, Central TimeCanada www.usr.com/emailsupport (888) 216-2850 8:00 A.M.–6:00 P.M. M–F, Central TimeAustria www.usr.com/emailsupport/de +43 07 110 900 116 8:00–18:00, M–FBelgium (Flemish) www.usr.com/emailsupport/bn +32 70 23 3545 8:00–18:00, M–FBelgium (French) www.usr.com/emailsupport/be +32 70 23 3546 8:00–18:00, M–FCzech Republic www.usr.com/emailsupport/czDenmark www.usr.com/emailsupport/ea +45 70 10 4030 8:00–18:00, M–FFinland www.usr.com/emailsupport/ea +358 98 171 0015 8:00–18:00, M–FFrance www.usr.com/emailsupport/fr +33 082 5070 693 8:00–18:00, M–FGermany www.usr.com/emailsupport/de +49 0180 567 1548 8:00–18:00, M–FHungary www.usr.com/emailsupport/hu +49 0180 567 1548 9:00–17:00, M–FIreland www.usr.com/emailsupport/uk +353 1890 252 130 8:00–18:00, M–FItaly www.usr.com/emailsupport/it +39 848 80 9903 8:00–18:00, M–FLuxembourg www.usr.com/emailsupport/be +352 342 080 8318 8:00–18:00, M–FMiddle East/Africa www.usr.com/emailsupport/me +44 870 844 4546 8:00–18:00, M–FNetherlands www.usr.com/emailsupport/bn +31 (0) 900 202 5857 8:00–18:00, M–FNorway www.usr.com/emailsupport/ea +47 23 50 0097 8:00–18:00, M–FPoland www.usr.com/emailsupport/plPortugal www.usr.com/emailsupport/pt +351 (0) 21 415 4034 8:00–18:00, M–FRussia www.usr.com/emailsupport/ru +7 8 800 200 200 1 10:00–18:00, M–FSpain www.usr.com/emailsupport/es +34 902 11 7964 8:00–18:00, M–FSweden www.usr.com/emailsupport/ea +46 (0) 77 128 1020 8:00–18:00, M–FSwitzerland www.usr.com/emailsupport/de +41 0848 840 200 8:00–18:00, M–F
Professional Access Point Administrator GuideSupport Information - 278For current support contact information, go to www.usr.com/support.Turkey www.usr.com/emailsupport/tkUAE www.usr.com/emailsupport/me +971 0800 877 63 12:00–22:00, M–FUK www.usr.com/emailsupport/uk +44 0870 844 4546 8:00–18:00 M–FCountry Webmail Voice Support Hours
Professional Access Point Administrator GuideRegulatory Information - 279Regulatory InformationManufacturer’s Declaration of ConformityU.S. Robotics Corporation 935 National Parkway Schaumburg, IL 60173 U.S.A.declares that this product conforms to the FCC’s specifications: Part 15, Class BOperation of this device is subject to the following conditions: 1) this device may not cause harmful electromagnetic interference, and 2) this device must accept any interference received including interference that may cause undesired operations.This equipment complies with FCC Part 15 for Home and Office use. Caution to the User: Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.Detachable Antenna InformationFCC Part 15, Subpart C, Section 15.203 Antenna requirementUSR5453 users: An intentional radiator shall be designed to ensure that no antenna other than that furnished by the responsible party shall be used with the device. The use of a permanently attached antenna or of an antenna that uses a unique coupling to the intentional radiator shall be considered sufficient to comply with the provisions of this section. The manufacturer may design the unit so that a broken antenna can be replaced by the user, but the use of a standard antenna jack or electrical connector is prohibited.FCC Radiation Exposure StatementThis equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment. This equipment should be installed and operated with minimum distance 20 cm between the radiator and your body.Radio and Television Interference:This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy. If this equipment is not installed and used in accordance with the manufacturer’s instructions, it may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged
Professional Access Point Administrator GuideRegulatory Information - 280to try to correct the interference by one or more of the following measures:• Reorient or relocate the receiving antenna.• Increase the separation between the equipment and receiver.• Connect the equipment to an outlet on a circuit different from that to which the receiver is con-nected.• Consult the dealer or an experienced radio/TV technician for help.USR declares USR 5453 is limited in CH1~11 from 2412 to 2462 MHz by specified firmware controlled in USA.This transmitter must not be co-located or operating in conjunction with any other antenna or transmitter.UL Listing/CUL Listing:For External products: This information technology equipment is UL Listed and C-UL Listed for both the US and Canadian markets respectively for the uses described in the User Guide.For Internal products: This information technology equipment is UL Listed and C-UL Listed for both the US and Canadian markets respectively for use with UL-Listed personal computers that have installation instructions detailing user installation of card accessories.For Laptop/Notebook products: This information technology equipment is UL Listed and C-UL Listed for both the US and Canadian markets respectively for use only with UL Listed laptop or notebook computers.For Canadian UsersIndustry Canada (IC)This equipment complies with the Industry Canada Spectrum Management and Telecommunications policy, RSS-210, standard Low Power License-Exempt Radio Communication Devices.Operation is subject to the following two conditions:1. This device may cause interference.2. This device must accept any interference, including interference that may cause undesired operation of the device.Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.This device has been designed to operate with an antenna having a maximum gain of 5 dBi. Attaching an antenna with a higher gain to this device is strictly prohibited per regulations of Industry Canada. The required antenna impedance is 50 ohms.
Professional Access Point Administrator GuideRegulatory Information - 281To reduce potential radio interference to other users, the antenna type and its gain should be so chosen that the Equivalent Isotropic Radiated Power (EIRP) is not more than that required for successful communication.Caution: Users should not attempt to make electrical ground connections by themselves, but should contact the appropriate inspection authority or an electrician, as appropriate. CE ComplianceManufacturer’s Declaration of ConformityWe, U.S. Robotics Corporation of 935 National Parkway, Schaumburg, Illinois, 60173-5157 USA, declare under our sole responsibility that the product, U.S. Robotics Professional Access Point, Model 5453, to which this declaration relates, is in conformity with the following standards and/or other normative documents.EN300 328 EN301 489-1 EN301 489-17 EN60950 EN61000-3-2 EN61000-3-3 EN50392We, U.S. Robotics Corporation, hereby declare the above named product is in compliance and conformity with the essential requirements and other relevant provisions of Directive 1999/5/EC.The conformity assessment procedure referred to in Article 10(3) and detailed in Annex II of Directive 1999/5/EC has been followed.This equipment is in compliance with the European recommendation 1999/519/ECC, governing the exposure to the electromagnetic radiation.This product can be used in the following countries:UK, Ireland, Spain, Portugal, Germany, France, Luxembourg, Italy, Switzerland, Austria, Netherlands, Belgium, Norway, Sweden, Denmark, Finland, Czech Republic, Poland, Hungary, and Greece.Regarding IEEE 802.11g we currently have the following information about restrictions in the R&TTE countries:Country Frequency band Output powerFrance 2454-2483.5 MHz 10 mW EIRP outdoor
Professional Access Point Administrator GuideRegulatory Information - 282Regulatory Channel FrequencyEU Health ProtectionThis device complies with the European requirements governing exposure to electromagnetic radiation. This equipment should be installed and operated with minimum distance 20 cm between the radiator and your body. This wireless device is a transmitter/receiver and has been designed and manufactured to comply with the exposure limits recommended by the Council of the European Union and the International Commission on Non-Ionizing Radiation Protection (ICNIRP, 1999) for the entire population. The exposure standard for portable equipment uses the "Specific Absorption Rate" as unit of measure. The maximum SAR value of this wireless device measured in the conformity test is 0.52 W/kg.EU Detachable Antenna InformationThis U.S. Robotics wireless device has been designed to operate with the antenna included in this package only. Together this device and antenna combination has been tested and approved by a European Agency conforming with the European R&TTE directive 1999/5/EC to meet the radiated power level requirement of 100mW e.i.r.p. Replacement of this antenna must only be done with an authorized U.S. Robotics component that has been designed and tested with the unit to the requirements of directive 1999/5/EC. Please refer to the U.S. Robotics Web site to get product antenna ordering information.Go to www.usr.com to see the most recent channel restriction information.Channel Frequency (MHz) FCC Canada ETSI12412XXX22417XXX32422XXX42427XXX52432XXX62437XXX72442XXX82447XXX92452XXX10 2457 XX X11 2462 XX X12 2467 X13 2472 XOperating Channels:• IEEE 802.11g compliant • 11 channels (US, Canada)• 13 channels (ETSI)
Professional Access Point Administrator GuideU.S. Robotics Corporation Two (2) Year Limited Warranty - 283U.S. Robotics Corporation Two (2) Year Limited Warranty1.0 GENERAL TERMS:1.1 This Limited Warranty is extended only to the original end-user purchaser (CUSTOMER) and is not transferable.1.2 No agent, reseller, or business partner of U.S. Robotics Corporation (U.S. ROBOTICS) is authorised to modify the terms of this Limited Warranty on behalf of U.S. ROBOTICS.1.3 This Limited Warranty expressly excludes any product that has not been purchased as new from U.S. ROBOTICS or its authorised reseller.1.4 This Limited Warranty is only applicable in the country or territory where the product is intended for use (As indicated by the Product Model Number and any local telecommunication approval stickers affixed to the product).1.5 U.S. ROBOTICS warrants to the CUSTOMER that this product will be free from defects in workmanship and materials, under normal use and service, for TWO (2) YEARS from the date of purchase from U.S. ROBOTICS or its authorised reseller.1.6 U.S. ROBOTICS sole obligation under this warranty shall be, at U.S. ROBOTICS sole discretion, to repair the defective product or part with new or reconditioned parts; or to exchange the defective product or part with a new or reconditioned product or part that is the same or similar; or if neither of the two foregoing options is reasonably available, U.S. ROBOTICS may, at its sole discretion, provide a refund to the CUSTOMER not to exceed the latest published U.S. ROBOTICS recommended retail purchase price of the product, less any applicable service fees. All products or parts that are exchanged for replacement will become the property of U.S. ROBOTICS.1.7 U.S. ROBOTICS warrants any replacement product or part for NINETY (90) DAYS from the date the product or part is shipped to Customer.1.8 U.S. ROBOTICS makes no warranty or representation that this product will meet CUSTOMER requirements or work in combination with any hardware or software products provided by third parties.1.9 U.S. ROBOTICS makes no warranty or representation that the operation of the software products provided with this product will be uninterrupted or error free, or that all defects in software products will be corrected.1.10 U.S. ROBOTICS shall not be responsible for any software or other CUSTOMER data or information contained in or stored on this product.2.0 CUSTOMER OBLIGATIONS:2.1 CUSTOMER assumes full responsibility that this product meets CUSTOMER specifications and requirements.
Professional Access Point Administrator GuideU.S. Robotics Corporation Two (2) Year Limited Warranty - 2842.2 CUSTOMER is specifically advised to make a backup copy of all software provided with this product.2.3 CUSTOMER assumes full responsibility to properly install and configure this product and to ensure proper installation, configuration, operation and compatibility with the operating environment in which this product is to function.2.4 CUSTOMER must furnish U.S. ROBOTICS a dated Proof of Purchase (copy of original purchase receipt from U.S. ROBOTICS or its authorised reseller) for any warranty claims to be authorised.3.0 OBTAINING WARRANTY SERVICE:3.1 CUSTOMER must contact U.S. ROBOTICS Technical Support or an authorised U.S. ROBOTICS Service Centre within the applicable warranty period to obtain warranty service authorisation.3.2 Customer must provide Product Model Number, Product Serial Number and dated Proof of Purchase (copy of original purchase receipt from U.S. ROBOTICS or its authorised reseller) to obtain warranty service authorisation.3.3 For information on how to contact U.S. ROBOTICS Technical Support or an authorised U.S. ROBOTICS Service Centre, please see the U.S. ROBOTICS corporate Web site at: www.usr.com3.4 CUSTOMER should have the following information / items readily available when contacting U.S. ROBOTICS Technical Support:• Product Model Number • Product Serial Number • Dated Proof of Purchase • CUSTOMER contact name & telephone number • CUSTOMER Computer Operating System version • U.S. ROBOTICS Installation CD-ROM • U.S. ROBOTICS Installation Guide 4.0 WARRANTY REPLACEMENT:4.1 In the event U.S. ROBOTICS Technical Support or its authorised U.S. ROBOTICS Service Centre determines the product or part has a malfunction or failure attributable directly to faulty workmanship and/or materials; and the product is within the TWO (2) YEAR warranty term; and the CUSTOMER will include a copy of the dated Proof of Purchase (original purchase receipt from U.S. ROBOTICS or its authorised reseller) with the product or part with the returned product or part, then U.S. ROBOTICS will issue CUSTOMER a Return Material Authorisation (RMA) and instructions for the return of the product to the authorised U.S. ROBOTICS Drop Zone.4.2 Any product or part returned to U.S. ROBOTICS without an RMA issued by U.S. ROBOTICS or its authorised U.S. ROBOTICS Service Centre will be returned.4.3 CUSTOMER agrees to pay shipping charges to return the product or part to the authorised U.S. ROBOTICS Return Centre; to insure the product or assume the risk of loss or damage which may occur in transit; and to use a shipping container equivalent to the original packaging.
Professional Access Point Administrator GuideU.S. Robotics Corporation Two (2) Year Limited Warranty - 2854.4 Responsibility for loss or damage does not transfer to U.S. ROBOTICS until the returned product or part is received as an authorised return at an authorised U.S. ROBOTICS Return Centre.4.5 Authorised CUSTOMER returns will be unpacked, visually inspected, and matched to the Product Model Number and Product Serial Number for which the RMA was authorised. The enclosed Proof of Purchase will be inspected for date of purchase and place of purchase. U.S. ROBOTICS may deny warranty service if visual inspection of the returned product or part does not match the CUSTOMER supplied information for which the RMA was issued.4.6 Once a CUSTOMER return has been unpacked, visually inspected, and tested U.S. ROBOTICS will, at its sole discretion, repair or replace, using new or reconditioned product or parts, to whatever extent it deems necessary to restore the product or part to operating condition.4.7 U.S. ROBOTICS will make reasonable effort to ship repaired or replaced product or part to CUSTOMER, at U.S. ROBOTICS expense, not later than TWENTY ONE (21) DAYS after U.S. ROBOTICS receives the authorised CUSTOMER return at an authorised U.S. ROBOTICS Return Centre.4.8 U.S. ROBOTICS shall not be liable for any damages caused by delay in delivering or furnishing repaired or replaced product or part.5.0 LIMITATIONS:5.1 THIRD-PARTY SOFTWARE: This U.S. ROBOTICS product may include or be bundled with third-party software, the use of which is governed by separate end-user license agreements provided by third-party software vendors. This U.S. ROBOTICS Limited Warranty does not apply to such third-party software. For the applicable warranty refer to the end-user license agreement governing the use of such software.5.2 DAMAGE DUE TO MISUSE, NEGLECT, NON-COMPLIANCE, IMPROPER INSTALLATION, AND/OR ENVIRONMENTAL FACTORS: To the extent permitted by applicable law, this U.S. ROBOTICS Limited Warranty does not apply to normal wear and tear; damage or loss of data due to interoperability with current and/or future versions of operating system or other current and/or future software and hardware; alterations (by persons other than U.S. ROBOTICS or authorised U.S. ROBOTICS Service Centres); damage caused by operator error or non-compliance with instructions as set out in the user documentation or other accompanying documentation; damage caused by acts of nature such as lightning, storms, floods, fires, and earthquakes, etc. Products evidencing the product serial number has been tampered with or removed; misuse, neglect, and improper handling; damage caused by undue physical, temperature, or electrical stress; counterfeit products; damage or loss of data caused by a computer virus, worm, Trojan horse, or memory content corruption; failures of the product which result from accident, abuse, misuse (including but not limited to improper installation, connection to incorrect voltages, and power points); failures caused by products not supplied by U.S. ROBOTICS; damage cause by moisture, corrosive environments, high voltage surges, shipping, abnormal working conditions; or the use of the product outside the borders of the country or territory intended for use (As indicated by the Product Model Number and any local telecommunication approval stickers affixed to the product).5.3 TO THE FULL EXTENT ALLOWED BY LAW, THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES, TERMS, OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES, TERMS, OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTORY QUALITY, CORRESPONDENCE WITH DESCRIPTION, AND NON-INFRINGEMENT, ALL OF WHICH ARE EXPRESSLY DISCLAIMED. U.S. ROBOTICS NEITHER ASSUMES NOR AUTHORISES ANY OTHER PERSON TO ASSUME FOR IT ANY
Professional Access Point Administrator GuideU.S. Robotics Corporation Two (2) Year Limited Warranty - 286OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, WARRANTY, OR USE OF ITS PRODUCTS.5.4 LIMITATION OF LIABILITY. TO THE FULL EXTENT ALLOWED BY LAW, U.S. ROBOTICS ALSO EXCLUDES FOR ITSELF AND ITS SUPPLIERS ANY LIABILITY, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE OR PROFITS, LOSS OF BUSINESS, LOSS OF INFORMATION OR DATA, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF U.S. ROBOTICS OR ITS AUTHORISED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND LIMITS ITS LIABILITY TO REPAIR, REPLACEMENT, OR REFUND OF THE PURCHASE PRICE PAID, AT U.S. ROBOTICS OPTION. THIS DISCLAIMER OF LIABILITY FOR DAMAGES WILL NOT BE AFFECTED IF ANY REMEDY PROVIDED HEREIN SHALL FAIL OF ITS ESSENTIAL PURPOSE.6.0 DISCLAIMER:Some countries, states, territories or provinces do not allow the exclusion or limitation of implied warranties or the limitation of incidental or consequential damages for certain products supplied to consumers, or the limitation of liability for personal injury, so the above limitations and exclusions may be limited in their application to CUSTOMER. When the implied warranties are not allowed by law to be excluded in their entirety, they will be limited to the TWO (2) YEAR duration of this written warranty. This warranty gives CUSTOMER specific legal rights, which may vary depending on local law.7.0 GOVERNING LAW:This Limited Warranty shall be governed by the laws of the State of Illinois, U.S.A. excluding its conflicts of laws principles and excluding the United Nations Convention on Contracts for the International Sale of Goods.U.S. Robotics Corporation 935 National Parkway Schaumburg, IL, 60173 U.S.A.
Professional Access Point Administrator Guide–287Glossary0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z0-9802IEEE 802 (IEEE Std. 802-2001) is a family of standards for peer-to-peer communication over a LAN. These technologies use a shared-medium, with information broadcast for all stations to receive. The basic communications capabilities provided are packet-based. The basic unit of transmission is a sequence of data octets (8-bits), which can be of any length within a range that is dependent on the type of LAN. Included in the 802 family of IEEE standards are definitions of bridging, management, and security protocols.802.1xIEEE 802.1x (IEEE Std. 802.1x-2001) is a standard for passing EAP packets over an 802.11 wireless network using a protocol called EAP Encapsulation Over LANs (EAPOL). It establishes a framework that supports multiple authentication methods. IEEE 802.1x authenticates users not machines.802.2IEEE 802.2 (IEEE Std. 802.2.1998) defines the LLC layer for the 802 family of standards.802.3IEEE 802.3 (IEEE Std. 802.3-2002) defines the MAC layer for networks that use CSMA/CA. Ethernet is an example of such a network.802.11IEEE 802.11 (IEEE Std. 802.11-1999) is a medium access control (MAC) and physical layer (PHY) specification for wireless connectivity for fixed, portable, and moving stations within a local area. It uses direct sequence spread spectrum (DSSS) in the 2.4 GHz ISM band and supports raw data rates of 1 and 2 Mbps. It was formally adopted in 1997 but has been mostly superseded by 802.11b.IEEE 802.11 is also used generically to refer to the family of IEEE standards for wireless local area networks.802.11aIEEE 802.11a (IEEE Std. 802.11a-1999) is a PHY standard that specifies operating in the 5 GHz U-NII band using orthogonal frequency division multiplexing (OFDM). It supports data rates ranging from 6 to 54 Mbps.
Professional Access Point Administrator GuideGlossary - 288802.11bIEEE 802.11b (IEEE Std. 802.11b-1999) is an enhancement of the initial 802.11 PHY to include 5.5 Mbps and 11 Mbps data rates. It uses direct sequence spread spectrum (DSSS) or frequency hopping spread spectrum (FHSS) in the 2.4 GHz ISM band as well as complementary code keying (CCK) to provide the higher data rates. It supports data rates ranging from 1 to 11 Mbps.802.11dIEEE 802.11d defines standard rules for the operation of IEEE 802.11 wireless LANs in any country without reconfiguration. PHY requirements such as provides frequency hopping tables, acceptable channels, and power levels for each country are provided. Enabling support for IEEE 802.11d on the access point causes the access point to broadcast which country it is operating in as a part of its beacons. Client stations then use this information. This is particularly important for access point operation in the 5GHz IEEE 802.11a bands because use of these frequencies varies a great deal from one country to another.802.11eIEEE 802.11e is a developing IEEE standard for MAC enhancements to support QoS. It provides a mechanism to prioritize traffic within 802.11. It defines allowed changes in the Arbitration Interframe Space, a minimum and maximum Contention Window size, and the maximum length (in kµsec) of a burst of data.IEEE 802.11e is still a draft IEEE standard (most recent version is D5.0, July 2003). A currently available subset of 802.11e is the Wireless Multimedia Enhancements (WMM) standard.802.11fIEEE 802.11f (IEEE Std. 802.11f-2003) is a standard that defines the inter access point protocol (IAPP) for access points (wireless hubs) in an extended service set (ESS). The standard defines how access points communicate the associations and reassociations of their mobile stations.802.11gIEEE 802.11g (IEEE Std. 802.11g-2003) is a higher speed extension (up to 54 Mbps) to the 802.11b PHY, while operating in the 2.4 GHz band. It uses orthogonal frequency division multiplexing (OFDM). It supports data rates ranging from 1 to 54 Mbps.802.11iIEEE 802.11i is a comprehensive IEEE standard for security in a wireless local area network (WLAN) that describes Wi-Fi Protected Access 2 (WPA2). It defines enhancements to the MAC Layer to counter the some of the weaknesses of WEP. It incorporates stronger encryption techniques than the original Wi-Fi Protected Access (WPA), such as Advanced Encryption Standard (AES).The original WPA, which can be considered a subset of 802.11i, uses Temporal Key Integrity Protocol (TKIP) for encryption. WPA2 is backwards-compatible with products that support the original WPAIEEE 802.11i / WPA2 was finalized and ratified in June of 2004.
Professional Access Point Administrator GuideGlossary - 289802.11kIEEE 802.11k is a developing IEEE standard for wireless networks (WLANs) that helps auto-manage network Channel selection, client Roaming, and Access Point utilization. 802.11k capable networks will automatically load balance network traffic across APs to improve network performance and prevent under or over-utilization of any one access point. 802.11k will eventually complement the 802.11e quality of service (QoS) standard by ensuring QoS for multimedia over a wireless link. 802.1QIEEE 802.1Q is the IEEE standard for Virtual Local Area Networks (VLANs) specific to wireless technologies. (See http://www.ieee802.org/1/pages/802.1Q.html.)The standard addresses the problem of how to break large networks into smaller parts to prevent broadcast and multicast data traffic from consuming more bandwidth than is necessary. 802.11Q also provides for better security between segments of internal networks. The 802.1Q specification provides a standard method for inserting VLAN membership information into Ethernet frames.AAccess PointAn access point acts as a communication hub for the devices on a WLAN, providing a connection or bridge between wireless and wired network devices. It supports a Wireless Networking Framework called Infrastructure Mode.When one access point is connected to wired network and supports a set of wireless stations, it is referred to as a basic service set (BSS). An extended service set (ESS) is created by combining two or more BSSs.Ad-hoc ModeAd-hoc mode is a Wireless Networking Framework in which stations communicate directly with each other. It is useful for quickly establishing a network in situations where formal infrastructure is not required.Ad-hoc mode is also referred to as peer-to-peer mode or an independent basic service set (IBSS).AESThe Advanced Encryption Standard (AES) is a symmetric 128-bit block data encryption technique developed to replace DES encryption. AES works at multiple network layers simultaneously.Further information is available on the NIST Web site.BBasic Rate SetThe basic rate set defines the transmission rates that are mandatory for any station wanting to join this wireless network. All stations must be able to receive data at the rates listed in this set.
Professional Access Point Administrator GuideGlossary - 290BeaconBeacon frames announce the existence of the wireless local area network and enable stations to establish and maintain communications in an orderly fashion. A beacon frame carries the following information, some of which is optional: •The Timestamp is used by stations to update their local clock, enabling synchronization among all associated stations. •The Beacon interval defines the amount of time between transmitting beacon frames. Before entering power save mode, a station needs the beacon interval to know when to wake up to receive the bea-con.•The Capability Information lists requirements of stations that want to join the WLAN. For example, it indicates that all stations must use WEP. •The Service Set Identifier (SSID). •The Basic Rate Set is a bitmap that lists the rates that the WLAN supports. • The optional Parameter Sets indicates features of the specific signaling methods in use (such as fre-quency hopping spread spectrum, direct sequence spread spectrum, etc.). • The optional Traffic Indication Map (TIM) identifies stations, using power saving mode, that have data frames queued for them.BridgeA connection between two local area networks (LANs) using the same protocol, such as Ethernet or IEEE 802.1x.BroadcastA Broadcast sends the same message at the same time to everyone. In wireless networks, broadcast usually refers to an interaction in which the access point sends data traffic in the form of IEEE 802.1x Frames to all client stations on the network.Some wireless security modes distinguish between how unicast, multicast, and broadcast frames are encrypted or whether they are encrypted.See also Unicast and Multicast.Broadcast AddressSee IP Address.BSSA basic service set (BSS) is an Infrastructure Mode Wireless Networking Framework with a single access point. Also see extended service set (ESS) and independent basic service set (IBSS).
Professional Access Point Administrator GuideGlossary - 291BSSIDIn Infrastructure Mode, the Basic Service Set Identifier (BSSID) is the 48-bit MAC address of the wireless interface of the Access Point.CCCMPCounter mode/CBC-MAC Protocol (CCMP) is an encryption method for 802.11i that uses AES. It employs a CCM mode of operation, combining the Cipher Block Chaining Counter mode (CBC-CTR) and the Cipher Block Chaining Message Authentication Code (CBC-MAC) for encryption and message integrity.AES-CCMP requires a hardware coprocessor to operate.CGIThe Common Gateway Interface (CGI) is a standard for running external programs from an HTTP server. It specifies how to pass arguments to the executing program as part of the HTTP request. It may also define a set of environment variables. A CGI program is a common way for an HTTP server to interact dynamically with users. For example, an HTML page containing a form can use a CGI program to process the form data after it is submitted. ChannelThe Channel defines the portion of the radio spectrum the radio uses for transmitting and receiving. Each 802.11 standard offers a number of channels, dependent on how the spectrum is licensed by national and transnational authorities such as the Federal Communications Commission (FCC), the European Telecommunications Standards Institute (ETSI), the Korean Communications Commission, or the Telecom Engineering Center (TELEC).CSMA/CACarrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is a low-level network arbitration/contention protocol. A station listens to the media and attempts to transmit a packet when the channel is quiet. When it detects that the channel is idle, the station transmits the packet. If it detects that the channel is busy, the station waits a random amount of time and then attempts to access the media again.CSMA/CA is the basis of the IEEE 802.11e Distributed Control Function (DCF). See also RTS and CTS.The CSMA/CA protocol used by 802.11 networks is a variation on CSMA/CD (used by Ethernet networks). In CSMA/CD the emphasis is on collision detection whereas with CSMA/CA the emphasis is on collision avoidance.CTSA clear to send (CTS) message is a signal sent by an IEEE 802.11 client station in response to an request to send (RTS) message. The CTS message indicates that the channel is clear for the sender of the RTS message to begin data transfer. The other stations will wait to keep the air waves clear. This message is a part of the IEEE 802.11 CSMA/CA protocol. (See also RTS.)
Professional Access Point Administrator GuideGlossary - 292DDCFThe Distribution Control Function is a component of the IEEE 802.11e Quality of Service (QoS) technology standard. The DCF coordinates channel access among multiple stations on a wireless network by controlling wait times for channel access. Wait times are determined by a random backoff timer which is configurable by defining minimum and maximum contention windows. See also EDCF.DHCPThe Dynamic Host Configuration Protocol (DHCP) is a protocol specifying how a central server can dynamically provide network configuration information to clients. A DHCP server offers a lease (for a pre-configured period of time—see Lease Time) to the client system. The information supplied includes the client's IP addresses and netmask plus the address of its DNS servers and Gateway. DNSThe Domain Name Service (DNS) is a general-purpose query service used for translating fully-qualified names into Internet addresses. A fully-qualified name consists of the hostname of a system plus its domain name. For example, www is the host name of a Web server and www.usr.com is the fully-qualified name of that server. DNS translates the domain name www.usr.com to an IP address, for example 66.93.138.219.A domain name identifies one or more IP addresses. Conversely, an IP address may map to more than one domain name.A domain name has a suffix that indicates which top level domain (TLD) it belongs to. Every country has its own top-level domain, for example .de for Germany, .fr for France, .jp for Japan, .tw for Taiwan, .uk for the United Kingdom, .us for the U.S.A., and so on. There are also .com for commercial bodies, .edu for educational institutions, .net for network operators, and .org for other organizations as well as .gov for the U. S. government and .mil for its armed services.DOMThe Document Object Model (DOM) is an interface that allows programs and scripts to dynamically access and update the content, structure, and style of documents. The DOM allows you to model the objects in an HTML or XML document (text, links, , tables), defining the attributes of each object and how they can be manipulated. Further details about the DOM can be found at the W3C.DTIMThe Delivery Traffic Information Map (DTIM) message is an element included in some Beacon frames. It indicates which stations, currently sleeping in low-power mode, have data buffered on the Access Point awaiting pick-up. Part of the DTIM message indicates how frequently stations must check for buffered data.Dynamic IP AddressSee IP Address.
Professional Access Point Administrator GuideGlossary - 293EEAPThe Extensible Authentication Protocol (EAP) is an authentication protocol that supports multiple methods, such as token cards, Kerberos, one-time passwords, certificates, public key authentication, and smart cards. Variations on EAP include EAP Cisco Wireless (LEAP), Protected EAP (PEAP), EAP-TLS, and EAP Tunnelled TLS (EAP-TTLS).EDCFEnhanced Distribution Control Function is an extension of DCF. EDCF, a component of the IEEE Wireless Multimedia (WMM) standard, provides prioritized access to the wireless mediumESSAn extended service set (ESS) is an Infrastructure Mode Wireless Networking Framework with multiple access points, forming a single subnetwork that can support more clients than a basic service set (BSS). Each access point supports a number of wireless stations, providing broader wireless coverage for a large space, for example, an office.EthernetEthernet is a local-area network (LAN) architecture supporting data transfer rates of 10 Mbps to 1 Gbps. The Ethernet specification is the basis for the IEEE 802.3 standard, which specifies the physical and lower software layers. It uses the CSMA/CA access method to handle simultaneous demands. Ethernet supports data rates of 10 Mbps, Fast Ethernet supports 100 Mbps, and Gigabit Ethernet supports 1 Gbps. Its cables are classified as "XbaseY", where X is the data rate in Mbps and Y is the category of cabling. The original cable was 10base5 (Thicknet or "Yellow Cable"). Some others are 10base2 (Cheapernet), 10baseT (Twisted Pair), and 100baseT (Fast Ethernet). The latter two are commonly supplied using CAT5 cabling with RJ-45 connectors. There is also 1000baseT (Gigabit Ethernet).ERPThe Extended Rate Protocol refers to the protocol used by IEEE 802.11g stations (over 20 Mbps transmission rates at 2.4GHz) when paired with Orthogonal Frequency Division Multiplexing (OFDM). Built into ERP and the IEEE 802.11g standard is a scheme for effective interoperability of IEEE 802.11g stations with IEEE 802.11b nodes on the same channel.Legacy IEEE 802.11b devices cannot detect the ERP-OFDM signals used by IEEE 802.11g stations, and this can result in collisions between data frames from IEEE 802.11b and IEEE 802.11g stations.If there is a mix of 802.11b and 802.11g nodes on the same channel, the IEEE 802.11g stations detect this via an ERP flag on the access point and enable request to send (RTS) and clear to send (CTS) protection before sending data.See also CSMA/CA protocol.
Professional Access Point Administrator GuideGlossary - 294FFrameA Frame consists of a discrete portion of data along with descriptive meta-information packaged for transmission on a wireless network. Each frame includes a source and destination MAC address, a control field with protocol version, frame type, frame sequence number, frame body (with the actual information to be transmitted) and frame check sequence for error detection. A Frame is similar in concept to a Packet, the difference being that a packet operates on the Network layer (layer 3 in the OSI model) whereas a frame operates on the Data-Link layer (layer 2 in the OSI model).GGatewayA gateway is a network node that serves as an entrance to another network. A gateway also often provides a proxy server and a firewall. It is associated with both a router, which use headers and forwarding tables to determine where packets are sent, and a switch or bridge, which provides the actual path for the packet in and out of the gateway. Before a host on a LAN can access the Internet, it needs to know the address of its default gateway.HHTMLThe Hypertext Markup Language (HTML) defines the structure of a document on the World Wide Web. It uses tags and attributes to hint about a layout for the document. An HTML document starts with an <html> tag and ends with a </html> tag. A properly formatted document also contains a <head>...</head> section, which contains the metadata to define the document, and a <body>...</body> section, which contains its content. Its markup is derived from the Standard Generalized Markup Language (SGML), which is defined in ISO 8879:1986. HTML documents are sent from server to browser via HTTP. Also see XML.HTTPThe Hypertext Transfer Protocol (HTTP) defines how messages are formatted and transmitted on the World Wide Web. An HTTP message consists of a URL and a command (GET, HEAD, POST, etc.), a request followed by a response.IIAPPThe Inter Access Point Protocol (IAPP) is an IEEE standard (802.11f) that defines communication between the access points in a "distribution system." This includes the exchange of information about mobile stations and the maintenance of bridge forwarding tables, plus securing the communications between access points.
Professional Access Point Administrator GuideGlossary - 295IBSSAn independent basic service set (IBSS) is an Ad-hoc Mode Wireless Networking Framework in which stations communicate directly with each other.IEEEThe Institute of Electrical and Electronic Engineers (IEEE) is an international standards body that develops and establishes industry standards for a broad range of technologies, including the 802 family of networking and wireless standards. (See 802, 802.1x, 802.11, 802.11a, 802.11b, 802.11e, 802.11f, 802.11g, and 802.11i.)For more information about IEEE task groups and standards, see http://standards.ieee.org/.Infrastructure Mode Infrastructure Mode is a Wireless Networking Framework in which wireless stations communicate with each other by first going through an Access Point. In this mode, the wireless stations can communicate with each other or can communicate with hosts on a wired network. The access point is connected to a wired network and supports a set of wireless stations.An infrastructure mode framework can be provided by a single access point (BSS) or a number of access points (ESS).Intrusion DetectionThe Intrusion Detection System (IDS) inspects all inbound network activity and reports suspicious patterns that may indicate a network or system attack from someone attempting to break into the system. It reports access attempts using unsupported or known insecure protocols.IPThe Internet Protocol (IP) specifies the format of packets, also called datagrams, and the addressing scheme. IP is a connectionless, best-effort packet switching protocol. It provides packet routing, fragmentation and reassembly. It is combined with higher-level protocols, such as TCP or UDP, to establish the virtual connection between destination and source.The current version of IP is IPv4. A new version, called IPv6 or IPng, is under development. IPv6 is an attempt to solve the shortage of IP addresses.IP AddressSystems are defined by their IP address, a four-byte (octet) number uniquely defining each host on the Internet. It is usually shown in the form 192.168.2.254. This is called dotted-decimal notation.An IP address is partitioned into two portions: the network prefix and a host number on that network. A Subnet Mask is used to define the portions. There are two special host numbers:•The Network Address consists of a host number that is all zeroes (for example, 192.168.2.0). •The Broadcast Address consists of a host number that is all ones (for example, 192.168.2.255).
Professional Access Point Administrator GuideGlossary - 296There are a finite number of IP addresses that can exist. Therefore, a local area network typically uses one of the IANA-designated address ranges for use in private networks. These address ranges are: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 A Dynamic IP Address is an IP address that is automatically assigned to a host by a DHCP server or similar mechanism. It is called dynamic because you may be assigned a different IP address each time you establish a connection.A Static IP Address is an IP address that is hard-wired for a specific host. A static address is usually required for any host that is running a server, for example, a Web server.IPSecIP Security (IPSec) is a set of protocols to support the secure exchange of packets at the IP layer. It uses shared public keys. There are two encryption modes: Transport and Tunnel. •Transport mode encrypts only the data portion (payload) of each packet, but leaves the headers untouched. • The more secure Tunnel mode encrypts both the header and the payload. ISPAn Internet Service Provider (ISP) is a company that provides access to the Internet to individuals and companies. It may provide related services such as virtual hosting, network consulting, Web design, etc.JJitterJitter is the difference between the latency (or delay) in packet transmission from one node to another across a network. If packets are not transmitted at a consistent rate (including Latency), QoS for some types of data can be affected. For example, inconsistent transmission rates can cause distortion in VoIP and streaming media. QoS is designed to reduce jitter along with other factors that can impact network performance.LLatencyLatency, also known as delay, is the amount of time it takes to transmit a Packet from sender to receiver. Latency can occur when data is transmitted from the access point to a client and vice versa. It can also occur when data is transmitted from access point to the Internet and vice versa. Latency is caused by fixed network factors such as the time it takes to encode and decode a packet, and also by variable network factors such as a busy or overloaded network. QoS features are designed to minimize latency for high priority network traffic.
Professional Access Point Administrator GuideGlossary - 297LANA Local Area Network (LAN) is a communications network covering a limited area, for example, the computers in your home that you want to network together or a couple of floors in a building. A LAN connects multiple computers and other network devices such as storage and printers. Ethernet is the most common technology implementing a LAN. Wireless Ethernet (802.11) is another very popular LAN technology (also see WLAN).LDAPThe Lightweight Directory Access Protocol (LDAP) is a protocol for accessing on-line directory services. It is used to provide an authentication mechanism. It is based on the X.500 standard, but less complex. Lease TimeThe Lease Time specifies the period of time the DHCP Server gives its clients an IP Address and other required information. When the lease expires, the client must request a new lease. If the lease is set to a short span, you can update your network information and propagate the information provided to the clients in a timely manner. LLCThe Logical Link Control (LLC) layer controls frame synchronization, flow control, and error checking. It is a higher level protocol over the PHY layer, working in conjunction with the MAC layer.MMACThe Media Access Control (MAC) layer handles moving data packets between NICs across a shared channel. It is a higher level protocol over the PHY layer. It provides an arbitration mechanism in an attempt to prevent signals from colliding. It uses a hardware address, known as the MAC address, that uniquely identifies each node of a network. IEEE 802 network devices share a common 48-bit MAC address format, displayed as a string of twelve (12) hexadecimal digits separated by colons, for example FE:DC:BA:09:87:65.MIBManagement Information Base (MIB) is a database of objects used for network management. SNMP agents along with other SNMP tools can be used to monitor any network device defined in the MIB.MSCHAP V2Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAP V2) provides authentication for PPP connections between a Windows-based computer and an Access Point or other network access device.MTUThe Maximum Transmission Unit is the largest physical packet size, measured in bytes, that a network can
Professional Access Point Administrator GuideGlossary - 298transmit. Any messages larger than the MTU are fragmented into smaller packets before being sent.MulticastA Multicast sends the same message to a select group of recipients. Sending an e-mail message to a mailing list is an example of multicasting. In wireless networks, multicast usually refers to an interaction in which the access point sends data traffic in the form of IEEE 802.1x Frames to a specified set of client stations (MAC addresses) on the network.Some wireless security modes distinguish between how unicast, multicast, and broadcast frames are encrypted or whether they are encrypted.See also Unicast and Broadcast.NNATNetwork Address Translation is an Internet standard that masks the internal IP addresses being used in a LAN. A NAT server running on a gateway maintains a translation table that maps all internal IP addresses in outbound requests to its own address and converts all inbound requests to the correct internal host.NAT serves three main purposes: it provides security by obscurity by hiding internal IP addresses, enables the use of a wide range of internal IP addresses without fear of conflict with the addresses used by other organizations, and it allows the use of a single Internet connection. Network AddressSee IP Address.NICA Network Interface Card is an adapter or expansion board inserted into a computer to provide a physical connection to a network. Most NICs are designed for a particular type of network, protocol, and media, for example, Ethernet or wireless.NTPThe Network Time Protocol assures accurate synchronization of the system clocks in a network of computers. NTP servers transmit Coordinated Universal Time (UTC, also known as Greenwich Mean Time) to their client systems. An NTP client sends periodic time requests to servers, using the returned time stamp to adjust its clock.OOSIThe Open Systems Interconnection (OSI) reference model is a framework for network design. The OSI model consists of seven layers:• Layer 1, the Physical layer, identifies the physical medium used for communication between nodes. In the case of wireless networks, the physical medium is air, and radio frequency (RF) waves are a com-
Professional Access Point Administrator GuideGlossary - 299ponents of the physical layer.• Layer 2, the Data-Link layer, defines how data for transmission will be structured and formatted, along with low-level protocols for communication and addressing. For example, protocols such as CSMA/CA and components like MAC addresses, and Frames are all defined and dealt with as a part of the Data-Link layer.• Layer 3, the Network layer, defines the how to determine the best path for information traversing the network. Packets and logical IP Addresses operate on the network layer.• Layer 4, the Transport layer, defines connection oriented protocols such as TCP and UDP.• Layer 5, the Session layer, defines protocols for initiating, maintaining, and ending communication and transactions across the network. Some common examples of protocols that operate on this layer are network file system (NFS) and structured query language (SQL). Also part of this layer are communi-cation flows like single mode (device sends information bulk), half-duplex mode (devices take turns transmitting information in bulk), and full-duplex mode (interactive, where devices transmit and receive simultaneously).• Layer 6, the Presentation layer, defines how information is presented to the application. It includes meta-information about how to encrypt/decrypt and compress/decompress the data. JPEG and TIFF file formats are examples of protocols at this layer.• Layer 7, the Application layer, includes protocols like hypertext transfer protocol (HTTP), simple mail transfer protocol (SMTP), and file transfer protocol (FTP).PPacketData and media are transmitted among nodes on a network in the form of packets. Data and multimedia content is divided up and packaged into packets. A packet includes a small chunk of the content to be sent along with its destination address and sender address. Packets are pushed out onto the network and inspected by each node. The node to which it is addressed is the ultimate recipient.Packet LossPacket Loss describes the percentage of packets transmitted over the network that did not reach their intended destination. A 0 percent package loss indicates no packets were lost in transmission. QoS features are designed to minimize packet loss.PHYThe Physical Layer (PHY) is the lowest layer in the network layer model (see OSI). The Physical Layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a medium, including defining cables, NICs, and physical aspects.Ethernet and the 802.11 family are protocols with physical layer components.PIDThe Process Identifier (PID) is an integer used by Linux to uniquely identify a process. A PID is returned by
Professional Access Point Administrator GuideGlossary - 300the fork() system call. It can be used by wait() or kill() to perform actions on the given process.Port ForwardingPort Forwarding creates a ‘tunnel’ through a firewall, allowing users on the Internet access to a service running on one of the computers on your LAN, for example, a Web server, an FTP or SSH server, or other services. From the outside user’s point of view, it looks like the service is running on the firewall. PPPThe Point-to-Point Protocol is a standard for transmitting network layer datagrams (IP packets) over serial point-to-point links. PPP is designed to operate both over asynchronous connections and bit-oriented synchronous systems. PPPoEPoint-to-Point Protocol over Ethernet (PPPoE) is a specification for connecting the users on a LAN to the Internet through a common broadband medium, such as a single DSL or cable modem line.PPtPPoint-to-Point Tunneling Protocol (PPtP) is a technology for creating a Virtual Private Network (VPN) within the Point-to-Point Protocol (PPP). It is used to ensure that data transmitted from one VPN node to another are secure.ProxyA proxy is server located between a client application and a real server. It intercepts requests, attempting to fulfill them itself. If it cannot, it forwards them to the real server. Proxy servers have two main purposes: improve performance by spreading requests over several machines and filter requests to prevent access to specific servers or services. PSKPre-Shared Key (PSK), see Shared Key.Public KeyA public key is used in public key cryptography to encrypt a message which can only be decrypted with the recipient's private or secret key. Public key encryption is also called asymmetric encryption, because it uses two keys, or Diffie-Hellman encryption. Also see Shared Key.QQoSQuality of Service (QoS) defines the performance properties of a network service, including guaranteed throughput, transit delay, and priority queues. QoS is designed to minimize Latency, Jitter, Packet Loss, and network congestion, and provide a way of allocating dedicated bandwidth for high priority network traffic.The IEEE standard for implementing QoS on wireless networks is currently in-work by the 802.11e task
Professional Access Point Administrator GuideGlossary - 301group. A subset of 802.11e features is described in the WMM specification.RRADIUSThe Remote Authentication Dial-In User Service (RADIUS) provides an authentication and accounting system. It is a popular authentication mechanism for many ISPs.RC4 A symmetric stream cipher provided by RSA Security. It is a variable key-size stream cipher with byte-oriented operations. It allows keys up to 2048 bits in length.RoamingIn IEEE 802.11 parlance, roaming clients are mobile client stations or devices on a wireless network (WLAN) that require use of more than one a as they move out of and into range of different base station service areas. IEEE 802.11f defines a standard by which APs can communicate information about client associations and disassociations in support of roaming clients.RouterA router is a network device which forwards packets between networks. It is connected to at least two networks, commonly between two local area networks (LANs) or between a LAN and a wide-area network (WAN), for example, the Internet. Routers are located at gateways—places where two or more networks connect.A router uses the content of headers and its tables to determine the best path for forwarding a packet. It uses protocols such as the Internet Control Message Protocol (ICMP), Routing Information Protocol (RIP), and Internet Router Discovery Protocol (IRDP) to communicate with other routers to configure the best route between any two hosts. The router performs little filtering of data it passes.RSSIThe Received Signal Strength Indication (RSSI) an 802.1x value that calculates voltage relative to the received signal strength. RSSI is one of several ways of measuring and indicating radio frequency (RF) signal strength. Signal strength can also be measured in mW (milliwatts), dBms (decibel milliwatts), and a percentage value.RTPReal-Time Transport Protocol (RTP) is an Internet protocol for transmitting real-time data like audio and video. It does not guarantee delivery but provides support mechanisms for the sending and receiving applications to enable streaming data. RTP typically runs on top of the UDP protocol, but can support other transport protocols as well.RTSA request to send (RTS) message is a signal sent by a client station to the access point, asking permission to send a data packet and to prevent other wireless client stations from grabbing the radio waves. This message is a part of the IEEE 802.11 CSMA/CA protocol. (See also RTS Threshold and CTS.)
Professional Access Point Administrator GuideGlossary - 302RTS ThresholdThe RTS threshold specifies the packet size of a request to send (RTS) transmission. This helps control traffic flow through the access point, and is especially useful for performance tuning on an access point with a many clients.SShared KeyA shared key is used in conventional encryption where one key is used both for encryption and decryption. It is also called secret-key or symmetric-key encryption. Also see Public Key.SNMPThe Simple Network Management Protocol (SNMP) was developed to manage and monitor nodes on a network. It is part of the TCP/IP protocol suite. SNMP consists of managed devices and their agents, and a management system. The agents store data about their devices in Management Information Bases (MIBs) and return this data to the SNMP management system when requested.SSIDThe Service Set Identifier (SSID) is a thirty-two character alphanumeric key that uniquely identifies a wireless local area network. It is also referred to as the Network Name. There are no restrictions on the characters that may be used in an SSID.Static IP AddressSee IP Address.STPThe Spanning Tree Protocol (STP) an IEEE 802.1 standard protocol (related to network management) for MAC bridges that manages path redundancy and prevents undesirable loops in the network created by multiple active paths between client stations. Loops occur when there multiple routes between access points. STP creates a tree that spans all of the switches in an extended network, forcing redundant paths into a standby, or blocked, state. STP allows only one active path at a time between any two network devices (this prevents the loops) but establishes the redundant links as a backup if the initial link should fail. If STP costs change, or if one network segment in the STP becomes unreachable, the spanning tree algorithm reconfigures the spanning tree topology and reestablishes the link by activating the standby path. Without spanning tree in place, it is possible that both connections may be simultaneously live, which could result in an endless loop of traffic on the LANSubnet MaskA Subnet Mask is a number that defines which part of an IP address is the network address and which part is a host address on the network. It is shown in dotted-decimal notation (for example, a 24-bit mask is shown as 255.255.255.0) or as a number appended to the IP address (for example, 192.168.2.0/24).
Professional Access Point Administrator GuideGlossary - 303The subnet mask allows a router to quickly determine if an IP address is local or needs to be forwarded by performing a bitwise AND operation on the mask and the IP address. For example, if an IP address is 192.168.2.128 and the netmask is 255.255.255.0, the resulting Network address is 192.168.2.0. The bitwise AND operator compares two bits and assigns 1 to the result only if both bits are 1. The following table shows the details of the netmask: Supported Rate SetThe supported rate set defines the transmission rates that are available on this wireless network. A station may be able to receive data at any of the rates listed in this set. All stations must be able to receive data at the rates listed in the Basic Rate Set. TTCPThe Transmission Control Protocol (TCP) is built on top of Internet Protocol (IP). It adds reliable communication (guarantees delivery of data), flow-control, multiplexing (more than one simultaneous connection), and connection-oriented transmission (requires the receiver of a packet to acknowledge receipt to the sender). It also guarantees that packets will be delivered in the same order in which they were sent. TCP/IPThe Internet and most local area networks are defined by a group of protocols. The most important of these is the Transmission Control Protocol over Internet Protocol (TCP/IP), the de facto standard protocols. TCP/IP was originally developed by Defense Advanced Research Projects Agency (DARPA, also known as ARPA, an agency of the US Department of Defense).Although TCP and IP are two specific protocols, TCP/IP is often used to refer to the entire protocol suite based upon these, including ICMP, ARP, UDP, and others, as well as applications that run upon these protocols, such as telnet, FTP, etc. TKIPThe Temporal Key Integrity Protocol (TKIP) provides an extended 48-bit initialization vector, per-packet key construction and distribution, a Message Integrity Code (MIC, sometimes called "Michael"), and a rekeying mechanism. It uses a RC4 stream cipher to encrypt the frame body and CRC of each 802.11 frame before transmission. It is an important component of the WPA and 802.11i security mechanisms.ToSTCP/IP packet headers include a 3-to-5 bit Type of Service (ToS) field set by the application developer that indicates the appropriate type of service for the data in the packet. The way the bits are set determines whether the packet is queued for sending with minimum delay, maximum throughput, low cost, or mid-way "best-effort" settings depending upon the requirements of the data. The ToS field is used by the Professional Access Point to provide configuration control over Quality of Service (QoS) queues for data transmitted from the access point to client stations.IP address192.168.2.128 11000000 10101000 00000010 10000000Netmask255.255.255.0 11111111 11111111 11111111 00000000Resulting network address192.168.2.0 11000000 10101000 00000010 00000000
Professional Access Point Administrator GuideGlossary - 304UUDPThe User Datagram Protocol (UDP) is a transport layer protocol providing simple but unreliable datagram services. It adds port address information and a checksum to an IP packet. UDP neither guarantees delivery nor does it require a connection. It is lightweight and efficient. All error processing and retransmission must be performed by the application program. UnicastA Unicast sends a message to a single, specified receiver. In wireless networks, unicast usually refers to an interaction in which the access point sends data traffic in the form of IEEE 802.1x Frames directly to a single client station MAC address on the network.Some wireless security modes distinguish between how unicast, multicast, and broadcast frames are encrypted or whether they are encrypted.See also Multicast and Broadcast.URLA Uniform Resource Locator (URL) is a standard for specifying the location of objects on the Internet, such as a file or a newsgroup. URLs are used extensively in HTML documents to specify the target of a hyperlink which is often another HTML document (possibly stored on another computer). The first part of the URL indicates what protocol to use and the second part specifies the IP address or the domain name where that resource is located. For example, ftp://ftp.usr.com/downloads/myfile.tar.gz specifies a file that should be fetched using the FTP protocol; http://www.usr.com/index.html specifies a Web page that should be fetched using the HTTP protocol. VVLANA virtual LAN (VLAN) is a software-based, logical grouping of devices on a network that allow them to act as if they are connected to a single physical network, even though they may not be. The nodes in a VLAN share resources and bandwidth, and are isolated on that network. The Professional Access Point supports the configuration of a wireless VLAN. This technology is used on the access point for the virtual guest network feature.VPNA Virtual Private Network (VPN) is a network that uses the Internet to connect its nodes. It uses encryption and other mechanisms to ensure that only authorized users can access its nodes and that data cannot be intercepted.
Professional Access Point Administrator GuideGlossary - 305WWANA Wide Area Network (WAN) is a communications network that spans a relatively large geographical area, extending over distances greater than one kilometer. A WAN is often connected through public networks, such as the telephone system. It can also be connected through leased lines or satellites.The Internet is essentially a very large WAN. WDSA Wireless Distribution System (WDS) allows the creation of a completely wireless infrastructure. Typically, an Access Point is connected to a wired LAN. WDS allows access points to be connected wirelessly. The access points can function as wireless repeaters or bridges.WEPWired Equivalent Privacy (WEP) is a data encryption protocol for 802.11 wireless networks. All wireless stations and access points on the network are configured with a static 64-bit (40-bit secret key + 24-bit initialization vector (IV)) or 128-bit (104-bit secret key + 24-bit IV) Shared Key for data encryption. It uses a RC4 stream cipher to encrypt the frame body and CRC of each 802.11 frame before transmission.Wi-FiA test and certification of interoperability for WLAN products based on the IEEE 802.11 standard promoted by the Wi-Fi Alliance, a non-profit trade organization.WINSThe Windows Internet Naming Service (WINS) is a server process for resolving Windows-based computer names to IP addresses. It provides information that allows these systems to browse remote networks using the Network Neighborhood. Wireless Networking FrameworkThere are two ways of organizing a wireless network:• Stations communicate directly with one another in an Ad-hoc Mode network, also known as an inde-pendent basic service set (IBSS).• Stations communicate through an Access Point in an Infrastructure Mode network. A single access point creates an infrastructure basic service set (BSS) whereas multiple access points are organized in an extended service set (ESS).WLANWireless Local Area Network (WLAN) is a LAN that uses high-frequency radio waves rather than wires to communicate between its nodes.
Professional Access Point Administrator GuideGlossary - 306WMMWireless Multimedia (WMM) is a IEEE technology standard designed to improve the quality of audio, video and multimedia applications on a wireless network. Both access points and wireless clients (laptops, consumer electronics products) can be WMM-enabled. WMM features are based on is a subset of the WLAN IEEE 802.11e draft specification. Wireless products that are built to the standard and pass a set of quality tests can carry the "Wi-Fi certified for WMM" label to ensure interoperability with other such products. For more information, see the WMM page on the Wi-Fi Alliance Web site: http://www.wi-fi.org/OpenSection/wmm.asp.WPAWi-Fi Protected Access (WPA) is a Wi-Fi Alliance version of the draft IEEE 802.11i standard. It provides more sophisticated data encryption than WEP and also provides user authentication. WPA includes TKIP and 802.1x mechanisms.WPA2Wi-Fi Protected Access (WPA2) is an enhanced security standard, described in IEEE 802.11i, that uses Advanced Encryption Standard (AES) for data encryption.The original WPA uses Temporal Key Integrity Protocol (TKIP) for data encryption. WPA2 is backwards-compatible with products that support the original WPA.WPA2, like the original WPA, supports an Enterprise and Personal version. The Enterprise version requires use of IEEE 802.1x security features and Extensible Authentication Protocol (EAP) authentication with a RADIUS server.The Personal version does not require IEEE 802.1x or EAP. It uses a Pre-Shared Key (PSK) password to generate the keys needed for authentication.WRAPWireless Robust Authentication Protocol (WRAP) is an encryption method for 802.11i that uses AES but another encryption mode (OCB) for encryption and integrity.XXMLThe Extensible Markup Language (XML) is a specification developed by the W3C. XML is a simple, flexible text format derived from Standard Generalized Markup Language (SGML), which is defined in ISO 8879:1986, designed especially for electronic publishing.
Professional Access Point Administrator GuideIndex–307Aaccess pointclustering 34configuration policy 29ethernet (wired) settings 79factory default configuration 178guest network 111load balancing 129MAC filtering 125QoS 133radio 119running configuration 178security 91SNMP 155standalone 37startup configuration 178time protocol 151user management 43WDS bridging 143wireless settings 87administratorplatform 8administrator passwordon Basic Settings 28associated wireless clients 73authenticationin different security modes 92authentication serverfor IEEE 802.1x security mode 104for WPA/WPA2 Enterprise (RADIUS) security mode 107auto-synch of cluster configuration 38Bback upAP configuration 162user accounts database 46backup linksWDS 144basic settingsviewing 20basic settings commands 179beacon intervalconfiguring 120bridgesWDS 143broadcast SSIDconfiguring 97bss commands 216Ccaptive portal 113channelautomated management of clustered APs 54configuring 120channel management of clustered APsadvanced settings 57example 55proposed channel assignments 57understanding 54viewing/setting locks 57class and field reference 236CLI access 169clientassociations 73isolating for security 97link integrity monitoring 74platform 9session, definition 50sessions 49See also stations 120clusteradding an access point to 40auto-synch 38channel management 53definition 35formation 37mode 37neighbours 61recovery 274removing an access point from 39security 38size 35size and membership 38troubleshooting 274types of access points supported 35understanding 34cluster commands 183cluster neigbhors 62command line interface 165commandsadd 171Index
Professional Access Point Administrator GuideIndex–308basic settings 179bss 216cluster 183factory-reset 233get 171guest access 195load balancing 224MAC filtering 222quality of service 224radio settings 217reboot 233remove 171save-running 178security 200set 171status and monitoring 186time protocol 232user accounts 183WDS 231wired interface 194wireless interface 200commands and syntax quick view 171configuration files 178configuration policysetting 29connecting to APSSH 170Telnet 169country code 88DDCFas related to QoS 135default settingsdefined 6resetting to 159Detection Utilityrunning 16troubleshooting 270DHCPunderstanding in relation to self-managed APs10DTIM periodconfiguring 120Eencryption in different security modes 92Ethernetsettings 79, 115ethernet connections 14event log 69eventsmonitoring 69extended service setwith WDS bridging 143Ffactory defaultsdescribed 6reverting to 178reverting to from Web User Interface 159featuresoverview 2firmwareupgrade 160firmware upgrade 160fragmentation thresholdconfiguring 120Ggetting help 174guest accessfeatures overview 3guest access commands 195guest interfaceconfiguring 111explanation 111VLANs 112guest login configuration 215Hhardwareconnections 14
Professional Access Point Administrator GuideIndex–309help, getting 174Iiconson Web User Interface 31IEEEstandards support 2IEEE 802.11bconfiguring 120IEEE 802.11gconfiguring 120IEEE 802.1x radio modeconfiguring 120IEEE 802.1x security modeconfiguring 104when to use 93IEEE rate setconfiguring 120interface names used 177interframe spacesas related to QoS 135IP addressesnavigating to 40understanding policies for self-managed APs10viewing for access points 34, 49, 62Kkey managementsecurity 92keyboard shortcuts 233Llink integrity monitoring 74load balancingconfiguring 130load balancing commands 224locationdescribing 39loopsWDS 144MMAC filteringconfiguring 126MAC filtering configuration 222multi-BSSIDs configuration 216Nneighbouring access points 75networkingfeatures overview 3None security modeconfiguring 98NTP serverconfiguring access point to use 152, 156Oorchestratorfeatures overview 3Ppacket burstingas related to QoS 137passwordnetwork setting for administrator 28on Basic Settings 28plain text security modewhen to use 92platformadministrator requirements 8client requirements 9policyconfiguration for new access points 29portshardware 13
Professional Access Point Administrator GuideIndex–310power connections 14progress bar for cluster auto-synch 38Qquality of service 133quality of service configuration 224queueusconfiguring for QoS 137Rradiobeacon interval 120channel managed of clustered APs 53configuring 120DTIM period 120fragmentation threshold 120IEEE 802.11 mode 120maximum stations 120rate sets 120RTS threshold 120SuperAG 120transmit power 120turning on or off 120radio settings commands 217reboot 159reboot command 233rebooting the AP 233reset access point to factory defaults 159resetting the AP 233restore configuration 162restoring factory defaults 178rogue access points 75RTS thresholdconfiguring 120running configuration 178Ssave-running command 178saving configuration changes 178securitycomparison of modes 92configuring on the access point 97features overview 2IEEE 802.1x 104None 98pros and cons of different modes 91static WEP 99WEP 99WPA/WPA2 Enterprise (RADIUS) 107WPA/WPA2 Personal (PSK) 105security commands 200sessiondefinition 50session monitoring 50SNMPconfiguring an access point to use 156SSH connection to AP 170standalone mode 37standards 2starting the network 30startup configuration 178static WEP security modeconfiguring 99on WDS bridge 145when to use 93stationsconfiguring maximum allowed 120isolating for security 97See also clientstatus and monitoring commands 186supported platformsadministrator 8client 9synchronization of cluster 38Ttelnet connection to AP 169timeconfiguring an access point to use NTP server152time protocol configuration 232ToSas related to QoS 134transmit powerconfiguring 120transmit/receivemonitoring 72
Professional Access Point Administrator GuideIndex–311transmit/receive information 72troubleshootingstartup problems 23Uupgrading the firmware 160user account commands 183user accountsbacking up and restoring 46for built-in authentication server 43Vvirtual wireless networks configuration 216VLANsfor internal and guest interface 112Voice over IPimproved service with QoS 133Wwait time for cluster auto-synch 38WDSconfiguring 146example 148explanation 143rules 147, 274WDS configuration 231WEP security modeconfiguring 99when to use 93Wi-Ficompliance 2wiredsettings 79, 115wired interface commands 194wirelessneighbourhood 61overview of AP features 1settings 87wireless interface commands 200WPA/WPA2 Enterprise (RADIUS) security modeconfiguring 107when to use 95WPA/WPA2 Personal (PSK) security modeconfiguring 105when to use 94
Professional Access Point Administrator GuideIndex–312

Navigation menu