Manuale d’uso / di manutenzione del prodotto 2552W-G del fabbricante SMC
Vai alla pagina of 252
SMC2552W-G.
.
38 T esla Irvine, CA 92618 Phone: (949) 679 -8000 EliteConnect ™ 2.4GHz 802.11g Wireless Access P oint User Guide The easy w a y to mak e all y our netwo rk connections April 2004 Revision Number: R01, F2.
Copyright Inf ormation furnished by SMC Networks, Inc. (S MC) is believ ed to be accurate and reliab le. Howe ver , no responsibility is assumed by SMC for its use , nor f or any infringements of patents or other rights of third parties which ma y result from it s use.
i L IMITED W ARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) w arrants its products to be free from defects in w orkmanship and mater ials, under normal use and ser vice, f or the applicable w arranty term. All SMC products carr y a standard 90-day limited warr anty from the date of purchase from SMC or its Authorized Reseller .
L IMITED W ARRANTY ii Customers are responsible f or all shipping charges from their fa cility to SMC . SMC is responsible f or retur n shippi ng charges from SMC to customer .
iii C OMPLIANCES Federal Comm unication Co mmission Interference Statement This equipment has been tested and found to co mply with the limits f or a Class B digital device , pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against ha rmful interference in a residential installation.
C OMPLIANCES iv The term “IC:” b efore the radio certificat ion number only signifies that Industry Canada technical specifications were met. Industry Canada - Class B This digital apparatus does .
C OMPLIANCES v EC Conf ormance Declaration SMC contact for these products in Europe is: SMC Networks Europe, Edificio Conata II, Calle F ructuós Gelaber t 6-8, 2 o , 4 a , 08970 - Sant Joan Despí, Barcelona, Spain.
C OMPLIANCES vi Safety Compliance P ower Cord Safety Please read the following safety informati on carefully before installing the switch: W ARNING: Insta llation and remov al of the unit must be carried out by qualified personnel only . • The unit must be connected to an earthed (grounded) outlet to comply with international safety standards.
C OMPLIANCES vii Switzerland The supply plug must comply with SEV/ASE 1011. U.K. The supply plug must comply with BS1363 (3-pin 1 3 A) and be fitted with a 5 A fuse which complies with BS1362. The mains cord must be <HAR> or <BASEC> marked and be of type HO3VVF3GO.
C OMPLIANCES viii Veuillez lire à fond l 'information de la sécurité sui vante avant d'installer le Switch: A VERTISSEMENT : L ’installation et la dépose de ce groupe doiv ent être confiés à un personnel qualifié.
C OMPLIANCES ix Bitte unbeding t vor dem Einbau en des Switches die folgenden Sicherheitsa nweisungen durc hlesen (Germany) : W ARNUNG: Die Installation und der Ausbau des Geräts darf nur durch F ach personal erf olgen. • Das Gerät sollte nicht an eine ungeerdete Wechselstromsteckdose angeschlossen werden.
C OMPLIANCES x gegeben, wenn auch die an das Gerät angeschlossenen Geräte unter SELV-Bedingungen betrieben werden. • • Stromkabel . Dies muss von dem Land, in dem es benutzt wird geprüft werden: U.S.A und Canada Der Cord muß das UL gepruft und war das CSA beglaubigt.
xi T ABLE OF C ONTENTS 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Package Che cklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 Hardware Desc ription . . . . . . . . . . . . . . . . . . . . .
T AB LE OF C ONTENTS xii Event Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-66 6 Command Line Interface . . . . . . . . . . . . . . . . . . . 6-1 Using the Co mmand Line I nterface . . . . . . . . . . . . . . . . . . . .
T ABLE OF C ONTENTS xiii logging con sole . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25 logging leve l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-26 logging facility-type . . . . . . . . . . . . . . . . .
T AB LE OF C ONTENTS xiv address filt er delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6- 56 mac-authen tication serve r . . . . . . . . . . . . . . . . . . . . . . . . 6-57 mac-authen tication session -timeout . . . . . . . . . . .
T ABLE OF C ONTENTS xv wpa-psk-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-93 shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-94 show interf ace wireles s . . . . . . . . . . . . . . . . .
T AB LE OF C ONTENTS xvi.
1-1 Chapter 1 Introduction SMC’ s EliteConnect 2.4GHz 802.11g Wirele ss Access P oint (SMC2552W -G) is an IEEE 802.11b/ g access point that provides transpar ent, wireless hig h-speed data comm unications betw een the wired LAN and fix ed, por table or mobile de vices equipped with a 802.
Introduction 1-2 Package Checklist The EliteConnect 2.4GHz 802.11 g Wireless Access P oint pack age includes: • One 2.4GHz 802.11 g Wireless Access P oint (SMC2552W -G) • One Category 5 network ca.
Hardware Description 1-3 Hardware Description Front P anel Rear Pa nel Antennas LED Indicator Security Slot Console Port RJ-45 Port, PoE Connector Reset Button 3.
Introduction 1-4 Component Description Antennas The access point includes two antennas f or wireless communication s. The sign al transmitted f rom both antennas is identical, b ut only the best signal receiv ed on one of the antennas is used.
Hardware Description 1-5 Security Slot The access point includes a K ensington security slot on the rear panel. Y ou can pre vent una uthorized re mov al of the access point by wrapping the K ensington secur ity cab le (not pro vided) around an unmov able object, inser ting the loc k into the slot, and turning the ke y .
Introduction 1-6 How e ver , when connecting the access p oint to a workstation or other de vice that does not ha v e MDI-X por ts , y ou must use crosso v er twisted-pair ca b le.
F eatures and Benefits 1-7 Features and Benefits • Local network connection via 10/100 Mbps Ethernet por ts or 54 Mbps wireless int erf ace (suppor ting up to 64 mobile users) • IEEE 802.11b , 802.11g and 80 2.3af compliant • Antennas with SMA conne ctors f or optional e xter nal 2.
Introduction 1-8 Applications The Wireless products of f er a high speed, reliab le, cost-eff ective solution f or 10/100 Mbps wireless Ethernet client access to the network in applications such as: • Remote access to corpo rate netw ork information E-mail, file tra nsf er , and terminal emulation.
System Def aults 1-9 System Defaults The f ollowing table lists so me of the access point’ s basic system def aults. To reset th e access poin t defaults, use the CLI command “reset conf iguration” fro m the Exec level prompt.
Introduction 1-10 MAC Authentication MAC Local MAC A uthentication Session Timeout 0 seconds (disab led) Local MA C System Def ault Allow ed Local MA C P er mission Allow ed 802.
System Def aults 1-11 System Logging Syslog Disab led Logging Host Disab led Logging Conso le Disab led IP Address / Host Name 0.0.0.0 Logging Le vel Inf or mational Logging F acility T ype 16 Ethernet Interface Speed and Duple x Auto Wireless Interface 802.
Introduction 1-12 Wireless Security 802.11b/g Authentication Type Open System WEP Encryption Disabled WEP Key Length 128 bits WEP Key Type Hexadecimal WEP Transmit Key Number 1 WEP Keys null WPA Configuration Mode All clients WPA Key Management WPA authentication over 802.
2-1 Chapter 2 Hardware Installation 1. Select a Site – Ch oose a pro per place f or the access point. In general, the best location is at the center of y our wireless cov erage area, within line of sight o f all wireless de vices.
Hardware Installation 2-2 Set the f our 5/8-inch number 12 w ood scre ws in the holes, leaving about 3 mm clearence from the wall. P osition the mounting brac ket ov er the wall scre ws, slide the brac ket onto th e screws , and then tighten do wn the scre ws.
Hardware Installation 2-3 Attachin g the Mount ing Brac ket 4. Lock the Access P oint in Place – T o pre v ent unauth orized remov al of the acce ss point, you can us e a K ensington Slim MicroSav er security cable (not included) to attach the access point to a f ix ed object.
Hardware Installation 2-4 5. Connect the Po wer Cord – Connect the po wer adapter to the access point, an d the pow er cord to an AC pow er outlet. Otherwise, the access point can der ive its operating pow er directly from t he RJ-45 por t when connected to a de vice that provides I EEE 802.
Hardware Installation 2-5 position the antenn as around 45 to 90 deg rees from each other . The access point also compares the stren gth of an incoming signal on both ante nnas, and uses the antenn a receiving the stronger signal to communicate with a wireless client.
Hardware Installation 2-6.
3-1 Chapter 3 Network Configuration The wireless solution su ppor ts a stand-alone wireless netwo rk configuration as w ell as an integrated configur ation with 10/100 Mbps Ethernet LANs.
Network Configuration 3-2 Network Topologies Ad Hoc Wireless LAN (no AP or Bridge) An ad hoc wireless LAN consists of a g roup of computers, ea ch equipped with a wireless adapter , connected via radio signals as an independent wirele ss LAN. Computers in a specific ad hoc wireless LAN must therefore be configured to the same radio channel.
Network T opologies 3-3 Infrastructure Wireless LAN The access point also pro vides access to a wired LAN f or wireless workstations. An integr ated wired/wireless LAN is called an Infrastructure configuratio n. A Basic Ser vice Set (BSS) consists of a group of wireless PC users, and an access point that is direc tly connected t o the wired LAN.
Network Configuration 3-4 Infrastructure Wireless L AN for Roaming Wireless PCs The Basic Ser vice Set (BSS) defi nes the communications domain f or each access point and its a ssociated wireless clients.
Network T opologies 3-5 A wireless infra structure can also suppor t roaming f or mobile worker s. Mo re than one a ccess point can be configu red to crea te an Extended Ser vice Set (ESS). By placing the access points so that a continuous co verage are a is created, wireless users within this ESS can roam freely .
Network Configuration 3-6.
4-1 Chapter 4 Initial Configuration The EliteConnect 2.4GHz 8 02.11g Wireless Access P oint SMC2552W -G off ers a variety of managemen t options , including a web-based interface , a direct c onnection to the console por t, or using SNMP softw are such as SMC’ s EliteView .
Initial Configuration 4-2 T o connect to the console port, complete the f ollowing steps: 1. Connect the console cab le to the serial por t on a ter minal, or a PC running terminal emulat ion softw are, and ti ghten the captiv e retaining scre ws on the DB-9 connector .
Initial Setup through the CLI 4-3 Initial Configuration Steps Loggin g In – Enter “admin” f or the user name . The def ault pass word is “ smcadmin”. The CLI prompt ap pears displa ying “SMC Enter prise AP#. ” Setting the IP Address – By def ault, the access point is configured to obta in IP address settin gs from a DHCP ser v er .
Initial Configuration 4-4 accessed us ing T elnet from any computer atta ched to the network. Setting the Country Co de – Units sold in the United States are configured b y default to use on ly radio chan nels 1-11 as defined by FCC regulations. Units sold in other countries are configured by def ault without a country code (i.
Using W eb-based Management 4-5 Loggin g In – Enter the username “admin, ” the pass word “smcadmi n, ” and click LOGIN. Fo r inf or mation on configuring a user name and pa ss word, ref er to page 5-28. The home page di spla ys the Main Menu.
Initial Configuration 4-6 Launching the Setup Wizar d – T o perf or m initial configuration, click Setu p Wizard on the home page , then click on the [Ne xt] but ton to start the process. 1. Service S et ID – Enter the ser vice set identifier in th e SSID bo x which all wireless clients mu st use to associate with the access point.
Using W eb-based Management 4-7 2. Radio Channel – Y ou must enab le radio communica tions f or 802.11b and 802 .11b/g, and set the oper ating radio channel. A uto Channel Select – Select Enable for automatic radio channel detection. (De f ault: Enab le) 802.
Initial Configuration 4-8 3. IP Configuration – Either enable or disab le (Dynamic Host Configuration Pr otocol (DHCP) f or automatic IP configura tion.
Using W eb-based Management 4-9 4. Click Finish. 5. Click the OK button to restart the access point..
Initial Configuration 4-10.
5-1 Chapter 5 System Configuration Bef ore continuing with adv anced configuration, f irst complete the initial configur ation steps described in Chapter 4 to set up an IP address f or the SMC2552W -G. The SMC2552W -G can be managed b y any comput er using a web bro wser (Internet Explorer 5.
System Configuration 5-2 The inf or mation in this chapter is organiz ed to reflect the structure of the web scr eens f or easy ref erence. How ev er , we recomm end that y ou configur e a user name an d pass word as the first step under adv anced configuration t o control managemen t access to this de vice (page 5-28).
Adv anced Configuration 5-3 802.11b/g Interface Configures the IEEE 802 .11b/g interface 5-40 Radio Settings Configures radio signal parameters, such as radio channel, transmission rate, and beacon se.
System Configuration 5-4 System Identification The system inf or mation parameters f or the SMC2552W -G can be left at their de f ault settings. Howe ver , modif ying these pa rameters can help yo u to more easily distinguish diff erent device s in yo ur networ k.
Adv anced Configuration 5-5 CLI Commands f or System Identifica tion – Enter the glob al configuratio n mode, a nd use the system na me command t o specify a new system name. Enter the wireless configuration mode (11g), an d use the ssid command to set the service set identifier .
System Configuration 5-6 TCP / IP Settings Configuring the SMC2552W -G with an IP address e xpands your ability to manage the access point. A number of acces s point f eatures depend on IP addressin g to operat e.
Adv anced Configuration 5-7 DHCP Client (Enable) – Select this option to obtain the IP settings for the access poi nt from a DHCP (Dynamic Host Configuratio n Protocol) server . The IP address, subnet ma sk, def ault gatew a y , and Domain Name Server (DNS) addres s are dynamically assigned to the access point by th e network DHCP ser v er .
System Configuration 5-8 CLI Commands for TCP/IP Settings – F rom the global configuration m ode, enter the int erface configuration mode wit h the interface ethernet comman d. Use the ip dhcp command to enable the DHCP client, or no ip dhcp to disab le it.
Adv anced Configuration 5-9 Radius Remote Authentication D ial-in User Ser vice (RADIUS) is an authentica tion protocol that uses softw are running on a centr al ser v er to control a ccess to RA DIUS-aw a re de v ices on the network.
System Configuration 5-10 Primar y Radius Ser ver Setup – Configure the following settings to use RADIUS authenti cation on the acce ss point. • IP Address: Specifies the I P address or host name of the RADIUS ser ver . • P or t: The UDP por t number used by the RADIUS ser v er f or authentication messag es.
Adv anced Configuration 5-11 CLI Commands f or RADIUS – F rom the global configuration mode, use th e radius-s erver ad dress command to sp ecify the address of the primar y or secondary RADIUS ser ver s. ( The f o llowing e xample configures the se ttings f or the primar y RADIUS server .
System Configuration 5-12 Authentication Wireless clients can be authenticated f or network access by chec king their MA C address against the local database configured on the access po int, or b y looking up their MA C addresses on a RADIUS server . The 802.
Adv anced Configuration 5-13 MA C A uthentication – Y ou can config ure a list of the MAC addresses f or wireless clients th at are au thorized to access th e network. This pro vides a basic le vel of au thentication f or wireless clients attem pting to ga in access to the networ k.
System Configuration 5-14 • MAC A uthenticat ion Settin gs: Enters specified MA C addresses and per missions in to the local MAC database. - MAC Address: Physical address of a client. Enter six pa irs of hexadecim al digits separated by hyp hens; for example , 00-90-D1 -12-AB-89 .
Adv anced Configuration 5-15 The 802.1x EAP pack e ts are also used to pass dynamic unicast session ke ys and static broadcast ke ys to wireless clients . Session ke ys are unique to each client and are used to encr ypt and correlate tr affic passing between a specific client and the access point.
System Configuration 5-16 • Session K ey Refresh Ra te: The interval at which the access point refreshes un icast session ke ys for associate d clients . (Range: 0-1440 minutes; Def ault: 0 means disab led) • 802.1x Re-authent ication Refresh Rate: The time period after which a connected client m ust be re-authenticated.
Adv anced Configuration 5-17 CLI Commands f or Local MA C A uthentication – Use the mac-authenti cation server co mmand from th e global configuration mo de to enable local MAC authenticat ion.
System Configuration 5-18 CLI Commands f or RADIUS MA C A uthentication – Use the mac-authenti cation server co mmand from th e global configura tion mode to enab le remote MAC auth entication. Set the timeout v alue f or re-authenticat ion using the ma c-authenticat ion session-ti meout command.
Adv anced Configuration 5-19 CLI Commands f or 802.1x A uthentication – Use the 802.1x supported command from the globa l configurat ion mode to enab le 802.1x authentication . Set the session and broadca st ke y refresh r ate , and the re-authe ntication ti meout.
System Configuration 5-20 Filter Control The access point can empl o y VLAN ID and network traf fic frame filtering to control access to network resource s and increase security . Nativ e VLAN ID – The VLAN ID assigned to wireless clients that are not assigned to a specific VLAN by RADIUS server configuration.
Adv anced Configuration 5-21 VLAN IDs can be mapped to spec ific wireless c lients, allowing users to remain within t he same VLAN as the y move arou nd a campus site . This f e ature can also be used to control access to network resources from wirele ss clients , thereb y improv ing security .
System Configuration 5-22 When VLAN filtering is enab led, the access p oint must also ha v e 802.1x authenticat ion enab led and a RADIUS server config ured. Wireless clients must also support 802.1x client so ftwa re to be assigned to a specific VLAN.
Adv anced Configuration 5-23 CLI Commands f or VLAN Suppor t – F rom the global configuration mod e use the native-v lanid command to s et the def ault VLAN ID for the Et hernet interf ace, th en enab le VLANs using the vlan enabl e command.
System Configuration 5-24 CLI Commands f or Bridge Filter ing – Use th e filter local-bridge command from the global configur ation mode to pre v ent wireless-to-wireless communicati ons through the access poin t. Use the filter ap-manage command to restrict management access from wireless clients .
Adv anced Configuration 5-25 SNMP Y ou can use a network management app lication such as SMC’ s EliteVie w to manage the SMC2552W -G via the Simple Network Management Protocol ( SNMP) from a netwo rk management station.
System Configuration 5-26 SNMP – Enab les or disab les SNMP management acce ss and also enab les the access point to send SNMP t raps (notification s). SNMP management is enab led by def ault. Location – A text string that d escrib es the syste m location.
Adv anced Configuration 5-27 CLI Commands f or SNMP – Use the snmp- server enab le serve r command from the globa l configur ation mode . T o set read/write and re ad-only comm unity name s, u se the snmp-server community command .
System Configuration 5-28 Administration Changing the Password Management access t o the web an d CLI interf ace on the SMC2552W -G is controlled through a single user nam e and passw ord. Y o u can also gain add i tional access security by using control filters (see “Filter Control” on p age 5-20).
Adv anced Configuration 5-29 Confirm New P a ss word – Enter the pass word aga in f or v erification. CLI Commands f or the User Name and P asswo rd – Use the username and pass word command s from the CLI configur ation mode.
System Configuration 5-30 Upgrading Firmware Y ou can upgr ade new SMC2552W -G software f rom a loca l file on the management w orkstation, or from an FTP or TFTP ser v er . New sof tware ma y be provided periodically on SMC’ s web site (http://www .
Adv anced Configuration 5-31 If you need to do wnload from an FTP or TFTP ser ver , take the f ollowing additional steps: • Obtain the IP add ress of the FTP or TFTP server wh ere the access point softwa re is stored.
System Configuration 5-32 server is 255 chara cters or 32 charact ers f or files on the access point . (V a lid characters: A- Z, a-z, 0-9, “. ”, “- ”, “_”) • IP Address: IP addr ess or host name of FTP or TF TP ser v er . • Username: The user ID used f or login on an FTP server .
Adv anced Configuration 5-33 CLI Commands f or Downloading Soft w are from a TFTP Server – Use the copy tftp file command from th e Ex ec mode and t hen specify the file type , name, and IP address of the TFTP server .
System Configuration 5-34 System Log The SMC2552W -G can be configured to se nd e v ent and err or messages to a System Log Server . The system clock can also be synchroniz ed with a time server , so that all the messages sent t o the Syslog server a re stamped with the corr ect time a nd date .
Adv anced Configuration 5-35 Logging Lev e l – Sets the m inimum se verity le vel f or e v ent logging. The system allo ws you to limit the messages that are logged by specifying a minimum se v erity lev el. The follo wing table lists the error mess age lev els from the mos t sev ere ( Aler t) to least sev e re (Deb ug).
System Configuration 5-36 CLI Commands f or System Logging – T o enable logging on th e access point, use the logging on comm and from the globa l configuration m ode. The logging le vel command sets the minimum lev el of message to lo g. Use the l ogging con sole command to enab le logging to the console.
Adv anced Configuration 5-37 Configuring SNTP Simple Network Time Protocol (SNTP) allo ws the SMC2552W -G to set its internal clock based on periodic updates from a time server (SNTP or NTP). Mainta ining an accurate time on the access point enab les the system log to record mea ningful dates and times f or e v ent entries.
System Configuration 5-38 changes . T o use this f eature you must defin e the month a nd date to begin and to en d the change fro m standard t ime. During this perio d the system clock is set back by one hour .
Adv anced Configuration 5-39 CLI Comman ds f or the System Clock – The f ollowing ex ample shows how to manually set the sys tem time when SNTP ser ver suppor t is disable d on the access point.
System Configuration 5-40 Radio Interface The IEEE 802.11b and 802.11g in terface includes configur ation options f or radio signal characteristics and wireless secu rity f eatures . The access point can operate in three modes , I EEE 802.11b only , 802.
Radio Interf ace 5-41 Radio Settings (802.11g) The IEEE 802.11g standard operates within the 2.4 GHz band at up to 54 Mbps. Also note that because th e IEEE 802.11g standard is an e xtension of the IEEE 802.11b standa rd, it allows clients with 802.11b wireless n etwork cards to associate to an 802.
System Configuration 5-42 Radio Channel – The radio channel that the ac cess point uses to communica te with wirel ess clients . When multiple access points are deplo yed in the same area, set t he channel on neighboring access points at lea st f our channels apar t to a v oid interf erence with each other .
Radio Interf ace 5-43 interfere with the operation of other radio devices in the ser vice area. (Option s: 100%, 50%, 25%, 12 %, minimum; Default: 100%) Maximum Station Data Rate – The maximu m data ra te at which a client can connect to the acce ss point.
System Configuration 5-44 sending of a data fr ame. After receivi ng an R TS frame, the stat ion sends a C TS (clear to send) frame to no tify the send ing station that it can start sending data. If the RTS threshold is set to 0, the access point nev er sends RTS signals.
Radio Interf ace 5-45 CLI Commands f or the 802.11g Wireless Int erf ace – F rom the global configur ation mode, ent er the inter face wireless g command to access the 802.11g r adio interfa ce. Set th e interf ace SSID using the ssid command and, if req uired, configure a name f or the interf ace using the descrip tion command.
System Configuration 5-46 SMC-AP#show interface wireless g 6-95 Wireless Interface Information =========================================================== ----------------Identification----------------------------- Description : Enterprise 802.11g Access Point SSID : r&d Channel : 11 (AUTO) Status : Enable ----------------802.
Radio Interf ace 5-47 Security The SMC2552W -G is configured b y def ault as an “open system, ” which broadcasts a beacon signa l including the configur ed SSID . Wireless clients can read the SSI D from the beacon, a nd automatically r eset their SSID to allow immediate connect ion to the nearest a ccess po int.
System Configuration 5-48 The security mechanisms that ma y be emplo y ed depend on the le vel of security required, the netw ork and management resources a v ailab le , and the softw are support provided on wireless clients. A summa ry of wireless secu rity co nsiderations is listed in the f ollowing tab le.
Radio Interf ace 5-49 Wired Equivalent Privacy (WEP) WEP provides a basic le ve l of security , prev enting unauthorized access to the netwo rk and encrypting data transmitted be tween wireless clients and the access point.
System Configuration 5-50 Setting up shared k eys enab les the basic I EEE 802.11 Wired Equivalent Privacy (WEP) on the access point to prev ent unauthorized access to t he network. If y ou choose to u se WEP shared k eys instead of an open system, be sure to define at least one static WEP k ey f or user authentica tion and data encryption.
Radio Interf ace 5-51 Shared Ke y Set up – Select 64 Bit, 128 Bit, or 15 2 Bit ke y length. Note that the same size of encr yption k ey must be supported on all wireless clients .
System Configuration 5-52 CLI Commands f or WEP Shared K ey Security – F rom the 802.11g inter f ace configuration mode , use the au thenticati on command to enab le WEP shared-ke y authentication and the encr yption command to enab l e WEP encryption.
Radio Interf ace 5-53 Note: The index and length values used in the key command must be the same values used in the encryption and transmit-key commands. CLI Commands f or WEP ov er 802.1x Security – F rom the 802.11g inter f ace configuration mode , use the au thenticati on command to select open system authentica tion.
System Configuration 5-54 Wi-Fi Protected Access (WPA) WP A emplo ys a combination of se v eral techn ologies to pro vide an enhanced se curity solution f or 802.11 wireless networks. The SMC2552W -G suppor ts the f ollowin g WP A components and f eatures: IEEE 802.
Radio Interf ace 5-55 pre vents users from accide ntally joining a rogue netw or k. Only when a RADIUS ser ver has authent icated a user’ s credentials will encr yption k e ys be sent to the access point and client. Note: To implement WPA on wireless clients requi res a WPA-enabled network card driver and 802.
System Configuration 5-56 WP A security and which are using legacy WEP . The acce ss point uses TKIP unicast data encryption ke ys for WP A clients an d WEP unicast ke ys for WEP clients. The glo bal encr yption k ey f or multicast and broa dcast traffic must be the same for all clients, therefore it restri cts encr yption to a WEP key .
Radio Interf ace 5-57 WP A K ey Management – WP A can be configured to work in an enter prise environment using I EEE 802.1x and a RADIUS ser v er f or user authentication. F or smaller netw orks, WP A can be enab led using a common pre- shared k ey f or client authenticati on with the access point.
System Configuration 5-58 WP A Pre-Shar ed K ey T ype – If the WP A pre- shared-k ey mode is used, all wireless clients must be configured with the same k e y to communicate with the access point. • Hexadecimal: Enter a key as a strin g of 64 hexadecimal numb er s.
Radio Interf ace 5-59 CLI Commands f or WP A Pre-shared K ey Security – F rom the 802.11g inter f ace configuration mode , use the au thenticati on command to set the access poin t to “ Open System . ” Use the WEP encryption command to enable all types o f encr yption.
System Configuration 5-60 CLI Commands f or WP A ov er 802.1x Security – F rom the 802.11g inter f ace configuration mode , use the au thenticati on command to set the access poin t to “ Open System . ” Use the WEP encr yption command to enab le all types of encr yption.
Status Inf or mation 5-61 Status Information The Status page includes in f ormation on the follo wing items: Access Point Status The AP Status window displa ys basic system configuration settings, as well as th e settings for the wirele ss interface.
System Configuration 5-62 • System Up Time: Len gth of time the man agement agent h as been up . • MA C Address: The ph ysical lay er address f o r this de vice. • System Name : Name assigned to this system . • System Contact: Admin istrato r responsib le for the system.
Status Inf or mation 5-63 CLI Commands f or Displaying Syst em Settings – T o vie w the current acces s point system settin gs, use the show syst em command from the Ex ec mode. T o vie w the current radio interf ace settings , use the sho w interface wireless g command (see page 6-95 ).
System Configuration 5-64 Station Status The Station St atus window sho ws the wireless clients currently associated w ith the SMC25 52W -G. The Station Configur ation page displays ba sic connection inf ormation f or all associated stations as described belo w .
Status Inf or mation 5-65 procedure allo ws the wireless system to tra ck the loca tion of each mobile clie nt, and ensure that frames destin ed for each client are f orwarded to the app ropriate access point. • F orw arding Allo wed: Shows if the station has passed 802.
System Configuration 5-66 Event Logs The Ev ent Logs windo w shows the log messages generated b y the acces s point and stored in m emor y . The Ev ent Logs tab le displays the f ollowing inf or mation: • Log Time: The time the log message was gen erated.
Status Inf or mation 5-67 • WEP ke ys do not match: When t he access point uses “Shared K ey Authentication, ” but the ke y used by client and access point are not the same, the fram e will be decrypted incorrectly , using the wrong alg orithm and sequence nu mber .
System Configuration 5-68.
6- 1 Chapter 6 Command Line Interface Using the Command Line Interface Accessing the CLI When accessing the manageme nt interf ace for the SMC2552W -G ov er a direct connecti on to the console port, or via a T elnet connect ion, the access point can be mana ged by entering command k eyw ords and par ameters at t he prompt.
Command Line Interf ace 6-2 After connecti ng to the system th rough the con sole por t, the login screen displa ys : Note: Command examples shown l ater in this chapter abbre viate the console prompt to “SMC-AP” for simplicity. Telnet Connection T elnet operates over the IP transpor t protocol.
Entering Commands 6-3 After y ou configure t he access point with an IP address , you can open a T elnet session by performing the se steps. 1. F rom the remote host, enter the T elnet command and the IP address of the de vice you wa nt to access. 2. At the prompt, ent er the user name and system pass word.
Command Line Interf ace 6-4 Y ou can enter commands as f ollows: • T o enter a sim ple command, enter t he command k eyw ord. • T o enter commands that require par ameters , enter the required par ameters after t he command k eyw ord.
Entering Commands 6-5 list of valid ke ywor ds f or a specif ic command. For example, the command “ show ? ” displa ys a list of possible sho w commands: The command “ sho w interface? ” will .
Command Line Interf ace 6-6 Negating the Effe ct of Commands F or man y configurat ion commands y ou can enter the prefix ke yword “ no ” to cancel the eff ect of a comman d or reset the configuratio n to the def ault value . For e xample, the logging command will log system messages to a host ser ver .
Entering Commands 6-7 Exec Commands When you open a new console session on access point , the system enters Ex e c command mode. Only a limited number of the commands are a vailab le in this mode. Y ou can access all other comm ands only f rom the co nfiguration mode.
Command Line Interf ace 6-8 T o enter th e Global Configur ation mode , enter the command configure in Ex ec mode. The system pro mpt will change to “SMC Enter prise AP(config)#” which gives yo u access privilege to all Global Configur ation commands .
Entering Commands 6-9 Ctrl-N Enters the next command l ine in the history buffer. Ctrl-P Shows the last command. Ctrl-R Repeats current command l ine on a new line . Ctrl-U Deletes the en tire line. Ctrl-W Deletes the last word typed. Esc-B Moves the cursor backward one word.
Command Line Interf ace 6-10 Command Groups The system commands can be brok en down into the functi onal groups sho wn below . The access mode shown in the f o llowing tab les is indicated b y these abbreviations: GC (Global Configur ation), and IC (Int erf ace Configuration.
General Commands 6-11 General Commands configure This command activ ates Global Configuration mo de. Y ou must enter this m ode to modif y most of the settings o n the acces s point. Y ou must also enter Glob al Configuratio n mode prior to enab ling the conte xt modes f or Interf ace Configuration.
Command Line Interf ace 6-12 end This command returns to the pre vious configuration mode . Default Setting None Command Mode Global Configur ation, Inter f ace Configuration Example This e xample sho.
General Commands 6-13 ping This command sends ICMP echo re quest pac kets to another node on the netw or k. Syntax ping < host_name | ip_address > • host_name - Alias of the host.
Command Line Interf ace 6-14 reset This command r estar ts th e system or restor es the factory def ault settings. Syntax reset < boar d | configurat ion > • board - Reboots the system. • configur ation - Resets the conf iguration settin gs to the factory default s, and then reb oots the system.
General Commands 6-15 Command Usage • The history bu ffer size is fixed at 10 comma nds. • Use the up or do wn arrow keys to scr oll through th e commands in the histo ry buffer.
Command Line Interf ace 6-16 System Management Commands These commands are use d to configure the use r name, pass word, system logs, bro wser management options, cloc k settings , and a variety of other system inf or mation.
System Management Commands 6-17 logging console I nitiates logging of error messages to the console GC 6-25 logging l evel Defines the minimum severi ty level for event logging GC 6-26 logging facilit.
Command Line Interf ace 6-18 country This command configures the access point’ s countr y code, which identifies the co untry of operation and sets t he authorized r adio channels. Syntax country < countr y_code > country_code - A two character code that identifies the country of operatio n.
System Management Commands 6-19 Default Setting US - f or units sold in the United States 99 (no countr y set) - f o r units sold in other co untrie s Command Mode Ex ec Command Usage • If you purchased an access point outside of the United States, the coun try code must be set before radio func tions are enabled.
Command Line Interf ace 6-20 prompt This command customiz es the CLI prompt. Use the no f or m to restore the def ault prompt. Syntax prompt str ing no pr ompt string - Any alphanum eric string to use f or the CLI pro mpt.
System Management Commands 6-21 Command Mode Global Configuration Example username This command configu res the user name f or management access. Syntax username name name - The name of t he user .
Command Line Interf ace 6-22 password After initially loggin g onto the system, y ou should set the passw ord. Remem ber to record it in a safe place. Use the no f or m to reset the def ault pass word. Syntax passw ord password no pass w ord passw ord - P asswor d f or manageme nt access .
System Management Commands 6-23 Command Mode Global Configuration Example Related Commands ip http se r v er (page 6-23) ip http server This command allows t his de vice to be monitored or configured from a bro wser . Use the no form to disable this fu nction.
Command Line Interf ace 6-24 logging on This command controls lo gging of error messages; i.e., sendin g debug or error me ssages to m emor y . T he no form disables the logging process .
System Management Commands 6-25 Default Setting None Command Mode Global Configuration Example logging console This command initiat es logging of error messages to the console .
Command Line Interf ace 6-26 logging level This command sets the minim um se verity le v el for e vent logging. Syntax logging level < Aler t | Critical | Er r or | War n i n g | Notice | Informati.
System Management Commands 6-27 logging facility-type This command sets the facility type f or remote logging of syslog messages . Syntax logging facil ity-type < type> type - A number that indicates th e f acility used by the syslog ser v er to dispatch log messages to a n appropriate ser vice.
Command Line Interf ace 6-28 Example sntp-server ip This command sets the IP add ress of the servers to which SNTP time requests ar e issued. Use th e this command with no arguments to clear all t ime ser vers from the cu rrent list. Syntax sntp-ser ver ip < 1 | 2 > < ip> • 1 - First time server.
System Management Commands 6-29 Command Usage When SNTP client m ode is enab led using the sntp-s erver enable command, the sntp-server ip command specifies the time ser vers from which the access point polls f or time updates. The access point will poll the time ser vers in the order specified until a resp onse is receiv ed.
Command Line Interf ace 6-30 Example Related Commands sntp-server ip (page 6-28) show sntp (page 6-32) sntp-server date-time This command sets the system cloc k. Default Setting 00:14:00, J anuary 1, 1970 Command Mode Global Configuration Example This e x ample sets the system cloc k to 17:37 J a nuary 10, 2004.
System Management Commands 6-31 sntp-server daylight-saving This command sets the sta r t and end dates f or da ylight sa vings time. Use the no f o rm t o disable daylight sa vings time.
Command Line Interf ace 6-32 sntp-server timezone This command sets the t ime zone f or the access point ’ s internal clock. Syntax sntp-ser ver timezone < hours> hours - Number of hours bef ore/after UTC .
System Management Commands 6-33 Example show system This command displays basic system configuration settings. Default Setting None Command Mode Ex ec SMC-AP#show sntp SNTP Information ========================================================= Service State : Enabled SNTP (server 1) IP : 137.
Command Line Interf ace 6-34 Example show version This command displa ys the software v ersion for the system. Default Setting None Command Mode Ex ec Example SMC-AP#show system System Information ===.
SNMP Commands 6-35 SNMP Commands Controls access to th is access point from management stat ions using the Simple Network Management Prot ocol (SNMP), as well as the hosts that will receive trap messages . snmp-server community This command def ines the com munity a ccess string f or the Simple Network Management Protocol.
Command Line Interf ace 6-36 • ro - Specifies read-only access. Aut horized management stations are only able t o retrieve MIB objects. • rw - Specifies read/write access. Aut horized management stations are able to bot h retrieve and modify MIB obje cts.
SNMP Commands 6-37 Command Mode Global Configuration Example Related Commands snmp-ser ver location (page 6-39) snmp-server enable server This command ena ble s SNMP management access and al so enables this de vice to send SNMP traps (i.e., notifications).
Command Line Interf ace 6-38 Related Commands snmp-ser ver host (page 6-38) snmp-server host This command specif ies the recipient of an SNMP noti fication.
SNMP Commands 6-39 Example Related Commands snmp-ser ver enable ser ver (page 6-37) snmp-server location This command sets the system loca tion string. Use the no for m to remove the location str ing. Syntax snmp-server loca tion text no snmp-server location te xt - String that describes the system location.
Command Line Interf ace 6-40 show snmp This command displa ys the SNMP configuration settings . Command Mode Ex ec Example Flash/File Commands These commands are use d to manage the syste m code or configuration files.
Flash/File Commands 6-41 bootfile This command specifies the image used to star t up the system. Syntax bootfile < filename > filename - Name of the ima ge file. Default Setting None Command Mode Ex ec Command Usage • The file name shou ld not contain slashes ( or /), the lea ding letter of the file name should not b e a perio d (.
Command Line Interf ace 6-42 copy This command copies a boot file , code image , or configuration fi le between t he access point’ s flash memor y and a FTP/TFTP server . When you sav e the configuration se ttings to a file on a FTP/TFTP server , that file can later be downloade d to the access point to restore system operation.
Flash/File Commands 6-43 server is 255 characters or 32 chara cters for files on the access point. (V alid characters : A-Z, a-z, 0-9, “.”, “-”, “_”) • Due to the size limit of the flash mem ory, the access po int supports only two opera tion code files.
Command Line Interf ace 6-44 Command Mode Ex ec Note: Beware of deleting application images from flash memory. At leas t one application image is required in order to boot the access point.
RADIUS Client 6-45 Example The f ollowing ex ample shows ho w to display all file inf or mation: RADIUS Client Remote Authentication D ial-in Us er Ser vice (RADIUS) is a logon authentica tion protocol that uses softw are running on a centr al ser v er to control a ccess for RADIUS-aw are devices to the network.
Command Line Interf ace 6-46 radius-server address This command specif ies the pr imar y and secondar y RADIUS ser v ers. Syntax radius-server address [ secondary ] < host_ip_address | host_name> • secondar y - Secondary server. • host_ip_ address - IP address of server.
RADIUS Client 6-47 Example radius-server key This command sets the RADIUS encryption ke y . Syntax radius-server [ secondary ] key < key_string> • secondar y - Secondary server. • key_string - Encryption key used to authe nticate logon access for c lient.
Command Line Interf ace 6-48 Default Setting 3 Command Mode Global Configuration Example radius-server timeout This command sets the int erval betwee n transmitt ing authenti cation reque sts to the RADI US ser v er . Syntax radius-server [ secondary ] timeout number _of_seconds • secondar y - Secondary server.
RADIUS Client 6-49 show radius This command displa ys the current settings f or the RADIUS ser v er . Default Setting None Command Mode Ex ec Example SMC-AP#show radius Radius Server Information ======================================== IP : 192.168.1.
Command Line Interf ace 6-50 802.1x Port Authentication The access point supports IEEE 802.1x access control f or wireless clients. Th is control f eature prev ents unauthorized access to the networ k by requirin g a 802.1x client applica tion to submit user credentials f or authentication.
802.1x P or t Authentication 6-51 802.1x This command co nfigures 802.1x a s optionally sup por ted or as required f or wireless clients. Use the no f orm to disable 802.1x suppor t. Syntax 802.1x < supported | required > no 802.1x • supported - Aut henticates clients th at initiate the 802.
Command Line Interf ace 6-52 authentication process (i.e ., the access point does NOT initiate 802.1x authentication). For stations init iating 802.1x, only those stations successfully au thenticated ar e allowed to access the networ k. For those stations not initiatin g 802.
802.1x P or t Authentication 6-53 Command Usage • The access point uses EAPOL (Extensible Authentication Protocol Over LANs) packets to pass dynamic unicast session and broadcast keys to wireless clients. Th e 802.1x broadcast-key -refresh-ra te command specif ies the interval after which the broadcast keys are chan ged.
Command Line Interf ace 6-54 Example 802.1x session-timeout This command sets the time perio d after which a connecte d client must be re-auth enticated. Use th e no f or m to disable 802.1x re-authenticat ion. Syntax 802.1x sess ion-timeout < seconds> no 802.
802.1x P or t Authentication 6-55 Default allowed Command Mode Global Configuration Example Related Commands address filter en try (page 6-55) show a uthentica tion (page 6- 59) address filter entry This command enter s a MA C address in the f ilter tab le.
Command Line Interf ace 6-56 • An entry in the ad dress table may be allowe d or denied access depending on the global sett ing configured for the address entry def ault command.
802.1x P or t Authentication 6-57 mac-authentication server This command sets add ress filtering to be pe rf or med with local or remote opt ions . Use the no f or m to disab le MA C address authenti cation.
Command Line Interf ace 6-58 mac-authenticati on session-timeout This command sets the inter val at which associated clients will be re-authenticat ed with the RADIUS server authenticatio n database. Use th e no form to disable re authentication . Syntax mac-authen tication sess ion-timeout < seconds> seconds - Re-authentica tion interval.
802.1x P or t Authentication 6-59 show authentication This command sho ws all 802.1x authenticat ion settings, as well as the address filter tab le. Command Mode Ex ec Example SMC-AP#show authenticati.
Command Line Interf ace 6-60 Filtering Commands The commands described in this se ction are used to filte r communication s between wire less clients, control access to th e management int erf ace from wireless clients, and f ilter tr affic using specific Eth er net protocol t ypes.
Filtering Commands 6-61 Command Usage This command can disab le wireless-to-wireless communication s between client s via the access point. Howe ve r , it does not aff ect communications betw een wireless clients and the wired network .
Command Line Interf ace 6-62 filter ethern et-type enable This command chec ks the Ethernet type on all incoming and outgoing Ethernet pac ket s against the protocol filt ering table .
Filtering Commands 6-63 filter ethern et-type protocol This command sets a filter f or a specific Ethernet type. Use the no f orm to disable filterin g f or a specific Et her net type. Syntax filter ethernet-t ype pr otocol < protocol> no filter ethernet-ty pe pr otocol < protocol> protocol - An Ether net protocol typ e.
Command Line Interf ace 6-64 show filters This command sho ws the filter op tions and protocol entries in the filter table . Command Mode Ex ec Example SMC-AP#show filters Protocol Filter Information .
Interf ace Commands 6-65 Interface Commands The commands described in this se ction configu re connection parameters for the Ether net por t and wireless interface.
Command Line Interf ace 6-66 speed Configures the maximum data rate at which a station can connect to the access point IC-W 6-76 channel Configures the radio channel IC-W 6-7 7 ssid Configures the ser.
Interf ace Commands 6-67 transmit-key Sets the index of the key to be used for encryp ting data frames sent between the access point and wireless clients IC-W 6-85 transmit-power Adjusts the power of .
Command Line Interf ace 6-68 interface This command configures an interf ace type and enters interf ace configuration m ode. Syntax interface < ethernet | wireles s < g >> • ethernet - Interf ace for w ired network . • wireless - Interface for wireless clients.
Interf ace Commands 6-69 Default Setting None Command Mode Global Configuration Command Usage The primar y and secondar y name servers are queried in sequence.
Command Line Interf ace 6-70 Default Setting IP address: 19 2.168.2.2 Netmask: 255.255. 255.0 Command Mode Interf ace Configuration (Et hernet) Command Usage • DHCP is enabled by default. To manua lly configure a n ew IP address, you must first disable the DHCP client with the no ip dhcp comma nd.
Interf ace Commands 6-71 ip dhcp This command sets the IP addr ess f or the currently select ed ether net i nterface. Use the no f orm to restore the def ault IP address .
Command Line Interf ace 6-72 Related Commands ip address (p age 6-69) shutdown This command disab les the Ethernet interf ace. T o restart a disab led interf ace, use the no for m .
Interf ace Commands 6-73 Default Setting Ether net interface Command Mode Ex ec Example radio-mode This command sets the wo rking mode f or the wireless interf ace. Syntax radio-mode < b | g | b+g > • b - b-only mode: Both 802.11b and 80 2.11g clients can communicate with th e access point, but 802.
Command Line Interf ace 6-74 Command Mode Interf ace Configuration (Wireless g ) Example select-antenna-mode This command selects the b uilt-in antennas or an optional high-gain an tenna attach ed to the soc ket on the right ante nna. Syntax select-antenna -mode < diversity | right antenna > • diver sity - Selects the built-in antenn as.
Interf ace Commands 6-75 description This command adds a description to a the wireless interf ace. Use the no form to remove the description. Syntax description < str ing > no description string - Comment or a description f or this interf ace.
Command Line Interf ace 6-76 Command Usage When SSID broadcast is disa bled, the access point will not include its SSID in beacon messages. No r will it respond to probe request s from clients that do not include a fix ed SSID . Example speed This command configures t he maximu m data rate at which a station can connect to the access point.
Interf ace Commands 6-77 channel This command configures the r adio channel through which the access point communicates with wireless clients. Syntax channel < channel | auto > • channel - Manuall y sets the radio ch annel used for communications with wireless clients.
Command Line Interf ace 6-78 ssid This command configures the service set identifier (SSID). Syntax ssid string string - The name of a basic service set suppor ted by the access point.
Interf ace Commands 6-79 Command Mode Interf ace Configuration (Wireless) Command Usage The beacon signal s allow wireless clients to maintain contact with the access point.
Command Line Interf ace 6-80 indicates that the access point will save all broadcast/ multicast fram es for the Basic Service Set (BSS) and forward th em after every seco nd beacon.
Interf ace Commands 6-81 collisions due to high network utilization, try setting the fragment size to send smaller fragments. This will speed up the retransmission of smaller frames. However, it is more efficient to s et the fragm ent size larg er if very little o r no interferen ce is present becau se it requires overhead to send multiple frames.
Command Line Interf ace 6-82 RTS frame, the station sends a CT S frame to notify the sending station that it can start se nding data. • Access p oints contending for the wirele ss medium may not be aware of each other. The RTS/CTS mechanism can solve this “Hidden Node” problem.
Interf ace Commands 6-83 Example Related Commands encr yption (page 6-83) ke y (page 6-84) encryption This command def ines whether or not WEP encryption is used to provide p rivacy f or wireless communications. Use t he no f or m to disable encr yption.
Command Line Interf ace 6-84 • Note that WEP pro tects data tran smitted between wireless nodes, but does not protect any transmissions over your wired network or over the I nternet. Example Related Commands ke y (page 6-84) key This command sets the k eys used f or WEP encr yption.
Interf ace Commands 6-85 specify the key lengt h, and use the key co mmand to configure at l east one key. • If WEP is enabled, all wireless clients must b e configured with the same shared keys to communicate with the access point. • The encrypti on length specified in the encrypt ion command and t he key com mand must matc h.
Command Line Interf ace 6-86 Command Usage • If you use WEP key encryptio n, the access point us es the transmit key to en crypt multicas t and broadcas t data signals that it sends to client device s. Other keys can be used for decryption of data from clients.
Interf ace Commands 6-87 number of users in an are a, you must k eep the power as low as possible. Power selection is no t just a trade off between coverage area and ma ximum supported clie nts. You also have to ensure that hig h strength signals do n ot interfere with the operation of other radio device s in your area.
Command Line Interf ace 6-88 multicast-cipher This command def ines the cipher algorithm used f or broadcasting and multicasting when using Wi -Fi Protected Access (WP A) security .
Interf ace Commands 6-89 • TKIP defends aga inst attacks on WEP in which the unencrypted initialization vect or in encrypte d packets is used to calculate t he WEP key. TKIP changes the encryption key on each packet , and rotates not just the unicast keys, but the broadcas t keys as well.
Command Line Interf ace 6-90 Command Usage Wi-Fi Protected Access (WP A) pro vides improve d data encr yption, which w as weak in WEP , and user authentication, which was largely missing in WEP . WP A uses the f ollowing security mechanisms. Enhanced D ata Encr ypti on through TKIP WP A uses T emporal Ke y I ntegrity Pr otocol (TKIP ).
Interf ace Commands 6-91 wpa-mode This command specifies whethe r Wi-Fi Protected Access (W P A) is to use 802.1x dyn amic ke ys or a pre-shared ke y . Syntax wpa-mode < dyna mi c | pre-sh ared-key > • dynamic - WPA with 802.1x dynamic keys. • pre-shar ed-key - WPA with a pre-share d key.
Command Line Interf ace 6-92 wpa-preshared-key This command define s a Wi-Fi Pr otected Access (WP A) preshar ed-ke y . Syntax wpa-preshared-ke y < type> < va l u e > • type - Input format. (Options : ASCII, HEX) • value - The key string.
Interf ace Commands 6-93 wpa-psk-type This command define s the Wi-Fi Pr otected Access ( WP A) preshared -ke y type. Syntax wpa-psk-type < type> type - Input format.
Command Line Interf ace 6-94 shutdown This command disab les the wireless interf ace. Use the no fo r m t o restart the interf ace . Syntax shutdown no shutdo wn Default Setting Interface enabled Comm.
Interf ace Commands 6-95 show interface wireless This command displa ys the status for the wireless inter f ace. Syntax show i nterface wi reless < g > • g - 802.
Command Line Interf ace 6-96 show station This command sho ws the wireless clients associated with the access point. Command Mode Ex ec Example SMC-AP#show station 802.
IAPP Commands 6-97 IAPP Commands The command described in this section enab les the protocol signaling required to ensu re the successful han dov er of wireless clients roaming between different 802.11f-co mpliant access points . In other w ords, the 802.
Command Line Interf ace 6-98 VLAN Commands The access point can en able th e suppor t of VLAN-tagged tr affic passing betwe en wireless clients and the wired network. Up to 16 VLAN IDs can be mapped to spec ific wireless c lients, allowing users to remain within t he same VLAN as the y move arou nd a campus site.
VLAN Commands 6-99 vlan This command enab les VLANs f or all traffic. Use the no form to disable VLANs. Syntax vlan enable no vlan Default Disabled Command Mode Global Configuration Command Descriptio.
Command Line Interf ace 6-100 native-vlanid This command configures t he nativ e VLAN ID for the acce ss point. Syntax native-vla nid < vlan-id> vlan-id - Native VLAN ID .
A-1 Appendix A Troubleshooting Check the f ollowing items bef o re you contact local T echnical Suppor t. 1. If wireless clients cannot access the ne twork, check the f ollowing: • Be sure the access point and th e wireless clients are configured with the sa me Service Set ID (SSID).
T roubleshooting A-2 2. If the access point cannot be configured using the T elnet, a web bro wser , or SNMP software: • Be sure to have configur ed the access point with a valid IP address, subn et mask and default gateway.
T roubleshooting A-3 4. If yo u f orgot or lost th e pass word: • Set the access point to its def ault configuration by pressing the reset button on the back panel for 5 seconds or more. Then use the def ault user name “ admin” with the password “smcadmin ” to access the manag ement interface.
T roubleshooting A-4 Maximum Distance Table Important Notice Maximum distances post ed below are actual tested distance thresholds . Howe ver , there are many va riables such as barrier composition an.
B-1 Appendix B Cables and Pinouts Twisted-Pair Cable Assignments Caution: DO NOT plug a phone jack connector into the RJ-45 port. Use only twisted-pair cables with RJ-45 connectors that conform with FCC standards. F or 10/100BASE-TX conn ections , a twisted-pair cab le must ha v e two pairs of wires.
Cables and Pinouts B-2 10/100BASE-TX Pin Assignments Use unshielded twiste d-pair (UTP) or shielded twisted-pair (STP) cabl e f or RJ-45 conn ections: 100-ohm Ca tegory 3 or better cable f or 10 Mbps connec tions, or 100-ohm Cate gor y 5 or better cable f or 100 Mbps conne ctions.
T wisted-P air Cab le Assignments B-3 Straight-Through Wiring Because the 10/100 Mb ps por t on the access point uses an MDI pin configur ation, you must use “st raight -through” cab le fo r network connections to hub s or s witches that only ha ve MDI-X por ts.
Cables and Pinouts B-4 Console Port Pin Assignments The DB-9 DCE serial por t on the front pan el of the SMC255 2W -G is used to connect to the access point f or out-of-band console configuratio n. The command-line config uration pr ogr am can be accessed from a termin al, or a PC runnin g a ter minal emulation progr am.
Console P or t Pin Assignments B-5 Serial Cable Signal Dir ections for DB-9 Ports DB-9 to DB-9 AP Terminal or PC 1 2 3 4 5 6 7 8 9 5 4 3 2 1 9 8 7 6 Reserved Reserved Reserved Reserved.
Cables and Pinouts B-6.
C-1 Appendix C Specifications General Specifications Maxim um Channels 802.11b/g: FCC/IC: 1-11, ETS I: 1-13, France : 10-13, MKK: 1-14 Maxim um Clients 64 Operating Range See “Maximu m Distance T able” on page A-4 Data Rate 802.11g: 6, 9, 11, 12, 18, 24, 36, 48, 54 Mbps pe r channel 802.
Specifications C-2 P ower supply Input: 100-24 0 A C , 50-60 Hz Output: 3.3 VDC, 4A P ower consumption: 13 .2 watts P oE (DC) Input v oltage: 48 vo lts , 0.27A, 12.96 w atts Note: Power can also be provided to the access point through the Ethernet port based on IEEE 802.
General Specifications C-3 EMC Compliance (Cla ss B) FCC Class B (US) ICES-003 (Canad a) VCCI (Japan) RCR STD-33A Radio Signal Certification FCC P ar t 15.247 (2.4GHz) FCC par t 15 15.407(b), CISPR 22 -96 RSS-210 (Canada) EN 55022, EN55024, EN 300.328 EN 300 826, EN 61000- 3-2, EN61000-3-3 ETSI300.
Specifications C-4 Sensitivity IEEE 802.11g Data Rate Sensitivity (dBm) 6 Mbps -88 9 Mbps -87 12 Mbps -86 17 Mbps -85 24 Mbps -81 36 Mbps -77 48 Mbps -72 54 Mbps -70 IEEE 802.
General Specifications C-5 Transmit Power IEEE 802.11g Maximum Outp ut Power (GHz - dBm) Data Rate 2 .412 2.417~2.467 2.472 6 Mbps 20 20 18 9 Mbps 20 20 18 12 Mbps 20 20 18 18 Mbps 20 20 18 24 Mbps 20 20 18 36 Mbps 18 19 17 48 Mbps 17 16 15 54 Mbps 15 14 13 IEEE 802.
Specifications C-6.
Glossary-1 Glossary 10BASE-T IEEE 802.3 specification for 10 Mbps Ethernet ov er two pairs of Category 3 or better UTP cable . 100BASE-TX IEEE 802.3u specificat ion fo r 100 Mbps F ast Ether net ov er two pairs of Cate gory 5 or better UTP cable . Access Poin t A networking de vice that seamle ssly conn ects wired an d wireless networ ks.
Glossar y Glossary-2 Backbone The core infr astructure of a network. The portion of the network that tran spor ts inf or mation from one centra l location to anothe r central location where it is unloa ded onto a local system. Basic Service Set (BSS) A set of 802.
Glossar y Glossary-3 Extended Service Set (ESS) More than one wi reless cell can be configur ed with the same Service Set Identifier to allo w mobile users can roam between diff erent cells with the Extended Service Set. Extensible Au thentication Protocol (EAP) An authentication pr otocol used to authenticat e networ k clients.
Glossar y Glossary-4 IEEE 802.11g A wireless standard that supports wireless communications in the 2.4 GHz band using Or thogonal F requency Division Multiple xing (OFDM). The stan dard provides for data rates of 6, 9, 11, 12, 18 , 24, 36, 48, 54 Mbps.
Glossar y Glossary-5 Open System A security option which broadcasts a beacon sig nal including the access point’ s configured SSID . Wireless clients can read the SSID from the beacon, and automatica lly reset their SSID to allow immediate connectio n to the nearest acc ess point.
Glossar y Glossary-6 Session Key Session ke ys are unique to each client, and are used to authentica te a client connection, an d correlate tr affic passing between a specific client and t he access point. Shared Key A shared k e y can be used to authe nticate each client attached to a wireless network.
Glossar y Glossary-7 Wi-Fi Protected Access WP A emplo ys 802.1x as its basic fr ame work f or user authentica tion and dynamic k ey management to prov ide an enhanced security solution f or 802.11 wirele ss netw orks. Wired Equivalent Priv acy ( WEP) WEP is based on the use of secu rity keys and the popular RC4 encr yption algorithm.
Glossar y Glossary-8.
Index-1 A Advanced Encrypti on Standard See AES AES 5-56 antennas, positioning 2 -4 authentication 5-12, 6 -82 configuring 5-12, 6 -82 MAC address 5-13, 6-54, 6-5 5 type 5-47, 6-76 B Basic Service Set.
Index Index-2 filter 5-20, 6-54 address 5-12, 6-54 between wireless clients 5-22, 6-60 local bridge 5-22, 6-60 local or remote 5-12, 6-57 management access 5-22, 6-61 protocol types 5-22, 6-62 VLANs 5.
Index Index-3 O OFDM 1-1 open system 5-47 operating frequency C-1 P package checklist 1-2 password configuring 5-28, 6 -22 management 5-28, 6-22 pin assignments console port B-4 DB-9 port B-4 PoE 1-6 specifications C-2 power connection 2-4 Power over Ethernet See PoE power supply, specification s C-2 PSK 5-55, 6-91 R radio channel 802.
Index Index-4 T Telnet for managenet access 6-2 Temporal Key Integrity Protocol See TKIP time zone 5-37, 6-32 TKIP 5-55, 6-88 transmit power, configuring 5-42 , 6-86 trap destination 5-26, 6-38 trap m.
.
38 T esla Irvine, CA 92618 Phone: (949) 679-8000 FOR TECH NICAL SUPPOR T , CALL: From U.S.A. and Canada (24 hours a day , 7 days a week) (800) SMC-4-YOU; Phn: (949) 679-8000; Fax: (949) 679-1481 From Europe: C o ntact details can be found on www .smc-europe .
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il SMC 2552W-G è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del SMC 2552W-G - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso SMC 2552W-G imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul SMC 2552W-G ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il SMC 2552W-G, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del SMC 2552W-G.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il SMC 2552W-G. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo SMC 2552W-G insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.