User Guide
Page 4
...3Com Installation CD 3-2 Launch the 3COM Wireless Infrastructure Device Manager (Widman) utility 3-2 Launching the 3com Wireless Interface Device Manager 3-2 First Time Only 3-4 Using the Setup Wizard 3-4 4 System Configuration Advanced Setup 4-2 System Identification 4-4 TCP / IP Settings 4-5 RADIUS 4-8 Authentication 4-9 Filter Control 4-14 VLAN...4-27 System Log 4-33 Enabling System Logging 4-33 Configuring SNTP 4-34 Radio Interface 4-35 802.11a Interface 4-36 Configuring Radio Settings 4-36 Configuring Common Radio Settings 4-38 802.11b/g Interface 4-42 Configuring Wi-Fi Multimedia 4-44...
...3Com Installation CD 3-2 Launch the 3COM Wireless Infrastructure Device Manager (Widman) utility 3-2 Launching the 3com Wireless Interface Device Manager 3-2 First Time Only 3-4 Using the Setup Wizard 3-4 4 System Configuration Advanced Setup 4-2 System Identification 4-4 TCP / IP Settings 4-5 RADIUS 4-8 Authentication 4-9 Filter Control 4-14 VLAN...4-27 System Log 4-33 Enabling System Logging 4-33 Configuring SNTP 4-34 Radio Interface 4-35 802.11a Interface 4-36 Configuring Radio Settings 4-36 Configuring Common Radio Settings 4-38 802.11b/g Interface 4-42 Configuring Wi-Fi Multimedia 4-44...
User Guide
Page 8
WPA-Wi-Fi Protected Access. 8 WDS-Wireless Distribution System. A LAN consisting of groups of security keys and the popular RC4 encryption algorithm. Wireless devices without a valid WEP key will be excluded from network traffic. VLAN-Virtual Local Area Network. VAP-Virtual Access Point. WEP-Wired Equivalent Privacy is based on the same segment. An access point radio capable of operating as though they were on the use of hosts that are on physically different segments but that communicate as four separate access points.
WPA-Wi-Fi Protected Access. 8 WDS-Wireless Distribution System. A LAN consisting of groups of security keys and the popular RC4 encryption algorithm. Wireless devices without a valid WEP key will be excluded from network traffic. VLAN-Virtual Local Area Network. VAP-Virtual Access Point. WEP-Wired Equivalent Privacy is based on the same segment. An access point radio capable of operating as though they were on the use of hosts that are on physically different segments but that communicate as four separate access points.
User Guide
Page 49
... the Timeout and Retransmit attempts fields, accept the default values unless you experience problems connecting to access the network. AUTHENTICATION Wireless clients can be entered as hexadecimal numbers or as ASCII strings. VLAN IDs can configure the access point to provide a backup in the string. (Maximum length: 255 characters) Timeout: Number of times the...
... the Timeout and Retransmit attempts fields, accept the default values unless you experience problems connecting to access the network. AUTHENTICATION Wireless clients can be entered as hexadecimal numbers or as ASCII strings. VLAN IDs can configure the access point to provide a backup in the string. (Maximum length: 255 characters) Timeout: Number of times the...
User Guide
Page 56
... traffic tagged with the specified management VLAN ID. All wireless clients associated to the access point are assigned to a VLAN. VLANs separate traffic passing between the access point, associated clients, and the wired network. Note the following points about the access point's VLAN support: The management VLAN is tagged with assigned VLAN IDs or default VLAN IDs to access clients associated on each client...
... traffic tagged with the specified management VLAN ID. All wireless clients associated to the access point are assigned to a VLAN. VLANs separate traffic passing between the access point, associated clients, and the wired network. Note the following points about the access point's VLAN support: The management VLAN is tagged with assigned VLAN IDs or default VLAN IDs to access clients associated on each client...
User Guide
Page 57
...guide. Wireless clients must have 802.1X authentication enabled and a RADIUS server configured. Refer to a client after successful IEEE 802.1X authentication. Default: 1) 4-17 Enables or disables VLAN tagging support on the RADIUS server, the access point assigns the client to the configured default VLAN ID ...values as indicated in the following table. NOTE: When using IEEE 802.1X to dynamically assign VLAN IDs, the access point must also support 802.1X client software. VLAN ID VLAN - If a client does not have to be assigned to the documentation provided with the RADIUS ...
...guide. Wireless clients must have 802.1X authentication enabled and a RADIUS server configured. Refer to a client after successful IEEE 802.1X authentication. Default: 1) 4-17 Enables or disables VLAN tagging support on the RADIUS server, the access point assigns the client to the configured default VLAN ID ...values as indicated in the following table. NOTE: When using IEEE 802.1X to dynamically assign VLAN IDs, the access point must also support 802.1X client software. VLAN ID VLAN - If a client does not have to be assigned to the documentation provided with the RADIUS ...
User Guide
Page 66
...file on the server. You will only accept firmware files named "3Com-img.bin". Use the Browse button to locate the image file locally on the management station and click Start Upgrade to the access point using "/" in the following fields, click Start Upgrade to which it...and reboot the system. A path on the TFTP server is attached, with a user name and password. If VLANs are managing the access point from a wireless client, the VLAN ID for example, "myfolder/syscfg." Restore Factory Settings - Click the Restore button to reset the configuration settings for file names...
...file on the server. You will only accept firmware files named "3Com-img.bin". Use the Browse button to locate the image file locally on the management station and click Start Upgrade to the access point using "/" in the following fields, click Start Upgrade to which it...and reboot the system. A path on the TFTP server is attached, with a user name and password. If VLANs are managing the access point from a wireless client, the VLAN ID for example, "myfolder/syscfg." Restore Factory Settings - Click the Restore button to reset the configuration settings for file names...
User Guide
Page 75
... The access point provides a way to update the time from the secondary server. Radio Interface Secondary Server: The IP address of the manual. The access point first attempts to automatically adjust the system clock for radio signal characteristics and wireless security features. NOTE: The access point also...time. RADIO INTERFACE The IEEE 802.11a and 802.11g interfaces include configuration options for Daylight Savings Time changes. The access point can be configured with 802.11b. To use this period the system clock is backward compatible with its own VLAN ID....
... The access point provides a way to update the time from the secondary server. Radio Interface Secondary Server: The IP address of the manual. The access point first attempts to automatically adjust the system clock for radio signal characteristics and wireless security features. NOTE: The access point also...time. RADIO INTERFACE The IEEE 802.11a and 802.11g interfaces include configuration options for Daylight Savings Time changes. The access point can be configured with 802.11b. To use this period the system clock is backward compatible with its own VLAN ID....
User Guide
Page 77
... VLAN ID assigned to wireless clients associated to the VAP interface that want to connect to the network through the access point must set provided by RADIUS server configuration. (Default: 1) Closed System - The time within which a client is disassociated from clients that can be associated with the access point at... the same time. Default: 60 minutes) Association Timeout Interval - The name of the basic service set their SSID to 3Com8 for 802.11a, 3Com5 to the same as that of clients that do ...
... VLAN ID assigned to wireless clients associated to the VAP interface that want to connect to the network through the access point must set provided by RADIUS server configuration. (Default: 1) Closed System - The time within which a client is disassociated from clients that can be associated with the access point at... the same time. Default: 60 minutes) Association Timeout Interval - The name of the basic service set their SSID to 3Com8 for 802.11a, 3Com5 to the same as that of clients that do ...
User Guide
Page 110
... Spanning Tree Ethernet Interface Wireless Interface Wireless Security Rogue AP Detection Link Integrity IAPP VLANs WMM Description Configures WDS forwarding table settings Configures spanning tree parameters Configures connection parameters for the Ethernet interface Configures radio interface settings Configures radio interface security and encryption settings Configures settings for the detection of rogue access points in the following tables...
... Spanning Tree Ethernet Interface Wireless Interface Wireless Security Rogue AP Detection Link Integrity IAPP VLANs WMM Description Configures WDS forwarding table settings Configures spanning tree parameters Configures connection parameters for the Ethernet interface Configures radio interface settings Configures radio interface security and encryption settings Configures settings for the detection of rogue access points in the following tables...
User Guide
Page 128
... : DISABLED Management VLAN ID(AP): 1 IAPP State : ENABLED DHCP Client : ENABLED HTTP Server : ENABLED HTTP Server Port : 80 HTTPS Server : ENABLED HTTPS Server Port : 443 Slot Status : Dual band(a/g) Boot Rom Version : v3.0.3 Software Version : v4.3.1.9 SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLED WEB ...LINE INTERFACE show system System Information Serial Number : A123456789 System Up time : 0 days, 4 hours, 33 minutes, 29 seconds System Name : Enterprise Wireless AP System Location : System Contact : System Country Code : US -
... : DISABLED Management VLAN ID(AP): 1 IAPP State : ENABLED DHCP Client : ENABLED HTTP Server : ENABLED HTTP Server Port : 80 HTTPS Server : ENABLED HTTPS Server Port : 443 Slot Status : Dual band(a/g) Boot Rom Version : v3.0.3 Software Version : v4.3.1.9 SSH Server : ENABLED SSH Server Port : 22 Telnet Server : ENABLED WEB ...LINE INTERFACE show system System Information Serial Number : A123456789 System Up time : 0 days, 4 hours, 33 minutes, 29 seconds System Name : Enterprise Wireless AP System Location : System Contact : System Country Code : US -
User Guide
Page 130
... : 210.200.211.225 Secondary DNS : 210.200.211.193 Speed-duplex : 100Base-TX Full Duplex Admin status : Up Operational status : Up Wireless Interface 802.11a Information Identification Description : 802.11a Access Point SSID : A 0 Channel : 0 (AUTO) Status : Disable 802.11 Parameters Transmit Power : 100% (5 dBm) Data Rate : 54Mbps Fragmentation Threshold : 2346 bytes RTS Threshold : 2347...
... : 210.200.211.225 Secondary DNS : 210.200.211.193 Speed-duplex : 100Base-TX Full Duplex Admin status : Up Operational status : Up Wireless Interface 802.11a Information Identification Description : 802.11a Access Point SSID : A 0 Channel : 0 (AUTO) Status : Disable 802.11 Parameters Transmit Power : 100% (5 dBm) Data Rate : 54Mbps Fragmentation Threshold : 2346 bytes RTS Threshold : 2347...
User Guide
Page 131
... 3: 0.0.0.0 , UDP Port: 514, State: Disabled 4: 0.0.0.0 , UDP Port: 514, State: Disabled Radius Server Information IP : 0.0.0.0 Port : 1812 Key : ***** Retransmit : 3 Timeout : 5 Radius MAC format : no-delimiter Radius VLAN format : HEX 5-29
... 3: 0.0.0.0 , UDP Port: 514, State: Disabled 4: 0.0.0.0 , UDP Port: 514, State: Disabled Radius Server Information IP : 0.0.0.0 Port : 1812 Key : ***** Retransmit : 3 Timeout : 5 Radius MAC format : no-delimiter Radius VLAN format : HEX 5-29
User Guide
Page 133
...255.0 Default Gateway : 192.254.0.1 VLAN State : DISABLED Management VLAN ID(AP): 1 IAPP State : ENABLED DHCP Client : ENABLED HTTP Server : ENABLED HTTP Server Port : 80 HTTPS Server : ENABLED HTTPS Server Port : 443 Slot Status : Dual band(a/g) Boot Rom Version : v3... 14, Jan 1st, 1970 Time Zone : -5 (BOGOTA, EASTERN, INDIANA) Daylight Saving : Disabled Station Table Information if-wireless A VAP [0] : 802.11a Channel : Auto No 802.11a Channel Stations. . . . System Information Serial Number : System Up time : 0 days, 0 hours, 16 minutes, 51 ...
...255.0 Default Gateway : 192.254.0.1 VLAN State : DISABLED Management VLAN ID(AP): 1 IAPP State : ENABLED DHCP Client : ENABLED HTTP Server : ENABLED HTTP Server Port : 80 HTTPS Server : ENABLED HTTPS Server Port : 443 Slot Status : Dual band(a/g) Boot Rom Version : v3... 14, Jan 1st, 1970 Time Zone : -5 (BOGOTA, EASTERN, INDIANA) Daylight Saving : Disabled Station Table Information if-wireless A VAP [0] : 802.11a Channel : Auto No 802.11a Channel Stations. . . . System Information Serial Number : System Up time : 0 days, 0 hours, 16 minutes, 51 ...
User Guide
Page 167
... GC Page 5-69 Exec 5-69 radius-server address This command specifies the primary and secondary RADIUS servers. Using the Command Line Interface Command radius-server vlan-format show radius Function Sets the format for authentication messages. (Range: 1024-65535) Default Setting 1812 Command Mode Global Configuration 5-65 Host name of server...
... GC Page 5-69 Exec 5-69 radius-server address This command specifies the primary and secondary RADIUS servers. Using the Command Line Interface Command radius-server vlan-format show radius Function Sets the format for authentication messages. (Range: 1024-65535) Default Setting 1812 Command Mode Global Configuration 5-65 Host name of server...
User Guide
Page 171
...hexadecimal number. • ascii - Default Setting Hex Command Mode Global Configuration Example Enterprise AP(config)#radius-server vlan-format ascii Enterprise AP(config)# show radius This command displays the current settings for specifying VLAN IDs on the RADIUS server. Default Setting None Command Mode Exec 5-69 Using the Command Line Interface Default... Setting No delimiter Command Mode Global Configuration Example Enterprise AP(config)#radius-server radius-mac-format multi-dash Enterprise AP(config)# radius-server vlan-format This command sets the format for the RADIUS server.
...hexadecimal number. • ascii - Default Setting Hex Command Mode Global Configuration Example Enterprise AP(config)#radius-server vlan-format ascii Enterprise AP(config)# show radius This command displays the current settings for specifying VLAN IDs on the RADIUS server. Default Setting None Command Mode Exec 5-69 Using the Command Line Interface Default... Setting No delimiter Command Mode Global Configuration Example Enterprise AP(config)#radius-server radius-mac-format multi-dash Enterprise AP(config)# radius-server vlan-format This command sets the format for the RADIUS server.
User Guide
Page 172
...VLAN format : HEX Enterprise AP# 802.1X Authentication The access point supports IEEE 802.1X access control for associated stations using 802.1X dynamic keying Sets the interval at which unicast session keys are also used to pass dynamic unicast session keys and static broadcast keys to wireless... clients. This control feature prevents unauthorized access to the network by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to submit user credentials for stations using ...
...VLAN format : HEX Enterprise AP# 802.1X Authentication The access point supports IEEE 802.1X access control for associated stations using 802.1X dynamic keying Sets the interval at which unicast session keys are also used to pass dynamic unicast session keys and static broadcast keys to wireless... clients. This control feature prevents unauthorized access to the network by a RADIUS server using EAP (Extensible Authentication Protocol) before the access point grants client access to submit user credentials for stations using ...
User Guide
Page 224
CHAPTER 5: COMMAND LINE INTERFACE Command Mode Exec Example Enterprise AP#show interface wireless g 0 Wireless Interface Information Identification Description : Enterprise 802.11g Access Point SSID : VAP_G 0 Channel : 1 (AUTO) Status : ENABLED MAC Address : 00:03:7f:fe:03:02 802.11 Parameters Radio Mode : b & g mixed mode Protection Method : CTS only Transmit Power : ...Association Timeout Interval : 30 Mins DTIM Interval : 1 beacon Preamble Length : LONG Maximum Association : 64 stations MIC Mode : Software Super G : Disabled VLAN ID : 1 . . 5-122
CHAPTER 5: COMMAND LINE INTERFACE Command Mode Exec Example Enterprise AP#show interface wireless g 0 Wireless Interface Information Identification Description : Enterprise 802.11g Access Point SSID : VAP_G 0 Channel : 1 (AUTO) Status : ENABLED MAC Address : 00:03:7f:fe:03:02 802.11 Parameters Radio Mode : b & g mixed mode Protection Method : CTS only Transmit Power : ...Association Timeout Interval : 30 Mins DTIM Interval : 1 beacon Preamble Length : LONG Maximum Association : 64 stations MIC Mode : Software Super G : Disabled VLAN ID : 1 . . 5-122
User Guide
Page 227
...11a Channel Stations. . . . Rogue APs can potentially allow unauthorized users access to participate in the wireless network, or an access point that does not have the correct security configuration. Enterprise AP# Rogue AP Detection Commands A "rogue AP" is either an access point that is not authorized to the network. Alternatively, client stations may also cause radio... AP and be prevented from accessing network resources. if-wireless G VAP [0] : 802.11g Channel : 1 802.11g Channel Station Table Station Address : 00-04-23-94-9A-9C VLAN ID: 0 Authenticated Associated Forwarding...
...11a Channel Stations. . . . Rogue APs can potentially allow unauthorized users access to participate in the wireless network, or an access point that does not have the correct security configuration. Enterprise AP# Rogue AP Detection Commands A "rogue AP" is either an access point that is not authorized to the network. Alternatively, client stations may also cause radio... AP and be prevented from accessing network resources. if-wireless G VAP [0] : 802.11g Channel : 1 802.11g Channel Station Table Station Address : 00-04-23-94-9A-9C VLAN ID: 0 Authenticated Associated Forwarding...
User Guide
Page 247
... mapped to specific wireless clients, allowing users to a device port on the access point, a VLAN ID (a number between 1 and 4094) can enable the support of VLAN-tagged traffic passing between access points from different vendors. The VLAN commands supported by the access point are enabled, the access point's Ethernet port drops all traffic GC Configures the management VLAN for the access point GC Page 5-146...
... mapped to specific wireless clients, allowing users to a device port on the access point, a VLAN ID (a number between 1 and 4094) can enable the support of VLAN-tagged traffic passing between access points from different vendors. The VLAN commands supported by the access point are enabled, the access point's Ethernet port drops all traffic GC Configures the management VLAN for the access point GC Page 5-146...
User Guide
Page 248
... Command Mode Global Configuration Command Description • When VLANs are tagged with the access point's native VLAN ID. • Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point's native VLAN ID, or with a VLAN tag that matches one of the wireless clients currently associated with the VLAN ID configured for a client on the RADIUS...
... Command Mode Global Configuration Command Description • When VLANs are tagged with the access point's native VLAN ID. • Traffic entering the Ethernet port must be tagged with a VLAN ID that matches the access point's native VLAN ID, or with a VLAN tag that matches one of the wireless clients currently associated with the VLAN ID configured for a client on the RADIUS...