Maipu Communication Technology MP1800 Multi-Operation Access Router User Manual
Maipu Communication Technology Co., Ltd Multi-Operation Access Router
Users manual
Maipu Confidential & Proprietary Information Page 1 of 37
MP1800 SERIES Multi-Operation
Access Router
Maipu Communication Technology Co., Ltd
No. 16, Jiuxing Avenue
Hi-Tech Park
Chengdu, Sichuan Province
P. R. China
610041
Tel: (86) 28-85148850, 85148041
Fax: (86) 28-85146848, 85148139
URL: http:// www.maipu.com
Mail: overseas@maipu.com
Maipu Confidential & Proprietary Information Page 2 of 37
All rights reserved. Printed in the People’s Republic of China.
No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any
language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual
or otherwise without the prior written consent of Maipu Communication Technology Co., Ltd.
Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied
warranties of merchantability or fitness for any specific purpose. Further, Maipu reserves the right to revise this document
and to make changes from time to time in its content without being obligated to notify any person of such revisions or
changes.
Maipu values and appreciates comments you may have concerning our products or this document. Please address comments
to:
Maipu Communication Technology Co., Ltd
No. 16, JiuXing Avenue, Hi-Tech Park
Chengdu, Sichuan Province
P. R. China
610041
Tel: (86) 28-85148850, 85148041
Fax: (86) 28-85146848, 85148139
URL: http:// www.maipu.com
Mail: overseas@maipu.com
All other products or services mentioned herein may be registered trademarks, trademarks, or service marks of their
respective manufacturers, companies, or organizations.
NOTE1:
Changes or modifications not expressly approved by the party responsible for compliance could
void the user's authority to operate the equipment.
NOTE2:
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This equipment generates, uses
and can radiate radio frequency energy and, if not installed and used in accordance with the
instructions, may cause harmful interference to radio communications. However, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by turning the
equipment off and on, the user is encouraged to try to correct the interference by one or more of the
following measures:
-- Reorient or relocate the receiving antenna.
-- Increase the separation between the equipment and receiver.
-- Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
-- Consult the dealer or an experienced radio/TV technician for help.
Maipu Confidential & Proprietary Information Page 3 of 37
Contents
WLAN Configuration...................................................................................4
Introduction to WLAN..............................................................................................4
Wireless Interface Parameter Configuration...............................................................5
Introduction............................................................................................................................5
Basic Commands.....................................................................................................................5
Application Instance ..............................................................................................................13
Monitoring and Debugging.....................................................................................................13
Virtual AP Parameter Configuration ........................................................................15
Overview ..............................................................................................................................15
Basic Commands...................................................................................................................15
Application Instance ..............................................................................................................22
Monitoring and Debugging.....................................................................................................23
Wireless Security Profile Configuration....................................................................30
Overview ..............................................................................................................................30
Basic Commands...................................................................................................................30
Application Instance ..............................................................................................................33
Monitoring and Debugging.....................................................................................................34
WLAN Typical Configuration...................................................................................35
Software & Hardware Version................................................................ 37
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 4 of 37
WLAN Configuration
Main contents:
z Introduction to WLAN
z Wireless interface parameter configuration
z Virtual AP parameter configuration
z Wireless security profile configuration
z WLAN typical configuration
Introduction to WLAN
WLAN (Wireless Local Area Networks) is developed from the earliest
802.11 standard to the later 802.11b/g, which makes WLAN bandwidth be
improved greatly. 802.11i standard ensures the WLAN security;
802.11f/r/s standard makes the WLAN removable and deployable.
WLAN consists of Independent BSS, Infrastructure BSS and ESS. This
chapter describes the configuration and debugging of the access point in
Infrastructure BSS. The virtual AP mentioned in the following text refers to
multiple access points on the same wireless interface and they have the
same physical parameters, but the protocol parameters in the security
policy can be different.
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 5 of 37
Wireless Interface Parameter
Configuration
Main contents:
z Introduction to wireless interface parameter
z Basic commands of wireless interface parameter
z Application instance of wireless interface parameter
z Monitoring and debugging of wireless interface parameter
Introduction
Wireless interface has some configurable parameters, including antenna,
channel, power, mode, rate, re-transmission times, country code,
preamble length, SLOT length, beacon period and so on. The parameters
of all virtual APs are the same.
Basic Commands
Command Description
Configuration
Mode
antenna {rx | tx} {left | right | diversity}
Select antenna. The
receiving and sending
antennas can be selected
separately. You can select
fixed or auto.
config-if-
dot11radio0
beacon {period | dtim-period}
time
The beacon period and
DTIM period config-if-
dot11radio0
channel
number
channel auto
channel auto
time
Select channel config-if-
dot11radio0
packet {long | short} retry
1-15
Set the times of re-
transmitting packets config-if-
dot11radio0
power {100 | 50 | 25 | 12 | min} Set the power; set according
to the percentage of the
maximum power
config-if-
dot11radio0
preamble {short | long} Set long and short preamble config-if-
dot11radio0
radioMode {11b | 11g | mixed} Set wireless mode config-if-
dot11radio0
radioSpeed {basic-x.x | x.x} Set the wireless rate config-if-
dot11radio0
rts {retry | threshold}
count
Set the RTS threshold and
re-transmission times config-if-
dot11radio0
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 6 of 37
slot {short | long} Set the slot length of the
conflict window config-if-
dot11radio0
shutdown Close the wireless interface config-if-
dot11radio0
worldwide countrycode
code
Set the country code config-if-
dot11radio0
Note
The command description with * means that the command has the
configuration instance to describe.
antenna
The antenna has two antennas. You can select one or auto.
antenna {rx | tx} {left | right | diversity}
no antenna {rx | tx}
Syntax Description
rx left Select the left antenna for receiving
rx right Select the right antenna for receiving
rx diversity The receiving selects the antenna according to the
signal intensity automatically.
tx left Select the left antenna for sending
tx right Select the right antenna for sending
tx diversity The receiving selects the antenna according to the
signal intensity automatically.
Default status: By default, select antenna automatically for sending and
receiving.
Note
The receiving antenna on MP1800 SERIES router can take effect only
when being set as auto.
beacon
The command is used to set the beacon period and DTIM period.
beacon {period | dtim-period} time
no beacon {period | dtim-period}
Syntax Description
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 7 of 37
period
100-3000
Set the period of sending the beacon packets and the
unit is 1024us
dtim-period
1-30
Set the period of sending buffered broadcast packets
and the unit is beacon periods
Default status: The default beacon period is 300 and the period of
sending the buffer packets is 6.
channel
You can select the fixed channel or set to search the idle channels
automatically.
channel number
channel auto
channel auto time
no channel
Syntax Description
1-14
Set the specified channel. The channel is the wireless
center channel. In fact, after expanding, it may occupy
the center channel left two and right two channels.
Therefore, the enter channels without overlapping are 1,
6, and 11. In fact, the configurable channel range is
related with the set country code.
auto Automatically detect the idle channel for one time.
auto
1-6000
Automatically detect the idle channels with the configured
minutes as the period. The auto detection affects the
normal communication, so the period cannot be set too
small.
Default status: By default, automatically detect the idle channel for one
time.
packet
The command is used to set the times of re-transmitting the packets.
packet {long | short} retry 1-15
no packet {long | short} retry
Syntax Description
short retry
count
Set the times of re-transmitting the packet with the
length smaller than RTS threshold
long retry
count
Set the times of re-transmitting the packet with the
length larger than RTS threshold
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 8 of 37
Default status: By default, the re-transmission times is 10.
power
The command is used to set the percentage of the maximum wireless
power.
power {100 | 50 | 25 | 12 | min}
no power
Syntax Description
100 Set the wireless sending power as 100% of the maximum
power
50 Set the wireless sending power as 50% of the maximum
power
25 Set the wireless sending power as 25% of the maximum
power
12 Set the wireless sending power as 12% of the maximum
power
min Set the wireless sending power as the minimum power
Default status: By default, the wireless sending power is 100% of the
maximum power.
preamble
The command is used to set the length of the preamble.
preamble {short | long}
no preamble
Syntax Description
short Set the preamble as the short preamble
long Set the preamble as the long preamble
Default status: By default, it is the short preamble.
radioMode
The command is used to set the wireless mode.
radioMode {11b | 11g | mixed}
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 9 of 37
no radioMode
Syntax Description
11b Set the wireless mode as 802.11b
11g Set the wireless mode as 802.11g
mixed Set the wireless mode as 802.11b/g mixed
Default status: By default, the wireless mode is 802.11b/g mixed.
Note
Set the wireless mode to affect the rate configuration. When being set as
802.11b, the rate can only be set as 1.0, 2.0, 5.5, 11.0; when being set
as 802.11g, the rate can only be set as 6.0, 9.0, 12.0, 18.0, 24.0, 36.0,
48.0, and 54.0; when being set as mixed, you can set all rates.
radioSpeed
You can select multiple wireless rates. Meanwhile, you need to specify
whether each rate is the basic rate (the basic rate is the rate that all
associated stations must support).
radioSpeed {basic-x.x | x.x}
no radioSpeed
Syntax Description
basic-x.x …
Set the wireless basic rate
x.x …
Set the wireless extended rate
Default status: All 802.11b/g rates: basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0
18.0 24.0 36.0 48.0 54.0.
Note
1. The wireless rate means the rate that must be supported when the
wires access node is associated with the stations. At least one basic
rate must be set.
2. You can set multiple rates, such as radioSpeed basic-1.0 basic-2.0
48.0 54.0.
3. During the actual running, the program selects from the rate setting
range according to the signal.
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 10 of 37
4. The no format of the command selects the appropriate rate according
to the current wireless mode.
rts
The command is used to set the RTS threshold and retransmission times.
rts {retry | threshold} count
no rts {retry | threshold}
Syntax Description
threshold
256-2346
Set the packet size threshold of using the RTS/CTS
mechanism. When the unicast packet is larger than the
threshold, use RTS/CTS to interact.
retry
1-15
Set the re-transmission times of RTS
Default status: By default, the RTS threshold is 2346 bytes and the RTS
re-transmission times is 10.
shutdown
The command is used to disable the wireless interface.
shutdown
no shutdown
Default status: By default, the wireless interface is enabled.
slot
The command is used to set the length of the conflicting window slot.
slot {short | long}
no slot
Syntax Description
short Set the conflicting window as short slot, that is, 9us.
long Set the conflicting window as long slot, that is, 20us.
Default status: By default, it is the short slot.
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 11 of 37
worldwide
The command is used to set the country code of the wireless interface.
Each country may have different limitation for wireless signal.
worldwide countrycode code
no worldwide countrycode
Syntax Description
code
Use two capital letters to express the ISO country code.
For example, CN is for China and US is for America.
Default status: CN
Note
1. The setting of the country code affects the available wireless channel
and the maximum sending power.
2. The configurable country codes:
Country code Country name
AR ARGENTINA
AT AUSTRIA
AU AUSTRALIA
BE BELGIUM
BG BULGARIA
BR BRAZIL
CA CANADA
CH SWITZERLAND
CL CHILE
CN CHINA (Default)
CO COLOMBIA
CY CYPRUS
CZ CZECH REPUBLIC
DE GERMANY
DK DENMARK
EE ESTONIA
ES SPAIN
FI FINLAND
FR FRANCE
GB UNITED KINGDOM
GR GREECE
HK HONGKONG
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 12 of 37
HR CROATIA
HU HUNGARY
ID INDONESIA
IE IRELAND
IL ISRAEL
IN INDIA
IS ICELAND
IT ITALY
JP JAPAN
KR KOREA
LI LIECHTENSTEIN
LT LITHUANIA
LU LUXEMBOURG
LV LATVIA
MA MOROCCO
MT MALTA
MX MEXICO
MY MALAYSIA
NL NETHERLANDS
NO NORWAY
NZ NEW ZEALAND
PE PERU
PH PHILIPPINES
PL POLAND
PT PORTUGAL
RO ROMANIA
RU RUSSIAN FEDERATION
SA SAUDI ARABIA
SE SWEDEN
SG SINGAPORE
SI SLOVENIA
SK SLOVAKIA
TH THAILAND
TR TURKEY
TW TAIWAN,PROVINCE OF CHINA
US UNITED STATES
UY URUGUAY
ZA SOUTH AFRICA
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 13 of 37
Application Instance
Application Instance 1
WLAN application network topology
Illustration
One router with the WLAN module and one PC with the wireless adapter
are interconnected.
ROUTER configuration:
Command Description
router(config)#interface dot11radio0 Enter the wireless interface
mode
router(config-if-dot11radio0)#beacon period 100 Configure beacon period as
100ms
router(config-if-dot11radio0)#channel auto Configure selecting channel
automatically
router(config-if-dot11radio0)#radioSpeed basic-1.0 basic-2.0
54.0 Configure the basic rate and
extended rate
router(config-if-dot11radio0)# worldwide countrycode CN Configure the country code as
CN
router(config-if-dot11radio0)#exit Exit the wireless interface
mode
Monitoring and Debugging
Monitoring Command
Command Description
show dot11radio
unit
Display the running parameter and status of the wireless
interface
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 14 of 37
Monitoring Command Instance
router#show dot11radio 0
Displayed result:
dot11radio 0:
LinkStatus : Up
Mac Address : 0001.7a12.3456
Current SSIDs : 2 MAX SSIDs : 4
*************************************************************************
SSID(network name) LinkStatus VLAN Stations Privilege
maipu Up 1 1 No
CPE Up 2 0 No
*************************************************************************
Country Code : 156 RadioMode : 11b/g mixed
Allowed Channels : 1 2 3 4 5 6 7 8 9 10 11 12 13
Auto Channel : Yes Auto ReChannel : Disable
Current Channel : 4 [AUTO] Power : 100%
Recv Antenna : diversity Transmit Antenna : diversity
Allowed Rates : [1] 2 5.5 6 9 11 12 18 24 36 48 54
Broadcast rate : 1 Need Protection : No
Beacon Period : 300 Short Time Slot : Yes
Dtim Period : 6 Short Preamble : No
RTS Threshold : 2346 Packet Short Retry: 10
RTS Retry : 10 Packet Long Retry : 10
Fragment Input : 1026 Fragment Output : 139
Bytes Input : 90704 Bytes Output : 24162
Frame Input : 3104 Frame Output : 139
Multicast Input : 2923 Multicast Output : 136
Duplicates Rcvd : 0 Exceeded Retries : 0
Decrypt Failed : 5 Data Retries : 0
MIC Failed : 0 RTS Retries : 0
FCS Failed : 138
Associate Request : 1 Associate Response: 1
Associate Success : 1 Diassociate : 0
Description and analysis:
The above information includes three parts:
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 15 of 37
1. The current wireless interface status, including the Link status of the
wireless interface, the information about all virtual APs under the
wireless interface and so on;
2. The running parameters of the current wireless interface;
3. The statistics information of the current wireless interface;
Virtual AP Parameter
Configuration
Main contents:
z Overview
z Basic commands of virtual AP parameters
z Application instance of virtual AP parameters
z Monitoring and debugging of virtual AP parameters
Overview
Virtual AP refers to the multiple virtual logical wireless access point (AP)
on the same wireless interface. The parameters of the virtual APs can be
different and can be bound to different security policies.
Basic Commands
Command Description Configuration Mode
ssid
name
Enter the virtual AP
configuration mode or
create a new virtual AP
config-if-dot11radio0
config-dot11radio0-ssid-xxx
clientlimit
1-56
Set the maximum
number of the access
clients of the virtual AP config-dot11radio0-ssid-xxx
encapsulation {802.1h |
rfc1042} Select the LLC
encapsulation format config-dot11radio0-ssid-xxx
fragment
256-2346
Set the fragment
threshold config-dot11radio0-ssid-xxx
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 16 of 37
idle-timeout
0-60
Set the idle timeout config-dot11radio0-ssid-xxx
maclist
2001-3000
Bind the access list of
the MAC address config-dot11radio0-ssid-xxx
regroup time
1-30
Re-calculate the period
of the multicast key config-dot11radio0-ssid-xxx
security
name
Bind the security
profile config-dot11radio0-ssid-xxx
shutdown Disable the virtual AP config-dot11radio0-ssid-xxx
ssidIe {enable | disable} Enable and disable the
SSID advertisement of
virtual AP config-dot11radio0-ssid-xxx
vlan
1-4094
Configure the vlan ID
of the virtual AP config-dot11radio0-ssid-xxx
privilege {enable | disable} Configure the privilege
attribute of the virtual
AP config-dot11radio0-ssid-xxx
station isolate {enable | disable} Configure whether the
AP isolates the station config-dot11radio0-ssid-xxx
interface dot11radio0.x
Create one the
wireless sub interface
and enter the
configuration mode of
the wireless sub
interface
config
config-if
encapsulation dot1q
1-4094
Encapsulate the
wireless sub interface
with the VLAN ID config-if-dot11radio0.x
Note
The command description with * means that the command has the
configuration instance to describe.
ssid
The command is used to create a new virtual AP or enter the existing
virtual AP, with ssid as ID.
ssid name
no ssid name
Syntax Description
ssid
name
If virtual AP identified by
name
does not exist, first
create a new virtual AP and enter the virtual AP
configuration mode, that is, the ssid configuration mode
no ssid
name
Delete the virtual AP identified by
name
Default status: none
Note
At most four virtual APs can be configured.
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 17 of 37
clientlimit
The command is used to limit the maximum number of the stations of the
virtual AP.
clientlimit 1-56
no clientlimit
Syntax Description
1-56
The maximum number of the access stations of the
virtual AP
Default status: By default, up to 14 access stations are permitted.
Note
1. Each virtual AP can be configured with up to 56 access stations, but
the total number of the associated stations of all virtual APs of one
wireless interface cannot exceed 56. Therefore, the total number of
the stations of all virtual APs exceeds 56, the system prints the
prompt information.
2. The encrypted policy affects the maximum number of the associated
stations of the wireless interface. If the encrypted policy is TKIP, one
station occupies two resources. Therefore, the wireless interface can
associates with 56 stations at most. If all associated stations use TKIP,
the maximum number of the stations that can be associated with the
wireless interface changes to 28.
encapsulation
The command is used to set the OUI encapsulation format of the link layer
LLC/SNAP.
encapsulation {802.1h | rfc1042}
no encapsulation
Syntax Description
rfc1042 Encapsulate LLC/SNAP (aa-aa-03-00-00-00) by RFC1042
802.1h Encapsulate LLC/SNAP (aa-aa-03-00-00-f8) by 802.1H.
Default status: Encapsulate by rfc1042.
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 18 of 37
Note
1. The command is invalid for the IPX and AppleTalk protocol packets.
The IPX and AppleTalk packets are encapsulated by 802.1h.
2. The command does not affect the de-encapsulating of the
encapsulated packet and the device processes according to IEEE
802.1H-1997 standard.
fragment
The command is used to set the fragment threshold. The packet that
exceeds the threshold is fragmented.
fragment 256-2346
no fragment
Syntax Description
256-2346
Set the bytes of the packet fragment
Default status: The threshold of the packet fragment is 2346 bytes.
idle-timeout
The command is used to set the idle timeout of the station.
idle-timeout 0-60
no idle-timeout
Syntax Description
0-60
0 means no timeout forever. The remaining means 1-
60-minute timeout.
Default status: By default, the timeout is 5 minutes.
maclist
The command is used to bind the MAC access list.
maclist 2001-3000
no maclist
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 19 of 37
Syntax Description
2001-3000
Bind the created MAC access list, which is used for the
basic authentication of 802.11.
Default status: By default, no MAC access list is bound.
regroup
The command is used to set re-calculating the multicast key period.
regroup time 1-30
no regroup time
Syntax Description
1-30
Set re-calculating the period of the multicast key, in the
unit of minute.
Default status: By default, do not re-calculate the multicast key.
Note
The setting is valid only when the security policy is WPA1 or WPA2.
security
The command is used to bind the configured security profile.
security name
no security
Syntax Description
name
Bind the configured security profile. Check the contents
of the security profile during binding. If there is
conflicting project, the system prompts error.
Default status: No security profile is bound.
shutdown
The command is used to disable the virtual AP.
shutdown
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 20 of 37
no shutdown
Default status: Enable the virtual AP.
ssidIe
The command is used to set whether to broadcast SSID of the virtual AP.
ssidIe {enable | disable}
no ssidIe
Syntax Description
enable Broadcast the SSID of the virtual AP.
disable Do not broadcast SSID of the virtual AP.
Default status: Broadcast the SSID of the virtual AP.
vlan
The command is used to set the VLAN ID of the virtual AP.
vlan 1-4094
no vlan
Syntax Description
1-4094
Set the VLAN of the virtual AP. The vlan number
corresponds to the VLAN number of the wireless sub
interface, so the wireless packets of the virtual AP can
be submitted to the IP protocol stack.
Default status: no vlan attribute
Note
Modifying the configuration results in the disconnection of all stations.
privilege
The command is used to set the privilege attribute of the virtual AP.
privilege {enable | disable}
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 21 of 37
no privilege
Syntax Description
enable Set the virtual AP as the privilege virtual AP. Once the
attribute is set, only the privilege user on the web
interface can view and configure the virtual AP.
disable Set the virtual AP as the common virtual AP and all
users can view and configure.
Default status: No privilege attribute
station isolate
The command is used to set the privilege attribute of the virtual AP.
station isolate {enable | disable}
no station isolate
Syntax Description
enable Set the virtual AP to isolate all associated stations. All
stations cannot communicate with each other, but they
can only communicate with the wireless sub interface.
disable Set the virtual AP not to isolate stations. All stations in
the virtual AP can communicate with each other and the
wireless sub interface.
Default status: Do not isolate the stations.
interface dot11radio0.x
The command is used to create the wireless sub interface or enter the
wireless sub interface configuration mode.
interface dot11radio0.x
Default status: No sub interface
Note
1. Wireless sub interface is the channel of the virtual AP connecting the
DS system. You can configure the IP address, NAT, ACL, route
protocol and bridge group on the wireless sub interface.
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 22 of 37
2. The wireless main interface can only be configured with the wireless
parameters and SSID, but cannot be configured with the IP address or
run the IP protocol stack. It can only serve as one console interface.
encapsulation dot1q
The command is used to configure the VLAN number of the wireless sub
interface.
encapsulation dot1q 1-4094
Syntax Description
1-4094
Set the VLAN number of the wireless sub interface. The
vlan number corresponds to the VLAN number of the
wireless sub interface, so the wireless packets of the virtual
AP can be submitted to the IP protocol stack.
Default status: No vlan attribute
Application Instance
Application Instance 1
Refer to Figure 1-1.
Router configuration:
Command Description
router(config)#interface dot11radio0 Enter the wireless interface mode
router(config-if-dot11radio0)#ssid test Enter the virtual AP configuration
mode
router(config-if-dot11radio0-ssid-test)#clientlimit 10 Configure the limitation for the clients
of the virtual AP
router(config-if-dot11radio0-ssid-test)#fragment
2000 Configure the fragment threshold of
the virtual AP
router(config-if-dot11radio0-ssid-test)#idle-timeout
60 Configure the client idle timeout of the
virtual AP
router(config-if-dot11radio0-ssid-test)#security wpa Bind the security profile of the virtual
AP
router(config-if-dot11radio0-ssid-test)#vlan 1 Configure the VLAN attribute of the
virtual AP
router(config-if-dot11radio0-ssid-test)#exit Exit the virtual AP configuration mode
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 23 of 37
Monitoring and Debugging
Monitoring Commands
For example:
Command Description
show dot11radio
unit
ssid name Display the running parameters and
status of the virtual AP
show dot11radio
unit
ssid
name
station
mac-
address
Display the running status of the access
station
Monitoring Command Instance
router# show dot11radio 0 ssid maipu
Displayed result:
SSID [maipu]:
LinkStatus : Up
Mac Address : 0201.7a12.3456
Current Stations : 1 MAX Stations : 14
*****************************************************************************
MAC Address IP Address Authenticated Associated WPA1/2-PSK EAP-802.1X
00b0.8c51.0327 192.168.119.40 Yes Yes - -
*****************************************************************************
Vlan : 1 Security Profile :
Hidden SSID : No RegroupTime : 0
Encapsulation : RFC1042 MacList :
Fragment Threshold : 2346 Privilege : No
Fragment Input : 437 Fragment Output : 100
Bytes Input : 60351 Bytes Output : 18539
Frame Input : 437 Frame Output : 100
Multicast Input : 255 Multicast Output : 96
Duplicates Rcvd : 0 Exceeded Retries : 0
Decrypt Failed : 0 Data Retries : 0
MIC Failed : 0 RTS Retries : 0
Associate Request : 1 Associate Response: 1
Associate Success : 1 Diassociate : 0
Description and analysis:
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 24 of 37
The above information includes three parts:
1. The current virtual AP status, including the Link status of the virtual
AP, the information about all associated stations of the virtual AP;
2. The running parameters of the current virtual AP;
3. The statistics information of the current virtual AP;
router#show dot11radio 0 ssid maipu station 00b0.8c51.0327
Displayed result:
Station [00b0.8c51.0327]:
MAC Address : 00b0.8c51.0327 IP Address : 192.168.119.40
SSID : maipu Vlan : 1
SecPol : - Authenticated : Yes
AuthPol: : - Associated : Yes
CiphPol: : - AID : 1
Supported Rates : [1] 2 5.5 6 9 11 12 18 24 36 48 54
Receive Rate : 54 Transmit Rate : 54
Signal Strength : -70dBm Connected For : 490 seconds
Signal Quality : 41% Activity Timeout : 120 seconds
Power-save : Off Last Activity : 26 seconds ago
Fragment Input : 71 Fragment Output : 1
Bytes Input : 4704 Bytes Output : 360
Frame Input : 71 Frame Output : 1
Duplicates Rcvd : 0 Exceeded Retries : 0
Decrypt Failed : 0 Data Retries : 0
MIC Failed : 0 RTS Retries : 0
Description and analysis:
The above information includes two parts:
1. The running parameters of the associated station
2. The statistics information of the associated station
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 25 of 37
Debugging Commands
Command Description
debug dot11radio pro
assoc Debug the association of the station
debug dot11radio pro auth Debug the basic authentication of the station
debug dot11radio pro data Debug all packets received and sent by the wireless interface
debug dot11radio pro
datanull Debug the datanull packets received by the wireless interface
debug dot11radio pro
deauth Debug the de-authentication of the station
debug dot11radio pro
disassoc Debug the dis-association of the station
debug dot11radio pro
dperx Debug the packets received by the wireless interface
debug dot11radio pro
dpetx Debug the packets sent by the wireless interface
debug dot11radio pro pm Debug the converting of the mode of saving energy of the
station
debug dot11radio pro
probe Debug the detection frames received by the wireless
interface and the response
debug dot11radio pro
pspoll Debug the pspoll frame received by the wireless interface
debug dot11radio pro
ratectrl Debug the rate adjusting of the wireless interface
debug dot11radio pro
reassoc Debug the re-association of the station
debug dot11radio pro scan Debug the process of the wireless interface of detecting the
idle channel automatically
debug dot11radio rsn Debug the process of the wireless interface expanding
security
Debugging Command Instance
For environment, refer to Figure 1.1.
1. A complete process of connecting the station
The following debugging switches need to be enabled:
debug dot11radio pro auth
debug dot11radio pro assoc
debug dot11radio rsn
Information and analysis:
00:03:53: DOT11->AUTH: from 00:b0:8c:51:03:27 to 02:e0:4c:fb:76:a7
The authentication packet is sent from the station 00:b0:8c:51:03:27 to
the virtual AP 02:e0:4c:fb:76:a7
00:03:53: DOT11->Update Sta:00:b0:8c:51:03:27 Start
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 26 of 37
Update the status of the station 00:b0:8c:51:03:27.
00:03:53: DOT11->Sta:00:b0:8c:51:03:27 is already here
Find that the station 00:b0:8c:51:03:27 already exists.
00:03:53: DOT11->Update Sta:00:b0:8c:51:03:27 End
00:03:53: DOT11->Auth Recv Start
Start to process the authentication packet.
00:03:53: DOT11->OPEN-SYSTEM-SEQ-1
The authentication mode opensystem, the first frame (reques)
00:03:53: DOT11->Auth Send Start
00:03:53: DOT11->Sta:00:b0:8c:51:03:27
Send the authentication response packet.
00:03:53: DOT11->Auth Send End
00:03:53: DOT11->Open-System Authentication success!
Pass the opensystem basic authentication.
00:03:53: DOT11->Auth Recv End
00:03:53: DOT11->ASSOC: from 00:b0:8c:51:03:27 to 02:e0:4c:fb:76:a7
Receive the association packet sent from the station 00:b0:8c:51:03:27 to
virtual AP 02:e0:4c:fb:76:a7.
00:03:53: DOT11->Assoc Recv Start
00:03:53: DOT11->Asso Rsp Send Start
00:03:53: DOT11->Sta:00:b0:8c:51:03:27
Send the association response packet to the station 00:b0:8c:51:03:27.
00:03:53: DOT11->Asso Rsp Send End
00:03:53: DOT11->Association success
The association succeeds.
00:03:53: DOT11->Sta's negAuthPol is PSK
The authentication mode of the station is PSK.
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 27 of 37
00:03:53: DOT11->Send uniCast MSG A to 00:b0:8c:51:03:27
Start to perform the RSN authentication and send the first packet to the
station.
00:03:53: DOT11->Received uniCast MSG B from 00:b0:8c:51:03:27
Receive the second response packet RSN of the station.
00:03:53: DOT11->Key data added!
00:03:53: DOT11->Send uniCast MSG C/RSN to 00:b0:8c:51:03:27
Send the RNS third packet to the station.
00:03:53: DOT11->Received uniCast MSG D from 00:b0:8c:51:03:27
Receive the RSN fourth response packet of the station.
2. The debugging of power saving mode
The following debugging switches need to be enabled:
debug dot11radio pro pm
debug dot11radio pro pspoll
debug dot11radio pro datanull
The process of AP buffering the packers of the station in the power
saving mode and TIM advertising:
ROUTER#ping 192.168.119.40
The station is already in the power saving mode, so it is necessary to send
packets from the AP to the station actively, buffer them and use the TIM
advertising:
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to 192.168.119.40 , timeout is 2 seconds:
00:11:57: DOT11->Enqueue to Sta's PM Queue
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 28 of 37
The station is in the power saving state, so the packets sent to the station
is buffered in the PM queue.
00:11:57: DOT11->enough space in Sta's PM Queue
The PM buffer queue still has space.
00:11:57: DOT11->Started to SET AID 5. Byte = 0, bit = 5 (oldStart = 0, oldStop=1)
Set the fields from AID 5 to TIM of the station, so as to inform the station
that there are packets for it via beacon.
00:11:57: DOT11->Bit 5 set in byte 0 (newStart=0 newStop = 1)
00:11:58: DOT11->PSPOLL: from 00:b0:8c:51:03:27 to 02:e0:4c:fb:76:a7
After receiving the beacon advertisement, the station sends the pspoll
packets to require receiving the buffered data.
00:11:58: DOT11->PsPoll Recv Start
00:11:58: DOT11->PmFlush Start:ONE,SEND
Send one packet in the PM buffer queue at once.
00:11:58: DOT11->Sta:00:b0:8c:51:03:27
The destination station is 00:b0:8c:51:03:27.
00:11:58: DOT11->Packet Send Start
00:11:58: DOT11->Send to Driver Start
00:11:58: DOT11->Send to Driver End
00:11:58: DOT11->Packet Send End
Sending packets is complete.
00:11:58: DOT11->No More Packets In Queue
The PM buffer queue of the station is empty.
00:11:58: DOT11->Started to CLEAR AID 5. Byte = 0, bit = 5 (oldStart = 0, oldStop=1)
Clear up the AID 5 of the TIM field and inform the station that there is no
buffered packet.
00:11:58: DOT11->Byte 0 after clear Bit 5 is zero(oldStart=0 oldStop=1)
00:11:58: DOT11->Bit 5 clear in byte 0 (newStart=0 newStop=1)
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 29 of 37
The process of converting the power saving state of the station:
00:31:30: DOT11->DATA-NULL: from 00:b0:8c:51:03:27 to 02:e0:4c:fb:76:a7
Receive the datanull packet from the station.
00:31:30: DOT11->DataNull Recv Start
00:31:30: DOT11->PM from FALSE to TRUE
The PM information in the datanull packet means that the station changes
from the normal state to the power saving state.
00:31:51: DOT11->DataNull Recv End
Here, the station pings the wireless sub interface actively, so the
station actively changes to the normal state for communicating.
00:31:48: DOT11->PM from TRUE to FALSE
Receive the ping packet from the station and the PM field in the packet
means that the status changes to normal.
00:31:48: DOT11->PmFlush Start:ALL,SEND
The power saving state of the station changes to normal, so it is necessary
to send all buffered packets to the station.
00:31:48: DOT11->Sta:00:b0:8c:51:03:27
00:31:48: DOT11->No packets in queue
The buffer queue is already empty.
00:31:48: DOT11->Started to CLEAR AID 5. Byte = 0, bit = 5 (oldStart = 0, oldStop=1)
00:31:48: DOT11->Bit 5 already cleared in byte 0 (oldStart=0 oldStop=1)
There are no buffered packets of the station, so modify the AID of the TIM
field.
00:31:51: DOT11->DATA-NULL: from 00:b0:8c:51:03:27 to 02:e0:4c:fb:76:a7
Receive the datanull packets from the station (because there is no
communication for a period of time, the station enters the power saving
state.)
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 30 of 37
00:31:51: DOT11->DataNull Recv Start
00:31:51: DOT11->PM from FALSE to TRUE
The PM information in the datanull packet means that the station changes
from the normal state to the power saving state.
00:31:51: DOT11->DataNull Recv End
Wireless Security Profile
Configuration
Main contents:
z Overview
z Basic commands of wireless security profile
z Application instance of wireless security profile
z Monitoring and debugging of wireless security profile
Overview
Wireless security profile means to configure the authentication, encryption
and password of the wireless security to one profile and then bind the
profile to any virtual AP. One virtual AP can only be bound to one security
profile, but multiple virtual APs can be bound to one security profile. After
the security profile is bound to the virtual AP, it cannot be modified, but
should be un-bound first.
Basic Commands
Command Description Configuration Mode
ssid-security-profile
name
Create one wireless
security profile and
enter the security
profile
configuration mode
config
config-dot11radio0-ssid-
xxx
config-ssid-secprofile-xxx
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 31 of 37
authpol
{opensystem|sharekey|psk|802.1x}
Set the
authentication
policy config-ssid-secprofile-xxx
ciphpol {none | wep40 | wep104 |
aes | tkip} Set the encryption
policy config-ssid-secprofile-xxx
secpol {none | wep | wpa1 | wpa2} Set the security
policy config-ssid-secprofile-xxx
Note
The command description with * means that the command has the
configuration instance to describe.
ssid-security-profile
The command is used to create one new security profile or enter the
configuration mode of the existing security profile.
ssid-security-profile name
no ssid-security-profile name
Syntax Description
ssid-security-profile
name
Create one new security profile or enter the configuration
mode of the existing security profile
no ssid-security-profile
name
Delete the existing security profile
Default status: none
authpol
The command is used to set the authentication policy.
authpol {opensystem|sharekey|psk|802.1x}
Syntax Description
opensystem Set the 802.11 basic authentication as open; no extended
authentication mode
sharekey
Set the 802.11 basic authentication as share; no extended
authentication mode
psk ascii
string
Set the 802.11 basic authentication as open and the
extended authentication mode is PSK; set the key with a
length of 8-63 bytes.
psk hex
hex-string
Set the 802.11 basic authentication as open and the
extended authentication mode is PSK; set the hex number of
the key with a length of 64 characters (that is, 32-byte hex
number)
802.1x default
802.1x
name
Set the 802.11 basic authentication as open and the
extended authentication mode is 802.1x; set the 802.1x
authentication server list name (by default, it is default).
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 32 of 37
Default status: opensystem
ciphpol
The command is used to set the encryption policy.
ciphpol {none | wep40 | wep104 | aes | tkip}
Syntax Description
none Set no encryption policy
wep40 key-slot
1-4
key hex
hex-string
Set the encryption policy as wep, use the 40-bit
key and set the hex number of the key index
and key, with a length of 10 characters (that is,
5-byte hex number)
wep40 key-slot
1-4
key ascii
string
Set the encryption policy as wep, use the 40-bit
key and set the ascii character string of the key
index and key, with a length of 5 characters
(that is, 5-byte hex number)
wep104 key-slot
1-4
key hex
hex-string
Set the encryption policy as wep, use the 104-bit
key and set the hex number of the key index
and key, with a length of 26 characters (that is,
13-byte hex number)
wep104 key-slot
1-4
key ascii
string
Set the encryption policy as wep, use the 104-bit
key and set the ascii character string of the key
index and key, with a length of 13 characters
(that is, 13-byte hex number)
tkip Set the encryption policy as TKIP (only WPA1
and WPA2 can set the encryption policy)
aes Set the encryption policy as AES (that is, CCMP;
only WPA1 and WPA2 can set the encryption
policy)
Default status: none
Note
Encryption policy affects the maximum number of the associated stations
of the wireless interface. If the encryption policy is TKIP, one station
occupies two resources. Therefore, the wireless interface can be
associated with 56 stations at most. If all associated stations use TKIP, the
maximum number of the associated stations of the wireless interface
changes to 28.
secpol
The command is used to set the security policy.
secpol {none | wep | wpa1 | wpa2}
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 33 of 37
Syntax Description
none Set non security policy
wep
Set the security policy as WEP
wpa1 Set the security policy as WPA1
wpa2 Set the security policy as WPA2
Default status: none
Application Instance
Application Instance 1
There are the following typical wireless security profiles:
WEP
The configuration of the security profile:
Syntax Description
secpol wep Set the security policy as wep
authpol {opensystem | sharekey} Set the authentication policy as
opensystem or sharekey
ciphpol {wep40 | wep104} key-slot
1-4
key
{ascii | hex}
string
Set the encryption policy as wep40 or
wep104
WPA1-PSK
The configuration of the security profile:
Syntax Description
secpol wpa1 Set the security policy as wpa1
authpol psk {ascii | hex}
string
Set the authentication policy as PSK and
set the key value
ciphpol {tkip | aes} Set the encryption policy as TKIP or AES
WPA1-EAP
The configuration of the security profile:
Syntax Description
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 34 of 37
secpol wpa1 Set the security policy as wpa1
authpol 802.1x
name
Set the authentication policy as 802.1x
and set the authentication server list
name
ciphpol {tkip | aes} Set the encryption policy as TKIP or AES
WPA2-PSK
The configuration of the security profile:
Syntax Description
secpol wpa2 Set the security policy as wpa2
authpol psk {ascii | hex}
string
Set the authentication policy as PSK and
set the key value
ciphpol {tkip | aes} Set the encryption policy as TKIP or AES
WPA2-EAP
The configuration of the security profile:
Syntax Description
secpol wpa2 Set the security policy as wpa2
authpol 802.1x
name
Set the authentication policy as 802.1x
and set the authentication server list
name
ciphpol {tkip | aes} Set the encryption policy as TKIP or AES
Monitoring and Debugging
Monitoring Command
Command Description
show ssid-security-profile
name
Display the contents of the security
profile
Monitoring Command Instance
router# show ssid-security-profile wpa2
Displayed result:
ssid-security-profile wpa2
secpol wpa2
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 35 of 37
authpol psk ascii abcdefgh
ciphpol aes
Description and analysis:
The displayed result includes the security policy, authentication policy and
encryption of the security profile.
WLAN Typical Configuration
Command Description
router#configure terminal Enter global configuration
mode
router(config)#ssid-security-profile wpa2 Create the security profile
wpa2 and enter the security
profile configuration mode
router(config-ssid-secprofile-wpa2)#secpol wpa2 Set the security policy as
wpa2
router(config-ssid-secprofile-wpa2)#authpol psk ascii
12345678 Set the authentication policy
as psk and configure the key
value
router(config-ssid-secprofile-wpa2)#ciphpol aes Set the encryption policy as
aes
router(config-ssid-secprofile-wpa2)#exit Return to the global
configuration mode
router(config)#int dot11radio 0 Enter the wireless interface
configuration mode
router(config-if-dot11radio0)#ssid test Create one virtual AP, whose
SSID is test, and enter the
SSID configuration mode
router(config-dot11radio0-ssid-test)#security wpa2 Bind the security profile
wpa2 to the virtual AP
router(config-dot11radio0-ssid-test)#vlan 1 Set the VLAN ID of the
virtual AP as 1,
corresponding to the later
wireless sub interface
router(config-dot11radio0-ssid-test)#exit Return to the wireless
interface configuration mode
router(config-if-dot11radio0)#int dot11radio 0.1 Create the wireless sub
interface dot11radio0.1 and
enter the wireless sub
interface configuration mode
router(config-if-dot11radio0.1)#encapsulation dot1q 1 Configure the VLAN ID of
the wireless sub interface as
1, corresponding to the
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 36 of 37
VLAN ID of the previous
virtual AP
router(config-if-dot11radio0.1)#ip address 192.168.1.1
255.255.255.0 Configure the IP address of
the wireless sub interface
router(config-if-dot11radio0.1)#exit Return to the global
configuration mode; up to
now, the WLAN
configuration is complete,
but WLAN should cooperate
with DHCP to complete the
access function, so the
following describe the DHCP
configuration.
router(config)#ip dhcp pool wlan Create the DHCP pool
named wlan
router(dhcp-config)#range 192.168.1.100 192.168.1.200
255.255.255.0 Configure the distributable
IP address pool of DHCP
router(dhcp-config)#default-router 192.168.1.1 Configure the default
gateway distributed by
DHCP
router(dhcp-config)#dns-server 61.139.2.69 Configure the DNS server
distributed by DHCP
MP1800 series Multi-Operation Access Router Datasheet
Maipu Confidential & Proprietary Information Page 37 of 37
Software & Hardware Version
Hardware version: MP1800 SERIES H020
Software version: rp8-i-6.1.XX(RL09-70).bin