Iconnect 934 Concurrent Dual-Radios 2.4GHz+5GHz MIMO AP/CPE User Manual user guide

Iconnect Concurrent Dual-Radios 2.4GHz+5GHz MIMO AP/CPE user guide

Users Manual

Download:
Mirror Download [FCC.gov]
Document ID	2611593
Application ID	m5cnZK7jG8rWRuAGXJqoxQ==
Document Description	Users Manual
Short Term Confidential	No
Permanent Confidential	No
Supercede	No
Document Type	User Manual
Display Format	Adobe Acrobat PDF - pdf
Filesize	172.03kB (2150343 bits)
Date Submitted	2015-05-12 00:00:00
Date Available	2015-05-12 00:00:00
Creation Date	2013-06-26 09:57:58
Producing Software	Acrobat Distiller 9.5.3 (Windows)
Document Lastmod	2015-04-30 16:22:34
Document Title	user-guide.book
Document Creator	FrameMaker 9.0(Infix Pro)
Document Author:	chris

IEEE 802.11a/b/g/n
Enterprise Access Point
Management Guide
Management Guide
"1$Enterprise Access Point
IEEE 802.11a/b/g/n Dual-Band Access Point
with one 1000BASE-T (RJ-45) Port
FW1.0.0.9
E062013-CS-R01
149100000240A
How to Use This Guide
This guide includes detailed information on the access point (AP) software,
including how to operate and use the management functions of the AP. To deploy
this AP effectively and ensure trouble-free operation, you should first read the
relevant sections in this guide so that you are familiar with all its software features.
Who Should Read This This guide is for network administrators who are responsible for operating and
Guide? maintaining network equipment. The guide assumes a basic working knowledge of
LANs (Local Area Networks), the Internet Protocol (IP), and Simple Network
Management Protocol (SNMP).
How This Guide is The organization of this guide is based on the APâs main management interfaces.
Organized The web management interface and command line interface (CLI) are described in
separate sections. An introduction and initial configuration information is also
provided.
The guide includes these sections:
â
Section I âGetting Startedâ â Includes an introduction to AP management and
initial configuration settings.
â
Section II âWeb Configurationâ â Includes all management options available
through the web interface.
â
Section III âCommand Line Interfaceâ â Includes information on how to use the
CLI and details on all CLI commands.
â
Section IV âAppendicesâ â Includes information on troubleshooting AP
management access.
Related This guide focuses on AP software configuration, it does not cover hardware
Documentation installation of the AP. For specific information on how to install the AP, see the
following guide:
Installation Guide
For all safety information and regulatory statements, see the following documents:
Quick Start Guide
Safety and Regulatory Information
â 3 â
How to Use This Guide
Conventions The following conventions are used throughout this guide to show information:
Note: Emphasizes important information or calls your attention to related features
or instructions.
Caution: Alerts you to a potential hazard that could cause loss of data, or damage
the system or equipment.
Warning: Alerts you to a potential hazard that could cause personal injury.
Revision History This section summarizes the changes in each revision of this guide.
June 2013 Revision
This is the first revision of this guide. It is valid for software release v1.0.x.x.
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This equipment
generates, uses, and can radiate radio frequency energy and, if not installed and used in
accordance with the instructions, may cause harmful interference to radio
communications. However, there is no guarantee that interference will not occur in a
particular installation. If this equipment does cause harmful interference to radio or
television reception, which can be determined by turning the equipment off and on, the
user is encouraged to try to correct the interference by one or more of the following
measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
4. Consult the dealer or an experienced radio technician for help.
FCC Caution
To assure continued compliance, (Example - use only shielded interface cables when connecting to
computer or peripheral devices) any changes or modifications not expressly approved by the party
responsible for compliance could void the userâs authority to operate the equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the Following
two conditions:
(1) This device may not cause harmful interference.
(2) This Device must accept any interference received, including interference that may cause
undesired operation.
âTo comply with FCC RF exposure compliance requirements, this grant is applicable to only
Mobile Configurations. The antennas used for this transmitter must be installed to provide a
separation distance of at least 20 cm from all persons and must not be co-located or operating in
conjunction with any other antenna or transmitter.â
â 4 â
Contents
Section I
How to Use This Guide
Contents
Figures
10
Tables
12
Getting Started
15
1 Introduction
16
Configuration Options
16
Console Port Connection
17
Console Login
17
Network Connections
18
Connecting to the Web Interface
18
Home Page and Main Menu
19
Common Web Page Buttons
20
2 Initial Configuration
22
CLI Initial Configuration Steps
22
Setting an IP Address
22
Setting a Password
23
Setting the Country Code
23
Web Quick Start
24
Step 1
24
Step 2
26
Step 3
27
Step 4
29
â 5 â
Contents
Section II
Web Configuration
3 System Settings
30
31
Administration Settings
32
IPv4 Address
33
IPv6 Address
34
System Time
35
SNTP Server Settings
36
Time Zone Setting
36
Daylight Saving Settings
36
VLAN Configuration
37
System Logs
39
Quick Start Wizard
40
System Resource
41
Bridge STP Configuration
42
Spanning Tree Protocol (STP)
42
Bridge Configuration
45
4 Administration Settings
46
Remote Management Settings
47
Access Limitation
49
5 Advanced Settings
51
Local Bridge Filter
51
Link Layer Discovery Protocol
52
Access Control Lists
54
Source Address Settings
54
Destination Address Settings
55
Ethernet Type
56
Link Integrity
57
Max Bandwidth Control
58
6 Wireless Settings
59
Band Steering
59
Radio Settings
60
â 6 â
Contents
Virtual Access Points (VAPs)
64
VAP Basic Settings
66
WDS-STA Mode
68
Wireless Security Settings
68
Wired Equivalent Privacy (WEP)
70
VAP QoS Settings
72
VAP Bandwidth Settings
74
MAC Authentication and RADIUS
74
Rogue AP Detection
78
Wi-Fi Multimedia (WMM)
80
7 SNMP Settings
85
SNMP Basic Settings
86
SNMP Trap Settings
87
View Access Control Model
88
SNMPv3 Users
90
SNMPv3 Targets
91
SNMPv3 Notification Filters
92
8 Maintenance Settings
93
Upgrading Firmware
93
Running Configuration
95
Resetting the Access Point
97
Scheduled Reboot
98
9 Status Information
99
AP Status
100
AP System Configuration
100
AP Wireless Configuration
102
Station Status
103
Station Statistics
104
Event Logs
105
WDS Status
106
â 7 â
Contents
Section III
Command Line Interface
10 Using the Command Line Interface
109
111
Console Connection
111
Telnet Connection
112
Entering Commands
113
Keywords and Arguments
113
Minimum Abbreviation
113
Command Completion
113
Getting Help on Commands
113
Showing Commands
113
Negating the Effect of Commands
114
Using Command History
114
Understanding Command Modes
114
Command Line Processing
116
11 General Commands
117
12 System Management Commands
121
13 System Logging Commands
143
14 System Clock Commands
148
15 DHCP Relay Commands
153
16 SNMP Commands
155
17 Flash/File Commands
168
18 RADIUS Client Commands
171
19 802.1X Authentication Commands
177
20 MAC Address Authentication Commands
179
21 Filtering Commands
183
22 Spanning Tree Commands
189
â 8 â
Contents
Section IV
23 WDS Bridge Commands
201
24 Ethernet Interface Commands
203
25 Wireless Interface Commands
210
26 Wireless Security Commands
239
27 Rogue AP Detection Commands
249
28 Link Integrity Commands
255
29 Link Layer Discovery Commands
258
30 VLAN Commands
262
31 WMM Commands
266
32 QoS Commands
271
Appendices
279
A Troubleshooting
280
Problems Accessing the Management Interface
280
Using System Logs
280
Index of CLI Commands
282
Index
284
â 9 â
Figures
Figure 1: Login Page
19
Figure 2: The Home Page
19
Figure 3: Set Configuration Changes
20
Figure 4: Help Menu
21
Figure 5: Quick Start - Step 1
25
Figure 6: Quick Start - Step 2
26
Figure 7: Quick Start - Step 3
27
Figure 8: Quick Start - Step 4
29
Figure 9: Administration
32
Figure 10: IPv4 Configuration
33
Figure 11: IPv6 Configuration
34
Figure 12: SNTP Settings
36
Figure 13: Setting the VLAN Identity
38
Figure 14: System Log Settings
39
Figure 15: System Resource
41
Figure 16: Spanning Tree Protocol
43
Figure 17: Bridge Configuration
45
Figure 18: Remote Management
48
Figure 19: Access Limitation
49
Figure 20: Local Bridge Filter
51
Figure 21: LLDP Settings
52
Figure 22: Source ACLs
54
Figure 23: Destination ACLs
55
Figure 24: Ethernet Type Filter
56
Figure 25: Link Integrity
57
Figure 26: Max Bandwidth Control
58
Figure 27: Band Steering
59
Figure 28: Radio Settings
60
Figure 29: VAP Settings
65
â 10 â
Figures
Figure 30: VAP Basic Settings
66
Figure 31: WDS-STA Mode
68
Figure 32: Configuring VAPs - Security Settings
68
Figure 33: WEP Configuration
71
Figure 34: QoS Settings
72
Figure 35: QoS Template Setting
73
Figure 36: Bandwidth Settings
74
Figure 37: Local Authentication
75
Figure 38: RADIUS Authentication
76
Figure 39: RADIUS Settings
77
Figure 40: Rogue AP Detection
79
Figure 41: WMM Backoff Wait Times
82
Figure 42: QoS
82
Figure 43: SNMP Basic Settings
86
Figure 44: SNMP Trap Settings
87
Figure 45: SNMP VACM
88
Figure 46: Configuring SNMPv3 Users
90
Figure 47: SNMPv3 Targets
91
Figure 48: SNMP Notification Filter
92
Figure 49: Firmware
94
Figure 50: Running Configuration File
95
Figure 51: Resetting the Access Point
97
Figure 52: Reboot Schedule â Fixed Time
98
Figure 53: Reboot Schedule â Countdown Time
98
Figure 54: AP System Configuration
100
Figure 55: AP Wireless Configuration
102
Figure 56: Station Status
103
Figure 57: Station Statistics
104
Figure 58: Event Logs
105
Figure 59: WDS Status
106
â 11 â
Tables
Table 1: Logging Levels
40
Table 2: WMM Access Categories
81
Table 3: Command Modes
115
Table 4: General Commands
117
Table 5: System Management Commands
121
Table 6: Country Codes
122
Table 7: System Management Commands
143
Table 8: Logging Levels
145
Table 9: System Clock Commands
148
Table 10: DHCP Relay Commands
153
Table 11: SNMP Commands
155
Table 12: Flash/File Commands
168
Table 13: RADIUS Client Commands
171
Table 14: 802.1x Authentication
177
Table 15: MAC Address Authentication
179
Table 16: Filtering Commands
183
Table 17: Spanning Tree Commands
189
Table 18: WDS Bridge Commands
201
Table 19: Ethernet Interface Commands
203
Table 20: Wireless Interface Commands
210
Table 21: Wireless Security Commands
239
Table 22: Rogue AP Detection Commands
249
Table 23: Link Integrity Commands
255
Table 24: Link Layer Discovery Commands
258
Table 25: VLAN Commands
262
Table 26: WMM Commands
266
Table 27: AP Parameters
268
Table 28: BSS Parameters
269
Table 29: QoS Commands
271
â 12 â
Tables
Table 30: Troubleshooting Chart
280
â 13 â
Tables
â 14 â
Section I
Getting Started
This section provides an overview of the access point, and introduces some basic
concepts about wireless networking. It also describes the basic settings required to
access the management interface.
This section includes these chapters:
â
âIntroductionâ on page 16
â
âInitial Configurationâ on page 22
â 15 â
1
Introduction
The access point (AP) runs software that includes a network management agent.
The agent offers a variety of management options, including SNMP and a webbased interface. A PC may also be connected directly to the APâs console port for
configuration using a command line interface (CLI).
Configuration Options
The APâs HTTP web agent allows you to configure AP parameters, monitor wireless
connections, and display statistics using a standard web browser such as Internet
Explorer 6.x or above, and Mozilla Firefox 3.6.2/4/5. The APâs web management
interface can be accessed from any computer attached to the network.
The CLI program can be accessed by a direct connection to the RS-232 serial
console port on the AP, or remotely by a Telnet or Secure Shell (SSH) connection
over the network.
The APâs management agent also supports SNMP (Simple Network Management
Protocol). This SNMP agent permits the AP to be managed from any computer in
the network using network management software.
The APâs web interface, console interface, and SNMP agent allow you to perform
management functions such as:
â
Set management access user names and passwords
â
Configure IP settings
â
Configure SNMP parameters
â
Configure 2.4 GHz and 5 GHz radio settings
â
Control access through wireless security settings
â
Filter packets using Access Control Lists (ACLs)
â
Upload and download system firmware or configuration files
â
Display system information and statistics
â 16 â
Chapter 1 | Introduction
Console Port Connection
Console Port Connection
The AP provides an RS-232 serial console port that enables a connection to a PC or
terminal for monitoring and configuring the AP. A null-modem console cable is
provided with the AP.
Attach a VT100-compatible terminal, or a PC running a terminal emulation program
to the AP. You can use the console cable provided with this package, or use a nullmodem cable that complies with the wiring assignments shown in the Installation
Guide.
To connect a terminal to the console port, complete the following steps:
1. Connect the console cable to the serial port on a terminal, or a PC running
terminal emulation software, and tighten the captive retaining screws on the
DB-9 connector.
2. Connect the other end of the cable to the console port on the AP.
3. Make sure the terminal emulation software is set as follows:
â 
Select the appropriate serial port (COM port 1 or COM port 2).
â 
Set the baud rate to 115200 bps.
â 
Set the data format to 8 data bits, 1 stop bit, and no parity.
â 
Set flow control to none.
â 
Set the emulation mode to VT100.
â 
When using HyperTerminal, select Terminal keys, not Windows keys.
Note: Once you have set up the terminal correctly, the console login screen will be
displayed.
For a description of how to use the CLI, see âUsing the Command Line Interfaceâ on
page 111. For a list of all the CLI commands, refer to âIndex of CLI Commandsâ on
page 282.
Console Login Access to the CLI is controlled by user names and passwords. The AP has a default
user name and password. To log into the CLI using the default user name and
password, perform these steps:
1. To initiate your console connection, press . The âUser Access
Verificationâ procedure starts.
â 17 â
Chapter 1 | Introduction
Network Connections
2. At the login prompt, enter âadmin.â
3. At the Password prompt, press . There is no default password.
4. The session is opened and the CLI displays the âEC#â prompt indicating you
have access to the CLI commands.
Example
(none) login: admin
Password:
Jan 1 11:33:13 login[1918]: root login on 'ttyS0'
EC#
Network Connections
Prior to accessing the APâs management agent through a network connection, you
must first configure it with a valid IP address, subnet mask, and default gateway
using a console connection, or the DHCP protocol.
The AP has a static default management IPv4 address of 192.168.1.10 and a subnet
mask of 255.255.255.0.
Once the APâs IP settings are configured for the network, you can access the APâs
management agent from anywhere within the attached network. The
management agent can be accessed using Telnet from any computer attached to
the network. The AP can also be managed by any computer using a web browser,
or from a network computer using SNMP network management software.
Connecting to the Web Interface
The AP offers a user-friendly web-based management interface for the
configuration of all the unitâs features. Any PC directly attached to the unit can
access the management interface using a web browser, such as Internet Explorer
(version 6.x or above) or Firefox (version 2.x or above).
You may want to make initial configuration changes by connecting a PC directly to
the APâs LAN port. The AP has a default management IP address of 192.168.1.10 and
a subnet mask of 255.255.255.0. You must set your PC IP address to be on the same
subnet as the AP (that is, the PC and AP addresses must both start 192.168.1.x).
To access the APâs web management interface, follow these steps:
1. Use your web browser to connect to the management interface using the
default IP address of 192.168.1.10.
â 18 â
Chapter 1 | Introduction
Connecting to the Web Interface
2. Log into the interface by entering the default username âadminâ with no
password, then click Login.
Note: It is strongly recommended to change the default user name and password
the first time you access the web interface. For information on changing user
names and passwords, See âAdministration Settingsâ on page 32.
Figure 1: Login Page
Home Page and Main After logging in to the web interface, the home page displays. The home page
Menu shows some basic settings for the AP, including Country Code and the
management access password.
Figure 2: The Home Page
The web interface Main Menu menu provides access to all the configuration
settings available for the AP.
â 19 â
Chapter 1 | Introduction
Connecting to the Web Interface
To configure settings, click the relevant Main Menu item. Each Main Menu item is
sumarized below with links to the relevant section in this guide where
configuration parameters are described in detail:
â
System â Configures Management IP, WAN, LAN and QoS settings. See
âSystem Settingsâ on page 31.
â
Administration â Configures HTTP, Telnet, and SSH access settings. See
âAdministration Settingsâ on page 46.
â
Advanced â Confiures LLDP and Access Control Lists. See âAdvanced Settingsâ
on page 51.
â
Wireless â Configures AP radio settings. See âWireless Settingsâ on page 59.
â
SNMP â Configures SNMP settings. See âSNMP Settingsâ on page 85.
â
Maintentance â Enables firmware upgrades and resets the AP. See
âMaintenance Settingsâ on page 93.
â
Information â Displays current system settings. See âStatus Informationâ on
page 99.
Common Web Page The list below describes the common buttons found on most web management
Buttons pages:
â
Set â Applies the new parameters and saves them to temporary RAM memory.
Also displays a screen to inform you when it has taken affect. Clicking âOKâ
returns to the home page. The running configuration will not be saved upon a
reboot unless you use the âSave Configâ button.
Figure 3: Set Configuration Changes
â
Cancel â Cancels the newly entered settings and restores the originals.
â
Help â Displays the help window.
â 20 â
Chapter 1 | Introduction
Connecting to the Web Interface
Figure 4: Help Menu
â
Logout â Ends the web management session.
â
Save Config â Saves the current configuration so that it is retained after a
restart.
â 21 â
2
Initial Configuration
The APâs initial configuration steps can be made through the CLI or web browser
interface. If the AP is not configured with an IP address that is compatible with your
network. You can first use the command line interface (CLI) as described below to
configure a valid IP address.
CLI Initial Configuration Steps
First connect to the APâs console port and log in to the CLI, as described in âConsole
Port Connectionâ on page 17. Then proceed with the required configuration.
Setting an IP Address If the default IP address is not compatible with your network or a DHCP server is not
available, the APâs IP address must be configured manually using the CLI.
Type âconfigureâ to enter configuration mode, then type âinterface ethernetâ to
access the Ethernet interface-configuration mode.
#configure
(config)#interface ethernet
(config-if)#
First type âno ip dhcpâ to disable DHCP client mode. Then type âip address ipaddress netmask gateway,â where âip-addressâ is the access pointâs IP address,
ânetmaskâ is the network mask for the network, and âgatewayâ is the default
gateway router. Check with your system administrator to obtain an IP address that
is compatible with your network.
(if-ethernet)#no ip dhcp
(if-ethernet)#ip address 192.168.2.2 255.255.255.0 192.168.2.254
(if-ethernet)#
After configuring the access pointâs IP parameters, you can access the management
interface from anywhere within the attached network. The command line interface
can also be accessed using Telnet from any computer attached to the network.
Note: Command examples later in this manual show the console prompt as âAPâ.
â 22 â
Chapter 2 | Initial Configuration
CLI Initial Configuration Steps
Setting a Password If you are logging in to the CLI for the fist time, you should define management
access passwords for an administrator and guest (used for CLI and web
management), record them, and then keep them in a safe place.
Note: If you loose your management access passwords, you will need to use the
Reset button on the AP to set the configuration back to factory default values.
Passwords can consist of 5 to 32 alphanumeric characters and are case sensitive. To
prevent unauthorized access to the AP, set the passwords as follows:
Open the console interface to access the CLI prompt. Type âconfigureâ and press
. Type âpassword admin null password,â where ânullâ is the default old
password, and âpasswordâ is your new password. Press .
Example
AP#configure
AP(config)#password admin null tpschris
AP(config)#
Setting the Country You must set the country code of the AP to be sure that the radios operate
Code according to permitted local regulations. That is, setting the country code restricts
operation of the AP to the radio channels and transmit power levels permitted for
wireless networks in the specified country.
Caution: You must set the country code to the country of operation. Setting the
country code ensures that the radios operate within the local regulations specified
for wireless networks.
Note: The country code selection is for non-US models only and is not available to
all US models. Per FCC regulation, all Wi-Fi products marketed in the US must be
fixed to US operation channels only.
From the CLI prompt, type âcountry ?â to display the list of country codes. Select the
code for your country, and enter the command again, following by your country
code (for example., âtwâ for Taiwan).
Example
AP#country ?
WORD Country code:
AL-ALBANIA, DZ-ALGERIA, AR-ARGENTINA, AM-ARMENIA, AU-AUSTRALIA,
AT-AUSTRIA, AZ-AZERBAIJAN,
BH-BAHRAIN, BY-BELARUS, BE-BELGIUM, BZ-BELIZE, BO-BOLIVIA,
â 23 â
Chapter 2 | Initial Configuration
Web Quick Start
BA-BOSNIA, BR-BRAZIL, BN-BRUNEI_DARUSSALAM, BG-BULGARIA,
CA-CANADA, CL-CHILE, CN-CHINA, CO-COLOMBIA, CR-COSTA_RICA,
HR-CROATIA, CY-CYPRUS, CZ-CZECH_REPUBLIC, DK-DENMARK,
DK-DENMARK, DO-DOMINICAN_REPUBLIC,
EC-ECUADOR, EG-EGYPT, EE-ESTONIA,
FI-FINLAND, FO-FAROE_ISLANDS, FR-FRANCE, F2-FRANCE2,
GE-GEORGIA, DE-GERMANY, GR-GREECE, GT-GUATEMALA,
HK-HONG_KONG, HN-HONDURAS, HU-HUNGARY,
IS-ICELAND, IN-INDIA, ID-INDONESIA, IR-IRAN, IQ-IRAQ, IE-IRELAND,
IL-ISRAEL, IT-ITALY,
JM-JAMAICA, JP0-JAPAN0, JP3-JAPAN3(including 4.9G channels), JO-JORDAN,
KE-KENYA, KZ-KAZAKHSTAN, KP-NORTH KOREA, KR-KOREA_REPUBLIC,
K2-KOREA_REPUBLIC2(including 2.3G channels),
K3-KOREA_REPUBLIC3(more channels in 5G), KW-KUWAIT,
LV-LATVIA, LB-LEBANON, LI-LIECHTENSTEIN, LT-LITHUANIA,
LU-LUXEMBOURG, LY-LIBYA, MO-MACAU,
MO-MACAU, MK-MACEDONIA, MY-MALAYSIA, MT-MALTA, MX-MEXICO,
MC-MONACO, MA-MOROCCO,
NL-NETHERLANDS, AN-NETHERLANDS-ANTELLIS, NZ-NEW_ZEALAND,
NI-NICARGUA, NO-NORWAY,
OM-OMAN,
PK-PAKISTAN, PA-PANAMA, PY-PARAGUAY, PE-PERU, PH-PHILIPPINES,
PL-POLAND, PT-PORTUGAL, PR-PUERTO_RICO,
QA-QATAR,
RO-ROMANIA, RU-RUSSIA,
SA-SAUDI_ARABIA, RS_ME-SERBIA & MONTENEGRO, SG-SINGAPORE, SI-SLOVENIA,
SK-SLOVAK_REPUBLIC, SV-EL SALVADOR, ZA-SOUTH_AFRICA, ES-SPAIN,
LK-SRILANKA, SE-SWEDEN, CH-SWITZERLAND, SY-SYRIA,
TW-TAIWAN, TH-THAILAND, TT-TRINIDAD & TOBAGO, TN-TUNISIA, TR-TURKEY,
AE-UNITED_ARAB_EMIRATES, GB-UNITED_KINGDOM, UA-UKRAINE,
US-UNITED_STATES, PS-UNITED_STATES(PUBLIC SAFETY), UY-URUGUAY,
UZ-UZBEKISTAN,
VE-VENEZUELA, VN-VIETNAM, YE-YEMEN,
ZW-ZIMBABWE
AP# country tw
AP#
Web Quick Start
The web interface Quick Start menu is designed to help you configure the basic
settings required to get the AP up and running.
Click âSystemââ followed by âQuick Startââ
Step 1 The first page of the Quick Start configures the system identification, access
password, and the Country Code.
â 24 â
Chapter 2 | Initial Configuration
Web Quick Start
Figure 5: Quick Start - Step 1
The following items are displayed on the first page of the Quick Start wizard:
Identification
â
System Name â The name assigned to the access point.
(Default: %VBM#BOE"1)
Change Password
â
Username/Guest Username â The name of the user is fixed as either âadminâ
or âguestâ and is not configurable.
â
Old Password â If the unit has been configured with a password already,
enter that password, otherwise enter the default password ânull.â
â
New Password â The password for management access.
(Length: 5-32 characters, case sensitive)
â
Confirm New Password â Enter the password again for verification.
Country Code
â
Country Code â Configures the access pointâs country code from a drop down
menu, which identifies the country of operation and sets the authorized radio
channels.
â 25 â
Chapter 2 | Initial Configuration
Web Quick Start
Caution: You must set the country code to the country of operation. Setting the
country code restricts operation of the access point to the radio channels and
transmit power levels permitted for wireless networks in the specified country.
â
Cancel â Cancels the newly entered settings and restores the orignals.
â
Next â Proceeds to the next page.
Step 2 The second page of the Quick Start configures IP settings and DHCP client status.
Figure 6: Quick Start - Step 2
The following items are displayed on this page:
DHCP
â
DHCP Status â Enables/disables DHCP on the access point. (Default: Disabled)
â
IP Address â Specifies an IP address for the access point. Valid IP addresses
consist of four decimal numbers, 0 to 255, separated by periods.
(Default: 192.168.2.10.)
â
Subnet Mask â Indicates the local subnet mask. Select the desired mask from
the drop down menu. (Default: 255.255.255.0)
â
Default Gateway â The default gateway is the IP address of the router for the
access point, which is used if the requested destination address is not on the
local subnet. (Default: 192.168.2.254)
If you have DNS, RADIUS, or other network servers located on another subnet,
type the IP address of the default gateway router in the text field provided.
â 26 â
Chapter 2 | Initial Configuration
Web Quick Start
â
Primary and Secondary DNS Address â The IP address of Domain Name
Servers on the network. A DNS maps numerical IP addresses to domain names
and can be used to identify network hosts by familiar names instead of the IP
addresses. (The default Primary and Secondary DNS addresses are null values.)
â
Management IP â The IPv4 address of the AP through which you can access
management interfaces.
â 
Management IP Address â Specifies an IPv4 address for management of
the access point. (Default: 192.168.1.10.)
â 
Management Subnet Mask â Indicates the local subnet mask.
(Default: 255.255.255.0)
â
Prev â Returns to the previous screen.
â
Cancel â Cancels the newly entered settings and restores the orignals.
â
Next â Proceeds to the final step in the Quick Start wizard.
Step 3 The Step 3 page of the Quick Start configures basic radio and wireless security
settings.
Figure 7: Quick Start - Step 3
The following items are displayed on this page:
Basic Setting
â
SSID â The name of the basic service set provided by the primary VAP
interface. Clients that want to connect to the network through the AP must set
their SSID to the same as that of a VAP interface.
(Default: %VBM#BOE"1_11BGN_0; Range: 1-32 characters)
â 27 â
Chapter 2 | Initial Configuration
Web Quick Start
Security
â
â
Association Mode â Defines the mode with which the VAP will associate with
clients. (For more information on security modes, see âWireless Security
Settingsâ on page 68.)
â 
Open System: The VAP is configured by default as an âopen system,â which
broadcasts a beacon signal including the configured SSID. Wireless clients
with an SSID setting of âanyâ can read the SSID from the beacon and
automatically set their SSID to allow immediate connection.
â 
WPA: WPA employs a combination of several technologies to provide an
enhanced security solution for 802.11 wireless networks.
â 
WPA-PSK: For enterprise deployment, WPA requires a RADIUS
authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and
maintain a RADIUS server, WPA provides a simple operating mode that uses
just a pre-shared password for network access. The Pre-Shared Key mode
uses a common password for user authentication that is manually entered
on the access point and all wireless clients. The PSK mode uses the same
TKIP packet encryption and key management as WPA in the enterprise,
providing a robust and manageable alternative for small networks.
â 
WPA2: WPA was introduced as an interim solution for the vulnerability of
WEP pending the ratification of the IEEE 802.11i wireless security standard.
In effect, the WPA security features are a subset of the 802.11i standard.
WPA2 includes the now ratified 802.11i standard, but also offers backward
compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK
modes of operation and support for TKIP encryption.
â 
WPA2-PSK: Clients using WPA2 with a Pre-shared Key are accepted for
authentication.
â 
WPA-WPA2 Mixed: Clients using WPA or WPA2 are accepted for
authentication.
â 
WPA-WPA2-PSK-mixed: Clients using WPA or WPA2 with a Pre-shared Key
are accepted for authentication.
Encryption Method â Selects an encryption method for the global key used
for multicast and broadcast traffic, which is supported by all wireless clients.
â 
WEP: WEP is used as the multicast encryption cipher. You should select
WEP only when both WPA and WEP clients are supported.
â 
TKIP: TKIP is used as the multicast encryption cipher.
â 
AES-CCMP: AES-CCMP is used as the multicast encryption cipher. AESCCMP is the standard encryption cipher required for WPA2.
â 28 â
Chapter 2 | Initial Configuration
Web Quick Start
Authentication
â
802.1X â The access point supports 802.1X authentication only for clients
initiating the 802.1X authentication process (i.e., the access point does not
initiate 802.1X authentication). For clients initiating 802.1X, only those
successfully authenticated are allowed to access the network. For those clients
not initiating 802.1X, access to the network is allowed after successful wireless
association with the access point. The 802.1X mode allows access for clients not
using WPA or WPA2 security.
â
Pre-Authentication â When using WPA2 over 802.1X, pre-authentication can
be enabled, which allows clients to roam to a new access point and be quickly
associated without performing full 802.1X authentication. (Default: Disabled)
â
802.1x Reauthentication Time â The time period after which a connected
client must be re-authenticated. During the re-authentication process of
verifying the clientâs credentials on the RADIUS server, the client remains
connected the network. Only if re-authentication fails is network access
blocked. (Range: 0-65535 seconds; Default: 0 means disabled)
Note: When 802.1X is enabled, be sure to configure RADIUS server details. For
more information, see âPrimary and Secondary RADIUS Server Setupâ on page 76.
Step 4 When you have clicked âSetâ after Step 3, the AP saves the Quick Start configuration
settings. Click âOKâ to confirm that the Quick Start is complete.
Figure 8: Quick Start - Step 4
â 29 â
Section II
Web Configuration
This section provides details on configuring the access point using the web
browser interface.
This section includes these chapters:
â
âSystem Settingsâ on page 31
â
âAdministration Settingsâ on page 46
â
âAdvanced Settingsâ on page 51
â
âWireless Settingsâ on page 59
â
âSNMP Settingsâ on page 85
â
âMaintenance Settingsâ on page 93
â
âStatus Informationâ on page 99
â 30 â
3
System Settings
This chapter describes basic system settings on the access point. It includes the
following sections:
â
âAdministration Settingsâ on page 32
â
âIPv4 Addressâ on page 33
â
âIPv6 Addressâ on page 34
â
âSystem Timeâ on page 35
â
âVLAN Configurationâ on page 37
â
âSystem Logsâ on page 39
â
âQuick Start Wizardâ on page 40
â
âSystem Resourceâ on page 41
â
âBridge STP Configurationâ on page 42
â 31 â
Chapter 3 | System Settings
Administration Settings
Administration Settings
The Administration Settings page configures some basic settings for the AP, such as
the system identification name, the management access passwords, and the
wireless operation Country Code.
Figure 9: Administration
The following items are displayed on this page:
â
System Name â An alias for the AP, enabling the device to be uniquely
identified on the network. (Default: %VBM#BOE"1; Range: 1-32 characters)
â
Username/Guest Username â The name of the user is fixed as either âadminâ
or âguestâ and is not configurable.
â
Old Password â Type your current password.
â
New Password â The password for management access.
(Length: 5-32 characters, case sensitive)
â
Confirm New Password â Enter the password again for verification.
â
Country Code â Configures the APâs country code, which identifies the
country of operation and sets the authorized radio channels.
â 32 â
Chapter 3 | System Settings
IPv4 Address
Caution: You must set the country code to the country of operation. Setting the
country code restricts operation of the AP to the radio channels and transmit
power levels permitted for wireless networks in the specified country.
IPv4 Address
Configuring the AP with an IPv4 address expands your ability to manage the AP. A
number of the APâs features depend on IPv4 addressing to operate.
You can use the web browser interface to access IPv4 addressing only if the access
point already has an IPv4 address that is reachable through your network.
By default, the AP will be not be automatically configured with IPv4 settings from a
Dynamic Host Configuration Protocol (DHCP) server. The default IPv4 address for
management access is 192.168.1.10, with a subnet mask 255.255.255.0.
Figure 10: IPv4 Configuration
The following items are displayed on this page:
â
DHCP Status â Enables/disables DHCP on the access point.
â
IP Address â Specifies an IP address for the access point. Valid IP addresses
consist of four decimal numbers, 0 to 255, separated by periods. (Default:
192.168.2.10.)
â
Subnet Mask â Indicates the local subnet mask. (Default: 255.255.255.0)
â
Default Gateway â The default gateway is the IP address of the router for the
access point, which is used if the requested destination address is not on the
local subnet.
â 33 â
Chapter 3 | System Settings
IPv6 Address
If you have management stations, DNS, RADIUS, or other network servers
located on another subnet, type the IP address of the default gateway router in
the text field provided.
â
Primary and Secondary DNS Address â The IP address of Domain Name
Servers on the network. A DNS maps numerical IP addresses to domain names
and can be used to identify network hosts by familiar names instead of the IP
addresses.
If you have one or more DNS servers located on the local network, type the IP
addresses in the text fields provided.
â
Management IP â The IPv4 address of the AP through which you can access
management interfaces.
â 
Management IP Address â Specifies an IPv4 address for management of
the access point. (Default: 192.168.1.10.)
â 
Management Subnet Mask â Indicates the local subnet mask.
(Default: 255.255.255.0)
IPv6 Address
This section describes how to configure an IPv6 interface for management access
over the network. This AP supports both IPv4 and IPv6, and can be managed
through either of these address types.
By default, the AP will be not be automatically configured with IPv6 settings from a
DHCPv6 server. The default IPv6 address is 2001:db8::1, subnet mask 64 and a
default gateway of 2001:db8::2.
Figure 11: IPv6 Configuration
â 34 â
Chapter 3 | System Settings
System Time
The following items are displayed on this page:
â
DHCP Status â Enables/disables DHCPv6 on the access point.
â
IP Address â Specifies an IPv6 address for management of the access point.
(Default: 2001:db8::1)
â
Subnet Mask â Indicates the local subnet mask. (Default: 64)
â
Default Gateway â The default gateway is the IPv6 address of the router for
the access point, which is used if the requested destination address is not on
the local subnet.
If you have management stations, DNS, RADIUS, or other network servers
located on another subnet, type the IPv6 address of the default gateway router
in the text field provided.
â
Primary and Secondary DNS Address â The IPv6 address of Domain Name
Servers on the network. A DNS maps numerical IPv6 addresses to domain
names and can be used to identify network hosts by familiar names instead of
the IPv6 addresses.
If you have one or more DNS servers located on the local network, type the IPv6
addresses in the text fields provided.
System Time
Simple Network Time Protocol (SNTP) allows the access point to set its internal
clock based on periodic updates from a time server (SNTP or NTP). Maintaining an
accurate time on the access point enables the system log to record meaningful
dates and times for event entries. If the clock is not set, the access point will only
record the time from the factory default set at the last bootup.
The access point acts as an SNTP client, periodically sending time synchronization
requests to specific time servers. You can configure up to two time server IP
addresses. The access point will attempt to poll each server in the configured
sequence.
â 35 â
Chapter 3 | System Settings
System Time
Figure 12: SNTP Settings
SNTP Server Settings Configures the access point to operate as an SNTP client. When enabled, at least
one time server IP address must be specified.
â
SNTP Status â Enables/disables SNTP. (Default: enabled)
â
Primary Server â The IP address of an SNTP or NTP time server that the access
point attempts to poll for a time update.
â
Secondary Server â The IP address of a secondary SNTP or NTP time server.
The access point first attempts to update the time from the primary server; if
this fails it attempts an update from the secondary server.
Time Zone Setting SNTP uses Greenwich Mean Time, or GMT (sometimes referred to as Coordinated
Universal Time, or UTC) based on the time at the Earthâs prime meridian, zero
degrees longitude. To display a time corresponding to your local time, you must
indicate the number of hours your time zone is located before (east) or after (west)
GMT.
â
Time Zone â Select from the scroll down list the locale you are situated most
close to, for example for New York, select â(GMT-05) Eastern Time (US & Canada)â.
Daylight Saving The access point provides a way to automatically adjust the system clock for
Settings Daylight Savings Time changes. To use this feature you must define the month and
date to begin and to end the change from standard time. During this period the
system clock is set back by one hour.
â
Daylight Saving Status â Enalbes/disables daylight savings time. (Default:
disabled)
When enabled, set the month, day, and week to start and stop the daylight
savings time.
â 36 â
Chapter 3 | System Settings
VLAN Configuration
VLAN Configuration
VLANs (virtual local area networks) are turned off by default when first installing the
access point. If turned on they will automatically tag any packets received by the
LAN port before sending them on to the relevant VAP (virtual access point).
The access point can employ VLAN tagging support to control access to network
resources and increase security. VLANs separate traffic passing between the access
point, associated clients, and the wired network. There can be a default VLAN for
each VAP (Virtual Access Point) interface, and a management VLAN for the access
point.
Note the following points about the access pointâs VLAN support:
â
The management VLAN is for managing the access point through remote
management tools, such as the web interface, SSH, SNMP, or Telnet. The access
point only accepts management traffic that is tagged with the specified
management VLAN ID.
â
All wireless clients associated to the access point are assigned to a VLAN.
Wireless clients are assigned to the default VLAN for the VAP interface with
which they are associated. The access point only allows traffic tagged with
default VLAN IDs to access clients associated on each VAP interface.
â
When VLAN support is enabled on the access point, traffic passed to the wired
network is tagged with the appropriate VLAN ID, either a VAP default VLAN ID,
or the management VLAN ID. Traffic received from the wired network must also
be tagged with one of these known VLAN IDs. Received traffic that has an
unknown VLAN ID or no VLAN tag is dropped.
â
When VLAN support is disabled, the access point does not tag traffic passed to
the wired network and ignores the VLAN tags on any received frames.
Note: Before enabling VLAN tagging on the access point, be sure to configure the
attached network switch port to support tagged VLAN frames from the access
pointâs management VLAN ID and default VLAN IDs. Otherwise, connectivity to the
access point will be lost when you enable the VLAN feature.
â 37 â
Chapter 3 | System Settings
VLAN Configuration
Figure 13: Setting the VLAN Identity
The following items are displayed on this page:
â
VLAN Classification â Enables VLAN packet tagging. (Default: disabled)
â
Management VLAN ID â The VLAN ID that traffic must have to be able to
manage the access point. (Range 1-4094; Default: 4093)
â
Native VLAN ID â The VLAN ID assigned to untagged packets received by the
LAN port. (Range: 1-4094; Default: 1)
â 38 â
Chapter 3 | System Settings
System Logs
System Logs
The access point can be configured to send event and error messages to a System
Log Server. The system clock can also be synchronized with a time server, so that all
the messages sent to the Syslog server are stamped with the correct time and date.
Figure 14: System Log Settings
The following items are displayed on this page:
â
Syslog Status â Enables/disables the logging of error messages. (Default:
enabled)
â
Server 1~4 â Enables the sending of log messages to a Syslog server host. Up
to four Syslog servers are supported on the access point. (Default: disabled)
â
IP â The IP address or name of a Syslog server. (Server 1 Default: 10.7.16.98;
Server 2 Default: 10.7.13.48; Server 3 Default: 10.7.123.123; Server 4 Default:
10.7.13.77)
â
UDP Port â The UDP port used by a Syslog server. (Range: 514 or 1102465535; Server 1~2 Default: 514; Server 3 Default: 6553; Server 4 Default: 5432)
â
Logging Console â Enables the logging of error messages to the console.
(Default: disabled)
â 39 â
Chapter 3 | System Settings
Quick Start Wizard
â
Logging Level â Sets the minimum severity level for event logging. (Default:
Debug)
The system allows you to limit the messages that are logged by specifying a
minimum severity level. The following table lists the error message levels from
the most severe (Emergency) to least severe (Debug). The message levels that
are logged include the specified minimum level up to the Emergency level.
Table 1: Logging Levels
Error Level
Description
Emergency
System unusable
Alerts
Immediate action needed
Critical
Critical conditions (e.g., memory allocation, or free memory error resource exhausted)
Error
Error conditions (e.g., invalid input, default used)
Warning
Warning conditions (e.g., return false, unexpected return)
Notice
Normal but significant condition, such as cold start
Informational
Informational messages only
Debug
Debugging messages
Quick Start Wizard
The Quick Start menu item is described in the preceding chapter, see âWeb Quick
Startâ on page 24.
â 40 â
Chapter 3 | System Settings
System Resource
System Resource
The System Resource page displays information on the APâs current CPU and
memory utilization. This page also allows you to set thresholds for the CPU and
memory usage, where an SNMP trap can be sent as an alert.
Figure 15: System Resource
The following items are displayed on this page:
â
CPU Rising Threshold â A high CPU utilization percentage above which a
âCPU Busyâ SNMP trap message is sent (only sent once). (Range: 1-100 percent,
0 is disabled; Default: 0)
â
CPU Falling Threshold â A low CPU utilization percentage below which a
âCPU Freeâ SNMP trap message is sent once the Rising Threshold has been
exceeded. (Range: 0 to less than the Rising Threshold; Default: 20)
â
Memory Rising Threshold â A high memory utilization threshold in Kbytes
above which a âMemory Overloadâ SNMP trap message is sent (only sent once).
(Range: 1-113076 Kbytes, 0 is disabled; Default: 0)
â
Memory Falling Threshold â A low memory utilization threshold in Kbytes
below which a âMemory Freeâ SNMP trap message is sent once the Rising
Threshold has been exceeded. (Range: 0 to less than the Rising Threshold;
Default: 16000 Kbytes)
â
Threshold Interval â The interval in seconds between each CPU utilization
check. (Range: 1 to 86400 seconds, 0 is disabled; Default: 0)
â
CPU Status â Displays detailed information on the current CPU utilization.
â 41 â
Chapter 3 | System Settings
Bridge STP Configuration
â
Memory Status â Displays detailed information on the current memory
utilization.
Bridge STP Configuration
The Bridge menu enables configuration of the Spanning Tree Protocol (STP) and
the address table aging time.
Spanning Tree The Spanning Tree Protocol (STP) can be used to detect and disable network loops,
Protocol (STP) and to provide backup links between switches, bridges or routers. This allows the
wireless bridge to interact with other bridging devices (that is, an STP-compliant
switch, bridge or router) in your network to ensure that only one route exists
between any two stations on the network, and provide backup links which
automatically take over when a primary link goes down.
STP uses a distributed algorithm to select a bridging device (STP-compliant switch,
bridge or router) that serves as the root of the spanning tree network. It selects a
root port on each bridging device (except for the root device) which incurs the
lowest path cost when forwarding a packet from that device to the root device.
Then it selects a designated bridging device from each LAN which incurs the lowest
path cost when forwarding a packet from that LAN to the root device. All ports
connected to designated bridging devices are assigned as designated ports. After
determining the lowest cost spanning tree, it enables all root ports and designated
ports, and disables all other ports. Network packets are therefore only forwarded
between root ports and designated ports, eliminating any possible network loops.
Once a stable network topology has been established, all bridges listen for Hello
BPDUs (Bridge Protocol Data Units) transmitted from the root bridge. If a bridge
does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge
assumes that the link to the root bridge is down. This bridge will then initiate
negotiations with other bridges to reconfigure the network to reestablish a valid
network topology.
â 42 â
Chapter 3 | System Settings
Bridge STP Configuration
Figure 16: Spanning Tree Protocol
Bridge
Sets STP bridge link parameters.
The following items are displayed on the STP page:
â
Spanning Tree Protcol â Enables/disables STP on the AP.
(Default: Disabled)
â
Priority â Used in selecting the root device, root port, and designated port.
The device with the highest priority becomes the STP root device. However, if
all devices have the same priority, the device with the lowest MAC address will
then become the root device. (Note that lower numeric values indicate higher
priority.) (Default:32768; Range: 0-65535)
â
Max Age â The maximum time (in seconds) a device can wait without
receiving a configuration message before attempting to reconfigure. All device
ports (except for designated ports) should receive configuration messages at
regular intervals. Any port that ages out STP information (provided in the last
configuration message) becomes the designated port for the attached LAN. If it
is a root port, a new root port is selected from among the device ports attached
â 43 â
Chapter 3 | System Settings
Bridge STP Configuration
to the network.
(Default: 20 seconds; Range: 6-40 seconds)
Minimum: The higher of 6 or [2 x (Hello Time + 1)].
Maximum: The lower of 40 or [2 x (Forward Delay - 1)]
â
Hello Time â Interval (in seconds) at which the root device transmits a
configuration message. (Default: 2 seconds; Range: 1-10 seconds)
Minimum: 1
Maximum: The lower of 10 or [(Max. Message Age / 2) -1]
â
Forwarding Delay â The maximum time (in seconds) this device waits before
changing states (i.e., discarding to learning to forwarding). This delay is
required because every device must receive information about topology
changes before it starts to forward frames. In addition, each port needs time to
listen for conflicting information that would make it return to a discarding
state; otherwise, temporary data loops might result. (Default: 15 seconds;
Range: 1-30 seconds)
Minimum: The higher of 1 or [(Max. Message Age / 2) + 1]
Maximum: 30
Ethernet Interface
Sets STP settings for the Ethernet port.
â
Link Path Cost â This parameter is used by the STP to determine the best path
between devices. Therefore, lower values should be assigned to ports attached
to faster media, and higher values assigned to ports with slower media. (Path
cost takes precedence over port priority.) (Default: 4; Range: 1-65535)
â
Link Port Priority â Defines the priority used for this port in the Spanning
Tree Protocol. If the path cost for all ports on a switch are the same, the port
with the highest priority (i.e., lowest value) will be configured as an active link in
the spanning tree. This makes a port with higher priority less likely to be
blocked if the Spanning Tree Protocol is detecting network loops. Where more
than one port is assigned the highest priority, the port with lowest numeric
identifier will be enabled. (Default: 32; Range: 0-63)
Wireless Interface
Sets STP settings for the radio interface.
â
Index â Describes the VAP in question.
â
Link Path Cost â This parameter is used by the STP to determine the best path
between devices. Therefore, lower values should be assigned to ports attached
to faster media, and higher values assigned to ports with slower media. (Path
cost takes precedence over port priority.) (Default: 19; Range: 1-65535.)
â 44 â
Chapter 3 | System Settings
Bridge STP Configuration
â
Link Port Priority â Defines the priority used for this port in the Spanning
Tree Protocol. If the path cost for all ports on a switch are the same, the port
with the highest priority (i.e., lowest value) will be configured as an active link in
the spanning tree. This makes a port with higher priority less likely to be
blocked if the Spanning Tree Protocol is detecting network loops. Where more
than one port is assigned the highest priority, the port with lowest numeric
identifier will be enabled. (Default: 32; Range: 0-63)
Bridge Configuration Use the Bridge Configuration page to configure the aging time for the MAC address
table.
The AP stores the MAC addresses for all known devices. All the addresses learned by
monitoring traffic are stored in a dynamic address table. This information is used to
pass traffic directly between inbound and outbound interfaces.
Figure 17: Bridge Configuration
The following items are displayed on the STP page:
â
mac aging time â The time after which a learned MAC address is discarded.
(Range: 10-1000000 seconds; Default: 300 seconds)
â 45 â
4
Administration Settings
This chapter describes management access settings on the access point. It includes
the following sections:
â
âRemote Management Settingsâ on page 47
â
âAccess Limitationâ on page 49
â 46 â
Chapter 4 | Administration Settings
Remote Management Settings
Remote Management Settings
The Web, Telnet, and SNMP management interfaces are enabled and open to all IP
addresses by default. To provide more security for management access to the
access point, specific interfaces can be disabled and management restricted to a
single IP address or a limited range of IP addresses.
Once you specify an IP address or range of addresses, access to management
interfaces is restricted to the specified addresses. If anyone tries to access a
management interface from an unauthorized address, the access point will reject
the connection.
Telnet is a remote management tool that can be used to configure the access point
from anywhere in the network. However, Telnet is not secure from hostile attacks.
The Secure Shell (SSH) can act as a secure replacement for Telnet. The SSH protocol
uses generated public keys to encrypt all data transfers passing between the access
point and SSH-enabled management station clients and ensures that data traveling
over the network arrives unaltered. Clients can then securely use the local user
name and password for access authentication.
Note that SSH client software needs to be installed on the management station to
access the access point for management via the SSH protocol.
Both HTTP and HTTPS service can be enabled independently. If you enable HTTPS,
you must indicate this in the URL: https://device:port_number]
When you start HTTPS, the connection is established in this way:
â
The client authenticates the server using the serverâs digital certificate.
â
The client and server negotiate a set of security protocols to use for the
connection.
â
The client and server generate session keys for encrypting and decrypting data.
â
The client and server establish a secure encrypted connection.
â
A padlock icon should appear in the status bar for Internet Explorer.
â 47 â
Chapter 4 | Administration Settings
Remote Management Settings
Figure 18: Remote Management
The following items are displayed on Admin Interface page:
â
Telnet Access â Enables/disables management access from Telnet interfaces.
(Default: enabled)
â
Telnet Access Port â Sets the specified Telnet port for communication.
(Default: 23)
â
SSH Server â Enables/disables management access from SSH Servers.
(Default: enabled)
â
SSH Server Port â Sets the specified SSH Server port for communication.
(Default: 22)
â
HTTP Access â Enables/disables management access from any IP address.
(Default: enabled)
â
HTTP Timeout â Specifies the time after which the HTTP connection will be
lost with a period of inactivity. (Default: 1800 seconds; Range: 1-1800 seconds;
0=disabled)
â
HTTP Port â Specifies the HTTP port for IP connectivity. (Default: 80; Range
1024-65535)
â
HTTPS Server â Enables/disables management access from a HTTPS server.
(Default: enabled)
â 48 â
Chapter 4 | Administration Settings
Access Limitation
â
HTTPS Port â Specifies the HTTPS port for secure IP connectivity. (Default:
443; Range 1024-65535)
â
SNMP Access â Enables management access through SNMP. For more
information on SNMP access, see ââ on page 50. (Default: enabled)
Access Limitation
The Access Limitation page limits management access to the access point from
specified IP addresses or wireless clients.
Figure 19: Access Limitation
The following items are displayed on the Access Limitation page:
IP Management Control
â
Any IP â Indicates that any IP address is allowed management access.
â
Single IP â Specifies a single IP address that is allowed management access.
â
Multiple IP â Specifies an address range as defined by the entered IP address
and subnet mask. For example, IP address 192.168.1.6 and subnet mask
255.255.255.0, defines all IP addresses from 192.168.1.1 to 192.168.1.254.
â
IP Address â Specifies the IP address.
â
Subnet Mask â Specifies the subnet mask in the form 255.255.255.x
â 49 â
Chapter 4 | Administration Settings
Access Limitation
Restrict Management
â
Enable/Disable â Enables/disables management of the device by a wireless
client. (Default: disabled)
DHCP Filter
â
Enable/Disable â Enables/disables the AP and wireless clients from obtaining
an IP address from a DHCP server installed on wireless client. (Default: disabled)
â 50 â
5
Advanced Settings
This chapter describes advanced settings on the access point. It includes the
following sections:
â
âLocal Bridge Filterâ on page 51
â
âLink Layer Discovery Protocolâ on page 52
â
âAccess Control Listsâ on page 54
â
âLink Integrityâ on page 57
â
âMax Bandwidth Controlâ on page 58
Local Bridge Filter
The access point can employ network traffic frame filtering to control access to
network resources and increase security. You can prevent communications
between wireless clients and prevent access point management from wireless
clients. Also, you can block specific Ethernet traffic from being forwarded by the
access point.
The Local Bridge Filter sets the global mode for wireless-to-wireless
communications between clients associated to Virtual AP (VAP) interfaces on the
access point. (Default: Disabled)
Figure 20: Local Bridge Filter
The following items are displayed on this page:
â 51 â
Chapter 5 | Advanced Settings
Link Layer Discovery Protocol
â
Disabled â All clients can communicate with each other through the access
point.
â
Prevent Intra VAP client communication â When enabled, clients associated
with a specific VAP interface cannot establish wireless communications with
each other. Clients can communicate with clients associated to other VAP
interfaces.
â
Prevent Inter and Intra VAP client communication â When enabled, clients
cannot establish wireless communications with any other client, either those
associated to the same VAP interface or any other VAP interface.
Link Layer Discovery Protocol
This page allows you to configure the Link Layer Discovery Protocol (LLDP). LLDP
allows devices in the local broadcast domain to share information about
themselves. LLDP-capable devices periodically transmit information in messages
called Type Length Value (TLV) fields to neighbor devices. Advertised information is
represented in Type Length Value (TLV) format according to the IEEE 802.1ab
standard, and can include details such as device identification, capabilities and
configuration settings.
This information can be used by SNMP applications to simplify troubleshooting,
enhance network management, and maintain an accurate network topology.
Figure 21: LLDP Settings
The following items are displayed on this page:
â
Disable/Enable â Disables/Enables LLDP on the access point.
â 52 â
Chapter 5 | Advanced Settings
Link Layer Discovery Protocol
â
Message Transmission Hold Time â Configures the time-to-live (TTL) value
sent in LLDP advertisements as shown in the formula below. (Range: 2-10;
Default: 4)
The time-to-live tells the receiving LLDP agent how long to retain all
information pertaining to the sending LLDP agent if it does not transmit
updates in a timely manner. TTL in seconds is based on the following rule:
(Transmission Interval * Hold time) â¤ 65536. Therefore, the default TTL is 4*30 =
120 seconds.
â
Message Transmission Interval (seconds) â Configures the periodic transmit
interval for LLDP advertisements. (Range: 5-32768 seconds; Default: 30
seconds)
This attribute must comply with the following rule: (Transmission Interval *
Hold Time) â¤ 65536, and Transmission Interval >= (4 * Delay Interval)
â
ReInitial Delay Time (seconds) â Configures the delay before attempting to
re-initialize after LLDP ports are disabled or the link goes down. (Range: 1-10
seconds; Default: 2 seconds)
When LLDP is re-initialized on a port, all information in the remote systems
LLDP MIB associated with this port is deleted.
â
Transmission Delay Value (seconds) â Configures a delay between the
successive transmission of advertisements initiated by a change in local LLDP
MIB variables. (Range: 1-8192 seconds; Default: 4 seconds)
The transmit delay is used to prevent a series of successive LLDP transmissions
during a short period of rapid changes in local LLDP MIB objects, and to
increase the probability that multiple, rather than single changes, are reported
in each transmission.
This attribute must comply with the rule: (4 * Delay Interval) â¤ Transmission
Interval
â 53 â
Chapter 5 | Advanced Settings
Access Control Lists
Access Control Lists
Access Control Lists allow you to configure a list of wireless client MAC addresses
that are not authorized to access the network. A database of MAC addresses can be
configured locally on the access point.
Source Address The ACL Source Address Settings page enables traffic filtering based on the source
Settings MAC address in the data frame.
Figure 22: Source ACLs
The following items are displayed on this page:
â
SA Status â Enables network traffic with specific source MAC addresses to be
filtered (dropped) from the access point.
â
MAC Address â Specifies a source MAC address to filter, in the form
xx.xx.xx.xx.xx.xx, or xx-xx-xx-xx-xx-xx.
â
Action â Selecting âAddâ adds a new MAC address to the filter list, selecting
delete removes the specified MAC address.
â
Number â Specifies the number associated with the MAC address.
â
MAC Address â Displays the configured source MAC address.
â 54 â
Chapter 5 | Advanced Settings
Access Control Lists
Destination Address The ACL Destination Address Settings page enables traffic filtering based on the
Settings destination MAC address in the data frame.
Figure 23: Destination ACLs
The following items are displayed on this page:
â
DA Status â Enables network traffic with specific destination MAC addresses
to be filtered (dropped) from the access point.
â
MAC Address â Specifies a destination MAC address to filter, in the form
xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx.
â
Action â Selecting âAddâ adds a new MAC address to the filter list, selecting
delete deletes the specified MAC address.
â
Number â Specifies the number of the MAC address in the filter table.
â
MAC Address â Displays the configured destination MAC address.
â 55 â
Chapter 5 | Advanced Settings
Access Control Lists
Ethernet Type The Ethernet Type Filter controls checks on the Ethernet type of all incoming and
outgoing Ethernet packets against the protocol filtering table. (Default: Disabled)
Figure 24: Ethernet Type Filter
The following items are displayed on this page:
â
Disabled â Access point does not filter Ethernet protocol types.
â
Enabled â Access point filters Ethernet protocol types based on the
configuration of protocol types in the filter table. If the status of a protocol is set
to âON,â the protocol is filtered from the access point.
â
Local Management â Describes the Ethernet filter type.
â
ISO Designator â Describes the ISO Designator identifier.
â
Filter Status â Turns the filter on or off.
â 56 â
Chapter 5 | Advanced Settings
Link Integrity
Link Integrity
The AP provides a link integrity feature that can be used to ensure that wireless
clients are connected to resources on the wired network. The AP does this by
periodically sending Ping messages to a host device in the wired Ethernet network.
If the AP detects that the connection to the host has failed, it can disable the radio
interfaces, forcing clients to find and associate with another AP. When the
connection to the host is restored, the AP re-enables the radio interfaces.
Figure 25: Link Integrity
The following items are displayed on this page:
â
Link Integrity â Enables the feature. (Default: Disabled)
â
Destination IP â The link host IP address on the wired network to which Ping
messages are sent. (Default: 192.168.2.254)
â
Detect Interval â The interval time between each Ping sent to the host IP
address.(Range: 10-86400 seconds; Default: 60 seconds)
â
Response Timeout â The time to wait for a response to a Ping message.
(Range: 1-10 seconds; Default: 2 seconds)
â
Retry Count if no response â The number of consecutive failed Ping counts
before the link is determined as lost. (Range: 1-99; Default: 5)
â
Link Fail Action â When a link integrity test fails you can optionally disable
either radio interface. Note that the shutdown action does not apply for a VAP
interface set to WDS station mode. (Default: Disabled)
â 57 â
Chapter 5 | Advanced Settings
Max Bandwidth Control
Max Bandwidth Control
Click the Max Bandwidth Control link on the Advance menu to configure rate
limiting of traffic on the AP.
Figure 26: Max Bandwidth Control
The following items are displayed on this page:
â
Uplink Setting â Enables the rate limiting of traffic from the AP as it is passed
to the wired network. You can set a maximum rate in kbytes per second.
(Range: 100-12000 Kbytes per second; Default: Disabled, 12000 Kbytes per
second)
â
Downlink Setting â Enables the rate limiting of traffic from the wired network
as it is passed to the AP. You can set a maximum rate in kbytes per second.
(Range: 100-12000 Kbytes per second; Default: Disabled, 12000 Kbytes per
second)
â 58 â
6
Wireless Settings
This chapter describes wireless settings on the access point. It includes the
following sections:
â
âBand Steeringâ on page 59
â
âRadio Settingsâ on page 60
â
âVirtual Access Points (VAPs)â on page 64
â
âRogue AP Detectionâ on page 78
â
âWi-Fi Multimedia (WMM)â on page 80
Band Steering
The Band Steering feature redirects all dual-band clients to connect to the 5 GHz
radio. This feature only functions when both the 2.4 GHz and 5 GHz radio SSIDs are
identical.
Figure 27: Band Steering
The following items are displayed on this page:
â
Band Steering Status â Enables the Band Steering feature. (Default: Disabled)
â 59 â
Chapter 6 | Wireless Settings
Radio Settings
Radio Settings
The IEEE 802.11n wireless interfaces include configuration options for radio signal
characteristics and wireless security features.
The AP can operate in several radio modes, mixed 802.11b/g/n (2.4 GHz), or mixed
802.11a/n (5 GHz). Note that the radios can operate at 2.4 GHz and 5 GHz at the
same time. The web interface identifies the radio configuration pages as:
â
Radio 0 â the 2.4 GHz 802.11b/g/n radio interface
â
Radio 1 â the 5 GHz 802.11a/n radio interface
Each radio supports 16 virtual access point (VAP) interfaces, referred to as VAP 0 ~
VAP 15. Each VAP functions as a separate access point, and can be configured with
its own Service Set Identification (SSID) and security settings. However, most radio
signal parameters apply to all VAP interfaces. The configuration options are nearly
identical, and are therefore both covered in this section of the manual. Traffic to
specific VAPs can be segregated based on user groups or application traffic. The
clients associate with each VAP in the same way as they would with separate
physical access points. The AP supports up to a total of 127 wireless clients across
all VAP interfaces per radio.
Figure 28: Radio Settings
â 60 â
Chapter 6 | Wireless Settings
Radio Settings
The following items are displayed on this page:
â
High Throughput Mode â The access point provides a channel bandwidth of
20 MHz by default giving an 802.11g connection speed of 54 Mbps and a
802.11n connection speed of up to 108 Mbps, and ensures backward
compliance for slower 802.11b devices. Setting the HT Channel Bandwidth to
40 MHz increases connection speed for 802.11n up to 300 Mbps. HT40plus
indicates that the secondary channel is above the primary channel. HT40minus
indicates that the secondary channel is below the primary channel.
(Default: HT20; Range:HT20, HT40PLUS, HT40MINUS)
â
Radio Channel â The radio channel that the access point uses to
communicate with wireless clients. When multiple access points are deployed
in the same area, set the channel on neighboring access points at least five
channels apart to avoid interference with each other. For example, for 11g/n
HT20 mode you can deploy up to three access points in the same area using
channels 1, 6, 11. Note that wireless clients automatically set the channel to the
same as that used by the access point to which it is linked. (The available
channels are dependent on the Radio Mode, High Throughput Mode, and
Country Code settings.)
â
Auto Channel â Selecting Auto Select enables the access point to
automatically select an unoccupied radio channel.
â
Interference Channel Recover â Rescans all channels when interference is
detected on the current channel, and then changes to a clear channel.
(Default: Disabled)
â
Wlandev Interference Detection â Enables the detection of nearby APs that
are using the same channel. If the RSSI signal strength of a nearby AP is above
the configured threshold value, the unit switches to another channel.
(Default: Disabled)
â
Wlandev Interference Detection RSSI âThe RSSI signal strength threshold of
a nearby AP above which the unit switches to another channel. (Range: 1-100;
Default: 80)
â
Wlandev Interference Detection Time âThe time duration that a nearby AP
with an RSSI above the set threshold is continuously detected before the unit
restarts the scan process. (Range: 10-300 seconds; Default: 30 seconds)
â
Antenna â Sets the antenna options for this AP to âsystem default.â
â
Transmit Power â Adjusts the power of the radio signals transmitted from the
access point. The higher the transmission power, the farther the transmission
range. Power selection is not just a trade off between coverage area and
maximum supported clients. You also have to ensure that high-power signals
do not interfere with the operation of other radio devices in the service area.
(Range - Percentage mode: min, 12.5%, 25%, 50%, 100%; Default: 100%)
(Range - dBm mode: 3-20 dBm; Default: 18 dBm)
â 61 â
Chapter 6 | Wireless Settings
Radio Settings
â
Maximum Association Clients â The total maximum number of clients that
may associate with the radio. (Range: 1-127; Default: 100)
â
Radio Mode â Defines the radio operation mode.
â 
Radio 0 (2.4 GHz Radio) â Default: 11n (g compatible); Options: 11n (b&g
compatible), 11n (g compatible).
â 
Radio 1 (5 GHz Radio) â Default: 11n; Options: 11n (a compatible), 11n.
Note: Enabling the AP to communicate with 802.11b/g clients in both 802.11b/g/n
Mixed and 802.11n modes also requires that HT Operation be set to HT20.
â
Preamble Length â The radio preamble (sometimes called a header) is a
section of data at the head of a packet that contains information that the
wireless device and client devices need when sending and receiving packets.
You can set the radio preamble to long or short. A short preamble improves
throughput performance, whereas a long preamble is required when legacy
wireless devices are part of your network.
â
Beacon Interval â The rate at which beacon signals are transmitted from the
access point. The beacon signals allow wireless clients to maintain contact with
the access point. They may also carry power-management information. (Range:
40-3500 TUs; Default: 100 TUs)
â
Data Beacon Rate (DTIM) â The rate at which stations in sleep mode must
wake up to receive broadcast/multicast transmissions.
Known also as the Delivery Traffic Indication Map (DTIM) interval, it indicates
how often the MAC layer forwards broadcast/multicast traffic, which is
necessary to wake up stations that are using Power Save mode. The default
value of 2 indicates that the access point will save all broadcast/multicast
frames for the Basic Service Set (BSS) and forward them after every second
beacon. Using smaller DTIM intervals delivers broadcast/multicast frames in a
more timely manner, causing stations in Power Save mode to wake up more
often and drain power faster. Using higher DTIM values reduces the power used
by stations in Power Save mode, but delays the transmission of broadcast/
multicast frames. (Range: 1-255 beacons; Default: 1 beacon)
â
RTS Threshold â Sets the packet size threshold at which a Request to Send
(RTS) signal must be sent to a receiving station prior to the sending station
starting communications. The access point sends RTS frames to a receiving
station to negotiate the sending of a data frame. After receiving an RTS frame,
the station sends a CTS (clear to send) frame to notify the sending station that it
can start sending data.
If the RTS threshold is set to 1, the access point always sends RTS signals. If set
to 2346, the access point never sends RTS signals. If set to any other value, and
â 62 â
Chapter 6 | Wireless Settings
Radio Settings
the packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to
Send / Clear to Send) mechanism will be enabled.
The access points contending for the medium may not be aware of each other.
The RTS/CTS mechanism can solve this âHidden Node Problem.â (Range: 1-2346
bytes: Default: 2346 bytes)
â
Short Guard Interval â The 802.11n draft specifies two guard intervals: 400ns
(short) and 800ns (long). Support of the 400ns GI is optional for transmit and
receive. The purpose of a guard interval is to introduce immunity to
propagation delays, echoes, and reflections to which digital data is normally
very sensitive. Enabling the Short Guard Interval sets it to 400ns. (Default:
Disabled)
â
Aggregate MAC Protocol Data Unit (A-MPDU) â Enables / disables the
sending of this four frame packet header for statistical purposes. (Default:
Enabled)
â
A-MPDU Length Limit (1024-65535) â Defines the A-MPDU length. (Default:
65535 bytes; Range: 1024-65535 bytes)
â
Aggregate MAC Service Data Unit (A-MSDU) â Enables / disables the
sending of this four frame packet header for statistical purposes. (Default:
Enabled)
â
Disable HT20/HT40 Coexistance â Prevents 802.11n 20 MHz and 40 MHz
channel bandwidths from operating together in the same network.
(Default: Disabled)
â
Antenna Selection â Sets the radio to use one or both antennas. (Options:
Left, Right, Right+Left; Default: Right+Left)
â
Minimum CCK Rate â (2.4 GHz radio only) The minimum CCK data rate at
which the AP transmits packets on the wireless interface. (Options: 1, 2, 5.5,
11 Mbps; Default 1 Mbps)
â
Minimum OFDM Rate â The minimum OFDM data rate at which the AP
transmits packets on the wireless interface. (Range: 6, 9, 12, 18, 24, 36, 48,
54 Mbps; Default 6 Mbps)
â
Minimum Single Stream Rate â The minimum 802.11n single stream data
rate at which the AP transmits packets on the wireless interface. (Range: MCS0MCS7; Default MCS0)
â
Minimum Double Stream Rate â The minimum 802.11n double stream data
rate at which the AP transmits packets on the wireless interface. (Range: MCS8MCS15; Default MCS8)
â 63 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
â
Long Distance Setting â When you have long-distance links in the wireless
network, some timing parameters require an adjustment to maintain
communications.
Enter the approximate distance (in meters) of the client from the AP. Click on
the âShow Reference Dataâ button to compute a set of recommended values
for SlotTime, ACKTimeOut and CTSTimeOut. You can use the recommended
values or enter your own values that work for your specific environment.
â
Set Radio â Sets all entered parameters.
Virtual Access Points (VAPs)
The AP supports up to 16 virtual access point (VAP) interfaces per radio, numbered
0 to 15. Each VAP functions as a separate access point, and can be configured with
its own Service Set Identification (SSID) and security settings. However, most radio
signal parameters apply to all VAP interfaces.
The VAPs function similar to a VLAN, with each VAP mapped to its own default
VLAN ID. Traffic to specific VAPs can be segregated based on user groups or
application traffic. All VAPs can support up to a total of 127 wireless clients,
whereby the clients associate with each VAP the same way as they would with
separate physical access points.
Note: The radio channel settings for the access point are limited by local
regulations, which determine the number of channels that are available. See
âOperating Channelsâ on page 46 for additional information on the maximum
number channels available.
â 64 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
Figure 29: VAP Settings
The following items are displayed on this page:
â
VAP Number â The number associated with the VAP, 0-15.
â
SSID â The name of the basic service set provided by a VAP interface. Clients
that want to connect to the network through the access point must set their
SSID to the same as that of an access point VAP interface. (Default:
%VBM#BOE"1_11BGN_# (0 to 15) for 2.4 GHz, %VBM#BOE"1_11NA_# (0 to 15) for
5 GHz; Range: 1-32 characters)
â
Enable â Enables the specified VAP. (Default: Disabled)
â
Status â Displays the mode of the VAP. The default is set to "AP," for normal
access point services.
â
Edit Setting â Click to open the page to configure basic and security settings
for the selected VAP.
â
QoS Setting â Click to open the page to configure QoS settings for the
selected VAP.
â
Bandwidth Setting â Click to open the page to configure bandwidth control
for the selected VAP.
â
MAC_Auth & Radius â Click to open the page to configure MAC address
authentication and RADIUS settings for the selected VAP.
â 65 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
VAP Basic Settings Sets the basic operating mode and other settings for the VAP.
Each VAP can operate in one of three modes; normal AP mode, WDS-AP bridge AP
mode, or WDS-STA bridge station mode. The default mode is AP for the VAP to
support normal access point services.
Note: For more information and examples for setting up WDS networks, see âWDS
Setup Examplesâ on page 45.
Note that the Basic Settings are the same for both AP and WDS-AP modes.
Figure 30: VAP Basic Settings
The following items are displayed on this page:
â
Closed System â When enabled, the VAP does not include its SSID in beacon
messages. Nor does it respond to probe requests from clients that do not
include a fixed SSID. (Default: Disable)
â
Mode â Selects the mode in which the VAP will function.
â
â 
AP Mode: The VAP provides services to clients as a normal access point.
â 
WDS-AP Mode: The VAP operates as an access point in WDS mode, which
accepts connections from APs in WDS-STA mode.
â 
WDS-STA Mode: The VAP operates as a client station in WDS mode, which
connects to an access point VAP in WDS-AP mode. The user needs to
specify the MAC address of the access point in WDS-AP mode to which it
intends to connect.
Maximum Association Clients â The total maximum number of clients that
may associate with this VAP. The maximum is 127, which is the total associated
clients for all VAP interfaces. (Range: 1 to 127; Default 16)
â 66 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
â
WLAN Client Association Preemption â When enabled, the AP applies a
priority order for associating clients when the maximum clients for the VAP has
been reached. The priority order is 11n clients, 11a/g clients, then 11b clients.
When the association pool for the VAP is full and the AP receives an association
request from a high-priority (11n) client, the AP sends a disassociation to a
lower priority client (11a/g or 11b) in order to be able to associate the highpriority client. If there are no lower-priority clients to disassociate, the AP will
reject the association request. (Default: Disabled)
â
Association Timeout Interval â The idle time interval (when no frames are
sent) after which a client is disassociated from the VAP interface. (Range: 5-60
minutes; Default: 30 minutes)
â
Authentication Timeout Interval â The time within which the client should
finish authentication before authentication times out.
(Range: 5-60 minutes; Default: 60 minutes)
â
Default VLAN ID â The VLAN ID assigned to wireless clients associated to the
VAP interface that are not assigned to a specific VLAN by RADIUS server
configuration. (Default: 1)
â
DHCP Relay Server â The IP address of the DHCP relay server. Dynamic Host
Configuration Protocol (DHCP) can dynamically allocate an IP address and
other configuration information to network clients that broadcast a request. To
receive the broadcast request, the DHCP server would normally have to be on
the same subnet as the client. However, when the access pointâs DHCP relay
agent is enabled, received client requests can be forwarded directly by the
access point to a known DHCP server on another subnet. Responses from the
DHCP server are returned to the access point, which then broadcasts them
back to clients. (Default: 0.0.0.0 (disabled))
â
SSID â The service set identifier for the VAP.
â
Multicast Enhancement â When a wireless client joins a multicast group, this
feature converts multicast packets to unicast packets to improve multicast
video quality.
â 67 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
WDS-STA Mode Describes additional basic VAP settings when functioning in WDS-STA mode.
Figure 31: WDS-STA Mode
The following items are displayed in the VAP Basic Settings when WDS-AP mode is
selected:
â
WDS-AP (Parent) SSID â The SSID of the VAP on the connecting access point
that is set to WDS-AP mode.
â
WDS-AP (Parent) MAC â The MAC address of the VAP on the connecting
access point that is set to WDS-AP mode.
Wireless Security Describes the wireless security settings for each VAP, including association mode,
Settings encryption, and authentication.
Note: For VAPs set to WDS-AP or WDS-STA mode, the security options are limited
to WPA-PSK and WPA2-PSK only.
Figure 32: Configuring VAPs - Security Settings
The following items are available for VAP security:
â
Association Mode â Defines the mode with which the VAP will associate with
clients.
â 68 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
â
â
â 
Open System: The VAP is configured by default as an âopen system,â which
broadcasts a beacon signal including the configured SSID. Wireless clients
with an SSID setting of âanyâ can read the SSID from the beacon and
automatically set their SSID to allow immediate connection.
â 
WPA: WPA employs a combination of several technologies to provide an
enhanced security solution for 802.11 wireless networks.
â 
WPA-PSK: For enterprise deployment, WPA requires a RADIUS
authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and
maintain a RADIUS server, WPA provides a simple operating mode that uses
just a pre-shared password for network access. The Pre-Shared Key mode
uses a common password for user authentication that is manually entered
on the access point and all wireless clients. The PSK mode uses the same
TKIP packet encryption and key management as WPA in the enterprise,
providing a robust and manageable alternative for small networks.
â 
WPA2: WPA was introduced as an interim solution for the vulnerability of
WEP pending the ratification of the IEEE 802.11i wireless security standard.
In effect, the WPA security features are a subset of the 802.11i standard.
WPA2 includes the now ratified 802.11i standard, but also offers backward
compatibility with WPA. Therefore, WPA2 includes the same 802.1X and PSK
modes of operation and support for TKIP encryption.
â 
WPA2-PSK: Clients using WPA2 with a Pre-shared Key are accepted for
authentication.
â 
WPA-WPA2 Mixed: Clients using WPA or WPA2 are accepted for
authentication.
â 
WPA-WPA2-PSK-mixed: Clients using WPA or WPA2 with a Pre-shared Key
are accepted for authentication.
Encryption Method â Selects an encryption method for the global key used
for multicast and broadcast traffic, which is supported by all wireless clients.
â 
WEP: WEP is used as the multicast encryption cipher. You should select
WEP only when both WPA and WEP clients are supported.
â 
TKIP: TKIP is used as the multicast encryption cipher.
â 
AES-CCMP: AES-CCMP is used as the multicast encryption cipher. AESCCMP is the standard encryption cipher required for WPA2.
802.1X â The access point supports 802.1X authentication only for clients
initiating the 802.1X authentication process (i.e., the access point does not
initiate 802.1X authentication). For clients initiating 802.1X, only those
successfully authenticated are allowed to access the network. For those clients
not initiating 802.1X, access to the network is allowed after successful wireless
â 69 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
association with the access point. The 802.1X mode allows access for clients not
using WPA or WPA2 security.
â
Pre-Authentication â When using WPA2 over 802.1X, pre-authentication can
be enabled, which allows clients to roam to a new access point and be quickly
associated without performing full 802.1X authentication. (Default: Disabled)
â
802.1x Reauthentication Time â The time period after which a connected
client must be re-authenticated. During the re-authentication process of
verifying the clientâs credentials on the RADIUS server, the client remains
connected the network. Only if re-authentication fails is network access
blocked. (Range: 0-65535 seconds; Default: 0 means disabled)
Wired Equivalent WEP provides a basic level of security, preventing unauthorized access to the
Privacy (WEP) network, and encrypting data transmitted between wireless clients and the VAP.
WEP uses static shared keys (fixed-length hexadecimal or alphanumeric strings)
that are manually distributed to all clients that want to use the network.
WEP is the security protocol initially specified in the IEEE 802.11 standard for
wireless communications. Unfortunately, WEP has been found to be seriously
flawed and cannot be recommended for a high level of network security. For more
robust wireless security, the access point provides Wi-Fi Protected Access (WPA)
and WPA2 for improved data encryption and user authentication.
Setting up shared keys enables the basic IEEE 802.11 Wired Equivalent Privacy
(WEP) on the access point to prevent unauthorized access to the network.
If you choose to use WEP shared keys instead of an open system, be sure to define
at least one static WEP key for user authentication and data encryption. Also, be
sure that the WEP shared keys are the same for each client in the wireless network.
All clients share the same keys, which are used for user authentication and data
encryption. Up to four keys can be specified.
â 70 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
Figure 33: WEP Configuration
The following items are on this page for WEP configuration:
â
Default WEP Key Index â Selects the key number to use for encryption for the
VAP interface. If the clients have all four WEP keys configured to the same
values, you can change the encryption key to any of the settings without
having to update the client keys.
(Default: Key 1)
â
Key Type â Select the preferred method of entering WEP encryption keys for
the VAP, either hexadecimal digits (Hex) or alphanumeric characters (ASCII).
â
Key Length â Select 64 Bit or 128 Bit key length. Note that the same size of
encryption key must be supported on all wireless clients. (Default: 64 bit)
â
Key â Enter up to four WEP encryption keys for the VAP.
â 
Hex: Enter keys as 10 hexadecimal digits (0-9 and A-F) for 64 bit keys, or 26
hexadecimal digits for 128 bit keys.
â 
ASCII: Enter keys as 5 alphanumeric characters for 64 bit keys, or 13
alphanumeric characters for 128 bit keys.
Note: Key index, type, and length must match that configured on the clients.
â 71 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
VAP QoS Settings Click the QoS Setting link from the VAP Settings page to access the QoS priority
mapping configuration for traffic on the VAP interface.
Figure 34: QoS Settings
The following items are displayed in the VAP QoS Settings page:
â
VAP to 802.1p Setting â You can modify the VLAN priority tags of traffic on
the VAP interface with a specified priority value. Requires the default VLAN ID
for the VAP to be any other value than 1.
Note: The VAP-to-802.1p priority QoS feature cannot be enabled together with the
802.1d-to-802.1p or 802.1d-to-DSCP features.
â
802.1d to 802.1p Setting â Enables the mapping of traffic priority from
WMM 802.1d priorities to 802.1p VLAN tag priority values. The priorities are
mapped according to the user-defined QoS Template map. Requires the
default VLAN ID for the VAP to be any other value than 1.
â
802.1d to DSCP Setting â Enables the mapping of traffic priority from WMM
802.1d priorities to IP DSCP priority values. The priorities are mapped according
to the user-defined QoS Template map.
â 72 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
Both â802.1d to 802.1pâ mapping and â802.1d to DSCPâ mapping can be
enabled simultaneously when the default VLAN ID for the VAP is any other
value than 1. When only â802.1d to DSCPâ mapping is enabled, the default
VLAN ID for the VAP must be set to 1.
â
QoS Template â Enables up to eight user-defined priority mapping tables to
be configued. The tables are used to map the WMM 802.1d priorities to 802.1p/
DSCP priorities.
Click the âEditâ link in the list to define a template priority map.
Figure 35: QoS Template Setting
The following items are displayed in the QoS Template Setting page:
â
QoS Template Name â A descriptive name that identifies the mappng
template. All eight templates have a default name that can be edited by the
user (maximum 32 characters).
â
Vap/802.1d (Default User Priority) â The WMM 802.1d priority value in a
tagged packet.
â
802.1p/DSCP (Retagged User Priority) â The 802.1p or IP DSCP priority
value that replaces the WMM 802.1d value in tagged packets. (Range: 0-7)
â 73 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
VAP Bandwidth Click the Bandwidth Setting link from the VAP Settings page to configure rate
Settings limiting for traffic on the VAP interface.
Figure 36: Bandwidth Settings
The following items are displayed on this page:
â
Bandwidth Control on Uplink Setting â Enables the rate limiting of traffic
from the VAP interface as it is passed to the wired network. You can set a
maximum rate in kbytes per second. (Range: 100-12000 Kbytes per second;
Default: 100 Kbytes per second)
â
Bandwidth Control on Downlink Setting â Enables the rate limiting of traffic
from the wired network as it is passed to the VAP interface. You can set a
maximum rate in kbytes per second. (Range: 100-12000 Kbytes per second;
Default: 100 Kbytes per second)
MAC Authentication Wireless clients can be authenticated for network access by checking their MAC
and RADIUS address against the local database configured on the access point, or by using a
database configured on a central RADIUS server. Alternatively, authentication can
be implemented using the IEEE 802.1X network access control protocol.
Remote Authentication Dial-in User Service (RADIUS) is an authentication protocol
that uses software running on a central server to control access to RADIUS-aware
devices on the network. An authentication server contains a database of user
credentials for each user that requires access to the network.
Local MAC Authentication
You can configure a list of the MAC addresses for wireless clients that are authorized
to access the network. This provides a basic level of authentication for wireless
clients attempting to gain access to the network. A database of authorized MAC
addresses can be stored locally on the access point or remotely on a central RADIUS
server. (Default: Local MAC)
The local MAC database provides a mechanism to take certain actions based on a
wireless clientâs MAC address. The MAC list can be configured to allow or deny
network access to specific clients.
â 74 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
Figure 37: Local Authentication
The following items are displayed on Authentication page:
MAC Authentication â Selects between, disabled, Local MAC authentication and
RADIUS authentication.
â
Local MAC â The MAC address of the associating station is compared against
the local database stored on the access point. The Local MAC Authentication
section enables the local database to be set up.
â
System Default â Specifies a default action for all unknown MAC addresses
(that is, those not listed in the local MAC database).
â
â
â 
Deny: Blocks access for all MAC addresses except those listed in the local
database as âAllow.â
â 
Allow: Permits access for all MAC addresses except those listed in the local
database as âDeny.â
MAC Authentication Settings â Enters specified MAC addresses and
permissions into the local MAC database.
â 
MAC Address: Physical address of a client. Enter six pairs of hexadecimal
digits separated by hyphens; for example, 00-90-D1-12-AB-89.
â 
Permission: Select Allow to permit access or Deny to block access.
â 
Add/Delete: Adds or deletes the specified MAC address and permission
setting into or from the local database.
MAC Authentication Table â Displays current entries in the local MAC
database.
â 75 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
RADIUS MAC Authentication
The MAC address of the associating station is sent to a configured RADIUS server for
authentication. When using a RADIUS authentication server for MAC address
authentication, the server must first be configured on the RADIUS page.
Figure 38: RADIUS Authentication
The following items are displayed on Authentication page:
MAC Authentication â Selects between, disabled, Local MAC authentication and
RADIUS authentication.
â
RADIUS MAC â The MAC address of the associating station is compared
against the RADIUS server database. The RADIUS MAC Authentication section
enables the RADIUS database to be set up.
â
Session Timeout â The time period after which a connected client must be
re-authenticated. During the re-authentication process of verifying the clientâs
credentials on the RADIUS server, the client remains connected the network.
Only if re-authentication fails is network access blocked. (Default: 0 means
disabled; Range: 30-65535 seconds)
Primary and Secondary RADIUS Server Setup
A primary RADIUS server must be specified for the access point to implement IEEE
802.1X network access control and Wi-Fi Protected Access (WPA) wireless security.
A secondary RADIUS server may also be specified as a backup should the primary
server fail or become inaccessible.
In addition, you can configure a RADIUS Accounting server to receive user-session
accounting information from the access point. RADIUS Accounting can be used to
provide valuable information on user activity in the network.
This guide assumes that you have already configured RADIUS server(s) to support
the access point. Configuration of RADIUS server software is beyond the scope of
this guide, refer to the documentation provided with the RADIUS server software.
â 76 â
Chapter 6 | Wireless Settings
Virtual Access Points (VAPs)
Figure 39: RADIUS Settings
The following items are displayed on the RADIUS Settings page:
â
RADIUS Status â Enables/disables the primary RADIUS server.
â
IP Address â Specifies the IP address or host name of the RADIUS server.
â
Port (1024-65535) â The UDP port number used by the RADIUS server for
authentication messages. (Range: 1024-65535; Default: 1812)
â
Key â A shared text string used to encrypt messages between the access point
and the RADIUS server. Be sure that the same text string is specified on the
RADIUS server. Do not use blank spaces in the string. (Maximum length: 255
characters)
RADIUS Accounting
The following items are displayed on the RADIUS Settings page:
â
Account Status â Enables/disables RADIUS accounting.
â
IP Address â Specifies the IP address or host name of the RADIUS accounting
server.
â 77 â
Chapter 6 | Wireless Settings
Rogue AP Detection
â
Port (1024-65535) â The UDP port number used by the RADIUS accounting
server for authentication messages. (Range: 1024-65535; Default: 1813)
â
Key â A shared text string used to encrypt messages between the access point
and the RADIUS accounting server. Be sure that the same text string is specified
on the RADIUS server. Do not use blank spaces in the string. (Maximum length:
255 characters)
â
Interim Update Timeout (60-86400) â The interval between transmitting
accounting updates to the RADIUS server. (Range: 60-86400; Default: 300
seconds)
Rogue AP Detection
A ârogue APâ is either an access point that is not authorized to participate in the
wireless network, or an access point that does not have the correct security
configuration. Rogue APs can allow unauthorized access to the network, or fool
client stations into mistakenly associating with them and thereby blocking access
to network resources.
The access point can be configured to periodically scan all radio channels and find
other access points within range. A database of nearby access points is maintained
where any rogue APs can be identified. Rogue access points can be identified by
unknown BSSID (MAC address).
â 78 â
Chapter 6 | Wireless Settings
Rogue AP Detection
Figure 40: Rogue AP Detection
The following items are displayed on this page:
â
AP Scan Setting â Enables the periodic scanning for other nearby access
points. (Default: Disable)
â
Scan Interval â Sets the time between each rogue AP scan. (Range: 15 -65535
seconds; Default: 7200 seconds)
â
Scan Duration â Sets the length of time for each rogue AP scan. A long scan
duration time will detect more access points in the area, but causes more
disruption to client access. (Range: 10 -150 milliseconds; Default: 150
milliseconds)
â
First Scan Delay â Delays the start of rogue AP scanning after enabling the
feature or booting the AP. (Range: 0 -65535 seconds; Default: 65535 seconds)
â
Friendly AP â Allows you to enter the MAC address/Basic Service Set Identifier
(BSSID) of known APs in the network. These MAC addresses will be filtered out
of the list of detected APs during a scan.
â
Friendly AP MAC Table â Displays the MAC addresses of known APs in the
network.
â 79 â
Chapter 6 | Wireless Settings
Wi-Fi Multimedia (WMM)
â
Rogue AP Scan Result â Displays information of unknown APs detected
within the range of the AP running the scan.
â
Friendly Active AP Scan Result â Displays information of known APs
detected within the range of the AP running the scan.
â
Start Instant Scan â Starts an immediate rogue AP scan on the radio
interface. (Default: Disable)
Note: While the access point scans a channel for rogue APs, wireless clients will not
be able to connect to the access point. Therefore, avoid frequent scanning or scans
of a long duration unless there is a reason to believe that more intensive scanning is
required to find a rogue AP.
Wi-Fi Multimedia (WMM)
Wireless networks offer an equal opportunity for all devices to transmit data from
any type of application. Although this is acceptable for most applications,
multimedia applications (with audio and video) are particularly sensitive to the
delay and throughput variations that result from this âequal opportunityâ wireless
access method. For multimedia applications to run well over a wireless network, a
Quality of Service (QoS) mechanism is required to prioritize traffic types and
provide an âenhanced opportunityâ wireless access method.
The access point implements QoS using the Wi-Fi Multimedia (WMM) standard.
Using WMM, the access point is able to prioritize traffic and optimize performance
when multiple applications compete for wireless network bandwidth at the same
time. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard
and it enables the access point to interoperate with both WMM-enabled clients and
other devices that may lack any WMM functionality.
Access Categories â WMM defines four access categories (ACs): voice, video, best
effort, and background. These categories correspond to traffic priority levels and
are mapped to IEEE 802.1D priority tags (see âWMM Access Categoriesâ on
page 81). The direct mapping of the four ACs to 802.1D priorities is specifically
intended to facilitate inter operability with other wired network QoS policies. While
the four ACs are specified for specific types of traffic, WMM allows the priority levels
to be configured to match any network-wide QoS policy. WMM also specifies a
protocol that access points can use to communicate the configured traffic priority
levels to QoS-enabled wireless clients.
â 80 â
Chapter 6 | Wireless Settings
Wi-Fi Multimedia (WMM)
Table 2: WMM Access Categories
Access
Category
WMM
Designation
Description
802.1D
Tags
AC_VO (AC3)
Voice
Highest priority, minimum delay. Time-sensitive
data such as VoIP (Voice over IP) calls.
7, 6
AC_VI (AC2)
Video
High priority, minimum delay. Time-sensitive data
such as streaming video.
5, 4
AC_BE (AC0)
Best Effort
Normal priority, medium delay and throughput.
Data only affected by long delays. Data from
applications or devices that lack QoS capabilities.
0, 3
AC_BK (AC1)
Background
Lowest priority. Data with no delay or throughput
requirements, such as bulk data transfers.
2, 1
WMM Operation â WMM uses traffic priority based on the four ACs; Voice, Video,
Best Effort, and Background. The higher the AC priority, the higher the probability
that data is transmitted.
When the access point forwards traffic, WMM adds data packets to four
independent transmit queues, one for each AC, depending on the 802.1D priority
tag of the packet. Data packets without a priority tag are always added to the Best
Effort AC queue. From the four queues, an internal âvirtualâ collision resolution
mechanism first selects data with the highest priority to be granted a transmit
opportunity. Then the same collision resolution mechanism is used externally to
determine which device has access to the wireless medium.
For each AC queue, the collision resolution mechanism is dependent on two timing
parameters:
â
AIFSN (Arbitration Inter-Frame Space Number), a number used to calculate the
minimum time between data frames
â
CW (Contention Window), a number used to calculate a random backoff time
After a collision detection, a backoff wait time is calculated. The total wait time is
the sum of a minimum wait time (Arbitration Inter-Frame Space, or AIFS)
determined from the AIFSN, and a random backoff time calculated from a value
selected from zero to the CW. The CW value varies within a configurable range. It
starts at CWMin and doubles after every collision up to a maximum value, CWMax.
After a successful transmission, the CW value is reset to its CWMin value.
â 81 â
Chapter 6 | Wireless Settings
Wi-Fi Multimedia (WMM)
Figure 41: WMM Backoff Wait Times
Time
CWMin
High Priority
CWMax
AIFS
Random Backoff
Minimum Wait Time
Random Wait Time
CWMin
Low Priority
CWMax
AIFS
Random Backoff
Minimum Wait Time
Random Wait Time
For high-priority traffic, the AIFSN and CW values are smaller. The smaller values
equate to less backoff and wait time, and therefore more transmit opportunities.
Figure 42: QoS
â 82 â
Chapter 6 | Wireless Settings
Wi-Fi Multimedia (WMM)
The following items are displayed on this page:
â
â
WMM â Sets the WMM operational mode on the access point. When enabled,
the parameters for each AC queue will be employed on the access point and
QoS capabilities are advertised to WMM-enabled clients. (Default: Disabled)
â 
Disable: WMM is disabled.
â 
Enable: WMM must be supported on any device trying to associated with
the access point. Devices that do not support this feature will not be
allowed to associate with the access point.
WMM Acknowledge Policy â By default, all wireless data transmissions
require the sender to wait for an acknowledgement from the receiver. WMM
allows the acknowledgement wait time to be turned off for each Access
Category (AC) 0-3. Although this increases data throughput, it can also result in
a high number of errors when traffic levels are heavy. (Default: Acknowledge)
â 
Aknowledge â Applies the WMM policy.
â 
No Aknowledge â Ignores the WMM policy.
â
WMM BSS Parameters â These parameters apply to the wireless clients.
â
WMM AP Parameters â These parameters apply to the access point.
â 
logCWMin (Minimum Contention Window): The initial upper limit of the
random backoff wait time before wireless medium access can be
attempted. The initial wait time is a random value between zero and the
CWMin value. Specify the CWMin value in the range 0-15 microseconds.
Note that the CWMin value must be equal or less than the CWMax value.
â 
logCWMax (Maximum Contention Window): The maximum upper limit of
the random backoff wait time before wireless medium access can be
attempted. The contention window is doubled after each detected collision
up to the CWMax value. Specify the CWMax value in the range 0-15
microseconds. Note that the CWMax value must be greater or equal to the
CWMin value.
â 
AIFSN (Arbitration Inter-Frame Space): The minimum amount of wait time
before the next data transmission attempt. Specify the AIFS value in the
range 0-15 microseconds.
â 
TXOP Limit (Transmit Opportunity Limit): The maximum time an AC
transmit queue has access to the wireless medium. When an AC queue is
granted a transmit opportunity, it can transmit data for a time up to the
TxOpLimit. This data bursting greatly improves the efficiency for high datarate traffic. Specify a value in the range 0-65535 microseconds.
â 83 â
Chapter 6 | Wireless Settings
Wi-Fi Multimedia (WMM)
â 
â
Admission Control: The admission control mode for the access category.
When enabled, clients are blocked from using the access category. (Default:
Disabled)
Set WMM â Applies the new parameters and saves them to RAM memory.
Also prompts a screen to inform you when it has taken affect. Click âOKâ to
return to the home page. Changes will not be saved upon a reboot unless the
running configuration file is saved.
â 84 â
7
SNMP Settings
This chapter describes Simple Network Management Protocol (SNMP) settings on
the access point.
Simple Network Management Protocol (SNMP) is a communication protocol
designed specifically for managing devices on a network. Equipment commonly
managed with SNMP includes switches, routers and host computers.
Managed devices supporting SNMP contain software, which runs locally on the
device and is referred to as an agent. A defined set of variables, known as managed
objects, is maintained by the SNMP agent and used to manage the device. These
objects are defined in a Management Information Base (MIB) that provides a
standard presentation of the information controlled by the agent. SNMP defines
both the format of the MIB specifications and the protocol used to access this
information over the network.
The access point includes an onboard agent that supports SNMP versions 1, 2c, and
3 clients. This agent continuously monitors the status of the access point, as well as
the traffic passing to and from wireless clients. A network management station can
access this information using SNMP management software that is compliant with
MIB II. To implement SNMP management, the access point must first have an IP
address and subnet mask, configured either manually or dynamically. Access to the
onboard agent using SNMP v1 and v2c is controlled by community strings. To
communicate with the access point, the management station must first submit a
valid community string for authentication.
Access to the access point using SNMP v3 provides additional security features that
cover message integrity, authentication, and encryption; as well as controlling
notifications that are sent to specified user targets.
This chapter includes the following sections:
â
âSNMP Basic Settingsâ on page 86
â
âSNMP Trap Settingsâ on page 87
â
âView Access Control Modelâ on page 88
â
âSNMPv3 Usersâ on page 90
â
âSNMPv3 Targetsâ on page 91
â
âSNMPv3 Notification Filtersâ on page 92
â 85 â
Chapter 7 | SNMP Settings
SNMP Basic Settings
SNMP Basic Settings
The access point SNMP agent must be enabled to function (for versions 1, 2c, and 3
clients). Management access using SNMP v1 and v2c also requires community
strings to be configured for authentication. Trap notifications can be enabled and
sent to up to four management stations.
Figure 43: SNMP Basic Settings
The following items are displayed on this page:
â
SNMP â Enables or disables SNMP management access and also enables the
access point to send SNMP traps (notifications). (Default: Disable)
â
System Location â A text string that describes the system location.
(Maximum length: 255 characters)
â
System Contact â A text string that describes the system contact. (Maximum
length: 255 characters)
â
Read-Only Community â Defines the SNMP community access string that
has read-only access. Authorized management stations are only able to retrieve
MIB objects. (Maximum length: 23 characters, case sensitive; Default: public)
â
Read-Write Community â Defines the SNMP community access string that
has read/write access. Authorized management stations are able to both
retrieve and modify MIB objects. (Maximum length: 23 characters, case
sensitive; Default: private)
â 86 â
Chapter 7 | SNMP Settings
SNMP Trap Settings
SNMP Trap Settings
Traps indicating status changes are issued by the AP to specified trap managers.
You must specify trap managers so that key events are reported by the AP to your
management station (using network management platforms).
Figure 44: SNMP Trap Settings
The following items are displayed on this page:
â
Trap Destination â Specifies the recipient of SNMP notifications. Enter the IP
address or the host name. (Host Name: 1 to 63 characters, case sensitive)
â
Community â The community string sent with the notification operation.
(Maximum length: 23 characters, case sensitive; Default: public)
â
Action â Adds a new SNMP trap destination to the list.
â
Trap Destination List â Lists the configured SNMP trap destinations.
â
Trap Configuration â Enables or disables trap status.
â 
sysSystemUp: The access point is up and running.
â 
sysSystemDown: The access point is about to shutdown and reboot.
â 87 â
Chapter 7 | SNMP Settings
View Access Control Model
â
Save Trap Config â Applies the new parameters and saves them to RAM
memory. Also prompts a screen to inform you when it has taken affect. Clicking
âOKâ returns to the home page. Changes will not be saved upon a reboot unless
the running configuration file is saved.
View Access Control Model
To configure SNMPv3 management access to the AP, follow these steps:
1. Specify read and write access views for the AP MIB tree.
2. Configure SNMP user groups with the required security model (that is, SNMP
v1, v2c, or v3) and security level (authentication and privacy).
3. Assign SNMP users to groups, along with their specific authentication and
privacy passwords.
Figure 45: SNMP VACM
Creating Views
SNMPv3 views are used to restrict user access to specified portions of the MIB tree.
The are no predefined views by default.
The following items are displayed on the VACM page.
â
View Name â The name of the SNMP view. (Range: 1-32 characters)
â 88 â
Chapter 7 | SNMP Settings
View Access Control Model
â
Type â Indicates if the object identifier of a branch within the MIB tree is
included or excluded from the SNMP view.
â
OID â Allows you to configure the object identifiers of branches within the MIB
tree. Wild cards can be used to mask a specific portion of the OID string.
â
Mask (option) â A hexadecimal value with each bit masking the corresponding
ID in the MIB subtree. A â1â in the mask indicates an exact match and a â0â
indicates a âwild card.â For example, a mask value of 0xFFBF provides a bit mask
â1111 1111 1011 1111.â If applied to the subtree â1.3.6.1.2.1.2.2.1.1.23,â the zero
corresponds to the 10th subtree ID. When there are more subtree IDs than bits
in the mask, the mask is padded with ones.
â
View List â Shows the currently configured object identifiers of branches
within the MIB tree that define the SNMP view.
Creating Groups
An SNMPv3 group sets the access policy for its assigned users, restricting them to
specific read, write, and notify views. You can create new groups to map a set of
SNMP users to SNMP views.
â
Group Name â The name of the SNMP group. (Range: 1-32 characters)
â
Security Level â The security level used for the group:
â 
noAuthNoPriv â There is no authentication or encryption used in SNMP
communications.
â 
AuthNoPriv â SNMP communications use authentication, but the data is
not encrypted.
â 
AuthPriv â SNMP communications use both authentication and
encryption.
â
Read View â The configured view for read access. (Range: 1-32 characters)
â
Write View â The configured view for write access. (Range: 1-32 characters)
â 89 â
Chapter 7 | SNMP Settings
SNMPv3 Users
SNMPv3 Users
The access point allows multiple SNMP v3 users to be configured. Each SNMPv3
user is defined by a unique name. Users must be configured with a specific security
level and assigned to a group. The SNMPv3 group restricts users to a specific read,
write, or notify view.
Figure 46: Configuring SNMPv3 Users
The following items are displayed on this page:
â
User Name â The SNMPv3 user name. (32 characters maximum)
â
Group â The SNMPv3 group name.
â
Auth Type â The authentication type used for the SNMP user; either MD5 or
none. When MD5 is selected, enter a password in the corresponding
Passphrase field.
â
Auth Passphrase â The authentication password or key associated with the
authentication and privacy settings. A minimum of eight plain text characters is
required.
â
Priv Type â The data encryption type used for the SNMP user; either DES or
none. When DES is selected, enter a key in the corresponding Passphrase field.
â
Priv Passphrase â The password or key associated with the authentication
and privacy settings. A minimum of eight plain text characters is required.
â
Action â Click the Add button to add a new user to the list. Click the edit
button to change details of an existing user. Click the Del button to remove a
user from the list.
Note: Users must be assigned to groups that have the same security levels. For
example, a user who has âAuth Typeâ and âPriv Typeâ configured to MD5 and DES
respectively (that it, uses both authentication and data encryption) must be
â 90 â
Chapter 7 | SNMP Settings
SNMPv3 Targets
assigned to the RWPriv group. If this same user were instead assigned to the readonly (RO) group, the user would not be able to access the database.
SNMPv3 Targets
An SNMP v3 notification Target ID is specified by the SNMP v3 user, IP address, and
UDP port. A user-defined filter can also be assigned to specific targets to limit the
notifications received to specific MIB objects. (Note that the filter must first be
configured. See âSNMPv3 Notification Filtersâ on page 92.)
To configure a new notification receiver target, define the parameters and select a
filter, if required. Note that the SNMP v3 user name must first be defined (See
âSNMPv3 Usersâ on page 90.)
Figure 47: SNMPv3 Targets
The following items are displayed on this page:
â
Target ID â A user-defined name that identifies a receiver of notifications.
(Maximum length: 32 characters)
â
IP Address â Specifies the IP address of the receiving management station.
â
UDP Port â The UDP port that is used on the receiving management station
for notification messages.
â
SNMP User â The defined SNMP v3 user that is to receive notification
messages.
â
Notification Filter â The name of a user-defined notification filter that is
applied to the target.
â 91 â
Chapter 7 | SNMP Settings
SNMPv3 Notification Filters
SNMPv3 Notification Filters
SNMP v3 users can be configured to receive notification messages from the access
point. An SNMP Target ID is created that specifies the SNMP v3 user, IP address, and
UDP port. A user-defined notification filter can be created so that specific
notifications can be prevented from being sent to particular targets.
Figure 48: SNMP Notification Filter
The following items are displayed on this page:
â
Filter ID â A user-defined name that identifies the filter. (Maximum length: 32
characters)
â
Subtree â Specifies MIB subtree to be filtered. The MIB subtree must be
defined in the form â.1.3.6.1â and always start with a â.â.
â
Type â Indicates if the filter is to âincludeâ or âexcludeâ the MIB subtree objects
from the filter. Note that MIB objects included in the filter are not sent to the
receiving target and objects excluded are sent. By default all traps are sent, so
you can first use an âincludeâ filter entry for all trap objects. Then use âexcludeâ
entries for the required trap objects to send to the target. Note that the filter
entries are applied in the sequence that they are defined.
â
Action â Adds the notification filter.
â 92 â
8
Maintenance Settings
Maintenance settings includes the following sections:
â
âUpgrading Firmwareâ on page 93
â
âRunning Configurationâ on page 95
â
âResetting the Access Pointâ on page 97
â
âScheduled Rebootâ on page 98
Upgrading Firmware
You can upgrade new access point software from a local file on the management
workstation, or from an FTP or TFTP server. New software may be provided
periodically from your distributor.
After upgrading new software, you must reboot the access point to implement the
new code. Until a reboot occurs, the access point will continue to run the software
it was using before the upgrade started. Also note that new software that is
incompatible with the current configuration automatically restores the access
point to the factory default settings when first activated after a reboot.
â 93 â
Chapter 8 | Maintenance Settings
Upgrading Firmware
Figure 49: Firmware
The following items are displayed on this page:
â
Firmware Version â Displays the software image version that is being used as
the runtime image. The âActiveâ image is the current running software, and the
âBackupâ image is the second software file installed on the AP, but not running.
â
Next Boot Image â Specifies what version of software will be used as a
runtime image upon bootup.
â
Set Next Boot â Applies the runtime image setting.
â
Local â Downloads an operation code image file from the web management
station to the access point using HTTP. Use the Browse button to locate the
image file locally on the management station and click Start Upgrade to
proceed.
â 
â
New Firmware File: Specifies the name of the code file on the server. The
new firmware file name should not contain slashes (\ or /), the leading letter
of the file name should not be a period (.), and the maximum length for file
names is 32 characters for files on the access point. (Valid characters: A-Z, az, 0-9, â.â, â-â, â_â)
Remote â Downloads an operation code image file from a specified remote
FTP or TFTP server. After filling in the following fields, click Start Upgrade to
proceed.
â 94 â
Chapter 8 | Maintenance Settings
Running Configuration
â
â 
New Firmware File: Specifies the name of the code file on the server. The
new firmware file name should not contain slashes (\ or /), the leading letter
of the file name should not be a period (.), and the maximum length for file
names on the FTP/TFTP server is 255 characters or 32 characters for files on
the access point. (Valid characters: A-Z, a-z, 0-9, â.â, â-â, â_â)
â 
IP Address: IP address or host name of FTP or TFTP server.
â 
Username: The user ID used for login on an FTP server.
â 
Password: The password used for login on an FTP server.
Start Upgrade â Commences the upgrade process.
Running Configuration
A copy of a previous running configuration may be uploaded to the access point as
a saved file from a remote location, or the current configuration saved and stored
for restoration purposes at a later point. A configuration file may be saved or
downloaded to/from a specified remote FTP or TFTP server.
Figure 50: Running Configuration File
â 95 â
Chapter 8 | Maintenance Settings
Running Configuration
The following items are displayed on this page:
â
File Backup/Restore â Downloads an operation code image file from a
specified remote FTP or TFTP server. After filling in the following fields, click
Start Export/Import to proceed.
â
Export/Import â Select Export to upload a file to an FTP/TFTP server. Select
Import to download a file from an FTP/TFTP server.
â
Config file â Specifies the name of the configuration file. A path on the server
can be specified using â/â in the name, providing the path already exists; for
example, âmyfolder/.â Other than to indicate a path, the file name must not
contain any slashes (\ or /), the leading letter cannot be a period (.), and the
maximum length for file names on the FTP/TFTP server is 255 characters. (Valid
characters: A-Z, a-z, 0-9, â.â, â-â, â_â)
â
IP Address â IP address or host name of FTP or TFTP server.
â
Username â The user ID used for login on an FTP server.
â
Password â The password used for login on an FTP server.
â
Start Import/Export â Initiates the selected backup or restore.
â
Restore Factory Setting â Click the Restore button to reset the configuration
settings for the access point to the factory defaults and reboot the system. Note
that all user configured information will be lost. You will have to re-enter the
default user name and password to re-gain management access to this device.
â
Restore Factory Setting with Keep IP â Click the Restore button to reset the
APâs configuration settings, except for the IP, to the factory defaults and reboot
the system. Note that other than the IP settings, all user configured information
will be lost. You will have to re-enter the default user name and password to regain management access to this device.
â
Running Config To Startup Config â Click âSaveâ to save the running
configuration to the startup file.
â 96 â
Chapter 8 | Maintenance Settings
Resetting the Access Point
Resetting the Access Point
The Reset page allows you to reset the access point and save the running
configuration before the reboot.
Figure 51: Resetting the Access Point
The following items are displayed on this page:
â
Save Runtime config before Reboot â Checking this option saves the
current running configuration to the startup file.
â
Reboot â Click the âRebootâ button to reset the configuration settings for the
AP and reboot the system. Note that all unsaved user configured information
will be lost.
Note: If you have upgraded system software, then you must reboot the access
point to implement the new operation code. New software that is incompatible
with the current configuration automatically restores the access point to default
values when first activated after a reboot.
â 97 â
Chapter 8 | Maintenance Settings
Scheduled Reboot
Scheduled Reboot
The Reboot Schedule page allows you to set the AP to reboot on a specified time
schedule. The time can be either by days and hours, or a simple countdown in
minutes.
Figure 52: Reboot Schedule â Fixed Time
The following items are displayed on this page:
â
Status â Selects a fixed time interval or a countdown time, or disables the
feature.
â
Interval â Specifies the interval in days. (Range: 1~7 days)
â
Schedule Time â Specifies a time in hours and minutes. (Range: 0~23 hours,
0~59 minutes)
Figure 53: Reboot Schedule â Countdown Time
The following items are displayed on this page:
â
Status â Selects a fixed time interval or a countdown time, or disables the
feature.
â
Countdown Time â Specifies a time in minutes. (Default: 14400 minutes;
Range: 1~14400 minutes)
â 98 â
9
Status Information
The Information menu displays information on the current system configuration,
the wireless interface, the station status and system logs.
Status Information includes the following sections:
â
âAP Statusâ on page 100
â
âStation Statusâ on page 103
â
âStation Statisticsâ on page 104
â
âEvent Logsâ on page 105
â
âWDS Statusâ on page 106
â 99 â
Chapter 9 | Status Information
AP Status
AP Status
The AP Status window displays basic system configuration settings, as well as the
settings for the wireless interfaces.
AP System The AP System Configuration table displays the basic system configuration settings
Configuration
Figure 54: AP System Configuration
The following items are displayed on this page:
â
Serial Number â The serial number of the physical access point.
â
System Up Time â Length of time the management agent has been up.
â
Ethernet MAC Address â The physical layer address for the Ethernet port.
â
Radio 0 MAC Address â The base physical layer address of the 2.4 GHz
interface.
â
Radio 1 MAC Address â The base physical layer address for the 5 GHz
interface.
â 100 â
Chapter 9 | Status Information
AP Status
â
System Name â Name assigned to this system.
â
System Contact â Administrator responsible for the system.
â
IP Address â IP address of the management interface for this device.
â
IP Default Gateway â IP address of the gateway router between this device
and management stations that exist on other network segments.
â
HTTP Server Status â Shows if management access via HTTP is enabled.
â
HTTP Port â Shows the TCP port used by the HTTP interface.
â
HTTPS Server Status â Shows if management access via HTTPS is enabled.
â
HTTPS Port â Shows the TCP port used by the HTTPS interface.
â
SSH Server Status â Shows if management access via SSH is enabled.
â
SSH Port â Shows the TCP port used for SSH access.
â
Telnet Server Status â Shows if management access via Telnet is enabled.
â
Telnet Port â Shows the TCP port used for Telnet access.
â
Software Version â Shows the software version number.
â
Boot Rom Version â Show the boot software version number.
â
Hardware Version â Shows the unitâs hardware version number.
â
Part Number â Shows the model number of the unit.
â
Production Date â Shows the production date of the unit.
â 101 â
Chapter 9 | Status Information
AP Status
AP Wireless The AP Wireless Configuration displays the VAP interface settings for the 2.4 GHz
Configuration and 5 GHz radios.
Figure 55: AP Wireless Configuration
The following items are displayed on this page for the 2.4 GHz and 5 GHz radio
interfaces:
â
VAP â Displays the VAP number.
â
SSID â The service set identifier for the VAP interface.
â
Status â Displays the interface mode setting, either âapâ, âwds-apâ, or âwds-staâ.
â
Association Mode â Shows the basic security mode configured for the VAP.
â
Encryption Method â Displays the encryption method used on the interface.
â
802.1X â Shows if IEEE 802.1X access control for wireless clients is enabled.
â
MAC Address â Displays the MAC address of the VAP interface.
â 102 â
Chapter 9 | Status Information
Station Status
Station Status
The Station Status window shows the wireless clients currently associated with the
2.4 GHz and 5 GHz radio interfaces.
Figure 56: Station Status
The following items are displayed on this page:
â
Total Station Number of this device â The total number of clients associated
to the AP.
â
Total Station Number of Radio 0 â The total number of clients associated to
the 2.4 GHz radio.
â
Total Station Number of Radio 1 â The total number of clients associated to
the 5 GHz radio.
â
Station Address â The MAC address of the wireless client.
â
RSSI â The Receive Signal Strength Indicator for the wireless client.
â
TxRate (Mbps) â The data tranmit rate to the wireless client.
â
RxRate (Mbps) â The data receive rate from the wireless client.
â
IP â The IP address assigned to the wireless client.
â
Privacy â The data encryption method used by the wireless client.
â
Authentication â The authentication method used by the wireless client.
â
Connection Time â The time the wireless client has been associated.
â 103 â
Chapter 9 | Status Information
Station Statistics
Station Statistics
The Station Statistics window shows the statistic information for wireless clients
currently associated with the 2.4 GHz and 5 GHz radio interfaces.
Figure 57: Station Statistics
The following items are displayed on this page:
â
Station Address â The MAC address of the wireless client.
â
TxPkts â The number of transmitted packets from this client.
â
TxBytes â The number of transmitted bytes from this client.
â
RxPkts â The number of received packets from this client.
â
RxBytes â The number of received bytes from this client.
â 104 â
Chapter 9 | Status Information
Event Logs
Event Logs
The Event Logs window shows the log messages generated by the access point and
stored in memory.
Figure 58: Event Logs
The following items are displayed on this page:
â
Display Event Log â Selects the log entries to display. Up to 20 log messages
can be displayed at one time.
Each log entry includes the time the log message was generated, the logging
level associated with the message, and the text of the log message.
â 105 â
Chapter 9 | Status Information
WDS Status
WDS Status
The WDS Status window shows the WDS information for the 2.4 GHz and 5 GHz
radio interfaces.
Figure 59: WDS Status
The following items are displayed on this page:
â
Auto Refresh Setting â Enables the automatic refresh of WDS status
information. When enabled, you can also set the time interval between each
status refresh.
â
WDS-STA Status â The status of other APs in WDS-STA mode connected to
the AP interfaces.
â 
Station Address â The MAC address of the AP client.
â 
RSSI â The Receive Signal Strength Indicator of the received signal sent
from the peer WDS client.
â 
Remote RSSI â The Receive Signal Strength Indicator of the AP signal
received by the peer WDS-STA client.
â 
TxRate (Mbps) â The data tranmit rate to the AP client.
â 
RxRate (Mbps) â The data receive rate from the AP client.
â 
IP â The IP address assigned to the AP client.
â 
Privacy â The data encryption method used by the AP client.
â 
Authentication â The authentication method used by the AP client.
â 106 â
Chapter 9 | Status Information
WDS Status
â
WDS-AP Status â The status of other APs in WDS-AP mode connected to AP
interfaces.
â 
Station Address â The MAC address of the WDS-enabled AP.
â 
RSSI â The Receive Signal Strength Indicator of the received signal sent
from the peer WDS AP.
â 
Remote RSSI â The Receive Signal Strength Indicator of the AP signal
received by the peer WDS-AP.
â 107 â
Chapter 9 | Status Information
WDS Status
â 108 â
Section III
Command Line Interface
This section provides a detailed description of the Command Line Interface, along
with examples for all of the commands.
This section includes these chapters:
â
âUsing the Command Line Interfaceâ on page 111
â
âGeneral Commandsâ on page 117
â
âSystem Management Commandsâ on page 121
â
âSystem Logging Commandsâ on page 143
â
âSystem Clock Commandsâ on page 148
â
âDHCP Relay Commandsâ on page 153
â
âSNMP Commandsâ on page 155
â
âFlash/File Commandsâ on page 168
â
âRADIUS Client Commandsâ on page 171
â
â802.1X Authentication Commandsâ on page 177
â
âMAC Address Authentication Commandsâ on page 179
â
âFiltering Commandsâ on page 183
â
âSpanning Tree Commandsâ on page 189
â
âWDS Bridge Commandsâ on page 201
â
âEthernet Interface Commandsâ on page 203
â
âWireless Interface Commandsâ on page 210
â 109 â
Section III | Command Line Interface
â
âWireless Security Commandsâ on page 239
â
âRogue AP Detection Commandsâ on page 249
â
âLink Integrity Commandsâ on page 255
â
âLink Layer Discovery Commandsâ on page 258
â
âVLAN Commandsâ on page 262
â
âWMM Commandsâ on page 266
â
âQoS Commandsâ on page 271
â 110 â
10
Using the Command Line
Interface
When accessing the management interface for the over a direct connection to the
console port, or via a Telnet connection, the access point can be managed by
entering command keywords and parameters at the prompt. Using the access
pointâs command-line interface (CLI) is very similar to entering commands on a
UNIX system.
Console Connection
To access the AP through the console port, first set up a console connection to the
AP. See âConsole Port Connectionâ on page 17 for more information.
At the console prompt, enter the user name and password. (The default user name
is âadminâ with no default password.) After the password is entered, the CLI displays
the âEC#â prompt.
Example
(none) login: admin
Password:
Jan 1 11:33:13 login[1918]: root login on 'ttyS0'
EC#
Note: Command examples later in this chapter show the console prompt as âAPâ.
Enter the necessary commands to complete your desired tasks.
When finished, exit the session with the âexitâ command.
â 111 â
Chapter 10 | Using the Command Line Interface
Telnet Connection
Telnet Connection
Telnet operates over the IP transport protocol. In this environment, your
management station and any network device you want to manage over the
network must have a valid IP address. If the access point does not acquire an IP
address from a DHCP server, the default IP address used by the access point for
management is 192.168.1.10.
To access the AP through a Telnet session, you must first set the IP address for the
AP, and set the default gateway if you are managing the AP from a different IP
subnet. For example:
AP#configure
AP(config)#interface ethernet
AP(if-ethernet)#ip address 10.1.0.1 255.255.255.0 10.1.0.254
AP(if-ethernet)#
After you configure the access point with an IP address, you can open a Telnet
session by performing these steps.
1. From the remote host, enter the Telnet command and the IP address of the
device you want to access.
2. At the prompt, enter the user name and system password. The CLI will display
the âAP#â prompt to show that you are using executive access mode (that is,
Exec).
(none) login: admin
Password:
AP#
3. Enter the necessary commands to complete your desired tasks.
4. When finished, exit the session with the âquitâ or âexitâ command.
Note: You can open up to four sessions to the device through Telnet.
â 112 â
Chapter 10 | Using the Command Line Interface
Entering Commands
Entering Commands
This section describes how to enter CLI commands.
Keywords and A CLI command is a series of keywords and arguments. Keywords identify a
Arguments command, and arguments specify configuration parameters. For example, in the
command âshow interfaces ethernet,â show and interfaces are keywords, and
ethernet is an argument that specifies the interface type.
You can enter commands as follows:
â
To enter a simple command, enter the command keyword.
â
To enter commands that require parameters, enter the required parameters
after the command keyword. For example, to set a password for the
administrator, enter:
AP(config)#password admin tpschris
Minimum The CLI will accept a minimum number of characters that uniquely identify a
Abbreviation command. For example, the command âconfigureâ can be entered as con. If an
entry is ambiguous, the system will prompt for further input.
Command If you terminate input with a Tab key, the CLI will print the remaining characters of a
Completion partial keyword up to the point of ambiguity. In the âconfigureâ example, typing
con followed by a tab will result in printing the command up to âconfigure.â
Getting Help on You can display a brief description of the help system by entering the help
Commands command. You can also display command syntax by following a command with the
â?â character to list keywords or parameters.
Showing Commands If you enter a â?â at the command prompt, the system will display the first level of
keywords for the current configuration mode (Exec, Global Configuration, or
Interface). You can also display a list of valid keywords for a specific command. For
example, the command âshow ?â displays a list of possible show commands:
AP# show ?
APmanagement
band-steering
bridge
config
event-log
filters
firmware-image
Show
Show
Show
Show
Show
Show
Show
management AP information.
Band Steering Status.
bridge.
current configuration.
event log on console.
filters.
firmware images version.
â 113 â
Chapter 10 | Using the Command Line Interface
Entering Commands
interface
line
link-integrity
lldp
logging
long-distance
rogue-ap
snmp
sntp
station
system
version
AP: show
Show interface information.
TTY line information.
Show Link Integrity information.
Show lldp parameters.
Show the logging buffers.
Show the outdoor parameter information.
Show Rogue AP information.
Show snmp configuration.
Show sntp configuration.
Show 802.11 station table.
Show system information.
Show system version.
The command âshow interface ?â will display the following information:
AP# show interface ?
ethernet Show Ethernet interface
wireless Show Wireless interface
AP# show interface
Negating the Effect of For many configuration commands you can enter the prefix keyword ânoâ to cancel
Commands the effect of a command or reset the configuration to the default value. For
example, the logging command will log system messages to a host server. To
disable logging, specify the no logging command. This guide describes the
negation effect for all applicable commands.
Using Command The CLI maintains a history of commands that have been entered. You can scroll
History back through the history of commands by pressing the up arrow key. Any
command displayed in the history list can be executed again, or first modified and
then executed.
Understanding The command set is divided into Exec and Configuration classes. Exec commands
Command Modes generally display information on system status or clear statistical counters.
Configuration commands, on the other hand, modify interface parameters or
enable certain functions. These classes are further divided into different modes.
Available commands depend on the selected mode. You can always enter a
question mark â?â at the prompt to display a list of the commands available for the
â 114 â
Chapter 10 | Using the Command Line Interface
Entering Commands
current mode. The command classes and associated modes are displayed in the
following table:
Table 3: Command Modes
Class
Mode
Exec
Privileged
Configuration
Global
Interface-ethernet
Interface-wireless
Interface-wireless-vap
Exec Commands
When you open a new console session on an access point, the system enters Exec
command mode. Only a limited number of the commands are available in this
mode. You can access all other commands only from the configuration mode. To
access Exec mode, open a new console session with the user name âadmin.â The
command prompt displays as âAP#â for Exec mode.
(none) login: admin
Password: [system login password]
AP#
Configuration Commands
Configuration commands are used to modify access point settings. These
commands modify the running configuration and are saved in memory.
The configuration commands are organized into four different modes:
â
Global Configuration (GC) - These commands modify the system level
configuration, and include commands such as system name and password.
â
Interface-Ethernet Configuration (IC-E) - These commands modify the Ethernet
port configuration, and include command such as dns and ip.
â
Interface-Wireless Configuration (IC-W) - These commands modify the wireless
port configuration of global parameters for the radio, and include commands
such as channel and beacon-interval.
â
Interface-Wireless Virtual Access Point Configuration (IC-W-VAP) - These
commands modify the wireless port configuration for each VAP, and include
commands such as ssid and encryption.
To enter the Global Configuration mode, enter the command configure in Exec
mode. The system prompt will change to âAP(config)#â which gives you access
privilege to all Global Configuration commands.
â 115 â
Chapter 10 | Using the Command Line Interface
Entering Commands
AP#configure
AP(config)#
To enter Interface mode, you must enter the âinterface ethernetâ while in Global
Configuration mode. The system prompt will change to âAP(if-ethernet)#,â or
âAP(if-wireless 0)â indicating that you have access privileges to the associated
commands. You can use the exit command to return to the Exec mode.
AP(config)#interface ethernet
AP(if-ethernet)#
Command Line Commands are not case sensitive. You can abbreviate commands and parameters
Processing as long as they contain enough letters to differentiate them from any other
currently available commands or parameters. You can use the Tab key to complete
partial commands, or enter a partial command followed by the â?â character to
display a list of possible matches.
â 116 â
11
General Commands
This chapter details general commands that apply to the CLI.
Table 4: General Commands
Command
Function
Mode
Page
configure
Activates global configuration mode
Exec
117
end
Returns to previous configuration mode
GC, IC
118
exit
Returns to the previous configuration mode, or exits the any
CLI
118
cli-session-timeout
Sets a timeout for CLI and Telnet sessions
Exec
118
ping
Sends ICMP echo request packets to another node on the Exec
network
119
reset
Restarts the system
Exec
120
show line
Shows the configuration settings for the console port
Exec
120
configure This command activates Global Configuration mode. You must enter this mode to
modify most of the settings on the access point. You must also enter Global
Configuration mode prior to enabling the context modes for Interface
Configuration. See âUsing the Command Line Interfaceâ on page 111.
Default Setting
None
Command Mode
Exec
Example
AP#configure
AP(config)#
Related Commands
end
â 117 â
Chapter 11 | General Commands
end This command returns to the previous configuration mode.
Default Setting
None
Command Mode
Global Configuration, Interface Configuration
Example
This example shows how to return to the Configuration mode from the Interface
Configuration mode:
AP(if-ethernet)#end
AP(config)#
exit This command returns to the Exec mode or exits the configuration program.
Default Setting
None
Command Mode
Any
Example
This example shows how to return to the Exec mode from the Interface
Configuration mode, and then quit the CLI session:
AP(if-ethernet)#exit
AP#exit
(none) login:
cli-session-timeout This command enables a timeout for console and Telnet sessions.
Syntax
cli-session-timeout 
enable - Enables the timeout.
disable - Disables the timeout.
value - Sets a time for the timeout (Range: 60~3600 seconds).
Default Setting
120 seconds
â 118 â
Chapter 11 | General Commands
Command Mode
Exec
Example
The following example disables the CLI timeout.
AP(config)# cli-session-timeout disable
AP(config)#
ping This command sends ICMP echo request packets to another node on the network.
Syntax
ping 
host_name - Alias of the host.
ip_address - IP address of the host.
Default Setting
None
Command Mode
Exec
Command Usage
â Use the ping command to see if another site on the network can be reached.
â
The following are some results of the ping command:
â 
Normal response - The normal response occurs in one to ten seconds,
depending on network traffic.
â 
Destination does not respond - If the host does not respond, a âtimeoutâ
appears in ten seconds.
â 
Destination unreachable - The gateway for this destination indicates that
the destination is unreachable.
â 
Network or host unreachable - The gateway found no corresponding entry
in the route table.
Example
AP#ping 192.168.1.19
192.168.1.19 is alive
AP#
â 119 â
Chapter 11 | General Commands
reset This command restarts the system or restores the factory default settings.
Syntax
reset 
board - Reboots the system.
configuration - Resets the configuration settings to the factory defaults,
and then reboots the system.
configuration-keep-ip - Resets the configuration settings to the factory
defaults except for the IP address, and then reboots the system.
Default Setting
None
Command Mode
Exec
Command Usage
When the system is restarted, it will always run the Power-On Self-Test.
Example
This example shows how to reset the system:
AP#reset board
Please wait a moment...
show line This command displays the console portâs configuration settings.
Command Mode
Exec
Example
The console port settings are fixed at the values shown below.
AP#show line
Console Line Information
======================================================
databits
: 8
parity
: none
speed
: 115200
stop bits : 1
======================================================
AP#
â 120 â
12
System Management
Commands
These commands are used to configure the password, system logs, browser
management options, clock settings, and a variety of other system information.
Table 5: System Management Commands
Command
Function
Mode
Page
country
Sets the access point country code
Exec
122
prompt
Customizes the command line prompt
GC
123
system name
Specifies the host name for the access point
GC
124
system-resource
Sets rising and falling CPU and memory thresholds
GC
124
password
Specifies the password for management access
GC
125
reboot-schedule
Restarts the AP after a specified time
GC
126
apmgmtui ssh enable
Enables the Secure Shell server
GC
127
apmgmtui ssh port
Sets the Secure Shell port
GC
127
ip telnet-server enable Enables the Telnet server
GC
128
apmgmtip
Specifies an IP address or range of addresses allowed
access to management interfaces
GC
131
apmgmtui telnetserver
Enables Telnet management access
GC
128
apmgmtui snmp
Enables SNMP management access
GC
131
apmgmtui http port
Specifies the port to be used by the web browser
interface
GC
128
apmgmtui http server Allows the access point to be monitored or configured
from a browser
GC
129
apmgmtui http
session-timeout
Sets the web interface timeout
GC
129
apmgmtui https port
Specifies the UDP port number used for a secure HTTP
connection to the access pointâs Web interface
GC
130
apmgmtui https
server
Enables the secure HTTP server on the access point
GC
130
max-bandwidthcontrol uplink
Enables uplink bandwidth control for the AP
GC
132
max-bandwidthcontrol downlink
Enables downlink bandwidth control for the AP
GC
133
GC
134
max-bandwidthImplements bandwidth control settings for the AP.
control make-effective
â 121 â
Chapter 12 | System Management Commands
Table 5: System Management Commands (Continued)
Command
Function
Mode
Page
show apmanagement Shows the AP management configuration
Exec
134
show maxbandwidth-control
Displays the bandwidth control settings for the AP
Exec
134
show system
Displays system information
Exec
135
show system resource Displays CPU and memory usage information
Exec
135
show version
Displays version information for the system
Exec
136
show config
Displays detailed configuration information for the
system
Exec
136
country This command configures the access pointâs country code, which identifies the
country of operation and sets the authorized radio channels.
Syntax
country 
country_code - A two character code that identifies the country of
operation. See the following table for a full list of codes.
Table 6: Country Codes
Country
Code
Country
Code
Country
Code
Country
Code
Albania
AL
Dominican
Republic
DO
Kuwait
KW
Romania
RO
Algeria
DZ
Ecuador
EC
Latvia
LV
Russia
RU
Argentina
AR
Egypt
EG
Lebanon
LB
Saudi Arabia
SA
Armenia
AM
Estonia
EE
Liechtenstein
LI
Singapore
SG
Australia
AU
Finland
FI
Lithuania
LT
Slovak
Republic
SK
Austria
AT
France
FR
Macao
MO
Spain
ES
Azerbaijan
AZ
Georgia
GE
Macedonia
MK
Sweden
SE
Bahrain
BH
Germany
DE
Malaysia
MY
Switzerland
CH
Belarus
BY
Greece
GR
Malta
MT
Syria
SY
Belgium
BE
Guatemala
GT
Mexico
MX
Taiwan
TW
Honduras
HN
Monaco
MC
Thailand
TH
Belize
BZ
Hong Kong
HK
Morocco
MA
Trinidad &
Tobago
TT
Bolivia
BO
Hungary
HU
Netherlands
NL
Tunisia
TN
Brazil
BR
Iceland
IS
New Zealand
NZ
Turkey
TR
â 122 â
Chapter 12 | System Management Commands
Table 6: Country Codes (Continued)
Country
Code
Country
Code
Country
Code
Country
Code
Brunei
Darussalam
BN
India
IN
Norway
NO
Ukraine
UA
Bulgaria
BG
Indonesia
ID
Qatar
QA
United Arab
Emirates
AE
Canada
CA
Iran
IR
Oman
OM
United
Kingdom
GB
Chile
CL
Ireland
IE
Pakistan
PK
United States
US
China
CN
Israel
IL
Panama
PA
Uruguay
UY
Colombia
CO
Italy
IT
Peru
PE
Uzbekistan
UZ
Costa Rica
CR
Japan
JP
Philippines
PH
Yemen
YE
Croatia
HR
Jordan
JO
Poland
PL
Venezuela
VE
Cyprus
CY
Kazakhstan
KZ
Portugal
PT
Vietnam
VN
Czech
Republic
CZ
North Korea
KP
Puerto Rico
PR
Zimbabwe
ZW
Denmark
DK
Korea
Republic
KR
Slovenia
SI
Elsalvador
SV
Luxembourg
LU
South Africa
ZA
Default Setting
US - for units sold in the United States
99 (no country set) - for units sold in other countries
Command Mode
Exec
Command Usage
â If you purchased an access point outside of the United States, the country code
must be set before radio functions are enabled.
â
The available Country Code settings can be displayed by using the country ?
command.
Example
AP#country tw
AP#
prompt This command customizes the CLI prompt. Use the no form to restore the default
prompt.
â 123 â
Chapter 12 | System Management Commands
Syntax
prompt 
no prompt
string - Any alphanumeric string to use for the CLI prompt.
(Maximum length: 32 characters)
Default Setting
EC
Command Mode
Global Configuration
Example
AP(config)#prompt RD2
RD2(config)#
system name This command specifies or modifies the system name for this device.
Syntax
system name 
name - The name of this host.
(Maximum length: 32 characters)
Default Setting
%VBM#BOE"1
Command Mode
Global Configuration
Example
AP(config)#system name AP
AP(config)#
system-resource This command sets CPU and memory rising and falling thresholds that monitor
system resources.
Syntax
system-resource threshold   
 
threshold - Keyword that sets CPU and memory threshold values.
â 124 â
Chapter 12 | System Management Commands
cpu-rising - The CPU utilization rising threshold as a percentage.
(Range: 1-100 percent, 0 is disabled)
cpu-falling - The CPU utilization falling threshold as a percentage.
(Range: 0 to less than the CPU rising threshold)
memory-rising - The memory utilization rising threshold in Kbytes.
(Range: 1-113076 Kbytes, 0 is disabled)
memory-falling - The memory utilization falling threshold in Kbytes.
(Range: 0 to less than the memory rising threshold)
interval - The utilization check interval in seconds.
(Range: 1 to 86400 seconds, 0 is disabled)
Default Setting
CPU Rising Threshold: 0 (disabled)
CPU Falling Threshold: 20 percent
Memory Rising Threshold: 0 (disabled)
Memory Falling Threshold: 16000 Kbytes
Threshold Interval: 0 (disabled)
Command Mode
Global Configuration
Command Usage
â When the CPU rising threshold is exceeded, a âCPU Busyâ SNMP trap message is
sent (only sent once). When the CPU utilization then drops below the falling
threshold, a âCPU Freeâ trap message is sent .
â
When the memory rising threshold is exceeded, a âMemory Overloadâ SNMP
trap message is sent (only sent once). When the memory utilization then drops
below the falling threshold, a âMemory Freeâ trap message is sent .
Example
AP(config)# system-resource threshold 80 20 100000 16000 20
AP(config)#
password After initially logging onto the system, you should set the access passwords.
Remember to record them in a safe place.
Syntax
password   
admin - The keyword for the administrator password.
guest - The keyword for the guest password
â 125 â
Chapter 12 | System Management Commands
old-password - The current password for management access. When there
is no password set, enter the string ânullâ.
(Length: 5-32 characters, case sensitive)
new-password - The new password for management access.
(Length: 5-32 characters, case sensitive)
Default Setting
None. There are no admin or guest passwords.
Command Mode
Global Configuration
Example
AP(config)#password admin null tpschris
AP(config)#
reboot-schedule This command restarts the system after a scheduled time.
Syntax
reboot-schedule {fixed-time  | countdown
 | disable}
fixed-time - Reboots after a specified time in days, hours, and minutes.
countdown - Reboots after a specified coundown time in minutes.
disable - Disables the reboot schedule.
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
When the system is restarted, it will always run the Power-On Self-Test.
Example
This example shows how to set a scheduled reboot time:
AP(config)# reboot-schedule fixed-time 1 2 3
AP(config)#
â 126 â
Chapter 12 | System Management Commands
apmgmgtui ssh This command enables the Secure Shell server. Use the no form to disable the
enable server.
Syntax
apmgmtui ssh enable
no apmgmtui ssh-server
Default Setting
Enabled
Command Mode
Global Configuration
Command Usage
â The access point supports Secure Shell version 2.0 only.
â
After boot up, the SSH server needs about two minutes to generate host
encryption keys. The SSH server is disabled while the keys are being generated.
The show system command displays the status of the SSH server.
Example
AP(config)# apmgmtui ssh enable
AP(config)#
apmgmtui ssh port This command sets the Secure Shell server port.
Syntax
apmgmtui ssh port 
port-number - The UDP port used by the SSH server.
(Range: 1-65535)
Default Setting
22
Command Mode
Global Configuration
Example
AP(config)# apmgmtui ssh port 1124
AP(config)#
â 127 â
Chapter 12 | System Management Commands
apmgmtui telnet- This command enables the Telnet server. Use the no form to disable the server.
server enable
Syntax
apmgmtui telnet-server enable
no apmgmtui telnet-server
Default Setting
Interface enabled
Command Mode
Global Configuration
Example
AP(config)# apmgmtui telnet-server enable
AP(config)#
apmgmtui http port This command specifies the TCP port number used by the web browser interface.
Use the no form to use the default port.
Syntax
apmgmtui http port 
no apmgmtui http port
port-number - The TCP port to be used by the browser interface. (Range: 80
or 1024-65535)
Default Setting
80
Command Mode
Global Configuration
Example
AP(config)# apmgmtui http port 769
AP(config)
Related Commands
apmgmtui http server
â 128 â
Chapter 12 | System Management Commands
apmgmtui http server This command allows this device to be monitored or configured from a web
browser. Use the no form to disable this function.
Syntax
[no] apmgmtui http server
Default Setting
Enabled
Command Mode
Global Configuration
Example
AP(config)# apmgmtui http server
AP(config)#
Related Commands
apmgmtui http port
apmgmtui http This command sets the web browser timeout limit.
session-timeout
Syntax
apmgmtui http session-timeout 
seconds - The web session timeout. (Range: 0-1800 seconds, 0 means
disabled)
Default Setting
1800 seconds
Command Mode
Global Configuration
Example
AP(config)# apmgmtui http session-timeout 0
AP(config)#
Related Commands
apmgmtui http server
â 129 â
Chapter 12 | System Management Commands
apmgmtui https port Use this command to specify the UDP port number used for HTTPS/SSL connection
to the access pointâs web interface. Use the no form to restore the default port.
Syntax
apmgmtui https port 
no apmgmtui https port
port_number â The UDP port used for HTTPS/SSL.
(Range: 443, 1024-65535)
Default Setting
443
Command Mode
Global Configuration
Command Usage
â You cannot configure the HTTP and HTTPS servers to use the same port.
â
To avoid using common reserved TCP port numbers below 1024, the
configurable range is restricted to 443 and between 1024 and 65535.
â
If you change the HTTPS port number, clients attempting to connect to the
HTTPS server must specify the port number in the URL, in this format: https://
device:port_number
Example
AP(config)# apmgmtui https port 1234
AP(config)#
apmgmtui https Use this command to enable the secure hypertext transfer protocol (HTTPS) over
server the Secure Socket Layer (SSL), providing secure access (that is, an encrypted
connection) to the access pointâs web interface. Use the no form to disable this
function.
Syntax
[no] apmgmtui https server
Default Setting
Enabled
Command Mode
Global Configuration
Command Usage
â Both HTTP and HTTPS service can be enabled independently.
â 130 â
Chapter 12 | System Management Commands
â
If you enable HTTPS, you must indicate this in the URL:
https://device:port_number]
â
When you start HTTPS, the connection is established in this way:
â 
The client authenticates the server using the serverâs digital certificate.
â 
The client and server negotiate a set of security protocols to use for the
connection.
â 
The client and server generate session keys for encrypting and decrypting
data.
â 
The client and server establish a secure encrypted connection.
A padlock icon should appear in the status bar for Internet Explorer.
Example
AP(config)# apmgmtui https server
AP(config)#
apmgmtui snmp This command enables and disables SNMP management access to the AP.
Syntax
apmgmtui snmp [enable | disable]
enable - Enables SNMP management access.
disable - Disables SNMP management access.
Default Setting
Enabled
Command Mode
Global Configuration
Example
AP(config)# apmgmtui snmp enable
AP(config)#
apmgmtip This command specifies the client IP addresses that are allowed management
access to the access point through various protocols.
Note: Secure Web (HTTPS) connections are not affected by the UI Management or
IP Management settings.
â 131 â
Chapter 12 | System Management Commands
Syntax
apmgmtip [multiple   | single  | any]
multiple - Adds IP addresses within a specifiable range to the SNMP, web
and Telnet groups.
single - Adds an IP address to the SNMP, web and Telnet groups.
any - Allows any IP address access through SNMP, web and Telnet groups.
ip-address - Adds IP addresses to the SNMP, web and Telnet groups.
subnet-mask - Specifies a range of IP addresses allowed management
access.
Default Setting
All addresses
Command Mode
Global Configuration
Command Usage
â If anyone tries to access a management interface on the access point from an
invalid address, the unit will reject the connection, enter an event message in
the system log, and send a trap message to the trap manager.
â
Management access applies to SNMP, HTTP (web), Telnet, and SSH connections.
Example
This example restricts management access to the specified addresses.
AP(config)#apmgmtip multiple 192.168.1.50 255.255.255.0
AP(config)#
max-bandwidth- This command enables the uplink bandwidth control for the AP.
control uplink
Syntax
max-bandwidth-control [no] uplink [rate ]
no - Disables the uplink bandwidth control setting.
rate - Sets the uplink rate in Kbytes per second. (Range: 100-12000 Kbps)
Default
Disabled
Rate: 12000 Kbps
â 132 â
Chapter 12 | System Management Commands
Command Mode
Global Configuration
Command Usage
This command enables the rate limiting of traffic from the AP as it is passed to the
wired network. You can set a maximum rate in Kbytes per second.
Example
AP(config)# max-bandwidth-control uplink
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(config)#
max-bandwidth- This command enables the downlink bandwidth control for the AP.
control downlink
Syntax
max-bandwidth-control [no] downlink [rate ]
no - Disables the downlink bandwidth control setting.
rate - Sets the downlink rate in Kbytes per second. (Range: 100-12000 Kbps)
Default
Disabled
Rate: 12000 Kbps
Command Mode
Global Configuration
Command Usage
This command enables the rate limiting of traffic from the wired network as it is
passed to the AP. You can set a maximum rate in kbytes per second
Example
AP(config)# max-bandwidth-control downlink
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(config)#
â 133 â
Chapter 12 | System Management Commands
max-bandwidth- This command implements the bandwidth control for the AP.
control make-effective
Syntax
max-bandwidth-control make-effective
Command Mode
Global Configuration
Example
AP(config)# max-bandwidth-control make effective
AP(config)#
show apmanagement This command shows the AP management configuration, including the IP
addresses of management stations allowed to access the AP, and the protocols that
are open to management access.
Command Mode
Exec
Example
AP#show apmanagement
=================================
AP Management IP Mode: static
Telnet UI: Enable
WEB UI
: Enable
SNMP UI : Enable
==================================
AP#
show max-bandwidth- This command displays the bandwidth control settings for the AP.
control
Command Mode
Global Configuration
Example
AP# show max-bandwidth-control
Uplink Status: Enable
Uplink Rate: 12000000
Downlink Status: Disable
Downlink Rate: 12000000
AP#
â 134 â
Chapter 12 | System Management Commands
show system This command displays basic system configuration settings.
Command Mode
Exec
Example
AP#show system
System Information
==============================================================
Serial Number
: AC25123456
System Up time
: 1 min
System Name
: %VBM#BOE"1
System Location
: where?
System Contact
: who?
System Country Code
: TW - Taiwan
MAC Address
: 70:72:CF:00:11:70
Radio 0 MAC Address
: 70:72:CF:00:11:70
Radio 1 MAC Address
: 70:72:CF:00:11:80
IP Address
: 192.168.2.10
Subnet Mask
: 255.255.255.0
Default Gateway
: 192.168.2.254
Management IP
: 192.168.1.10
Management Subnet
: 255.255.255.0
IPv6 Address
: 2001:db8::1
IPv6 Subnet Mask
: 64
IPv6 Gateway
: 2001:db8::2
VLAN Status
: Disable
Management VLAN ID(AP): 4093
Native VLAN ID(AP)
: 1
DHCP Client
: static
HTTP Access
: Enable
HTTP Port
: 80
HTTP Timeout
: 1800
HTTPs Access
: Enable
HTTPs Port
: 443
SSH Access
: Enable
SSH Port
: 22
Telnet Access
: Enable
Telnet Port
: 23
Slot Status
: Dual band(a/g)
Boot Rom Version
: U-Boot 1.1.4 r1.7
Software Version
: 1.0.0.0
Hardware Version
: R01
Part Number
Production Date
: 2012/06/01
User Name
: admin
Reboot scheduling
: disable
==============================================================
AP#
show system resource This command displays CPU and memory usage information for the system.
Command Mode
Exec
â 135 â
Chapter 12 | System Management Commands
Example
AP#show system resource
=============== CPU =========================================
user (%)
0.00
nice (%)
0.00
system (%)
7.92
iowait (%)
0.00
idle (%)
92.08
=============== Memory ======================================
free (kb)
95820
used (kb)
17256
used (%)
15.26
cached (kb)
4900
=============================================================
AP#
show version This command displays the software version for the system.
Command Mode
Exec
Example
AP#show version
Boot Rom Version
Software Version
Hardware Version
AP#
: r1.5_v0.8.0.3
: 1.0.0.9
: R01
show config This command displays detailed configuration information for the system.
Command Mode
Exec
Example
AP#show config
System Information
==============================================================
Serial Number
: AC25123456
System Up time
: 1 min
System Name
: %VBM#BOE"1
: where?
System Location
System Contact
: who?
System Country Code
: TW - Taiwan
MAC Address
: 70:72:CF:00:11:70
Radio 0 MAC Address
: 70:72:CF:00:11:70
Radio 1 MAC Address
: 70:72:CF:00:11:80
IP Address
: 192.168.2.10
Subnet Mask
: 255.255.255.0
Default Gateway
: 192.168.2.254
Management IP
: 192.168.1.10
â 136 â
Chapter 12 | System Management Commands
Management Subnet
IPv6 Address
IPv6 Subnet Mask
IPv6 Gateway
VLAN Status
Management VLAN ID(AP):
Native VLAN ID(AP)
DHCP Client
HTTP Access
HTTP Port
HTTP Timeout
HTTPs Access
HTTPs Port
SSH Access
SSH Port
Telnet Access
Telnet Port
Slot Status
Boot Rom Version
Software Version
Hardware Version
Part Number
Production Date
User Name
Reboot scheduling
255.255.255.0
2001:db8::1
64
2001:db8::2
Disable
4093
static
Enable
80
1800
Enable
443
Enable
22
Enable
23
Dual band(a/g)
r1.5_v0.8.0.3
1.0.0.9
R01
2012/06/01
admin
disable
==============================================================
SVP Information
==============================================================
SVP:
Enabled
==============================================================
SNTP Information
===========================================================
Service State
: ENABLED
SNTP (server 1) IP
: 129.6.15.28
SNTP (server 2) IP
: 132.163.4.101
Current Time
: Thu Jan 1 08:07:56 CST 1970
Time Zone
: (GMT+08) Taiwan : Taipei
Daylight Saving
: DISABLED
Daylight Saving Time : From MAR, Fourth Week, Wednesday To NOV, Last Week,
Sunday
===========================================================
SNMP Information
==============================================
Service State
: Enable
Community (ro)
: *******
Community (rw)
: ********
Location
: where?
Contact
: who?
==============================================
Trap Destination List:
==============================================
There is no SNMP Trap Host.
==============================================
Trap Configuration:
==========================================================================
systemUp: Disabled
systemDown: Disabled
==========================================================================
â 137 â
Chapter 12 | System Management Commands
View List:
==================================
There is no view.
==================================
Group List:
==================================
There is no group.
==================================
User List:
==================================
There is no SNMPv3 User.
==================================
Target List:
==================================
There is no SNMP target.
==================================
Filter List:
==================================
There is no notification filter.
==================================
Bridge STP Information
==================================
Bridge MAC
: 70:72:CF:00:11:70
Status
: Disabled
priority
: 32768
Hello Time
: 2 seconds
Maximum Age
: 20 seconds
Forward Delay
: 15 seconds
==================================
Bridge Aging Time Information
==============================================================
Aging time: 20
==============================================================
Logging Information
=====================================================
Syslog State
: DISABLE
Logging Console State
: DISABLE
Logging Level
: Debug
Servers
1: 10.7.16.98, UDP Port: 514, State: DISABLE
2: 10.7.13.48, UDP Port: 514, State: DISABLE
3: 10.7.123.123, UDP Port: 514, State: DISABLE
4: 10.7.13.77, UDP Port: 514, State: DISABLE
=====================================================
Protocol Filter Information
=======================================================================
Local Bridge
:DISABLED
access-limitation
:DISABLED
dhcp
:DISABLED
EtherType Filter
:DISABLED
Enabled EtherType Filters
----------------------------------------------------------------------=======================================================================
ACL Information
â 138 â
Chapter 12 | System Management Commands
==========================================
Source Filter :DISABLED
Source MAC
==========================================
ACL Information
==========================================
Destination Filter :DISABLED
Destination MAC
==========================================
Console Line Information
===========================================================
databits
: 8
parity
: none
speed
: 115200
stop bits : 1
===========================================================
Ethernet Interface Information
========================================
IP Address
: 192.168.2.10
Subnet Mask
: 255.255.255.0
Default Gateway
: 192.168.2.254
Primary DNS
Secondary DNS
IPv6 Address
: 2001:db8::1
IPv6 Subnet Mask
: 64
IPv6 Gateway
: 2001:db8::2
IPv6 Primary DNS
IPv6 Secondary DNS :
Admin status
: Up
Operational status : Up
========================================
-------------------------------Basic Setting------------------------------SSID
: %VBM#BOE_11BGN_0
: 11ng
Wireless Network Mode
Auto Channel Select
: DISABLE
Channel
: 6
High Throughput Mode
: HT20
Allowed Rates
1,2,5.5,6,9,11,12,18,24,36,48,54,MCS0,MCS1,MCS2,MCS3,MCS4,MCS5,MCS6,MCS7,MC
S8,MCS9,MCS10,MCS11,MCS12,MCS13,MCS14,MCS15
Status
: ENABLE
MAC Address
: 70:72:CF:00:11:70
VLAN-ID
: 1
Dhcp-Relay Server Ip
: 0.0.0.0
---------------------------------Capacity---------------------------------Maximum Association Client Per Vap
: 16 Clients
Maximum Association Client Per Radio
: 127 Clients
-----------------------------802.11 Parameters----------------------------Transmit Power
: 100%(Tx dBm)
Preamble Length
: Short-or-Long
Fragmentation Threshold
: 2346
RTS Threshold
: 2346
Beacon Interval
: 100
Authentication Timeout Interval
: 3 Mins
Association Timeout Interval
: 5 Mins
DTIM Interval
: 1
Short Guard Interval Status
: Disabled
A-MPDU Status
: Enabled
A-MPDU Length Limit
: 65535 Bytes
â 139 â
Chapter 12 | System Management Commands
A-MSDU Status
Disable HT20/H40 coexistence
: Enabled
: n
---------------------------------Security----------------------------------
Closed System
: DISABLE
WPA Function
: OPEN-SYSTEM, WPA FUNCTION DISABLE
WPA PSK Key Type
: ascii
WPA PSK Key
: ********
Default Transmit Key
: 1
Static WEP Keys
Key 1
: *****
Key 2
: *****
Key 3
: *****
Key 4
: *****
Pre-Authentication
: DISABLE
----------------------------------802.1x----------------------------------802.1x
: DISABLE
802.1x Reauthentication Time Value
: 3600 seconds
--------------------Bandwidth Control for Uplink/Downlink-----------------Bandwidth Control for Uplink
: DISABLE
Bandwidth Control for Uplink rate
: 100 Kbyte/s
Bandwidth Control for Downlink
: DISABLE
Bandwidth Control for Downlink rate
: 100 Kbyte/s
-------------------------------Qos Mapping------------------------------Qos Mapping for vap to 802.1p
: DISABLE
User Priority for vap to 802.1p
: 0
Qos Mapping for 802.1d to 802.1p
: DISABLE
Template Name for 802.1d to 802.1p
: default_up_mapping_1
Template Priority for 802.1d to 802.1p : 01234567
Qos Mapping for 802.1d to DSCP
: DISABLE
Template Name for 802.1d to DSCP
: default_up_mapping_1
Template Priority for 802.1d to DSCP
: 01234567
-----------------------------Quality of Service---------------------------WMM Mode
: ENABLED
WMM Acknowledge Policy
AC0(BE)
AC1(BK)
AC2(VI)
AC3(VO)
WMM AP Parameters:
AC0(BE) CwMin:
4 CwMax:
AC1(BK) CwMin:
4 CwMax:
AC2(VI) CwMin:
3 CwMax:
AC3(VO) CwMin:
2 CwMax:
WMM BSS Parameters:
AC0(BE) CwMin:
4 CwMax:
AC1(BK) CwMin:
4 CwMax:
AC2(VI) CwMin:
3 CwMax:
AC3(VO) CwMin:
2 CwMax:
Acknowledge
Acknowledge
Acknowledge
Acknowledge
10
AIFSN:
AIFSN:
AIFSN:
AIFSN:
TXOP
TXOP
TXOP
TXOP
Limit:
Limit:
Limit:3008
Limit:1504
10
10
AIFSN:
AIFSN:
AIFSN:
AIFSN:
TXOP
TXOP
TXOP
TXOP
Limit:
Limit:
Limit:3008
Limit:1504
ACM:Disabled
ACM:Disabled
ACM:Disabled
ACM:Disabled
-------------------------------Basic Setting------------------------------SSID
: %VBM#BOE_11NA_0
Wireless Network Mode
: 11na
Auto Channel Select
: DISABLE
Channel
: 56
High Throughput Mode
: HT20
â 140 â
Chapter 12 | System Management Commands
Allowed Rates
1,2,5.5,6,9,11,12,18,24,36,48,54,MCS0,MCS1,MCS2,MCS3,MCS4,MCS5,MCS6,MCS7,MC
S8,MCS9,MCS10,MCS11,MCS12,MCS13,MCS14,MCS15
Status
: ENABLE
MAC Address
: 70:72:CF:00:11:80
VLAN-ID
: 1
Dhcp-Relay Server Ip
: 0.0.0.0
---------------------------------Capacity---------------------------------Maximum Association Client Per Vap
: 16 Clients
Maximum Association Client Per Radio
: 127 Clients
-----------------------------802.11 Parameters----------------------------Transmit Power
: 100%(Tx dBm)
Fragmentation Threshold
: 2346
RTS Threshold
: 2346
Beacon Interval
: 100
Authentication Timeout Interval
: 3 Mins
Association Timeout Interval
: 5 Mins
DTIM Interval
: 1
Short Guard Interval Status
: Disabled
A-MPDU Status
: Enabled
A-MPDU Length Limit
: 65535 Bytes
A-MSDU Status
: Enabled
Disable HT20/H40 coexistence
: n
---------------------------------Security---------------------------------Closed System
: DISABLE
WPA Function
: OPEN-SYSTEM, WPA FUNCTION DISABLE
WPA PSK Key Type
: ascii
WPA PSK Key
: ********
Default Transmit Key
: 1
Static WEP Keys
Key 1
: *****
Key 2
: *****
Key 3
: *****
Key 4
: *****
Pre-Authentication
: DISABLE
----------------------------------802.1x----------------------------------802.1x
: DISABLE
802.1x Reauthentication Time Value
: 3600 seconds
-------------------Bandwidth Control for Uplink/Downlink------------------Bandwidth Control for Uplink
: DISABLE
Bandwidth Control for Uplink rate
: 100 Kbyte/s
Bandwidth Control for Downlink
: DISABLE
Bandwidth Control for Downlink rate
: 100 Kbyte/s
-------------------------------Qos Mapping------------------------------Qos Mapping for vap to 802.1p
: DISABLE
User Priority for vap to 802.1p
: 0
Qos Mapping for 802.1d to 802.1p
: DISABLE
Template Name for 802.1d to 802.1p
: default_up_mapping_1
Template Priority for 802.1d to 802.1p : 01234567
Qos Mapping for 802.1d to DSCP
: DISABLE
Template Name for 802.1d to DSCP
: default_up_mapping_1
Template Priority for 802.1d to DSCP
: 01234567
-----------------------------Quality of Service---------------------------WMM Mode
: ENABLED
WMM Acknowledge Policy
AC0(BE)
â 141 â
: Acknowledge
Chapter 12 | System Management Commands
AC1(BK)
AC2(VI)
AC3(VO)
WMM AP Parameters:
AC0(BE) CwMin:
AC1(BK) CwMin:
AC2(VI) CwMin:
AC3(VO) CwMin:
WMM BSS Parameters:
AC0(BE) CwMin:
AC1(BK) CwMin:
AC2(VI) CwMin:
AC3(VO) CwMin:
: Acknowledge
: Acknowledge
: Acknowledge
CwMax:
CwMax:
CwMax:
CwMax:
10
AIFSN:
AIFSN:
AIFSN:
AIFSN:
TXOP
TXOP
TXOP
TXOP
Limit:
Limit:
Limit:3008
Limit:1504
CwMax:
CwMax:
CwMax:
CwMax:
10
10
AIFSN:
AIFSN:
AIFSN:
AIFSN:
TXOP
TXOP
TXOP
TXOP
Limit:
Limit:
Limit:3008
Limit:1504
ACM:Disabled
ACM:Disabled
ACM:Disabled
ACM:Disabled
LLDP Information
===================================================================
Status
:Disabled
Message Transmission Hold Time
:4
Message Transmission Interval (seconds) :30
Reinitial Delay Time (seconds)
:2
Transmission Delay Value (seconds)
:2
===================================================================
Radius Accounting Information
==============================================
Status
: DISABLED
IP
: 10.7.16.96
Shared Secret
: ********
Port
: 1813
timeout-interim : 300
==============================================
Radius Primary Server Information
==============================================
Status : ENABLED
IP
: 10.7.16.96
Port
: 1812
Shared Secret : ********
==============================================
Radius Secondary Server Information
==============================================
Status : ENABLED
IP
: 10.7.16.96
Port
: 1812
Shared Secret : ***
==============================================
AP#
â 142 â
13
System Logging Commands
These commands are used to configure system logging on the access point.
Table 7: System Management Commands
Command
Function
Mode
Page
logging on
Controls logging of error messages
GC
143
logging host
Adds a syslog server host IP address that will receive
logging messages
GC
144
logging console
Initiates logging of error messages to the console
GC
144
logging level
Defines the minimum severity level for event logging
GC
145
logging clear
Clears all log entries in access point memory
GC
145
show logging
Displays the state of logging
Exec
146
show event-log
Displays all log entries in access point memory
Exec
146
logging on This command controls logging of error messages; i.e., sending debug or error
messages to memory. The no form disables the logging process.
Syntax
[no] logging on
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
The logging process controls error messages saved to memory. You can use the
logging level command to control the type of error messages that are stored in
memory.
Example
AP(config)#logging on
AP(config)#
â 143 â
Chapter 13 | System Logging Commands
logging host This command specifies syslog servers host that will receive logging messages. Use
the no form to remove syslog server host.
Syntax
logging host <1 | 2 | 3 | 4>  [udp_port]
no logging host <1 | 2 | 3 | 4>
1 - First syslog server.
2 - Second syslog server.
3 - Third syslog server.
4 - Fourth syslog server.
host_name - The name of a syslog server. (Range: 1-20 characters)
host_ip_address - The IP address of a syslog server.
udp_port - The UDP port used by the syslog server.
Default Setting
None
Command Mode
Global Configuration
Example
AP(config)#logging host 1 10.1.0.3
AP(config)#
logging console This command initiates logging of error messages to the console. Use the no form
to disable logging to the console.
Syntax
[no] logging console
Default Setting
Disabled
Command Mode
Global Configuration
Example
AP(config)#logging console
AP(config)#
â 144 â
Chapter 13 | System Logging Commands
logging level This command sets the minimum severity level for event logging.
Syntax
logging level 
Default Setting
Informational
Command Mode
Global Configuration
Command Usage
Messages sent include the selected level down to Emergency level.
Table 8: Logging Levels
Level Argument
Description
Emergency
System unusable
Alert
Immediate action needed
Critical
Critical conditions (e.g., memory allocation, or free memory error resource exhausted)
Error
Error conditions (e.g., invalid input, default used)
Warning
Warning conditions (e.g., return false, unexpected return)
Notice
Normal but significant condition, such as cold start
Informational
Informational messages only
Debug
Debugging messages
Example
AP(config)#logging level alert
AP(config)#
logging clear This command clears all log messages stored in the access pointâs memory.
Syntax
logging clear
Command Mode
Global Configuration
â 145 â
Chapter 13 | System Logging Commands
Example
AP(config)#logging clear
AP(config)#
show logging This command displays the logging configuration.
Syntax
show logging
Command Mode
Exec
Example
AP#show logging
Logging Information
=====================================================
Syslog State
: ENABLE
Logging Console State
: DISABLE
Logging Level
: Debug
Servers
1: 10.7.16.98, UDP Port: 514, State: DISABLE
2: 10.7.13.48, UDP Port: 514, State: DISABLE
3: 10.7.123.123, UDP Port: 65535, State: DISABLE
4: 10.7.13.77, UDP Port: 5432, State: DISABLE
=====================================================
AP#
show event-log This command displays log messages stored in the access pointâs memory.
Syntax
show event-log
Command Mode
Exec
Example
AP#show event-log
Jan 1 05:45:50 (none) <6>user.info kernel: ar5416Reset Setting CFG 0x10a
Jan 1 05:45:50 (none) <6>user.info kernel: Howl Revision ID 0xb9
Jan 1 05:45:50 (none) <6>user.info kernel: ar5416Reset Setting CFG 0x10a
Jan 1 05:45:50 (none) <6>user.info kernel: Howl Revision ID 0xb9
Jan 1 05:45:50 (none) <6>user.info kernel: MBSSID Set bit 22 of AR_STA_ID
0xb8c1817b
Jan 1 05:45:50 (none) <6>user.info kernel: Force rf_pwd_icsyndiv to 2 on 2462
(1 0)
â 146 â
Chapter 13 | System Logging Commands
AP#
â 147 â
14
System Clock Commands
These commands are used to configure SNTP and system clock settings on the
access point.
Table 9: System Clock Commands
Command
Function
Mode
Page
sntp-server ip
Specifies one or more time servers
GC
148
sntp-server enabled
Accepts time from the specified time servers
GC
149
sntp-server date-time
Manually sets the system date and time
GC
149
sntp-server daylight-saving
Sets the start and end dates for daylight savings
time
GC
150
sntp-server timezone
Sets the time zone for the access pointâs internal
clock
GC
151
show sntp
Shows current SNTP configuration settings
Exec
151
sntp-server ip This command sets the IP address of the servers to which SNTP time requests are
issued. Use the this command with no arguments to clear all time servers from the
current list.
Syntax
sntp-server ip <1 | 2> 
1 - First time server.
2 - Second time server.
ip - IP address of an time server (NTP or SNTP).
Default Setting
129.6.15.28
132.163.4.101
Command Mode
Global Configuration
Command Usage
When SNTP client mode is enabled using the sntp-server enabled command, the
sntp-server ip command specifies the time servers from which the access point
polls for time updates. The access point will poll the time servers in the order
specified until a response is received.
â 148 â
Chapter 14 | System Clock Commands
Example
AP(config)#sntp-server ip 1 10.1.0.19
AP#
Related Commands
sntp-server enabled
show sntp
sntp-server enabled This command enables SNTP client requests for time synchronization with NTP or
SNTP time servers specified by the sntp-server ip command. Use the no form to
disable SNTP client requests.
Syntax
[no] sntp-server enabled
Default Setting
Enabled
Command Mode
Global Configuration
Command Usage
The time acquired from time servers is used to record accurate dates and times for
log events. Without SNTP, the access point only records the time starting from the
factory default set at the last bootup (i.e., 00:14:00, January 1, 1970).
Example
AP(config)#sntp-server enabled
AP(config)#
Related Commands
sntp-server ip
show sntp
sntp-server date-time This command sets the system clock.
Syntax
sntp-server     
year - Sets the year. (Range: 1970-2100)
month - Sets the month. (Range: 1-12)
day - Sets the day. (Range: 1-31)
â 149 â
Chapter 14 | System Clock Commands
hour - Sets the hour. (Range: 0-23)
minute - Sets the minute. (Range: 0-59)
Default Setting
00:14:00, January 1, 1970
Command Mode
Global Configuration
Example
This example sets the system clock to 12:10 April 27, 2009.
AP(config)# sntp-server date-time 2009 4 27 12 10
AP(config)#
Related Commands
sntp-server enabled
sntp-server daylight- This command sets the start and end dates for daylight savings time. Use the no
saving form to disable daylight savings time.
Syntax
sntp-server daylight-saving [date-week      ]
no sntp-server daylight-saving
date-week - The key word to set the date on which to start and end the
daylight-saving time.
start-month - Sets the start month. (Range: 1-12)
start-week - Sets the start week. (Range: 1-5)
start-day - Sets the start day. (Range: 0-6, where 0 is Sunday)
end-month - Sets the end month. (Range: 1-12)
end-week - Sets the end week. (Range: 1-5)
end-day - Sets the end day. (Range: 0-6, where 0 is Sunday)
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
â The command sets the system clock back one hour during the specified period.
â 150 â
Chapter 14 | System Clock Commands
â
Using the command without setting the start and end date enables the
daylight-saving feature.
Example
This sets daylight savings time to be used from the Sunday in the fourth week of
April, to the Sunday in the fourth week of October.
AP(config)# sntp-server daylight-saving date-week 4 4 0 10 4 0
AP(config)#
sntp-server timezone This command sets the time zone for the access pointâs internal clock.
Syntax
sntp-server timezone 
hours - Number of hours before/after UTC.
(Range: -12 to +12 hours)
Default Setting
+08 hours (Hong Kong, Perth, Singapore, Taipei)
Command Mode
Global Configuration
Command Usage
This command sets the local time zone relative to the Coordinated Universal Time
(UTC, formerly Greenwich Mean Time or GMT), based on the earthâs prime meridian,
zero degrees longitude. To display a time corresponding to your local time, you
must indicate the number of hours and minutes your time zone is east (before) or
west (after) of UTC.
Example
AP(config)#sntp-server timezone +8
AP(config)#
show sntp This command displays the current time and configuration settings for the SNTP
client.
Command Mode
Exec
Example
AP#show sntp
â 151 â
Chapter 14 | System Clock Commands
SNTP Information
===========================================================
Service State
: ENABLED
SNTP (server 1) IP
: 129.6.15.28
SNTP (server 2) IP
: 132.163.4.101
Current Time
: Mon Apr 27 13:39:23 UTC 2009
Time Zone
: (GMT+08) Hong Kong, Perth, Singapore, Taipei
Daylight Saving
: DISABLED
Daylight Saving Time : From MAR, Fourth Week, Wednesday To NOV, Last Week,
Sunday
===========================================================
AP#
â 152 â
15
DHCP Relay Commands
Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP
address and other configuration information to network clients that broadcast a
request. To receive the broadcast request, the DHCP server would normally have to
be on the same subnet as the client. However, when the access pointâs DHCP relay
agent is enabled, received client requests can be forwarded directly by the access
point to a known DHCP server on another subnet. Responses from the DHCP server
are returned to the access point, which then broadcasts them back to clients.
Table 10: DHCP Relay Commands
Command
Function
Mode
Page
dhcp-relay server
Sets the DHCP server address and enables the DHCP
relay agent
IC-WVAP
153
dhcp-relay server This command configures the DHCP server address and enables the DHCP relay
agent.
Syntax
dhcp-relay server 
ip_address - IP address of the DHCP server.
Default Setting
0.0.0.0 (disabled)
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â For the DHCP relay agent to function, the DHCP server IP address must be
configured. The default IP address â0.0.0.0â disables the DHCP relay agent.
â
To view the DHCP relay status, use the show interface wireless command.
Example
AP(if-wireless 0: VAP[0])# dhcp-relay server 192.168.1.10
AP(if-wireless 0: VAP[0])#
â 153 â
Chapter 15 | DHCP Relay Commands
Related Commands
show interface wireless
â 154 â
16
SNMP Commands
Controls access to this access point from management stations using the Simple
Network Management Protocol (SNMP), as well as the hosts that will receive trap
messages.
Table 11: SNMP Commands
Command
Function
Mode
Page
snmp-server community
Sets up the community access string to permit
access to SNMP commands
GC
156
snmp-server contact
Sets the system contact string
GC
156
snmp-server location
Sets the system location string
GC
157
snmp-server enable server
Enables SNMP service and traps
GC
157
snmp-server host
Specifies the recipient of an SNMP notification
operation
GC
158
snmp-server trap
Enables specific SNMP notifications
GC
159
snmp-server vacm view
Configures the VACM view
GC
159
snmp-server vacm group
Configures the VACM group
GC
160
snmp-server user
Sets the name of the SNMP v3 user
GC
161
snmp-server target
Configures SNMP v3 notification targets
GC
162
snmp-server filter
Configures SNMP v3 notification filters
GC
163
show snmp vacm group
Displays the VACM group
Exec
167
show snmp vacm view
Displays VACM views
Exec
166
show snmp users
Displays SNMP v3 user settings
Exec
164
show snmp target
Displays the SNMP v3 notification targets
Exec
164
show snmp filter
Displays the SNMP v3 notification filters
Exec
165
show snmp
Displays the status of SNMP communications
Exec
165
â 155 â
Chapter 16 | SNMP Commands
snmp-server This command defines the community access string for the Simple Network
community Management Protocol. Use the no form to remove the specified community string.
Syntax
snmp-server community string [ro | rw]
no snmp-server community string
string - Community string that acts like a password and permits access to
the SNMP protocol. (Maximum length: 23 characters, case sensitive)
ro - Specifies read-only access. Authorized management stations are only
able to retrieve MIB objects.
rw - Specifies read/write access. Authorized management stations are able
to both retrieve and modify MIB objects.
Default Setting
â public - Read-only access. Authorized management stations are only able to
retrieve MIB objects.
â
private - Read/write access. Authorized management stations are able to both
retrieve and modify MIB objects.
Command Mode
Global Configuration
Command Usage
If you enter a community string without the ro or rw option, the default is read
only.
Example
AP(config)#snmp-server community alpha rw
AP(config)#
snmp-server contact This command sets the system contact string. Use the no form to remove the
system contact information.
Syntax
snmp-server contact string
no snmp-server contact
string - String that describes the system contact. (Maximum length: 255
characters)
Default Setting
None
â 156 â
Chapter 16 | SNMP Commands
Command Mode
Global Configuration
Example
AP(config)#snmp-server contact Paul
AP(config)#
Related Commands
snmp-server location
snmp-server location This command sets the system location string. Use the no form to remove the
location string.
Syntax
snmp-server location 
no snmp-server location
text - String that describes the system location.
(Maximum length: 255 characters)
Default Setting
None
Command Mode
Global Configuration
Example
AP(config)#snmp-server location WC-19
AP(config)#
Related Commands
snmp-server contact
snmp-server enable This command enables SNMP management access and also enables this device to
server send SNMP traps (i.e., notifications). Use the no form to disable SNMP service and
trap messages.
Syntax
[no] snmp-server enable server
Default Setting
Enabled
â 157 â
Chapter 16 | SNMP Commands
Command Mode
Global Configuration
Command Usage
â This command enables both authentication failure notifications and link-updown notifications.
â
The snmp-server host command specifies the host device that will receive
SNMP notifications.
Example
AP(config)#snmp-server enable server
AP(config)#
Related Commands
snmp-server host
snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to
remove the specified host.
Syntax
snmp-server host  
no snmp-server host
host_ip_address - IP of the host (the targeted recipient).
community-string - Password-like community string sent with the
notification operation. (Maximum length: 23 characters)
Default Setting
None
Command Mode
Global Configuration
Command Usage
â The snmp-server host command is used in conjunction with the snmp-server
enable server command to enable SNMP notifications. You can configure up
to four host IP addresses. A separate snmp-server host command must be
entered for each host.
â
Although you can set the community string using the snmp-server host
command by itself, it is recommended that you define this string using the
snmp-server community command prior to using the snmp-server host
command.
â 158 â
Chapter 16 | SNMP Commands
Example
AP(config)#snmp-server host 1 10.1.19.23 batman
AP(config)#
Related Commands
snmp-server enable server
snmp-server trap This command enables the access point to send specific SNMP traps
(i.e., notifications). Use the no form to disable specific trap messages.
Syntax
snmp-server trap 
no snmp-server trap 
trap - One of the following SNMP trap messages:
sysSystemDown - The access point is about to shutdown and reboot.
sysSystemUp - The access point is up and running.
Default Setting
All traps enabled
Command Mode
Global Configuration
Command Usage
This command is used in conjunction with the snmp-server host and snmpserver enable server commands to enable SNMP notifications.
Example
AP(config)#no snmp-server trap syssystemup
AP(config)#
snmp-server vacm This command configures SNMP v3 views. Use the no form to delete an SNMP v3
view view or remove a subtree from a filter.
Syntax
snmp-server vacm view  [included | excluded]  [mask
]
no snmp-server vacm view  [included | excluded] 
name - A user-defined name that identifies an SNMP v3 view. (Maximum
length: 32 characters)
â 159 â
Chapter 16 | SNMP Commands
include - Defines a filter type that includes objects in the MIB subtree.
exclude - Defines a filter type that excludes objects in the MIB subtree.
subtree - The part of the MIB subtree that is to be filtered.
mask - An optional hexadecimal value bit mask to define objects in the MIB
subtree.
Default Setting
None
Command Mode
Global Configuration
Command Usage
The access point allows multiple notification filters to be created. Each filter can
be defined by up to 20 MIB subtree ID entries.
â
â
Use the command more than once with the same filter ID to build a filter that
includes or excludes multiple MIB objects. Note that the filter entries are
applied in the sequence that they are defined.
â
The MIB subtree must be defined in the form â.1.3.6.1â and always start with a â.â.
â
The mask is a hexadecimal value with each bit masking the corresponding ID in
the MIB subtree. A â1â in the mask indicates an exact match and a â0â indicates a
âwild card.â For example, a mask value of 0xFFBF provides a bit mask â1111 1111
1011 1111.â If applied to the subtree 1.3.6.1.2.1.2.2.1.1.23, the zero corresponds
to the 10th subtree ID. When there are more subtree IDs than bits in the mask,
the mask is padded with ones.
Example
AP(config)#snmp-server vacm view testview include .1
AP(config)#snmp-server vacm view testview exclude .1.3.6.1.2.1.2.2.1.1.23
snmp-server vacm This command configures SNMP v3 groups. Use the no form to delete an SNMP v3
group group.
Syntax
snmp-server vacm group  {security-level } 

no snmp-server vacm group 
name - A user-defined name that identifies an SNMP v3 group. (Maximum
length: 32 characters)
â 160 â
Chapter 16 | SNMP Commands
level - The SNMPv3 security level of the group. One of the following:
NoAuthNoPriv - A group using no authentication and no data
encryption. Users in this group use no security, either authentication or
encryption, in SNMP messages they send to the agent.
AuthNoPriv - A group using authentication, but no data encryption.
Users in this group send SNMP messages that use an MD5 key/
password for authentication, but not a DES key/password for
encryption.
AuthPriv - A group using authentication and data encryption. Users in
this group send SNMP messages that use an MD5 key/password for
authentication and a DES key/password for encryption.
read-view - The name of a defined SNMPv3 view for read access.
write-view - The name of a defined SNMPv3 view for write access.
Default Setting
None
Command Mode
Global Configuration
Command Usage
â The access point allows multiple groups to be created.
â
A group sets the access policy for the assigned users.
â
When authentication is selected, the MD5 algorithm is used as specified in the
snmp-server user command.
â
When privacy is selected, the DES algorithm is used for data encryption.
Example
AP(config)#snmp-server vacm group testgroup security-level authpriv rdview
wrview
AP(config)#
snmp-server user This command configures the SNMP v3 users that are allowed to manage the
access point. Use the no form to delete an SNMP v3 user.
Syntax
snmp-server user   {none | md5 } {none | des }
no snmp-server user  
â 161 â
Chapter 16 | SNMP Commands
username - Name of the user connecting to the SNMP agent. (Range: 1-32
characters)
groupname - Name of an SNMP group to which the user is assigned. (Range:
1-32 characters)
none | md5 - Uses no authentication or MD5 authentication.
auth-passphrase - Authentication password. Enter a minimum of eight
characters for the user. (8 â 32 characters)
none | des - Uses SNMPv3 with no privacy, or with DES56 encryption.
priv-passphrase - Privacy password. Enter a minimum of eight characters for
the user. (8 â 32 characters)
Default Setting
None
Command Mode
Global Configuration
Command Usage
â Multiple SNMPv3 users can be configured on the access point.
â
Users must be assigned to groups that have the same security levels. If a user
who has âAuthPrivâ security (uses authentication and encryption) is assigned to
a NoAuthNoPriv group, the user will not be able to access the database. An
AuthPriv user must be assigned to the group with the AuthPriv security level.
Example
AP(config)#snmp-server user chris grname md5 passw1 des passw2
AP(config)#
snmp-server target This command configures SNMP v3 notification targets. Use the no form to delete
an SNMP v3 target.
Syntax
snmp-server target    
[notification-filter-id]
no snmp-server target 
target-id - A user-defined name that identifies a receiver of SNMP
notifications. (Maximum length: 32 characters)
ip-addr - Specifies the IP address of the management station to receive
notifications.
sec-name - The defined SNMP v3 user name that is to receive notifications.
â 162 â
Chapter 16 | SNMP Commands
port-number - The UDP port that is used on the receiving management
station for notifications.
notification-filter-id - The name if a defined notification filter.
Default Setting
None
Command Mode
Global Configuration
Command Usage
â The access point supports multiple SNMP v3 target IDs.
â
The SNMP v3 user name that is specified in the target must first be configured
using the snmp-server user command.
Example
AP(config)#snmp-server target tarname 192.168.1.33 chris 1234
AP(config)#
snmp-server filter This command configures SNMP v3 notification filters. Use the no form to delete an
SNMP v3 filter or remove a subtree from a filter.
Syntax
snmp-server filter   
no snmp-server filter  [subtree]
filter-id - A user-defined name that identifies an SNMP v3 notification filter.
(Maximum length: 32 characters)
include - Defines a filter type that includes objects in the MIB subtree.
exclude - Defines a filter type that excludes objects in the MIB subtree.
subtree - The part of the MIB subtree that is to be filtered.
Default Setting
None
Command Mode
Global Configuration
Command Usage
â The access point allows multiple notification filters to be created. Each filter can
be defined by up to 20 MIB subtree ID entries.
â 163 â
Chapter 16 | SNMP Commands
â
Use the command more than once with the same filter ID to build a filter that
includes or excludes multiple MIB objects. Note that the filter entries are
applied in the sequence that they are defined.
â
The MIB subtree must be defined in the form â.1.3.6.1â and always start with a â.â.
Example
AP(config)#snmp-server filter trapfilter include .1
AP(config)#snmp-server filter trapfilter exclude .1.3.6.1.2.1.2.2.1.1.23
show snmp users This command displays the SNMP v3 users and settings.
Syntax
show snmp users
Command Mode
Exec
Example
AP# show snmp users
User List:
==================================
UserName
: chris
GroupName
: testgroup
AuthType
: None
PrivType
: None
UserName
GroupName
AuthType
PrivType
david
group2
MD5,
Passphrase: ****************
DES,
Passphrase: ****************
==================================
AP#
show snmp target This command displays the SNMP v3 notification target settings.
Syntax
show snmp target
Command Mode
Exec
â 164 â
Chapter 16 | SNMP Commands
Example
AP# show snmp target
Target List:
==================================
Target ID : christraps
IP Address : 192.168.1.33
User Name : chris
UDP Port
: 4321
Filter ID : Not Defined
==================================
AP#
show snmp filter This command displays the SNMP v3 notification filter settings.
Syntax
show snmp filter [filter-id]
filter-id - A user-defined name that identifies an SNMP v3 notification filter.
(Maximum length: 32 characters)
Command Mode
Exec
Example
AP# show snmp filter
Filter List:
==================================
Filter: defaultfilter
Type: Included
Subtree: .1
Type: Excluded
Subtree: .1.3.6.1.2.1.2.2.1.1.23
Filter: testfilter
Type: Excluded
Subtree: .13.6.1.2.1.2.2.1.2
==================================
AP#
show snmp This command displays the SNMP configuration settings.
Command Mode
Exec
â 165 â
Chapter 16 | SNMP Commands
Example
AP# show snmp
SNMP Information
==============================================
Service State
: Enable
Community (ro)
: *******
Community (rw)
: ********
Location
: where?
Contact
: who?
==============================================
Trap Destination List:
==============================================
Trap Destination: 192.168.1.22, Community : *****
==============================================
Trap Configuration:
==========================================================================
systemUp: Disabled
systemDown: Disabled
==========================================================================
AP#
show snmp vacm view This command displays the configured SNMP v3 views.
Syntax
show snmp vacm view [view-name]
view-name - The name of a user-defined SNMPv3 view.
Command Mode
Exec
Example
AP# sh snmp vacm view
View List:
==================================
View Name
: defaultview
Type
: included
OID
: .1
Mask
View Name
Type
OID
Mask
Type
OID
Mask
: testview
: included
: .1
: excluded
: .13.6.1.2.1.2.2.1.2.1.1
==================================
AP#
â 166 â
Chapter 16 | SNMP Commands
show snmp vacm This command displays the configured SNMP v3 groups.
group
Syntax
show snmp vacm group [group-name]
group-name - The name of a user-defined SNMPv3 group.
Command Mode
Exec
Example
AP# sh snmp vacm group
Group List:
==================================
Group Name
: testgroup
Security Level : NoAuthNoPriv
Read-View
: defaultview
Write-View
: defaultview
Group Name
Security Level
Read-View
Write-View
group2
AuthPriv
defaultview
defaultview
==================================
AP#
â 167 â
17
Flash/File Commands
These commands are used to manage the system code or configuration files.
Table 12: Flash/File Commands
Command
Function
Mode
Page
dual-image
Specifies the file or image used to start up the system GC
168
copy
Copies a code image or configuration between flash
memory and a FTP/TFTP server
Exec
169
show dual-image
Displays the name of the current operation code file
that booted the system
Exec
170
dual-image This command specifies the image used to start up the system.
Syntax
dual-image boot image [a | b]
a - Selects image file A as the startup software.
b - Selects image file B as the startup software.
Default Setting
None
Command Mode
Exec
Command Usage
â The access point supports two software image files (A and B), one of which is
set as the boot image, or âActiveâ file, and the other acts as a âBackupâ file.
â
You can upgrade new access point software from a local file on the
management workstation, or from an FTP or TFTP server. The new software file
replaces the image (A or B) that is not currently set as the boot image.
â
After upgrading new software, you must reboot the access point to implement
the new code. Until a reboot occurs, the access point will continue to run the
software it was using before the upgrade started. Also note that new software
that is incompatible with the current configuration automatically restores the
access point to the factory default settings when first activated after a reboot.
â 168 â
Chapter 17 | Flash/File Commands
Example
AP# dual-image boot-image A
Change image to A
AP#
copy This command copies a boot file, code image, or configuration file between the
access pointâs flash memory and a FTP/TFTP server. When you save the
configuration settings to a file on a FTP/TFTP server, that file can later be
downloaded to the access point to restore system operation. The success of the file
transfer depends on the accessibility of the FTP/TFTP server and the quality of the
network connection.
Syntax
copy {ftp [firmware | config]   
 | tftp [firmware | config]  }
copy config {ftp     | tftp
 }
copy running startup
ftp - Keyword that allows you to copy to/from an FTP server.
tftp - Keyword that allows you to copy to/from a TFTP server.
firmware - Keyword that allows you to copy a software image file from an
FTP/TFTP server to flash memory.
config - Keyword that allows you to copy a configuration file to/from an
FTP/TFTP server.
running startup - Keywords that save the current running configuration to
the startup configuration file in flash memory.
file-name - The name of a file to copy.
ip-address - The IP address of an FTP or TFTP server.
user-name - The access user name for the FTP server.
password - The access password for the FTP server.
Default Setting
None
Command Mode
Exec
Command Usage
â Only a configuration file can be uploaded to an FTP/TFTP server, but every type
of file can be downloaded to the access point.
â 169 â
Chapter 17 | Flash/File Commands
â
The destination file name should not contain slashes (\ or /), the leading letter of
the file name should not be a period (.), and the maximum length for file names
on the FTP/TFTP server is 255 characters or 32 characters for files on the access
point. (Valid characters: A-Z, a-z, 0-9, â.â, â-â, â_â)
â
Due to the size limit of the flash memory, the access point supports only two
operation code files.
Example
The following example shows how to upload the configuration settings to a file on
the TFTP server:
AP# copy config tftp syscfg 192.168.1.19
Backup Config to tftp was successful!!
AP#
The following example shows how to download a configuration file:
AP# copy tftp config syscfg 192.168.1.19
Restore Config from tftp was successful.
AP#
show dual-image This command displays the name of the current operation code file that booted the
system and the file saved as a secondary image.
Syntax
show dual image
Command Mode
Exec
Example
AP#show dual-image
Image
Status
Version
----------------------------------------------Image A
(Active)
1.1.0.6
Image B
(Backup)
1.1.0.1
AP#
â 170 â
18
RADIUS Client Commands
Remote Authentication Dial-in User Service (RADIUS) is a logon authentication
protocol that uses software running on a central server to control access for
RADIUS-aware devices to the network. An authentication server contains a
database of credentials, such as users names and passwords, for each wireless
client that requires access to a VAP interface.
Table 13: RADIUS Client Commands
Command
Function
Mode
Page
radius-server enable
Enables the RADIUS server.
IC-W-VAP
171
radius-server address
Specifies the RADIUS server
IC-W-VAP
172
radius-server port
Sets the RADIUS server network port
IC-W-VAP
172
radius-server shared-secret Sets the RADIUS encryption key
IC-W-VAP
173
radius-server accounting
address
Sets the RADIUS server accounting address
IC-W-VAP
173
radius-server accounting
port
Sets the RADIUS server accounting port
IC-W-VAP
174
radius-server accounting
shared-secret
Sets the RADIUS server accounting key
IC-W-VAP
174
radius-server accounting
timeout-interim
Sets the interval between transmitting accounting IC-W-VAP
updates to the RADIUS server
175
make-radius-effective
Implements RADIUS command changes made in
current CLI session.
175
radius-server enable This command enables the RADIUS server.
Syntax
radius-server {primary | secondary} enable
primary - Specifies the primary RADIUS server.
secondary - Specifies the secondary RADIUS server.
Default Setting
Enabled
Command Mode
Interface Configuration (Wireless-VAP)
â 171 â
IC-W-VAP
Chapter 18 | RADIUS Client Commands
Example
AP(if-wireless 0: VAP[0])# radius-server primary enable
This setting has not been effective !
If want to take effect, please execute make-radius-effective command !
AP(if-wireless 0: VAP[0])#
radius-server address This command specifies the primary and secondary RADIUS server address.
Syntax
radius-server {primary | secondary} address 
address - IP address of server.
Default Setting
10.7.16.96
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# radius-server primary address 192.168.1.9
This setting has not been effective !
If want to take effect, please execute make-radius-effective command !
AP(if-wireless 0: VAP[0])#
radius-server port This command sets the RADIUS server network port.
Syntax
radius-server {primary | secondary} port 
port_number - RADIUS server UDP port used for authentication messages.
(Range: 1024-65535)
Default Setting
1812
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# radius-server primary port 1810
This setting has not been effective !
â 172 â
Chapter 18 | RADIUS Client Commands
If want to take effect, please execute make-radius-effective command !
AP(if-wireless 0: VAP[0])#
radius-server shared- This command sets the RADIUS encryption key.
secret
Syntax
radius-server {primary | secondary] shared-secret 
key_string - Encryption key used to authenticate logon access for client. Do
not use blank spaces in the string. (Maximum length: 20 characters)
Default Setting
DEFAULT
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# radius-server primary shared-secret green
This setting has not been effective !
If want to take effect, please execute make-radius-effective command !
AP(if-wireless 0: VAP[0])#
radius-server This command sets the RADIUS Accounting server network IP address.
accounting address
Syntax
radius-server accounting address 
address - IP address of the RADIUS Accounting server
Default Setting
10.7.16.96
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
When the RADIUS Accounting server UDP address is specified, a RADIUS
accounting session is automatically started for each user that is successfully
authenticated to the access point.
â 173 â
Chapter 18 | RADIUS Client Commands
Example
AP(if-wireless 0: VAP[0])# radius-server accounting address 192.168.1.19
This setting has not been effective !
If want to take effect, please execute make-radius-effective command !
AP(if-wireless 0: VAP[0])#
radius-server This command sets the RADIUS Accounting port.
accounting port
Syntax
radius-server accounting port 
port - The port used by the RADIUS Accounting server.
(Range: 1024~65535)
Default Setting
1813
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
When the RADIUS Accounting server UDP port is specified, a RADIUS accounting
session is automatically started for each user that is successfully authenticated to
the access point.
Example
AP(if-wireless 0: VAP[0])# radius-server accounting port 1882
This setting has not been effective !
If want to take effect, please execute make-radius-effective command !
AP(if-wireless 0: VAP[0])#
radius-server This command sets the RADIUS Accounting key.
accounting sharedsecret Syntax
radius-server accounting shared-secret 
key - The RADIUS Accounting server keyphrase.
Default Setting
DEFAULT
â 174 â
Chapter 18 | RADIUS Client Commands
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# radius-server accounting shared-secret green
This setting has not been effective !
If want to take effect, please execute make-radius-effective command !
AP(if-wireless 0: VAP[0])#
radius-server This command sets the interval between transmitting accounting updates to the
accounting RADIUS server.
timeout-interim
Syntax
radius-server accounting timeout-interim }
number_of_seconds - Number of seconds the access point waits between
transmitting accounting updates. (Range: 60-86400)
Default Setting
300
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
The access point sends periodic accounting updates after every interim period until
the user logs off and a âstopâ message is sent.
Example
AP(if-wireless 0: VAP[0])# radius-server accounting timeout-interim 600
This setting has not been effective !
If want to take effect, please execute make-radius-effective command !
AP(if-wireless 0: VAP[0])#
make-radius-effective This command implements the RADIUS settings made in the current CLI session.
Default Setting
None
Command Mode
Interface Configuration (Wireless-VAP)
â 175 â
Chapter 18 | RADIUS Client Commands
Example
AP(if-wireless 0: VAP[0])# make-radius-effective
It will take several minutes !
Please wait a while...
AP(if-wireless 0: VAP[0])#
â 176 â
19
802.1X Authentication
Commands
The access point supports IEEE 802.1X access control for wireless clients. This
control feature prevents unauthorized access to the network by requiring an
802.1X client application to submit user credentials for authentication. Client
authentication is then verified by a RADIUS server using EAP (Extensible
Authentication Protocol) before the access point grants client access to the
network. The 802.1X EAP packets are also used to pass dynamic unicast session
keys and static broadcast keys to wireless clients.
Table 14: 802.1x Authentication
Command
Function
Mode
Page
802.1x enable
Configures 802.1X as enabled or disabled
IC-W-VAP
177
802.1x reauthentication- Sets the timeout after which a connected client must IC-W-VAP
time
be re-authenticated
178
802.1x enable This command configures 802.1X as enabled for wireless clients. Use the no form to
disable 802.1X support.
Syntax
802.1x enable
no 802.1x
Default Setting
Disabled
Command Mode
Inface Configuration (Wireless-VAP)
Command Usage
When 802.1X is disabled, the access point does not support 802.1X
authentication for any station. After successful 802.11 association, each client is
allowed to access the network.
â
â
802.1X does not apply to the 1000BASE-T port.
â
To display the current 802.1X status, use the show interface wireless
command.
â 177 â
Chapter 19 | 802.1X Authentication Commands
Example
AP(if-wireless 0: VAP[0])# 802.1x enable
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
Related Commands
show interface wireless
802.1x This command sets the time period after which a connected client must be rereauthentication-time authenticated.
Syntax
802.1x reauthentication-time 
seconds - The number of seconds. (Range: 0-1440)
Default
600 seconds
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# 802.1x reauthentication-time 600
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 178 â
20
MAC Address Authentication
Commands
Use these commands to define MAC authentication on a VAP interface. For local
MAC authentication, first define the default filtering policy, then enter the MAC
addresses to be filtered, indicating if they are allowed or denied. For RADIUS MAC
authentication, the MAC addresses and filtering policy must be configured on the
RADIUS server.
Table 15: MAC Address Authentication
Command
Function
Mode
Page
mac-authentication server
Sets address filtering to be performed with local or IC-W-VAP
remote options
179
mac-authentication server
local address default
Sets local filtering to allow or deny listed addresses IC-W-VAP
180
mac-authentication server
local address entry
Enters a MAC address in the local filter table
IC-W-VAP
180
mac-authentication server
local address delete
Removes a MAC address from the local filter table
IC-W-VAP
181
mac-authentication
session-timeout
Sets the interval at which associated clients will be
re-authenticated with the RADIUS server
authentication database
IC-W-VAP
182
mac-authentication This command sets address filtering to be performed with local or remote options.
server Use the no form to disable MAC address authentication.
Syntax
mac-authentication server [local | remote]
no mac-authentication server
local - Authenticate the MAC address of wireless clients with the local
authentication database during 802.11 association.
remote - Authenticate the MAC address of wireless clients with the RADIUS
server during 802.1X authentication.
Default
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
â 179 â
Chapter 20 | MAC Address Authentication Commands
Example
AP(if-wireless 0: VAP[0])#mac-authentication server remote
AP(if-wireless 0: VAP[0])#
Related Commands
mac-authentication server local address entry
radius-server address
mac-authentication This command sets local filtering to allow or deny listed MAC addresses.
server local address
default Syntax
mac-authentication server local address default 
allowed - Only MAC addresses entered as âdeniedâ in the address filtering
table are denied.
denied - Only MAC addresses entered as âallowedâ in the address filtering
table are allowed.
Default
Allowed
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])#mac-authentication server local address default
denied
AP(if-wireless 0: VAP[0])#
Related Commands
mac-authentication server local address entry
mac-authentication This command enters a MAC address in the local filter table.
server local address
entry Syntax
mac-authentication server local address entry  
allowed - Entry is allowed access.
denied - Entry is denied access.
mac-address - Physical address of client. (Enter six pairs of hexadecimal
digits separated by hyphens; e.g., 00-90-D1-12-AB- 89.)
â 180 â
Chapter 20 | MAC Address Authentication Commands
Default
None
Command Mode
Interface Configuration (Wireless-VAP)
Command Mode
â The access point supports up to 1024 MAC addresses.
â
An entry in the address table may be allowed or denied access depending on
the global setting configured for the mac-authentication server local address
default command.
Example
AP(if-wireless 0: VAP[0])#mac-authentication server local address entry
allowed 00-70-50-cc-99-1a
AP(if-wireless 0: VAP[0])#
Related Commands
mac-authentication server local address default
mac-authentication This command deletes a MAC address from the local filter table.
server local address
delete Syntax
mac-authentication server local address delete  
allowed - Entry is allowed access.
denied - Entry is denied access.
mac-address - Physical address of client. (Enter six pairs of hexadecimal
digits separated by hyphens; e.g., 00-90-D1-12-AB-89.)
Default
None
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])#mac-authentication server local address delete
allowed 00-70-50-cc-99-1b
AP(if-wireless 0: VAP[0])#
â 181 â
Chapter 20 | MAC Address Authentication Commands
mac-authentication This command sets the interval at which associated clients will be re-authenticated
session-timeout with the RADIUS server authentication database. Use the no form to disable
reauthentication.
Syntax
mac-authentication session-timeout 
no mac-authentication session-timeout
seconds - Re-authentication interval. (Range: 30-65555)
Default
0 (disabled)
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])#mac-authentication session-timeout 300
AP(if-wireless 0: VAP[0])#
â 182 â
21
Filtering Commands
The commands described in this section are used to filter communications
between wireless clients, control access to the management interface from wireless
clients, and filter traffic using specific Ethernet protocol types.
Table 16: Filtering Commands
Command
Function
Mode
Page
filter local-bridge
Disables communication between wireless clients
GC
183
filter restrictmanagement
Prevents wireless clients from accessing the
management interface
GC
184
filter dhcp
Prevents wireless clients from accessing a DHCP
server
GC
184
filter acl-source-address Configures ACL filtering based on source MAC
addresses
GC
185
filter acl-destinationaddress
Configures ACL filtering based on destination MAC
addresses
GC
185
filter ethernet-type
enable
Checks the Ethernet type for all incoming and
outgoing Ethernet packets against the protocol
filtering table
GC
186
filter ethernet-type
protocol
Sets a filter for a specific Ethernet type
GC
186
show filters
Shows the filter configuration
Exec
187
filter local-bridge This command disables communication between wireless clients. Use the no form
to disable this filtering.
Syntax
filter local-bridge 
no filter local-bridge
all-VAP - When enabled, clients cannot establish wireless communications
with any other client, either those associated to the same VAP interface or
any other VAP interface.
intra-VAP - When enabled, clients associated with a specific VAP interface
cannot establish wireless communications with each other. Clients can
communicate with clients associated to other VAP interfaces.
Default
Disabled
â 183 â
Chapter 21 | Filtering Commands
Command Mode
Global Configuration
Command Usage
This command can disable wireless-to-wireless communications between clients
via the access point. However, it does not affect communications between wireless
clients and the wired network.
Example
AP(config)#filter local-bridge all-vap
AP(config)#
filter restrict- This command prevents wireless clients from accessing the management interface
management on the access point. Use the no form to disable this filtering.
Syntax
[no] filter restrict-management
Default
Disabled
Command Mode
Global Configuration
Example
AP(config)#filter restrict-management
AP(config)#
filter dhcp This command prevents the AP or wireless clients from obtaining an IP address
from a DHCP server installed on wireless client.
Syntax
filter dhcp 
enable - Prevent DHCP IP assignment from a wireless client.
disable - Allow DHCP IP assignment from a wireless client.
Default
Disabled
Command Mode
Global Configuration
â 184 â
Chapter 21 | Filtering Commands
Example
AP(config)#filter dhcp enable
AP(config)#
filter acl-source- This command configures ACL filtering based on source MAC addresses in data
address frames.
Syntax
filter acl-source-address {enable | disable | add  | delete
}
enable - Key word that enables ACL filtering on the access point.
disable - Key word that disables ACL filtering on the access point.
add - Key word that adds a MAC address to the filter table.
delete - Key word that removes a MAC address from the filter table
mac-address - Specifies a MAC address in the form xx-xx-xx-xx-xx-xx.
Default
Disabled
Command Mode
Global Configuration
Command Usage
You can add up to 128 MAC addresses to the filtering table.
Example
AP(config)#filter acl-source-address add 00-12-34-56-78-9a
AP(config)#filter acl-source-address enable
AP(config)#
filter acl-destination- This command configures ACL filtering based on source MAC addresses in data
address frames.
Syntax
filter acl-destination-address {enable | disable | add  | delete
}
enable - Key word that enables ACL filtering on the access point.
disable - Key word that disables ACL filtering on the access point.
add - Key word that adds a MAC address to the filter table.
â 185 â
Chapter 21 | Filtering Commands
delete - Key word that removes a MAC address from the filter table
mac-address - Specifies a MAC address in the form xx-xx-xx-xx-xx-xx.
Default
Disabled
Command Mode
Global Configuration
Example
AP(config)#filter acl-destination-address add 00-12-34-56-78-9a
AP(config)#filter acl-destination-address enable
AP(config)#
filter ethernet-type This command checks the Ethernet type on all incoming and outgoing Ethernet
enabled packets against the protocol filtering table. Use the no form to disable this feature.
Syntax
[no] filter ethernet-type enabled
Default
Disabled
Command Mode
Global Configuration
Command Usage
This command is used in conjunction with the filter ethernet-type protocol
command to determine which Ethernet protocol types are to be filtered.
Example
AP(config)#filter ethernet-type enabled
AP(config)#
Related Commands
filter ethernet-type protocol
filter ethernet-type This command sets a filter for a specific Ethernet type. Use the no form to disable
protocol filtering for a specific Ethernet type.
Syntax
[no] filter ethernet-type protocol 
â 186 â
Chapter 21 | Filtering Commands
protocol - An Ethernet protocol type. (Options: ARP, RARP, Berkeley-TrailerNegotiation, LAN-Test, X25-Level-3, Banyan, CDP, DEC XNS, DEC-MOPDump-Load, DEC-MOP, DEC-LAT, Ethertalk, Appletalk-ARP, Novell-IPX(old),
Novell-IPX(new), EAPOL, Telxon-TXP, Aironet-DDP, Enet-Config-Test, IP, IPv6,
NetBEUI, PPPoE_Discovery, PPPoE_PPP_Session)
Default
None
Command Mode
Global Configuration
Command Usage
Use the filter ethernet-type enable command to enable filtering for Ethernet
types specified in the filtering table, or the no filter ethernet-type enable
command to disable all filtering based on the filtering table.
Example
AP(config)#filter ethernet-type protocol ARP
AP(config)#
Related Commands
filter ethernet-type enabled
show filters This command shows the filter options and protocol entries in the filter table.
Syntax
show filters [acl-source-address | acl-destination-address]
Command Mode
Exec
Example
AP#show filters
Protocol Filter Information
=======================================================================
Local Bridge
:Traffic among all client STAs blocked
AP Management
:DISABLED
EtherType Filter
:DISABLED
Enabled EtherType Filters
----------------------------------------------------------------------=======================================================================
AP#
â 187 â
Chapter 21 | Filtering Commands
â 188 â
22
Spanning Tree Commands
The commands described in this section are used to set the MAC address table
aging time and spanning tree parameters for both the Ethernet and wireless
interfaces.
Table 17: Spanning Tree Commands
Command
Function
Mode
Page
bridge stp service
Enables the Spanning Tree feature
GC
190
bridge stp br-conf
forwarding-delay
Configures the spanning tree bridge forward time GC
190
bridge stp br-conf hello-time Configures the spanning tree bridge hello time
GC
191
bridge stp br-conf max-age
Configures the spanning tree bridge maximum
age
GC
191
bridge stp br-conf priority
Configures the spanning tree bridge priority
GC
192
bridge stp port-conf
interface
Enters STP interface configuration mode
GC
192
bridge-link path-cost
Configures the spanning tree path cost for the
Ethernet port
IC-E
193
bridge-link port-priority
Configures the spanning tree priority for the
Ethernet port
IC-E
193
vap
Selects the VAP interface in STP interface
configuration mode
GC-STP
194
path-cost
Sets the path cost for a VAP interface in STP
interface configuration mode
GC-STP
194
port-priority
Sets the port priority for a VAP interface in STP
interface configuration mode
GC-STP
195
bridge mac-aging
Sets the MAC address aging time
GC
195
show bridge stp
Displays the global spanning tree settings
Exec
196
show bridge br-conf
Displays spanning tree settings for specified
VLANs
Exec
196
show bridge port-conf
Displays spanning tree settings for specified
interfaces
Exec
197
show bridge status
Displays STP bridge status for a specified VLAN or Exec
all VLANs
198
Exec
199
Displays the current MAC address table aging time Exec
200
show bridge forward address Displays STP settings for forwarding MAC
addesses on specified interfaces or VLANs
show bridge mac-aging
â 189 â
Chapter 22 | Spanning Tree Commands
bridge stp service This command enables the Spanning Tree Protocol. Use the no form to disable the
Spanning Tree Protocol.
Syntax
[no] bridge stp service
Default Setting
Enabled
Command Mode
Global Configuration
Example
This example globally enables the Spanning Tree Protocol.
AP(config)bridge stp service
AP(config)
bridge stp br-conf Use this command to configure the spanning tree bridge forward time globally for
forwarding-delay the wireless bridge.
Syntax
bridge stp br-conf forwarding-delay 
seconds - Time in seconds. (Range: 4 - 30 seconds)
The minimum value is the higher of 4 or [(max-age / 2) + 1].
Default Setting
15 seconds
Command Mode
Global Configuration
Command Usage
This command sets the maximum time (in seconds) the root device will wait before
changing states (i.e., discarding to learning to forwarding). This delay is required
because every device must receive information about topology changes before it
starts to forward frames. In addition, each port needs time to listen for conflicting
information that would make it return to the discarding state; otherwise, temporary
data loops might result.
Example
AP(config)#bridge stp br-conf forwarding-delay 20
AP(config)#
â 190 â
Chapter 22 | Spanning Tree Commands
bridge stp br-conf Use this command to configure the spanning tree bridge hello time globally for the
hello-time wireless bridge.
Syntax
bridge stp br-conf hello-time 
time - Time in seconds. (Range: 1-10 seconds).
The maximum value is the lower of 10 or [(max-age / 2) -1].
Default Setting
2 seconds
Command Mode
Global Configuration
Command Usage
This command sets the time interval (in seconds) at which the root device transmits
a configuration message.
Example
AP(config)#bridge stp br-conf hello-time 5
AP(config)#
bridge stp br-conf Use this command to configure the spanning tree bridge maximum age globally
max-age for the wireless bridge.
Syntax
bridge stp br-conf max-age 
seconds - Time in seconds. (Range: 6-40 seconds)
The minimum value is the higher of 6 or [2 x (hello-time + 1)].
The maximum value is the lower of 40 or [2 x (forward-time - 1)].
Default Setting
20 seconds
Command Mode
Global Configuration
Command Usage
This command sets the maximum time (in seconds) a device can wait without
receiving a configuration message before attempting to reconfigure. All device
ports (except for designated ports) should receive configuration messages at
regular intervals. Any port that ages out STP information (provided in the last
configuration message) becomes the designated port for the attached LAN. If it is a
â 191 â
Chapter 22 | Spanning Tree Commands
root port, a new root port is selected from among the device ports attached to the
network.
Example
AP(config)#bridge stp max-age 40
AP(config)#
bridge stp br-conf Use this command to configure the spanning tree priority globally for the wireless
priority bridge.
Syntax
bridge stp br-conf priority 
priority - Priority of the bridge. (Range: 0 - 65535)
Default Setting
32768
Command Mode
Global Configuration
Command Usage
Bridge priority is used in selecting the root device, root port, and designated port.
The device with the highest priority becomes the STP root device. However, if all
devices have the same priority, the device with the lowest MAC address will then
become the root device.
Example
AP(config)#bridge stp br-conf priority 40000
AP(config)#
bridge stp port-conf This command enters STP interface configuration mode.
interface
Syntax
bridge stp port-conf interface {ethernet | wireless }
index - The wireless interface index number. (Only â0â for this AP.)
Default Setting
None
Command Mode
Global Configuration
â 192 â
Chapter 22 | Spanning Tree Commands
Command Usage
Use this command to enter STP interface configuration mode. In this mode STP
settings for specific VAP interfaces can be configured.
Example
AP(config)# bridge stp port-conf interface wireless 0
Enter Wireless configuration commands, one per line.
AP(stp-if-wireless 0)#
bridge-link path-cost Use this command to configure the spanning tree path cost for the Ethernet port.
Syntax
bridge-link path-cost 
cost - The path cost for the port. (Range: 1-65535)
Default Setting
Command Mode
Interface Configuration (Ethernet)
Command Usage
â This command is used by the Spanning Tree Protocol to determine the best
path between devices. Therefore, lower values should be assigned to ports
attached to faster media, and higher values assigned to ports with slower
media.
â
Path cost takes precedence over port priority.
Example
AP(if-wireless a)#bridge-link path-cost 1 50
AP(if-wireless a)#
bridge-link port- Use this command to configure the priority for the Ethernet port.
priority
Syntax
bridge-link port-priority 
priority - The priority for a port. (Range: 1-255)
Default Setting
32
â 193 â
Chapter 22 | Spanning Tree Commands
Command Mode
Interface Configuration (Ethernet)
Command Usage
â This command defines the priority for the use of a port in the Spanning Tree
Protocol. If the path cost for all ports on a wireless bridge are the same, the port
with the highest priority (that is, lowest value) will be configured as an active
link in the spanning tree.
â
Where more than one port is assigned the highest priority, the port with lowest
numeric identifier will be enabled.
Example
AP(if-wireless a)#bridge-link port-priority 1 64
AP(if-wireless a)#
Related Commands
bridge-link path-cost
vap (STP Interface) This command selects the VAP interface for configuring STP settings.
Syntax
vap 
vap-index - The index number for the VAP interface. (Range: 0-7)
Command Mode
Global Configuration (STP interface)
Example
AP(stp-if-wireless 0)# vap 0
AP(stp-if-wireless 0: VAP[0])#
path-cost (STP This command sets the spanning tree path cost for the VAP interface.
Interface)
Syntax
path-cost 
cost - The path cost for the VAP interface. (Range: 1-65535)
Command Mode
Global Configuration (STP interface)
â 194 â
Chapter 22 | Spanning Tree Commands
Command Usage
â This command is used by the Spanning Tree Protocol to determine the best
path between devices. Therefore, lower values should be assigned to interfaces
with faster media, and higher values assigned to interfaces with slower media.
â
Path cost takes precedence over port priority.
Example
AP(stp-if-wireless 0: VAP[0])# path-cost 512
AP(stp-if-wireless 0: VAP[0])#
port-priority (STP This command sets the spanning tree path cost for the VAP interface.
Interface)
Syntax
port-priority 
priority - The priority for the VAP interface. (Range: 0-63)
Command Mode
Global Configuration (STP interface)
Command Usage
â This command defines the priority for the use of an interface in the Spanning
Tree Protocol. If the path cost for all interfaces on a bridge are the same, the
interface with the highest priority (that is, lowest value) will be configured as an
active link in the spanning tree.
â
Where more than one interface is assigned the highest priority, the interface
with lowest numeric identifier will be enabled.
Example
AP(stp-if-wireless 0: VAP[0])# port-priority 10
AP(stp-if-wireless 0: VAP[0])#
bridge mac-aging This command sets the MAC address table aging time.
Syntax
bridge mac-aging 
aging-time - The time after which a learned MAC address is discarded.
(Range: 10-1000000 seconds)
Default
300 seconds
â 195 â
Chapter 22 | Spanning Tree Commands
Command Mode
Global Configuration
Command Usage
The AP stores the MAC addresses for all known devices. All the addresses learned by
monitoring traffic are stored in a dynamic address table. This information is used to
pass traffic directly between inbound and outbound interfaces. When the MAC
address table âaging timeâ has expired, a learned MAC address is discarded from
the table.
Example
AP(config)# bridge mac-aging 300
AP(config)#
show bridge stp This command displays the global spanning tree settings for the bridge.
Syntax
show bridge stp
Command Mode
Exec
Example
AP#show bridge stp
Bridge STP Information
==================================
Bridge MAC
: 00:12:CF:A2:54:30
Status
: Disabled
priority
: 32768
Hello Time
: 2 seconds
Maximum Age
: 20 seconds
Forward Delay
: 15 seconds
==================================
AP#
show bridge br-conf This command displays spanning tree settings for a specified VLAN.
Syntax
show bridge br-conf 
all - Keyword to show the STP configuration for all VLANs.
vlan-id - Specifies a VLAN ID. (Range: 0-4095)
Command Mode
Exec
â 196 â
Chapter 22 | Spanning Tree Commands
Example
AP# show bridge br-conf all
BR0 configuration
========================================
BRIDGE MAC
: 00:12:cf:a2:54:30
Priority
: 32768
Hello Time
: 2
Maximum Age
: 20
Forward Delay
: 0
========================================
AP#
show bridge port-conf This command displays spanning tree settings for specified interfaces.
interface
Syntax
show bridge port-conf interface {all | ethernet | wireless index }
all - Keyword to display STP settings for all interfaces.
ethernet - Keyword to display STP settings for the Ethernet interface.
wireless - Keyword to display STP settings for the Wireless interface.
vap - Keyword to display STP settings for a specific VAP interface.
Command Mode
Exec
Example
AP#show bridge port-conf interface all
ETH0 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 4
========================================
ATH0 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 19
========================================
ATH1 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 19
========================================
ATH2 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 19
========================================
â 197 â
Chapter 22 | Spanning Tree Commands
ATH3 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 19
========================================
ATH4 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 19
========================================
ATH5 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 19
========================================
ATH6 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 19
========================================
ATH7 configuration
========================================
Link Port Priority
: 32
Link Path Cost
: 19
========================================
AP#
show bridge status This command displays STP bridge status for a specified VLAN or all VLANs.
Syntax
show bridge status 
all - Keyword to show the bridge status for all VLANs.
vlan-id - Specifies a VLAN ID. (Range: 0-4095)
Command Mode
Exec
Example
AP# show bridge status all
br0 status
=====================================================
Bridge ID
: 8000.0012cfa25430
Designated Root ID
: 8000.0012cfa25430
Root Port
: 0
ath0 --- port 0x2
Port ID
Designated Root ID
: 0x8002
: 8000.0012cfa25430
â 198 â
Chapter 22 | Spanning Tree Commands
Designated Bridge ID : 8000.0012cfa25430
Root Port Path Cost : 0
State
: FORWARDING
eth0 --- port 0x1
Port ID
: 0x8001
Designated Root ID
: 8000.0012cfa25430
Designated Bridge ID : 8000.0012cfa25430
Root Port Path Cost : 0
State
: DISABLED
=====================================================
AP#
show bridge forward This command displays STP settings for forwarding MAC addesses on specified
address interfaces or VLANs.
Syntax
show bridge forward address {all | mac  |
}
show bridge forward address {ethernet | wireless  vap }
all - Show settings for all forwarding MAC addresses.
mac - Show settings for specific forwarding MAC addresses. MAC addresses
are specified in the form xx-xx-xx-xx-xx-xx.
ethernet - The Ethernet port interface.
wireless - The wireless port interface.
vap - Wireless VAP interfaces. (Wireless Range: 0;
VAP Range: 0-7)
vlan-id - Show settings for forwarding addresses on specific VLANs. (Range:
0-4095)
Command Mode
Exec
Example
AP# show bridge forward-addr interface wireless 0 vap 0
MAC ADDRESS
INTERFACE VLAN
AGE
=====================================================
02:12:cf:a2:54:30
ath0
=====================================================
AP#
â 199 â
Chapter 22 | Spanning Tree Commands
show bridge mac- This command displays the MAC address table aging time.
aging
Syntax
show bridge mac-aging
Command Mode
Exec
Example
AP# show bridge mac-aging
mac-aging time 300
AP#
â 200 â
23
WDS Bridge Commands
The commands described in this section are used to set the operation mode for
each access point interface and configure Wireless Distribution System (WDS)
forwarding table settings.
Table 18: WDS Bridge Commands
Command
Function
Mode
Page
wds ap
Selects the bridge operation mode for a radio
interface
IC-W VAP
201
wds sta
Configures the MAC addresses of the parent bridge
node
IC-W VAP
201
show wds wireless
Configures MAC addresses of connected child bridge Exec
nodes
202
wds ap This command enables the bridge operation mode for the radio interface.
Syntax
wds ap
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless) VAP
Example
AP(if-wireless 0 [VAP 0])#wds ap
AP(if-wireless 0 [VAP 0])#
wds sta This command configures WDS station mode on a VAP interface.
Syntax
wds sta ap-ssid  address 
ssid - Severice set identifier. Maximum: 32 characters.
mac-address - The MAC address of the connecting VAP in WDS-AP mode.
â 201 â
Chapter 23 | WDS Bridge Commands
Default Setting
None
Command Mode
Interface Configuration (Wireless) VAP
Command Usage
In WDS-STA mode, the VAP operates as a client station in WDS mode, which
connects to an access point in WDS-AP mode. The user needs to specify the SSID
and MAC address of the VAP to which it intends to connect.
Example
AP(if-wireless 0 [VAP 0])#wds sta ap-ssid red address 00-11-22-33-44-55
AP(if-wireless 0 [VAP 0])#
show wds wireless This command displays the current WDS settings for VAPs.
Syntax
show wds wireless  vap {all | }
index -The wireless interface index number. (Option: 0)
vap-index - The VAP index number. (Range: 0-7)
Command Mode
Exec
Example
AP# show wds wireless 0 vap 0
WDS Status(wireless 0 vap 0)
==========================================
Status: up
Mode: STA
AP SSID: red
AP MAC: 00:11:22:33:44:55
==========================================
AP#
â 202 â
24
Ethernet Interface Commands
The commands described in this section configure connection parameters for the
Ethernet port and wireless interface.
Table 19: Ethernet Interface Commands
Command
Function
Mode
Page
interface ethernet
Enters Ethernet interface configuration mode
GC
203
dns
Specifies the primary and secondary name servers IC-E
204
ip address
Sets the IP address for the Ethernet interface
IC-E
204
ip dhcp
Submits a DHCP request for an IP address
IC-E
205
ip management address Sets a static IP address for management access
IC-E
206
ipv6 address
Sets the IPv6 address for the Ethernet interface
IC-E
206
ipv6 dhcp
Submits a DHCPv6 request for an IPv6 address
IC-E
207
shutdown
Disables the Ethernet interface
IC-E
208
Exec
209
show interface ethernet Shows the status for the Ethernet interface
interface ethernet This command enters Ethernet interface configuration mode.
Default Setting
None
Command Mode
Global Configuration
Example
To specify the 1000BASE-T network interface, enter the following command:
AP(config)#interface ethernet
AP(if-ethernet)#
â 203 â
Chapter 24 | Ethernet Interface Commands
dns This command specifies the address for the primary or secondary domain name
server to be used for name-to-address resolution.
Syntax
dns {primary-server | secondary-server} 
primary-server - Primary server used for name resolution.
secondary-server - Secondary server used for name resolution.
server-address - IP address of domain-name server.
Default Setting
None
Command Mode
Global Configuration
Command Usage
The primary and secondary name servers are queried in sequence.
Example
This example specifies two domain-name servers.
AP(if-ethernet)#dns primary-server 192.168.1.55
AP(if-ethernet)#dns secondary-server 10.1.0.55
AP(if-ethernet)#
Related Commands
show interface ethernet
ip address This command sets the IP address for the access point. Use the no form to restore
the default IP address.
Syntax
ip address   
no ip address
ip-address - IP address.
netmask - Network mask for the associated IP subnet. This mask identifies
the host address bits used for routing to specific subnets.
gateway - IP address of the default gateway.
Default Setting
IP address: 192.168.2.10
Netmask: 255.255.255.0
â 204 â
Chapter 24 | Ethernet Interface Commands
Command Mode
Interface Configuration (Ethernet)
Command Usage
â DHCP is disabled by default. If DHCP is enabled, you must first disable the DHCP
client with the no ip dhcp command before you manually configure a new IP
address.
â
You must assign an IP address to this device to gain management access over
the network or to connect the access point to existing IP subnets. You can
manually configure a specific IP address using this command, or direct the
device to obtain an address from a DHCP server using the ip dhcp command.
Valid IP addresses consist of four numbers, 0 to 255, separated by periods.
Anything other than this format will not be accepted by the configuration
program.
Example
AP(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
AP(if-ethernet)#ip address 192.168.1.2 255.255.255.0 192.168.1.253
AP(if-ethernet)#
Related Commands
ip dhcp
ip dhcp This command enables the access point to obtain an IP address from a DHCP server.
Use the no form to restore the default IP address.
Syntax
[no] ip dhcp
Default Setting
Disabled
Command Mode
Interface Configuration (Ethernet)
Command Usage
You must assign an IP address to this device to gain management access over
the network or to connect the access point to existing IP subnets. You can
manually configure a specific IP address using the ip address command, or
direct the device to obtain an address from a DHCP server using this command.
â
â
When you use this command, the access point will begin broadcasting DHCP
client requests. The current IP address will continue to be effective until a DHCP
reply is received. Requests will be broadcast periodically by this device in an
â 205 â
Chapter 24 | Ethernet Interface Commands
effort to learn its IP address. (DHCP values can include the IP address, subnet
mask, and default gateway.)
Example
AP(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
AP(if-ethernet)#ip dhcp
AP(if-ethernet)#
Related Commands
ip address
ip management This command sets the IP address for management access to the AP.
address
Syntax
ip management address  
ip-address - The IP address for management access.
netmask - Network mask for the associated IP subnet.
Default Setting
IP address: 192.168.1.10
Netmask: 255.255.255.0
Command Mode
Interface Configuration (Ethernet)
Command Usage
The AP must have an IP address to gain management access over the network. The
management IP is a static address that can be used to access the AP in the event
that DHCP assignment fails.
Example
AP(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
AP(if-ethernet)# ip management address 192.168.1.2 255.255.255.0
AP(if-ethernet)#
ipv6 address This command sets the IPv6 address for the access point. Use the no form to restore
the default IPv6 address.
Syntax
ipv6 address   
no ipv6 address
â 206 â
Chapter 24 | Ethernet Interface Commands
ipv6-address - IPv6 address.
netmask - Network mask for the associated IPv6 subnet. This mask identifies
the host address bits used for routing to specific subnets.
gateway - IPv6 address of the default gateway.
Default Setting
IP address: 2001:db8::1
Netmask: 64
Gateway: 2001:db8::2
Command Mode
Interface Configuration (Ethernet)
Command Usage
â DHCPv6 is disabled by default. To manually configure a new IPv6 address, you
must first disable the DHCPv6 client with the no ipv6 dhcp command.
â
You must assign an IPv6 address to this device to gain management access over
the network or to connect the access point to existing IPv6 subnets. You can
manually configure a specific IPv6 address using this command, or direct the
device to obtain an address from a DHCPv6 server using the ipv6 dhcp
command.
Example
AP(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
Enterprise AP(if-ethernet)#ipv6 address 2001:db8::10 64 2001:db8::19
AP(if-ethernet)#
Related Commands
ipv6 dhcp
ipv6 dhcp This command enables the access point to obtain an IPv6 address from a DHCPv6
server. Use the no form to restore the default IPv6 address.
Syntax
[no] ipv6 dhcp
Default Setting
Disabled
Command Mode
Interface Configuration (Ethernet)
â 207 â
Chapter 24 | Ethernet Interface Commands
Command Usage
â You must assign an IPv6 address to this device to gain management access over
the network or to connect the access point to existing IPv6 subnets. You can
manually configure a specific IPv6 address using the ipv6 address command,
or direct the device to obtain an address from a DHCPv6 server using this
command.
â
When you use this command, the access point will begin broadcasting DHCPv6
client requests. The current IPv6 address (i.e., default or manually configured
address) will continue to be effective until a DHCPv6 reply is received. Requests
will be broadcast periodically by this device in an effort to learn its IPv6 address.
(DHCPv6 values can include the IPv6 address, subnet mask, and default
gateway.)
Example
AP(config)#interface ethernet
Enter Ethernet configuration commands, one per line.
AP(if-ethernet)#ipv6 dhcp
AP(if-ethernet)#
Related Commands
ipv6 address
shutdown (Ethernet) This command disables the Ethernet interface. To restart a disabled interface, use
the no form.
Syntax
[no] shutdown
Default Setting
Interface enabled
Command Mode
Interface Configuration (Ethernet)
Command Usage
This command allows you to disable the Ethernet port due to abnormal behavior
(e.g., excessive collisions), and reenable it after the problem has been resolved. You
may also want to disable the Ethernet port for security reasons.
Example
The following example disables the Ethernet port.
AP(if-ethernet)#shutdown
AP(if-ethernet)#
â 208 â
Chapter 24 | Ethernet Interface Commands
show interface This command displays the status for the Ethernet interface.
ethernet
Syntax
show ethernet interface
Default Setting
Ethernet interface
Command Mode
Exec
Example
AP#show interface ethernet
Ethernet Interface Information
========================================
IP Address
: 192.168.2.10
Subnet Mask
: 255.255.255.0
Default Gateway
: 192.168.2.254
Primary DNS
Secondary DNS
Management IP
: 192.168.1.10
Management Subnet
: 255.255.255.0
IPv6 Address
: 2001:db8::1
IPv6 Subnet Mask
: 64
IPv6 Gateway
: 2001:db8::2
IPv6 Primary DNS
IPv6 Secondary DNS :
Admin status
: Up
Operational status : Up
========================================
AP#
â 209 â
25
Wireless Interface Commands
The commands described in this section configure connection parameters for the
wireless interfaces.
Table 20: Wireless Interface Commands
Command
Function
Mode
Page
interface wireless
Enters wireless interface configuration mode
GC
212
vap
Provides access to the VAP interface configuration
mode
IC-W
212
a-mpdu
Sets the Aggregate MAC Protocol Data Unit (AMPDU)
IC-W
213
a-msdu
Sets the Aggregate MAC Service Data Unit (AMSDU)
IC-W
213
channel
Configures the radio channel
IC-W
214
transmit-power
Adjusts the power of the radio signals transmitted
from the access point
IC-W
215
min-allowed-rate
Selects minimum allowed transmit data rates
IC-W
216
disable-coexist
Prevents 20 MHz and 40 MHz channels operating
together
IC-W
216
make-rf-settingeffective
Implements wireless command changes made in
current CLI session
IC-W
217
preamble
Sets the length of the 802.11g signal preamble
IC-W
217
short-guard-interval
Enables the 802.11n short guard interval
IC-W
218
beacon-interval
Configures the rate at which beacon signals are
transmitted from the access point
IC-W
218
dtim-period
Configures the rate at which stations in sleep mode IC-W
must wake up to receive broadcast/multicast
transmissions
219
rts-threshold
Sets the packet size threshold at which an RTS must IC-W
be sent to the receiving station prior to the sending
station starting communications
220
ssid
Configures the service set identifier
IC-W-VAP
221
closed system
Opens access to clients without a pre-configured
SSID
IC-W-VAP
221
max-client
Sets the maximum number of clients per radio
IC-W
222
max-association
Sets the maximum number of clients per VAP
IC-W-VAP
222
client-assoc-preempt
Implements a priority for associating clients
IC-W-VAP
223
â 210 â
Chapter 25 | Wireless Interface Commands
Table 20: Wireless Interface Commands (Continued)
Command
Function
Mode
Page
assoc- timeout-interval
Configures the idle time interval (when no frames
are sent) after which a client is disassociated from
the VAP interface
IC-W-VAP
224
auth- timeout-value
Configures the time interval after which clients
must be re-authenticated
IC-W-VAP
224
multicast-enhance
Enhances multicast quality for wireless clients
IC-W-VAP
225
shutdown
Disables the wireless interface
IC-W-VAP
225
interfere-chan-recover
Rescans channels when interference is detected
IC-W
226
band-steering
Redirects all dual-band clients to connect to the
5 GHz radio
GC
226
wlandev-interferedetection
Enables the detection of interference from nearby
APs
IC-W
227
antenna-chain
Sets the internal antennas to use
IC-W
227
long-distance
Enables long distance parameter settings
IC-W
228
long-distance reference- Computes settings from a distance reference
data
IC-W
229
long-distance slottime
Sets the slot time parameter
IC-W
229
long-distance
acktimeout
Sets the acknowledge timeout parameter
IC-W
230
long-distance
ctstimeout
Sets the CTS timeout parameter
IC-W
230
bandwidth-control
downlink
Enables downlink bandwidth control on a VAP
interface
IC-W-VAP
230
bandwidth-control
downlink rate
Sets the downlink bandwidth rate for a VAP
interface
IC-W-VAP
231
bandwidth-control
uplink
Enables uplink bandwidth control on a VAP
interface
IC-W-VAP
232
bandwidth-control
uplink rate
Sets the uplink bandwidth rate for a VAP interface
IC-W-VAP
232
show interface wireless
Shows the status for the wireless interface
Exec
233
show station
Shows the wireless clients associated with the
access point
Exec
235
show station statistics
Shows traffic statistics for wireless clients associated Exec
with the access point
236
show band-steering
Shows the status of the Band Steering feature
237
â 211 â
Exec
Chapter 25 | Wireless Interface Commands
interface wireless This command enters wireless interface configuration mode.
Syntax
interface wireless 
index - The index of the wireless interface. (Range: 0 or 1, where â0â is the
2.4 GHz interface and â1â the 5 GHz interface)
Default Setting
None
Command Mode
Global Configuration
Example
AP(config)# interface wireless 0
Enter Wireless configuration commands, one per line.
AP(if-wireless 0)#
vap This command provides access to the VAP (Virtual Access Point) interface
configuration mode.
Syntax
vap 
vap-index - The number that identifies the VAP interface.
(Options: 0-15)
Default Setting
None
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)#vap 0
AP(if-wireless 0: VAP[0])#
â 212 â
Chapter 25 | Wireless Interface Commands
a-mpdu This command enables and sets the Aggregate MAC Protocol Data Unit
(A-MPDU).
Syntax
a-mpdu {enable | disable | length | }
enable - Enable A-MPDU.
disable - Disable A-MPDU.
length - 1024-65535 bytes.
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)#a-mpdu enable
AP(if-wireless 0)#
a-msdu This command enables and sets the Aggregate MAC Service Data Unit
(A-MSDU).
Syntax
a-msdu {enable | disable | length }
enable - Enable A-MSDU.
disable - Disable A-MSDU.
length - 1024-65535 bytes.
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)#a-msdu enable
AP(if-wireless 0)#
â 213 â
Chapter 25 | Wireless Interface Commands
channel This command configures the radio channel through which the access point
communicates with wireless clients.
Syntax
channel {ht20  | ht40  | auto}
ht20-channel - The 802.11n 20 MHz channel number:
11ng mode: 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11
11na mode: 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120,
124, 128, 132, 136, 140, 149, 153, 157, 161, 165
ht40-channel - The 802.11n 40 MHz channel number:
11ng mode: 01Plus, 02Plus, 03Plus, 04Plus, 05Plus, 05Minus, 06Plus,
06Minus, 07Plus, 07Minus, 08Minus, 09Minus, 10Minus, 11Minus
11na mode: 36Plus, 40Minus, 44Plus, 48Minus, 52Plus, 56Minus, 60Plus,
64Minus, 100Plus, 104Minus, 108Plus, 112Minus, 116Plus, 120Minus,
124Plus, 128Minus, 132Plus, 136Minus, 149Plus, 153Minus, 157Plus,
161Minus
auto - Automatically selects an unoccupied channel (if available).
Otherwise, the lowest channel is selected.
Default Setting
Automatic channel selection
Command Mode
Interface Configuration (Wireless)
Command Usage
â The available channel settings are limited by local regulations, which
determine the number of channels that are available.
â
The available channels depend on the radio interface, either 11b/g/n (2.4 GHZ)
or 11a/n (5 GHz).
â
The access point provides a channel bandwidth of 20 MHz by default giving an
802.11g connection speed of 54 Mbps and a 802.11n connection speed of up
to 108 Mbps, and ensures backward compliance for slower 802.11b devices.
Setting the HT Channel Bandwidth to 40 MHz increases connection speed for
802.11n up to 300 Mbps.
â
HT40plus indicates that the secondary channel is above the primary channel.
HT40minus indicates that the secondary channel is below the primary channel.
â
For most wireless adapters, the channel for wireless clients is automatically set
to the same as that used by the access point to which it is linked.
â 214 â
Chapter 25 | Wireless Interface Commands
Example
AP(if-wireless 0)# channel ht20 06
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
transmit-power This command adjusts the power of the radio signals transmitted from the access
point.
Syntax
transmit-power {percentage  | dbm }
percent-power - Signal strength as a percentage transmitted from the AP.
(Options: full, half, quarter, eighth, min)
dbm-power - Signal strength in dBm transmitted from the AP.
(Range: 3-20 dBm)
Default Setting
Percentage Mode: Full (100%)
dBm Mode: 18 dBm
Command Mode
Interface Configuration (Wireless)
Command Usage
â The âminâ keyword indicates minimum power.
â
The longer the transmission distance, the higher the transmission power
required. But to support the maximum number of users in an area, you must
keep the power as low as possible. Power selection is not just a trade off
between coverage area and maximum supported clients. You also have to
ensure that high strength signals do not interfere with the operation of other
radio devices in your area.
Example
AP(if-wireless 0)# transmit-power percentage half
AP(if-wireless 0)#
â 215 â
Chapter 25 | Wireless Interface Commands
min-allowed-rate This command selects minimum allowed transmit data rates for the AP.
Syntax
min-allowed-rate {all |   
}
all - Selects all available rates.
cck-rate - Specifies the minimum CCK rate (2.4 GHz radio only).
(Options: 1, 2, 5. 5, 11 Mbps)
ofdm-rate - Specifies the minimum OFDM rate.
(Options: 6, 9, 12, 18, 24, 36, 48, 54 Mbps)
singlestream-rate - Specifies the minimum 802.11n single stream rate.
(Options: MCS0, MCS1, MCS2, MCS3, MCS4, MCS5, MCS6, MCS7)
doublestream-rate - Specifies the minimum 802.11n double stream rate.
(Options: MCS8, MCS9, MCS10, MCS11, MCS12, MCS13, MCS14, MCS15)
Default Setting
CCK Rate: 1 Mbps
OFDM Rate: 6 Mbps
Single Stream Rate: MCS0
Double Stream Rate: MCS8
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)# min-allowed-rate 1 6 mcs0 mcs8
AP(if-wireless 0)#
disable-coexist This command prevents the operation of both 20 MHz and 40 MHz channel
bandwidths in the wireless network.
Syntax
disable-coexist 
n - No, do not disable channel coexistance.
y - Yes, disable channel coexistance.
Default Setting
No
Command Mode
Interface Configuration (Wireless)
â 216 â
Chapter 25 | Wireless Interface Commands
Example
AP(if-wireless 0)# disable-coexist y
AP(if-wireless 0)#
make-rf-setting- This command implements all wireless command changes made in current CLI
effective session.
Syntax
make-rf-setting-effective
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)# make-RF-setting-effective
It will take several minutes !
Please wait a while...
AP(if-wireless 0)#
preamble This command sets the length of the signal preamble that is used at the start of a
802.11b/g data transmission.
Syntax
preamble [long | short-or-long]
long - Sets the preamble to long (192 microseconds).
short-or-long - Sets the preamble to short if no 802.11b clients are
detected (96 microseconds).
Default Setting
Short-or-Long
Command Mode
Interface Configuration (Wireless)
Command Usage
Using a short preamble instead of a long preamble can increase data
throughput on the access point, but requires that all clients can support a short
preamble.
â
â 217 â
Chapter 25 | Wireless Interface Commands
â
Set the preamble to long to ensure the access point can support all 802.11b
and 802.11g clients.
Example
AP(if-wireless 0)# preamble short-or-long
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
short-guard-interval This command sets the 802.11n guard interval to 400ns (short) or 800ns (long).
Syntax
short-guard-interval 
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
Command Usage
The 802.11n draft specifies two guard intervals: 400ns (short) and 800ns (long).
Support of the 400ns guard interval is optional for transmit and receive. The
purpose of a guard interval is to introduce immunity to propagation delays, echoes,
and reflections to which digital data is normally very sensitive. Enabling the short
guard interval sets it to 400ns.
Example
AP(if-wireless 0)# short-guard-interval enable
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
beacon-interval This command configures the rate at which beacon signals are transmitted from
the access point.
Syntax
beacon-interval 
interval - The rate for transmitting beacon signals. (Range: 40-3500 TUs)
â 218 â
Chapter 25 | Wireless Interface Commands
Default Setting
100 TUs
Command Mode
Interface Configuration (Wireless)
Command Usage
The beacon signals allow wireless clients to maintain contact with the access point.
They may also carry power-management information.
Example
AP(if-wireless 0)# beacon-interval 60
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
dtim-period This command configures the rate at which stations in sleep mode must wake up to
receive broadcast/multicast transmissions.
Syntax
dtim-period 
interval - Interval between the beacon frames that transmit broadcast or
multicast traffic. (Range: 1-255 beacon frames)
Default Setting
Command Mode
Interface Configuration (Wireless)
Command Usage
â The Delivery Traffic Indication Map (DTIM) packet interval value indicates how
often the MAC layer forwards broadcast/multicast traffic. This parameter is
necessary to wake up stations that are using Power Save mode.
â
The DTIM is the interval between two synchronous frames with broadcast/
multicast information. The default value of 1 indicates that the access point will
save all broadcast/multicast frames for the Basic Service Set (BSS) and forward
them after every beacon.
â
Using smaller DTIM intervals delivers broadcast/multicast frames in a more
timely manner, causing stations in Power Save mode to wake up more often
and drain power faster. Using higher DTIM values reduces the power used by
â 219 â
Chapter 25 | Wireless Interface Commands
stations in Power Save mode, but delays the transmission of broadcast/
multicast frames.
Example
AP(if-wireless 0)# dtim-period 10
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
rts-threshold This command sets the packet size threshold at which a Request to Send (RTS)
signal must be sent to the receiving station prior to the sending station starting
communications.
Syntax
rts-threshold 
threshold - Threshold packet size for which to send an RTS.
(Range: 1-2346 bytes)
Default Setting
2346
Command Mode
Interface Configuration (Wireless)
Command Usage
â If the threshold is set to 1, the access point always sends RTS signals. If set to
2346, the access point never sends RTS signals. If set to any other value, and the
packet size equals or exceeds the RTS threshold, the RTS/CTS (Request to Send /
Clear to Send) mechanism will be enabled.
â
The access point sends RTS frames to a receiving station to negotiate the
sending of a data frame. After receiving an RTS frame, the station sends a CTS
frame to notify the sending station that it can start sending data.
â
Access points contending for the wireless medium may not be aware of each
other. The RTS/CTS mechanism can solve this âHidden Nodeâ problem.
Example
AP(if-wireless 0)# rts-threshold 1
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
â 220 â
Chapter 25 | Wireless Interface Commands
ssid This command configures the service set identifier (SSID) of the VAP.
Syntax
ssid 
string - The name of a basic service set supported by the access point.
(Range: 1 - 32 characters)
Default Setting
2.4 GHz: %VBM#BOE_11BGN_0 to 15 (for VAPs 0-15)
5 GHz: %VBM#BOE_11NA_0 to 15 (for VAPs 0-15)
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
Clients that want to connect to the wireless network through an access point must
set their SSIDs to the same as that of the access point.
Example
AP(if-wireless 0: VAP[0])# ssid net-name
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
closed-system This command prohibits access to clients without a pre-configured SSID. Use the
no form to disable this feature.
Syntax
[no] closed-system
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
When closed system is enabled, the access point will not include its SSID in beacon
messages. Nor will it respond to probe requests from clients that do not include a
fixed SSID.
â 221 â
Chapter 25 | Wireless Interface Commands
Example
AP(if-wireless 0: VAP[0])#closed-system
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0)#
max-client This command configures the maximum number of wireless clients that can
associate with a radio.
Syntax
max-client 
max-clients - The maximum number associated clients for the radio.
(Range: 1-127)
Default Setting
100
Command Mode
Interface Configuration (Wireless)
Command Usage
This command sets the total maximum number of clients that may associate with
the radio. This includes the total clients associated to all VAP interfaces. The
maximum number of clients that can associate to a specific VAP interface can be set
using the max-association command.
Example
AP(if-wireless 0)# max-client 64
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0)#
max-association This command configures the maximum number of wireless clients that can
associate with a VAP interface.
Syntax
max-association 
max-clients - The maximum number associated clients for the VAP interface.
(Range: 1-127)
â 222 â
Chapter 25 | Wireless Interface Commands
Default Setting
16
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
This command sets the total maximum number of clients that may associate with a
VAP interface. If the value is greater than the setting for the maximum clients per
radio (max-client command), the command does not take effect.
Example
AP(if-wireless 0: VAP[0])# max-association 64
AP(if-wireless 0: VAP[0])#
client-assoc-preempt This command enables a feature that implements a priority for associating clients
when the maximum has been reached. Use the no form to disable the feature.
Syntax
[no] client-assoc-preempt
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
When enabled, the AP applies a priority order for associating clients when the
maximum clients for the VAP has been reached. The priority order is 11n clients,
11a/g clients, then 11b clients.
â
â
When the association pool for the VAP is full and the AP receives an association
request from a high-priority (11n) client, the AP sends a disassociation to a
lower priority client (11a/g or 11b) in order to be able to associate the highpriority client. If there are no lower-priority clients to disassociate, the AP will
reject the association request.
Example
AP(if-wireless 0: VAP[0])# client-assoc-preempt
set_vap_assoc_pri 0 0 y
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 223 â
Chapter 25 | Wireless Interface Commands
assoc-timeout- This command configures the idle time interval (when no frames are sent) after
interval which the client is disassociated from the VAP interface.
Syntax
assoc-timeout-interval 
minutes - The number of minutes of inactivity before disassociation.
(Range: 5-60 minutes)
Default Setting
5 minutes
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# assoc-timeout-interval 10
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
auth-timeout-interval This command configures the time interval within which clients must complete
authentication to the VAP interface.
Syntax
auth-timeout-interval 
minutes - The number of minutes before re-authentication. (Range: 3-60
minutes)
Default Setting
3 minutes
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# auth-timeout-interval 10
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 224 â
Chapter 25 | Wireless Interface Commands
multicast-enhance This command enables a feature that improves multicast video quality for wireless
clients. Use the no form to disable the feature.
Syntax
[no] multicast-enhance
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
When a wireless client joins a multicast group, this feature converts multicast
packets to unicast packets to improve multicast video quality.
Example
AP(if-wireless 0: VAP[0])# multicast-enhance
set_vap_mcastenhance 0 0 2
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
shutdown (VAP) This command disables the VAP interface. Use the no form to restart the interface.
Syntax
[no] shutdown
Default Setting
Interface enabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
You must first enable VAP interface 0 before you can enable VAP interfaces 1 to 15.
Example
AP(if-wireless 0: VAP[0])# shutdown
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 225 â
Chapter 25 | Wireless Interface Commands
interfere-chan- This command rescans channels when interference is detected on the current
recover channel. Use the no form to disable the feature.
Syntax
[no] interfere-chan-recover
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
Command Usage
When interference is detected on the current channel, the AP re-scans all
channels and then changes to a new clear channel.
â
â
There is too much interference on a channel when the AP is unable to send the
beacon signal more than ten times. The AP will then use its auto-channel
algorithm to find a new clear channel.
Example
AP(if-wireless 0)# interfere-chan-recover
AP(if-wireless 0)#
band-steering This command redirects all dual-band clients to connect to the 5 GHz radio. Use the
no form to disable the feature.
Syntax
[no] band-steering
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
The Band Steering feature redirects all dual-band clients associated to the
2.4 GHz radio to connect to the 5 GHz radio.
â
â
This feature only functions when both the 2.4 GHz and 5 GHz radio SSIDs are
identical.
â 226 â
Chapter 25 | Wireless Interface Commands
Example
AP(config)# band-steering
AP(config)#
wlandev-interfere- This command enables the detection of nearby APs that are using the same
detection channel. Use the no form to disable the feature.
Syntax
wlandev-interfere-detection  
[no] wlandev-interfere-detection
rssi - The RSSI signal strength threshold of a nearby AP above which the unit
switches to another channel. (Range: 1-100)
time - The time duration that a nearby AP with an RSSI above the set
threshold is continuously detected before the unit restarts the scan
process. (Range: 10-300 seconds)
Default Setting
Disabled
RSSI: 80
Time: 30 seconds
Command Mode
Interface Configuration (Wireless)
Command Usage
Enables the detection of nearby APs that are using the same channel. If the RSSI
signal strength of a nearby AP is above the configured threshold value for more
than the specified time, the unit switches to another channel.
Example
AP(if-wireless 0)# wlandev-interfere-detection 90 60
AP(if-wireless 0)#
antenna-chain This command selects the use of two antennas or a single antenna for radio
transmissions.
Syntax
antenna-chain 
right-left - The radio transmits from both internal antennas.
left - The radio only transmits from one internal antenna.
right - The radio only transmits from one internal antenna.
â 227 â
Chapter 25 | Wireless Interface Commands
Default Setting
right-left
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)# antenna-chain left
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
long-distance This command computes settings that allow wireless clients a long distance from
the AP to maintain communications.
Syntax
long-distance 
enable - Enables the long distance settings.
disable - Disables the feature.
Default
Disabled
Command Mode
Interface Configuration (Wireless)
Command Usage
When you have long-distance links in the wireless network, some timing
parameters require an adjustment to maintain communications. You can enable
this feature and then use the long-distance reference-data command to suggest
settings based on an approximate distance.
Example
AP(if-wireless 0)# long-distance enable
For making changes effective, please execute make-RF-setting-effective
command !
AP(if-wireless 0)#
â 228 â
Chapter 25 | Wireless Interface Commands
long-distance This command computes settings that allow wireless clients a long distance from
reference-data the AP to maintain communications.
Syntax
long-distance reference-data 
distance - An approximate distance in meters. (Range: 1-50000 meters)
Default
0 (disabled)
Command Mode
Interface Configuration (Wireless)
Command Usage
Enter the approximate distance (in meters) of the client from the AP. The AP
computes a set of recommended values for SlotTime, ACKTimeOut and
CTSTimeOut. You can use the recommended values or enter your own values that
work for your specific environment.
Example
AP(if-wireless 0)# long-distance reference-data 1000
Distance(m): 1000
Slot time(us): 15
ACKTimeOut(us): 56
CTSTimeOut(us): 56
AP(if-wireless 0)#
long-distance slottime This command sets the slot time for long-distance communications.
Syntax
long-distance slottime 
time - The adjusted slot time in microseconds.
Default
9 microseconds
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)# long-distance slottime 25
For making changes effective, please execute make-RF-setting-effective
command after entering all three long distance parameters!
AP(if-wireless 0)#
â 229 â
Chapter 25 | Wireless Interface Commands
long-distance This command sets the acknowledge timeout for long-distance communications.
acktimeout
Syntax
long-distance acktimeout 
timeout - The adjusted acknowledge timeout in microseconds.
Default
64 microseconds
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)# long-distance acktimeout 56
For making changes effective, please execute make-RF-setting-effective
command after entering all three long distance parameters!
AP(if-wireless 0)#
long-distance This command sets the CTS (clear to send) timeout for long-distance
ctstimeout communications.
Syntax
long-distance ctstimeout 
timeout - The adjusted CTS timeout in microseconds.
Default
48 microseconds
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)# long-distance ctstimeout 56
For making changes effective, please execute make-RF-setting-effective
command after entering all three long distance parameters!
AP(if-wireless 0)#
bandwidth-control This command enables the downlink bandwidth control for a VAP interface.
downlink
Syntax
bandwidth-control downlink 
enable - Enables the downlink bandwidth control setting.
â 230 â
Chapter 25 | Wireless Interface Commands
disable - Disables the feature.
Default
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
This command enables the rate limiting of traffic from the wired network as it is
passed to the VAP interface. You can set a maximum rate in Kbytes per second.
Example
AP(if-wireless 0: VAP[0])# bandwidth-control downlink enable
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
bandwidth-control This command sets the downlink bandwidth rate for a VAP interface.
downlink rate
Syntax
bandwidth-control downlink rate 
rate - The allowed downlink rate in Kbytes per second.
(Range: 100-12000 Kbytes per second)
Default
100 Kbytes per second
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# bandwidth-control downlink rate 512
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 231 â
Chapter 25 | Wireless Interface Commands
bandwidth-control This command enables the uplink bandwidth control for a VAP interface.
uplink
Syntax
bandwidth-control uplink 
enable - Enables the uplink bandwidth control setting.
disable - Disables the feature.
Default
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
This command enables the rate limiting of traffic from the VAP interface as it is
passed to the wired network. You can set a maximum rate in Kbytes per second.
Example
AP(if-wireless 0: VAP[0])# bandwidth-control uplink enable
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
bandwidth-control This command sets the uplink bandwidth rate for a VAP interface.
uplink rate
Syntax
bandwidth-control uplink rate 
rate - The allowed uplink rate in Kbytes per second.
(Range: 100-12000 Kbytes per second)
Default
100 Kbytes per second
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# bandwidth-control uplink rate 512
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
â 232 â
Chapter 25 | Wireless Interface Commands
AP(if-wireless 0: VAP[0])#
show interface This command displays the status for a specified VAP interface.
wireless
Syntax
show interface wireless  vap 
index - The wireless interface slot number. (Range: 0 or 1)
vap-index - The number that identifies a VAP interface.
(Options: 0-15)
Command Mode
Exec
Example
AP# show interface wireless 0 vap 0
----------------------------------Basic
SSID
Wireless Network Mode
Auto Channel Select
Channel
Channel Width Mode
Allowed Rates
Setting---------------------------: %VBM#BOE_11BGN_0
: 11ng
: ENABLE
: 1
: HT20
: 1,2,5.5,11,6,9,12,18,24,36,48,54,
MCS0,MCS1,MCS2,MCS3,MCS4,MCS5,MCS6,
MCS7,MCS8,MCS9,MCS10,MCS11,MCS12,
MCS13,MCS14,MCS15
Status
: ENABLE
Multicast enhancement
: DISABLE
MAC Address
: 70:72:CF:00:11:70
VLAN-ID
: 1
Dhcp-Relay Server Ip
: 0.0.0.0
----------------------------------Capacity---------------------------------Maximum Association Client Per Vap
: 16 Clients
Maximum Association Client Per Radio
: 100 Clients
------------------------------802.11 Parameters----------------------------Transmit Power
: 100%(20 dBm)
Preamble Length
: Short-or-Long
Fragmentation Threshold
: 2346
RTS Threshold
: 2346
Beacon Interval
: 100
Authentication Timeout Interval
: 3 Mins
Association Timeout Interval
: 5 Mins
DTIM Interval
: 1
Short Guard Interval Status
: Disabled
A-MPDU Status
: Enabled
A-MPDU Length Limit
: 65535 Bytes
A-MSDU Status
: Enabled
Disable HT20/H40 coexistence
: disabled
Interference Channel Recover
: disabled
-----------------------Press any key to continue----------------------WLAN Device Interference Detection
WLAN client association preemption
â 233 â
: disabled
: disabled
Chapter 25 | Wireless Interface Commands
----------------------------------Security---------------------------------Closed System
: DISABLE
WPA Function
: OPEN-SYSTEM, WPA FUNCTION DISABLE
WPA PSK Key Type
: ascii
WPA PSK Key
: ********
Default Transmit Key
: 1
Static WEP Keys
Key 1
: *****
Key 2
: *****
Key 3
: *****
Key 4
: *****
Pre-Authentication
: DISABLE
-----------------------------------802.1x----------------------------------802.1x
: DISABLE
802.1x Reauthentication Time Value
: 3600 seconds
---------------------Bandwidth Control for Uplink/Downlink-----------------Bandwidth Control for Uplink
: DISABLE
Bandwidth Control for Uplink rate
: 100 Kbyte/s
Bandwidth Control for Downlink
: DISABLE
Bandwidth Control for Downlink rate
: 100 Kbyte/s
-----------------------------MAC Authentication----------------------------Authentication Information
===================================================================
MAC Authentication Server
: Disable
Session Timeout
: Disable
Filter Table (Allow List):
Filter Table (Deny List):
-------------------------------Qos Mapping------------------------------Qos Mapping for vap to 802.1p
: DISABLE
User Priority for vap to 802.1p
: 0
Qos Mapping for 802.1d to 802.1p
: DISABLE
Template Name for 802.1d to 802.1p
: default_up_mapping_1
-----------------------Press any key to continue----------------------Template Priority for 802.1d to 802.1p
Qos Mapping for 802.1d to DSCP
Template Name for 802.1d to DSCP
Template Priority for 802.1d to DSCP
01234567
DISABLE
default_up_mapping_1
01234567
------------------------------Quality of Service---------------------------WMM Mode
: ENABLED
WMM Acknowledge Policy
AC0(BE)
AC1(BK)
AC2(VI)
AC3(VO)
WMM AP Parameters:
AC0(BE) CwMin:
4 CwMax:
AC1(BK) CwMin:
4 CwMax:
AC2(VI) CwMin:
3 CwMax:
AC3(VO) CwMin:
2 CwMax:
WMM BSS Parameters:
AC0(BE) CwMin:
4 CwMax:
AC1(BK) CwMin:
4 CwMax:
AC2(VI) CwMin:
3 CwMax:
AC3(VO) CwMin:
2 CwMax:
-----------------------Press
â 234 â
Acknowledge
Acknowledge
Acknowledge
Acknowledge
10
AIFSN:
AIFSN:
AIFSN:
AIFSN:
TXOP
TXOP
TXOP
TXOP
Limit:
Limit:
Limit:3008
Limit:1504
10
10
any
AIFSN:
3 TXOP Limit:
0 ACM:Disabled
AIFSN:
7 TXOP Limit:
0 ACM:Disabled
AIFSN:
2 TXOP Limit:3008 ACM:Disabled
AIFSN:
2 TXOP Limit:1504 ACM:Disabled
key to continue-----------------------
Chapter 25 | Wireless Interface Commands
--------------------------------Radius Server-----------------------------Radius Accounting Information
===================================================================
Status
: DISABLED
IP
: 10.7.16.96
Shared Secret
: ********
Port
: 1813
timeout-interim
: 300
===================================================================
Radius Primary Server Information
===================================================================
Status
: ENABLED
IP
: 10.7.16.96
Port
: 1812
Shared Secret
: ********
===================================================================
Radius Secondary Server Information
===================================================================
Status
: DISABLED
IP
: 10.7.16.97
Port
: 1812
Shared Secret
: ***
AP#
show station This command shows the wireless clients associated with the access point.
Command Mode
Exec
Example
AP#show station
Station Table Information
========================================
Wireless Interface 0 VAPs List:
if-wireless 0 VAP [0] :
ADDR
RSSI Tx(Mbps) Rx(Mbps)
Authentication
fc:25:3f:70:1a:4f 22
0M
6M
fc:25:3f:5c:32:49 20
0M
13M
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
if-wireless
VAP
VAP
VAP
VAP
VAP
VAP
VAP
VAP
VAP
VAP
VAP
VAP
VAP
VAP
VAP
[1] :
[2] :
[3] :
[4] :
[5] :
[6] :
[7] :
[8] :
[9] :
[10] :
[11] :
[12] :
[13] :
[14] :
[15] :
â 235 â
IP
Privacy
0.0.0.0
0.0.0.0
off
off
Open
Open
Chapter 25 | Wireless Interface Commands
Wireless Interface 1 VAPs List:
if-wireless 1 VAP [0] :
if-wireless 1 VAP [1] :
if-wireless 1 VAP [2] :
if-wireless 1 VAP [3] :
if-wireless 1 VAP [4] :
if-wireless 1 VAP [5] :
if-wireless 1 VAP [6] :
if-wireless 1 VAP [7] :
if-wireless 1 VAP [8] :
if-wireless 1 VAP [9] :
if-wireless 1 VAP [10] :
if-wireless 1 VAP [11] :
if-wireless 1 VAP [12] :
if-wireless 1 VAP [13] :
if-wireless 1 VAP [14] :
if-wireless 1 VAP [15] :
========================================
AP#
show station statistics This command shows statistics information for wireless clients associated with the
access point.
Command Mode
Exec
Example
AP#show station statistics
Station Table Information
========================================
Wireless Interface 0 VAPs List:
if-wireless 0 VAP [0] :
Total Station Number of this vap: 0
if-wireless 0 VAP [1] :
Total Station Number of this vap: 0
if-wireless 0 VAP [2] :
Total Station Number of this vap: 0
if-wireless 0 VAP [3] :
Total Station Number of this vap: 0
if-wireless 0 VAP [4] :
Total Station Number of this vap: 0
if-wireless 0 VAP [5] :
Total Station Number of this vap: 0
if-wireless 0 VAP [6] :
Total Station Number of this vap: 0
if-wireless 0 VAP [7] :
Total Station Number of this vap: 0
if-wireless 0 VAP [8] :
Total Station Number of this vap: 0
if-wireless 0 VAP [9] :
Total Station Number of this vap: 0
â 236 â
Chapter 25 | Wireless Interface Commands
if-wireless 0
Total Station
if-wireless 0
Total Station
if-wireless 0
Total Station
if-wireless 0
Total Station
if-wireless 0
Total Station
if-wireless 0
Total Station
VAP [10] :
Number of this
VAP [11] :
Number of this
VAP [12] :
Number of this
VAP [13] :
Number of this
VAP [14] :
Number of this
VAP [15] :
Number of this
vap: 0
vap: 0
vap: 0
vap: 0
vap: 0
vap: 0
Wireless Interface 1 VAPs List:
if-wireless 1 VAP [0] :
Total Station Number of this vap:
if-wireless 1 VAP [1] :
Total Station Number of this vap:
if-wireless 1 VAP [2] :
Total Station Number of this vap:
if-wireless 1 VAP [3] :
Total Station Number of this vap:
if-wireless 1 VAP [4] :
Total Station Number of this vap:
if-wireless 1 VAP [5] :
Total Station Number of this vap:
if-wireless 1 VAP [6] :
Total Station Number of this vap:
if-wireless 1 VAP [7] :
Total Station Number of this vap:
if-wireless 1 VAP [8] :
Total Station Number of this vap:
if-wireless 1 VAP [9] :
Total Station Number of this vap:
if-wireless 1 VAP [10] :
Total Station Number of this vap:
if-wireless 1 VAP [11] :
Total Station Number of this vap:
if-wireless 1 VAP [12] :
Total Station Number of this vap:
if-wireless 1 VAP [13] :
Total Station Number of this vap:
if-wireless 1 VAP [14] :
Total Station Number of this vap:
if-wireless 1 VAP [15] :
Total Station Number of this vap:
========================================
Total Station Number of this device: 0
Total Station Number of Radio 0: 0
Total Station Number of Radio 1: 0
========================================
AP#
show band-steering This command shows the status of the Band Steering feature.
Command Mode
Exec
â 237 â
Chapter 25 | Wireless Interface Commands
Example
AP#show band-steering
Band Steering Status:
AP#
Disable
â 238 â
26
Wireless Security Commands
The commands described in this section configure parameters for wireless security
on the VAP interfaces.
Table 21: Wireless Security Commands
Command
Function
Mode
Page
auth
Defines the 802.11 authentication type allowed by the IC-Waccess point
VAP
242
encryption
Defines whether or not WEP encryption is used to
provide privacy for wireless communications
IC-WVAP
241
key
Sets the keys used for WEP encryption
IC-W
242
transmit-key
Sets the index of the key to be used for encrypting
data frames sent between the access point and
wireless clients
IC-WVAP
243
cipher-suite
Selects an encryption method for the global key used IC-Wfor multicast and broadcast traffic
VAP
244
wpa-pre-shared-key
Defines a WPA preshared-key value
IC-WVAP
245
pmksa-lifetime
Sets the lifetime PMK security associations
IC-WVAP
246
make-security-effective
Implements wireless security changes made in
current CLI session
IC-WVAP
246
auth This command configures authentication for the VAP interface.
Syntax
auth 
open-system - Accepts the client without verifying its identity using a
shared key. âOpenâ authentication means either there is no encryption (if
encryption is disabled) or WEP-only encryption is used (if encryption is
enabled).
shared-key - Authentication is based on a WEP shared key that has been
distributed to all stations.
wpa - Clients using WPA are accepted for authentication.
wpa-psk - Clients using WPA with a Pre-shared Key are accepted for
authentication.
wpa2 - Clients using WPA2 are accepted for authentication.
â 239 â
Chapter 26 | Wireless Security Commands
wpa2-psk - Clients using WPA2 with a Pre-shared Key are accepted for
authentication.
wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for
authentication.
wpa-wpa2-psk-mixed - Clients using WPA or WPA2 with a Pre-shared Key
are accepted for authentication
Default Setting
open-system
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â The auth command automatically configures settings for each authentication
type, including encryption, 802.1X, and cipher suite. The command auth opensystem disables encryption and 802.1X.
â
To use WEP shared-key authentication, set the authentication type to âsharedkeyâ and define at least one static WEP key with the key command. Encryption
is automatically enabled by the command.
â
To use WEP encryption only (no authentication), set the authentication type to
âopen-system.â Then enable WEP with the encryption command, and define at
least one static WEP key with the key command.
â
When any WPA or WPA2 option is selected, clients are authenticated using
802.1X via a RADIUS server. Each client must be WPA-enabled or support
802.1X client software. The 802.1X settings (see â802.1X Authentication
Commandsâ on page 177) and RADIUS server details (see âRADIUS Client
Commandsâ on page 171) must be configured on the access point. A RADIUS
server must also be configured and be available in the wired network.
â
If a WPA/WPA2 mode that operates over 802.1X is selected (WPA, WPA2, WPAWPA2-mixed, or WPA-WPA2-PSK-mixed), the 802.1X settings (see â802.1X
Authentication Commandsâ on page 177) and RADIUS server details (see
âRADIUS Client Commandsâ on page 171) must be configured. Be sure you
have also configured a RADIUS server on the network before enabling
authentication. Also, note that each client has to be WPA-enabled or support
802.1X client software. A RADIUS server must also be configured and be
available in the wired network.
â
If a WPA/WPA2 Pre-shared Key mode is selected (WPA-PSK, WPA2-PSK or WPAWPA2-PSK-mixed), the key must first be generated and distributed to all
wireless clients before they can successfully associate with the access point.
Use the wpa-preshared-key command to configure the key (see âkeyâ on
page 242 and âtransmit-keyâ on page 243).
â 240 â
Chapter 26 | Wireless Security Commands
â
WPA2 defines a transitional mode of operation for networks moving from WPA
security to WPA2. WPA2 Mixed Mode allows both WPA and WPA2 clients to
associate to a common VAP interface. When the encryption cipher suite is set to
TKIP, the unicast encryption cipher (TKIP or AES-CCMP) is negotiated for each
client. The access point advertises itâs supported encryption ciphers in beacon
frames and probe responses. WPA and WPA2 clients select the cipher they
support and return the choice in the association request to the access point.
For mixed-mode operation, the cipher used for broadcast frames is always TKIP.
WEP encryption is not allowed.
Example
AP(if-wireless 0: VAP[0])# auth wpa-psk
AP(if-wireless 0: VAP[0])#
Related Commands
encryption
key
encryption This command enables data encryption for wireless communications. Use the no
form to disable data encryption.
Syntax
[no] encryption
Default Setting
disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
Selecting a security method using the auth command, automatically enables
data encryption (WEP, TKIP, or AES-CCMP) for the VAP. Only use this command
when using WEP encryption with an Open System.
â
â
Encryption is implemented in this device to prevent unauthorized access to
your wireless network. For more secure data transmissions, enable encryption
by selecting a security method using the auth command, or by using the
encryption command when using WEP encryption only.
â
The encryption settings must be the same on each client in your wireless
network.
â
Note that encryption protects data transmitted between wireless nodes, but
does not protect any transmissions over your wired network or over the
Internet.
â 241 â
Chapter 26 | Wireless Security Commands
Example
AP(if-wireless 0: VAP[0])# encryption
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
Related Commands
key
key This command sets the keys used for WEP encryption. Use the no form to delete a
configured key.
Syntax
key {    | static | dynamic}
no key 
index - Key index. (Range: 1-4)
size - Key size. (Options: 64 or 128 bits)
type - Input format. (Options: ASCII, HEX)
value - The key string.
For 64-bit keys, use 5 alphanumeric characters or 10 hexadecimal digits.
For 128-bit keys, use 13 alphanumeric characters or 26 hexadecimal
digits.
static - Uses static WEP keys with 802.1X authentication.
dynamic - When using 802.1X authentication, allows WEP keys to be
dynamically generated by the RADIUS server.
Default Setting
None
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â To enable WEP, use the auth shared-key command to select the âshared keyâ
authentication type, use the key command to configure at least one key, and
then use the transmit-key command to select a key to use.
â
If WEP is enabled, all wireless clients must be configured with the same shared
keys to communicate with the VAP.
â 242 â
Chapter 26 | Wireless Security Commands
â
The WEP key index, length and type configured for the VAP must match those
configured for clients.
Example
AP(if-wireless 0: VAP[0])# key 1 64 hex 1234512345
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
Related Commands
key
encryption
transmit-key
transmit-key This command sets the index of the WEP key to be used for encrypting data frames
transmitted from the VAP to wireless clients.
Syntax
transmit-key 
index - Key index. (Range: 1-4)
Default Setting
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â If you use WEP key encryption option, the access point uses the transmit key to
encrypt multicast and broadcast data signals that it sends to client devices.
Other keys can be used for decryption of data from clients.
â
When using dynamic keys with 802.1X, the access point uses a dynamic key to
encrypt unicast and broadcast messages to 802.1X-enabled clients. However,
because the access point sends the keys during the 802.1X authentication
process, these keys do not have to appear in the clientâs key list.
Example
AP(if-wireless 0: VAP[0])# transmit-key 1
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 243 â
Chapter 26 | Wireless Security Commands
cipher-suite This command defines the cipher algorithm used to encrypt the global key for
broadcast and multicast traffic when using WPA or WPA2 security.
Syntax
multicast-cipher 
aes-ccmp - Use AES-CCMP encryption for the unicast and multicast cipher.
tkip - Use TKIP encryption for the multicast cipher. TKIP or AES-CCMP can
be used for the unicast cipher depending on the capability of the client.
Default Setting
None
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â WPA and WPA2 enable a VAP to support different unicast encryption keys for
each client. However, the global encryption key for multicast and broadcast
traffic must be the same for all clients.
â
TKIP provides data encryption enhancements including per-packet key
hashing (i.e., changing the encryption key on each packet), a message integrity
check, an extended initialization vector with sequencing rules, and a re-keying
mechanism. Select TKIP if there are clients in the network that are not WPA2
compliant.
â
TKIP defends against attacks on WEP in which the unencrypted initialization
vector in encrypted packets is used to calculate the WEP key. TKIP changes the
encryption key on each packet, and rotates not just the unicast keys, but the
broadcast keys as well. TKIP is a replacement for WEP that removes the
predictability that intruders relied on to determine the WEP key.
â
AES-CCMP (Advanced Encryption Standard Counter-Mode/CBCMAC Protocol):
WPA2 is backward compatible with WPA, including the same 802.1X and PSK
modes of operation and support for TKIP encryption. The main enhancement is
its use of AES Counter-Mode encryption with Cipher Block Chaining Message
Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/
CBCMAC Protocol (AES-CCMP) provides extremely robust data confidentiality
using a 128-bit key. The AES-CCMP encryption cipher is specified as a standard
requirement for WPA2. However, the computational intensive operations of
AES-CCMP requires hardware support on client devices. Therefore to
implement WPA2 in the network, wireless clients must be upgraded to WPA2compliant hardware.
â 244 â
Chapter 26 | Wireless Security Commands
Example
AP(if-wireless 0: VAP[0])# cipher-suite tkip
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
wpa-pre-shared-key This command defines a Wi-Fi Protected Access (WPA/WPA2) Pre-shared-key.
Syntax
wpa-pre-shared-key  
hex - Specifies hexadecimal digits as the key input format.
passphrase-key - Specifies an ASCII pass-phrase string as the key input
format.
value - The key string. For ASCII input, specify a string between 8 and 63
characters. For HEX input, specify exactly 64 digits.
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â To support WPA or WPA2 for client authentication, use the auth command to
specify the authentication type, and use the wpa-preshared-key command to
specify one static key.
â
If WPA or WPA2 is used with pre-shared-key mode, all wireless clients must be
configured with the same pre-shared key to communicate with the access
pointâs VAP interface.
Example
AP(if-wireless 0: VAP[0])# wpa-pre-shared-key passphrase-key agoodsecret
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
Related Commands
auth
â 245 â
Chapter 26 | Wireless Security Commands
pmksa-lifetime This command sets the time for aging out cached WPA2 Pairwise Master Key
Security Association (PMKSA) information for fast roaming.
Syntax
pmksa-lifetime 
minutes - The time for aging out PMKSA information.
(Range: 0 - 14400 minutes)
Default Setting
720 minutes
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â WPA2 provides fast roaming for authenticated clients by retaining keys and
other security information in a cache, so that if a client roams away from an
access point and then returns reauthentication is not required.
â
When a WPA2 client is first authenticated, it receives a Pairwise Master Key
(PMK) that is used to generate other keys for unicast data encryption. This key
and other client information form a Security Association that the access point
names and holds in a cache. The lifetime of this security association can be
configured with this command. When the lifetime expires, the client security
association and keys are deleted from the cache. If the client returns to the
access point, it requires full reauthentication.
Example
AP(if-wireless 0: VAP[0])# pmksa-lifetime 600
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
make-security- This command implements all wireless security changes made in the current CLI
effective session.
Syntax
make-security-effective
Default Setting
None
Command Mode
Interface Configuration (Wireless-VAP)
â 246 â
Chapter 26 | Wireless Security Commands
Example
AP(if-wireless 0: VAP[0])# make-security-effective
It will take several minutes !
Please wait a while...
device eth0 left promiscuous mode
br0: port 1(eth0) entering disabled state
br0: port 3(ath16) entering disabled state
br0: port 2(ath0) entering disabled state
device ath16 left promiscuous mode
br0: port 3(ath16) entering disabled state
device ath0 left promiscuous mode
br0: port 2(ath0) entering disabled state
wlan_vap_delete : enter. vaphandle=0x879a2000
wlan_vap_delete : exit. vaphandle=0x879a2000
wlan_vap_delete : enter. vaphandle=0x8729c000
wlan_vap_delete : exit. vaphandle=0x8729c000
device eth0 entered promiscuous mode
br0: port 1(eth0) entering forwarding state
wlan_vap_create : enter. devhandle=0x87ae8300, opmode=IEEE80211_M_HOSTAP,
flags=0x1
wlan_vap_create : exit. devhandle=0x87ae8300, opmode=IEEE80211_M_HOSTAP,
flags=0x1.
VAP device ath0 created
Setting Max Stations:17
DES SSID SET=%VBM#BOE_11BGN_0
ieee80211_ioctl_siwmode: imr.ifm_active=393856, new mode=3, valid=1
wlan_vap_create : enter. devhandle=0x87048300, opmode=IEEE80211_M_HOSTAP,
flags=0x1
wlan_vap_create : exit. devhandle=0x87048300, opmode=IEEE80211_M_HOSTAP,
flags=0x1.
VAP device ath16 created
Setting Max Stations:17
DES SSID SET=%VBM#BOE_11NA_0
ieee80211_ioctl_siwmode: imr.ifm_active=328320, new mode=3, valid=1
device ath0 entered promiscuous mode
br0: port 2(ath0) entering forwarding state
device ath16 entered promiscuous mode
br0: port 3(ath16) entering forwarding state
AP(if-wireless 0: VAP[0])#
â 247 â
Chapter 26 | Wireless Security Commands
â 248 â
27
Rogue AP Detection Commands
A ârogue APâ is either an access point that is not authorized to participate in the
wireless network, or an access point that does not have the correct security
configuration. Rogue APs can potentially allow unauthorized users access to the
network. Alternatively, client stations may mistakenly associate to a rogue AP and
be prevented from accessing network resources. Rogue APs may also cause radio
interference and degrade the wireless LAN performance.
The access point can be configured to periodically scan all radio channels and find
other access points within range. A database of access points is maintained so that
any rogue APs can be identified.
Table 22: Rogue AP Detection Commands
Command
Function
Mode
Page
rogue-ap enable
Enables the periodic detection of other nearby
access points
GC
249
rogue-ap disable
Disables the periodic detection of other nearby
access points
GC
250
rogue-ap add friendly
Configures a database of known AP MAC
addresses
GC
250
rogue-ap delete friendly Removes AP MAC addresses from the database
GC
251
rogue-ap duration
Sets the duration that all channels are scanned
GC
251
rogue-ap interval
Sets the time between each scan
GC
252
rogue-ap instant-scan
Forces an immediate scan of all radio channels
GC
253
show rogue-ap
Shows the current database of detected access
points
Exec
253
rogue-ap enable This command enables the periodic detection of nearby access points.
Syntax
rogue-ap enable
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
â 249 â
Chapter 27 | Rogue AP Detection Commands
Command Usage
â While the access point scans a channel for rogue APs, wireless clients will not be
able to connect to the access point. Therefore, avoid frequent scanning or scans
of a long duration unless there is a reason to believe that more intensive
scanning is required to find a rogue AP.
â
A ârogue APâ is either an access point that is not authorized to participate in the
wireless network, or an access point that does not have the correct security
configuration. Rogue access points can be identified by unknown BSSID (MAC
address). A database of nearby access points should therefore be maintained
on the AP, allowing any rogue APs to be identified (see rogue-ap add friendly).
The rogue AP database can be viewed using the show rogue-ap command.
Example
AP(if-wireless 0)#rogue-ap enable
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
rogue-ap disable This command disables the periodic detection of nearby access points.
Syntax
rogue-ap disable
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)#rogue-ap disable
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
rogue-ap add friendly This command adds MAC addresses of known APs in the network to a local
databaseon the AP on the network.
Syntax
rogue-ap add friendly 
mac-address - A known AP MAC address.
Default Setting
None
â 250 â
Chapter 27 | Rogue AP Detection Commands
Command Mode
Interface Configuration (Wireless)
Command Usage
Enter the MAC address/Basic Service Set Identifier (BSSID) of known APs in the
network. These MAC addresses will be filtered out of the list of detected APs during
a scan. Building a database of approved APs allows the AP to discover rogue APs.
Without a configured database, the AP can detect neighboring APs only, it cannot
identify whether the APs are rogues.
Example
AP(if-wireless 0)#rogue-ap add friendly 00-12-34-56-78-9a
AP(if-wireless 0)#
rogue-ap delete This command removes MAC addresses from the database of known APs.
friendly
Syntax
rogue-ap delete friendly 
mac-address - Removes the specified MAC address.
all - Removes all AP MAC address from the database.
Default Setting
None
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)#rogue-ap delete friendly 00-12-34-56-78-9a
AP(if-wireless 0)#
rogue-ap duration This command sets the scan duration for detecting access points.
Syntax
rogue-ap duration 
milliseconds - The duration of the scan. (Range: 10-150 milliseconds)
Default Setting
150 milliseconds
â 251 â
Chapter 27 | Rogue AP Detection Commands
Command Mode
Interface Configuration (Wireless)
Command Usage
â During a scan, client access may be disrupted and new clients may not be able
to associate to the access point. If clients experience severe disruption, reduce
the scan duration time.
â
A long scan duration time will detect more access points in the area, but causes
more disruption to client access.
Example
AP(if-wireless 0)#rogue-ap duration 200
AP(if-wireless 0)#
Related Commands
rogue-ap interval (252)
rogue-ap interval This command sets the interval at which to scan for access points.
Syntax
rogue-ap interval 
seconds - The interval between consecutive scans. (Range: 15-65535
seconds)
Default Setting
7200 seconds
Command Mode
Interface Configuration (Wireless)
Command Usage
This command sets the interval at which scans occur. Frequent scanning will more
readily detect other access points, but will cause more disruption to client access.
Example
AP(if-wireless 0)#rogue-ap interval 120
AP(if-wireless 0)#
Related Commands
rogue-ap duration (251)
â 252 â
Chapter 27 | Rogue AP Detection Commands
rogue-ap instant-scan This command starts an immediate scan for access points on the radio interface.
Default Setting
Disabled
Command Mode
Interface Configuration (Wireless)
Command Usage
While the access point scans a channel for rogue APs, wireless clients will not be
able to connect to the access point. Therefore, avoid frequent scanning or scans of
a long duration unless there is a reason to believe that more intensive scanning is
required to find a rogue AP.
Example
AP(if-wireless 0)#rogue-ap scan
AP(if-wireless 0)#
show rogue-ap This command displays the current rogue AP configuration and the databases of
known and rogue APs.
Syntax
show rogue-ap 
config - Displays the current rogue AP configuration.
table - Displays the database of known and rogue APs after scanning.
Command Mode
Exec
Example
AP#show rogue-ap config
Rogue AP Config Information
====================================
Radio 0
Rogue AP scan Status: Enabled
AP Scan Interval
: 7200 seconds
AP Scan Duration
: 150 milliseconds
AP First Scan Delay : 0 seconds
Radio 1
Rogue AP scan Status: Disabled
AP Scan Interval
: 7200 seconds
AP Scan Duration
: 150 milliseconds
AP First Scan Delay : 0 seconds
====================================
AP#
â 253 â
Chapter 27 | Rogue AP Detection Commands
â 254 â
28
Link Integrity Commands
The access point provides a link integrity feature that can be used to ensure that
wireless clients are connected to resources on the wired network. The access point
does this by periodically sending Ping messages to a host device in the wired
Ethernet network. If the access point detects that the connection to the host has
failed, it disables the radio interfaces, forcing clients to find and associate with
another access point. When the connection to the host is restored, the access point
re-enables the radio interfaces.
Table 23: Link Integrity Commands
Command
Function
Mode
Page
link-integrity
Enables link integrity detection and specifies
the IP address of a host device in the wired
network
GC
255
link-integrity link-fail-action Sets the link fail action
GC
256
show link-integrity
Exec
257
Displays the current link integrity
configuration
link-integrity This command enables link integrity detection and configures the IP address,
detect interval, response timeout, and retry count for the link integrity host test.
Use the no form to disable link integrity detection.
Syntax
link-integrity [ interval  timeout 
retry ]
no link-integrity
ip_address - IP address of the host.
interval - The interval time between each Ping sent to the host.
(Range: 10-86400 seconds)
timeout - The time to wait for a response to a Ping message.
(Range: 1-10 seconds)
retry - The number of consecutive failed Ping counts before the link is
determined as lost. (Range: 1-99)
Default Setting
Status: Disabled
Host IP Address: 192.168.2.254
Detect Interval: 60 seconds
â 255 â
Chapter 28 | Link Integrity Commands
Response Timeout: 2 seconds
Retry Counts: 5
Command Mode
Global Configuration
Command Usage
â When link integrity is enabled, the IP address of a host device in the wired
network must be specified.
â
The access point periodically sends an ICMP echo request (Ping) packet to the
link host IP address. When the number of failed responses (either the host does
not respond or is unreachable) exceeds the limit set by this command, the link
is determined as lost. The link-integrity link-fail-action command can be used to
disable radio interfaces when the host link is lost.
â
The AP continues to send Ping messages to determine if the link to the host is
restored. When the connection to the host is restored, the access point reenables the radio interfaces if they have been shut down.
Example
AP(config)#link-integrity 10.20.30.40 interval 500 timeout 5 retry 3
AP(config)#link-integrity
AP(config)#
link-integrity link-fail- This command configures the fail action for a link integrity test.
action
Syntax
link-integrity link-fail-action  
radio - The radio interface, 2.4 GHz (0) or 5 GHz (1). (Options: 0 or 1)
enable - Enables the link fail action to shut down radio interfaces.
disable - Disables the link fail action.
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
When the host link is determined to be lost, one or both radio interfaces can be
disabled. The AP continues to send Ping messages to determine if the link to the
host is restored. When the connection to the host is restored, the AP re-enables the
radio interfaces if they have been shut down.
â 256 â
Chapter 28 | Link Integrity Commands
Example
AP(config)# link-integrity link-fail-action 0 enable
AP(config)#
show link-integrity This command displays the current link integrity configuration.
Command Mode
Exec
Example
AP#show link-integrity
Link Integrity Information
===================================================================
Link integrity:
disabled
Destination IP:
192.168.2.254
Detect Interval:
60
Response Timeout:
Retry Count if no response:
Link fail action - Shutdown Radio 0: disabled
Link fail action - Shutdown Radio 1: disabled
AP#
â 257 â
29
Link Layer Discovery Commands
LLDP allows devices in the local broadcast domain to share information about
themselves. LLDP-capable devices periodically transmit information in messages
called Type Length Value (TLV) fields to neighbor devices. Advertised information is
represented in Type Length Value (TLV) format according to the IEEE 802.1ab
standard, and can include details such as device identification, capabilities and
configuration settings.
This information can be used by SNMP applications to simplify troubleshooting,
enhance network management, and maintain an accurate network topology.
Table 24: Link Layer Discovery Commands
Command
Function
Mode
Page
lldp service
Enables the transmission of LLDP information
GC
258
lldp transmit hold-muliplier
Sets the message transmission hold time
GC
259
lldp transmit interval
Sets the message transmission interval time
GC
259
lldp transmit re-init-delay
Sets the reinitial delay time
GC
260
lldp transmit delay-to-localchange
Sets the transmission delay value
GC
260
show lldp
Shows the current LLDP information
Exec
261
lldp service This command enables LLDP on the access point. Use the no form to disable LLDP.
Syntax
[no] lldp service
Default Setting
Enabled
Command Mode
Global Configuration
Example
AP(config)# lldp service
AP(config)#
â 258 â
Chapter 29 | Link Layer Discovery Commands
lldp-transmit hold- This command configures the time-to-live (TTL) value sent in LLDP advertisements.
muliplier
Syntax
lldp transmit hold-multiplier 
multiplier - The hold multiplier number. (Range: 2-10)
Default Setting
Command Mode
Global Configuration
Command Usage
This command configures the time-to-live (TTL) value sent in LLDP
advertisements as shown in the following formula:
(Transmission Interval * Hold time) â¤ 65536
Therefore, the default TTL is 4*30 = 120 seconds.
â
â
The time-to-live tells the receiving LLDP agent how long to retain all
information pertaining to the sending LLDP agent if it does not transmit
updates in a timely manner.
Example
AP(config)# lldp transmit hold-multiplier 6
AP(config)#
lldp transmit interval This command configures the periodic transmit interval for LLDP advertisements.
Syntax
lldp transmit interval 
interval - The time between LLDP advertisements.
(Range: 5-32768 seconds)
Default Setting
30 seconds
Command Mode
Global Configuration
Command Usage
This command configures the periodic transmit interval for LLDP advertisements.
This parameter must comply with the following rule:
(Transmission Interval * Hold Time) â¤ 65536, and
Transmission Interval >= (4 * Delay Interval)
â 259 â
Chapter 29 | Link Layer Discovery Commands
Example
AP(config)# lldp transmit interval 30
AP(config)#
lldp transmit re-init- This command configures the delay before attempting to re-initialize after LLDP
delay ports are disabled or the link goes down.
Syntax
lldp transmit re-init-delay 
seconds - Time in seconds. (Range: 2 - 10)
Default Setting
2 seconds
Command Mode
Global Configuration
Command Usage
â This command configures the delay before attempting to re-initialize after
LLDP ports are disabled or the link goes down.
â
When LLDP is re-initialized on a port, all information in the remote systems
LLDP MIB associated with this port is deleted.
Example
AP(config)#lldp transmit re-init-delay 10
AP(config)#
lldp transmit delay-to- This command configures a delay between the successive transmission of LLDP
local-change advertisements initiated by a change in local LLDP MIB variables.
Syntax
lldp transmit delay-to-local-change 
seconds - Time in seconds. (Range: 1-8192 seconds)
Default Setting
2 seconds
Command Mode
Global Configuration
â 260 â
Chapter 29 | Link Layer Discovery Commands
Command Usage
â The transmit delay is used to prevent a series of successive LLDP transmissions
during a short period of rapid changes in local LLDP MIB objects, and to
increase the probability that multiple, rather than single changes, are reported
in each transmission.
â
This attribute must comply with the rule: (4 * Delay Interval) â¤ Transmission
Interval
Example
AP(config)# lldp transmit delay-to-local-change 10
txDelay range is 1 to quter of msgTxInterval
AP(config)#
show lldp This command displays the current LLDP configuration.
Command Mode
Exec
Example
AP# show lldp
LLDP Information
===================================================================
Status
:Enabled
Message Transmission Hold Time
:5
Message Transmission Interval (seconds) :30
Reinitial Delay Time (seconds)
:2
Transmission Delay Value (seconds)
:2
===================================================================
AP#
â 261 â
30
VLAN Commands
The access point can enable the support of VLAN-tagged traffic passing between
wireless clients and the wired network. VLAN IDs can be mapped to specific VAP
interfaces, allowing users to remain within the same VLAN as they move around a
campus site.
Caution: When VLANs are enabled, the access pointâs Ethernet port drops all
received traffic that does not include a VLAN tag. To maintain network connectivity
to the access point and wireless clients, be sure that the access point is connected
to a device port on a wired network that supports IEEE 802.1Q VLAN tags.
The VLAN commands supported by the access point are listed below.
Table 25: VLAN Commands
Command
Function
Mode
Page
vlan
Enables a single VLAN for all traffic
GC
262
management-vlanid
Configures the management VLAN for the access point
GC
263
native-vlanid
Configures the default VLAN for the LAN port
GC
264
vlan-id
Configures the default VLAN for the VAP interface
IC-WVAP
264
vlan This command enables VLANs for all traffic. Use the no form to disable VLANs.
Syntax
vlan enabled
no vlan
Default
Disabled
Command Mode
Global Configuration
Command Description
â When VLANs are enabled, the access point tags frames received from wireless
clients with the VAPâs default VLAN ID.
â 262 â
Chapter 30 | VLAN Commands
â
Traffic entering the Ethernet port must be tagged with a VLAN ID that matches
the access pointâs management VLAN ID, or with a VLAN tag that matches one
of the VAP default VLAN IDs.
Example
AP(config)# vlan enabled
Warning!
VLAN's status has been changed now !
It will take several seconds !
Please wait a while...
AP(config)#
Related Commands
management-vlanid
management-vlanid This command configures the management VLAN ID for the access point.
Syntax
management-vlanid 
vlan-id - Management VLAN ID. (Range: 1-4094)
Default Setting
4093
Command Mode
Global Configuration
Command Usage
The management VLAN is for managing the access point. For example, the access
point allows traffic that is tagged with the specified VLAN to manage the access
point through remote management, SNMP, Telnet, SSH, etc.
Example
AP(config)# management-vlanid 3
Warning!
VLAN's structure is re-created now !
It will take several seconds !
Please wait a while...
AP(config)#
Related Commands
vlan
â 263 â
Chapter 30 | VLAN Commands
native-vlanid This command configures the default VLAN ID for the LAN port interface.
Syntax
native-vlanid 
vlan-id - Default VLAN ID. (Range: 1-4094)
Default Setting
Command Mode
Global Configuration
Command Usage
â To implement the default VLAN ID setting for the LAN port, the AP must first
enable VLAN support using the vlan command.
â
When VLANs are enabled, the AP assigns the default VLAN ID to untagged
frames received on the LAN port interface.
Example
AP(config)# native-vlanid 123
Warning!
VLAN's structure is re-created now !
It will take several seconds !
Please wait a while...
AP(config)#
vlan-id This command configures the default VLAN ID for the VAP interface.
Syntax
vlan-id 
vlan-id - Default VLAN ID. (Range: 1-4094)
Default Setting
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â To implement the default VLAN ID setting for VAP interface, the access point
must enable VLAN support using the vlan command.
â 264 â
Chapter 30 | VLAN Commands
â
When VLANs are enabled, the access point tags frames received from wireless
clients with the default VLAN ID for the VAP interface.
Example
AP(if-wireless 0: VAP[0])# vlan-ID 6
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 265 â
31
WMM Commands
The access point implements QoS using the Wi-Fi Multimedia (WMM) standard.
Using WMM, the access point is able to prioritize traffic and optimize performance
when multiple applications compete for wireless network bandwidth at the same
time. WMM employs techniques that are a subset of the IEEE 802.11e QoS standard
and it enables the access point to inter-operate with both WMM-enabled clients
and other devices that may lack any WMM functionality.
Table 26: WMM Commands
Command
Function
Mode
Page
wmm
Enables WMM on the access point
IC-W
266
wmm-acknowledgepolicy
Allows the acknowledgement wait time to be enabled or
disabled for each Access Category (AC)
IC-W
267
wmmparam
Configures detailed WMM parameters that apply to the
access point (AP) or the wireless clients (BSS)
IC-W
267
wmm This command enables WMM on the access point. Use the no form to disable
WMM.
Syntax
wmm required
no wmm
required - WMM must be supported on any device trying to associated
with the access point. Devices that do not support this feature will not be
allowed to associate with the access point.
Default
Disabled
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)# wmm required
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
â 266 â
Chapter 31 | WMM Commands
wmm-acknowledge- This command allows the acknowledgement wait time to be enabled or disabled
policy for each Access Category (AC).
Syntax
wmm-acknowledge-policy  
ac_number - Access categories. (Range: 0-3)
ack - Require the sender to wait for an acknowledgement from the receiver.
noack - Does not require the sender to wait for an acknowledgement from
the receiver.
Default
ack
Command Mode
Interface Configuration (Wireless)
Command Usage
â WMM defines four access categories (ACs) â voice, video, best effort, and
background. These categories correspond to traffic priority levels and are
mapped to IEEE 802.1D priority tags. The direct mapping of the four ACs to
802.1D priorities is specifically intended to facilitate interpretability with other
wired network QoS policies. While the four ACs are specified for specific types
of traffic, WMM allows the priority levels to be configured to match any
network-wide QoS policy. WMM also specifies a protocol that access points can
use to communicate the configured traffic priority levels to QoS-enabled
wireless clients.
â
Although turning off the requirement for the sender to wait for an
acknowledgement can increases data throughput, it can also result in a high
number of errors when traffic levels are heavy.
Example
AP(if-wireless 0)# wmm-acknowledge-Policy 0 noAck
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
wmmparam This command configures detailed WMM parameters that apply to the access point
(AP) or the wireless clients (BSS).
Syntax
wmmparam     
 
â 267 â
Chapter 31 | WMM Commands
AP - Access Point
BSS - Wireless client
ac_number - Access categories (ACs) â voice, video, best effort, and
background. These categories correspond to traffic priority levels and are
mapped to IEEE 802.1D priority tags as shown in Table 2 on page 81.
(Range: 0-3)
LogCwMin - Minimum log value of the contention window. This is the initial
upper limit of the random backoff wait time before wireless medium access
can be attempted. The initial wait time is a random value between zero and
the LogCwMin value. Specify the LogCwMin value. Note that the LogCwMin
value must be equal or less than the LogCwMax value. (Range: 115 microseconds)
LogCwMax - Maximum log value of the contention window. This is the
maximum upper limit of the random backoff wait time before wireless
medium access can be attempted. The contention window is doubled after
each detected collision up to the LogCwMax value. Note that the CWMax
value must be greater or equal to the LogCwMin value. (Range: 115 microseconds)
AIFS - Arbitrary InterFrame Space specifies the minimum amount of wait
time before the next data transmission attempt. (Range: 115 microseconds)
TXOPLimit - Transmission Opportunity Limit specifies the maximum time
an AC transmit queue has access to the wireless medium. When an AC
queue is granted a transmit opportunity, it can transmit data for a time up
to the TxOpLimit. This data bursting greatly improves the efficiency for high
data-rate traffic. (Range: 0-65535 microseconds)
admission_control - The admission control mode for the access category.
When enabled, clients are blocked from using the access category.
(Options: 0 to disable, 1 to enable)
Default
Table 27: AP Parameters
WMM Parameters
AC0 (Best Effort)
AC1 (Background)
AC2 (Video)
AC3 (Voice)
LogCwMin
LogCwMax
10
10
AIFS
TXOP Limit
94
47
Admission Control
Disabled
Disabled
Disabled
Disabled
â 268 â
Chapter 31 | WMM Commands
Table 28: BSS Parameters
WMM Parameters
AC0 (Best Effort)
AC1 (Background)
AC2 (Video)
AC3 (Voice)
LogCwMin
LogCwMax
10
AIFS
TXOP Limit
94
47
Admission Control
Disabled
Disabled
Disabled
Disabled
Command Mode
Interface Configuration (Wireless)
Example
AP(if-wireless 0)# wmmparam ap 0 5 10 3 64 1
This setting has not been effective !
If want to take effect, please execute make-RF-setting-effective command !
AP(if-wireless 0)#
â 269 â
Chapter 31 | WMM Commands
â 270 â
32
QoS Commands
The QoS commands configure QoS priority mapping for traffic on VAP interfaces.
The AP enables Wi-Fi Multimedia (WMM) 802.1d priorities to be mapped to 802.1p
priorities or IP DSCP priorities.
Table 29: QoS Commands
Command
Function
Mode
Page
qos vap-802.1p
Enables the setting of VAP traffic to a specific 802.1p
priority value
IC-W
VAP
271
qos vap-802.1p
retagged-userpriority
Sets the 802.1p priority value for VAP traffic
IC-W
VAP
272
qos 802.1d-802.1p
Enables the mapping of WMM 802.1d priority values to
802.1p values
IC-W
VAP
273
qos 802.1d-802.1p
mapping-template
Sets the mapping template for WMM 802.1d to 802.1p
priority mapping
IC-W
VAP
273
qos 802.1d-dscp
Enables the mapping of WMM 802.1d priority values to IP IC-W
DSCP values
VAP
274
qos 802.1d-dscp
mapping-template
Sets the mapping template for WMM 802.1d to IP DSCP
priority mapping
IC-W
VAP
275
qos qos-template qos- Sets the name for a QoS mapping template
template-name
IC-W
VAP
276
qos qos-template qos- Maps priority values in a QoS mapping template
template-priority
IC-W
VAP
276
qos qos-template qos- Shows the priority mapping in all QoS templates
template-show
IC-W
VAP
277
qos vap-802.1p This command enables the setting of VAP traffic to a specific 802.1p priority value.
Syntax
qos vap-802.1p 
enable - Enables the VAP traffic mapping to an 802.1p priority value.
disable - Disables the feature.
Default
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
â 271 â
Chapter 32 | QoS Commands
Command Usage
â To implement this command on a VAP interface the default VLAN ID for the VAP
must be set to any other value than 1.
â
The VAP-to-802.1p priority QoS feature cannot be enabled together with the
802.1d-to-802.1p or 802.1d-to-DSCP features.
Example
AP(if-wireless 0: VAP[0])# qos vap-802.1p enable
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
qos vap-802.1p This command sets the 802.1p priority value for all traffic on a VAP interface.
retagged-user-priority
Syntax
qos vap-802.1p retagged-user-priority 
user-priority - The 802.1p priority value for traffic on the VAP interface.
Default
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â Requires the QoS feature be enabled using the qos vap-802.1p command.
â
To implement the QoS priority setting on a VAP interface, the default VLAN ID
for the VAP must be set to any other value than 1.
Example
AP(if-wireless 0: VAP[0])# qos vap-802.1p retagged-user-priority 7
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 272 â
Chapter 32 | QoS Commands
qos 802.1d-802.1p This command enables the mapping of WMM 802.1d priority values to 802.1p
values on a VAP interface.
Syntax
qos 802.1d-802.1p 
enable - Enables the mapping of WMM 802.1d to 802.1p priority values.
disable - Disables the feature.
Default
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
This QoS feature requires a QoS mapping template to be configured using the
qos qos-template qos-template-priority command. The mapping template can
then be linked to the 802.1d-to-802.1p priority mapping using the qos 802.1d802.1p mapping-template command.
â
â
To implement this command on a VAP interface the default VLAN ID for the VAP
must be set to any other value than 1.
Example
AP(if-wireless 0: VAP[0])# qos 802.1d-802.1p enable
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
qos 802.1d-802.1p This command sets the mapping template to use for the WMM 802.1d to 802.1p
mapping-template priority mapping on a VAP interface.
Syntax
qos 802.1d-802.1p mapping-template 
template-id - The identifying number of a QoS mapping template.
(Range: 1-8)
Default
Command Mode
Interface Configuration (Wireless-VAP)
â 273 â
Chapter 32 | QoS Commands
Command Usage
â The AP supports eight QoS priority mapping templates, each identified by an
ID number (1 to 8). The templates also have user-defined name that can be
configured using the qos qos-template qos-template-name command.
â
The QoS priority mapping templates can be configured using the qos qostemplate qos-template-priority command.
Example
AP(if-wireless 0: VAP[0])# qos 802.1d-802.1p mapping-template 3
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
qos 802.1d-dscp This command enables the mapping of WMM 802.1d priority values to IP DSCP
values on a VAP interface.
Syntax
qos 802.1d-dscp 
enable - Enables the mapping of WMM 802.1d to DSCP priority values.
disable - Disables the feature.
Default
Disabled
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â This QoS feature requires a QoS mapping template to be configured using the
qos qos-template qos-template-priority command. The mapping template can
then be linked to the 802.1d-to-DSCP priority mapping using the qos 802.1ddscp mapping-template command.
â
Both â802.1d to 802.1pâ mapping and â802.1d to DSCPâ mapping can be
enabled simultaneously when the default VLAN ID for the VAP is any other
value than 1. When only 802.1d-to-DSCP mapping is enabled, the default VLAN
ID for the VAP must be set to 1.
Example
AP(if-wireless 0: VAP[0])# qos 802.1d-dscp enable
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
â 274 â
Chapter 32 | QoS Commands
AP(if-wireless 0: VAP[0])#
qos 802.1d-dscp This command sets the mapping template to use for the WMM 802.1d to DSCP
mapping-template priority mapping on a VAP interface.
Syntax
qos 802.1d-dscp mapping-template 
template-id - The identifying number of a QoS mapping template.
(Range: 1-8)
Default
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
â The AP supports eight QoS priority mapping templates, each identified by an
ID number (1 to 8). The templates also have user-defined name that can be
configured using the qos qos-template qos-template-name command.
â
The QoS priority mapping templates can be configured using the qos qostemplate qos-template-priority command.
Example
AP(if-wireless 0: VAP[0])# qos 802.1d-dscp mapping-template 3
This setting has not been effective !
If want to take effect, please execute make-security-effective command !
AP(if-wireless 0: VAP[0])#
â 275 â
Chapter 32 | QoS Commands
qos qos-template qos- This command sets the name of a QoS priority mapping template.
template-name
Syntax
qos qos-template qos-template-name  
template-id - The identifying number of a QoS mapping template.
(Range: 1-8)
template-name - The user-defined name of a QoS mapping template.
(Maximum 32 alphanumeric characters; can include â-â and â_â)
Default
ID 1: default_up_mapping_1
ID 2: default_up_mapping_2
ID 3: default_up_mapping_3
ID 4: default_up_mapping_4
ID 5: default_up_mapping_5
ID 6: default_up_mapping_6
ID 7: default_up_mapping_7
ID 8: default_up_mapping_8
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# qos qos-template qos-template-name 3 test-template
AP(if-wireless 0: VAP[0])#
qos qos-template qos- This command configures priority values in a QoS priority mapping template.
template-priority
Syntax
qos qos-template qos-template-priority  
template-id - The identifying number of a QoS mapping template.
(Range: 1-8)
prirority-list - The mapped priority values a QoS mapping template.
(Range: 0-7; the list is enterd as a sequence of eight numbers, for example
â01234567â)
Default
01234567
Command Mode
Interface Configuration (Wireless-VAP)
â 276 â
Chapter 32 | QoS Commands
Example
AP(if-wireless 0: VAP[0])# qos qos-template qos-template-priority 1 10234765
AP(if-wireless 0: VAP[0])#
qos qos-template qos- This command displays the user-defined QoS priority mapping templates and their
template-show priority mapping configuration.
Syntax
qos qos-template qos-template-show
Default
none
Command Mode
Interface Configuration (Wireless-VAP)
Example
AP(if-wireless 0: VAP[0])# qos qos-template qos-template-show
----------Qos Mapping Template--------------id
priority
name
10234765
test-template
01234567
default_up_mapping_2
01234567
default_up_mapping_3
01234567
default_up_mapping_4
01234567
default_up_mapping_5
01234567
default_up_mapping_6
01234567
default_up_mapping_7
01234567
default_up_mapping_8
----------Qos Mapping Template--------------AP(if-wireless 0: VAP[0])#
â 277 â
Chapter 32 | QoS Commands
â 278 â
Section IV
Appendices
This section provides additional information and includes these items:
â
âTroubleshootingâ on page 280
â 279 â
A
Troubleshooting
Problems Accessing the Management Interface
Table 30: Troubleshooting Chart
Symptom
Action
Cannot connect using
Telnet, web browser, or
SNMP software
â
â
â
â
â
â
â
Cannot access the CLI
through a serial port
connection
â
â
Forgot or lost the password
â
Be sure the AP is powered up.
Check network cabling between the management station and the
AP.
Check that you have a valid network connection to the AP and
that intermediate switch ports have not been disabled.
Be sure you have configured the AP with a valid IP address, subnet
mask and default gateway.
Be sure the management station has an IP address in the same
subnet as the APâs IP.
If you are trying to connect to the AP using a tagged VLAN group,
your management station, and the ports connecting intermediate
switches in the network, must be configured with the appropriate
tag.
If you cannot connect using Telnet, you may have exceeded the
maximum number of concurrent Telnet/SSH sessions permitted.
Try connecting again at a later time.
Be sure you have set the terminal emulator program to VT100
compatible, 8 data bits, 1 stop bit, no parity, and the baud rate set
to 115200 bps.
Check that the null-modem serial cable conforms to the pin-out
connections provided in the Installation Guide.
Reset the AP to factory defaults using its Reset button.
Using System Logs
If a fault does occur, refer to the Installation Guide to ensure that the problem you
encountered is actually caused by the AP. If the problem appears to be caused by
the AP, follow these steps:
1. Enable logging.
2. Set the error messages reported to include all categories.
3. Enable SNMP.
4. Enable SNMP traps.
â 280 â
Appendix A | Troubleshooting
Using System Logs
5. Designate the SNMP host that is to receive the error messages.
6. Repeat the sequence of commands or other actions that lead up to the error.
7. Make a list of the commands or circumstances that led to the fault. Also make a
list of any error messages displayed.
8. Set up your terminal emulation software so that it can capture all console
output to a file. Then enter the âshow configâ command to record all system
settings in this file.
9. Contact your distributorâs service engineer, and send a detailed description of
the problem, along with the file used to record your system settings.
For example:
AP(config)#logging on
AP(config)#logging host 1 10.1.0.3
AP(config)#logging level alert
AP(config)#snmp-server host 1 10.1.0.23 batman
â 281 â
Index of CLI Commands
802.1x enable 177
802.1x reauthentication-time 178
a-mpdu 213
a-msdu 213
antenna-chain 227
apmgmgtui ssh enable 127
apmgmtip 131
apmgmtui http port 128
apmgmtui http server 129
apmgmtui http session-timeout 129
apmgmtui https port 130
apmgmtui https server 130
apmgmtui snmp 131
apmgmtui ssh port 127
apmgmtui telnet-server enable 128
assoc-timeout-interval 224
auth 239
auth-timeout-interval 224
band-steering 226
bandwidth-control downlink 230
bandwidth-control downlink rate 231
bandwidth-control uplink 232
bandwidth-control uplink rate 232
beacon-interval 218
bridge mac-aging 195
bridge stp br-conf forwarding-delay 190
bridge stp br-conf hello-time 191
bridge stp br-conf max-age 191
bridge stp br-conf priority 192
bridge stp port-conf interface 192
bridge stp service 190
bridge-link path-cost 193
bridge-link port-priority 193
channel 214
cipher-suite 244
client-assoc-preempt 223
cli-session-timeout 118
closed-system 221
configure 117
copy 169
country 122
dhcp-relay server 153
disable-coexist 216
dns 204
dtim-period 219
dual-image 168
encryption 241
end 118
exit 118
filter acl-destination-address 185
filter acl-source-address 185
filter dhcp 184
filter ethernet-type enabled 186
filter ethernet-type protocol 186
filter local-bridge 183
filter restrict-management 184
interface ethernet 203
interface wireless 212
interfere-chan-recover 226
ip address 204
ip dhcp 205
ip management address 206
ipv6 address 206
ipv6 dhcp 207
key 242
link-integrity 255
link-integrity link-fail-action 256
lldp service 258
lldp transmit delay-to-local-change 260
lldp transmit interval 259
lldp transmit re-init-delay 260
lldp-transmit hold-muliplier 259
logging clear 145
logging console 144
logging host 144
logging level 145
logging on 143
long-distance 228
long-distance acktimeout 230
long-distance ctstimeout 230
long-distance reference-data 229
long-distance slottime 229
mac-authentication server 179
mac-authentication server local address default 180
mac-authentication server local address delete 181
mac-authentication server local address entry 180
mac-authentication session-timeout 182
make-radius-effective 175
make-rf-setting-effective 217
make-security-effective 246
management-vlanid 263
max-association 222
max-bandwidth-control downlink 133
max-bandwidth-control make-effective 134
max-bandwidth-control uplink 132
max-client 222
min-allowed-rate 216
multicast-enhance 225
native-vlanid 264
password 125
â 282 â
Index of CLI Commands
path-cost (STP Interface) 194
ping 119
pmksa-lifetime 246
port-priority (STP Interface) 195
preamble 217
prompt 123
qos 802.1d-802.1p 273
qos 802.1d-802.1p mapping-template 273
qos 802.1d-dscp 274
qos 802.1d-dscp mapping-template 275
qos qos-template qos-template-name 276
qos qos-template qos-template-priority 276
qos qos-template qos-template-show 277
qos vap-802.1p 271
qos vap-802.1p retagged-user-priority 272
radius-server accounting address 173
radius-server accounting port 174
radius-server accounting shared-secret 174
radius-server accounting
timeout-interim 175
radius-server address 172
radius-server enable 171
radius-server port 172
radius-server shared-secret 173
reboot-schedule 126
reset 120
rogue-ap add friendly 250
rogue-ap delete friendly 251
rogue-ap disable 250
rogue-ap duration 251
rogue-ap enable 249
rogue-ap instant-scan 253
rogue-ap interval 252
rts-threshold 220
short-guard-interval 218
show apmanagement 134
show band-steering 237
show bridge br-conf 196
show bridge forward address 199
show bridge mac-aging 200
show bridge port-conf interface 197
show bridge status 198
show bridge stp 196
show config 136
show dual-image 170
show event-log 146
show filters 187
show interface ethernet 209
show interface wireless 233
show line 120
show link-integrity 257
show lldp 261
show logging 146
show max-bandwidth-control 134
show rogue-ap 253
show snmp 165
show snmp filter 165
show snmp target 164
show snmp users 164
show snmp vacm group 167
show snmp vacm view 166
show sntp 151
show station 235
show station statistics 236
show system 135
show system resource 135
show version 136
show wds wireless 202
shutdown (VAP) 225
shutdown (Ethernet) 208
snmp-server community 156
snmp-server contact 156
snmp-server enable server 157
snmp-server filter 163
snmp-server host 158
snmp-server location 157
snmp-server target 162
snmp-server trap 159
snmp-server user 161
snmp-server vacm group 160
snmp-server vacm view 159
sntp-server date-time 149
sntp-server daylight-saving 150
sntp-server enabled 149
sntp-server ip 148
sntp-server timezone 151
ssid 221
system name 124
system-resource 124
transmit-key 243
transmit-power 215
vap 212
vap (STP Interface) 194
vlan 262
vlan-id 264
wds ap 201
wds sta 201
wlandev-interfere-detection 227
wmm 266
wmm-acknowledge-policy 267
wmmparam 267
wpa-pre-shared-key 245
â 283 â
Index
authentication
cipher suite 241
closed system 221
MAC address 180
type 221
filter
address 180
between wireless clients 183
local bridge 183
local or remote 179
management access 184
protocol types 186
VLANs 262
firmware
displaying version 136
upgrading 169
beacon
interval 218
rate 219
BOOTP 204, 205, 206, 207
channel 214
channel coexistance, disable 216
closed system 221
community name, configuring 156
community string 156
configuration settings, saving or restoring 169
console port, required connections 17
country code
configuring 122
CTS 220
gateway address 22, 204, 206
hardware version, displaying 136
HTTPS 130
data rates, allowed 216
device status, displaying 135
DHCP 204, 205, 206, 207, 208
DNS 204
Domain Name Server See DNS
downloading software 169
DTIM 219
IEEE 802.11a 212
configuring interface 212
radio channel 214
IEEE 802.11g
radio channel 214
IEEE 802.1x 177
configuring 177
initial configuration 22
introduction 16
IP address 26, 33, 35
BOOTP/DHCP 204, 205, 206, 207
configuring 22, 204, 205, 206, 207
event logs 146
log
messages 144
server 144
MAC address, authentication 180
â 284 â
Index
open system 221
time zone 151
transmit power, configuring 215
trap destination 158
trap manager 158
password
configuring 125
management 125
port priority
STA 193
radio channel
802.11a interface 214
802.11g interface 214
RADIUS 171
RTS
threshold 220
VLAN
configuration 262
upgrading software 169
user password 125
WEP
shared key 242
WPA
pre-shared key 245
Secure Socket Layer See SSL
shared key 242
SNMP 155
community name 156
community string 156
enabling traps 157
trap destination 158
trap manager 158
SNTP 148
enabling client 149
server 148
software
displaying version 136
downloading 169
SSID 221
SSL 130
STA
interface settings 193â??
path cost 193
port priority 193
startup files, setting 168
station status 235, 236
status
displaying device status 135
displaying station status 235, 236
subnet mask 26, 27, 33, 34, 35
system clock, setting 149
system log
enabling 143
server 144
system software, downloading from server 169
â 285 â
E062013-CS-R01
149100000240A

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : No
Author                          : chris
Create Date                     : 2013:06:26 09:57:58Z
ICN App Name                    : Infix Pro
ICN App Platform                : Windows
ICN App Version                 : 5.13
Modify Date                     : 2015:04:30 16:22:34
XMP Toolkit                     : Adobe XMP Core 4.2.1-c041 52.342996, 2008/05/07-20:48:00
Format                          : application/pdf
Creator                         : chris
Title                           : user-guide.book
Creator Tool                    : FrameMaker 9.0
Metadata Date                   : 2014:10:29 05:42:38+08:00
Producer                        : Acrobat Distiller 9.5.3 (Windows)
Document ID                     : uuid:78ca1c6c-f5aa-4fe3-b056-da9f139959a9
Instance ID                     : uuid:bc51c969-822e-47d6-8253-e9f000c16e02
Page Mode                       : UseOutlines
Page Count                      : 286

EXIF Metadata provided by EXIF.tools

Iconnect 934 Concurrent Dual-Radios 2.4GHz+5GHz MIMO AP/CPE User Manual user guide

Iconnect Concurrent Dual-Radios 2.4GHz+5GHz MIMO AP/CPE user guide

Users Manual

FCC ID Filing: 2AB87934

Navigation menu

Namespaces

Views

Navigation