Symbol Technologies AP5181D Symbol Access Point User Manual ES3000UserGuide

Symbol Technologies Inc Symbol Access Point ES3000UserGuide

UserManual.wiki >

Symbol Technologies >

AP5181D User Manual >

Manual Part 3 4

Command Line Interface Reference 8-5

AP51xx>admin>passwd

Description:

Changes the password for the admin login.

Syntax:

Example:

admin>passwd

Old Admin Password:******

New Admin Password:******

Verify Admin Password:******

Password successfully updated

For information on configuring passwords using the applet (GUI), see Setting Passwords on page 6-3.

passwd Changes the admin password for access point access. This requires typing the old admin password and entering a

new password and confirming it. Passwords can be up to 11 characters. The access point CLI treats the following as

invalid characters:

| " & , \ ' < >

In order to avoid problems when using the access point CLI, these characters should be avoided.

AP-51xx Access Point Product Reference Guide8-6

AP51xx>admin>summary

Description:

Displays the access point’s system summary.

Syntax:

Example:

admin>summary

AP-51xx firmware version 1.1.0.0-xxx

country code us

serial number 00A0F8716A74

WLAN 1:

WLAN Name WLAN1

ESS ID 101

Radio 11a, 11b/g

VLAN VLAN1

Security Ploicy Default

QoS Ploicy Default

LAN1 Name: LAN1

LAN1 Mode: enable

LAN1 IP: 0.0.0.0

LAN1 Mask: 0.0.0.0

LAN1 Mask: client

LAN2 Name: LAN2

LAN2 Mode: enable

LAN2 IP: 192.235.1.1

LAN2 Mask: 255.255.255.0

LAN2 Mask: client

-----------------------------------------------------------------------------

WAN Interface IP Address Network Mask Default Gateway DHCP Client

-----------------------------------------------------------------------------

enable 172.20.23.10 255.255.255.192 172.20.23.20 enable

For information on displaying a system summary using the applet (GUI), see Basic Device Configuration on page 3-3.

summary Displays a summary of high-level characteristics and settings for the WAN, LAN and WLAN.

Command Line Interface Reference 8-7

AP51xx>admin>..

Description:

Displays the parent menu of the current menu.

This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the

directory structure.

Example:

admin(network.lan)>..

admin(network)>

AP-51xx Access Point Product Reference Guide8-8

AP51xx>admin> /

Description:

Displays the root menu, that is, the top-level CLI menu.

This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the

directory structure.

Example:

admin(network.lan)>/

admin>

Command Line Interface Reference 8-9

AP51xx>admin>save

Description:

Saves the configuration to system flash.

The save command appears in all of the submenus under admin. In each case, it has the same function, to save the current

configuration.

Syntax:

Example:

admin>save

admin>

save Saves configuration settings. The save command works at all levels of the CLI. The save command must be issued before

leaving the CLI for updated settings to be retained.

AP-51xx Access Point Product Reference Guide8-10

AP51xx>admin>quit

Description:

Exits the command line interface session and terminates the session.

The quit command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI. Once

the quit command is executed, the login prompt displays again.

Example:

admin>quit

Command Line Interface Reference 8-11

8.3 Network Commands

AP51xx>admin(network)>

Description:

Displays the network submenu. The items available under this command are shown below.

lan Goes to the LAN submenu.

wan Goes to the WAN submenu.

wireless Goes to the Wireless Configuration submenu.

firewall Goes to the firewall submenu.

router Goes to the router submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the current configuration to the system flash.

quit Quits the CLI and exits the current session.

AP-51xx Access Point Product Reference Guide8-12

8.3.1 Network LAN Commands

AP51xx>admin(network.lan)>

Description:

Displays the LAN submenu. The items available under this command are shown below.

For an overview of the LAN configuration options using the applet (GUI), see Configuring the LAN Interface on page 5-1.

show Shows current access point LAN parameters.

set Sets LAN parameters.

bridge Goes to the mesh configuration submenu.

wlan-mapping Goes to the WLAN/Lan/Vlan Mapping submenu.

dhcp Goes to the LAN DHCP submenu.

type-filter Goes to the Ethernet Type Filter submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-13

AP51xx>admin(network.lan)> show

Description:

Displays the access point LAN settings.

Syntax:

Example:

admin(network.lan)>show

LAN On Ethernet Port : LAN1

LAN Ethernet Timeout : disable

802.1x Port Authentication:

Username : admin

Password : ********

** LAN1 Information **

LAN Name : LAN1

LAN Interface : enable

802.11q Trunking : disable

LAN IP mode : DHCP client

IP Address : 192.168.0.1

Network Mask : 255.255.255.255

Default Gateway : 192.168.0.1

Domain Name :

Primary DNS Server : 192.168.0.1

Secondary DNS Server : 192.168.0.2

WINS Server : 192.168.0.254

** LAN2 Information **

LAN Name : LAN2

LAN Interface : disable

802.11q Trunking : disable

LAN IP mode : DHCP server

IP Address : 192.168.1.1

Network Mask : 255.255.255.255

Default Gateway : 192.168.1.1

Domain Name :

show Shows the settings for the access point LAN1 and LAN2 interfaces.

AP-51xx Access Point Product Reference Guide8-14

Primary DNS Server : 192.168.0.2

Secondary DNS Server : 192.168.0.3

WINS Server : 192.168.0.255

admin(network.lan)>

For information on displaying LAN information using the applet (GUI), see Configuring the LAN Interface on page 5-1.

Command Line Interface Reference 8-15

AP51xx>admin(network.lan)> set

Description:

Sets the LAN parameters for the LAN port.

Syntax:

Example:

admin(network.lan)>

admin(network.lan)>set lan 1 enable

admin(network.lan)>set name 1 engineering

admin(network.lan)>set ethernet-port-lan 1

admin(network.lan)>set timeout 45

admin(network.lan)>set trunking 1 disable

admin(network.lan)>set dns 1 192.168.0.1

admin(network.lan)>set dns 2 192.168.0.2

admin(network.lan)>set wins 1 192.168.0.254

admin(network.lan)>set trunking disable

admin(network.lan)>set username phil

admin(network.lan)>set passwd ea0258c1

Related Commands:

For information on configuring the LAN using the applet (GUI), see Configuring the LAN Interface on page 5-1.

set lan <mode> Enables or disables the access point LAN interface.

name <idx-name > Defines the LAN name by index.

ethernet-port-lan <idx> Defines which LAN (LAN 1 or LAN 2) is active on the Ethernet port.

timeout <seconds> Sets the interval (in seconds) the access point uses to terminate its LAN

interface if no activity is detected for the specified interval.

trunking <mode> Enables or disables 802.11q Trunking over the access point LAN port.

username <name> Specifies the user name for 802.1x port authentication over the LAN

interface.

passwd <password> The 0-32 character password for the username for the 802.1x port.

ip-mode <ip> Defines the access point LAN port IP mode.

ipadr <ip> Sets the IP address used by the LAN port.

mask <ip> Defines the IP address used for access point LAN port network mask.

dgw <ip> Sets the Gateway IP address used by the LAN port.

domain <name> Specifies the domain name used by the access point LAN port.

dns <ip> Defines the IP address of the primary and secondary DNS servers used by the

LAN port.

wins <ip> Defines the IP address of the WINS server used by the LAN port.

show Shows the current settings for the access point LAN port.

AP-51xx Access Point Product Reference Guide8-16

8.3.1.1 Network LAN, Bridge Commands

AP51xx>admin(network.lan.bridge)>

Description:

Displays the access point Bridge submenu.

For an overview of the access point’s mesh networking options using the applet (GUI), see Configuring Mesh Networking on page 9-1.

show Displays the mesh configuration parameters for the access point’s LANs.

set Sets the mesh configuration parameters for the access point’s LANs..

.. Moves to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI and exits the session.

Command Line Interface Reference 8-17

AP51xx>admin(network.lan.bridge)> show

Description:

Displays the mesh bridge configuration parameters for the access point’s LANs.

Syntax:

Example:

admin(network.lan.bridge)>show

** LAN1 Bridge Configuration **

Bridge Priority :32768

Hello Time (seconds) :2

Message Age Time (seconds) :20

Forward Delay Time (seconds) :15

Entry Ageout Time (seconds) :300

** LAN2 Bridge Configuration **

Bridge Priority :32768

Hello Time (seconds) :2

Message Age Time (seconds) :20

Forward Delay Time (seconds) :15

Entry Ageout Time (seconds) :300

For an overview of the access point’s mesh networking options using the applet (GUI), see Configuring Mesh Networking on page 9-1.

show Displays the mesh bridge

configuration parameters for the access point’s LANs.

AP-51xx Access Point Product Reference Guide8-18

AP51xx>admin(network.lan.bridge)> set

Description:

Sets the mesh configuration parameters for the access point’s LANs.

Syntax:

Example:

admin(network.lan.bridge)>set priority 2 32768

admin(network.lan.bridge)>set hello 2 2

admin(network.lan.bridge)>set msgage 2 20

admin(network.lan.bridge)>set fwddelay 2 15

admin(network.lan.bridge)>set ageout 2 300

admin(network.lan.bridge)>show

** LAN1 Mesh Configuration **

Bridge Priority :32768

Hello Time (seconds) :2

Message Age Time (seconds) :20

Forward Delay Time (seconds) :15

Entry Ageout Time (seconds) :300

** LAN2 Mesh Configuration **

Bridge Priority :32768

Hello Time (seconds) :2

Message Age Time (seconds) :20

Forward Delay Time (seconds) :15

Entry Ageout Time (seconds) :300

For an overview of the access point’s mesh networking options using the applet (GUI), see Configuring Mesh Networking on page 9-1.

set priority <LAN-idx> <seconds> Sets bridge priority time in seconds (0-65535) for specified LAN.

hello <LAN-idx> <seconds> Sets bridge hello time in seconds (0-10) for specified LAN.

msgage <LAN-idx> <seconds> Sets bridge message age time in seconds (6-40) for specified LAN.

fwddelay <LAN-idx> <seconds> Sets bridge forward delay time in seconds (4-30) for specified LAN.

ageout <LAN-idx> <seconds> Sets bridge forward table entry time in seconds (4-3600) for specified LAN.

Command Line Interface Reference 8-19

8.3.1.2 Network LAN, WLAN-Mapping Commands

AP51xx>admin(network.lan.wlan-mapping)>

Description:

Displays the WLAN/Lan/Vlan Mapping submenu.

For an overview of the access point’s VLAN configuration options using the applet (GUI), see Configuring VLAN Support on page 5-4.

show Displays the VLAN list currently defined for the access point.

set Sets the access point VLAN configuration.

create Creates a new access point VLAN.

edit Edits the properties of an existing access point VLAN.

delete Deletes a VLAN.

lan-map Maps access point existing WLANs to an enabled LAN.

vlan-map Maps access point existing WLANs to VLANs.

.. Moves to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI and exits the session.

AP-51xx Access Point Product Reference Guide8-20

AP51xx>admin(network.lan.wlan-mapping)> show

Description:

Displays the VLAN list currently defined for the access point.. These parameters are defined with the set command.

Syntax:

Example:

admin(network.lan.wlan-mapping)>show name

-----------------------------------------------------------------------------

Index VLAN ID VLAN Name

-----------------------------------------------------------------------------

1 1 VLAN_1

2 2 VLAN_2

3 3 VLAN_3

4 4 VLAN_4

admin(network.lan.wlan-mapping)>show vlan-cfg

Management VLAN Tag :1

Native VLAN Tag :2

WLAN :WLAN1

mapped to VLAN :VLAN 2

VLAN Mode :static

admin(network.lan.wlan-mapping)>show lan-wlan

WLANs on LAN1:

:WLAN1

:WLAN2

:WLAN3

WLANs on LAN2:

show name Displays the existing list of VLAN names.

vlan-cfg Shows WLAN-VLAN mapping and VLAN configuration.

lan-wlan Displays a WLAN-LAN mapping summary.

wlan Displays the WLAN summary list.

Command Line Interface Reference 8-21

admin(network.lan.wlan-mapping)>show wlan

WLAN1:

WLAN Name :WLAN1

ESSID :101

Radio :

VLAN :

Security Policy :Default

QoS Policy :Default

For information on displaying the VLAN screens using the applet (GUI), see Configuring VLAN Support on page 5-4.

AP-51xx Access Point Product Reference Guide8-22

AP51xx>admin(network.lan.wlan-mapping)> set

Description:

Sets VLAN parameters for the access point.

Syntax:

Example:

admin(network.lan.wlan-mapping)>set mgmt-tag 1

admin(network.lan.wlan-mapping)>set native-tag 2

admin(network.lan.wlan-mapping)>set mode 1 static

admin(network.lan.wlan-mapping)>show vlan-cfg

Management VLAN Tag :1

Native VLAN Tag :2

WLAN :WLAN1

mapped to VLAN :VLAN 2

VLAN Mode :static

For information on configuring VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4.

set mgmt- tag <id> Defines the Management VLAN tag (1-4095).

native-tag <id> Sets the Native VLAN tag (1-4095).

mode <wlan-idx> Sets WLAN VLAN mode (WLAN 1-16) to either dynamic or static.

Command Line Interface Reference 8-23

AP51xx>admin(network.lan.wlan-mapping)> create

Description:

Creates a VLAN for the access point.

Syntax:

Example:

admin(network.lan.wlan-mapping)>

admin(network.lan.wlan-mapping)>create 5 vlan-5

For information on creating VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4.

create vlan-id <id> Defines the VLAN ID (1-4095).

vlan-name <name> Specifies the name of the VLAN (1-31 characters in length).

AP-51xx Access Point Product Reference Guide8-24

AP51xx>admin(network.lan.wlan-mapping)> edit

Description:

Modifies a VLAN’s name and ID.

Syntax:

For information on editing VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4.

edit name <name> Modifies an exisiting VLAN name (1-31 characters in length)

id <id> Modifies an existing VLAN ID (1-4095) characters in length).

Command Line Interface Reference 8-25

AP51xx>admin(network.lan.wlan-mapping)> delete

Description:

Deletes a specific VLAN or all VLANs.

Syntax:

For information on deleting VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4.

delete < VLAN id> Deletes a specific VLAN ID (1-16).

all Deletes all defined VLANs.

AP-51xx Access Point Product Reference Guide8-26

AP51xx>admin(network.lan.wlan-mapping)> lan-map

Description:

Maps an access point VLAN to a WLAN.

Syntax: ..

admin(network.lan.wlan-mapping)>lan-map wlan1 lan1

For information on mapping VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4.

lan-map <wlan name> <lan name> Maps an existing WLAN to an enabled LAN. All names and IDs are case-sensitive.

Command Line Interface Reference 8-27

AP51xx>admin(network.lan.wlan-mapping)> vlan-map

Description:

Maps an access point VLAN to a WLAN.

Syntax:

admin(network.lan.wlan-mapping)>vlan-map wlan1 vlan1

For information on mapping VLANs using the applet (GUI), see Configuring VLAN Support on page 5-4.

vlan-map <wlan name> <vlan name> Maps an existing WLAN to an enabled LAN. All names and IDs are case-sensitive.

AP-51xx Access Point Product Reference Guide8-28

8.3.1.3 Network LAN, DHCP Commands

AP51xx>admin(network.lan.dhcp)>

Description:

Displays the access point DHCP submenu. The items available are displayed below.

show Displays DHCP parameters.

set Sets DHCP parameters.

add Adds static DHCP address assignments.

delete Deletes static DHCP address assignments.

list Lists static DHCP address assignments.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI and exits the session.

Command Line Interface Reference 8-29

AP51xx>admin(network.lan.dhcp)> show

Description:

Shows DHCP parameter settings.

Syntax:

Example:

admin(network.lan.dhcp)>show

**LAN1 DHCP Information**

DHCP Address Assignment Range:

Starting IP Address : 192.168.0.100

Ending IP Address : 192.168.0.254

Lease Time : 86400

**LAN2 DHCP Information**

DHCP Address Assignment Range:

Starting IP Address : 192.168.0.100

Ending IP Address : 192.168.0.254

Lease Time : 86400

For information on configuring DHCP using the applet (GUI), see Configuring the LAN Interface on page 5-1.

show Displays DHCP parameter settings for the access point. These parameters are defined with the set

command.

AP-51xx Access Point Product Reference Guide8-30

AP51xx>admin(network.lan.dhcp)> set

Description:

Sets DHCP parameters for the LAN port.

Syntax:

Example:

admin(network.lan.dhcp)>set range 1 192.168.0.100 192.168.0.254

admin(network.lan.dhcp)>set lease 1 86400

admin(network.lan.dhcp)>show

**LAN1 DHCP Information**

DHCP Address Assignment Range:

Starting IP Address : 192.168.0.100

Ending IP Address : 192.168.0.254

Lease Time : 86400

For information on configuring DHCP using the applet (GUI), see Configuring the LAN Interface on page 5-1.

set range <LAN-idx> <ip1> <ip2> Sets the DHCP assignment range from IP address <ip1> to IP address <ip2> for the

specified LAN.

lease <LAN-idx> <lease> Sets the DHCP lease time <lease> in seconds (1-999999) for the specified LAN.

Command Line Interface Reference 8-31

AP51xx>admin(network.lan.dhcp)> add

Description:

Adds static DHCP address assignments.

Syntax:

Example:

admin(network.lan.dhcp)>add 1 00A0F8112233 192.160.24.6

admin(network.lan.dhcp)>add 1 00A0F1112234 192.169.24.7

admin(network.lan.dhcp)>list 1

-----------------------------------------------------------------------------

Index MAC Address IP Address

-----------------------------------------------------------------------------

1 00A0F8112233 192.160.24.6

2 00A0F8112234 192.169.24.7

For information on adding client MAC and IP address information using the applet (GUI), see Configuring Advanced DHCP Server

Settings on page 5-11.

add <LAN-idx> <mac> <ip> Adds a reserved static IP address to a MAC address for the specified LAN.

AP-51xx Access Point Product Reference Guide8-32

AP51xx>admin(network.lan.dhcp)> delete

Description:

Deletes static DHCP address assignments.

Syntax:

Example:

admin(network.lan.dhcp)>list 1

-----------------------------------------------------------------------------

Index MAC Address IP Address

-----------------------------------------------------------------------------

1 00A0F8112233 10.1.2.4

2 00A0F8102030 10.10.1.2

3 00A0F8112234 10.1.2.3

4 00A0F8112235 192.160.24.6

5 00A0F8112236 192.169.24.7

admin(network.lan.dhcp)>delete 1

-----------------------------------------------------------------------------

index mac address ip address

-----------------------------------------------------------------------------

1 00A0F8102030 10.10.1.2

2 00A0F8112234 10.1.2.3

3 00A0F8112235 192.160.24.6

4 00A0F8112236 192.169.24.7

admin(network.lan.dhcp)>delete 1 all

-----------------------------------------------------------------------------

index mac address ip address

-----------------------------------------------------------------------------

For information on deleting client MAC and IP address information using the applet (GUI), see

Configuring Advanced DHCP Server Settings on page 5-11.

delete <LAN-idx> <entry> Deletes the static DHCP address entry for the specified LAN.

<LAN-idx> all Deletes all static DHCP addresses.

Command Line Interface Reference 8-33

AP51xx>admin(network.lan.dhcp)> list

Description:

Lists static DHCP address assignments.

Syntax:

Example:

admin(network.lan.dhcp)>list 1

-----------------------------------------------------------------------------

Index MAC Address IP Address

-----------------------------------------------------------------------------

1 00A0F8112233 10.1.2.4

2 00A0F8102030 10.10.1.2

3 00A0F8112234 10.1.2.3

4 00A0F8112235 192.160.24.6

5 00A0F8112236 192.169.24.7

admin(network.lan.dhcp)>

For information on listing client MAC and IP address information using the applet (GUI), see Configuring Advanced DHCP Server

Settings on page 5-11.

list <LAN-idx> Lists the static DHCP address assignments for the specified LAN.

AP-51xx Access Point Product Reference Guide8-34

8.3.1.4 Network Type Filter Commands

AP51xx>admin(network.lan.type-filter)>

Description:

Displays the access point Type Filter submenu. The items available under this command include:

show Displays the current Ethernet Type exception list.

set Defines Ethernet Type Filter parameters.

add Adds an Ethernet Type Filter entry.

delete Removes an Ethernet Type Filter entry.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-35

AP51xx>admin(network.lan.type-filter)> show

Description:

Displays the access point’s current Ethernet Type Filter configuration.

Syntax:

Example:

admin(network.lan.type-filter)>show 1

Ethernet Type Filter mode : allow

-----------------------------------------------------------------------------

index ethernet type

-----------------------------------------------------------------------------

1 8137

For information on displaying the type filter configuration using the applet (GUI), see Setting the Type Filter Configuration on page 5-

13.

show <LAN-idx> Displays the existing Type-Filter configuration for the specified LAN.

AP-51xx Access Point Product Reference Guide8-36

AP51xx>admin(network.lan.type-filter)> set

Description:

Defines the access point Ethernet Type Filter configuration.

Syntax:

Example:

admin(network.lan.type-filter)>set mode 1 allow

For information on configuring the type filter settings using the applet (GUI), see Setting the Type Filter Configuration on page 5-13.

set mode <LAN-idx> allow or deny Allows or denies the access point from processing a specified Ethernet

data type for the specified LAN.

Command Line Interface Reference 8-37

AP51xx>admin(network.lan.type-filter)> add

Description:

Adds an Ethernet Type Filter entry.

Syntax:

Example:

admin(network.lan.type-filter)>

admin(network.wireless.type-filter)>add 1 8137

admin(network.wireless.type-filter)>add 2 0806

admin(network.wireless.type-filter)>show 1

Ethernet Type Filter mode : allow

-----------------------------------------------------------------------------

index ethernet type

-----------------------------------------------------------------------------

1 8137

2 0806

3 0800

4 8782

For information on configuring the type filter settings using the applet (GUI), see Setting the Type Filter Configuration on page 5-13.

add <LAN-idx> <type> Adds entered Ethernet Type to list of data types either allowed or denied access point

processing permissions for the specified LAN.

AP-51xx Access Point Product Reference Guide8-38

AP51xx>admin(network.lan.type-filter)> delete

Description:

Removes an Ethernet Type Filter entry individually or the entire Type Filter list.

Syntax:

Example:

admin(network.lan.type-filter)>delete 1 1

admin(network.lan.type-filter)>show 1

Ethernet Type Filter mode : allow

-----------------------------------------------------------------------------

index ethernet type

-----------------------------------------------------------------------------

1 0806

2 0800

3 8782

admin(network.lan.type-filter)>delete 2 all

admin(network.lan.type-filter)>show 2

Ethernet Type Filter mode : allow

-----------------------------------------------------------------------------

index ethernet type

-----------------------------------------------------------------------------

For information on configuring the type filter settings using the applet (GUI), see Setting the Type Filter Configuration on page 5-13.

delete <LAN-idx> <index> Deletes the specified Ethernet Type index entry (1 through 16).

<LAN-idx> all Deletes all Ethernet Type entries currently in list.

Command Line Interface Reference 8-39

8.3.2 Network WAN Commands

AP51xx>admin(network.wan)>

Description:

Displays the WAN submenu. The items available under this command are shown below.

For an overview of the WAN configuration options using the applet (GUI), see Configuring WAN Settings on page 5-14.

show Displays the access point WAN configuration and the access point’s current PPPoE configuration.

set Defines the access point’s WAN and PPPoE configuration.

nat Displays the NAT submenu, wherein Network Address Translations (NAT) can be defined.

vpn Goes to the VPN submenu, where the access point VPN tunnel configuration can be set.

content Displays the Outbound Content Filtering submenu, where data types can be included/excluded from access point

throughput.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the current configuration to the access point system flash.

quit Quits the CLI and exits the current session.

AP-51xx Access Point Product Reference Guide8-40

AP51xx>admin(network.wan)> show

Description:

Displays the access point WAN port parameters.

Syntax:

Example:

admin(network.wan)>show

Status : enable

WAN DHCP Client Mode : disable

IP address : 0.0.0.0

Network Mask : 0.0.0.0

Default Gateway : 10.10.1.1

Primary DNS Server : 0.0.0.0

Secondary DNS Server : 0.0.0.0

WAN IP 2 : disable

WAN IP 3 : disable

WAN IP 4 : disable

WAN IP 5 : disable

WAN IP 6 : disable

WAN IP 7 : disable

WAN IP 8 : disable

PPPoE Mode : enable

PPPoE User Name : JohnDoe

PPPoE Password : *******

PPPoE keepalive mode : enable

PPPoE Idle Time : 600

PPPoE Authentication Type : chap

PPPoE State

admin(network.wan)>

For an overview of the WAN configuration options available using the applet (GUI), see

Configuring WAN Settings on page 5-14.

show Shows the general IP parameters for the WAN port along with settings for the WAN interface..

Command Line Interface Reference 8-41

AP51xx>admin(network.wan)> set

Description:

Defines the configuration of the access point WAN port.

Syntax:

Example:

admin(network.wan)>

admin(network.wan)>set dhcp disable

admin(network.wan)>set ipadr 157.169.22.5

admin(network.wan)>set dgw 157.169.22.1

admin(network.wan)>set dns 1 157.169.22.2

admin(network.wan)>set mask 255.255.255.000

admin(network.wan)>set pppoe mode enable

admin(network.wan)>set pppoe type chap

admin(network.wan)>set pppoe user jk

admin(network.wan)>set pppoe passwd @#$goodpassword%$#

admin(network.wan)>set pppoe ka enable

admin(network.wan)>set pppoe idle 600

For an overview of the WAN configuration options available using the applet (GUI), see Configuring WAN Settings on page 5-14.

set wan enable/disable Enables or disables the access point WAN port.

dhcp enable/disable Enables or disables WAN DHCP Client mode.

ipadr <idx> <a.b.c.d> Sets up to 8 (using <indx> from 1 to 8) IP addresses <a.b.c.d> for the

access point WAN interface.

mask <a.b.c.d> Sets the subnet mask for the access point WAN interface.

dgw <a.b.c.d> Sets the default gateway IP address to <a.b.c.d>.

dns <idx> <a.b.c.d> Sets the IP address of one or two DNS servers, where <indx> indicates

either the primary (1) or secondary (2) server, and <a.b.c.d> is the IP

address of the server.

pppoe mode enable/disable Enables or disables PPPoE.

user <name> Sets PPPoE user name.

passwd <password> Defines the PPPoE password.

ka enable/disable Enables or disables PPPoE keepalive.

idle <time> Sets PPPoE idle time.

type <auth-type> Sets PPPoE authentication type.

AP-51xx Access Point Product Reference Guide8-42

8.3.2.1 Network WAN NAT Commands

AP51xx>admin(network.wan.nat)>

Description:

Displays the NAT submenu. The items available under this command are shown below.

For an overview of the NAT configuration options available using the applet (GUI), see

Configuring Network Address Translation (NAT) Settings on page 5-19.

show Displays the access point’s current NAT parameters for the specified index.

set Defines the access point NAT settings.

add Adds NAT entries.

delete Deletes NAT entries.

list Lists NAT entries.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-43

AP51xx>admin(network.wan.nat)> show

Description:

Displays access point NAT parameters.

Syntax:

Example:

admin(network.wan.nat)>show 2

WAN IP Mode : disable

WAN IP Address : 157.235.91.2

NAT Type : 1-to-many

One to many nat mapping : LAN1 LAN2

Inbound Mappings : Port Forwarding

unspecified port forwarding mode : enable

unspecified port fwd. ip address : 111.223.222.1

admin(network.wan.nat)>

For an overview of the NAT options available using the applet (GUI), see

Configuring Network Address Translation (NAT) Settings on page 5-19.

show <idx> Displays access point NAT parameters for the specified NAT index.

AP-51xx Access Point Product Reference Guide8-44

AP51xx>admin(network.wan.nat)> set

Description:

Sets NAT inbound and outbound parameters.

Syntax:

Example:

admin(network.wan.nat)>set type 1-to-many

admin(network.wan.nat)>set ip 157.235.91.2

admin(network.wan.nat)>set mode 2 disable

admin(network.wan.nat)>set unspec-ip 2 111.223.222.1

admin(network.wan.nat)>show 2

WAN IP Mode : disable

WAN IP Address : 157.235.91.2

NAT Type : 1-to-many

One to many nat mapping : LAN1 LAN2

Inbound Mappings : Port Forwarding

unspecified port forwarding mode : enable

unspecified port fwd. ip address : 111.223.222.1

For an overview of the NAT options available using the applet (GUI), see Configuring Network Address Translation (NAT) Settings on

page 5-19.

set type <index> <type> Sets the type of NAT translation for WAN address index <idx> (1-8) to

<type> (none, 1-to-1, or 1-to-many).

ip <index> <ip> Sets NAT IP mapping associated with WAN address <idx> to the

specified IP address <ip>.

inb enable/disable <ip> Sets inbound NAT parameters.

outb <ip> <map> Sets outbound NAT parameters.

mode <index> enable/disable Enable or disable the Unspecified Port Forwarding mode for the

designated NAT index.

unspec-ip <index> <ip> Forward unspecified ports for the defined NAT index to the defined IP

address.

Command Line Interface Reference 8-45

AP51xx>admin(network.wan.nat)> add

Description:

Adds NAT entries.

Syntax:

Example:

admin(network.wan.nat)>add 1 indoors udp 20 29 10.10.2.2

admin(network.wan.nat)>list 1

-----------------------------------------------------------------------------

index name prot start port end port internal ip translation port

-----------------------------------------------------------------------------

1 indoor udp 20 29 10.10.2.2 0

Related Commands:

For an overview of the NAT options available using the applet (GUI), see

Configuring Network Address Translation (NAT) Settings on page 5-19.

add <idx> <name> <tran> <port1> <port2> <ip> <dst_port>

Sets an inbound network address translation (NAT) for WAN address <idx>, where <name> is the name of the entry

(1 to 7 characters), <tran> is the transport protocol (one of tcp, udp, icmp, ah, esp, gre, or all), <port1> is the starting

port number in a port range, <port2> is the ending port number in a port range, <ip> is the internal IP address, and

<dst_port> is the (optional) internal translation port.

delete Deletes one of the inbound NAT entries from the list.

list Displays the list of inbound NAT entries.

AP-51xx Access Point Product Reference Guide8-46

AP51xx>admin(network.wan.nat)> delete

Description:

Deletes NAT entries.

Syntax:

Example:

admin(network.wan.nat)>list 1

-----------------------------------------------------------------------------

index name prot start port end port internal ip translation port

-----------------------------------------------------------------------------

1 special tcp 20 21 192.168.42.16 21

admin(network.wan.nat)>delete 1 1

admin(network.wan.nat)>list 1

-----------------------------------------------------------------------------

index name prot start port end port internal ip translation port

-----------------------------------------------------------------------------

Related Commands:

For an overview of the NAT options available using the applet (GUI), see

Configuring Network Address Translation (NAT) Settings on page 5-19.

delete <idx> <entry> Deletes a specified NAT index entry <entry> associated with the WAN.

<idx> all Deletes all NAT entries associated with the WAN.

add Adds entries to the list of inbound NAT entries.

list Displays the list of inbound NAT entries.

Command Line Interface Reference 8-47

AP51xx>admin(network.wan.nat)> list

Description:

Lists access point NAT entries for the specified index.

Syntax:

Example:

admin(network.wan.nat)>list 1

-----------------------------------------------------------------------------

index name Transport start port end port internal ip translation

port

-----------------------------------------------------------------------------

1 special tcp 20 21 192.168.42.16 21

Related Commands:

For an overview of the NAT options available using the applet (GUI), see Configuring Network Address Translation (NAT) Settings on

page 5-19.

list <idx> Lists the inbound NAT entries associated with WAN port.

delete Deletes inbound NAT entries from the list.

add Adds entries to the list of inbound NAT entries.

AP-51xx Access Point Product Reference Guide8-48

8.3.2.2 Network WAN, VPN Commands

AP51xx>admin(network.wan.vpn)>

Description:

Displays the VPN submenu. The items available under this command include:

For an overview of the VPN options available using the applet (GUI), see Configuring VPN Tunnels on page 6-33.

add Adds VPN tunnel entries.

set Sets key exchange parameters.

delete Deletes VPN tunnel entries.

list Lists VPN tunnel entries

reset Resets all VPN tunnels.

stats Lists security association status for the VPN tunnels.

ikestate Displays an Internet Key Exchange (IKE) summary.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-49

AP51xx>admin(network.wan.vpn)> add

Description:

Adds a VPN tunnel entry.

Syntax:

Example:

admin(network.wan.vpn)>add 2 SJSharkey 209.235.44.31 206.107.22.46

255.255.255.224 206.107.22.1

If tunnel type is Manual, proper SPI values and Keys must be configured after

adding the tunnel

admin(network.wan.vpn)>

For information on configuring VPN using the applet (GUI), see Configuring VPN Tunnels on page 6-33.

add <name> <LAN idx> <LWanIP> <RSubnetIP> <RSubnetMask <RGatewayIP>

Creates a tunnel <name> (1 to 13 characters) to gain access through local WAN IP <LWanIP> from the remote subnet

with address <RSubnetIP> and subnet mask <RSubnetMask> using the remote gateway <RGatewayIP>.

AP-51xx Access Point Product Reference Guide8-50

AP51xx>admin(network.wan.vpn)> set

Description:

Sets VPN entry parameters.

Syntax:

set type <name> <tunnel type> Sets the tunnel type <name> to Auto or Manual

for the specified tunnel name.

authalgo <name> <authalgo> Sets the authentication algorithm for <name> to

(None, MD5, or SHA1).

authkey <name> <dir> <authkey> Sets the AH authentication key (if type is

Manual) for tunnel <name> with the direction set

to IN or OUT, and the manual authentication key

set to <authkey>. (The key size is 32 hex characters

for MD5, and 40 hex characters for SHA1).

esp-type <name> <esptype> Sets the Encapsulating Security Payload (ESP)

type. Options include None, ESP, or ESP-AUTH.

esp-encalgo <name> <escalgo> Sets the ESP encryption algorithm. Options include

DES, 3DES, AES128, AES192, or AES256).

esp-enckey <name> <dir> <enckey> Sets the Manual Encryption Key in ASCII for tunnel

<name> and direction IN or OUT to the key <enc-

key>. The size of the key depends on the

encryption algorithm.

- 16 hex characters for DES

- 48 hex characters for 3DES

- 32 hex characters for AES128

- 48 hex characters for AES192

- 64 hex characters for AES256

esp-authalgo <name> <authalgo> Sets the ESP authentication algorithm. Options

include MD5 or SHA1.

esp-authkey <name> <dir> <authkey> Sets ESP Authentication key <name> either for IN

or OUT direction to <auth-key>, an ASCII string of

hex characters. If authalgo is set to MD5, then

provide 32 hex characters. If authalgo is set to

SHA1, provide 40 hex characters.

spi <name> <algo> <dir> <value> Sets 6 character IN(bound) or OUT(bound) for

AUTH (Manual Authentication) or ESP for

<name> to <spi> (a hex value more than 0xFF)

<value>.

usepfs <name> <mode> Enables or disables Perfect Forward Secrecy for

<name>.

Command Line Interface Reference 8-51

For information on configuring VPN using the applet (GUI), see Configuring VPN Tunnels on page 6-33.

salife <name> <lifetime> Defines the name of the tunnnel <name> the

Security Association Life Time <300-65535>

applies to in seconds.

ike opmode <name> <opmode> Sets the Operation Mode of IKE for <name> to

Main or Aggr(essive).

myidtype <name> <idtype> Sets the Local ID type for IKE authentication for

<name> (1 to 13 characters) to <idtype> (IP, FQDN,

or UFQDN).

remidtype <name> <idtype> Sets the Remote ID type for IKE authentication for

<name> (1 to 13 characters) to <idtype> (IP, FQDN,

or UFQDN).

myiddata <name> <idtype> Sets the Local ID data for IKE authentication for

<name> to <idtype>. This value is not required

when the ID type is set to IP.

remiddata <name> <idtype> Sets the Local ID data for IKE authentication for

<name> to <idtype>. This value is not required

when the ID type is set to IP.

authtype <name> <authtype> Sets the IKE Authentication type for <name> to

<authtype> ( PSK or RSA).

authalgo <name> <authalgo> Sets the IKE Authentication Algorithm for <name>

to MD5 or SHA1.

phrase <name> <phrase> Sets the IKE Authentication passphrase for

<name> to <phrase>.

encalgo <name> <encalgo> Sets the IKE Encryption Algorithm for <name> to

<encalgo> (one of DES, 3DES, AES128, AES192,

or AES256).

lifetime <name> <lifetime> Sets the IKE Key life time in seconds for <name> to

<lifetime>.

group <name> <group> Sets the IKE Diffie-Hellman Group for <name> to

either G768 or G1024.

AP-51xx Access Point Product Reference Guide8-52

AP51xx>admin(network.wan.vpn)> delete

Description:

Deletes VPN tunnel entries.

Syntax:

Example:

admin(network.wan.vpn)>list

--------------------------------------------------------------------------

Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP

--------------------------------------------------------------------------

Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198

SJSharkey Manual 206.107.22.45/27 206.107.22.2 209.235.12.55

admin(network.wan.vpn)>delete Eng2EngAnnex

admin(network.wan.vpn)>list

--------------------------------------------------------------------------

Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP

--------------------------------------------------------------------------

SJSharkey Manual 206.107.22.45/27 206.107.22.2 209.235.12.55

admin(network.wan.vpn)>

For information on configuring VPN using the applet (GUI), see Configuring VPN Tunnels on page 6-33.

delete all Deletes all VPN entries.

<name> Deletes VPN entries <name>.

Command Line Interface Reference 8-53

AP51xx>admin(network.wan.vpn)> list

Description:

Lists VPN tunnel entries.

Syntax:

Example:

admin(network.wan.vpn)>list

--------------------------------------------------------------------------

Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP

--------------------------------------------------------------------------

Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198

SJSharkey Manual 206.107.22.45/27 206.107.22.2 209.235.12.55

admin(network.wan.vpn)>list SJSharkey

--------------------------------------------------------------------------

Detail listing of VPN entry:

--------------------------------------------------------------------------

Name : SJSharkey

Local Subnet : 1

Tunnel Type : Manual

Remote IP : 206.107.22.45

Remote IP Mask : 255.255.255.224

Remote Security Gateway : 206.107.22.2

Local Security Gateway : 209.239.160.55

AH Algorithm : None

Encryption Type : ESP

Encryption Algorithm : DES

ESP Inbound SPI : 0x00000100

ESP Outbound SPI : 0x00000100

For information on displaying VPN information using the applet (GUI), see Viewing VPN Status on page 6-47.

list <cr> Lists all tunnel entries.

<name> Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name of

the VPN tunnel entry

AP-51xx Access Point Product Reference Guide8-54

AP51xx>admin(network.wan.vpn)> reset

Description:

Resets all of the access point’s VPN tunnels.

Syntax:

Example:

admin(network.wan.vpn)>reset

VPN tunnels reset.

admin(network.wan.vpn)>

For information on configuring VPN using the applet (GUI), see Configuring VPN Tunnels on page 6-33.

reset Resets all VPN tunnels.

Command Line Interface Reference 8-55

AP51xx>admin(network.wan.vpn)> stats

Description:

Lists statistics for all active tunnels.

Syntax:

Example:

admin(network.wan.vpn)>stats

-----------------------------------------------------------------------------

Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx)

-----------------------------------------------------------------------------

Eng2EngAnnex Not Active

SJSharkey Not Active

For information on displaying VPN information using the applet (GUI), see Viewing VPN Status on page 6-47.

stats Display statistics for all VPN tunnels.

AP-51xx Access Point Product Reference Guide8-56

AP51xx>admin(network.wan.vpn)> ikestate

Description:

Displays statistics for all active tunnels using Internet Key Exchange (IKE).

Syntax:

Example:

admin(network.wan.vpn)>ikestate

----------------------------------------------------------------------

Tunnel Name IKE State Dest IP Remaining Life

----------------------------------------------------------------------

Eng2EngAnnex Not Connected ---- ---

SJSharkey Not Connected ---- ---

admin(network.wan.vpn)>

For information on configuring IKE using the applet (GUI), see Configuring IKE Key Settings on page 6-43.

ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is

connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key.

Command Line Interface Reference 8-57

8.3.3 Network Wireless Commands

AP51xx>admin(network.wireless)

Description:

Displays the access point wireless submenu. The items available under this command include:

wlan Displays the WLAN submenu used to create and configure up to 16 WLANs per access point.

security Displays the security submenu used to create encryption and authentication based security policies for use with

access point WLANs.

acl Displays to the Access Control List (ACL) submenu to restrict or allow MU access to access point WLANs.

radio Displays the radio configuration submenu used to specify how the 802.11a or 802.11b/g radio is used with

specific WLANs.

qos Displays the Quality of Service (QoS) submenu to prioritize specific kinds of data traffic within a WLAN.

bandwidth Displays the Bandwidth Management submenu used to configure the order data is processed by an access point radio.

rogue-ap Displays the Rogue-AP submenu to configure devices located by the access point as friendly or threatening for

interoperablity.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-58

8.3.3.1 Network WLAN Commands

AP51xx>admin(network.wireless.wlan)>

Description:

Displays the access point wireless LAN (WLAN) submenu. The items available under this command include:

For an overview of the Wireless configuration options available to the using the applet (GUI), see Enabling Wireless LANs (WLANs)

on page 5-22.

show Displays the access point’s current WLAN configuration.

create Defines the parameters of a new WLAN.

edit Modifies the properties of an existing WLAN.

delete Deletes an existing WLAN.

hotspot Displays the WLAN hotspot menu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-59

AP51xx>admin(network.wireless.wlan)> show

Description:

Displays the access point’s current WLAN configuration.

Syntax:

Example:

admin(network.wireless.wlan)>show summary

WLAN1

WLAN Name : Lobby

ESSID : 101

Radio : 11a, 11b/g

VLAN :

Security Policy : Default

QoS Policy : Default

admin(network.wireless.wlan)>show wlan 1

ESS Identifier : 101

WLAN Name : Lobby

802.11a Radio : available

802.11b/g Radio : not available

Client Bridge Mesh Backhaul : available

Hotspot : not available

Maximum MUs : 127

Security Policy : Default

MU Access Control : Default

Kerberos User Name : 101

Kerberos Password : ********

Disallow MU to MU Communication : disable

Use Secure Beacon : disable

Accept Broadcast ESSID : disable

QoS Policy : Default

For information on displaying WLAN infromation using the applet (GUI), see Enabling Wireless LANs (WLANs) on page 5-22.

show summary Displays the current configuration for existing WLANs.

wlan <number> Displays the configuration for the requested WLAN (WLAN 1 through 16).

AP-51xx Access Point Product Reference Guide8-60

AP51xx>admin(network.wireless.wlan)> create

Description:

Defines the parameters of a new WLAN.

Syntax:

Example:

admin(network.wireless.wlan.create)>show wlan

ESS Identifier :

WLAN Name :

802.11a Radio : available

802.11b/g Radio : not available

Client Bridge Mesh Backhaul : not available

Hotspot : not available

Maximum MUs : 127

Security Policy : Default

MU Access Control :

Kerberos User Name : Default

Kerberos Password : ********

Disallow MU to MU Communication : disable

Use Secure Beacon : disable

create

show wlan <number> Displays newly created WLAN and policy number.

set ess <essid> Defines the ESSID for a target WLAN.

wlan-name <name> Determines the name of this particlular WLAN (1-32).

11a <mode> Enables or disables access to the access point 802.11a radio.

11bg <mode> Enables or disables access to the access point 802.11b/g radio.

mesh <mode> Enables or disables the Client Bridge Mesh Backhaul option.

hotspot <mode> Enables or disables the Hotspot mode.

max-mu <number> Defines the maximum number of MU able to operate within the WLAN

(default = 127 MUs).

security <name> Sets the security policy to the WLAN (1-32).

acl <name> Sets the MU ACL policy to the WLAN (1-32).

passwd <ascii string> Defines a Kerberos password used if the WLAN’s security policy uses a

Kerberos server-based authentication scheme.

no-mu-mu <mode> Enables or disables MUs associated to the same WLAN to not

communicate with each other.

sbeacon <mode> Enables or disables the AP-51xx from transmitting the ESSID in the

beacon.

bcast <mode> Enables or disables the access point from accepting broadcast IDs from

MUs. Broadcast IDs are transmitted without security.

qos <name> Defines the index name representing the QoS policy used with this

WLAN.

add-wlan Apply the changes to the modified WLAN and exit.

.. Disregard the changes to the modified WLAN and exit.

Command Line Interface Reference 8-61

Accept Broadcast ESSID : disable

QoS Policy : Default

admin(network.wireless.wlan.create)>show security

----------------------------------------------------------------------

Secu Policy Name Authen Encryption Associated WLANs

----------------------------------------------------------------------

1 Default Manual no encrypt Front Lobby

2 WEP Demo Manual WEP 64 2nd Floor

3 Open Manual no encrypt 1st Floor

admin(network.wireless.wlan.create)>show acl

----------------------------------------------------------------------

ACL Policy Name Associated WLANs

----------------------------------------------------------------------

1 Default Front Lobby

2 Admin 3rd Floor

3 Demo Room 5th Floor

admin(network.wireless.wlan.create)>show qos

----------------------------------------------------------------------

QOS Policy Name Associated WLANs

----------------------------------------------------------------------

1 Default Front Lobby

2 Voice Audio Dept

3 Video Video Dept

For information on creating a WLAN using the applet (GUI), see Creating/Editing Individual WLANs on page 5-24.

AP-51xx Access Point Product Reference Guide8-62

AP51xx>admin(network.wireless.wlan)> edit

Description:

Edits the properties of an existing WLAN policy.

Syntax:

For information on editing a WLAN using the applet (GUI), see Creating/Editing Individual WLANs on page 5-24.

edit <index> Edits the properties of an existing WLAN policy.

show Displays the WLANs pamaters and summary.

set Edits the same WLAN parameters that can be modified using the create command.

change Completes the WLAN edits and exits the CLI session.

.. Cancel the WLAN edits and exit the CLI session.

Command Line Interface Reference 8-63

AP51xx>admin(network.wireless.wlan)> delete

Description:

Deletes an existing WLAN.

Syntax:

For information on deleting a WLAN using the applet (GUI), see Creating/Editing Individual WLANs on page 5-24.

delete <wlan-name> Deletes a target WLAN by name supplied.

all Deletes all WLANs defined.

AP-51xx Access Point Product Reference Guide8-64

AP51xx>admin(network.wireless.wlan.hotspot)>

Description:

Displays the Hotspot submenu. The items available under this command include:

For information on configuring the Hotspot options available to the using the applet (GUI), see

Configuring WLAN Hotspot Support on page 5-39.

show Show hotspot parameters.

redirection Goes to the hotspot redirection menu.

radius Goes to the hotspot Radius menu.

white-list Goes to the hotspot white-list menu.

save Saves the configuration to system flash.

quit Quits the CLI.

.. Goes to the parent menu.

/Goes to the root menu.

Command Line Interface Reference 8-65

AP51xx>admin(network.wireless.wlan.hotspot)> show

Description:

Displays the current access point Rogue AP detection configuration.

Syntax:

Example:

admin(network.wireless.wlan.hotspot)>show hotspot 1

WLAN1

Hotspot Mode : enable

Hotspot Page Location : default

External Login URL : www.sjsharkey.com

External Welcome URL :

External Fail URL :

Primary Server Ip adr :157.235.21.21

Primary Server Port :1812

Primary Server Secret :******

Secondary Server Ip adr :157.235.32.12

Secondary Server Port :1812

Secondary Server Secret :******

Accounting Mode :disable

Accounting Server Ip adr :0.0.0.0

Accounting Server Port :1813

Accounting Server Secret :********

Accoutning Timeout :10

Accoutning Retry-count :3

Whitelist Rules?

-----------------------------------------------------------------------------

Idx IP Address

-----------------------------------------------------------------------------

1 157.235.121.12

For information on configuring the Hotspot options available to the access point using the applet (GUI), see

Configuring WLAN Hotspot Support on page 5-39.

show hotspot <idx> Shows hotspot parameters per wlan index (1-16).

AP-51xx Access Point Product Reference Guide8-66

AP51xx>admin(network.wireless.wlan.hotspot)> redirection

Description:

Goes to the hotspot redirection menu.

Syntax:

Example:

admin(network.wireless.wlan.hotspot)>set page-loc 1 www.sjsharkey.com

admin(network.wireless.wlan.hotspot)>set exturl 1 fail www.sjsharkey.com

For information on configuring the Hotspot options available to the access point using the applet (GUI), see

Configuring WLAN Hotspot Support on page 5-39.

redirection set <page-loc> Sets the hotspot http-re-direction by index (1-16) for the specified URL.

<exturl> Shows hotspot http-redirection details for specifiec index (1-16) for specified

page (login, welcome, fail) and target URL..

show Shows hotspot http-redirection details.

save Saves the updated hotspot configuration to flash memory.

quit Quits the CLI session.

.. Goes to the parent menu.

/Goes to the root menu.

Command Line Interface Reference 8-67

AP51xx>admin(network.wireless.wlan.hotspot)> radius

Description:

Goes to the hotspot Radius menu.

Syntax:

For information on configuring the Hotspot options available to the access point using the applet (GUI), see

Configuring WLAN Hotspot Support on page 5-39.

set Sets the Radius hotspot configuration.

show Shows Radius hotspot server details.

save Saves the configuration to system flash.

quit Quits the CLI.

.. Goes to the parent menu.

/Goes to the root menu.

AP-51xx Access Point Product Reference Guide8-68

AP51xx>admin(network.wireless.wlan.hotspot.radius)> set

Description:

Sets the Radius hotspot configuration.

Syntax:

Example:

admin(network.wireless.wlan.hotspot.radius)>set server 1 primary 157.235.121.1

admin(network.wireless.wlan.hotspot.radius)>set port 1 primary 1812

admin(network.wireless.wlan.hotspot.radius)>set secret 1 primary sjsharkey

admin(network.wireless.wlan.hotspot.radius)>set acct-mode 1 enable

admin(network.wireless.wlan.hotspot.radius)>set acct-server 1 157.235.14.14

admin(network.wireless.wlan.hotspot.radius)>set acct-port 1 1812

admin(network.wireless.wlan.hotspot.radius)>set acct-secret londonfog

admin(network.wireless.wlan.hotspot.radius)>set acct-timeout 1 25

admin(network.wireless.wlan.hotspot.radius)>set acct-retry 1 10

For information on configuring the Hotspot options available to the access ointusing the applet (GUI), see

Configuring WLAN Hotspot Support on page 5-39.

set server <idx> <srvr_type> <ipadr> Sets the Radius hotpost server IP address per wlan index (1-16)

port <idx> <srvr_type> <port> Sets the Radius hotpost server port per wlan index (1-16)

secret <idx> <srvr_type> <secret> Sets the Radius hotspot server shared secret password.

acct-mode <idx> <mode> Sets the Radius hotspot server accounting mode

(enable/disable)

acct-server <idx> <ipadr> Sets the Radius hotspot accounting server IP address per wlan

index (1-16).

acct-port <idx> <port> Sets the Radius hotspot accounting server port per wlan index

(1-16).

acct-secret <idx> <secret> Sets the Radius hotspot server shared secret password per wlan

index (1-16).

acct-timeout <idx> <timeout> Sets the Radius hotspot server accounting timeout period in

seconds (1-25).

acct-retry <idx> <retry_count> Sets the Radius hotspot server accounting accounting retry

interval (1-10).

Command Line Interface Reference 8-69

AP51xx>admin(network.wireless.wlan.hotspot.radius)> show

Description:

Shows Radius hotspot server details.

Syntax:

Example:

admin(network.wireless.wlan.hotspot.radius)>show radius 1

Primary Server Ip adr : 157.235.12.12

Primary Server Port : 1812

Primary Server Secret : ******

Secondary Server Ip adr : 0.0.0.0

Secondary Server Port : 1812

Primary Server Secret : ******

Accounting Mode : enable

Accounting Server Ip adr : 157.235.15.16

Accounting Server Port : 1812

Accounting Server Secret : ******

Accounting Timeout : 10

Accounting Retry-count : 3

For information on configuring the Hotspot options available to the access point using the applet (GUI), see

Configuring WLAN Hotspot Support on page 5-39.

show radius <idx> Displays Radius hotspot server details per index (1-16)

AP-51xx Access Point Product Reference Guide8-70

AP51xx>admin(network.wireless.wlan.hotspot)> white-list

Description:

Goes to the hotspot white-list menu.

Syntax:

Example:

admin(network.wireless.wlan.hotspot.whitelist)>add rule 1 157.235.21.21

admin(network.wireless.wlan.hotspot.whitelist)>show white-rule 1

--------------------------------------------------------------------------------

Idx IP Address

--------------------------------------------------------------------------------

1 157.235.21.21

For information on configuring the Hotspot options available to the access point using the applet (GUI), see

Configuring WLAN Hotspot Support on page 5-39.

white-list add <rule> Adds hotspot whitelist rules by index (1-16) for specified IP address.

clear Clears hotspot whitelist rules for specified index (1-16).

show Shows hotspot whitelist rules for specified index (1-16).

save Saves the updated hotspot configuration to flash memory.

quit Quits the CLI session.

.. Goes to the parent menu.

/Goes to the root menu.

Command Line Interface Reference 8-71

8.3.3.2 Network Security Commands

AP51xx>admin(network.wireless.security)>

Description:

Displays the access point wireless security submenu. The items available under this command include:

For information the security configuration options available to the access point using the applet (GUI), see Configuring Security

Options on page 6-2.

show Displays the access point’s current security configuration.

create Defines the parameters of a security policy.

edit Edits the properties of an existing security policy.

delete Removes a specific security policy.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-72

AP51xx>admin(network.wireless.security)> show

Description:

Displays the access point’s current security configuration.

Syntax:

Example:

admin(network.wireless.security)>show summary

----------------------------------------------------------------------

Secu Policy Name Authen Encryption Associated WLANs

----------------------------------------------------------------------

1 Default Manual no encrypt Lobby

2 WEP Demo Manual WEP 64 2nd Floor

3 Open Manual no encrypt 1st Floor

admin(network.wireless.security)>show policy 1

Policy Name : Default

Authentication : Manual Pre-shared key/No Authentication

Encryption type : no encryption

Related Commands:

For information displaying existing WLAN security settings using the applet (GUI), see

Enabling Authentication and Encryption Schemes on page 6-5.

show summary Displays list of existing security policies (1-16).

policy <id> Displays the specified security policy <id>.

create Defines security parameters for the specified WLAN.

Command Line Interface Reference 8-73

AP51xx>admin(network.wireless.security)> create

Description:

Defines the parameter of access point security policies.

AP-51xx Access Point Product Reference Guide8-74

Syntax:

create Defines the parameters of a security policy.

show Displays new or existing security policy

parameters.

set sec-name <name> Sets the name of the security policy.

auth <authtype> Sets the authentication type for WLAN <idx> to

<type> (none, eap, or kerberos).

Note: Kerberos parameters are only in affect if

"kerberos" is specified for the authentication

method (set auth <type>).

kerb realm <name> Sets the Kerberos realm.

server <sidx> <ip> Sets the Kerberos server <sidx> (1-primary, 2-

backup, or 3-remote) to KDC IP address.

port <sidx> <port> Sets the Kerberos port to <port> (KDC port) for

server <ksidx> (1-primary, 2-backup, or 3-remote).

Note: EAP parameters are only in affect if "eap"

is specified for the authentication method (set

auth <type>).

eap server <sidx> <ip> Sets the radius server (1-primary or as 2-

secondary) IP address <ip>.

port <sidx> <port> Sets the radius server <sidx> (1-primary or 2-

secondary) <port> (1-65535).

secret <sidx> <secret> Sets the EAP shared secret <secret> (1-63

characters) for server <sidx> (1-primary or 2-

secondary).

reauth mode <mode> Enables or disables EAP reauthentication.

period <time> Sets the reauthentication period <period> in

seconds (30-9999).

Command Line Interface Reference 8-75

retry <number> Sets the maximum number of reauthentication

retries <retry> (1-99).

accounting mode <mode> Enable or disable Radius accounting.

server <ip> Set external Radius server IP address.

port <port> Set external Radius server port number.

secret <secret> Set external Radius server shared secret

password.

timeout <period> Defines MU timout period in seconds (1-255).

retry <number> Sets the maximum number of MU retries to

<retry> (1-10).

syslog <mode> Enable or disable syslog messages.

ip <ip> Defines syslog server IP address.

adv mu-quiet <time> Set the EAP MU/supplicant quiet period to

<time> seconds (1-65535).

mu-timeout <timeout> Sets the EAP MU/supplicant timeout in seconds

(1-255).

mu-tx <time> Sets the EAP MU/supplicant TX period <time> in

seconds (1-65535).

mu-retry <count> Sets the EAP maximum number of MU retries to

<count> (1-10).

svr-timeout <time> Sets the server timeout <time> in seconds (1-

255).

svr-retry <count> Sets the maximum number of server retries to

<count> (1-255).

Note: The WEP authentication mechanism saves

up to four different keys (one for each WLAN). It

is not requirement to set all keys, but you must

associate a WLAN with the same keys.

enc <idx> <type> Sets the encryption type to <type> (one of none,

wep40, wep104, keyguard, tkip, or ccmp) for

WLAN <idx>.

AP-51xx Access Point Product Reference Guide8-76

wep-

keyguard

passkey <passkey> The passkey used as a text abbreviation for the

entire key length (4-32).

index <key index> Selects the WEP/KeyGuard key (from one of the

four potential values of <key index> (1-4).

hex-key <kidx> <key string> Sets the WEP/KeyGuard key for key index <kidx>

(1-4) for WLAN <kidx> to <key string>.

ascii-key <kidx> <key string> Sets the WEP/KeyGuard key for key index <kidx>

(1-4) for WLAN <kidx> to <key string>.

Note: TKIP parameters are only affected if "tkip"

is selected as the encryption type.

tkip rotate-mode <mode> Enables or disabled the broadcast key.

interval <time> Sets the broadcast key rotation interval to <time>

in seconds (300-604800).

type <key type> Sets the TKIP key type.

key <256 bit key> Sets the TKIP key to <256 bit key>.

phrase <ascii phrase> Sets the TKIP ASCII pass phrase to <ascii phrase>

(8-63 characters).

ccmp rotate-mode <mode> Enables or disabled the broadcast key.

interval <time> Sets the broadcast key rotation interval to <time>

in seconds (300-604800).

type <key type> Sets the CCMP key type.

phrase <ascii phrase> Sets the CCMP ASCII pass phrase to <ascii

phrase> (8-63 characters).

key <256 bit key> Sets the CCMP key to <256 bit key>.

mixed-mode <mode> Enables or disables mixed mode (allowing WPA-

TKIP clients).

Command Line Interface Reference 8-77

For information on configuring the encryption and authentication options available to the access point using the applet (GUI), see

Configuring Security Options on page 6-2.

preauth <mode> Enables or disables preauthentication (fast

roaming).

add-policy Adds the policy and exits.

.. Disregards the policy creation and exits the CLI

session.

AP-51xx Access Point Product Reference Guide8-78

AP51xx>admin(network.wireless.security.edit)>

Description:

Edits the properties of a specific security policy.

Syntax:

Example:

admin(network.wireless.security)>edit 1

admin(network.wireless.security.edit)>show

Policy Name : Default

Authentication : Manual Pre-shared key/No Authentication

Encryption type : no encryption

For information on configuring the encryption and authentication options available to the access point using the applet (GUI), see

Configuring Security Options on page 6-2.

show Displays the new or modified security policy parameters.

set <index> Edits security policy parameters.

change Completes policy changes and exits the session.

.. Cancels the changes made and exits the session.

Command Line Interface Reference 8-79

AP51xx>admin(network.wireless.security)> delete

Description:

Deletes a specific security policy.

Syntax:

For information on configuring the encryption and authentication options available to the access point using the applet (GUI), see

Configuring Security Options on page 6-2.

delete <sec-name> Removes the specified security policy for the list supported.

<all> Removes all security policies except the default policy.

AP-51xx Access Point Product Reference Guide8-80

8.3.3.3 Network ACL Commands

AP51xx>admin(network.wireless.acl)>

Description:

Displays the access point Mobile Unit Access Control List (ACL) submenu. The items available under this command include:

show Displays the access point’s current ACL configuration.

create Creates an MU ACL policy.

edit Edits the properties of an existing MU ACL policy.

delete Removes an MU ACL policy.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-81

AP51xx>admin(network.wireless.acl)> show

Description:

Displays the access point’s current ACL configuration.

Syntax:

Example:

admin(network.wireless.acl)>show summary

----------------------------------------------------------------------

ACL Policy Name Associated WLANs

----------------------------------------------------------------------

1 Default Front Lobby

2 Admin Administration

3 Demo Room Customers

admin(network.wireless.acl)>show policy 1

Policy Name : Front Lobby

Policy Mode : allow

-----------------------------------------------------------------------------

index start mac end mac

-----------------------------------------------------------------------------

1 00A0F8348787 00A0F8348798

For information on configuring the ACL options available to the access point using the applet (GUI), see Configuring a WLAN Access

Control List (ACL) on page 5-30.

show summary Displays the list of existing MU ACL policies.

policy <index> Displays the requested MU ACL index policy.

AP-51xx Access Point Product Reference Guide8-82

AP51xx>admin(network.wireless.acl)> create

Description:

Creates an MU ACL policy.

Syntax:

Example:

admin(network.wireless.acl.create)>show

Policy Name : Front Lobby

Policy Mode : allow

-----------------------------------------------------------------------------

index start mac end mac

-----------------------------------------------------------------------------

1 00A0F8334455 00A0F8334455

2 00A0F8400000 00A0F8402001

admin(network.wireless.acl.create)>set acl-name engineering

admin(network.wireless.acl.create)>set mode deny

admin(network.wireless.acl.create)>add-addr 00A0F843AABB

admin(network.wireless.acl.create)>add-policy

For information on configuring the ACL options available to the access point using the applet (GUI), see Configuring a WLAN Access

Control List (ACL) on page 5-30.

create show <acl-name> Displays the parameters of a new ACL policy.

set acl-name <index> Sets the MU ACL policy name.

mode <acl-mode> Sets the ACL mode for the defined index (1-16). Allowed MUs can access

the access point managed LAN. Options are deny and allow.

add-addr <mac1> or

Adds specified MAC address to list of ACL MAC addresses.

delete <index> <all> Removes either a specified ACL index or all ACL entries.

add-policy Completes the policy creation and exits the CLI.

.. Cancels the creation of the ACL and exits the CLI.

Command Line Interface Reference 8-83

AP51xx>admin(network.wireless.acl.edit)>

Description:

Edits the properties of an existing MU ACL policy.

Syntax:

For information on configuring the ACL options available to the access point using the applet (GUI), see Configuring a WLAN Access

Control List (ACL) on page 5-30.

show Displays MU ACL policy and its parameters.

set Modifies the properties of an existing MU ACL policy.

add-addr Adds an MU ACL table entry.

delete Deletes an MU ACL table entry, including starting and ending MAC address ranges.

change Completes the changes made and exits the session.

.. Cancels the changes made and exits the session.

AP-51xx Access Point Product Reference Guide8-84

AP51xx>admin(network.wireless.acl)> delete

Description:

Removes an MU ACL policy.

Syntax:

For information on configuring the ACL options available to the access point using the applet (GUI), see Configuring a WLAN Access

Control List (ACL) on page 5-30.

delete <acl name> Deletes a partilcular MU ACL policy.

all Deletes all MU ACL policies.

Command Line Interface Reference 8-85

8.3.3.4 Network Radio Configuration Commands

AP51xx>admin(network.wireless.radio)>

Description:

Displays the access point Radio submenu. The items available under this command include:

show Summarizes access point radio parameters at a high-level.

set Defines the access point radio configuration.

radio1 Displays the 802.11b/g radio submenu.

radio2 Displays the 802.11a radio submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-86

AP51xx>admin(network.wireless.radio)> show

Description:

Displays the access point’s current radio configuration.

Syntax:

Example:

admin(network.wireless.radio)>show

Radio Configuration

Radio 1

Name : Radio 1

Radio Mode : enable

RF Band of Operation : 802.11b/g (2.4 GHz)

Wireless AP Configuration:

Base Bridge Mode : enable

Max Wireless AP Clients : 6

Client Bridge Mode : disable

Clitn Bridge WLAN : WLAN1

Radio 2

Name : Radio 2

Radio Mode : enable

RF Band of Operation : 802.11a (5 GHz)

Wireless AP Configuration:

Base Bridge Mode : enable

Max Wireless AP Clients : 5

Client Bridge Mode : disable

Client Bridge WLAN : WLAN1

For information on configuring the Radio Configuration options available to the access point using the applet (GUI), see

Setting the WLAN’s Radio Configuration on page 5-44.

show Displays the access point’s current radio configuration.

Command Line Interface Reference 8-87

AP51xx>admin(network.wireless.radio)> set

Description:

Enables an access point Radio and defines the RF band of operation.

Syntax:

Example:

admin(network.wireless.radio)>set 11a disable

admin(network.wireless.radio)>set 11bg enable

admin(network.wireless.radio)>set mesh-base enable

admin(network.wireless.radio)>set mesh-max 11

admin(network.wireless.radio)>set mesh-client disable

admin(network.wireless.radio)>set mesh-wlan wlan1

admin(network.wireless.radio)>show

Radio Configuration

Radio 1

Name : Radio 1

Radio Mode : enable

RF Band of Operation : 802.11b/g (2.4 GHz)

Wireless AP Configuration:

Base Bridge Mode : enable

Max Wireless AP Clients : 11

Client Bridge Mode : disable

Clitn Bridge WLAN : WLAN1

For information on configuring the Radio Configuration options available to the access point using the applet (GUI), see Setting the

WLAN’s Radio Configuration on page 5-44.

set 11a <mode> Enables or disables the access point’s 802.11a radio.

11bg <mode> Enables or disables the access point’s 802.11b/g radio.

mesh-base <mode> Enables or disables base bridge mode.

mesh-max Sets the maximum number of wireless bridge clients.

mesh-client <mode> Enables or Disables client bridge mode.

mesh-wlan <name> Defines the client bridge WLAN name.

AP-51xx Access Point Product Reference Guide8-88

AP51xx>admin(network.wireless.radio.radio1)>

Description:

Displays a specific 802.11b/g radio submenu. The items available under this command include:

Syntax:

For information on configuring Radio 1 Configuration options available to the access point using the applet (GUI), see

Setting the WLAN’s Radio Configuration on page 5-44.

show Displays 802.11b/g radio settings.

set Defines specific 802.11b/g radio parameters.

advanced Displays the Adavanced radio settings submenu.

mesh Goes to the Wireless AP Connections submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-89

AP51xx>admin(network.wireless.radio.radio1)> show

Description:

Displays specific 802.11b/g radio settings.

Syntax:

Example:

admin(network.wireless.radio.radio1)>show radio

Radio Setting Information

Placement : indoor

MAC Address : 00A0F8715920

Radio Type : 802.11b/g

ERP Protection : Off

Channel Setting : user selection

Antenna Diversity : full

Power Level : 5 dbm (4 mW)

802.11b/g mode : B-Only

Basic Rates : 1 2 5.5 11

Supported Rates : 1 2 5.5 11

Beacon Interval : 100 K-usec

DTIM Interval per BSSID

1 : 10 beacon intvls

2 : 10 beacon intvls

3 : 10 beacon intvls

4 : 10 beacon intvls

short preamble : disable

RTS Threshold : 2341 bytes

show radio Displays specific 802.11b/g radio settings.

qos Displays specific 802.11b/g radio WMM QoS settings.

AP-51xx Access Point Product Reference Guide8-90

admin(network.wireless.radio.radio1)>show qos

Radio QOS Parameter Set 11g-default

-----------------------------------------------------------------------------

Access Category CWMin CWMax AIFSN TXOPs (32 usec) TXOPs ms

-----------------------------------------------------------------------------

Background 15 1023 7 0 0.000

Best Effort 15 63 3 31 0.992

Video 7 15 1 94 3.008

Voice 3 7 1 47 1.504

For information on configuring the Radio 1 Configuration options available to the access point using the applet (GUI), see

Configuring the 802.11a or 802.11b/g Radio on page 5-47.

Command Line Interface Reference 8-91

AP51xx>admin(network.wireless.radio.802-11bg)> set

Description:

Defines specific 802.11b/g radio parameters.

Syntax:

Example:

admin(network.wireless.radio.802-11bg)>set placement indoor

admin(network.wireless.radio.802-11bg)>set ch-mode user

admin(network.wireless.radio.802-11bg)>set channel 1

admin(network.wireless.radio.802-11bg)>set antenna full

admin(network.wireless.radio.802-11bg)>set power 4

admin(network.wireless.radio.802-11bg)>set bg-mode enable

admin(network.wireless.radio.802-11bg)>set rates

admin(network.wireless.radio.802-11bg)>set beacon 100

admin(network.wireless.radio.802-11bg)>set dtim 1 40

admin(network.wireless.radio.802-11bg)>set preamble disable

admin(network.wireless.radio.802-11bg)>set rts 2341

admin(network.wireless.radio.802-11bg)>set qos cwmin 125

admin(network.wireless.radio.802-11bg)>set qos cwmax 255

admin(network.wireless.radio.802-11bg)>set qos aifsn 7

admin(network.wireless.radio.802-11bg)>set qos txops 0

admin(network.wireless.radio.802-11bg)>set qos param-set 11g-default

For information on configuring the Radio 1 Configuration options available to the access point using the applet (GUI), see

Configuring the 802.11a or 802.11b/g Radio on page 5-47.

set placement Defines the access point radio placement as indoors or outdoors.

ch-mode Determines how the radio channel is selected.

channel Defines the actual channel used by the radio.

antenna Sets the radio antenna power

power Defines the radio antenna power transmit level.

bg-mode Enables or disables 802-11bg radio mode support.

rates Sets the supported radio transmit rates.

beacon Sets the beacon interval used by the radio.

dtim Defines the DTIM interval (by index) used by the radio.

preamble Enables or disables support for short preamble for the radio.

rts Defines the RTS Threshold value for the radio.

qos Defines the cwmin, cwmax, aifsn and txops levels for the QoS policy used for the radio.

qos param-set Defines the data type proliferating the mesh network. When set to a value other then

manual, editing the access category values is not necessary. Options include; 11g-default,

11b-default, 11g-wifi, 11b-wifi, 11g-voice, 11b-voice or manual (for advanced users).

AP-51xx Access Point Product Reference Guide8-92

AP51xx>admin(network.wireless.radio.802-11bg.advanced)>

Description:

Displays the advanced submenu for the 802.11b/g radio. The items available under this command include:

Syntax:

show Displays advanced radio settings for the 802.11b/g radio.

set Defines advanced parameters for the 802.11b/g radio.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-93

AP51xx>admin(network.wireless.radio.802-11bg.advanced)> show

Description:

Displays the BSSID to WLAN mapping for the 802.11b/g radio.

Syntax:

Example:

admin(network.wireless.radio.802-11bg.advanced)>show advanced

-----------------------------------------------------------------------------

WLAN BSS ID BC/MC Cipher Status Message

-----------------------------------------------------------------------------

Lobby 1 Open good configuration is ok

HR 2 Open good configuration is ok

Office 3 Open good configuration is ok

-----------------------------------------------------------------------------

BSSID Primary WLAN

-----------------------------------------------------------------------------

1 Lobby

2HR

3 Office

admin(network.wireless.radio.802-11bg.advanced)>show wlan

WLAN 1:

WLAN name : WLAN1

ESS ID : 101

Radio : 11a,11b/g

VLAN :

Security Policy : Default

QoS Policy : Default

For information on configuring Radio 1 Configuration options available to the access point using the applet (GUI), see

Configuring the 802.11a or 802.11b/g Radio on page 5-47.

show advanced Displays advanced settings for the 802.11b/g radio.

wlan Displays WLAN summary list for the 802.11b/g radio.

AP-51xx Access Point Product Reference Guide8-94

AP51xx>admin(network.wireless.radio.802-11bg.advanced)> set

Description:

Defines advanced parameters for the target 802.11b/g radio.

Syntax:

Example:

admin(network.wireless.radio.802-11bg.advanced)>set wlan demoroom 1

admin(network.wireless.radio.802-11bg.advanced)>set bss 1 demoroom

For information on configuring Radio 1 Configuration options available to the access point using the applet (GUI), see Configuring the

802.11a or 802.11b/g Radio on page 5-47.

set wlan <wlan-name> <bssid> Defines advanced WLAN to BSSID mapping for the target radio.

bss <bss-id> <wlan name> Sets the BSSID to primary WLAN definition.

Command Line Interface Reference 8-95

AP51xx>admin(network.wireless.radio.radio2)>

Description:

Displays a specific 802.11a radio submenu. The items available under this command include:

Syntax:

show Displays 802.11a radio settings

set Defines specific 802.11a radio parameters.

advanced Displays the Advanced radio settings submenu.

mesh Goes to the Wireless AP Connections submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-96

AP51xx>admin(network.wireless.radio.802-11a)> show

Description:

Displays specific 802.11a radio settings.

Syntax:

Example:

admin(network.wireless.radio.802-11a)>show radio

Radio Setting Information

Placement : indoor

MAC Address : 00A0F8715920

Radio Type : 802.11a

Channel Setting : user selection

Antenna Diversity : full

Power Level : 5 dbm (4 mW)

Basic Rates : 6 12 24

Supported Rates : 6 9 12 18 24 36 48 54

Beacon Interval : 100 K-usec

DTIM Interval per BSSID

1 : 10 beacon intvls

2 : 10 beacon intvls

3 : 10 beacon intvls

4 : 10 beacon intvls

RTS Threshold : 2341 bytes

show radio Displays specific 802.11a radio settings.

qos Displays specific 802.11a radio WMM QoS settings.

Command Line Interface Reference 8-97

admin(network.wireless.radio.802-11a)>show qos

Radio QOS Parameter Set: 11a default

-----------------------------------------------------------------------------

Access Category CWMin CWMax AIFSN TXOPs (32 sec) TXOPs ms

-----------------------------------------------------------------------------

Background 15 1023 7 0 0.000

Best Effort 15 63 3 31 0.992

Video 7 15 1 94 3.008

Voice 3 7 1 47 1.504

For information on configuring Radio 2 Configuration options available to the access point using the applet (GUI), see Configuring the

802.11a or 802.11b/g Radio on page 5-47.

AP-51xx Access Point Product Reference Guide8-98

AP51xx>admin(network.wireless.radio.802-11a)> set

Description:

Defines specific 802.11a radio parameters.

Syntax:

Example:

admin(network.wireless.radio.802-11a)>

admin(network.wireless.radio.802-11a)>set placement indoor

admin(network.wireless.radio.802-11a)>set ch-mode user

admin(network.wireless.radio.802-11a)>set channel 1

admin(network.wireless.radio.802-11a)>set antenna full

admin(network.wireless.radio.802-11a)>set power 4

admin(network.wireless.radio.802-11a)>set rates

admin(network.wireless.radio.802-11a)>set beacon 100

admin(network.wireless.radio.802-11a)>set dtim 1 10

admin(network.wireless.radio.802-11a)>set rts 2341

admin(network.wireless.radio.802-11a)>set qos cwmin 125

admin(network.wireless.radio.802-11a)>set qos cwmax 255

admin(network.wireless.radio.802-11a)>set qos aifsn 7

admin(network.wireless.radio.802-11a)>set qos txops 0

admin(network.wireless.radio.802-11bg)>set qos param-set 11a-default

For information on configuring the Radio 2 Configuration options available to the access point using the applet (GUI), see

Configuring the 802.11a or 802.11b/g Radio on page 5-47.

set placement Defines the access point radio placement as indoors or outdoors.

ch-mode Determines how the radio channel is selected.

channel Defines the actual channel used by the radio.

antenna Sets the radio antenna power.

power Defines the radio antenna power transmit level.

rates Sets the supported radio transmit rates.

beacon Sets the beacon interval used by the radio.

dtim Defines the DTIM interval (by index) used by the radio.

rts Defines the RTS Threshold value for the radio.

qos Defines the cwmin, cwmax, aifsn and txops levels for the QoS policy used for the radio.

qos param-set Defines the data type proliferating the WLAN used with the mesh network. When set to a

value other then manual, editing the access category values is not necessary. Options

include; 11g-default, 11b-default, 11g-wifi, 11b-wifi, 11g-voice, 11b-voice or manual (for

advanced users).

Command Line Interface Reference 8-99

AP51xx>admin(network.wireless.radio.802-11a.advanced)>

Description:

Displays the advanced submenu for the 802-11a radio. The items available under this command include:

Syntax:

show Displays advanced radio settings for the 802-11a radio.

set Defines advanced parameters for the 802-11a radio.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-100

AP51xx>admin(network.wireless.radio.802-11a.advanced)> show

Description:

Displays the BSSID to WLAN mapping for the 802.11a radio.

Syntax:

Example:

admin(network.wireless.radio.802-11a.advanced)>show advanced

-----------------------------------------------------------------------------

WLAN BSS ID BC/MC Cipher Status Message

-----------------------------------------------------------------------------

Lobby 1 Open good configuration is ok

HR 2 Open good configuration is ok

Office 3 Open good configuration is ok

-----------------------------------------------------------------------------

BSSID Primary WLAN

-----------------------------------------------------------------------------

1 Lobby

2HR

3 Office

admin(network.wireless.radio.802-11bg.advanced)>show wlan

WLAN 1:

WLAN name : WLAN1

ESS ID : 101

Radio :

VLAN :

Security Policy : Default

QoS Policy : Default

For information on configuring the Radio 2 Configuration options available to the access point using the applet (GUI), see

Configuring the 802.11a or 802.11b/g Radio on page 5-47.

show advanced Displays advanced settings for the 802.11a radio.

wlan Displays WLAN summary list for 802.11a radio.

Command Line Interface Reference 8-101

AP51xx>admin(network.wireless.radio.802-11a.advanced)> set

Description:

Defines advanced parameters for the target 802..11a radio.

Syntax:

Example:

admin(network.wireless.radio.802-11a.advanced)>set wlan demoroom 1

admin(network.wireless.radio.802-11a.advanced)>set bss 1 demoroom

For information on configuring Radio 2 Configuration options available to the access point using the applet (GUI), see

Configuring the 802.11a or 802.11b/g Radio on page 5-47.

set wlan <wlan-name> <bssid> Defines advanced WLAN to BSSID mapping for the target radio.

bss <bss-id> <wlan name> Sets the BSSID to primary WLAN definition.

AP-51xx Access Point Product Reference Guide8-102

8.3.3.5 Network Quality of Service (QoS) Commands

AP51xx>admin(network.wireless.qos)>

Description:

Displays the access point Quality of Service (QoS) submenu. The items available under this command include:

show Displays access point QoS policy information.

create Defines the parameters of the QoS policy.

edit Edits the settings of an existing QoS policy.

delete Removes an existing QoS policy.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-103

AP51xx>admin(network.wireless.qos)> show

Description:

Displays the access point’s current QoS policy by summary or individual policy.

Syntax:

Example:

admin(network.wireless.qos)>show summary

----------------------------------------------------------------------

QOS Policy Name Associated WLANs

----------------------------------------------------------------------

1 Default 101

2 IP Phones Audio Dept

3 Video Vidio Dept

admin(network.wireless.qos)>show policy 1

Policy Name IP Phones

Support Legacy Voice Mode disable

Multicast (Mask) Address 1 01005E000000

Multicast (Mask) Address 2 09000E000000

WMM QOS Mode disable

For information on configuring the WLAN QoS options available to the access point using the applet (GUI), see

Setting the WLAN Quality of Service (QoS) Policy on page 5-33.

show summary Displays all exisiting QoS policies that have been defined.

policy <index> Displays the configuration for the requested QoS policy.

AP-51xx Access Point Product Reference Guide8-104

AP51xx>admin(network.wireless.qos.create)>

Description:

Defines an access point QoS policy.

Syntax:

For information on configuring the WLAN QoS options available to the access point using the applet (GUI), see

Setting the WLAN Quality of Service (QoS) Policy on page 5-33.

show Displays QoS policy parameters.

set qos-name <index> Sets the QoS name for the specified index entry.

vop <index> Enables or disables support (by index) for legacy VOIP devices.

mcast <mac> Defines primary and secondary Multicast MAC address.

wmm-qos <index> Enables or disables the QoS policy index specified.

param-set <set-name> Defines the data type used with the qos policy and mesh network. When

set to a value other then manual, editing the access category values is

not necessary. Options include; 11g-default, 11b-default, 11g-wifi, 11b-

wifi, 11g-voice, 11b-voice or manual for advanced users).

cwmin <access

category>

<index> Defines Minimum Contention Window (CW-Min) for specified access

categoiry and index.

cwmax <access

category>

<index> Defines Maximum Contention Window (CW-Max) for specified access

categoiry and index.

aifsn <access

category>

<index> Sets Arbitrary Inter-Frame Space Number (AIFSN) for specified access

categoiry and index.

txops <access

category>

<index> Configures Opportunity to Transmit Time (TXOPs Time) for specified

access categoiry and index.

default <index> Defines CWMIN, CWMAX, AIFSN and TXOPs default values.

add-policy Completes the policy edit and exits the session.

.. Cancels the changes and exits.

Command Line Interface Reference 8-105

AP51xx>admin(network.wireless.qos.edit)>

Descripton:

Edits the properties of an existing QoS policy.

Syntax:

For information on configuring the WLAN QoS options available to the access point using the applet (GUI), see

Setting the WLAN Quality of Service (QoS) Policy on page 5-33.

show Displays QoS policy parameters.

set qos-name <index> Sets the QoS name for the specified index entry.

vop <index> Enables or disables support (by index) for legacy VOIP devices.

mcast <mac> Defines primary and secondary Multicast MAC address.

wmm-qos <index> Enables or disables the QoS policy index specified.

param-set <set-name> Defines the data type used with the qos policy and mesh

network. When set to a value other then manual, editing the

access category values is not necessary. Options include; 11g-

default, 11b-default, 11g-wifi, 11b-wifi, 11g-voice, 11b-voice or

manual for advanced users).

cwmin <access

category>

<index> Defines Minimum Contention Window (CW-Min) for specified

access categoiry and index.

cwmax <access

category>

<index> Defines Maximum Contention Window (CW-Max) for specified

access categoiry and index.

aifsn <access

category>

<index> Sets Arbitrary Inter-Frame Space Number (AIFSN) for specified

access categoiry and index.

txops <access

category>

<index> Configures Opportunity to Transmit Time (TXOPs Time) for

specified access categoiry and index.

default <index> Defines CWMIN, CWMAX, AIFSN and TXOPs default values.

change Completes the policy edit and exits the session.

.. Cancels the changes and exits.

AP-51xx Access Point Product Reference Guide8-106

AP51xx>admin(network.wireless.qos)> delete

Description:

Removes a QoS policy.

Syntax:

For information on configuring the WLAN QoS options available to the access point using the applet (GUI), see

Setting the WLAN Quality of Service (QoS) Policy on page 5-33.

delete <qos-name>

<all>

Deletes the specified QoS polciy index, or all of the policies.

Command Line Interface Reference 8-107

8.3.3.6 Network Bandwith Management Commands

AP51xx>admin(network.wireless.bandwidth)>

Description:

Displays the access point Bandwidth Management submenu. The items available under this command include:

show Displays Bandwidth Management information for how data is processed by the access point.

set Defines Bandwidth Management parameters for the access point.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-108

AP51xx>admin(network.wireless.bandwidth)> show

Description:

Displays the access point’s current Bandwidth Management configuration.

Syntax:

Example:

admin(network.wireless.bandwidth)>show

Bandwidth Share Mode : First In First Out

For information on configuring the Bandwidth Management options available to the access point using the applet (GUI), see

Configuring Bandwidth Management Settings on page 5-55.

show Displays the current Bandwidth Management configuration for defined WLANs and how

they are weighted.

Command Line Interface Reference 8-109

AP51xx>admin(network.wireless.bandwidth)> set

Description:

Defines the access point Bandwidth Management configuration.

Syntax:

For information on configuring the Bandwidth Management options available to the access point using the applet (GUI), see

Configuring Bandwidth Management Settings on page 5-55.

set mode <bw-mode> Defines bandwidth share mode of First In First Out <fifo>,

Round Robin <rr> or Weighted Round Robin <wrr>

weight <num> Assigns a bandwidth share allocation for the WLAN <index 1-

16 > when Weighted Round Robin <wrr> is selected. The

weighting is from 1-10.

AP-51xx Access Point Product Reference Guide8-110

8.3.3.7 Network Rogue-AP Commands

AP51xx>admin(network.wireless.rogue-ap)>

Description:

Displays the Rogue AP submenu. The items available under this command include:

show Displays the current access point Rogue AP detection configuration.

set Defines the Rogue AP detection method.

mu-scan Goes to the Rogue AP mu-uscan submenu.

allowed-list Goes to the Rogue AP Allowed List submenu.

active-list Goes the Rogue AP Active List submenu.

rogue-list Goes the Rogue AP List submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-111

AP51xx>admin(network.wireless.rogue-ap)> show

Description:

Displays the current access point Rogue AP detection configuration.

Syntax:

Example:

admin(network.wireless.rogue-ap)>show

MU Scan : disable

MU Scan Interval : 60 minutes

On-Channel : disable

Detector Radio Scan : enable

Auto Authorize Symbol APs : disable

Approved APs age out : 0 minutes

Rogue APs age out : 0 minutes

For information on configuring the Rogue AP options available to the access point using the applet (GUI), see

Configuring Rogue AP Detection on page 6-52.

show Displays the current access point Rogue AP detection configuration.

AP-51xx Access Point Product Reference Guide8-112

AP51xx>admin(network.wireless.rogue-ap)> set

Description:

Defines the access point ACL rogue AP method.

Syntax:

Example:

admin(network.wireless.rogue-ap)>

admin(network.wireless.rogue-ap)>set mu-scan enable

admin(network.wireless.rogue-ap)>set interval 10

admin(network.wireless.rogue-ap)>set on-channel disable

admin(network.wireless.rogue-ap)>set detector-scan disable

admin(network.wireless.rogue-ap)>set symbol-ap enable

admin(network.wireless.rogue-ap)>set applst-ageout 10

admin(network.wireless.rogue-ap)>set roglst-ageout 10

admin(network.wireless.rogue-ap)>show

MU Scan : enable

MU Scan Interval : 10 minutes

On Channel : disable

Detector Radio Scan : disable

Detector Radio Band : none

Auto Authorize Symbol APs : enable

Approved AP age out : 10 minutes

Rogue AP age out : 10 minutes

For information on configuring the Rogue AP options available to the access point using the applet (GUI), see

Configuring Rogue AP Detection on page 6-52.

set mu-scan <mode> Enables or disables to permit MUs to scan for rogue APs.

interval <minutes> Define an interval for associated MUs to beacon in attempting to locate rogue APs.

Value not available unless mu-scan is enabled.

on-channel <mode> Enables or disables on-channel detection.

detector-scan <mode> Enables or disables AP detector scan (dual-radio model only).

symbol-ap <mode> Enables or disables the Authorize Any AP with a Symbol MAC address option.

applst-ageout <minutes> Sets the approved AP age out time.

roglst-ageout <minutes> Sets the rogue AP age out time.

Command Line Interface Reference 8-113

AP51xx>admin(network.wireless.rogue-ap.mu-scan)>

Description:

Displays the Rogue-AP mu-scan submenu.

Syntax:

show Displays all APs located by the MU scan.

start Initiates scan immediately by the MU.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-114

AP51xx>admin(network.wireless.rogue-ap.mu-scan)> start

Description:

Initiates an MU scan from a user provided MAC address.

Syntax:

For information on configuring the Rogue AP options available to the access point using the applet (GUI), see

Configuring Rogue AP Detection on page 6-52.

start <mu-mac> Initiates MU scan from user provided MAC address.

Command Line Interface Reference 8-115

AP51xx>admin(network.wireless.rogue-ap.mu-scan)> show

Description:

Displays the results of an MU scan.

Syntax:

For information on configuring the Rogue AP options available to the access point using the applet (GUI), see

Configuring Rogue AP Detection on page 6-52.

show Displays all APs located by the MU scan.

AP-51xx Access Point Product Reference Guide8-116

AP51xx>admin(network.wireless.rogue-ap.allowed-list)>

Description:

Displays the Rogue-AP allowed-list submenu.

show Displays the rogue AP allowed list

add Adds an AP MAC address and ESSID to the allowed list.

delete Deletes an entry or all entries from the allowed list.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-117

AP51xx>admin(network.wireless.rogue-ap.allowed-list)> show

Description:

Displays the Rogue AP allowed List.

Syntax:

Example:

admin(network.wireless.rogue-ap.allowed-list)>show

-----------------------------------------------------------------------------

index ap essid

-----------------------------------------------------------------------------

1 00:A0:F8:71:59:20 *

2 00:A0:F8:33:44:55 101

3 00:A0:F8:40:20:01 Marketing

For information on configuring the Rogue AP options available to the access point using the applet (GUI), see Configuring Rogue AP

Detection on page 6-52.

show Displays the rogue-AP allowed list.

AP-51xx Access Point Product Reference Guide8-118

AP51xx>admin(network.wireless.rogue-ap.allowed-list)> add

Description:

Adds an AP MAC address and ESSID to existing allowed list.

Syntax:

Example:

admin(network.wireless.rogue-ap.allowed-list)>add 00A0F83161BB 103

admin(network.wireless.rogue-ap.allowed-list)>show

-----------------------------------------------------------------------------

index ap essid

-----------------------------------------------------------------------------

1 00:A0:F8:71:59:20 *

2 00:A0:F8:33:44:55 101

3 00:A0:F8:40:20:01 Marketing

4 00:A0:F8:31:61:BB 103

For information on configuring the Rogue AP options available to the access point using the applet (GUI), see Configuring Rogue AP

Detection on page 6-52.

add <mac-addr>

<ess-id>

Adds an AP MAC address and ESSID to existing allowed list.

Use a “*” for any ESSID.

Command Line Interface Reference 8-119

AP51xx>admin(network.wireless.rogue-ap.allowed-list)> delete

Description:

Deletes an AP MAC address and ESSID to existing allowed list.

Syntax:

For information on configuring the Rogue AP options available to the access point using the applet (GUI), see Configuring Rogue AP

Detection on page 6-52.

delete <idx>

<all>

Deletes an AP MAC address and ESSID (or all addresses) from the allowed list.

AP-51xx Access Point Product Reference Guide8-120

8.3.4 Network Firewall Commands

AP51xx>admin(network.firewall)>

Description:

Displays the access point firewall submenu. The items available under this command include:

show Displays the access point’s current firewall configuration.

set Defines the access point’s firewall parameters.

access Enables/disables firewall permissions through the LAN and WAN ports.

advanced Displays interoperaility rules between the LAN and WAN ports.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-121

AP51xx>admin(network.firewall)> show

Description:

Displays the access point firewall parameters.

Syntax:

Example:

admin(network.firewall)>show

Firewall Status : disable

NAT Timeout : 10 minutes

Configurable Firewall Filters:

ftp bounce attack filter : enable

syn flood attack filter : enable

unaligned ip timestamp filter : enable

source routing attack filter : enable

winnuke attack filter : enable

seq num prediction attack filter : enable

mime flood attack filter : enable

max mime header length : 8192 bytes

max mime headers : 16 headers

For information on configuring the Firewall options available to the access point using the applet (GUI), see

Configuring Firewall Settings on page 6-25.

show Shows all access point’s firewall settings.

AP-51xx Access Point Product Reference Guide8-122

AP51xx>admin(network.firewall)> set

Description:

Defines the access point firewall parameters.

Syntax:

Example:

admin(network.firewall)>set mode enable

admin(network.firewall)>set ftp enable

admin(network.firewall)>set ip enable

admin(network.firewall)>set seq enable

admin(network.firewall)>set src enable

admin(network.firewall)>set syn enable

admin(network.firewall)>set win enable

admin(network.firewall)>show

Firewall Status : enable

Override LAN to WAN Access : disable

Configurable Firewall Filters

ftp bounce attack filter : enable

syn flood attack filter : enable

unaligned ip timestamp filter : enable

source routing attack filter : enable

winnuke attack filter : enable

seq num prediction attack filter : enable

mime flood attack filter : enable

max mime header length : 8192

max mime headers : 16

set mode <mode> Enables or disables the firewall.

nat-timeout <interval> Defines the NAT timeout value.

syn <mode> Enables or disables SYN flood attack check.

src <mode> Enables or disables source routing check.

win <mode> Enables or disables Winnuke attack check.

ftp <mode> Enables or disables FTP bounce attack check.

ip <mode> Enables or disables IP unaligned timestamp check.

seq <mode> Enables or disables sequence number prediction check.

mime filter Enables or disables MIME flood attack check.

len <length> Sets the max header length in bytes as specified by <length>

(with value in range 256 - 34463).

hdr <count> Sets the max number of headers as specified in <count>

(with value in range 12 - 34463).

Command Line Interface Reference 8-123

AP51xx>admin(network.firewall)> access

Description:

Enables or disables firewall permissions through LAN to WAN ports.

Syntax:

Example:

admin(network.firewall)>set override disable

admin(network.firewall)>access

admin(network.firewall.lan-wan-access)>set rule allow

admin(network.firewall.lan-wan-access)>list

-----------------------------------------------------------------------------

index from to name prot start port end port

-----------------------------------------------------------------------------

1 lan wan HTTP tcp 80 80

2 lan wan abc udp 0 0

3 lan wan 123456 ah 1440 2048

4 lan wan 654321 tcp 2048 2048

5 lan wan abc ah 100 1000

For information on configuring the Firewall options available to the access point using the applet (GUI), see

Configuring Firewall Settings on page 6-25.

show Displays LAN to WAN access rules.

set Sets LAN to WAN access rules.

add Adds LAN to WAN exception rules.

delete Deletes LAN to WAN access exception rules.

list Displays LAN to WAN access exception rules.

.. Goes to parent menu

/Goes to root menu.

save Saves configuration to system flash.

quit Quits and exits the CLI session.

AP-51xx Access Point Product Reference Guide8-124

AP51xx>admin(network.firewall)> advanced

Description:

Displays whether an access point firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface..

Syntax:

Example:

admin(network.firewall)>set override enable

admin(network.firewall)>advanced

admin(network.firewall.adv-lan-access)>inbound

admin(network.firewall.adv-lan-access.inb)>list

-----------------------------------------------------------------------------

Idx SCR IP-Netmask Dst IP-Netmask TP SPorts DPorts Rev NAT Action

-----------------------------------------------------------------------------

1 1.2.3.4 2.2.2.2 all 1: 1: 0.0.0.0 deny

255.0.0.0 255.0.0.0 65535 65535 nat port 33

2 33.3.0.0 10.10.1.1 tcp 1: 1: 11.11.1.0 allow

255.255.255.0 255.255.255.0 65535 65535 nat port 0

For information on configuring the Firewall options available to the access point using the applet (GUI), see Configuring Firewall

Settings on page 6-25.

show Shows advanced subnet access parameters.

set Sets advanced subnet access parameters.

import Imports rules from subnet access.

inbound Goes to the Inbound Firewall Rules submenu.

outbound Goes to the Outbound Firewall Rules submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to flash memory.

quit Quits and exits the CLI session.

Command Line Interface Reference 8-125

8.3.5 Network Router Commands

AP51xx>admin(network.router)>

Description:

Displays the router submenu. The items available under this command are:

show Displays the existing access point router configuration.

set Sets the RIP parameters.

add Adds user-defined routes.

delete Deletes user-defined routes.

list Lists user-defined routes.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-126

AP51xx>admin(network.router)> show

Description:

Shows the access point route table.

Syntax:

Example:

admin(network.router)>show routes

----------------------------------------------------------------------------

index destination netmask gateway interface metric

----------------------------------------------------------------------------

1 192.168.2.0 255.255.255.0 0.0.0.0 lan1 0

2 192.168.1.0 255.255.255.0 0.0.0.0 lan2 0

3 192.168.0.0 255.255.255.0 0.0.0.0 lan1 0

4 192.168.24.0 255.255.255.0 0.0.0.0 wan 0

5 157.235.19.5 255.255.255.0 192.168.24.1 wan 1

For information on configuring the Router options available to the access point using the applet (GUI), see Configuring Router

Settings on page 5-57.

show Shows the access point route table.

Command Line Interface Reference 8-127

AP51xx>admin(network.router)> set

Description:

Shows the access point route table.

Syntax:

For information on configuring the Router options available to the access point using the applet (GUI), see

Configuring Router Settings on page 5-57.

set auth Sets the RIP authentication type.

dir Sets RIP direction.

id Sets MD5 authetication ID.

key Sets MD5 authetication key.

passwd Sets the password for simple authentication.

type Defines the RIP type.

dgw-iface Sets the default gateway interface.

AP-51xx Access Point Product Reference Guide8-128

AP51xx>admin(network.router)> add

Description:

Adds user-defined routes.

Syntax:

Example:

admin(network.router)>add 192.168.3.0 255.255.255.0 192.168.2.1 LAN 1 1

admin(network.router)>list

----------------------------------------------------------------------------

index destination netmask gateway interface metric

----------------------------------------------------------------------------

1 192.168.3.0 255.255.255.0 192.168.2.1 lan1 1

For information on configuring the Router options available to the access point using the applet (GUI), see

Configuring Router Settings on page 5-57.

add <dest> <netmask> <gw> <iface> <metric> Adds a route with destination IP address <dest>, IP netmask

<netmask>, destination gateway IP address <gw>, interface

LAN1, LAN2 or WAN <iface>, and metric set to <metric> (1-15).

Command Line Interface Reference 8-129

AP51xx>admin(network.router)> delete

Description:

Deletes user-defined routes.

Syntax:

Example:

admin(network.router)>list

----------------------------------------------------------------------------

index destination netmask gateway interface metric

----------------------------------------------------------------------------

1 192.168.2.0 255.255.255.0 192.168.0.1 lan1 1

2 192.168.1.0 255.255.255.0 0.0.0.0 lan2 0

3 192.168.0.0 255.255.255.0 0.0.0.0 lan2 0

admin(network.router)>delete 2

admin(network.router)>list

------------------------------------------------------------------

index destination netmask gateway interface metric

------------------------------------------------------------------

1 192.168.2.0 255.255.255.0 0.0.0.0 lan1 0

2 192.168.0.0 255.255.255.0 0.0.0.0 lan1 0

admin(network.router)>

For information on configuring the Router options available to the access point using the applet (GUI), see

Configuring Router Settings on page 5-57.

delete <idx> Deletes the user-defined route <idx> (1-20) from list.

all Deletes all user-defined routes.

AP-51xx Access Point Product Reference Guide8-130

AP51xx>admin(network.router)> list

Description:

Lists user-defined routes.

Syntax:

Example:

admin(network.router)>list

----------------------------------------------------------------------------

index destination netmask gateway interface metric

----------------------------------------------------------------------------

1 192.168.2.0 255.255.255.0 192.168.0.1 lan1 1

2 192.168.1.0 255.255.255.0 0.0.0.0 lan2 0

3 192.168.0.0 255.255.255.0 0.0.0.0 lan1 0

For information on configuring the Router options available to the access point using the applet (GUI), see

Configuring Router Settings on page 5-57.

list Displays a list of user-defined routes.

Command Line Interface Reference 8-131

8.4 System Commands

AP51xx>admin(system)>

Description:

Displays the System submenu. The items available under this command are shown below.

restart Restarts the access point.

show Shows access point system parameter settings.

set Defines access point system parameter settings.

debug Accesses access point password-protected debug information.

lastpw Displays last debug password.

exec Goes to a Linux command menu.

access Goes to the access point access submenu where access point access methods can be enabled.

cmgr Goes the Certificate Manager submenu.

snmp Goes to the SNMP submenu.

ntp Goes to the Network Time Protocol submenu.

logs Displays the log file submenu.

config Goes to the configuration file update submenu.

fw-update Goes to the firmware update submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-132

AP51xx>admin(system)>restart

Description:

Restarts the access point access point.

Syntax:

Example:

admin(system)>restart

********************************WARNING***********************************

** Unsaved configuration changes will be lost when the access point is reset.

** Please be sure to save changes before resetting.

**************************************************************************

Are you sure you want to restart the access point? (yes/no):

access point Boot Firmware Version 1.1.0.0-xxx

Press escape key to run boot firmware ........

Power On Self Test

testing ram : pass

testing nor flash : pass

testing nand flash : pass

testing ethernet : pass

For information on restarting the access point using the applet (GUI), see Configuring System Settings on page 4-2.

restart Restarts the access point.

Command Line Interface Reference 8-133

AP51xx>admin(system)>show

Description:

Displays high-level access point system information.

Syntax:

Example:

admin(system)>show

system name : BldgC

system location : Atlanta Field Office

admin email address : johndoe@mycompany.com

system uptime : 0 days 4 hours 41 minutes

access point firmware version : 1.1.0.0-30D

country code : us

serial number : 05224520500336

admin(system)>

For information on displaying System Settings using the applet (GUI), see Configuring System Settings on page 4-2.

show Displays access point system information.

AP-51xx Access Point Product Reference Guide8-134

AP51xx>admin(system)>set

Description:

Sets access point system parameters.

Syntax:

Example:

admin(system)>show

system name : AP51xx

system location : San Jose Engineering

admin email address : SJSharkey@symbol.com

system uptime : 0 days 4 hours 33 minutes

access point firmware version : 1.1.0.0-30D

country code : us

For information on configuring System Settings using the applet (GUI), see Configuring System Settings on page 4-2. Refer to

Appendix A for information on the two-character country codes.

set name <name> Sets the access point system name to <name> (1 to 59 characters). The access

point does not allow intermediate space characters between characters within

the system name. For example, “AP51xx sales” must be changed to

“AP51xxsales” to be a valid system name.

loc <loc> Sets the access point system location to <loc> (1 to 59 characters).

email <email> Sets the access point admin email address to <email> (1 to 59 characters).

cc <code> Sets the access point country code using two-letters <code>.

Command Line Interface Reference 8-135

8.4.1 System Debug and Last Password Commands

AP51xx>admin(system)>debug

Description:

Accesses access point debug information. This information is designed for field service use only, and should not be used by

unqualified personnel.

Example:

admin(system)>debug

Debug Password:

access point MAC Address is 00:A0:F8:71:6A:74

Last Password was symbol12

AP51xx>admin(system)>lastpw

Description:

Displays the last debug password.

admin(system)>lastpw

access point MAC Address is 00:A0:F8:71:6A:74

Last Password was symbol12

Current password used 0 times, valid 4 more time(s)

AP-51xx Access Point Product Reference Guide8-136

8.4.2 System Access Commands

AP51xx>admin(system)>access

Description:

Displays the access point access submenu.

show Displays access point system access capabilities.

set Goes to the access point system access submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the current configuration to the access point system flash.

quit Quits the CLI and exits the current session.

Command Line Interface Reference 8-137

AP51xx>admin(system.access)>set

Description:

Defines the permissions to access the access point applet, CLI, SNMP as well as defining their timeout values.

Syntax:

For information on configuring access point access settings using the applet (GUI), see Configuring Data Access on page 4-5.

set applet Defines the applet HTTP/HTTPS access parameters.

app-timeout <minutes> Sets the applet timeout. Default is 300 Mins.

cli Defines CLI Telnet access parameters.

ssh Sets the CLI SSH access parameters.

auth-timout <seconds> Disables the radio interface if no data activity is detected after the interval

defined. Default is 120 seconds.

inactive-

timeout

<minutes> Inactivity interval resulting in the AP terminating its connection.

Default is 120 minutes.

snmp Sets SNMP access parameters.

admin-auth local/

RADIUS

Designates a Radius server is used in the authentication verification.

server <ip> Specifies the IP address the Remote Dial-In User Service (RADIUS) server.

port <port#> Specifies the port on which the RADIUS server is listening. Default is 1812.

secret <pw> Defines the shared secret password for RADIUS server authentication.

AP-51xx Access Point Product Reference Guide8-138

AP51xx>admin(system.access)>show

Description:

Displays the current access point access permissions and timeout values.

Syntax:

Example:

admin(system.access)>show

-------------------------------From LAN1-------From LAN2-------From WAN

applet http access from lan enable enable enable

applet http access from wan enable enable enable

cli telnet access enable enable enable

cli ssh access enable enable enable

snmp access enable enable enable

http/s timeout : 0

ssh server authetnication timeout : 120

ssh server inactivity timeout : 120

admin authetnication mode : local

Related Commands:

For information on configuring access point access settings using the applet (GUI), see Configuring Data Access on page 4-5.

show Shows all of the current system access settings for the access point..

set Defines the access point system access capabilities and timeout values.

Command Line Interface Reference 8-139

8.4.3 System Certificate Management Commands

AP51xx>admin(system)>cmgr

Description:

Displays the Certificate Manager submenu. The items available under this command include:

genreq Generates a Certificate Request.

delself Deletes a Self Certificate.

loadself Loads a Self Certificate signed by CA.

listself Lists the self certificate loaded.

loadca Loads trusted certificate from CA.

delca Deletes the trusted certificate.

listca Lists the trusted certificate loaded.

showreq Displays a certificate request in PEM format.

delprivkey Deletes the private key.

listprivkey Lists names of private keys.

expcert Exports the certificaqte file.

impcert Imports the certificate file.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-140

AP51xx>admin(system.cmgr)> genreq

Description:

Generates a certificate request.

Syntax:

Note: The parameters in [square brackets] are optional. Check with the CA to determine what fields are necessary. For example, most

CAs require an email address and an IP address, but not the address of the organization.

Example:

admin(system.cmgr)>genreq MyCert2 MySubject -ou MyDept -on MyCompany

Please wait. It may take some time...

Generating the certificate request

Retreiving the certificate request

The certificate request is

-----BEGIN CERTIFICATE REQUEST-----

MIHzMIGeAgEAMDkxEjAQBgNVBAoTCU15Q29tcGFueTEPMA0GA1UECxMGTXlEZXB0

MRIwEAYDVQQDEwlNeVN1YmplY3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtKcX

plKFCFAJymTFX71yuxY1fdS7UEhKjBsH7pdqnJnsASK6ZQGAqerjpKScWV1mzYn4

1q2+mgGnCvaZUlIo7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG/C1f

Bj8AszttSo/bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX/d6+Q1SMbs+tG4RP0lRSr

iWDyuvwx

-----END CERTIFICATE REQUEST-----

For information on configuring certificate management settings using the applet (GUI), see

Managing Certificate Authority (CA) Certificates on page 4-8.

genreq <IDname> <Subject> [-ou <OrgUnit>] [-on <OrgName>] [-cn <City>] [-st <State>] . . .

. . . [-p <PostCode>] [-cc <CCode>] [-e <Email>] [-d <Domain>] [-i <IP>] [-sa <SAlgo>]

Generates a self-certificate request for a Certification Authority (CA), where:

-ou <OrgUnit>

-on <OrgName>

-cn <City>

-st <State>

-p <PostCode>

-cc <CCode>

-e <Email>

-d <Domain>

-i <IP>

-sa <SAlgo>

-k <KSize>

The private key ID Name (up to 7 chars)

Subject Name (up to 49 chars)

Organization Unit (up to 49 chars)

Organization Name (up to 49 chars)

City Name of Organization (up to 49 chars)

State Name (up to 49 chars)

Postal code (9 digits)

Country code (2 chars)

E-mail Address (up to 49 chars)

Domain Name (up to 49 chars)

IP Address (a.b.c.d)

Signature Algorithm (one of MD5-RSA or SHA1-RSA

Key size in bits (one of 512, 1024, or 2048)

Command Line Interface Reference 8-141

AP51xx>admin(system.cmgr)> delself

Description: )

Deletes a self certificate.

Syntax:

Example:

admin(system.cmgr)>delself MyCert2

For information on configuring self certificate settings using the applet (GUI), see

Creating Self Certificates for Accessing the VPN on page 4-10.

delself <IDname> Deletes the self certificate named <IDname>.

AP-51xx Access Point Product Reference Guide8-142

AP51xx>admin(system.cmgr)> loadself

Description:

Loads a self certificate signed by the Certificate Authority.

Syntax:

For information on configuring self certificate settings using the applet (GUI), see

Creating Self Certificates for Accessing the VPN on page 4-10.

loadself <IDname> Load the self certificate signed by the CA with name <IDname>.

Command Line Interface Reference 8-143

AP51xx>admin(system.cmgr)> listself

Description:

Lists the loaded self certificates.

Syntax:

For information on configuring self certificate settings using the applet (GUI), see

Creating Self Certificates for Accessing the VPN on page 4-10.

listself Lists all self certificates that are loaded.

AP-51xx Access Point Product Reference Guide8-144

AP51xx>admin(system.cmgr)> loadca

Description:

Loads a trusted certificate from the Certificate Authority.

Syntax:

For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.

loadca Loads the trusted certificate (in PEM format) that is pasted into the command line.

Command Line Interface Reference 8-145

AP51xx>admin(system.cmgr)> delca

Description:

Deletes a trusted certificate.

Syntax:

For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.

delca <IDname> Deletes the trusted certificate.

AP-51xx Access Point Product Reference Guide8-146

AP51xx>admin(system.cmgr)> listca

Description:

Lists the loaded trusted certificate.

Syntax:

For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.

listca Lists the loaded trusted certificates.

Command Line Interface Reference 8-147

AP51xx>admin(system.cmgr)> showreq

Description:

Displays a certificate request in PEM format.

Syntax:

For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.

showreq <IDname> Displays a certificate request named <IDname> generated from the genreq command.

AP-51xx Access Point Product Reference Guide8-148

AP51xx>admin(system.cmgr)> delprivkey

Description:

Deletes a private key.

Syntax:

For information on configuring certificate settings using the applet (GUI), see Creating Self Certificates for Accessing the VPN on

page 4-10.

delprivkey <IDname> Deletes private key named <IDname>.

Command Line Interface Reference 8-149

AP51xx>admin(system.cmgr)> listprivkey

Description:

Lists the names of private keys.

Syntax:

For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.

listprivkey Lists all private keys.

AP-51xx Access Point Product Reference Guide8-150

AP51xx>admin(system.cmgr)> expcert

Description:

Exports the certificaqte file.

Syntax:

For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.

expcert Exports the certificaqte file.

Command Line Interface Reference 8-151

AP51xx>admin(system.cmgr)> impcert

Description:

Imports the target certificate file.

Syntax:

For information on configuring certificate settings using the applet (GUI), see Importing a CA Certificate on page 4-8.

impcert Imports the target certificate file.

AP-51xx Access Point Product Reference Guide8-152

8.4.4 System SNMP Commands

AP51xx>admin(system)> snmp

Description:

Displays the SNMP submenu. The items available under this command are shown below.

access Goes to the SNMP access submenu.

traps Goes to the SNMP traps submenu.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-153

8.4.4.1 System SNMP Access Commands

AP51xx>admin(system.snmp.access)

Description:

Displays the SNMP Access menu. The items available under this command are shown below.

show Shows SNMP v3 engine ID.

add Adds SNMP access entries.

delete Deletes SNMP access entries.

list Lists SNMP access entries.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-154

AP51xx>admin(system.snmp.access)> show

Description:

Shows the SNMP v3 engine ID.

Syntax:

Example:

admin(system.snmp.access)>show eid

access point snmp v3 engine id : 000001846B8B4567F871AC68

admin(system.snmp.access)>

For information on configuring SNMP access settings using the applet (GUI), see Configuring SNMP Access Control on page 4-22.

show eid Shows the SNMP v3 Engine ID.

Command Line Interface Reference 8-155

AP51xx>admin(system.snmp.access)> add

Description:

Adds SNMP access entries for specific v1v2 and v3 user definitions.

Syntax:

For information on configuring SNMP access settings using the applet (GUI), see Configuring SNMP Access Control on page 4-22.

add acl <ip1> <ip2> Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2>

and as the ending IP address.

v1v2c <comm> <access>

<oid>

Adds an SNMP v1/v2c configuration with <comm> as the community (1-31 characters), the

read/write access set to ro (read only) or rw (read/write), and the Object Identifier <oid> (a

string of 1-127 numbers separated by dot, such as 2.3.4.5.6).

v3 <user> <access> <oid> <sec>

Adds an SNMP v3 user definition with the username <user> (1 to 31 characters), access set

to ro (read only) or rw (read/write), the object ID set to <oid> (1 to 127 chars in dot notation,

such as 1.3.6.1), the security type <sec> set to one of no auth, authnopriv, or auth/priv.

The following parameters must be specified if <sec> is not none:

Authentication type <auth> set to md5 or sha1

Authentication password <pass1> (8 to 31 chars)

The following parameters must be specified if <sec> is set to auth/priv:

Privacy algorithm set to des or aes

Privacy password <pass2> (8 to 31 chars)

AP-51xx Access Point Product Reference Guide8-156

AP51xx>admin(system.snmp.access)> delete

Description:

Deletes SNMP access entries for specific v1v2 and v3 user definitions.

Syntax:

Example:

admin(system.snmp.access)>list acl

-----------------------------------------------------------------------------

index start ip end ip

-----------------------------------------------------------------------------

1 209.236.24.1 209.236.24.46

admin(system.snmp.access)>delete acl all

admin(system.snmp.access)>list acl

-----------------------------------------------------------------------------

index start ip end ip

-----------------------------------------------------------------------------

For information on configuring SNMP access settings using the applet (GUI), see Configuring SNMP Access Control on page 4-22.

delete acl <idx> Deletes entry <idx> (1-10) from the access control list.

all Deletes all entries from the access control list.

v1v2c <idx> Deletes entry <idx> (1-10) from the v1/v2 configuration list.

all Deletes all entries from the v1/v2 configuration list.

v3 <idx> Deletes entry <idx> (1-10) from the v3 user definition list.

all Deletes all entries from the v3 user definition list.

Command Line Interface Reference 8-157

AP51xx>admin(system.snmp.access)> list

Description:

Lists SNMP access entries.

Syntax:

Example:

admin(system.snmp.access)>list acl

----------------------------------------------------------------

index start ip end ip

----------------------------------------------------------------

1 209.236.24.1 209.236.24.46

admin(system.snmp.access)>list v1v2c

----------------------------------------------------------------

index community access oid

----------------------------------------------------------------

1 public read only 1.3.6.1

2 private read/write 1.3.6.1

admin(system.snmp.access)>list v3 2

index : 2

username : judy

access permission : read/write

object identifier : 1.3.6.1

security level : auth/priv

auth algorithm : md5

auth password : ********

privacy algorithm : des

privacy password : *******

For information on configuring SNMP access settings using the applet (GUI), see Configuring SNMP Access Control on page 4-22.

list acl Lists SNMP access control list entries.

v1v2c Lists SNMP v1/v2c configuration.

v3 <idx> Lists SNMP v3 user definition with index <idx>.

all Lists all SNMP v3 user definitions.

AP-51xx Access Point Product Reference Guide8-158

8.4.4.2 System SNMP Traps Commands

AP51xx>admin(system.snmp.traps)

Description:

Displays the SNMP traps submenu. The items available under this command are shown below.

show Shows SNMP trap parameters.

set Sets SNMP trap parameters.

add Adds SNMP trap entries.

delete Deletes SNMP trap entries.

list Lists SNMP trap entries.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-159

AP51xx>admin(system.snmp.traps)> show

Description:

Shows SNMP trap parameters.

Syntax:

Example:

admin(system.snmp.traps)>show trap

SNMP MU Traps

mu associated : enable

mu unassociated : disable

mu denied association : disable

mu denied authentication : disable

SNMP Traps

snmp authentication failure : disable

snmp acl violation : disable

SNMP Network Traps

physical port status change : enable

denial of service : enable

denial of service trap rate limit : 10 seconds

SNMP System Traps

system cold start : disable

system config changed : disable

rogue ap detection : disable

ap radar detection : disable

wpa counter measure : disable

mu hotspot status : disable

vlan : disable

lan monitor : disable

For information on configuring SNMP traps using the applet (GUI), see Enabling SNMP Traps on page 4-24.

show trap Shows SNMP trap parameter settings.

rate-trap Shows SNMP rate-trap parameter settings.

AP-51xx Access Point Product Reference Guide8-160

AP51xx>admin(system.snmp.traps)> set

Description:

Sets SNMP trap parameters.

Syntax:

For information on configuring SNMP traps using the applet (GUI), see Configuring Specific SNMP Traps on page 4-27.

set mu-assoc enable/disable Enables/disables the MU associated trap.

mu-unassoc enable/disable Enables/disables the MU unassociated trap.

mu-deny-assoc enable/disable Enables/disables the MU association denied trap.

mu-deny-auth enable/disable Enables/disables the MU authentication denied trap.

snmp-auth enable/disable Enables/disables the authentication failure trap.

snmp-acl enable/disable Enables/disables the SNMP ACL violation trap.

port enable/disable Enables/disables the physical port status trap.

dos-attack enable/disable Enables/disables the denial of service trap.

interval <rate> Sets denial of service trap interval.

cold enable/disable Enables/disables the system cold start trap.

cfg enable/disable Enables/disables a configuration changes trap.

rogue-ap enable/disable Enables/disables a trap when a rogue-ap is detected.

ap-radar enable/disable Enables/disables the AP Radar Detection trap.

wpa-counter enable/disable Enables/disables the WPA counter measure trap.

hotspot-mu-status enable/disable Enables/disables the hotspot mu status trap.

vlan enable/disable Enables/disables VLAN traps.

lan-monitor enable/disable Enables/disables LAN monitor traps.

rate <rate> <scope> <value> Sets the particular <rate> to monitor to <value> given the

indicated <scope>. See table below for information on the

possible values for <rate>, <scope>, and <value>.

min-pkt <pkt> Sets the minimum number of packets required for rate traps

to fire (1-65535).

Command Line Interface Reference 8-161

AP51xx>admin(system.snmp.traps)> add

Description:

Adds SNMP trap entries.

Syntax:

Example:

admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1

admin(system.snmp.traps)>list v1v2c

----------------------------------------------------------------------

index dest ip dest port community version

----------------------------------------------------------------------

1 203.223.24.2 333 mycomm v1

admin(system.snmp.traps)>add v3 201.232.24.33 555 BigBoss none md5

admin(system.snmp.traps)>list v3 all

index : 1

destination ip : 201.232.24.33

destination port : 555

username : BigBoss

security level : none

auth algorithm : md5

auth password : ********

privacy algorithm : des

privacy password : ********

For information on configuring SNMP traps using the applet (GUI), see Configuring SNMP RF Trap Thresholds on page 4-29.

add v1v2 <ip> <port> <comm> <ver>

Adds an entry to the SNMP v1/v2 access list with the destination IP address set to <ip>, the destination UDP port set to

<port>, the community string set to <comm> (1 to 31 characters), and the SNMP version set to <ver>.

v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2>

Adds an entry to the SNMP v3 access list with the destination IP address set to <ip>, the destination UDP port set to

<port>, the username set to <user> (1 to 31 characters), and the authentication type set to one of none, auth, or auth/

priv.

The following parameters must be specified if <sec> is not none:

Authentication type <auth> set to md5 or sha1

Authentication password <pass1> (8 to 31 chars)

The following parameters must be specified if <sec> is set to auth/priv:

Privacy algorithm set to des or aes

Privacy password <pass2> (8 to 31 chars)

AP-51xx Access Point Product Reference Guide8-162

AP51xx>admin(system.snmp.traps)> delete

Description:

Deletes SNMP trap entries.

Syntax:

Example:

admin(system.snmp.traps)>delete v1v2 all

For information on configuring SNMP traps using the applet (GUI), see Configuring SNMP Settings on page 4-17.

delete v1v2c <idx> Deletes entry <idx> from the v1v2c access control list.

all Deletes all entries from the v1v2c access control list.

v3 <idx> Deletes entry <idx> from the v3 access control list.

all Deletes all entries from the v3 access control list.

Command Line Interface Reference 8-163

AP51xx>admin(system.snmp.traps)> list

Description:

Lists SNMP trap entries.

Syntax:

Example:

admin(system.snmp.traps)>add v1v2 203.223.24.2 162 mycomm v1

admin(system.snmp.traps)>list v1v2c

----------------------------------------------------------------------

index dest ip dest port community version

----------------------------------------------------------------------

1 203.223.24.2 162 mycomm v1

admin(system.snmp.traps)>add v3 201.232.24.33 555 BigBoss none md5

admin(system.snmp.traps)>list v3 all

index : 1

destination ip : 201.232.24.33

destination port : 555

username : BigBoss

security level : none

auth algorithm : md5

auth password : ********

privacy algorithm : des

privacy password : ********

For information on configuring SNMP traps using the applet (GUI), see Configuring SNMP RF Trap Thresholds on page 4-29.

list v1v2c Lists SNMP v1/v2c access entries.

v3 <idx> Lists SNMP v3 access entry <idx>.

all Lists all SNMP v3 access entries.

AP-51xx Access Point Product Reference Guide8-164

8.4.5 System Network Time Protocol (NTP) Commands

AP51xx>admin(system)> ntp

Description:

Displays the NTP menu. The correct network time is required for numerous functions to be configured accuaretly on the access point.

Syntax:

set

show Shows NTP parameters settings.

date-zone Show date, time and time zone.

zone-list Displays list of time zones.

set Sets NTP parameters.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-165

AP51xx>admin(system.ntp)> show

Description:

Displays the NTP server configuration.

Syntax:

Example:

admin(system.ntp)>show

current time (UTC) : 2006-07-31 14:35:20

Time Zone:

ntp mode : enable

preferred Time server ip : 203.21.37.18

preferred Time server port : 123

first alternate server ip : 203.21.37.19

first alternate server port : 123

second alternate server ip : 0.0.0.0

second alternate server port : 123

synchronization interval : 15 minutes

For information on configuring NTP using the applet (GUI), see Configuring Network Time Protocol (NTP) on page 4-31.

show Shows all NTP server settings.

AP-51xx Access Point Product Reference Guide8-166

AP51xx>admin(system.ntp)> date-zone

Description:

Show date, time and time zone.

Syntax:

Example:

admin(system.ntp)>date-zone

Date/Time : Sat 1970-Jan-03 20:06:22 +0000 UTC

Time Zone :

date-zone Show date, time and time zone.

Command Line Interface Reference 8-167

AP51xx>admin(system.ntp)> zone-list

Description:

Displays an extensive list of time zones for countries around the world.

Syntax:

Example:

admin(system.ntp)> zone-list

zone-list Displays list of time zones for every known zone.

AP-51xx Access Point Product Reference Guide8-168

AP51xx>admin(system.ntp)> set

Description:

Sets NTP parameters for access point clock synchronization.

Syntax:

Example:

admin(system.ntp)>set mode enable

admin(system.ntp)>set server 1 203.21.37.18

admin(system.ntp)>set port 1 123

admin(system.ntp)>set intrvl 15

admin(system.ntp)>set zone 1

For information on configuring NTP using the applet (GUI), see Configuring Network Time Protocol (NTP) on page 4-31.

set mode <ntp-mode> Enables or disables NTP.

server <idx> <ip> Sets the NTP sever IP address.

port <idx> <port> Defines the port number.

intrvl <period> Defines the clock synchronization interval used between the access point and

the NTP server in minutes (15 - 65535).

time <time> Sets the current system time. [yyyy] - year, [mm] - month, [dd] - day of the

month, [hh] - hour of the day, [mm] - minute, [ss] second, [zone -idx] Index of the

zone.

zone <zone> Defines the time zone (by index) for the target country.

Command Line Interface Reference 8-169

8.4.6 System Log Commands

AP51xx>admin(system)> logs

Description:

Displays the access point log submenu. Logging options include:

Syntax:

show Shows logging options.

set Sets log options and parameters.

view Views system log.

delete Deletes the system log.

send Sends log to the designated FTP Server.

.. Goes to the parent menu.

/ Goes to the root menu.

save Saves configuration to system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-170

AP51xx>admin(system.logs)> show

Description:

Displays the current access point logging settings.

Syntax:

Example:

admin(system.logs)>show

log level : L6 Info

syslog server logging : enable

syslog server ip address : 192.168.0.102

For information on configuring logging settings using the applet (GUI), see Logging Configuration on page 4-34.

show Displays the logging options.

Command Line Interface Reference 8-171

AP51xx>admin(system.logs)> set

Description:

Sets log options and parameters.

Syntax:

For information on configuring logging settings using the applet (GUI), see Logging Configuration on page 4-34.

set level <level> Sets the level of the events that will be logged. All events with a level at or above <level>

(L0-L7) will be saved to the system log.

L0:Emergency

L1:Alert

L2:Critical

L3:Errors

L4:Warning

L5:Notice

L6:Info (default setting)

L7:Debug

mode <mode> Enables or disables syslog server logging.

ipadr <ip> Sets the external syslog server IP address to <ip> (a.b.c.d).

AP-51xx Access Point Product Reference Guide8-172

AP51xx>admin(system.logs)> view

Description:

Displays the access point system log file.

Syntax:

Example:

admin(system.logs)>view

Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception).

Jan 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance

Jan 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance

Jan 7 16:15:43 (none) last message repeated 2 times

Jan 7 16:16:01 (none) CC: 4:16pm up 6 days, 16:16, load average: 0.00, 0.01,

0.00

Jan 7 16:16:01 (none) CC: Mem: 62384 32520 29864

0 0

Jan 7 16:16:01 (none) CC: 0000077e 0012e95b 0000d843 00000000 00000003 0000121

e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000

Jan 7 16:16:13 (none) klogd: :ps log:fc: queue maintenance

Jan 7 16:16:44 (none) klogd: :ps log:fc: queue maintenance

Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance

For information on configuring logging settings using the applet (GUI), see Logging Configuration on page 4-34.

view Displays the entire access point system log file.

Command Line Interface Reference 8-173

AP51xx>admin(system.logs)> delete

Description:

Deletes the log files.

Syntax:

Example:

admin(system.logs)>delete

For information on configuring logging settings using the applet (GUI), see Logging Configuration on page 4-34.

delete Deletes the access point system log file.

AP-51xx Access Point Product Reference Guide8-174

AP51xx>admin(system.logs)> send

Description:

Sends log and core file to an FTP Server.

Syntax:

Example:

admin(system.logs)>send

File transfer : [ In progress ]

File transfer : [ Done ]

admin(system.logs)>

For information on configuring logging settings using the applet (GUI), see Logging Configuration on page 4-34.

send Sends the system log file via FTP to a location specified with the set command. Refer to the command set under the

AP51xx>admin(config) command for information on setting up an FTP server and login information.

Command Line Interface Reference 8-175

8.4.7 System Configuration-Update Commands

AP51xx>admin(system.config)>

Description:

Displays the access point configuration update submenu.

Syntax:

default Restores the default access point configuration.

partial Restores a partial default access point configuration.

show Shows import/export parameters.

set Sets import/export access point configuration parameters.

export Exports access point configuration to a designated system.

import Imports configuration to the access point.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the configuration to access point system flash.

quit Quits the CLI.

AP-51xx Access Point Product Reference Guide8-176

AP51xx>admin(system.config)> default

Description:

Restores the full access point factory default configuration.

Syntax:

Example:

admin(system.config)>default

Are you sure you want to default the configuration? <yes/no>:

For information on importing/exporting access point configurations using the applet (GUI), see

Importing/Exporting Configurations on page 4-36.

default Restores the access point to the original (factory) configuration.

Command Line Interface Reference 8-177

AP51xx>admin(system.config)> partial

Description:

Restores a partial factory default configuration. The access point’s LAN, WAN and SNMP settings are uneffected by the partial

restore.

Syntax:

Example:

admin(system.config)>partial

Are you sure you want to partially default the access point? <yes/no>:

For information on importing/exporting access point configurations using the applet (GUI), see

Importing/Exporting Configurations on page 4-36.

default Restores a partial access point configuration.

AP-51xx Access Point Product Reference Guide8-178

AP51xx>admin(system.config)> show

Description:

Displays import/export parameters for the access point configuration file.

Syntax:

Example:

admin(system.config)>show

cfg filename : cfg.txt

cfg filepath :

ftp/tftp server ip address : 192.168.0.101

ftp user name : myadmin

ftp password : ********

For information on importing/exporting access point configurations using the applet (GUI), see

Importing/Exporting Configurations on page 4-36.

show Shows all import/export parameters.

Command Line Interface Reference 8-179

AP51xx>admin(system.config)> set

Description:

Sets the import/export parameters.

Syntax:

Example:

admin(system.config)>set server 192.168.22.12

admin(system.config)>set user myadmin

admin(system.config>set passwd georges

admin(system.config)>show

cfg filename : cfg.txt

cfg filepath :

ftp/tftp server ip address : 192.168.22.12

ftp user name : myadmin

ftp password : *******

For information on importing/exporting access point configurations using the applet (GUI), see

Importing/Exporting Configurations on page 4-36.

set file <filename> Sets the configuration file name (1 to 39 characters in length).

path <path> Defines the path used for the configuration file upload.

server <ipaddress> Sets the FTP/TFTP server IP address.

user <username> Sets the FTP user name (1 to 39 characters in length).

passwd <pswd> Sets the FTP password (1 to 39 characters in length).

AP-51xx Access Point Product Reference Guide8-180

AP51xx>admin(system.config)> export

Description:

Exports the configuration from the system.

Syntax:

Example:

Export FTP Example:

admin(system.config)>set server 192.168.22.12

admin(system.config)>set user myadmin

admin(system.config)>set file config.txt

admin(system.config)>set passwd

admin(system.config)>export ftp

Export operation : [ Started ]

Building configuration file : [ Done ]

File transfer : [ In progress ]

File transfer : [ Done ]

Export Operation : [ Done ]

Export TFTP Example:

admin(system.config)>set server 192.168.0.101

admin(system.config)>set file config.txt

admin(system.config)>export tftp

Export operation : [ Started ]

Building configuration file : [ Done ]

File transfer : [ In progress ]

File transfer : [ Done ]

Export Operation : [ Done ]

For information on importing/exporting access point configurations using the applet (GUI), see

Importing/Exporting Configurations on page 4-36.

export ftp Exports the access point configuration to the FTP server. Use the set command to set the server, user,

password, and file name before using this command.

tftp Exports the access point configuration to the TFTP server. Use the set command to set the IP address for the

TFTP server before using the command.

terminal Exports the access point configuration to a terminal.

CAUTION Make sure a copy of the access point’s current configuration is exported (to a secure location) before

exporting the access point’s configuration, as you will want a valid version available in case errors are

encountered with the configuration export.

Command Line Interface Reference 8-181

AP51xx>admin(system.config)> import

Description:

Imports the access point configuration to the access point. Errors could display as a result of invaid configuration parameters. Correct

the sepcified lines and import the file again until the import operation is error free.

Syntax:

Example:

Import FTP Example

admin(system.config>set server 192.168.22.12

admin(system.config>set user myadmin

admin(system.config)>set file config.txt

admin(system.config)>set passwd mysecret

admin(system.config)>import ftp

Import operation : [ Started ]

File transfer : [ In progress ]

File transfer : [ Done ]

Import operation : [ Done ]

Import TFTP Example

admin(system.config)>set server 192.168.0.101

admin(system.config)>set file config.txt

admin(system.config)>import tftp

Import operation : [ Started ]

File transfer : [ In progress ]

File transfer : [ Done ]

Import operation : [ Done ]

For information on importing/exporting access point configurations using the applet (GUI), see

Importing/Exporting Configurations on page 4-36.

import ftp Imports the access point configuration file from the FTP server.

Use the set command to set the server, user, password, and file.

tftp Imports the access point configuration from the TFTP server.

Use the set command to set the server and file.

CAUTION A single-radio model access point cannot import/export its configuration to a dual-radio model access

point. In turn, a dual-radio model access point cannot import/export its configuration to a single-radio

access point.

CAUTION Symbol discourages importing a 1.0 baseline configuration file to a 1.1 version access point. Similarly,

a 1.1 baseline configuration file should not be imported to a 1.0 version access point. Importing

configuration files between different version access point’s results in broken configurations, since

new features added to the 1.1 version access point cannot be supported in a 1.0 version access point.

AP-51xx Access Point Product Reference Guide8-182

8.4.8 Firmware Update Commands

AP51xx>admin(system)>fw-update

Description:

Displays the firmware update submenu. The items available under this command are shown below.

NOTE The access point must complete the reboot process to successfully update the device firmware,

regardless of whether the reboot is conducted uing the GUI or CLI interfaces.

show Displays the current access point firmware update settings.

set Defines the access point firmware update parameters.

update Executes the firmware update.

.. Goes to the parent menu.

/Goes to the root menu.

save Saves the current configuration to the access point system flash.

quit Quits the CLI and exits the current session.

Command Line Interface Reference 8-183

AP51xx>admin(system.fw-update)>show

Description:

Displays the current access point firmware update settings.

Syntax:

Example:

admin(system.fw-update)>show

automatic firmware upgrade : enable

automatic config upgrade : enable

automatic upgrade interface : WAN

firmware filename : APFW.bin

firmware path : /tftpboot/

ftp/tftp server ip address : 168.197.2.2

ftp user name : pkeegan

ftp password : *******

For information on updating access point device firmware using the applet (GUI), see Updating Device Firmware on page 4-40.

show Shows the current system firmware update settings for the access point.

AP-51xx Access Point Product Reference Guide8-184

AP51xx>admin(system.fw-update)>set

Description:

Defines access point firmware update settings and user permissions.

Syntax:

For information on updating access point device firmware using the applet (GUI), see Updating Device Firmware on page 4-40.

set fw-auto <mode> When enabled, updates device firmware each time the firmware versions are found to be

different between the access point and the specified firmware on the remote system.

cfg-auto <mode> When enabled, updates device configuration file each time the confif file versions are

found to be different between the access point and the specified LAN or WAN interface.

iface <wan/lan1/lan2> Defines the target interface for version updates if the fw-auto and/or cfg-auto options are

enabled.

file <name> Defines the firmware file name (1 to 39 characters).

path <path> Specifies a path for the file (1 to 39 characters)..

server <ip> The IP address for the FTP/TFTP server used for the firmware and/or config file update.

user <name> Specifies a username for FTP server login (1 to 39 characters)..

passwd <password> Specifies a password for FTP server login (1 to 39 characters).. Default is symbol.

Command Line Interface Reference 8-185

AP51xx>admin(system.fw-update)>update

Description:

Executes the access point firmware update over the WAN or LAN port using either ftp or tftp.

Syntax:

For information on updating access point device firmware using the applet (GUI), see Updating Device Firmware on page 4-40.

update <mode><iface> Defines the ftp ot tftp mode used to conduct the firmware update. Specifies whether the

update is executed over the access point’s WAN, LAN1 or LAN2 interface <iface>.

NOTE The access point must complete the reboot process to successfully update the device firmware,

regardless of whether the reboot is conducted uing the GUI or CLI interfaces.

AP-51xx Access Point Product Reference Guide8-186

8.5 Statistics Commands

AP51xx>admin(stats)

Description:

Displays the access point statistics submenu. The items available under this command are:

show Displays access point WLAN, MU, LAN and WAN statistics.

send-cfg-ap Sends a config file to another access point within the known AP table.

send-cfg-all Sends a config file to all access points within the known AP table.

clear Clears all statistic counters to zero.

flash-all-leds Starts and stops the flashing of all access point LEDs.

echo Defines the parameters for pinging a designated station.

ping Iniates a ping test.

.. Moves to the parent menu.

/Goes to the root menu.

save Saves the current configuration to system flash.

quit Quits the CLI.

Command Line Interface Reference 8-187

AP51xx>admin(stats)> show

Description:

Displays access point system information.

Syntax:

For information on displaying WAN port statistics using the applet (GUI), see Viewing WAN Statistics on page 7-2.

For information on displaying LAN port statistics using the applet (GUI), see Viewing LAN Statistics on page 7-6.

For information on displaying Wireless statistics using the applet (GUI), see Viewing Wireless Statistics on page 7-11.

For information on displaying individual WLAN statistics using the applet (GUI), see Viewing WLAN Statistics on page 7-13.

For information on displaying Radio statistics using the applet (GUI), see Viewing Radio Statistics Summary on page 7-17.

For information on displaying MU statistics using the applet (GUI), see Viewing MU Statistics Summary on page 7-23.

For information on displaying Mesh statistics using the applet (GUI), see Viewing the Mesh Statistics Summary on page 7-29.

For information on displaying Known AP statistics using the applet (GUI), see Viewing Known Access Point Statistics on page 7-30.

show wan Displays stats for the access point WAN port.

lan Displays stats for the access point LAN port

stp Displays LAN Spanning Tree Status

wlan Displays WLAN status and statistics summary.

s-wlan Displays status and statistics for an individual WLAN

radio Displays a radio statistics transmit and receive summary.

s-radio Displays radio statistics for a single radio

retry-hgram Displays a radio’s retry histogram statistics.

mu Displays all mobile unit (MU) status.

s-mu Displays status and statistics for an individual MU.

auth-mu Displays single MU Authentication statistics.

wlap Displays Wireless Bridge Statistics statistics summary.

s-wlap Displays single Wirless Bridge statistics.

known-ap Displays a Known AP summary.

AP-51xx Access Point Product Reference Guide8-188

AP51xx>admin(stats)> send-cfg-ap

Description:

Copies the access point’s configuration to another access point within the known AP table.

Syntax:

Example:

admin(stats)>send-cfg-ap 2

admin(stats)>

For information on copying the access point config to another access point using the applet (GUI), see

Viewing Known Access Point Statistics on page 7-30.

send-cfg-ap <index> Copies the access point’s configuration to the access points within the known AP table. Mesh

configuration

attributes do not get copied using this command and must be configured manually.

NOTE The send-cfg-ap command copies all existing configuration parameters except Mesh settings, LAN IP

data, WAN IP data and DHCP Server parameter information.

Command Line Interface Reference 8-189

AP51xx>admin(stats)> send-cfg-all

Description:

Copies the access point’s configuration to all of the access points within the known AP table.

Syntax:

Example:

admin(stats)>send-cfg-all

admin(stats)>

For information on copying the access point config to another access point using the applet (GUI), see

Viewing Known Access Point Statistics on page 7-30.

send-cfg-all Copies the access point’s configuration to all of the access points within the known AP table.

NOTE The send-cfg-all command copies all existing configuration parameters except Mesh settings, LAN IP

data, WAN IP data and DHCP Server parameter information.

AP-51xx Access Point Product Reference Guide8-190

AP51xx>admin(stats)> clear

Description:

Clears the specified statistics counters to zero to begin new data calculations.

Syntax:

clear wan Clears WAN statistics counters.

lan Clears LAN statistics counters.

all-rf Clears all RF data.

all-wlan Clears all WLAN summary information.

wlan Clears individual WLAN statistic counters.

all-radio Clears access point radio summary information.

radio1 Clears statistics counters specific to radio1.

radio2 Clears statistics counters specific to radio2.

all-mu Clears all MU statistic counters.

mu Clears MU statistics counters.

known-ap Clears Known AP statistic counters.

Command Line Interface Reference 8-191

AP51xx>admin(stats)> flash-all-leds

Description:

Starts and stops the illumination of a specified access point’s LEDs.

Syntax:

Example:

admin(stats)>

admin(stats)>flash-all-leds 1 start

Password ********

admin(stats)>flash-all-leds 1 stop

admin(stats)>

For information on flashing access point LEDs using the applet (GUI), see Viewing Known Access Point Statistics on page 7-30.

flash-all-leds <index> Defines the Known AP index number of the target AP to flash.

<stop/start> Begins or terminates the flash activity.

AP-51xx Access Point Product Reference Guide8-192

AP51xx>admin(stats)> echo

Description:

Defines the echo test values used to conduct a ping test to an associated MU.

Syntax:

For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-27.

show Shows the Mobile Unit Statistics Summary.

list Defines echo test parameters and result.

set Determines echo test packet data.

start Begins echoing the defined station.

.. Goes to parent menu.

/Goes to root menu.

quit Quits CLI session.

Command Line Interface Reference 8-193

AP51xx>admin.stats.echo)> show

Description:

Shows Mobile Unit Statistics Summary.

Syntax:

Example:

admin(stats.echo)>show

----------------------------------------------------------------------------

Idx IP Address MAC Address WLAN Radio T-put ABS Retries

----------------------------------------------------------------------------

1 192.168.2.0 00:A0F8:72:57:83 demo 11a

show Shows Mobile Unit Statistics Summary.

AP-51xx Access Point Product Reference Guide8-194

AP51xx>admin.stats.echo)> list

Description:

Lists echo test parameters and results.

Syntax:

Example:

admin(stats.echo)>list

Station Address : 00A0F8213434

Number of Pings : 10

Packet Length : 10

Packet Data (in HEX) : 55

admin(stats.echo)>

For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-27.

list Lists echo test parameters and results.

Command Line Interface Reference 8-195

AP51xx>admin.stats.echo)>set

Description:

Defines the parameters of the echo test.

Syntax:

For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-27.

set station <mac> Defines MU target MAC address.

request <num> Sets number of echo packets to transmit (1-539).

length <num> Determines echo packet length in bytes (1-539).

data <hex> Defines the particular packet data.

AP-51xx Access Point Product Reference Guide8-196

AP51xx>admin.stats.echo)> start

Description:

Initiates the echo test.

Syntax:

Example:

admin(stats.echo)>start

admin(stats.echo)>list

Station Address : 00A0F843AABB

Number of Pings : 10

Packet Length : 100

Packet Data (in HEX) : 1

Number of MU Responses : 2

For information on MU Echo and Ping tests using the applet (GUI), see Pinging Individual MUs on page 7-27.

start Initiates the echo test.

Command Line Interface Reference 8-197

AP51xx>admin(stats)> ping

Description:

Defines the ping test values used to conduct a ping test to an AP with the same ESSID.

Syntax:

For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-27.

ping show Shows Known AP Summary details.

list Defines ping test packet length.

set Determines ping test packet data.

start Begins pinging the defined station.

.. Goes to parent menu.

/Goes to root menu.

quit Quits CLI session.

AP-51xx Access Point Product Reference Guide8-198

AP51xx>admin.stats.ping)> show

Description:

Shows Known AP Summary Details.

Syntax:

Example:

admin(stats.ping)>show

----------------------------------------------------------------------------

Idx IP Address MAC Address MUs KBIOS Unit Name

----------------------------------------------------------------------------

1 192.168.2.0 00:A0F8:72:57:83 3 0 access point

show Shows Known AP Summary Details.

Command Line Interface Reference 8-199

AP51xx>admin.stats.ping)> list

Description:

Lists ping test parameters and results.

Syntax:

Example:

admin(stats.ping)>list

Station Address : 00A0F8213434

Number of Pings : 10

Packet Length : 10

Packet Data (in HEX) : 55

admin(stats.ping)>

For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-27.

list Lists ping test parameters and results.

AP-51xx Access Point Product Reference Guide8-200

AP51xx>admin.stats.ping)> set

Description:

Defines the parameters of the ping test.

Syntax:

Example:

admin(stats.ping)>set station 00A0F843AABB

admin(stats.ping)>set request 10

admin(stats.ping)>set length 100

admin(stats.ping)>set data 1

admin(stats.ping)>

For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-27.

set station Defines the AP target MAC address.

request Sets number of ping packets to transmit (1-539).

length Determines ping packet length in bytes (1-539).

data Defines the particular packet data.

Command Line Interface Reference 8-201

AP51xx>admin.stats.echo)> start

Description:

Initiates the ping test.

Syntax:

Example:

admin(stats.ping)>start

admin(stats.ping)>list

Station Address : 00A0F843AABB

Number of Pings : 10

Packet Length : 100

Packet Data (in HEX) : 1

Number of AP Responses : 2

For information on Known AP tests using the applet (GUI), see Pinging Individual MUs on page 7-27.

start Initiates the ping test.

AP-51xx Access Point Product Reference Guide8-202

Configuring Mesh Networking

9.1 Mesh Networking Overview

An AP-51xx can be configured in two modes to support the new mesh networking functionality. The

access point can be set to a client bridge mode and/or a base bridge mode (which accepts

connections from client bridges). Base bridge and client bridge mode can be used at the same time

by an individual access point to optimally bridge traffic to other members of the mesh network and

service associated MUs.

An access point in client bridge mode scans to locate other access points using the WLAP client's

ESSID. Then it is required to go through the association and authentication process to establish

wireless connections with the located devices. This association process is identical to the access

point’s current MU association process. Once the association and authentication process is complete,

the wireless client adds the connection as a port on its bridge module. This causes the client bridge

to begin forwarding packets to the base bridge node. The base bridge realizes it is talking to a

wireless client bridge. It then adds that connection as a port on its own bridge module. The two

bridges at that point are communicating using the Spanning Tree Protocol (STP).

AP-51xx Access Point Product Reference Guide

9-2

access points configured as both a base and a client bridge function as repeaters to transmit data

with associated MUs in their coverage area (client bridge mode) as well as forward traffic to other

access points in the mesh network (base bridge mode). The number of access points and their

intended function within the mesh network dictate whether they should be configured as base

bridges, client bridges or both (repeaters). For a use case on how access points are configured in

respect to a fictional business need, see Usage Scenario - Trion Enterprises on page 9-19.

The spanning tree determines the path to the root and detects if the current connection is part of a

network loop with another connection in the system. Each bridge can be configurable so the

administrator can control the spanning tree to define the root bridge and what the forwarding paths

are. Once the spanning tree converges, both access points begin learning which destinations reside

on which side of the network. This allows them to forward traffic intelligently.

After the client bridge establishes at least one wireless connection (if configured to support mobile

users), it begins beaconing and accepting wireless connections. If configured as both a client bridge

and a base bridge, it begin accepting client bridge connections. Therefore, the mesh network could

connect simultaneously to different networks in a manner whereby a network loop is not created and

then the connection is not blocked. Once the client bridge establishes at least one wireless

connection, it begins establishing other wireless connections as it finds them available. Thus, the

client bridge is able to establish simultaneous redundant links.

A mesh network must use one of the two access point LANs. If intending to use the access point for

mesh networking support, Symbol recommends configuring at least one WLAN (of the 16 WLANs

available) specifically for mesh networking support.

The client bridge creates up to three connections if it can find base bridges for connection. If the

connections are redundant (on the same network), then one connection will be forwarding and the

others blocked. However, if each of the connections links to a different wired network, then none are

redundant and all are forwarding. Thus, the bridge automatically detects and disables redundant

connections, but leaves non-redundant connections forwarding. This gives the user the freedom to

configure their topology in a variety of ways without limitations. This is important when configuring

multiple access points for base bridge support in areas like a shipping yard where a large radio

coverage area is required. For more information on configuring the access point in respect to specific

usage scenarios, see Usage Scenario - Trion Enterprises on page 9-19.

NOTE Since each access point can establish up to 3 simultaneous wireless

connections, some of these connections could be redundant. If this is the

case, the STP algorithm defines which links are the redundant links and

disables those links from forwarding.

Configuring Mesh Networking 9-3

If an access point is configured as a base bridge (but not as a client bridge) it operates normally at

boot time. The base bridge supports connections made by other client bridges.

The dual-radio model access point affords users better optimization of the mesh networking feature

by enabling the access point to transmit to other mesh network members using one independent radio

and transmit with associated MUs using the second independent radio. A single-radio access point

has its channel utilization and throughput degraded in a mesh network, as the AP’s single radio must

process both mesh network traffic with other access points and MU traffic with its associated

devices.

9.1.1 The AP-51xx Client Bridge Association Process

An access point in client bridge mode performs an active scan to quickly create a table of the access

points nearby. The table contains the access points matching the ESS of the client bridge AP’s WLAN.

The table is used to determine the best access point to connect to (based on signal strength, load and

the user's configured preferred connection list).

The association and authentication process is identical to the MU association process. The client

access point sends 802.11 authentication and association frames to the base access point. The base

access point responds as if the client is an actual mobile unit. Depending on the security policy, the

two access point’s engage in the normal handshake mechanism to establish keys.

After device association, the two access points are connected and the system can establish the

bridge and run the spanning tree algorithm. In the meantime, the access point in client bridge mode

continues to scan in the background attempts to establish an association with other access points

using the same ESS on the same channel.

CAUTION Only Symbol AP-5131 or AP-5181 model access points can be used as

base bridges, client bridges or repeaters within an access point

supported mesh network. If utilizing a mesh network, Symbol

recommends considering a dual-radio model to optimize channel

utilization and throughput.

CAUTION An access point is Base Bridge mode logs out whenever a Client

Bridge associates to the Base Bridge over the LAN connection. This

problem is not experienced over the access point’s WAN connection. If

this situation is experienced, log-in to the access point again.

AP-51xx Access Point Product Reference Guide

9-4

The access point in client bridge mode attempts to establish up to 3 simultaneous wireless

connections. The second and third connections are established in the background while the system

is running. The first connection needs to be established before the system starts bridging traffic.

The dual-radio model access point affords users better optimization of the mesh networking feature

by allowing the access point to transmit to other access points (in base or client bridge mode) using

one independent radio and transmit with its associated MUs using the second independent radio. A

single-radio access point has its channel utilization and throughput degraded in a mesh network, as

the access point’s single radio must process both mesh network traffic with other access points and

MU traffic with its associated devices.

9.1.2 Spanning Tree Protocol (STP)

The access point performs mesh networking using STP as defined in the 802.1d standard.

Once device association is complete, the client and base bridge exchange Configuration Bridge

Protocol Data Units (BPDUs) to determine the path to the root. STP also determines whether a given

port is a redundant connection or not.

9.1.3 Defining the Mesh Topology

When a user wants to control how the spanning tree determines client bridge connections, they need

to control the mesh configuration. The user must be able to define one node as the root. Assigning a

base bridge the lowest bridge priority defines it as the root.

The access point can manipulate the path cost assigned to a bridge connection based on that

connection’s RSSI. This results in the spanning tree selecting the optimal path for forwarding data

when redundant paths exist. However, this can be overridden using the preferred list. When using the

NOTE The Symbol AP-4131 access point uses a non-standard form of 802.1d

STP, and is therefore not compatible as a base bridge or client bridge

within an access point managed network.

NOTE Symbol recommends using the Mesh STP Configuration screen to

define a base bridge as a root. Only advanced users should use the

Advanced Client Bridge Settings screen’s Preferred List to define the mesh

topology, as omitting a bridge from the preferred list could break

connections within the mesh network.

Configuring Mesh Networking 9-5

preferred list, the user enters a priority for each bridge, resulting in the selection of the forwarding

link.

Limit the wireless client’s connections to reduce the number of hops required to get to the wired

network. Use each radio’s "preferred" base bridge list to define which access points the client bridge

connects to. For more information, see Configuring Mesh Networking Support on page 9-6.

9.1.4 Mesh Networking and the AP-51xx’s Two Subnets

The access point now has a second subnet on the LAN side of the system. This means wireless clients

communicating through the same radio can reside on different subnets. The addition of this feature

adds another layer of complexity to the access point’s mesh networking functionality.

With a second LAN introduced, the LAN’s Ethernet port (and any of the 16 WLANs) could be assigned

to one of two different subnets. From a layer 2 perspective, the system has two different bridge

functionalities, each with its own STP. The WLAN assignment controls the subnet (LAN1 or 2) upon

which a given connection resides. If WLAN2 is assigned to LAN1, and WLAN2 is used to establish a

client bridge connection, then the mesh network connection resides on LAN1.

Therefore, (depending upon the WLAN-to-LAN mapping), the access point could have multiple mesh

connections on either LAN1 or LAN2.

9.1.5 Normal Operation

Once the mesh network is defined, all normal access point operations are still allowed. MUs are still

allowed to associate with the access point as usual. The user can create WLANs, security polices and

VLANs as with any other access point. DHCP services function normally and all layer 3

communications are allowed.

WNMP is used to send information about each mesh network so information can be displayed to the

user from any access point on the system. WNMP messages are AP-AP info messages used to send

system status.

9.1.6 Impact of Importing/Exporting Configurations to a Mesh Network

When using the access point’s Configuration Import/Export screen to migrate an access point’s

configuration to other access points, mesh network configuration parameters will get sent or saved

AP-51xx Access Point Product Reference Guide

9-6

to other access points. However, if using the Known AP Statistics screen’s Send Cfg to APs

functionality, “auto-select” and preferred list” settings do not get imported.

9.2 Configuring Mesh Networking Support

Configuring the access point for Mesh Bridging support entails:

•Setting the LAN Configuration for Mesh Networking Support

•Configuring a WLAN for Mesh Networking Support

•Configuring the Access Point Radio for Mesh Support.

9.2.1 Setting the LAN Configuration for Mesh Networking Support

At least one of the two access point LANs needs to be enabled and have a mesh configuration defined

to correctly function as a base or client bridge within a mesh network. This section describes the

configuration activities required to define a mesh network’s LAN configuration.

As the Spanning Tree Protocol (STP) mentions, each mesh network maintains hello, forward delay and

max age timers. The base bridge defined as the root imposes these settings within the mesh network.

The user does not necessarily have to change these settings, as the default settings will work.

However, Symbol encourages the user to define an access point as a base bridge and root (using the

base bridge priority settings within the Bridge STP Configuration screen). Members of the mesh

network can be configured as client bridges or additional base bridges with a higher priority value.

To define a LAN’s Mesh STP Configuration:

1. Select Network Configuration -> LAN from the AP-5131 menu tree.

2. Enable the LAN used to support the mesh network.

CAUTION When using the Import/Export screen to import a mesh supported

configuration, do not import a base bridge configuration into an

existing client bridge, as this could cause the mesh configuration

to break.

NOTE For an overview on mesh networking and some of the implications on

using the feature with the access point, see

Configuring Mesh Networking on page 9-1.

Configuring Mesh Networking 9-7

Verify the enabled LAN is named appropriately in respect to its intended function in

supporting the mesh network.

3. Select Network Configuration -> LAN -> LAN1 or LAN2 from the AP-5131 menu

tree.

4. Click the Mesh STP Configuration button on the bottom off the screen.

5. Define the properties for the following parameters within the mesh network:

Priority Set the Priority as low as possible for a to force other devices

within the mesh network to defer to this client bridge as the bridge

defining the mesh configuration (commonly referred to as the root).

Symbol recommends assigning a Base Bridge AP with the lowest

bridge priority so it becomes the root in the STP. If a root already

exists, set the Bridge Priorities of new APs accordingly so the root

of the STP doesn't get altered. Each access point starts with a

default bridge priority of 32768.

Maximum Message

age

The Maximum Message age timer is used with the Message

Age timer. The Message Age timer is used to measure the age of

the received protocol information recorded for a port, and to ensure

the information is discarded when it exceeds the value set for the

Maximum Message age timer.

AP-51xx Access Point Product Reference Guide

9-8

6. Click OK to return to either the LAN1 or LAN2 screen where updates to the Mesh STP

Configuration can be saved by clicking the Apply button.

7. Click Cancel to discard the changes made to the Mesh STP Configuration and return to

the LAN1 or LAN2 screen. Once the Mesh STP Configuration is defined, the access

point’s radio can be configured for base and/or client bridge support.

9.2.2 Configuring a WLAN for Mesh Networking Support

Each access point comprising a particular mesh network is required to be a member of the same

WLAN. Therefore, each base bridge, client bridge or repeater within the mesh network must use the

same WLAN in order to share the same ESSID, radio designation, security policy, MU ACL and Quality

of Service policy. If intending to use the access point for mesh networking support, Symbol

recommends configuring at least one WLAN (of the 16 WLANs available) specifically for mesh

networking support.

To define the attributes of the WLAN shared by the members of the mesh network:

1. Select Network Configuration -> Wireless from the AP-5131 menu tree.

Hello Time The Hello Time is the time between each bridge protocol data unit

sent. This time is equal to 2 seconds (sec) by default, but you can

tune the time to be between 1 and 10 sec. If you drop the hello time

from 2 sec to 1 sec, you double the number of bridge protocol data

units sent/received by each bridge. The 802.1d specification

recommends the Hello Time be set to a value less than half of the

Max Message age value.

Forward Delay The Forward Delay is the time spent in the listening and learning

state. This time is equal to 15 sec by default, but you can tune the

time to be between 4 and 30 sec. The 802.1d specification

recommends the Forward Delay be set to a value greater than half

the Max Message age timeout value.

Forwarding Table

Ageout

The Forwarding Table Parameter value defines the length of time

an entry will remain in the a bridge’s forwarding table before being

deleted due to lack of activity. If the entry replenishments a

destination generating continuous traffic, this timeout value will

never be invoked. However, if the destination becomes idle, the

timeout value represents the length of time that must be exceeded

before an entry is deleted from the forwarding table.

Configuring Mesh Networking 9-9

The Wireless Configuration screen displays with those existing WLANs displayed within

the table.

2. Select the Create button to configure a new WLAN specifically to support mesh

networking.

An existing WLAN can be modified (or used as is) for mesh networking support by selecting

it from the list of available WLANs and clicking the Edit button.

3. Assign an ESSID and Name to the WLAN that each access point will share when using

this WLAN within their mesh network.

AP-51xx Access Point Product Reference Guide

9-10

Symbol recommends assigning a unique name to a WLAN supporting a mesh network

to differentiate it from WLANs defined for non mesh support. The name assigned to the

WLAN is what is selected from the Radio Configuration screen for use within the

mesh network.

4. Use the Available On checkboxes to specify the access point radio(s) used with the

target WLAN within the mesh network.

The Available On checkboxes are for making this WLAN available for base bridges or

repeaters to connect to. The Available On checkbox should only be selected for a mesh

WLAN if this target access point is to be configured as a base bridge or repeater on the

radio. If the WLAN is to be defined for client bridge support only, the Available On

checkbox should not be selected. Instead, it only needs to have the Enable Client Bridge

Backhaul option selected.

5. Use the Maximum MUs field to define the number of MUs allowed to associate with

this WLAN. This number should be defined based on the number of client bridge and

repeaters within this mesh network. This value can be increased as the mesh network

grows and devices are added.

Only advanced users should define the number of devices allowed to associate with the

WLAN, as setting the value too low could restrict devices from joining an expanding

mesh network, and setting it too high could prohibit other WLANs from granting access

to the all the devices needed.

6. Select the Enable Client Bridge Backhaul checkbox to make this WLAN available in

the Mesh Network Name drop-down menu within the Radio Configuration screen.

Only WLANs defined for mesh networking support should have this checkbox selected,

in order to keep the list of WLANs available (within the Radio Configuration screen)

restricted to just WLANs configured specifically with mesh attributes.

7. Refer to the Security Policy drop-down menu to select the security policy used within

this WLAN and mesh network.

A security policy for a mesh network should be configured carefully since the data

protection requirements within a mesh network differ somewhat compared to a typical

wireless LAN. No Encryption is a bad idea in a mesh network, since mesh networks

NOTE It is possible to have different ESSID and WLAN assignments within a

single mesh network (one set between the Base Bridge and repeater and

another between the repeater and Client Bridge). However, for ease of

management and to not waste network bandwidth, Symbol recommends

using the same ESSID across the entire mesh network.

Configuring Mesh Networking 9-11

are typically not guest networks, wherein public assess is more important than data

protection. Symbol also discourages user-based authentication schemes such as

Kerberos and 802.1x EAP, as these authentication schemes are not supported within a

mesh network.

If none of the existing policies are suitable, select the Create button to the right of the

Security Policy drop-down menu and configure a policy suitable for the mesh

network. For information on configuring a security using the authentication and

encryption techniques available to the

access point, see Enabling Authentication and Encryption Schemes on page 6-5.

8. ACL policies should be configured to allow or deny a range of MAC addresses from

interoperating with the WLAN used with the mesh network. ACLs should be defined

based on the client bridge and repeater (an access point defined as both a base and

client bridge) association requirements within the mesh network.

For information on defining an ACL for use with the WLAN assigned to the mesh

network, see Configuring a WLAN Access Control List (ACL) on page 5-30.

9. Select the Disallow MU to MU Communication checkbox to restrict MUs from

interacting with each other both within this WLAN, as well as other WLANs.

Selecting this option could be a good idea, if restricting device “chatter” improves mesh

network performance. If base bridges and client bridges are added at any given time to

extent the coverage are of a mesh network, the data going back and forth amongst just

those radios could be compromised by network interference. Adding mesh device traffic

could jeopardize network throughput. If however, MU to MU communication is central

to the organization (for example, scanners sharing data entry information) then this

checkbox should remain unselected.

NOTE The Kerberos User Name and Kerberos Password fields can be

ignored, as Kerberos is not supported as a viable authentication scheme

within a mesh network.

AP-51xx Access Point Product Reference Guide

9-12

10. Select the Use Secure Beacon checkbox to not transmit the AP- 5131’s ESSID

amongst the access points and devices within the mesh network. If a hacker tries to find

an ESSID via an MU, the AP- 5131’s ESSID does not display since the ESSID is not in

the beacon. Symbol recommends keeping the option enabled to reduce the likelihood

of hacking into the WLAN.

11. Select the Accept Broadcast ESSID checkbox to associate an MU that has a blank

ESSID (regardless of which ESSID the access point is currently using). Traffic within a

mesh network probably consists of known devices, so you may want to leave the

checkbox unselected and configure each MU with an ESSID. The default is selected.

However, for WLANs used within a mesh network, Symbol recommends unselecting

this option as it would prevent the AP from answering to blank ESSID probes from other

mobile units.

12. If there are certain requirements for the types of data proliferating the mesh network,

select an existing policy or configure a new QoS policy best suiting the requirements of

the mesh network. To define a new QoS policy, select the Create button to the right of

the Quality Of Service Policy drop-down menu.

For detailed information on configuring a QoS policy, see

Setting the WLAN Quality of Service (QoS) Policy on page 5-33.

13. Click Apply to save the changes made to the mesh network configured WLAN.

An access point radio is now ready to be configured for use with this newly created

mesh WLAN.

9.2.3 Configuring the Access Point Radio for Mesh Support

An access point radio intended for use within a mesh network requires configuration attributes

unique from a radio intended for non-mesh support.This section describes how to configure an access

point radio for mesh network support.

Configuring Mesh Networking 9-13

To configure the access point radio for mesh networking support:

1. Select Network Configuration -> Wireless -> Radio Configuration from the AP-5131

menu tree.

2. Enable the radio(s) using the Enable checkbox(es) for both Radio 1 and Radio 2.

Refer to RF Band of Operation parameter to ensure you are enabling the correct 802.11a

or 802.11b/g radio. After the settings are applied within this Radio Configuration screen, the

Radio Status and MUs connected values update. If this is an existing radio within a mesh

network, these values update in real-time.

NOTE The dual-radio model access point affords users better optimization of the

mesh network feature by allowing the access point to transmit to other

access points (in base or client bridge mode) using one independent radio

and transmit with its associated devices using the second independent

radio. A single-radio access point has its channel utilization and

throughput degraded in a mesh network, as the AP’s single radio must

process both mesh network traffic with other access points and MU traffic

with its associated devices.

CAUTION If a radio is disabled, be careful not to accidentally configure a new

WLAN, expecting the radio to be operating when you have forgotten it

was disabled.

AP-51xx Access Point Product Reference Guide

9-14

3. Select the Base Bridge checkbox to allow the access point radio to accept client bridge

connections from other access points in client bridge mode. The base bridge is the acceptor

of mesh network data from those client bridges within the mesh network and never the

initiator.

4. If the Base Bridge checkbox has been selected, use the Max# Client Bridges parameter

to define the client bridge load on a particular base bridge.

The maximum number of client bridge connections per access point radio is 12, with 24

representing the maximum for dual-radio models.

Once the settings within the Radio Configuration screen are applied (for an initial

deployment), the current number of client bridge connections for this specific radio displays

within the CBs Connected field. If this is an existing radio within a mesh network, this

value updates in real-time.

5. Select the Client Bridge checkbox to enable the access point radio to initiate client bridge

connections with other mesh network supported access points radios on the same WLAN.

CAUTION A problem could arise if a Base Bridge’s Indoor channel is not

available on an Outdoor Client Bridge's list of available channels. As

long as an Outdoor Client Bridge has the Indoor Base Bridge channel

in its available list of channels, it can associate to the Base Bridge.

CAUTION An access point in Base Bridge mode logs out whenever a Client

Bridge associates to the Base Bridge over the LAN connection. This

problem is not experienced over the access point’s WAN connection. If

this situation is experienced, log-in to the access point again.

Configuring Mesh Networking 9-15

If the Client Bridge checkbox has been selected, use the Mesh Network Name drop-down

menu to select the WLAN (ESS) the client bridge uses to establish a wireless link. The

default setting, is (WLAN1). Symbol recommends creating (and naming) a WLAN specifically

for mesh networking support to differentiate the Mesh supported WLAN from non-Mesh

supported WLANs. For more information, see Configuring a WLAN for Mesh Networking

Support on page 9-8

Once the settings within the Radio Configuration screen are applied (for an initial

deployment), the current number of base bridges visible to the radio displays within the BBs

Visible field, and the number of base bridges currently connected to the radio displays

within the BBs Connected field. If this is an existing radio within a mesh network, these

values update in real-time.

6. Click the Advanced button to define a prioritized list of access points to define mesh

connection links.

7. Select the Automatic Link Selection checkbox to allow the access point to select the links

used by the client bridge to populate the mesh network. Selecting this checkbox prohibits

NOTE Ensure you have verified the radio configuration for both Radio 1 and

Radio 2 before saving the existing settings and exiting the Radio

Configuration screen.v

AP-51xx Access Point Product Reference Guide

9-16

the user from selecting the order base bridges are added to the mesh network when one of

the three associated base bridges becomes unavailable.

8. Refer to the Available Base Bridge List to view devices located by the access point using

the WLAN selected from the Radio Configuration screen. Refer the following for information

on located base bridges:

9. Click Refresh at any time to update the list of available Base Bridge devices available to the

access point.

10. Use the >> button to move a selected base bridge MAC address from Available Base Bridge

List

11. Refer to the Preferred Base Bridge List for a prioritized list of base bridges the mesh

network’s client bridge uses to extend the mesh network’s coverage area and potentially

provide redundant links. If a device does not appear on the Available Base Bridge List, there

is no" way it can be moved to Preferred Base Bridge List as the device has not yet been

"seen." However, if you know the MAC Address corresponding to that Base Bridge, you can

add that to the Preferred List using the add button.

NOTE Auto link selection is based on the RSSI and load. The client bridge will

select the best available link when the Automatic Link Selection

checkbox is selected. Symbol recommends you do not disable this option,

as (when enabled) the access point will select the best base bridge for

connection.

MAC The MAC field displays the factory set hard-coded MAC address

that serves as a device identifier.

RSSI The Relative Signal Strength Indicator (RSSI) displays the located

device’s signal strength with the associated access point in client

bridge mode. Use this information as criteria on whether to move a

particular device from the available list to the preferred list.

CHANN The CHANN displays the name of the channel that both the

access point and base bridge use. A client bridge can only connect

to access points (Base Bridges) on the same channel. If the user

selects multiple base bridges on different channels, the access

point will only be able to connect to those bridges on the same

channel and the others will not be able to join this particular mesh

network.

Configuring Mesh Networking 9-17

12. Highlight a MAC address from the Preferred Base Bridge List and click the Up button to

assign that device’s MAC address a higher priority and a greater likelihood of joining the

mesh network if an association with another device is lost.

If a MAC address is not desirable as others but still worthy of being on the preferred list,

select it, and click the Down button to decrease its likelihood of being selected as a member

of the mesh network.

13. If a device MAC address is on the Preferred Base Bridge List and constitutes a threat as a

potential member of the mesh network (poor RSSI etc.), select it and click the Remove

button to exclude it from the preferred list.

If all of the members of the Preferred Base Bridge List constitute a risk as a member of the

mesh network, click the Remove All button. This is not recommended unless the preferred

list can be re-populated with more desirable device MAC addresses from the Available Base

Bridge List.

14. Click Ok to return to the Radio Configuration screen. Within the Radio Configuration screen,

click Apply to save any changes made within the Advanced Client Bridge Settings screen.

15. Click Cancel to undo any changes made within the Advanced Client Bridge Settings screen.

This reverts all settings for the screen to the last saved configuration.

16. Click Apply to save any changes to the Radio Configuration screen. Navigating away from

the screen without clicking Apply results in all changes to the screens being lost.

17. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the

settings displayed on the Radio Configuration screen to the last saved configuration.

18. Click Logout to securely exit the AP-5131 Symbol Access Point applet. A prompt displays

confirming the logout before the applet is closed.

Once the target radio has been enabled from the Radio Configuration screen, configure

the radio’s properties by selecting it from the AP-5131 menu tree.

CAUTION When defining a Mesh configuration and changes are saved, the

mesh network temporarily goes down. The mesh network is

unavailable because the access point radio goes down when applying

the changes. This can be problematic for users making changes within

a deployed mesh network. If updating the mesh network using a LAN

connection, the access point applet loses connection and the

connection must be re-instated. If updating the mesh network using a

WAN connection, the access point applet does not lose connection,

but the mesh network is unavailable until the changes have been

applied.

AP-51xx Access Point Product Reference Guide

9-18

For additional information on configuring the access point’s radio, see Configuring the

802.11a or 802.11b/g Radio on page 5-47. For fictional use case involving an access point

mesh network deployment within a shipping and receiving yard, see Usage Scenario - Trion

Enterprises on page 9-19.

Configuring Mesh Networking 9-19

9.3 Usage Scenario - Trion Enterprises

Trion Enterprises is a new shipping and receiving company. Trion wants to create an outdoor wireless

coverage area (in addition to its indoor wireless infrastructure) that can expand as they grow their

business. As Trion expands the wireless coverage area within their shipping yard, they will need

additional access points configured as either base or client bridges or repeaters (access points

configured as both base and client bridges) to support the growing number of MUs, and forward data

traffic to the client bridges on the outer areas of the mesh network. The MUs within the shipping and

receiving area consist primarily of Symbol bar code scanners (to monitor Trion’s inventory coming and

going) as well as PDAs doing data entry.

9.3.1 Trion’s Initial Deployment

Trion’s initial requirement is to configure a “point-to-point” mesh network consisting of two access

points (AP1 and AP2). AP1 is to be physically connected to a pole inside the entrance to the shipping

and receiving area with antennas oriented outward into the shipping yard. AP1 is intended to be a

base bridge with no coverage for MUs within the shipping yard. AP2 is intended to be a client bridge

associated to AP1 and be placed on a wall of a receiving shack (a remote building in the shipping yard)

with antennas oriented into the shipping yard. AP2 also is also connected to a Symbol ES3000

wireless switch providing connectivity (on its own local subnet) to laptops within the receiving shack.

AP1 and AP2 will be configured identically unless noted.

To configure Trion’s initial deployment, the IT Team does the following:

NOTE The information presented within this use case is centered around the

configuration of the mesh networking feature exclusively. It is assumed

the access points used by Trion Enterprises are completely configured

(beyond the mesh networking functionality) before being deployed in their

shipping yard.

NOTE To optimize Trion’s mesh network, the IT team decides to create a mesh

WLAN to strictly support the base bridge, client bridge and repeater

traffic within the mesh network. This is the configuration described in this

use case. However, to optimally support the MU traffic within the

shipping yard, the Trion team should create a separate (non-mesh) WLAN

to support the MU traffic proliferating the shipping yard. To configure the

separate (non mesh) WLAN, the IT team follows the instructions in

Creating/Editing Individual WLANs on page 5-24.

AP-51xx Access Point Product Reference Guide

9-20

1. The Trion IT department verifies connectivity with both of the access points following the

instructions in Testing Connectivity on page 3-11.

2. The Trion IT Department installs the AP1 on a wall with the antennas orienting outward into

the shipping and receiving yard. The team then installs the AP2 on a wall on the receiving

shack in the shipping yard.

The Trion IT department follows the instructions in

Wall Mounted Installations on page 2-14 to install AP1 and AP2.

3. The Trion IT department selects Network Configuration -> LAN from the AP-5131 menu

tree.

AP1

AP2

Configuring Mesh Networking 9-21

4. The Trion IT department verifies the LAN used to support the mesh network is enabled for

both AP1 and AP2, (by selecting the Enable checkbox).

5. The Trion IT department then selects Network Configuration -> LAN -> trion from the

AP-5131 menu tree.

6. The IT team selects the Mesh STP Configuration button on the bottom off the screen.

7. The Trion IT department sets the Priority setting to 1 (for AP1) in order for future members

of the mesh network to defer to AP1 as the AP defining the mesh network configuration

(setting this value to 1 AP1 to what is commonly referred to as the root).

The IT team leaves the Maximum Message age timer at the 20 sec default interval. This

setting controls the maximum length of time that passes before a bridge port saves its

configuration information. The Hello Time (the time between each bridge protocol data unit

sent) is also unchanged from 2 second default interval. The IT team also leaves the Forward

Delay (the time the access point LAN is spent in a listening and learning state) to the factory

NOTE In this fictional mesh network deployment for Trion Enterprises, AP1 and

AP2 should both have the access point’s Ethernet Port mapped to the

mesh LAN. However, there are some scenarios when this is not necessary.

For example, when the Ethernet is not connected, or is being used for

some other purpose such as routing traffic to the WAN connection.

NOTE AP1 and AP2 have been configured identically up to this point. However,

only AP1 is assigned a priority of 1 within the Bridge STP Configuration

screen. AP2 is set to a lower priority (100) to keep AP1 as the root.

AP-51xx Access Point Product Reference Guide

9-22

default of 15 seconds. Since only one additional access point is to be added to this point-to-

point mesh network, the Forwarding Table Ageout value is also unchanged from its 100

second default setting.

8. The team clicks OK from within the Bridge STP Configuration screen and Apply from within

the trion (LAN1) screen to save the settings. This step is repeated for AP2.

The Trion IT team now intends to create a WLAN (to use with the trion LAN) that can be

dedicated to their mesh network within the shipping yard.

9. Select Network Configuration -> Wireless from the AP-5131 menu tree.

The Wireless Configuration screen displays with those existing WLANs displayed within

the table. This is Trion’s first deployment for this new dual-radio access point, upon

reviewing the Wireless Page they determine the existing default WLAN should be left as is

and a new WLAN should be created that can be dedicated to the mesh network supporting

the shipping yard.

Configuring Mesh Networking 9-23

10. The team selects the Edit button to revise (and rename) the existing WLAN specifically

to support mesh networking.

11. The Trion IT team assigns the WLAN a unique ESSID (103) used by each new base bridge,

client bridge and repeater joining the mesh network.

12. The team assigns the name of “trion mesh” to the WLAN so it will not be confused with

other WLANs used in other areas of the Trion facility. This name also serves to associate the

name of the WLAN with its intended mesh network utilization of data. entry within the

shipping yard

AP-51xx Access Point Product Reference Guide

9-24

13. For AP1 the team selects the 802.11a checkbox. Enabling the 802.11a radio for the mesh

WLAN and configuring a separate WLAN for MU traffic (using the 802.11b/g radio), allows

the team the best channel utilization and throughput available since the 802.11a radio can

be dedicated strictly to communications within the mesh network and the 802.11b/g radio

can be dedicated to servicing the 802.11b/g MUs supporting the shipping and receiving

yard.

For AP2, neither the 802.11a or 802.11b/g checkboxes are selected (see the screen

displayed above). Only the Enable Client Bridge Backhaul checkbox needs to be selected

for AP2 (as AP2 will be used as a client bridge).

14. The team does not want any MUs connecting to the mesh WLAN, only the client bridges

comprising the mesh network. Therefore, the team leaves the Maximum MUs field as is,

and will use the Radio Configuration page to control the number of client bridge

connections.

15. The team verifies the Enable Client Bridge Backhaul checkbox is selected for AP2 to

ensure the WLAN is available in the Mesh Network Name drop-down menu.

Unlike the user-based Kerberos authentication scheme used within the Trion Administrative

office and the 802.1x EAP scheme used in the Finance department, the IT Team wants to

configure a security scheme for the WLAN that emphasizes security for the data

proliferating the shipping yard, not its user base, as users may come and go whereas the

data traffic within the shipping yard remains continuous.

16. The IT Team selects the Create button to the right of the Security Policy drop-down menu.

The New Security Policy screen displays with no authentication or encryption options

selected.

17. The IT Team selects the WPA2/CCMP radio button.

The WPA2/CCMP Settings field displays within the New Security Policy screen.

18. The IT Team assigns a name of “WPA2 mesh network” to not only define the security

scheme used, but associate this policy with its intended use for the shipping and receiving

mesh network.

Configuring Mesh Networking 9-25

19. The Broadcast Key Rotation checkbox is selected, as the IT team plans to change the keys

from time to time (for security purposes) and wants these keys to be broadcasted using the

default interval 86400 seconds.

20. The IT team does not want to use a passphrase to represent the 256-bit keys, so the 256-

bit Key checkbox is selected, and the team enters 16 hexadecimal characters into each of

the four fields displayed. Once completed the Apply button is selected and the access point

applet returns to the WLAN screen.

21. The team leaves the Allow WPA-TKIP clients and Pre-Authentication checkboxes

unselected.

Since the Trion Shipping and Receiving yard is considered a secure wireless network with

MU traffic comprised of known 802.11b/g MUs with fixed MAC addresses, the IT team

wants to create an ACL that excludes all MU traffic except the known range of Trion

Enterprises deployed MAC addresses.

22. From back at the Edit WLAN screen, the IT team selects the Create button (to the right of

the MU Access Control drop-down menu.

The New MU ACL Policy screen displays with no existing MAC address ranges.

AP-51xx Access Point Product Reference Guide

9-26

23. The IT team assigns the name of “trion mesh network” to the ACL to eliminate any

confusion with the ACLs intended function

24. Since the range of client bridge MAC addresses for the shipping yard mesh network is

known to the IT Team, they select the Deny drop-down menu option, as the team wants to

deny access to all MAC addresses except their own known range of device MAC addresses.

25. The IT team then selects the Add button and enters the base bridge MAC address that will

be granted access to the access point managed WLAN. Once completed, the Apply button

is selected and the access point applet returns to the WLAN screen.

Now a QoS policy needs to be defined for the shipping and receiving mesh network WLAN.

The IT Team envisions little if any video or voice traffic within the shipping yard as the MUs

within primarily scan bar codes and upload data.

NOTE If the Trion IT team puts the client bridge addresses into the ACL, they

should also put the access point’s BSS ID into the ACL since there is no

way to know ahead of time which BSS the client bridge will use for

association.

Configuring Mesh Networking 9-27

26. The team decides to leave the Disallow MU to MU Communication checkbox unselected

for the WLAN, as the team considers all MU traffic within the secure shipping and receiving

yard known and not a threat to the initial 2 AP mesh network deployment.

27. The team selects the Use Secure Beacon checkbox from the Edit WLAN screen to not

transmit the AP- 5131’s ESSID between AP1 and AP2. If a hacker tries to find an ESSID via

an MU, the AP- 5131’s ESSID does not display since the ESSID is not in the beacon.

28. The team does not select the Accept Broadcast ESSID checkbox from the Edit WLAN

screen to associate MUs with a blank ESSID, as they do not want MUs randomly joining

their carefully constructed mesh network.

29. From the Edit WLAN screen, the IT Team selects the Create button to the right of the Quality

Of Service Policy drop-down menu.

The New QoS Policy screen displays with no values selected.

30. The IT Team assigns the name of “mesh network qos” to the QoS policy to eliminate any

confusion with the policy’s intended function.

AP-51xx Access Point Product Reference Guide

9-28

31. The IT Team does not plan on supporting any legacy 802.11b voice enabled devices, so they

leave the Support Voice prioritization checkbox unselected.

32. The IT Team selects 11ag-default from the drop-down menu to best describe the type of

data proliferating the mesh network. With this setting selected, the Access Category

settings do not need to be configured for the QoS policy.

33. The IT Team selects the Enable Wi-Fi Multimedia (WMM) QoS Extensions checkbox,

and selects the 11ag-default setting for the intended traffic within the WLAN. If

multimedia or voice traffic would have proliferated the WLAN, the team would have

selected 11ag-wifi or 11ag-voice. However, since simple data transfers are planned, the

11ag-default setting is appropriate.

34. The IT Team clicks Apply within both the New QoS Policy and Edit WLAN screen to save

the settings to the mesh network WLAN. The configuration process is repeated and saved

for AP2.

The WLAN configuration has now been set similarly for both AP1 and AP2 (with the

exception of the Priority setting within the Mesh STP Configuration screen). The team now

needs to define the radio configuration for both AP1 and AP2.

35. The IT team selects Network Configuration -> Wireless -> Radio Configuration from

the AP-5131 menu tree.

The Radio Configuration screen displays.

36. For AP1, the IT Team enables both Radio 1 and Radio 2 and defines radio 1 as a base bridge.

AP1 is intended to pass along mesh network data to AP2 (as well as other access points as

they are added to the mesh network).

Configuring Mesh Networking 9-29

37. For AP2, the IT Team enables both Radio 1 and Radio 2 and defines radio 1 as a client bridge.

38. The IT Team leaves each radio’s Max # Client Bridge setting at the default setting of 12.

This ensures as client bridges are added to the growing mesh network they can be

accounted for.

39. For AP1 and AP2, the IT Team uses the Mesh Network Name drop-down menu to assign

the “trion mesh” WLAN to the radio 1 client bridge. This is the WLAN the AP1 and AP2

radios will use to interoperate with the mesh network devices populating the shipping yard.

40. The IT Team decides to not select the Advanced button within the AP1 and AP2 WLAP

Client Bridge Settings field.

For the next six months, Trion Enterprises’ mesh network only consists of AP1 and AP2. AP1

has already been defined as the root bridge in the mesh network when it was assigned a

Priority value of 1 within the Bridge STP Configuration screen.

NOTE The Trion IT team is aware it is not a good idea to dedicate both radios (of

a dual-radio model access point) to support mesh networking. They know

it is possible to dedicate both radios of a single access point for mesh

support, but the Trion team wants to dedicate the 802.11b/g radio for MU

operation and the 802.11a radio for backhaul support. For AP2, the Trion

team will create two connections to AP1 (one over the 802.11b/g radio

and one over the 802.11a radio). The connection used for forwarding data

for AP2 will be the 802.11b/g radio and the 802.11a radio will be

dedicated for client bridge backhaul.

AP-51xx Access Point Product Reference Guide

9-30

41. The Trion IT Team clicks Apply within both the AP1 and AP2 Radio Configuration screens to

complete the mesh network configuration of each AP1 and AP2 radio. The team does not

worry about network disruption by applying the settings at this point, as AP1 and AP2 have

not yet been deployed. However, in the future they are aware saving their mesh

configuration will temporarily disrupt service within their mesh network.

9.3.2 Adding 2 Client Bridges to Expand the Coverage Area

After a prosperous six months with their existing 2 access point mesh network, Trion Enterprises

needs and approves the addition of two additional access points (AP3 and AP4) to be configured as

repeaters (both client and base bridges). Configuring AP3 and AP4 as repeaters entails configuring an

AP3 and an AP4 radio as both a client bridge and a base bridge.

To configure AP3 and AP4 as repeaters, the IT Team does the following:

1. The Trion IT department verifies connectivity with AP3 and AP4 following the instructions in

Testing Connectivity on page 3-11.

2. The Trion IT Department installs AP3 and AP4 on light poles (in the middle of the shipping

yard) where power is available and a secure mesh network (AP1 and AP2) is already within

NOTE With the mesh network configuration completed for AP1 and AP2, the

Trion Enterprises IT team completes the configuration of the APs following

the instructions in this access point Product Reference Guide. Later in the

year Trion expects to grow their business to the point where 2 new client

bridges are required to provide mesh networking to new areas of their

shipping year. See,

Adding 2 Client Bridges to Expand the Coverage Area on page 9-30.

Configuring Mesh Networking 9-31

broadcast range (see the illustration below). The Trion IT department follows the

instructions in Wall Mounted Installations on page 2-14 to install AP3 and AP4.

3. The Trion IT department selects Network Configuration -> LAN from the AP-5131 menu

tree.

4. The Trion IT department verifies the LAN used to support the mesh network is enabled for

both AP3 and AP4, (by selecting the Enable checkbox).

5. The Trion IT department then selects Network Configuration -> LAN -> trion from the

AP-5131 menu tree.

6. The IT team selects the Mesh STP Configuration button on the bottom of the screen.

AP1

AP2

AP3

AP4

AP-51xx Access Point Product Reference Guide

9-32

7. The Trion IT department leaves the Priority setting to at 32768 for AP3 and AP4 for both to

defer to AP1 (which was assigned a priority of 1 for root designation) as the access point

defining the mesh network configuration.

The remainder of the Mesh STP Configuration settings are left unchanged from their default

values. The team clicks OK from within the Mesh STP Configuration screen and Apply from

within the trion (LAN1) screen to save the settings.

The Trion IT team now intends to assign WLANs (to use with the trion LAN) that can be

dedicated to their mesh network within the shipping yard.

8. The team selects Network Configuration -> Wireless from the AP-5131 menu tree.

The Wireless Configuration screen displays with those existing WLANs displayed within

the table. Since this is Trion’s first deployment for AP3 and AP4, the IT department

determines the existing default WLAN should be left as is, and a new WLAN should be

configured closely resembling the mesh network WLAN defined for AP1 and AP2.

Configuring Mesh Networking 9-33

9. The team selects the Edit button to revise (and rename) the existing default WLAN to

support mesh networking.

10. The Trion IT team assigns AP3 and AP4 an ESSID of 103. Therefore, AP1 and AP2 should be

able to “see” AP3 and AP4 as soon as they are deployed.

11. The team assigns the name of “trion mesh” to the WLAN to be consistent with the WLAN

supporting mesh networking on AP1 and AP2.

12. The team selects the 802.11a Radio checkbox for both AP3 and AP4. Like AP1, the 802.11b/

g radios will be used to service MUs on a different WLAN, thus segregating MU traffic from

the mesh traffic proliferating the 802.11a radio.

AP-51xx Access Point Product Reference Guide

9-34

13. The team does not want any MUs connecting to the mesh WLAN, only the devices

comprising the mesh network. Therefore, the team leaves the Maximum MUs field as is,

and will use the Radio Configuration page to control the number of client bridge

connections.

14. The team verifies the Enable Client Bridge Backhaul checkbox is selected for both AP3

and AP4 to ensure the WLAN is available in the WLAN drop-down menu within the Radio

Configuration screen.

15. The IT team then verifies that steps 10 through 14 have been carried out identically for both

AP3 and AP4.

The IT team now needs to define a security policy for AP3 and AP4 complimentary with the

policy created for AP1 and AP2 to both protect the data within the mesh network and ensure

all 4 access points within the network can interact with one another.

16. The IT Team selects the Create button to the right of the Security Policy drop-down menu

and defines a WPA2/CCMP supported security policy exactly like the one created for AP1

and AP2. For more information, see how the team defined the security policy starting on step

16 within Trion’s Initial Deployment on page 9-19.

It is assumed all of the existing MU traffic defined for AP1 and AP2 will also be used in the

extended coverage area for AP3 and AP4 with no known additions to the MU traffic at this

time. Thus the IT team refers to the ACL created for AP1 and AP2 and defines an ACL exactly

like it for AP3 and AP4.

17. The team selects the Create button (to the right of the MU Access Control drop-down

menu and defines an ACL policy like the one created for AP1 and AP2. The team also

remembers to go to the AP1 ACL and add AP3 and AP4 to the list of devices allowed to

connect to AP1.

For more information, see how the team defined the ACL policy starting on step 22 within

Trion’s Initial Deployment on page 9-19.

18. The team decides to leave the Disallow MU to MU Communication checkbox unselected

for the mesh WLAN for AP3 and AP4, as the team still considers all MU traffic within the

shipping yard known and not a threat to the growing mesh network.

19. The team selects the Use Secure Beacon checkbox from the Edit WLAN screen to not

transmit the AP- 5131’s ESSID between APs 1 through 4. If a hacker tries to find an ESSID

via an MU, the AP- 5131’s ESSID does not display since the ESSID is not in the beacon.

20. The team does not select the Accept Broadcast ESSID checkbox, as they still do not want

MUs randomly joining their carefully constructed mesh network.

Configuring Mesh Networking 9-35

21. Now a QoS policy needs to be defined for the shipping and receiving mesh WLAN. The IT

Team still envisions little (if any) video or voice traffic within the shipping as the MUs within

primarily scan bar codes and upload data. This holds true for the QoS requirements for AP3

and AP4 as the required coverage area has grown, not the security, access permission or

QoS considerations. For more information, see how the team defined the AP1 and AP2 QoS

policy starting on step 25 within Trion’s Initial Deployment on page 9-19.

The WLAN configuration has now been set for both AP3 and AP4. The team now needs to

define the radio configurations for AP3 and AP4.

22. The IT team selects Network Configuration -> Wireless -> Radio Configuration from

the AP-5131 menu tree.

The Radio Configuration screen displays.

23. For both AP3 and AP4, the IT Team enables Radio 1 and defines the radio as a repeater

(enabling each radio as both a base and client bridge).

Both AP3 and AP4 are intended to pass along mesh network back data to AP1 and support

the 802. 11b/g MUs within the shipping yard.

24. The IT Team leaves each radio’s Max # Client Bridge setting at the default setting of 12.

This ensures as client bridges are added to the growing mesh network that they can be

accounted for.

25. For both AP3 and AP4, the IT Team uses the Mesh Network Name drop-down menu to

assign the “trion mesh” WLAN to radio 1. This is the WLAN the AP3 and AP4 radios will

use to interoperate with the MUs populating the shipping yard.

AP-51xx Access Point Product Reference Guide

9-36

26. As with AP1 and AP2, the IT Team decides to not select the Advanced button within the

AP3 and AP4 WLAP Client Bridge Settings field.

27. The Trion IT Team clicks Apply within both the AP3 and AP4 Radio Configuration screens to

complete the mesh network configuration of each AP3 and AP4 radio.

For the next 9 months, the Trion Enterprises’ mesh network consists of AP1 and AP2 and now

AP3 and AP4 extending the mesh coverage range further into the shipping yard. AP1 is still

the root bridge in the mesh network. The IT Team will appraise their mesh requirements in

another 9 months and (if necessary) add additional access points and MUs to the mesh

network.

Configuring Mesh Networking 9-37

9.3.3 Adding 2 More Client Bridges to the Trion Network

After an additional six months with their existing 4 access point mesh network, Trion Enterprises

needs and approves the addition of two additional access points (AP5 and AP6) to be configured as

client bridges. The team will configure AP5 and AP6 as client bridges and not base bridges or

repeaters since Trion Enterprises does not plan to expand its shipping yard and the mesh network

would have all the access points needed to support it. Thus, one AP5 and AP6 radio will be providing

mesh coverage to the outer portion of the shipping yard without having to provide base bridge or

repeater support to new members of the mesh network. The remaining AP5 and AP5 radio can support

shipping yard MU traffic using a non-mesh WLAN.

To configure AP5 and AP6 as client bridges, the IT Team does the following:

1. The Trion IT department verifies connectivity with AP5 and AP6 following the instructions in

Testing Connectivity on page 3-11.

2. The Trion IT Department installs AP5 and AP6 on light poles (in a new expanded are of the

shipping yard) where power has been made available and a secure mesh network (APs 1-4)

is within broadcast range (see the illustration below). The Trion IT department follows the

instructions in Wall Mounted Installations on page 2-14 to install AP5 and AP6.

AP1

AP2 AP3

AP4

AP5

AP6

AP-51xx Access Point Product Reference Guide

9-38

3. The Trion IT department selects Network Configuration -> LAN from the AP-5131 menu

tree.

4. The Trion IT department verifies the LAN used to support the mesh network is enabled for

both AP5 and AP6, (by selecting the Enable checkbox).

5. The Trion IT department then selects Network Configuration -> LAN -> trion from the

AP-5131 menu tree.

6. The IT team selects the Mesh STP Configuration button on the bottom of the screen.

Configuring Mesh Networking 9-39

7. The Trion IT department leaves the Priority setting to at 32768 for AP5 and AP6 for both to

defer to AP1 (which was assigned a priority of 1 for root designation) as the access point

defining the mesh network configuration.

The remainder of the Mesh STP Configuration settings are left unchanged from their default

values. The team clicks OK from within the Mesh STP Configuration screen and Apply from

within the trion (LAN1) screen to save the settings.

The Trion IT team now intends to assign WLANs (to use with the trion LAN) that can be

dedicated to their mesh network within the shipping yard.

8. The team selects Network Configuration -> Wireless from the AP-5131 menu tree.

The Wireless Configuration screen displays with those existing WLANs displayed within

the table. Since this is Trion’s first deployment for AP5 and AP6, the IT department

determines the existing default WLAN should be left as is, and a new WLAN should be

configured resembling the mesh network WLAN defined for APs 1-4.

AP-51xx Access Point Product Reference Guide

9-40

9. The team selects the Edit button to revise (and rename) the existing default WLAN to

support mesh networking.

10. The Trion IT team assigns the WLAN an ESSID of 103 to be consistent with the trion mesh

WLAN ESSID of the other four access points within the mesh network.

11. The team assigns the name of “trion mesh” to the WLAN to be consistent with the WLAN

supporting mesh on APs 1-4.

12. The team selects the 802.11a Radio checkbox for both AP5 and AP6. The 802.11b/g radio on

both AP5 and AP6 will be used to service MUs (on a different WLAN). Thus, MU traffic will

be segregated from the mesh traffic proliferating each AP’s 802.11a radio.

Configuring Mesh Networking 9-41

13. The team still does not want any MUs connecting to the mesh WLAN, only the devices

comprising the mesh network. Therefore, the team leaves the Maximum MUs field as is,

and will use the Radio Configuration page to control the number of client bridge connections

within the mesh WLAN.

14. The team verifies the Enable Client Bridge Backhaul checkbox is selected for both AP5

and AP6 to ensure the WLAN is available in the WLAN drop-down menu within the Radio

Configuration screen.

15. The IT team then verifies that steps 10 through 14 have been carried out identically for both

AP5 and AP6.

The IT team now needs to define a security policy for AP5 and AP4 complimentary with the

policy created for APs 1-4.

16. The IT Team defines a WPA2/CCMP security policy exactly like the one created for APs 1-4.

For more information, see how the team initially defined the security policy starting on step

16 within Trion’s Initial Deployment on page 9-19.

17. Existing MU traffic within the mesh network will be used within the expanded shipping yard.

Thus, the IT team refers to the ACLs created for APs 1-4 and defines an ACL exactly like it

for AP5 and AP6. The team also remembers to go to the ACL for AP1, AP3 and AP4 and add

AP5 and AP6 in order for each device in the mesh network to communicate with one another.

For more information, refer to step 22 within Trion’s Initial Deployment on page 9-19.

18. The team decides to leave the Disallow MU to MU Communication checkbox unselected

for AP5 and AP6, as the team still considers all MU traffic within the shipping yard known

and not a threat to the growing mesh network.

19. The team selects the Use Secure Beacon checkbox from the Edit WLAN screen to not

transmit the AP- 5131’s ESSID between APs 1 through 6. If a hacker tries to find an ESSID

via an MU, the AP- 5131’s ESSID does not display since the ESSID is not in the beacon.

20. The team does not select the Accept Broadcast ESSID checkbox, as they still do not want

MUs randomly joining their carefully constructed mesh network.

21. The IT Team still envisions little (if any) video or voice traffic within the shipping as the MUs

within primarily scan bar codes and upload data. This still holds true for the QoS

requirements for AP5 and AP6, as the required coverage area has continued to grow, but not

the security, access permissions or QoS considerations. For more information, see how the

team defined the QoS policy for APs 1-4 starting on step 25 within Trion’s Initial Deployment

on page 9-19.

The team now needs to define the radio configurations for AP5 and AP6.

AP-51xx Access Point Product Reference Guide

9-42

22. The IT team selects Network Configuration -> Wireless -> Radio Configuration from

the AP-5131 menu tree.

The Radio Configuration screen displays.

23. For both AP5 and AP6, the IT Team enables Radio 1 and defines the radio as a client bridge.

24. For both AP5 and AP6, the IT Team uses the Mesh Network Name drop-down menu to

assign the “trion mesh” WLAN to radio 1.

25. As with APs 1-4, the IT Team decides to not select the Advanced button within the WLAP

Client Bridge Settings field.

26. The Trion IT Team clicks Apply within both the AP5 and AP6 Radio Configuration screens to

complete the mesh network configuration of each AP5 and AP6 radio.

For the foreseeable future, the Trion Enterprises’ mesh network will consist of APs 1-6. AP1

remains the root bridge in the mesh network. If the physical radio coverage area

requirements of the mesh network were to grow, AP5 and AP6 would have to be changed

from client bridges to repeaters to associate with the new APs required to extent the

coverage area. But for now, the 802.11a radio of both AP5 and AP6 can remain defined as a

client bridge to support the outer fringes of the Trion Enterprises shipping yard.

Technical Specifications

This appendix provides technical specifications in the following areas:

•Physical Characteristics

•Electrical Characteristics

•Radio Characteristics

•Antenna Specifications

•Country Codes

AP-51xx Access Point Product Reference Guide

A-2

A.1 Physical Characteristics

A.1.1 AP-5131 Physical Characteristics

The AP-5131 has the following physical characteristics:

Dimensions 5.32 inches long x 9.45 inches wide x 1.77 inches thick.

135 mm long x 240 mm wide x 45 mm thick.

Housing Metal, Plenum Housing (UL2043)

Weight 1.95 lbs/0.88 Kg (single-radio model)

2.05 lbs/0.93 Kg (dual-radio model)

Operating

Temperature

-20 to 50° Celsius

Storage Temperature -40 to 70° Celsius

Altitude 8,000 feet/2438 m @ 28° Celsius (operating)

15,000 feet/4572 m @ 12° Celsius (storage)

Vibration Vibration to withstand .02g²/Hz, random, sine, 20-2k Hz

Humidity 5 to 95% (operating) 5 to 85% (storage)

Electrostatic

Discharge

15kV (air) @ 50% rh

8kV (contact) @ 50% rh

Drop Bench drop 36 inches to concrete (excluding side with connectors)

Technical Specifications A-3

A.1.2 AP-5181 Physical Characteristics

The AP-5181 has the following physical characteristics:

Dimensions TBD

Housing TBD

Weight TBD

Operating

Temperature

30 to 55° Celsius

Storage Temperature 40 to 85° Celsius

Altitude 8,000 feet/2438 m @ 28° Celsius (operating)

15,000 feet/4572 m @ 12° Celsius (storage)

Vibration Vibration to withstand .02g²/Hz, random, sine, 20-2k Hz

Humidity 5 to 95% (operating) 5 to 95% (storage)

Electrostatic

Discharge

15kV (air) @ 50% rh

8kV (contact) @ 50% rh

Drop Bench drop 36 inches to concrete

Wind Blown Rain 40 MPH @ 0.1inch/minute, 15 minutes

Rain/Drip/Spill IPX5 Spray @ 4L/minute, 10 minutes

Dust IP6X 20mb vacuum max, 2 hours, stirred dust,

.88g/m^3 concentration @ 35%RH

AP-51xx Access Point Product Reference Guide

A-4

A.2 Electrical Characteristics

Both the AP-5131 and the AP-5181 access points have the following electrical characteristics:

A.3 Radio Characteristics

The AP-5131 and AP-5181 access points have the following radio characteristics:

CAUTION An AP-5181 model access point cannot use the AP-5131

recommended Symbol 48-Volt Power Supply (Part No. 50-24000-050).

However, Symbol does recommend the AP-PSBIAS-5181-01R model

power supply for use the AP-5181.

Operating Voltage 48Vdc (Nom)

Operating Current 200mA (Peak) @ 48Vdc

170mA (Nom) @ 48Vdc

Operating Channels 802.11a radio - Channels 34-161 (5170-5825 MHz)

802.11b/g radio - Channels 1-13 (2412-2472 MHz)

802.11b/g radio - Channel 14 (2484 MHz Japan only)

Actual operating frequencies depend on regulatory rules and

certification agencies.

Receiver Sensitivity 802.11a Radio 802.11b/g Radio

6 Mbps -88 11 Mbps -84

9 Mbps -87 5.5 Mbps -88

12 Mbps -85 2 Mbps -90

18 Mbps -81 1 Mbps -94

24 Mbps -79

36 Mbps -75

48 Mbps -70

54 Mbps -68

* all values in dBm

Technical Specifications A-5

A.4 Antenna Specifications

The antenna suite differs between the AP-5131 and AP-5181 model access points. Ensure your have

selected the correct model antenna before deploying the access point. For more information, see:

•AP-5131 Antenna Specifications

•AP-5181 Antenna Specifications

A.4.1 AP-5131 Antenna Specifications

A.4.1.1 2.4 GHz Antenna Matrix

The following table describes each 2.4 GHz antenna approved for use with the AP-5131.

A.4.1.2 5.2 GHz Antenna Matrix

The following table describes each 5.2 GHz antenna approved for use with the AP-5131.

Radio Data Rates 802.11a radio 6, 9, 12, 18, 24, 36, 48, and 54 Mbit/Sec

802.11g radio 6, 9, 12, 18, 24, 36, 48, and 54 Mbit/Sec

802.11b radio 1, 2, 5.5, 11 Mbps

Wireless Medium Direct Sequence Spread Spectrum (DSSS)

Orthogonal Frequency Division Multiplexing (OFDM)

CAUTION Using an antenna other than the Dual-Band Antenna (Part No.

ML-2452-APA2-01) could render the AP-5131’s Rogue AP Detector

Mode feature inoperable. Contact your Symbol sales associate for

specific information.

Symbol Part Number Antenna Type Nominal Net Gain (dBi)

ML-2499-11PNA2-01R Wide Angle Directional 8.5

ML-2499-HPA3-01R Omni-Directional Antenna 3.3

ML-2499-BYGA2-01R Yagi Antenna 13.9

ML-2452-APA2-01 Dual-Band 3.0

AP-51xx Access Point Product Reference Guide

A-6

A.4.1.3 AP-5131 Additional Antenna Components

The following table lists the Symbol part number for various antenna accessories. This table also

includes the loss for each accessory at both 2.4 and 5.2 GHz.

A.4.1.4 AP-5131 Antenna Accessory Connectors, Cable Type and Length

The following table describes each antenna accessory’s connector and cable type, plus the length.

Symbol Part Number Antenna Type Nominal Net Gain (dBi)

ML-5299-WPNA1-01R Panel Antenna 13.0

ML-5299-HPA1-01R Wide-Band Omni-Directional

Antenna

5.0

ML-2452-APA2-01 Dual-Band 4.0

Item Symbol Part Number Description

Loss (db)

@ 2.4 GHz

Loss (db)

@ 5.2 GHz

72PJ ML-1499-72PJ-01R Cable Extension 2.5

LAK1 ML-1499-LAK1-01R Lightning

Arrestor+

0.75

LAK2 ML-1499-LAK2-01R Lightning Arrestor 0.25

10JK ML-1499-10JK-01R Jumper Kit 0.75 1.6

25JK ML-1499-25JK-01R Jumper Kit 1.9 3.5

50JK ML-1499-50JK-01R Jumper Kit 3.75 6.6

100JK ML-1499-100JK-01R Jumper Kit 7.5 12.8

Item Connector1 Connector2 Length (meters) Cable Type

72PJ RPBNC-F RPBNC-M 1.83 RG-58

LAK1 RPBNC-F N-F 0.305 RG-58

LAK2 N-F N-M

10JK N-M N-M 3.05 RG-8

Technical Specifications A-7

A.4.2 AP-5181 Antenna Specifications

TBD

A.5 Country Codes

The following list of countries and their country codes is useful when using the access point

configuration file, CLI or the MIB to configure the access point:

25JK N-M N-M 7.62 RG-8

50JK N-M N-M 15.24 RG-8

100JK N-M N-M 30.48 RG-8

Country Code Country Code

Argentina AR New Zealand NZ

Australia AU Norway NO

Austria AT Oman OM

Bahrain BH Peru PE

Belarus BY Philippines PH

Belgium BE Poland PL

Brazil BR Portugal PT

Bulgaria BG Qatar QA

Canada CA Romania RO

Chile CL Russian Federation RU

China CN Saudi Arabia SA

Colombia CO Singapore SG

Costa Rica CR Slovak Republic SK

Croatia HR Slovenia SI

Cypress CY South Africa ZA

Item Connector1 Connector2 Length (meters) Cable Type

AP-51xx Access Point Product Reference Guide

A-8

Czech Rep. CZ South Korea KR

Denmark DK Spain ES

Ecuador EC Sri Lanka LK

Estonia EE Sweden SE

Egypt EG Switzerland CH

Finland FI Taiwan TW

France FR Thailand TH

Germany DE Turkey TR

Greece GR Ukraine UA

Hong Kong HK UAE AE

Hungary HU United Kingdom UK

Iceland IS USA US

India IN Uruguay UY

Indonesia ID Vietnam VN

Ireland IE Venezuela VE

Israel IL

Italy IT

Japan JP

Jordan JO

Kazakhanstan KZ

Kuwait KW

Latvia LV

Liechtenstein LI

Lithuania LT

Luxembourg LU

Malaysia MY

Malta MT

Technical Specifications A-9

Mexico MX

Morocco MA

Nambia NA

Netherlands NL

AP-51xx Access Point Product Reference Guide

A-10

Usage Scenarios

This appendix provides practical usage scenarios for many of the access point’s key features. This

information should be referenced as a supplement to the information contained within this access

point Product Reference Guide.

The following scenarios are described:

•Configuring Automatic Updates using a DHCP or Linux BootP Server Configuration

•Configuring an IPSEC Tunnel and VPN FAQs

B.1 Configuring Automatic Updates using a DHCP or Linux

BootP Server Configuration

This section provides specific details for configuring either a DHCP or Linux BootP Server to receive

firmware or configuration file updates from an access point.

AP-51xx Access Point Product Reference Guide

B-2

B.1.1 Windows - DHCP Server Configuration

See the following sections for information on these DHCP server configurations in the Windows

environment:

•Embedded Options - Using Option 43

•Global Options - Using Extended/Standard Options

•DHCP Priorities

B.1.1.1 Embedded Options - Using Option 43

This section provides instructions for automatic update of firmware and configuration file via DHCP

using extended options or standard options configured globally.

The setup example described in this section includes:

• 1 AP-5131 or AP-5181 model access point

• 1 Microsoft Windows DHCP Server

• 1 TFTP Server

Note the following caveats regarding this procedure before beginning:

• Ensure the LAN Interface is configured as a DHCP Client

• If the existing and update firmware files are the same, the firmware will not get updated.

To configure the DHCP Server for automatic updates:

1. Set the Windows DHCP Server and access point on the same Ethernet segment.

2. Configure the Windows based DHCP Server as follows:

a. Highlight the Server Domain Name (for example, apfw.symbol.com). From the Action

menu, select Define Vendor Classes.

b. Create a new vendor class. For example, AP5131 Options.

c. Enter the Vendor Class Identifier SymbolAP.5131-V1-0. Enter the value in ASCII format,

the server converts it to hex automatically.

d. From the Action menu, select Set Predefined Options.

Usage Scenarios B-3

e. Add the following 3 new options under AP5131 Options class:

f. Highlight Scope Options from the tree and select Configure Options.

g. Go to the Advanced tab. From under the Vendor Class Options, check all three options

mentioned in the table above and enter a value for each option.

3. Copy the firmware and configuration files to the appropriate directory on the TFTP Server.

By default, the auto update is enabled on the WAN Port (has to be DHCP Client).

4. Restart the access point.

5. While the access point boots, verify the access point:

• Obtains and applies the expected IP Address from the DHCP Server

• Downloads both the firmware and configuration files from the TFTP Server and updates

both as needed.

• Verify the file versions from the access point’s System Settings screen.

B.1.1.2 Global Options - Using Extended/Standard Options

The following are instructions for automatic firmware and configuration file updates via DHCP using

extended options or standard options configured globally.

The setup example described in this section includes:

• 1 AP-5131 or AP-5181 model access point

• 1 Microsoft Windows DHCP Server

• 1 TFTP Server.

Note the following caveats regarding this procedure before beginning:

• For updates using the LAN Port, change the interface on the Firmware Update screen from

WAN to LAN. Also ensure the LAN Interface is configured as a DHCP Client

• If the existing and update firmware files are the same, the firmware will not get updated.

Code Data type

Access point TFTP Server IP Address

(Note: Use any one option)

181

186

IP address

String

Access point Firmware File Name 187 String

Access point Config File Name

(Note: Use any one option)

129

188

String

AP-51xx Access Point Product Reference Guide

B-4

To configure Global options using extended/standard options:

1. Set the Windows DHCP Server and access point on the same Ethernet segment.

2. Configure the Windows based DHCP Server as follows:

a. Highlight the Server Domain Name (for example, apfw.symbol.com). From the Action

menu, select Set Predefined Options.

b. Add the following 3 new options under DHCP Standard Options class:

c. Highlight Scope Options and select Configure Options.

d. Under the General tab, check all 3 options mentioned within the Extended Options table

and enter a value for each option.

3. Copy both the firmware and configuration files to the appropriate directory on the TFTP

Server.

4. Restart the access point.

5. While the access point boots up, verify the access point:

• Obtains and applies the expected IP Address from the DHCP Server

• Downloads the firmware and configuration files from the TFTP Server and updates both

as required.

Extended Options Code Data type

Access point TFTP Server IP Address

(Note: Use any one option)

181

186

IP address

String

Access Point Firmware File Name 187 String

Access Point Config File Name

(Note: Use any one option)

129

188

String

Standard Options Code Data type

Access point TFTP Server IP Address 66 String

Access point Firmware File Name 67 String

NOTE If using Standard Options and the configuration of the access point needs

to be changed, use option 129 or 188 as specified in Extended Options

table. Standard options 66 and 67 are already present in the DHCP

Standard Options Class by default.

Usage Scenarios B-5

• Verify the file versions within the access point’s System Settings screen.

B.1.1.3 DHCP Priorities

The following flowchart indicates the priorities used by the access point when the DHCP server is

configured for options.

If the DHCP Server is configured for options 186 and 66 (to assign TFTP Server IP addresses) the

access point uses the IP address configured for option 186. Similarly, if the DHCP Server is configured

for options 187 and 67 (for the firmware file) the access point uses the file name configured for option

187. If the DHCP Server is configured for embedded and global options, the embedded options take

precedence.

--------------------------------------------------------------------------------------------

AP-51xx Access Point Product Reference Guide

B-6

B.1.2 Linux - BootP Server Configuration

See the following sections for information on these BootP server configurations in the Linux

environment:

•BootP Options

•BootP Priorities

B.1.2.1 BootP Options

This section contains instructions for the automatic update of the access point firmware and

configuration file using a BootP Server.

The setup example described in this section includes:

• 1 AP-5131 or AP-5181 model access point

• 1 Linux/Unix BOOTP Server

• 1 TFTP Server.

Please note the following caveats regarding this procedure before beginning:

• The LAN Port needs to be configured as a BootP client.

• No BootP support is available on the WAN Port.

• If the existing and update firmware files are the same, the firmware will not get updated.

To configure BootP options using a Linux/Unix BootP Server:

1. Set the Linux/Unix BootP Server and access point on the same Ethernet segment.

2. Configure the bootptab file (/etc/bootptab) on the Linux/Unix BootP Server in any one of the

formats that follows:

Using options 186, 187 and 188:

AP-5131:ha=00a0f88aa6d8\ < LAN MAC Address>

:sm =255.255.255.0\ <Subnet Mask>

:ip=157.235.93.128\ <IP Address>

:gw=157.235.93.2\ <gateway>

:T186=”157.235.93.250”\ <TFTP Server IP>

:T187="apfw .bin"\ <Firmware file>

:T188="cfg.txt": <Configuration file>

Usage Scenarios B-7

Using options 66, 67 and 129:

Using options sa, bf and 136:

3. Copy the firmware and configuration files to the appropriate directory on the TFTP Server.

This has to be changed to the LAN Port. Additionally, the LAN Interface needs to be

configured as a BootP Client.

4. Restart the access point.

5. While the access point boots, verify the access point:

• Obtains and applies the expected IP Address from the BootP Server.

• Downloads both the firmware and configuration files from the TFTP Server and updates

them as required. Verify the file versions within the access point System Settings

screen.

NOTE bf option prefixes a forward slash (/) to the firmware file name. This may

not be supported on Windows based TFTP Servers.

AP-5131:ha=00a0f88aa6d8\ < LAN M AC Address>

:sm =255.255.255.0\ <Subnet Mask>

:ip=157.235.93.128\ <IP Address>

:gw =157.235.93.2\ <gatew ay>

:T66=”157.235.93.250”\ <TFTP Server IP>

:T67="apfw .bin"\ <Firmware file>

:T129="cf

.txt": <Confi

uration file>

AP-5131:ha=00a0f88aa6d8\ < LAN MAC Address>

:sm=255.255.255.0\ <Subnet Mask>

:ip=157.235.93.128\ <IP Address>

:gw=157.235.93.2\ <gateway>

:sa=157.235.93.250\ <TFTP Server IP>

:bf=/tftpboot/cfg.txt\ <Configuration file>

:T136=”/tftpboot/”: <TFTP root directory>

AP-51xx Access Point Product Reference Guide

B-8

B.1.2.2 BootP Priorities

The following flowchart displays the priorities used by the access point when the BootP server is

configured for multiple options:

If the BootP Server is configured for options 186 and 66 (to assign TFTP server IP addresses) the

access point uses the IP address configured for option 186. Similarly, if the BootP Server is configured

for options 188 and 129 (for the configuration file) the access point uses the file name configured for

option 188.

B.2 Configuring an IPSEC Tunnel and VPN FAQs

The access point has the capability to create a tunnel between an access point and a VPN endpoint.

The access point can also create a tunnel from one access point to another access point.

The following instruction assumes the reader is familiar with basic IPSEC and VPN terminology and

technology.

•Configuring a VPN Tunnel Between Two Access Points

•Configuring a Cisco VPN Device

•Frequently Asked VPN Questions

B.2.1 Configuring a VPN Tunnel Between Two Access Points

The access point can connect to a non-AP device supporting IPSec, such as a Cisco VPN device -

labeled as "Device #2".

Usage Scenarios B-9

For this usage scenario, the following components are required:

• 2 AP-5131 or AP-5181 model access points

• 1 PC on each side of the access point’s LAN.

To configure a VPN tunnel between two access points:

1. Ensure the WAN ports are connected via the internet.

2. On access point #1, select WAN -> VPN from the main menu tree.

3. Click Add to add the tunnel to the list.

4. Enter a tunnel name (tunnel names do not need to match).

5. Enter the WAN port IP address of AP #1 for the Local WAN IP.

6. Within the Remote Subnet and Remote Subnet Mask fields, enter the LAN IP subnet and

mask of AP #2 /Device #2.

7. Enter the WAN port IP address of AP #2/ Device #2 for a Remote Gateway.

8. Click Apply to save the changes.

AP-51xx Access Point Product Reference Guide

B-10

9. Select the Auto (IKE) Key Exchange checkbox.

10. Select the Auto Key Settings button.

11. For the ESP Type, select ESP with Authentication and use AES 128-bit as the ESP

Encryption Algorithm. Click OK.

12. Select the IKE Settings button.

NOTE For this example, Auto IKE Key Exchange is used. Any key exchange can

be used, depending on the security needed, as long as both devices on

each end of the tunnel are configured exactly the same.

Usage Scenarios B-11

13. Select Pre Shared Key (PSK) from the IKE Authentication Mode drop-down menu.

14. Enter a Passphrase. Passphrases must match on both VPN devices.

15. Select AES 128-bit as the IKE Encryption Algorithm.

16. Select Group 2 as the Diffie -Hellman Group. Click OK. This will take you back to the VPN

screen.

17. Click Apply to make the changes

18. Check the VPN Status screen. Notice the status displays "NOT_ACTIVE". This screen

automatically refreshes to get the current status of the VPN tunnel. Once the tunnel is

active, the IKE_STATE changes from NOT_CONNECTED to SA_MATURE.

NOTE Ensure the IKE authentication Passphrase is the same as the Pre-shared

key on the Cisco PIX device.

AP-51xx Access Point Product Reference Guide

B-12

19. On access point #2/ Device #2, repeat the same procedure. However, replace access point

#2 information with access point #1 information.

20. Once both tunnels are established, ping each side of the tunnel to ensure connectivity.

B.2.2 Configuring a Cisco VPN Device

This section includes general instructions for configuring a Cisco PIX Firewall 506 series device.

For the usage scenario described in this section, you will require the following:

• 1 Cisco VPN device

• 1 PC connected to the LAN side of the access pointand the Cisco PIX.

Below is how the access point VPN Status screen should look if the entire configuration is setup

correctly once the VPN tunnel is active. The status field should display "ACTIVE".

NOTE The Cisco PIX device configuration should match the access point VPN

configuration in terms of Local WAN IP (PIX WAN), Remote WAN

Gateway (access point WAN IP), Remote Subnet (access point LAN

Subnet), and the Remote Subnet Mask. The Auto Key Settings and the IKE

Settings on the Cisco PIX should match the access point Key and IKE

settings.

Usage Scenarios B-13

B.2.3 Frequently Asked VPN Questions

The following are common questions that arise when configuring a VPN tunnel using the access

point.

• Question 1: Does the access point IPSec tunnel support multiple subnets on the

other end of a VPN concentrator?

Yes. The access point can access multiple subnets on the other end of the VPN Concentrator

from the access point's Local LAN Subnet by:

• Creating multiple VPN Tunnels. The AP supports a maximum of 25 tunnels.

• When using the Remote Subnet IP Address with an appropriate subnet mask, the AP can

access multiple subnets on the remote end.

For example: If creating a tunnel using 192.168.0.0/16 for the Remote Subnet IP address, the

following subnets could be accessed:

192.168.1.x

192.168.2.x

192.168.3.x, etc

AP-51xx Access Point Product Reference Guide

B-14

•Question 2: Even if a wildcard entry of "0.0.0.0" is entered in the Remote Subnet

field in the VPN configuration page, can the AP access multiple subnets on the

other end of a VPN concentrator for the APs LAN/WAN side?

No. Using a "0.0.0.0" wildcard is an unsupported configuration. In order to access multiple

subnets, the steps in Question #1 must be followed.

• Question 3: Can the AP be accessed via its LAN interface of AP#1 from the local

subnet of AP#2 and vice versa?

Yes.

• Question 4: Will the default "Manual Key Exchange" settings work without making

any changes?

No. Changes need to be made. Enter Inbound and Outbound ESP Encryption keys on both

APs. Each one should be of 16 Hex characters (depending on the encryption or

authentication scheme used). The VPN tunnel can be established only when these

corresponding keys match. Ensure the Inbound/Outbound SPI and ESP Authentication Keys

have been properly specified.

• Question 5: Can a tunnel between an access point and a WS2000 be established?

Usage Scenarios B-15

Yes.

• Question 6: Can an IPSec tunnel over a PPPoE connection be established - such as

a PPPoE enabled DSL link?

Yes. The access point supports tunneling when using a PPPoE username and password.

• Question 7: Can I setup an access point so clients can access both the WAN

normally and only use the VPN when talking to specific networks?

Yes. Only packets that match the VPN Tunnel Settings will be sent through the VPN tunnel.

All other packets will be handled by whatever firewall rules are set.

• Question 8: How do I specify which certificates to use for an IKE policy from the

access point certificate manager?

When generating a certificate to use with IKE, use one of the following fields: IP address,

Domain Name, or Email address. Also, make sure you are using NTP when attempting to

use the certificate manager. Certificates are time sensitive.

Configure the following on the IKE Settings page:

Local ID type refers to the way that IKE selects a local certificate to use.

• IP - tries the match the local WAN IP to the IP addresses specified in a local certificate.

• FQDN - tries to match the user entered local ID data string to the domain name field of

the certificate.

• UFQDN - tries to match the user entered local ID data string to the email address field

of the certificate.

Remote ID type refers to the way you identify an incoming certificate as being associated

with the remote side.

• IP - tries the match the remote gateway IP to the IP addresses specified in the received

certificate.

• FQDN - tries to match the user entered remote ID data string to the domain name field

of the received certificate.

AP-51xx Access Point Product Reference Guide

B-16

• UFQDN - tries to match the user entered remote ID data string to the email address field of

the received certificate.

• Question 9: I am using a direct cable connection between my two VPN gateways

for testing and cannot get a tunnel established, yet it works when I set them up

across another network or router. Why?

The packet processing architecture of the access point VPN solution requires the WAN

default gateway to work properly. When connecting two gateways directly, you don't need

a default gateway when the two addresses are on the same subnet. As a workaround, point

the access point's WAN default gateway to be the other VPN gateway and vice-versa.

• Question 10: I have setup my tunnel and the status still says 'Not Connected'. What

should I do now?

VPN tunnels are negotiated on an "as-needed" basis. If you have not sent any traffic

between the two subnets, the tunnel will not get established. Once a packet is sent between

the two subnets, the VPN tunnel setup occurs.

Usage Scenarios B-17

• Question 11: I still can't get my tunnel to work after attempting to initiate traffic

between the two subnets. What now?

Try the following troubleshooting tips:

• Verify you can ping each of the remote Gateway IP addresses from clients on either side.

Failed pings can indicate general network connection problems.

• Pinging the internal gateway address of the remote subnet should run the ping through

the tunnel as well. Allowing you to test, even if there are no clients on the remote end.

• Question 12: My tunnel works fine when I use the LAN-WAN Access page to

configure my firewall. Now that I use Advanced LAN Access, my VPN stops

working. What am I doing wrong?

VPN requires certain packets to be passed through the firewall. Subnet Access

automatically inserts these rules for you when you do VPN. Advanced Subnet Access

requires these rules to be in effect for each tunnel.

• An 'allow' inbound rule.

• An 'allow' outbound rule.

• For IKE, an 'allow' inbound rule.

Scr <Remote Subnet IP range>

Dst <Local Subnet IP range>

Transport ANY

Scr port 1:65535

Dst port 1:65535

Rev NAT None

Scr <Local Subnet IP range>

Dst <Remote Subnet IP range>

Transport ANY

Scr port 1:65535

Dst port 1:65535

NAT None

AP-51xx Access Point Product Reference Guide

B-18

These three rules should be configured above all other rules (default or user defined). When

Advanced LAN Access is used, certain inbound/outbound rules need to be configured to

control incoming/outgoing packet flow for IPSec to work properly (with Advanced LAN

Access). These rules should be configured first before other rules are configured.

• Question 13: Do I need to add any special routes on the access point to get my VPN

tunnel to work?

No. However, clients could need extra routing information. Clients on the local LAN side

should either use the access point as their gateway or have a route entry tell them to use

the access point as the gateway to reach the remote subnet.

B.3 Replacing an AP-4131 with an AP-5131 or AP-5181

The access point’s modified default configuration enables an access point to not only operate in a

single-cell environrment, but also function as a replacement for legacy Symbol AP-4131 model access

points. You cannot port an access point’s configuration file to an access point, but you can configure

an access point similarly and provide an improved data rate and feature set.

An AP-4131 has only one LAN port and it is defaulted to DHCP/BOOTP enabled. The access point is

optimized for single-cell deployment, so it should allow the customer to use an access point as a

”drop-in” replacement for an existing AP-4131 deployment. However, to optimally serve as a

replacement for existing AP-4131 deployments, the access point’s “out-of-box” defaults are now set

as follows:

• The access point’s LAN1 port must default to DHCP client mode

• The access point’s LAN2 port must default to DHCP server mode

• The access point’s WAN port must default to Static mode.

• The default gateway now defaults to LAN1.

Scr <Remote Subnet IP range>

Dst <WAN IP address>

Transport UDP

Scr port 1:65535

Dst port 500

Rev NAT None

Usage Scenarios B-19

• The interface parameter has been removed from the Auto Update configuration feature.

• The WAN interface now has http/telnet/https/ssh connectivity enabled by default.

AP-51xx Access Point Product Reference Guide

B-20

Customer Support

Symbol Technologies provides its customers with prompt and accurate customer support. Use the

Symbol Support Center as the primary contact for any technical problem, question or support issue

involving Symbol products.

If the Symbol Customer Support specialists cannot solve a problem, access to all technical disciplines

within Symbol becomes available for further assistance and support. Symbol Customer Support

responds to calls by email, telephone or fax within the time limits set forth in individual contractual

agreements.

When contacting Symbol Customer Support, please provide the following information:

• serial number of unit

• model number or product name

• software type and version number.

AP-51xx Access Point Product Reference Guide

C-2

North American Contacts

Inside North America:

Symbol Technologies, Inc.

One Symbol Plaza Holtsville, New York 11742-1300

Telephone: 1-631-738-2400/1-800-SCAN 234

Fax: 1-631-738-5990

Symbol Support Center (for warranty and service information):

telephone: 1-800-653-5350

fax: (631) 738-5410

Email: support@symbol.com

International Contacts

Outside North America:

Symbol Technologies

Symbol Place

Winnersh Triangle, Berkshire, RG41 5TP

United Kingdom

0800-328-2424 (Inside UK)

+44 118 945 7529 (Outside UK)

Customer Support C-3

Web Support Sites

MySymbolCare

http://www.symbol.com/services/msc/msc.html

Symbol Services Homepage

http://symbol.com/services

Manual Updates

http://symbol.com/legacy_manuals/wire/accesspoints.html

Symbol Developer Program

http://devzone.symbol.com

Additional Information

Obtain additional information by contacting Symbol at:

1-800-722-6234, inside North America

+1-516-738-5200, in/outside North America

http://www.symbol.com/

AP-51xx Access Point Product Reference Guide

C-4

Numerics

2.4 GHz antennas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5

32735

Heading 2

1.1.11 Symbol NetVision Phone/Spectralink

Voice Prioritization. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

access options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25

Access Point

CAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12

PSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

RSSI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23

addresses, Symbol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .viii

administrator access . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

antenna support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

antenna, 2.4 GHz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5

AP-5131 access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5

AP-5131 Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6

AP-5131 Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15

AP-5131 management options. . . . . . . . . . . . . . . . . . . 1-15

AP-5131 operating modes . . . . . . . . . . . . . . . . . . . . . . 1-24

AP-5131 placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

AP-5131 statistical displays. . . . . . . . . . . . . . . . . . . . . 1-17

AP-5131 version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

AP-5131-13040-WW . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

AP-5131-13041-WW . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

AP-5131-13042-WW . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

AP-5131-13043-WW . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

AP-5131-40020-WW . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

AP-5131-40021-WW . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

AP-5131-40022-WW . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

AP-5131-40023-WW . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

association process

beacon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

RSSI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23

automatic firmware update . . . . . . . . . . . . . . . . . . . . . 4-43

available AP-5131 product configurations. . . . . . . . . . . 2-2

available protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30

Index

AP-5131 Access Point Product Reference Guide

IN-6

Bandwidth Management . . . . . . . . . . . . . . . . . . . . . . . 5-55

basic device configuration . . . . . . . . . . . . . . . . . . . . . . . 3-3

beacon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

CAM stations . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-17

PSP stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

BSSID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8

bullets, use of . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

CA certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

CAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

cellular coverage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-20

certificate authority . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-8

certificate management . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

CLI, ACL commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-80

CLI, bandwith management . . . . . . . . . . . . . . . . . . . . 8-107

CLI, common commands . . . . . . . . . . . . . . . . . . . . . . . . .8-3

CLI, connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

CLI, firewall commands . . . . . . . . . . . . . . . . . . . . . . .8-120

CLI, firmware update . . . . . . . . . . . . . . . . . . . . . . . . . 8-182

CLI, log commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-169

CLI, network commands . . . . . . . . . . . . . . . . . . . . . . . .8-11

CLI, network LAN commands . . . . . . . . . . . . . . . . . . . . 8-12

CLI, network LAN, DHCP commands . . . . . . . . . . . . . . 8-28

CLI, network wireless commands. . . . . . . . . . . . . . . . . 8-57

CLI, NTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-164

CLI, QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-102

CLI, radio configuration. . . . . . . . . . . . . . . . . . . . . . . . .8-85

CLI, rogue-AP commands . . . . . . . . . . . . . . . . . . . . . . 8-110

CLI, router commands . . . . . . . . . . . . . . . . . . . . . . . . .8-125

CLI, security commands . . . . . . . . . . . . . . . . . . . . . . . .8-71

CLI, serial port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

CLI, SNMP access. . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-153

CLI, SNMP commands . . . . . . . . . . . . . . . . . . . . . . . . 8-152

CLI, SNMP traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-158

CLI, statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-186

CLI, system access commands . . . . . . . . . . . . . . . . . . 8-136

CLI, system commands . . . . . . . . . . . . . . . . . . . . . . . .8-131

CLI, telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

CLI, type filter commands . . . . . . . . . . . . . . . . . . . . . . . 8-34

CLI, WAN commands . . . . . . . . . . . . . . . . . . . . . . . . . .8-39

CLI, WAN NAT commands . . . . . . . . . . . . . . . . . . . . . . 8-42

CLI, WAN VLAN Commands . . . . . . . . . . . . . . . . . . . . . 8-48

Command Line Interface (CLI)

configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-20

command line interface (CLI) . . . . . . . . . . . . . . . . . . . . .3-2

config file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-3

config import/export . . . . . . . . . . . . . . . . . . . . . . . . . . .4-36

configuration

CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-20

configuration file import/export . . . . . . . . . . . . . . . . . .1-18

configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . .3-2

configuration restoration . . . . . . . . . . . . . . . . . . . . . . .1-18

Content Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14

content filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-49

conventions, notational. . . . . . . . . . . . . . . . . . . . . . . . . . viii

country codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3, A-7

customer support . . . . . . . . . . . . . . . . . . . . . . . . . . viii, B-1

data access, configuring . . . . . . . . . . . . . . . . . . . . . . . . .4-5

data decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-12

data encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-10

data security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-10

Desk Mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12

device firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-40

device settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-5

DHCP support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-19

DHCP, advanced settings . . . . . . . . . . . . . . . . . . . . . . .5-11

direct-sequence spread spectrum. . . . . . . . . . . . . . . . .1-22

Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 1-vii

dual-radio sku . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-7

EAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10, 1-11

EAP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-11

electrical characteristics. . . . . . . . . . . . . . . . . . . . . . . . A-4

event logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-18

firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14

Firewall Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14

firewall, configuring . . . . . . . . . . . . . . . . . . . . . . . . . . .6-25

firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-15

firmware update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-41

firmware, updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-40

IN-7

hardware installation. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

importing certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

importing/exporting configurations . . . . . . . . . . . . . . . 4-36

installation, ceiling . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18

installation, ceiling T-Bar. . . . . . . . . . . . . . . . . . . . . . . 2-16

installation, desk mounting . . . . . . . . . . . . . . . . . . . . . 2-12

installation, wall mounting . . . . . . . . . . . . . . . . . . . . . 2-14

Java-Based WEB UI. . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Kerberos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-10, 1-11

authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . 1-11

implementation. . . . . . . . . . . . . . . . . . . . . . . . . . 1-11

Kerberos authentication . . . . . . . . . . . . . . . . . . . . . . . 1-11

KeyGuard . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10, 1-13, 6-18

LAN port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

LAN to WAN access . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27

LAN, configuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

LAN, statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6

LAN, timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

LED indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-19

LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-19, 2-21

logging configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34

MAC layer bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21

management options . . . . . . . . . . . . . . . . . . . . . . . . . . 1-25

SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15

media types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-22

mesh networking

dual-radio AP-5131 . . . . . . . . . . . . . . . . . . . . . . . . 9-3

STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4

topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-4

use case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-19

mesh overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

MIB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

ML-2499-11PNA2-01 . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

ML-2499-BYGA2-01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

ML-2499-HPA3-01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

ML-5299-WBPBX1-01 . . . . . . . . . . . . . . . . . . . . . . 2-7, A-6

ML-5299-WPNA1-01 . . . . . . . . . . . . . . . . . . . . . . . 2-7, A-6

monitoring statistics . . . . . . . . . . . . . . . . . . . . . . . .7-1, 9-1

mounting options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

Mounting the AP-5131. . . . . . . . . . . . . . . . . . . . . . . . . 2-12

CAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

data decryption . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12

data encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

MU association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-23

MU association process. . . . . . . . . . . . . . . . . . . . . . . . 1-23

MU-MU transmission disallow . . . . . . . . . . . . . . . . . . 1-16

NAT, configuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19

Network Time Protocol (NTP). . . . . . . . . . . . . . . . . . . . 4-31

Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . 1-viii

notational conventions. . . . . . . . . . . . . . . . . . . . . . . . . . viii

NTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

NTP, configuring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31

operating modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-24

phone numbers, Symbol. . . . . . . . . . . . . . . . . . . . . . . . . viii

physical characteristics . . . . . . . . . . . . . . . . . . . . . A-2, A-3

power injector, cabling . . . . . . . . . . . . . . . . . . . . . . . . 2-10

power injector, installation . . . . . . . . . . . . . . . . . . . . . . 2-9

power injector, LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

power options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

PPP over Ethernet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17

precautions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

product configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

programmable SNMP trap . . . . . . . . . . . . . . . . . . . . . . . 1-7

PSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

PSP stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

beacon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

MU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

AP-5131 Access Point Product Reference Guide

IN-8

QoS support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

Quality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . 1-10

radio options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

radio, retry histogram . . . . . . . . . . . . . . . . . . . . . . . . . . 7-21

radio, statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-17

restore default configuration . . . . . . . . . . . . . . . . . . . . . 4-4

roaming across routers

TIM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17

rogue AP detection . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-52

rogue AP detection, allowed APs . . . . . . . . . . . . . . . . . 6-55

rogue AP, details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-58

Routing Information Protocol (RIP) . . . . . . . . . . . . . . . . . 1-5

secuirty, WPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20

security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12

decryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12

security, content filtering . . . . . . . . . . . . . . . . . . . . . . .6-49

security, firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25

security, KeyGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18

security, rogue AP detection. . . . . . . . . . . . . . . . . . . . . 6-52

security, VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-33

security, WLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

security, WPA2-CCMP . . . . . . . . . . . . . . . . . . . . . . . . .6-22

self certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10

serial number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

service information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

single sku . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

site surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-6

SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-15

SNMP Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19

SNMP access control . . . . . . . . . . . . . . . . . . . . . . . . . .4-22

SNMP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-17

SNMP v1/v2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20

SNMP v1/v2/v3 trap support . . . . . . . . . . . . . . . . . . . . 1-15

SNMP v3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20

SNMP, access control. . . . . . . . . . . . . . . . . . . . . . . . . . 4-22

SNMP, RF trap thresholds . . . . . . . . . . . . . . . . . . . . . . 4-29

SNMP, specific traps . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27

SNMP, traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24

SNMP, v1/v2c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25

SNMP, v3 user definitions . . . . . . . . . . . . . . . . . . . . . .4-20

statistics, AP-5131 . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-30

statistics, LAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6

statistics, mu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-23

statistics, radio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-17

statistics, WAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-2

statistics, WLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-11

suspended T-Bar installations . . . . . . . . . . . . . . . . . . .2-16

Symbol support center . . . . . . . . . . . . . . . . . . . . . . . . . . viii

system

information

general . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1

System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1

system configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . .4-1

system location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3

system name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3

system settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2

system settings, configuration . . . . . . . . . . . . . . . . . . . .4-2

system uptime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3

technical support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii

testing AP-5131 connectivity . . . . . . . . . . . . . . . . . . . .3-11

testing connectivity. . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11

theory of operations . . . . . . . . . . . . . . . . . . . . . . . . . . .1-19

TKIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13

transmit power control . . . . . . . . . . . . . . . . . . . . . . . . .1-18

type filter, configuration . . . . . . . . . . . . . . . . . . . . . . . .5-13

VLAN support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14

VLAN, configuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-4

VLAN, management tag . . . . . . . . . . . . . . . . . . . . . . . . .5-7

VLAN, name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-3

VLAN, native tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-7

Voice prioritization . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-17

VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14

VPN Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-14

VPN, auto key settings . . . . . . . . . . . . . . . . . . . . 6-41, 6-42

VPN, configuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-33

VPN, IKE key settings . . . . . . . . . . . . . . . . . . . . . . . . . .6-43

VPN, manual key settings . . . . . . . . . . . . . . . . . . . . . . .6-37

VPN, status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-47

IN-9

wall mounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14

WAN port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

WAN, configuring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14

WAN, port forwarding . . . . . . . . . . . . . . . . . . . . . . . . . 5-21

WAN, statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2

WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-12

WEP encryption . . . . . . . . . . . . . . . . . . . . . . . . . .1-10, 1-12

Wi-Fi Protected Access (WPA) . . . . . . . . . . . . . . . . . . 1-13

WLAN, ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-30

WLAN, creating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24

WLAN, editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-24

WLAN, enabling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-22

WLAN, security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29

WLAN, statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11

WPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20

WPA2-CCMP . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-13, 6-22

WPA2-CCMP (802.11i) . . . . . . . . . . . . . . . . . . . . . . . . . 1-13

WPA-CCMP (802.11i) . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

WPA-TKIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10

WPA, 256-bit keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22

AP-5131 Access Point Product Reference Guide

IN-10

Symbol Technologies, Inc.

One Symbol Plaza

Holtsville, New York 11742-1300

http://www.symbol.com

72E-92949-01

Revision 01 - November 2006

Symbol Technologies AP5181D Symbol Access Point User Manual ES3000UserGuide

Symbol Technologies Inc Symbol Access Point ES3000UserGuide

Contents

Manual Part 3 4

Navigation menu

Namespaces

Views

Navigation